Struct aws_sdk_acmpca::Client
source · pub struct Client { /* private fields */ }
Expand description
Client for AWS Certificate Manager Private Certificate Authority
Client for invoking operations on AWS Certificate Manager Private Certificate Authority. Each operation on AWS Certificate Manager Private Certificate Authority is a method on this
this struct. .send()
MUST be invoked on the generated operations to dispatch the request to the service.
§Constructing a Client
A Config
is required to construct a client. For most use cases, the aws-config
crate should be used to automatically resolve this config using
aws_config::load_from_env()
, since this will resolve an SdkConfig
which can be shared
across multiple different AWS SDK clients. This config resolution process can be customized
by calling aws_config::from_env()
instead, which returns a ConfigLoader
that uses
the builder pattern to customize the default config.
In the simplest case, creating a client looks as follows:
let config = aws_config::load_from_env().await;
let client = aws_sdk_acmpca::Client::new(&config);
Occasionally, SDKs may have additional service-specific values that can be set on the Config
that
is absent from SdkConfig
, or slightly different settings for a specific client may be desired.
The Config
struct implements From<&SdkConfig>
, so setting these specific settings can be
done as follows:
let sdk_config = ::aws_config::load_from_env().await;
let config = aws_sdk_acmpca::config::Builder::from(&sdk_config)
.some_service_specific_setting("value")
.build();
See the aws-config
docs and Config
for more information on customizing configuration.
Note: Client construction is expensive due to connection thread pool initialization, and should be done once at application start-up.
§Using the Client
A client has a function for every operation that can be performed by the service.
For example, the CreateCertificateAuthority
operation has
a Client::create_certificate_authority
, function which returns a builder for that operation.
The fluent builder ultimately has a send()
function that returns an async future that
returns a result, as illustrated below:
let result = client.create_certificate_authority()
.certificate_authority_type("example")
.send()
.await;
The underlying HTTP requests that get made by this can be modified with the customize_operation
function on the fluent builder. See the customize
module for more
information.
§Waiters
This client provides wait_until
methods behind the Waiters
trait.
To use them, simply import the trait, and then call one of the wait_until
methods. This will
return a waiter fluent builder that takes various parameters, which are documented on the builder
type. Once parameters have been provided, the wait
method can be called to initiate waiting.
For example, if there was a wait_until_thing
method, it could look like:
let result = client.wait_until_thing()
.thing_id("someId")
.wait(Duration::from_secs(120))
.await;
Implementations§
source§impl Client
impl Client
Constructs a fluent builder for the CreateCertificateAuthority
operation.
- The fluent builder is configurable:
certificate_authority_configuration(CertificateAuthorityConfiguration)
/set_certificate_authority_configuration(Option<CertificateAuthorityConfiguration>)
:
required: trueName and bit size of the private key algorithm, the name of the signing algorithm, and X.500 certificate subject information.
revocation_configuration(RevocationConfiguration)
/set_revocation_configuration(Option<RevocationConfiguration>)
:
required: falseContains information to enable Online Certificate Status Protocol (OCSP) support, to enable a certificate revocation list (CRL), to enable both, or to enable neither. The default is for both certificate validation mechanisms to be disabled.
The following requirements apply to revocation configurations.
-
A configuration disabling CRLs or OCSP must contain only the
Enabled=False
parameter, and will fail if other parameters such asCustomCname
orExpirationInDays
are included. -
In a CRL configuration, the
S3BucketName
parameter must conform to Amazon S3 bucket naming rules. -
A configuration containing a custom Canonical Name (CNAME) parameter for CRLs or OCSP must conform to RFC2396 restrictions on the use of special characters in a CNAME.
-
In a CRL or OCSP configuration, the value of a CNAME parameter must not include a protocol prefix such as “http://” or “https://”.
For more information, see the OcspConfiguration and CrlConfiguration types.
-
certificate_authority_type(CertificateAuthorityType)
/set_certificate_authority_type(Option<CertificateAuthorityType>)
:
required: trueThe type of the certificate authority.
idempotency_token(impl Into<String>)
/set_idempotency_token(Option<String>)
:
required: falseCustom string that can be used to distinguish between calls to the CreateCertificateAuthority action. Idempotency tokens for CreateCertificateAuthority time out after five minutes. Therefore, if you call CreateCertificateAuthority multiple times with the same idempotency token within five minutes, Amazon Web Services Private CA recognizes that you are requesting only certificate authority and will issue only one. If you change the idempotency token for each call, Amazon Web Services Private CA recognizes that you are requesting multiple certificate authorities.
key_storage_security_standard(KeyStorageSecurityStandard)
/set_key_storage_security_standard(Option<KeyStorageSecurityStandard>)
:
required: falseSpecifies a cryptographic key management compliance standard used for handling CA keys.
