diff --git a/Godeps/Godeps.json b/Godeps/Godeps.json index cb473f64fce..c6da040f584 100644 --- a/Godeps/Godeps.json +++ b/Godeps/Godeps.json @@ -306,6 +306,11 @@ "Comment": "v1.6.10", "Rev": "63ce630574a5ec05ecd8e8de5cea16332a5a684d" }, + { + "ImportPath": "github.com/aws/aws-sdk-go/service/kms", + "Comment": "v1.6.10", + "Rev": "63ce630574a5ec05ecd8e8de5cea16332a5a684d" + }, { "ImportPath": "github.com/aws/aws-sdk-go/service/route53", "Comment": "v1.6.10", diff --git a/Godeps/LICENSES b/Godeps/LICENSES index 6a7d5480e23..5670ca2dea8 100644 --- a/Godeps/LICENSES +++ b/Godeps/LICENSES @@ -8112,6 +8112,216 @@ SOFTWARE. ================================================================================ +================================================================================ += vendor/github.com/aws/aws-sdk-go/service/kms licensed under: = + + + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright [yyyy] [name of copyright owner] + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + += vendor/github.com/aws/aws-sdk-go/LICENSE.txt 3b83ef96387f14655fc854ddc3c6bd57 - +================================================================================ + + ================================================================================ = vendor/github.com/aws/aws-sdk-go/service/route53 licensed under: = diff --git a/pkg/cloudprovider/providers/aws/BUILD b/pkg/cloudprovider/providers/aws/BUILD index 8075984fe78..eadeaa1f3ce 100644 --- a/pkg/cloudprovider/providers/aws/BUILD +++ b/pkg/cloudprovider/providers/aws/BUILD @@ -41,6 +41,7 @@ go_library( "//vendor/github.com/aws/aws-sdk-go/service/autoscaling:go_default_library", "//vendor/github.com/aws/aws-sdk-go/service/ec2:go_default_library", "//vendor/github.com/aws/aws-sdk-go/service/elb:go_default_library", + "//vendor/github.com/aws/aws-sdk-go/service/kms:go_default_library", "//vendor/github.com/golang/glog:go_default_library", "//vendor/github.com/prometheus/client_golang/prometheus:go_default_library", "//vendor/gopkg.in/gcfg.v1:go_default_library", @@ -69,6 +70,7 @@ go_test( "//vendor/github.com/aws/aws-sdk-go/service/autoscaling:go_default_library", "//vendor/github.com/aws/aws-sdk-go/service/ec2:go_default_library", "//vendor/github.com/aws/aws-sdk-go/service/elb:go_default_library", + "//vendor/github.com/aws/aws-sdk-go/service/kms:go_default_library", "//vendor/github.com/golang/glog:go_default_library", "//vendor/github.com/stretchr/testify/assert:go_default_library", "//vendor/github.com/stretchr/testify/mock:go_default_library", diff --git a/pkg/cloudprovider/providers/aws/aws.go b/pkg/cloudprovider/providers/aws/aws.go index ad52baea296..098d011d24b 100644 --- a/pkg/cloudprovider/providers/aws/aws.go +++ b/pkg/cloudprovider/providers/aws/aws.go @@ -38,6 +38,7 @@ import ( "github.com/aws/aws-sdk-go/service/autoscaling" "github.com/aws/aws-sdk-go/service/ec2" "github.com/aws/aws-sdk-go/service/elb" + "github.com/aws/aws-sdk-go/service/kms" "github.com/golang/glog" "github.com/prometheus/client_golang/prometheus" @@ -203,6 +204,7 @@ type Services interface { LoadBalancing(region string) (ELB, error) Autoscaling(region string) (ASG, error) Metadata() (EC2Metadata, error) + KeyManagement(region string) (KMS, error) } // EC2 is an abstraction over AWS', to allow mocking/other implementations @@ -273,6 +275,12 @@ type ASG interface { DescribeAutoScalingGroups(*autoscaling.DescribeAutoScalingGroupsInput) (*autoscaling.DescribeAutoScalingGroupsOutput, error) } +// KMS is a simple pass-through of the Key Management Service client interface, +// which allows for testing. +type KMS interface { + DescribeKey(*kms.DescribeKeyInput) (*kms.DescribeKeyOutput, error) +} + // EC2Metadata is an abstraction over the AWS metadata service. type EC2Metadata interface { // Query the EC2 metadata service (used to discover instance-id etc) @@ -370,6 +378,7 @@ type Cloud struct { ec2 EC2 elb ELB asg ASG + kms KMS metadata EC2Metadata cfg *CloudConfig region string @@ -568,6 +577,20 @@ func (p *awsSDKProvider) Metadata() (EC2Metadata, error) { return client, nil } +func (p *awsSDKProvider) KeyManagement(regionName string) (KMS, error) { + awsConfig := &aws.Config{ + Region: ®ionName, + Credentials: p.creds, + } + awsConfig = awsConfig.WithCredentialsChainVerboseErrors(true) + + kmsClient := kms.New(session.New(awsConfig)) + + p.addHandlers(regionName, &kmsClient.Handlers) + + return kmsClient, nil +} + // stringPointerArray creates a slice of string pointers from a slice of strings // Deprecated: consider using aws.StringSlice - but note the slightly different behaviour with a nil input func stringPointerArray(orig []string) []*string { @@ -877,11 +900,17 @@ func newAWSCloud(config io.Reader, awsServices