Default: FIPS_140_2_LEVEL_3_OR_HIGHER
Some Amazon Web Services Regions do not support the default. When creating a CA in these Regions, you must provide
FIPS_140_2_LEVEL_2_OR_HIGHER
as the argument forKeyStorageSecurityStandard
. Failure to do this results in anInvalidArgsException
with the message, “A certificate authority cannot be created in this region with the specified security standard.”For information about security standard support in various Regions, see Storage and security compliance of Amazon Web Services Private CA private keys.
tags(Tag)
/set_tags(Option<Vec::<Tag>>)
:
required: falseKey-value pairs that will be attached to the new private CA. You can associate up to 50 tags with a private CA. For information using tags with IAM to manage permissions, see Controlling Access Using IAM Tags.
usage_mode(CertificateAuthorityUsageMode)
/set_usage_mode(Option<CertificateAuthorityUsageMode>)
:
required: falseSpecifies whether the CA issues general-purpose certificates that typically require a revocation mechanism, or short-lived certificates that may optionally omit revocation because they expire quickly. Short-lived certificate validity is limited to seven days.
The default value is GENERAL_PURPOSE.
- On success, responds with
CreateCertificateAuthorityOutput
with field(s):certificate_authority_arn(Option<String>)
:If successful, the Amazon Resource Name (ARN) of the certificate authority (CA). This is of the form:
arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
.
- On failure, responds with
SdkError<CreateCertificateAuthorityError>
source§impl Client
impl Client
Constructs a fluent builder for the CreateCertificateAuthorityAuditReport
operation.
- The fluent builder is configurable:
certificate_authority_arn(impl Into<String>)
/set_certificate_authority_arn(Option<String>)
:
required: trueThe Amazon Resource Name (ARN) of the CA to be audited. This is of the form:
arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
.s3_bucket_name(impl Into<String>)
/set_s3_bucket_name(Option<String>)
:
required: trueThe name of the S3 bucket that will contain the audit report.
audit_report_response_format(AuditReportResponseFormat)
/set_audit_report_response_format(Option<AuditReportResponseFormat>)
:
required: trueThe format in which to create the report. This can be either JSON or CSV.
- On success, responds with
CreateCertificateAuthorityAuditReportOutput
with field(s):audit_report_id(Option<String>)
:An alphanumeric string that contains a report identifier.
s3_key(Option<String>)
:The key that uniquely identifies the report file in your S3 bucket.
- On failure, responds with
SdkError<CreateCertificateAuthorityAuditReportError>
source§impl Client
impl Client
sourcepub fn create_permission(&self) -> CreatePermissionFluentBuilder
pub fn create_permission(&self) -> CreatePermissionFluentBuilder
Constructs a fluent builder for the CreatePermission
operation.
- The fluent builder is configurable:
certificate_authority_arn(impl Into<String>)
/set_certificate_authority_arn(Option<String>)
:
required: trueThe Amazon Resource Name (ARN) of the CA that grants the permissions. You can find the ARN by calling the ListCertificateAuthorities action. This must have the following form:
arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
.principal(impl Into<String>)
/set_principal(Option<String>)
:
required: trueThe Amazon Web Services service or identity that receives the permission. At this time, the only valid principal is
acm.amazonaws.com
.source_account(impl Into<String>)
/set_source_account(Option<String>)
:
required: falseThe ID of the calling account.
actions(ActionType)
/set_actions(Option<Vec::<ActionType>>)
:
required: trueThe actions that the specified Amazon Web Services service principal can use. These include
IssueCertificate
,GetCertificate
, andListPermissions
.
- On success, responds with
CreatePermissionOutput
- On failure, responds with
SdkError<CreatePermissionError>
source§impl Client
impl Client
Constructs a fluent builder for the DeleteCertificateAuthority
operation.
- The fluent builder is configurable:
certificate_authority_arn(impl Into<String>)
/set_certificate_authority_arn(Option<String>)
:
required: trueThe Amazon Resource Name (ARN) that was returned when you called CreateCertificateAuthority. This must have the following form:
arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
.permanent_deletion_time_in_days(i32)
/set_permanent_deletion_time_in_days(Option<i32>)
:
required: falseThe number of days to make a CA restorable after it has been deleted. This can be anywhere from 7 to 30 days, with 30 being the default.
- On success, responds with
DeleteCertificateAuthorityOutput
- On failure, responds with
SdkError<DeleteCertificateAuthorityError>
source§impl Client
impl Client
sourcepub fn delete_permission(&self) -> DeletePermissionFluentBuilder
pub fn delete_permission(&self) -> DeletePermissionFluentBuilder
Constructs a fluent builder for the DeletePermission
operation.
- The fluent builder is configurable:
certificate_authority_arn(impl Into<String>)
/set_certificate_authority_arn(Option<String>)
:
required: trueThe Amazon Resource Number (ARN) of the private CA that issued the permissions. You can find the CA’s ARN by calling the ListCertificateAuthorities action. This must have the following form:
arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
.principal(impl Into<String>)
/set_principal(Option<String>)
:
required: trueThe Amazon Web Services service or identity that will have its CA permissions revoked. At this time, the only valid service principal is
acm.amazonaws.com
source_account(impl Into<String>)
/set_source_account(Option<String>)
:
required: falseThe Amazon Web Services account that calls this action.
- On success, responds with
DeletePermissionOutput
- On failure, responds with
SdkError<DeletePermissionError>
source§impl Client
impl Client
sourcepub fn delete_policy(&self) -> DeletePolicyFluentBuilder
pub fn delete_policy(&self) -> DeletePolicyFluentBuilder
Constructs a fluent builder for the DeletePolicy
operation.
- The fluent builder is configurable:
resource_arn(impl Into<String>)
/set_resource_arn(Option<String>)
:
required: trueThe Amazon Resource Number (ARN) of the private CA that will have its policy deleted. You can find the CA’s ARN by calling the ListCertificateAuthorities action. The ARN value must have the form
arn:aws:acm-pca:region:account:certificate-authority/01234567-89ab-cdef-0123-0123456789ab
.
- On success, responds with
DeletePolicyOutput
- On failure, responds with
SdkError<DeletePolicyError>
source§impl Client
impl Client
Constructs a fluent builder for the DescribeCertificateAuthority
operation.
- The fluent builder is configurable:
certificate_authority_arn(impl Into<String>)
/set_certificate_authority_arn(Option<String>)
:
required: trueThe Amazon Resource Name (ARN) that was returned when you called CreateCertificateAuthority. This must be of the form:
arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
.
- On success, responds with
DescribeCertificateAuthorityOutput
with field(s):certificate_authority(Option<CertificateAuthority>)
:A CertificateAuthority structure that contains information about your private CA.
- On failure, responds with
SdkError<DescribeCertificateAuthorityError>
source§impl Client
impl Client
Constructs a fluent builder for the DescribeCertificateAuthorityAuditReport
operation.
- The fluent builder is configurable:
certificate_authority_arn(impl Into<String>)
/set_certificate_authority_arn(Option<String>)
:
required: trueThe Amazon Resource Name (ARN) of the private CA. This must be of the form:
arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
.audit_report_id(impl Into<String>)
/set_audit_report_id(Option<String>)
:
required: trueThe report ID returned by calling the CreateCertificateAuthorityAuditReport action.
- On success, responds with
DescribeCertificateAuthorityAuditReportOutput
with field(s):audit_report_status(Option<AuditReportStatus>)
:Specifies whether report creation is in progress, has succeeded, or has failed.
s3_bucket_name(Option<String>)
:Name of the S3 bucket that contains the report.
s3_key(Option<String>)
:S3 key that uniquely identifies the report file in your S3 bucket.
created_at(Option<DateTime>)
:The date and time at which the report was created.
- On failure, responds with
SdkError<DescribeCertificateAuthorityAuditReportError>
source§impl Client
impl Client
sourcepub fn get_certificate(&self) -> GetCertificateFluentBuilder
pub fn get_certificate(&self) -> GetCertificateFluentBuilder
Constructs a fluent builder for the GetCertificate
operation.