Services) (*Cloud, error) { return nil, fmt.Errorf("error creating AWS autoscaling client: %v", err) } + kms, err := awsServices.KeyManagement(regionName) + if err != nil { + return nil, fmt.Errorf("error creating AWS key management client: %v", err) + } + awsCloud := &Cloud{ ec2: ec2, elb: elb, asg: asg, metadata: metadata, + kms: kms, cfg: cfg, region: regionName, @@ -1788,6 +1817,14 @@ func (c *Cloud) CreateDisk(volumeOptions *VolumeOptions) (KubernetesVolumeID, er request.VolumeType = aws.String(createType) request.Encrypted = aws.Bool(volumeOptions.Encrypted) if len(volumeOptions.KmsKeyId) > 0 { + if missing, err := c.checkEncryptionKey(volumeOptions.KmsKeyId); err != nil { + if missing { + // KSM key is missing, provisioning would fail + return "", err + } + // Log checkEncryptionKey error and try provisioning anyway. + glog.Warningf("Cannot check KSM key %s: %v", volumeOptions.KmsKeyId, err) + } request.KmsKeyId = aws.String(volumeOptions.KmsKeyId) request.Encrypted = aws.Bool(true) } @@ -1819,6 +1856,23 @@ func (c *Cloud) CreateDisk(volumeOptions *VolumeOptions) (KubernetesVolumeID, er return volumeName, nil } +// checkEncryptionKey tests that given encryption key exists. +func (c *Cloud) checkEncryptionKey(keyId string) (missing bool, err error) { + input := &kms.DescribeKeyInput{ + KeyId: aws.String(keyId), + } + _, err = c.kms.DescribeKey(input) + if err == nil { + return false, nil + } + if awsError, ok := err.(awserr.Error); ok { + if awsError.Code() == "NotFoundException" { + return true, fmt.Errorf("KMS key %s not found: %q", keyId, err) + } + } + return false, fmt.Errorf("Error checking KSM key %s: %q", keyId, err) +} + // DeleteDisk implements Volumes.DeleteDisk func (c *Cloud) DeleteDisk(volumeName KubernetesVolumeID) (bool, error) { awsDisk, err := newAWSDisk(c, volumeName) diff --git a/pkg/cloudprovider/providers/aws/aws_test.go b/pkg/cloudprovider/providers/aws/aws_test.go index ee2712b5205..1fef442cc7e 100644 --- a/pkg/cloudprovider/providers/aws/aws_test.go +++ b/pkg/cloudprovider/providers/aws/aws_test.go @@ -26,6 +26,7 @@ import ( "github.com/aws/aws-sdk-go/aws" "github.com/aws/aws-sdk-go/service/ec2" "github.com/aws/aws-sdk-go/service/elb" + "github.com/aws/aws-sdk-go/service/kms" "github.com/aws/aws-sdk-go/service/autoscaling" "github.com/golang/glog" @@ -123,6 +124,7 @@ type FakeAWSServices struct { elb *FakeELB asg *FakeASG metadata *FakeMetadata + kms *FakeKMS } func NewFakeAWSServices() *FakeAWSServices { @@ -132,6 +134,7 @@ func NewFakeAWSServices() *FakeAWSServices { s.elb = &FakeELB{aws: s} s.asg = &FakeASG{aws: s} s.metadata = &FakeMetadata{aws: s} + s.kms = &FakeKMS{aws: s} s.networkInterfacesMacs = []string{"aa:bb:cc:dd:ee:00", "aa:bb:cc:dd:ee:01"} s.networkInterfacesVpcIDs = []string{"vpc-mac0", "vpc-mac1"} @@ -179,6 +182,10 @@ func (s *FakeAWSServices) Metadata() (EC2Metadata, error) { return s.metadata, nil } +func (s *FakeAWSServices) KeyManagement(region string) (KMS, error) { + return s.kms, nil +} + func TestNewAWSCloud(t *testing.T) { tests := []struct { name string @@ -511,6 +518,15 @@ func (a *FakeASG) DescribeAutoScalingGroups(*autoscaling.DescribeAutoScalingGrou panic("Not implemented") } +type FakeKMS struct { + aws *FakeAWSServices + mock.Mock +} + +func (kms *FakeKMS) DescribeKey(*kms.DescribeKeyInput) (*kms.DescribeKeyOutput, error) { + panic("Not implemented") +} + func mockInstancesResp(selfInstance *ec2.Instance, instances []*ec2.Instance) (*Cloud, *FakeAWSServices) { awsServices := NewFakeAWSServices() awsServices.instances = instances diff --git a/vendor/BUILD b/vendor/BUILD index 52509046252..7d3c2a76cc5 100644 --- a/vendor/BUILD +++ b/vendor/BUILD @@ -38,6 +38,7 @@ filegroup( "//vendor/github.com/aws/aws-sdk-go/service/ec2:all-srcs", "//vendor/github.com/aws/aws-sdk-go/service/ecr:all-srcs", "//vendor/github.com/aws/aws-sdk-go/service/elb:all-srcs", + "//vendor/github.com/aws/aws-sdk-go/service/kms:all-srcs", "//vendor/github.com/aws/aws-sdk-go/service/route53:all-srcs", "//vendor/github.com/aws/aws-sdk-go/service/sts:all-srcs", "//vendor/github.com/beorn7/perks/quantile:all-srcs", diff --git a/vendor/github.com/aws/aws-sdk-go/service/kms/BUILD b/vendor/github.com/aws/aws-sdk-go/service/kms/BUILD new file mode 100644 index 00000000000..b988da91aa4 --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go/service/kms/BUILD @@ -0,0 +1,34 @@ +load("@io_bazel_rules_go//go:def.bzl", "go_library") + +go_library( + name = "go_default_library", + srcs = [ + "api.go", + "service.go", + ], + visibility = ["//visibility:public"], + deps = [ + "//vendor/github.com/aws/aws-sdk-go/aws:go_default_library", + "//vendor/github.com/aws/aws-sdk-go/aws/awsutil:go_default_library", + "//vendor/github.com/aws/aws-sdk-go/aws/client:go_default_library", + "//vendor/github.com/aws/aws-sdk-go/aws/client/metadata:go_default_library", + "//vendor/github.com/aws/aws-sdk-go/aws/request:go_default_library", + "//vendor/github.com/aws/aws-sdk-go/aws/signer/v4:go_default_library", + "//vendor/github.com/aws/aws-sdk-go/private/protocol:go_default_library", + "//vendor/github.com/aws/aws-sdk-go/private/protocol/jsonrpc:go_default_library", + ], +) + +filegroup( + name = "package-srcs", + srcs = glob(["**"]), + tags = ["automanaged"], + visibility = ["//visibility:private"], +) + +filegroup( + name = "all-srcs", + srcs = [":package-srcs"], + tags = ["automanaged"], + visibility = ["//visibility:public"], +) diff --git a/vendor/github.com/aws/aws-sdk-go/service/kms/api.go b/vendor/github.com/aws/aws-sdk-go/service/kms/api.go new file mode 100644 index 00000000000..31c464d6c45 --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go/service/kms/api.go @@ -0,0 +1,6886 @@ +// THIS FILE IS AUTOMATICALLY GENERATED. DO NOT EDIT. + +// Package kms provides a client for AWS Key Management Service. +package kms + +import ( + "time" + + "github.com/aws/aws-sdk-go/aws/awsutil" + "github.com/aws/aws-sdk-go/aws/request" + "github.com/aws/aws-sdk-go/private/protocol" + "github.com/aws/aws-sdk-go/private/protocol/jsonrpc" +) + +const opCancelKeyDeletion = "CancelKeyDeletion" + +// CancelKeyDeletionRequest generates a "aws/request.Request" representing the +// client's request for the CancelKeyDeletion operation. The "output" return +// value can be used to capture response data after the request's "Send" method +// is called. +// +// See CancelKeyDeletion for usage and error information. +// +// Creating a request object using this method should be used when you want to inject +// custom logic into the request's lifecycle using a custom handler, or if you want to +// access properties on the request object before or after sending the request. If +// you just want the service response, call the CancelKeyDeletion method directly +// instead. +// +// Note: You must call the "Send" method on the returned request object in order +// to execute the request. +// +// // Example sending a request using the CancelKeyDeletionRequest method. +// req, resp := client.CancelKeyDeletionRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/CancelKeyDeletion +func (c *KMS) CancelKeyDeletionRequest(input *CancelKeyDeletionInput) (req *request.Request, output *CancelKeyDeletionOutput) { + op := &request.Operation{ + Name: opCancelKeyDeletion, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &CancelKeyDeletionInput{} + } + + output = &CancelKeyDeletionOutput{} + req = c.newRequest(op, input, output) + return +} + +// CancelKeyDeletion API operation for AWS Key Management Service. +// +// Cancels the deletion of a customer master key (CMK). When this operation +// is successful, the CMK is set to the Disabled state. To enable a CMK, use +// EnableKey. +// +// For more information about scheduling and canceling deletion of a CMK, see +// Deleting Customer Master Keys (http://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys.html) +// in the AWS Key Management Service Developer Guide. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS Key Management Service's +// API operation CancelKeyDeletion for usage and error information. +// +// Returned Error Codes: +// * NotFoundException +// The request was rejected because the specified entity or resource could not +// be found. +// +// * InvalidArnException +// The request was rejected because a specified ARN was not valid. +// +// * DependencyTimeoutException +// The system timed out while trying to fulfill the request. The request can +// be retried. +// +// * InternalException +// The request was rejected because an internal exception occurred. The request +// can be retried. +// +// * InvalidStateException +// The request was rejected because the state of the specified resource is not +// valid for this request. +// +// For more information about how key state affects the use of a CMK, see How +// Key State Affects Use of a Customer Master Key (http://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// in the AWS Key Management Service Developer Guide. +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/CancelKeyDeletion +func (c *KMS) CancelKeyDeletion(input *CancelKeyDeletionInput) (*CancelKeyDeletionOutput, error) { + req, out := c.CancelKeyDeletionRequest(input) + err := req.Send() + return out, err +} + +const opCreateAlias = "CreateAlias" + +// CreateAliasRequest generates a "aws/request.Request" representing the +// client's request for the CreateAlias operation. The "output" return +// value can be used to capture response data after the request's "Send" method +// is called. +// +// See CreateAlias for usage and error information. +// +// Creating a request object using this method should be used when you want to inject +// custom logic into the request's lifecycle using a custom handler, or if you want to +// access properties on the request object before or after sending the request. If +// you just want the service response, call the CreateAlias method directly +// instead. +// +// Note: You must call the "Send" method on the returned request object in order +// to execute the request. +// +// // Example sending a request using the CreateAliasRequest method. +// req, resp := client.CreateAliasRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/CreateAlias +func (c *KMS) CreateAliasRequest(input *CreateAliasInput) (req *request.Request, output *CreateAliasOutput) { + op := &request.Operation{ + Name: opCreateAlias, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &CreateAliasInput{} + } + + output = &CreateAliasOutput{} + req = c.newRequest(op, input, output) + req.Handlers.Unmarshal.Remove(jsonrpc.UnmarshalHandler) + req.Handlers.Unmarshal.PushBackNamed(protocol.UnmarshalDiscardBodyHandler) + return +} + +// CreateAlias API operation for AWS Key Management Service. +// +// Creates a display name for a customer master key. An alias can be used to +// identify a key and should be unique. The console enforces a one-to-one mapping +// between the alias and a key. An alias name can contain only alphanumeric +// characters, forward slashes (/), underscores (_), and dashes (-). An alias +// must start with the word "alias" followed by a forward slash (alias/). An +// alias that begins with "aws" after the forward slash (alias/aws...) is reserved +// by Amazon Web Services (AWS). +// +// The alias and the key it is mapped to must be in the same AWS account and +// the same region. +// +// To map an alias to a different key, call UpdateAlias. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS Key Management Service's +// API operation CreateAlias for usage and error information. +// +// Returned Error Codes: +// * DependencyTimeoutException +// The system timed out while trying to fulfill the request. The request can +// be retried. +// +// * AlreadyExistsException +// The request was rejected because it attempted to create a resource that already +// exists. +// +// * NotFoundException +// The request was rejected because the specified entity or resource could not +// be found. +// +// * InvalidAliasNameException +// The request was rejected because the specified alias name is not valid. +// +// * InternalException +// The request was rejected because an internal exception occurred. The request +// can be retried. +// +// * LimitExceededException +// The request was rejected because a limit was exceeded. For more information, +// see Limits (http://docs.aws.amazon.com/kms/latest/developerguide/limits.html) +// in the AWS Key Management Service Developer Guide. +// +// * InvalidStateException +// The request was rejected because the state of the specified resource is not +// valid for this request. +// +// For more information about how key state affects the use of a CMK, see How +// Key State Affects Use of a Customer Master Key (http://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// in the AWS Key Management Service Developer Guide. +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/CreateAlias +func (c *KMS) CreateAlias(input *CreateAliasInput) (*CreateAliasOutput, error) { + req, out := c.CreateAliasRequest(input) + err := req.Send() + return out, err +} + +const opCreateGrant = "CreateGrant" + +// CreateGrantRequest generates a "aws/request.Request" representing the +// client's request for the CreateGrant operation. The "output" return +// value can be used to capture response data after the request's "Send" method +// is called. +// +// See CreateGrant for usage and error information. +// +// Creating a request object using this method should be used when you want to inject +// custom logic into the request's lifecycle using a custom handler, or if you want to +// access properties on the request object before or after sending the request. If +// you just want the service response, call the CreateGrant method directly +// instead. +// +// Note: You must call the "Send" method on the returned request object in order +// to execute the request. +// +// // Example sending a request using the CreateGrantRequest method. +// req, resp := client.CreateGrantRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/CreateGrant +func (c *KMS) CreateGrantRequest(input *CreateGrantInput) (req *request.Request, output *CreateGrantOutput) { + op := &request.Operation{ + Name: opCreateGrant, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &CreateGrantInput{} + } + + output = &CreateGrantOutput{} + req = c.newRequest(op, input, output) + return +} + +// CreateGrant API operation for AWS Key Management Service. +// +// Adds a grant to a key to specify who can use the key and under what conditions. +// Grants are alternate permission mechanisms to key policies. +// +// For more information about grants, see Grants (http://docs.aws.amazon.com/kms/latest/developerguide/grants.html) +// in the AWS Key Management Service Developer Guide. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS Key Management Service's +// API operation CreateGrant for usage and error information. +// +// Returned Error Codes: +// * NotFoundException +// The request was rejected because the specified entity or resource could not +// be found. +// +// * DisabledException +// The request was rejected because the specified CMK is not enabled. +// +// * DependencyTimeoutException +// The system timed out while trying to fulfill the request. The request can +// be retried. +// +// * InvalidArnException +// The request was rejected because a specified ARN was not valid. +// +// * InternalException +// The request was rejected because an internal exception occurred. The request +// can be retried. +// +// * InvalidGrantTokenException +// The request was rejected because the specified grant token is not valid. +// +// * LimitExceededException +// The request was rejected because a limit was exceeded. For more information, +// see Limits (http://docs.aws.amazon.com/kms/latest/developerguide/limits.html) +// in the AWS Key Management Service Developer Guide. +// +// * InvalidStateException +// The request was rejected because the state of the specified resource is not +// valid for this request. +// +// For more information about how key state affects the use of a CMK, see How +// Key State Affects Use of a Customer Master Key (http://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// in the AWS Key Management Service Developer Guide. +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/CreateGrant +func (c *KMS) CreateGrant(input *CreateGrantInput) (*CreateGrantOutput, error) { + req, out := c.CreateGrantRequest(input) + err := req.Send() + return out, err +} + +const opCreateKey = "CreateKey" + +// CreateKeyRequest generates a "aws/request.Request" representing the +// client's request for the CreateKey operation. The "output" return +// value can be used to capture response data after the request's "Send" method +// is called. +// +// See CreateKey for usage and error information. +// +// Creating a request object using this method should be used when you want to inject +// custom logic into the request's lifecycle using a custom handler, or if you want to +// access properties on the request object before or after sending the request. If +// you just want the service response, call the CreateKey method directly +// instead. +// +// Note: You must call the "Send" method on the returned request object in order +// to execute the request. +// +// // Example sending a request using the CreateKeyRequest method. +// req, resp := client.CreateKeyRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/CreateKey +func (c *KMS) CreateKeyRequest(input *CreateKeyInput) (req *request.Request, output *CreateKeyOutput) { + op := &request.Operation{ + Name: opCreateKey, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &CreateKeyInput{} + } + + output = &CreateKeyOutput{} + req = c.newRequest(op, input, output) + return +} + +// CreateKey API operation for AWS Key Management Service. +// +// Creates a customer master key (CMK). +// +// You can use a CMK to encrypt small amounts of data (4 KiB or less) directly, +// but CMKs are more commonly used to encrypt data encryption keys (DEKs), which +// are used to encrypt raw data. For more information about DEKs and the difference +// between CMKs and DEKs, see the following: +// +// * The GenerateDataKey operation +// +// * AWS Key Management Service Concepts (http://docs.aws.amazon.com/kms/latest/developerguide/concepts.html) +// in the AWS Key Management Service Developer Guide +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS Key Management Service's +// API operation CreateKey for usage and error information. +// +// Returned Error Codes: +// * MalformedPolicyDocumentException +// The request was rejected because the specified policy is not syntactically +// or semantically correct. +// +// * DependencyTimeoutException +// The system timed out while trying to fulfill the request. The request can +// be retried. +// +// * InvalidArnException +// The request was rejected because a specified ARN was not valid. +// +// * UnsupportedOperationException +// The request was rejected because a specified parameter is not supported or +// a specified resource is not valid for this operation. +// +// * InternalException +// The request was rejected because an internal exception occurred. The request +// can be retried. +// +// * LimitExceededException +// The request was rejected because a limit was exceeded. For more information, +// see Limits (http://docs.aws.amazon.com/kms/latest/developerguide/limits.html) +// in the AWS Key Management Service Developer Guide. +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/CreateKey +func (c *KMS) CreateKey(input *CreateKeyInput) (*CreateKeyOutput, error) { + req, out := c.CreateKeyRequest(input) + err := req.Send() + return out, err +} + +const opDecrypt = "Decrypt" + +// DecryptRequest generates a "aws/request.Request" representing the +// client's request for the Decrypt operation. The "output" return +// value can be used to capture response data after the request's "Send" method +// is called. +// +// See Decrypt for usage and error information. +// +// Creating a request object using this method should be used when you want to inject +// custom logic into the request's lifecycle using a custom handler, or if you want to +// access properties on the request object before or after sending the request. If +// you just want the service response, call the Decrypt method directly +// instead. +// +// Note: You must call the "Send" method on the returned request object in order +// to execute the request. +// +// // Example sending a request using the DecryptRequest method. +// req, resp := client.DecryptRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/Decrypt +func (c *KMS) DecryptRequest(input *DecryptInput) (req *request.Request, output *DecryptOutput) { + op := &request.Operation{ + Name: opDecrypt, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &DecryptInput{} + } + + output = &DecryptOutput{} + req = c.newRequest(op, input, output) + return +} + +// Decrypt API operation for AWS Key Management Service. +// +// Decrypts ciphertext. Ciphertext is plaintext that has been previously encrypted +// by using any of the following functions: +// +// * GenerateDataKey +// +// * GenerateDataKeyWithoutPlaintext +// +// * Encrypt +// +// Note that if a caller has been granted access permissions to all keys (through, +// for example, IAM user policies that grant Decrypt permission on all resources), +// then ciphertext encrypted by using keys in other accounts where the key grants +// access to the caller can be decrypted. To remedy this, we recommend that +// you do not grant Decrypt access in an IAM user policy. Instead grant Decrypt +// access only in key policies. If you must grant Decrypt access in an IAM user +// policy, you should scope the resource to specific keys or to specific trusted +// accounts. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS Key Management Service's +// API operation Decrypt for usage and error information. +// +// Returned Error Codes: +// * NotFoundException +// The request was rejected because the specified entity or resource could not +// be found. +// +// * DisabledException +// The request was rejected because the specified CMK is not enabled. +// +// * InvalidCiphertextException +// The request was rejected because the specified ciphertext has been corrupted +// or is otherwise invalid. +// +// * KeyUnavailableException +// The request was rejected because the specified CMK was not available. The +// request can be retried. +// +// * DependencyTimeoutException +// The system timed out while trying to fulfill the request. The request can +// be retried. +// +// * InvalidGrantTokenException +// The request was rejected because the specified grant token is not valid. +// +// * InternalException +// The request was rejected because an internal exception occurred. The request +// can be retried. +// +// * InvalidStateException +// The request was rejected because the state of the specified resource is not +// valid for this request. +// +// For more information about how key state affects the use of a CMK, see How +// Key State Affects Use of a Customer Master Key (http://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// in the AWS Key Management Service Developer Guide. +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/Decrypt +func (c *KMS) Decrypt(input *DecryptInput) (*DecryptOutput, error) { + req, out := c.DecryptRequest(input) + err := req.Send() + return out, err +} + +const opDeleteAlias = "DeleteAlias" + +// DeleteAliasRequest generates a "aws/request.Request" representing the +// client's request for the DeleteAlias operation. The "output" return +// value can be used to capture