- The fluent builder is configurable:
certificate_authority_arn(impl Into<String>)
/set_certificate_authority_arn(Option<String>)
:
required: trueThe Amazon Resource Name (ARN) that was returned when you called CreateCertificateAuthority. This must be of the form:
arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
.certificate_arn(impl Into<String>)
/set_certificate_arn(Option<String>)
:
required: trueThe ARN of the issued certificate. The ARN contains the certificate serial number and must be in the following form:
arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012/certificate/286535153982981100925020015808220737245
- On success, responds with
GetCertificateOutput
with field(s):certificate(Option<String>)
:The base64 PEM-encoded certificate specified by the
CertificateArn
parameter.certificate_chain(Option<String>)
:The base64 PEM-encoded certificate chain that chains up to the root CA certificate that you used to sign your private CA certificate.
- On failure, responds with
SdkError<GetCertificateError>
source§impl Client
impl Client
Constructs a fluent builder for the GetCertificateAuthorityCertificate
operation.
- The fluent builder is configurable:
certificate_authority_arn(impl Into<String>)
/set_certificate_authority_arn(Option<String>)
:
required: trueThe Amazon Resource Name (ARN) of your private CA. This is of the form:
arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
.
- On success, responds with
GetCertificateAuthorityCertificateOutput
with field(s):certificate(Option<String>)
:Base64-encoded certificate authority (CA) certificate.
certificate_chain(Option<String>)
:Base64-encoded certificate chain that includes any intermediate certificates and chains up to root certificate that you used to sign your private CA certificate. The chain does not include your private CA certificate. If this is a root CA, the value will be null.
- On failure, responds with
SdkError<GetCertificateAuthorityCertificateError>
source§impl Client
impl Client
Constructs a fluent builder for the GetCertificateAuthorityCsr
operation.
- The fluent builder is configurable:
certificate_authority_arn(impl Into<String>)
/set_certificate_authority_arn(Option<String>)
:
required: trueThe Amazon Resource Name (ARN) that was returned when you called the CreateCertificateAuthority action. This must be of the form:
arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
- On success, responds with
GetCertificateAuthorityCsrOutput
with field(s):csr(Option<String>)
:The base64 PEM-encoded certificate signing request (CSR) for your private CA certificate.
- On failure, responds with
SdkError<GetCertificateAuthorityCsrError>
source§impl Client
impl Client
sourcepub fn get_policy(&self) -> GetPolicyFluentBuilder
pub fn get_policy(&self) -> GetPolicyFluentBuilder
Constructs a fluent builder for the GetPolicy
operation.
- The fluent builder is configurable:
resource_arn(impl Into<String>)
/set_resource_arn(Option<String>)
:
required: trueThe Amazon Resource Number (ARN) of the private CA that will have its policy retrieved. You can find the CA’s ARN by calling the ListCertificateAuthorities action.
- On success, responds with
GetPolicyOutput
with field(s):policy(Option<String>)
:The policy attached to the private CA as a JSON document.
- On failure, responds with
SdkError<GetPolicyError>
source§impl Client
impl Client
Constructs a fluent builder for the ImportCertificateAuthorityCertificate
operation.
- The fluent builder is configurable:
certificate_authority_arn(impl Into<String>)
/set_certificate_authority_arn(Option<String>)
:
required: trueThe Amazon Resource Name (ARN) that was returned when you called CreateCertificateAuthority. This must be of the form:
arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
certificate(Blob)
/set_certificate(Option<Blob>)
:
required: trueThe PEM-encoded certificate for a private CA. This may be a self-signed certificate in the case of a root CA, or it may be signed by another CA that you control.
certificate_chain(Blob)
/set_certificate_chain(Option<Blob>)
:
required: falseA PEM-encoded file that contains all of your certificates, other than the certificate you’re importing, chaining up to your root CA. Your Amazon Web Services Private CA-hosted or on-premises root certificate is the last in the chain, and each certificate in the chain signs the one preceding.
This parameter must be supplied when you import a subordinate CA. When you import a root CA, there is no chain.
- On success, responds with
ImportCertificateAuthorityCertificateOutput
- On failure, responds with
SdkError<ImportCertificateAuthorityCertificateError>
source§impl Client
impl Client
sourcepub fn issue_certificate(&self) -> IssueCertificateFluentBuilder
pub fn issue_certificate(&self) -> IssueCertificateFluentBuilder
Constructs a fluent builder for the IssueCertificate
operation.
- The fluent builder is configurable:
api_passthrough(ApiPassthrough)
/set_api_passthrough(Option<ApiPassthrough>)
:
required: falseSpecifies X.509 certificate information to be included in the issued certificate. An
APIPassthrough
orAPICSRPassthrough
template variant must be selected, or else this parameter is ignored. For more information about using these templates, see Understanding Certificate Templates.If conflicting or duplicate certificate information is supplied during certificate issuance, Amazon Web Services Private CA applies order of operation rules to determine what information is used.
certificate_authority_arn(impl Into<String>)
/set_certificate_authority_arn(Option<String>)
:
required: trueThe Amazon Resource Name (ARN) that was returned when you called CreateCertificateAuthority. This must be of the form:
arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
csr(Blob)
/set_csr(Option<Blob>)
:
required: trueThe certificate signing request (CSR) for the certificate you want to issue. As an example, you can use the following OpenSSL command to create the CSR and a 2048 bit RSA private key.
openssl req -new -newkey rsa:2048 -days 365 -keyout private/test_cert_priv_key.pem -out csr/test_cert_.csr
If you have a configuration file, you can then use the following OpenSSL command. The
usr_cert
block in the configuration file contains your X509 version 3 extensions.openssl req -new -config openssl_rsa.cnf -extensions usr_cert -newkey rsa:2048 -days 365 -keyout private/test_cert_priv_key.pem -out csr/test_cert_.csr
Note: A CSR must provide either a subject name or a subject alternative name or the request will be rejected.
signing_algorithm(SigningAlgorithm)
/set_signing_algorithm(Option<SigningAlgorithm>)
:
required: trueThe name of the algorithm that will be used to sign the certificate to be issued.
This parameter should not be confused with the
SigningAlgorithm
parameter used to sign a CSR in theCreateCertificateAuthority
action.The specified signing algorithm family (RSA or ECDSA) must match the algorithm family of the CA’s secret key.
template_arn(impl Into<String>)
/set_template_arn(Option<String>)
:
required: falseSpecifies a custom configuration template to use when issuing a certificate. If this parameter is not provided, Amazon Web Services Private CA defaults to the
EndEntityCertificate/V1
template. For CA certificates, you should choose the shortest path length that meets your needs. The path length is indicated by the PathLenN portion of the ARN, where N is the CA depth.Note: The CA depth configured on a subordinate CA certificate must not exceed the limit set by its parents in the CA hierarchy.
For a list of
TemplateArn
values supported by Amazon Web Services Private CA, see Understanding Certificate Templates.validity(Validity)
/set_validity(Option<Validity>)
:
required: trueInformation describing the end of the validity period of the certificate. This parameter sets the “Not After” date for the certificate.
Certificate validity is the period of time during which a certificate is valid. Validity can be expressed as an explicit date and time when the certificate expires, or as a span of time after issuance, stated in days, months, or years. For more information, see Validity in RFC 5280.
This value is unaffected when
ValidityNotBefore
is also specified. For example, ifValidity
is set to 20 days in the future, the certificate will expire 20 days from issuance time regardless of theValidityNotBefore
value.The end of the validity period configured on a certificate must not exceed the limit set on its parents in the CA hierarchy.
validity_not_before(Validity)
/set_validity_not_before(Option<Validity>)
:
required: falseInformation describing the start of the validity period of the certificate. This parameter sets the “Not Before“ date for the certificate.
By default, when issuing a certificate, Amazon Web Services Private CA sets the “Not Before” date to the issuance time minus 60 minutes. This compensates for clock inconsistencies across computer systems. The
ValidityNotBefore
parameter can be used to customize the “Not Before” value.Unlike the
Validity
parameter, theValidityNotBefore
parameter is optional.The
ValidityNotBefore
value is expressed as an explicit date and time, using theValidity
type valueABSOLUTE
. For more information, see Validity in this API reference and Validity in RFC 5280.idempotency_token(impl Into<String>)
/set_idempotency_token(Option<String>)
:
required: falseAlphanumeric string that can be used to distinguish between calls to the IssueCertificate action. Idempotency tokens for IssueCertificate time out after five minutes. Therefore, if you call IssueCertificate multiple times with the same idempotency token within five minutes, Amazon Web Services Private CA recognizes that you are requesting only one certificate and will issue only one. If you change the idempotency token for each call, Amazon Web Services Private CA recognizes that you are requesting multiple certificates.
- On success, responds with
IssueCertificateOutput
with field(s):certificate_arn(Option<String>)
:The Amazon Resource Name (ARN) of the issued certificate and the certificate serial number. This is of the form:
arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012/certificate/286535153982981100925020015808220737245
- On failure, responds with
SdkError<IssueCertificateError>
source§impl Client
impl Client
Constructs a fluent builder for the ListCertificateAuthorities
operation.
This operation supports pagination; See into_paginator()
.
- The fluent builder is configurable:
next_token(impl Into<String>)
/set_next_token(Option<String>)
:
required: falseUse this parameter when paginating results in a subsequent request after you receive a response with truncated results. Set it to the value of the
NextToken
parameter from the response you just received.max_results(i32)
/set_max_results(Option<i32>)
:
required: falseUse this parameter when paginating results to specify the maximum number of items to return in the response on each page. If additional items exist beyond the number you specify, the
NextToken
element is sent in the response. Use thisNextToken
value in a subsequent request to retrieve additional items.Although the maximum value is 1000, the action only returns a maximum of 100 items.
resource_owner(ResourceOwner)
/set_resource_owner(Option<ResourceOwner>)
:
required: falseUse this parameter to filter the returned set of certificate authorities based on their owner. The default is SELF.
- On success, responds with
ListCertificateAuthoritiesOutput
with field(s):certificate_authorities(Option<Vec::<CertificateAuthority>>)
:Summary information about each certificate authority you have created.
next_token(Option<String>)
:When the list is truncated, this value is present and should be used for the
NextToken
parameter in a subsequent pagination request.
- On failure, responds with
SdkError<ListCertificateAuthoritiesError>
source§impl Client
impl Client
sourcepub fn list_permissions(&self) -> ListPermissionsFluentBuilder
pub fn list_permissions(&self) -> ListPermissionsFluentBuilder
Constructs a fluent builder for the ListPermissions
operation.
This operation supports pagination; See into_paginator()
.
- The fluent builder is configurable:
certificate_authority_arn(impl Into<String>)
/set_certificate_authority_arn(Option<String>)
:
required: trueThe Amazon Resource Number (ARN) of the private CA to inspect. You can find the ARN by calling the ListCertificateAuthorities action. This must be of the form:
arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
You can get a private CA’s ARN by running the ListCertificateAuthorities action.next_token(impl Into<String>)
/set_next_token(Option<String>)
:
required: falseWhen paginating results, use this parameter in a subsequent request after you receive a response with truncated results. Set it to the value of NextToken from the response you just received.
max_results(i32)
/set_max_results(Option<i32>)
:
required: falseWhen paginating results, use this parameter to specify the maximum number of items to return in the response. If additional items exist beyond the number you specify, the NextToken element is sent in the response. Use this NextToken value in a subsequent request to retrieve additional items.
- On success, responds with
ListPermissionsOutput
with field(s):permissions(Option<Vec::<Permission>>)
:Summary information about each permission assigned by the specified private CA, including the action enabled, the policy provided, and the time of creation.
next_token(Option<String>)
:When the list is truncated, this value is present and should be used for the NextToken parameter in a subsequent pagination request.
- On failure, responds with
SdkError<ListPermissionsError>
source§impl Client
impl Client
Constructs a fluent builder for the ListTags
operation.
This operation supports pagination; See into_paginator()
.
- The fluent builder is configurable:
certificate_authority_arn(impl Into<String>)
/set_certificate_authority_arn(Option<String>)
:
required: trueThe Amazon Resource Name (ARN) that was returned when you called the CreateCertificateAuthority action. This must be of the form:
arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
next_token(impl Into<String>)
/set_next_token(Option<String>)
:
required: falseUse this parameter when paginating results in a subsequent request after you receive a response with truncated results. Set it to the value of NextToken from the response you just received.
max_results(i32)
/set_max_results(Option<i32>)
:
required: falseUse this parameter when paginating results to specify the maximum number of items to return in the response. If additional items exist beyond the number you specify, the NextToken element is sent in the response. Use this NextToken value in a subsequent request to retrieve additional items.
- On success, responds with
ListTagsOutput
with field(s):tags(Option<Vec::<Tag>>)
:The tags associated with your private CA.
next_token(Option<String>)
:When the list is truncated, this value is present and should be used for the NextToken parameter in a subsequent pagination request.
- On failure, responds with
SdkError<ListTagsError>
source§impl Client
impl Client
sourcepub fn put_policy(&self) -> PutPolicyFluentBuilder
pub fn put_policy(&self) -> PutPolicyFluentBuilder
Constructs a fluent builder for the PutPolicy
operation.
- The fluent builder is configurable:
resource_arn(impl Into<String>)
/set_resource_arn(Option<String>)
:
required: trueThe Amazon Resource Number (ARN) of the private CA to associate with the policy. The ARN of the CA can be found by calling the ListCertificateAuthorities action.
policy(impl Into<String>)
/set_policy(Option<String>)
:
required: trueThe path and file name of a JSON-formatted IAM policy to attach to the specified private CA resource. If this policy does not contain all required statements or if it includes any statement that is not allowed, the
PutPolicy
action returns anInvalidPolicyException
. For information about IAM policy and statement structure, see Overview of JSON Policies.
- On success, responds with
PutPolicyOutput
- On failure, responds with
SdkError<PutPolicyError>
source§impl Client
impl Client
Constructs a fluent builder for the RestoreCertificateAuthority
operation.
- The fluent builder is configurable:
certificate_authority_arn(impl Into<String>)
/set_certificate_authority_arn(Option<String>)
:
required: trueThe Amazon Resource Name (ARN) that was returned when you called the CreateCertificateAuthority action. This must be of the form:
arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
- On success, responds with
RestoreCertificateAuthorityOutput
- On failure, responds with
SdkError<RestoreCertificateAuthorityError>
source§impl Client
impl Client
sourcepub fn revoke_certificate(&self) -> RevokeCertificateFluentBuilder
pub fn revoke_certificate(&self) -> RevokeCertificateFluentBuilder
Constructs a fluent builder for the RevokeCertificate
operation.
- The fluent builder is configurable:
certificate_authority_arn(impl Into<String>)
/set_certificate_authority_arn(Option<String>)
:
required: trueAmazon Resource Name (ARN) of the private CA that issued the certificate to be revoked. This must be of the form:
arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
certificate_serial(impl Into<String>)
/set_certificate_serial(Option<String>)
:
required: trueSerial number of the certificate to be revoked. This must be in hexadecimal format. You can retrieve the serial number by calling GetCertificate with the Amazon Resource Name (ARN) of the certificate you want and the ARN of your private CA. The GetCertificate action retrieves the certificate in the PEM format. You can use the following OpenSSL command to list the certificate in text format and copy the hexadecimal serial number.
openssl x509 -in file_path -text -noout
You can also copy the serial number from the console or use the DescribeCertificate action in the Certificate Manager API Reference.
revocation_reason(RevocationReason)
/set_revocation_reason(Option<RevocationReason>)
:
required: trueSpecifies why you revoked the certificate.
- On success, responds with
RevokeCertificateOutput
- On failure, responds with
SdkError<RevokeCertificateError>
source§impl Client
impl Client
Constructs a fluent builder for the TagCertificateAuthority
operation.
- The fluent builder is configurable:
certificate_authority_arn(impl Into<String>)
/set_certificate_authority_arn(Option<String>)
:
required: trueThe Amazon Resource Name (ARN) that was returned when you called CreateCertificateAuthority. This must be of the form:
arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
tags(Tag)
/set_tags(Option<Vec::<Tag>>)
:
required: trueList of tags to be associated with the CA.
- On success, responds with
TagCertificateAuthorityOutput
- On failure, responds with
SdkError<TagCertificateAuthorityError>
source§impl Client
impl Client
Constructs a fluent builder for the UntagCertificateAuthority
operation.
- The fluent builder is configurable:
certificate_authority_arn(impl Into<String>)
/set_certificate_authority_arn(Option<String>)
:
required: trueThe Amazon Resource Name (ARN) that was returned when you called CreateCertificateAuthority. This must be of the form:
arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
tags(Tag)
/set_tags(Option<Vec::<Tag>>)
:
required: trueList of tags to be removed from the CA.
- On success, responds with
UntagCertificateAuthorityOutput
- On failure, responds with
SdkError<UntagCertificateAuthorityError>
source§impl Client
impl Client
Constructs a fluent builder for the UpdateCertificateAuthority
operation.
- The fluent builder is configurable:
certificate_authority_arn(impl Into<String>)
/set_certificate_authority_arn(Option<String>)
:
required: trueAmazon Resource Name (ARN) of the private CA that issued the certificate to be revoked. This must be of the form:
arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
revocation_configuration(RevocationConfiguration)
/set_revocation_configuration(Option<RevocationConfiguration>)
:
required: falseContains information to enable Online Certificate Status Protocol (OCSP) support, to enable a certificate revocation list (CRL), to enable both, or to enable neither. If this parameter is not supplied, existing capibilites remain unchanged. For more information, see the OcspConfiguration and CrlConfiguration types.
The following requirements apply to revocation configurations.
-
A configuration disabling CRLs or OCSP must contain only the
Enabled=False
parameter, and will fail if other parameters such asCustomCname
orExpirationInDays
are included. -
In a CRL configuration, the
S3BucketName
parameter must conform to Amazon S3 bucket naming rules. -
A configuration containing a custom Canonical Name (CNAME) parameter for CRLs or OCSP must conform to RFC2396 restrictions on the use of special characters in a CNAME.
-
In a CRL or OCSP configuration, the value of a CNAME parameter must not include a protocol prefix such as “http://” or “https://”.
-
status(CertificateAuthorityStatus)
/set_status(Option<CertificateAuthorityStatus>)
:
required: falseStatus of your private CA.
- On success, responds with
UpdateCertificateAuthorityOutput
- On failure, responds with
SdkError<UpdateCertificateAuthorityError>
source§impl Client
impl Client
sourcepub fn from_conf(conf: Config) -> Self
pub fn from_conf(conf: Config) -> Self
Creates a new client from the service Config
.
§Panics
This method will panic in the following cases:
- Retries or timeouts are enabled without a
sleep_impl
configured. - Identity caching is enabled without a
sleep_impl
andtime_source
configured. - No
behavior_version
is provided.
The panic message for each of these will have instructions on how to resolve them.
source§impl Client
impl Client
sourcepub fn new(sdk_config: &SdkConfig) -> Self
pub fn new(sdk_config: &SdkConfig) -> Self
Creates a new client from an SDK Config.
§Panics
- This method will panic if the
sdk_config
is missing an async sleep implementation. If you experience this panic, set thesleep_impl
on the Config passed into this function to fix it. - This method will panic if the
sdk_config
is missing an HTTP connector. If you experience this panic, set thehttp_connector
on the Config passed into this function to fix it. - This method will panic if no
BehaviorVersion
is provided. If you experience this panic, setbehavior_version
on the Config or enable thebehavior-version-latest
Cargo feature.
Trait Implementations§
source§impl Waiters for Client
impl Waiters for Client
source§fn wait_until_audit_report_created(&self) -> AuditReportCreatedFluentBuilder
fn wait_until_audit_report_created(&self) -> AuditReportCreatedFluentBuilder
source§fn wait_until_certificate_issued(&self) -> CertificateIssuedFluentBuilder
fn wait_until_certificate_issued(&self) -> CertificateIssuedFluentBuilder
Auto Trait Implementations§
impl Freeze for Client
impl !RefUnwindSafe for Client
impl Send for Client
impl Sync for Client
impl Unpin for Client
impl !UnwindSafe for Client
Blanket Implementations§
source§impl<T> BorrowMut<T> for Twhere
T: ?Sized,
impl<T> BorrowMut<T> for Twhere
T: ?Sized,
source§fn borrow_mut(&mut self) -> &mut T
fn borrow_mut(&mut self) -> &mut T
source§impl<T> Instrument for T
impl<T> Instrument for T
source§fn instrument(self, span: Span) -> Instrumented<Self>
fn instrument(self, span: Span) -> Instrumented<Self>
source§fn in_current_span(self) -> Instrumented<Self>
fn in_current_span(self) -> Instrumented<Self>
source§impl<T> IntoEither for T
impl<T> IntoEither for T
source§fn into_either(self, into_left: bool) -> Either<Self, Self>
fn into_either(self, into_left: bool) -> Either<Self, Self>
self
into a Left
variant of Either<Self, Self>
if into_left
is true
.
Converts self
into a Right
variant of Either<Self, Self>
otherwise. Read moresource§fn into_either_with<F>(self, into_left: F) -> Either<Self, Self>
fn into_either_with<F>(self, into_left: F) -> Either<Self, Self>
self
into a Left
variant of Either<Self, Self>
if into_left(&self)
returns true
.
Converts self
into a Right
variant of Either<Self, Self>
otherwise. Read more