response data after the request's "Send" method +// is called. +// +// See DeleteAlias for usage and error information. +// +// Creating a request object using this method should be used when you want to inject +// custom logic into the request's lifecycle using a custom handler, or if you want to +// access properties on the request object before or after sending the request. If +// you just want the service response, call the DeleteAlias method directly +// instead. +// +// Note: You must call the "Send" method on the returned request object in order +// to execute the request. +// +// // Example sending a request using the DeleteAliasRequest method. +// req, resp := client.DeleteAliasRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/DeleteAlias +func (c *KMS) DeleteAliasRequest(input *DeleteAliasInput) (req *request.Request, output *DeleteAliasOutput) { + op := &request.Operation{ + Name: opDeleteAlias, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &DeleteAliasInput{} + } + + output = &DeleteAliasOutput{} + req = c.newRequest(op, input, output) + req.Handlers.Unmarshal.Remove(jsonrpc.UnmarshalHandler) + req.Handlers.Unmarshal.PushBackNamed(protocol.UnmarshalDiscardBodyHandler) + return +} + +// DeleteAlias API operation for AWS Key Management Service. +// +// Deletes the specified alias. To map an alias to a different key, call UpdateAlias. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS Key Management Service's +// API operation DeleteAlias for usage and error information. +// +// Returned Error Codes: +// * DependencyTimeoutException +// The system timed out while trying to fulfill the request. The request can +// be retried. +// +// * NotFoundException +// The request was rejected because the specified entity or resource could not +// be found. +// +// * InternalException +// The request was rejected because an internal exception occurred. The request +// can be retried. +// +// * InvalidStateException +// The request was rejected because the state of the specified resource is not +// valid for this request. +// +// For more information about how key state affects the use of a CMK, see How +// Key State Affects Use of a Customer Master Key (http://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// in the AWS Key Management Service Developer Guide. +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/DeleteAlias +func (c *KMS) DeleteAlias(input *DeleteAliasInput) (*DeleteAliasOutput, error) { + req, out := c.DeleteAliasRequest(input) + err := req.Send() + return out, err +} + +const opDeleteImportedKeyMaterial = "DeleteImportedKeyMaterial" + +// DeleteImportedKeyMaterialRequest generates a "aws/request.Request" representing the +// client's request for the DeleteImportedKeyMaterial operation. The "output" return +// value can be used to capture response data after the request's "Send" method +// is called. +// +// See DeleteImportedKeyMaterial for usage and error information. +// +// Creating a request object using this method should be used when you want to inject +// custom logic into the request's lifecycle using a custom handler, or if you want to +// access properties on the request object before or after sending the request. If +// you just want the service response, call the DeleteImportedKeyMaterial method directly +// instead. +// +// Note: You must call the "Send" method on the returned request object in order +// to execute the request. +// +// // Example sending a request using the DeleteImportedKeyMaterialRequest method. +// req, resp := client.DeleteImportedKeyMaterialRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/DeleteImportedKeyMaterial +func (c *KMS) DeleteImportedKeyMaterialRequest(input *DeleteImportedKeyMaterialInput) (req *request.Request, output *DeleteImportedKeyMaterialOutput) { + op := &request.Operation{ + Name: opDeleteImportedKeyMaterial, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &DeleteImportedKeyMaterialInput{} + } + + output = &DeleteImportedKeyMaterialOutput{} + req = c.newRequest(op, input, output) + req.Handlers.Unmarshal.Remove(jsonrpc.UnmarshalHandler) + req.Handlers.Unmarshal.PushBackNamed(protocol.UnmarshalDiscardBodyHandler) + return +} + +// DeleteImportedKeyMaterial API operation for AWS Key Management Service. +// +// Deletes key material that you previously imported and makes the specified +// customer master key (CMK) unusable. For more information about importing +// key material into AWS KMS, see Importing Key Material (http://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html) +// in the AWS Key Management Service Developer Guide. +// +// When the specified CMK is in the PendingDeletion state, this operation does +// not change the CMK's state. Otherwise, it changes the CMK's state to PendingImport. +// +// After you delete key material, you can use ImportKeyMaterial to reimport +// the same key material into the CMK. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS Key Management Service's +// API operation DeleteImportedKeyMaterial for usage and error information. +// +// Returned Error Codes: +// * InvalidArnException +// The request was rejected because a specified ARN was not valid. +// +// * UnsupportedOperationException +// The request was rejected because a specified parameter is not supported or +// a specified resource is not valid for this operation. +// +// * DependencyTimeoutException +// The system timed out while trying to fulfill the request. The request can +// be retried. +// +// * NotFoundException +// The request was rejected because the specified entity or resource could not +// be found. +// +// * InternalException +// The request was rejected because an internal exception occurred. The request +// can be retried. +// +// * InvalidStateException +// The request was rejected because the state of the specified resource is not +// valid for this request. +// +// For more information about how key state affects the use of a CMK, see How +// Key State Affects Use of a Customer Master Key (http://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// in the AWS Key Management Service Developer Guide. +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/DeleteImportedKeyMaterial +func (c *KMS) DeleteImportedKeyMaterial(input *DeleteImportedKeyMaterialInput) (*DeleteImportedKeyMaterialOutput, error) { + req, out := c.DeleteImportedKeyMaterialRequest(input) + err := req.Send() + return out, err +} + +const opDescribeKey = "DescribeKey" + +// DescribeKeyRequest generates a "aws/request.Request" representing the +// client's request for the DescribeKey operation. The "output" return +// value can be used to capture response data after the request's "Send" method +// is called. +// +// See DescribeKey for usage and error information. +// +// Creating a request object using this method should be used when you want to inject +// custom logic into the request's lifecycle using a custom handler, or if you want to +// access properties on the request object before or after sending the request. If +// you just want the service response, call the DescribeKey method directly +// instead. +// +// Note: You must call the "Send" method on the returned request object in order +// to execute the request. +// +// // Example sending a request using the DescribeKeyRequest method. +// req, resp := client.DescribeKeyRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/DescribeKey +func (c *KMS) DescribeKeyRequest(input *DescribeKeyInput) (req *request.Request, output *DescribeKeyOutput) { + op := &request.Operation{ + Name: opDescribeKey, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &DescribeKeyInput{} + } + + output = &DescribeKeyOutput{} + req = c.newRequest(op, input, output) + return +} + +// DescribeKey API operation for AWS Key Management Service. +// +// Provides detailed information about the specified customer master key. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS Key Management Service's +// API operation DescribeKey for usage and error information. +// +// Returned Error Codes: +// * NotFoundException +// The request was rejected because the specified entity or resource could not +// be found. +// +// * InvalidArnException +// The request was rejected because a specified ARN was not valid. +// +// * DependencyTimeoutException +// The system timed out while trying to fulfill the request. The request can +// be retried. +// +// * InternalException +// The request was rejected because an internal exception occurred. The request +// can be retried. +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/DescribeKey +func (c *KMS) DescribeKey(input *DescribeKeyInput) (*DescribeKeyOutput, error) { + req, out := c.DescribeKeyRequest(input) + err := req.Send() + return out, err +} + +const opDisableKey = "DisableKey" + +// DisableKeyRequest generates a "aws/request.Request" representing the +// client's request for the DisableKey operation. The "output" return +// value can be used to capture response data after the request's "Send" method +// is called. +// +// See DisableKey for usage and error information. +// +// Creating a request object using this method should be used when you want to inject +// custom logic into the request's lifecycle using a custom handler, or if you want to +// access properties on the request object before or after sending the request. If +// you just want the service response, call the DisableKey method directly +// instead. +// +// Note: You must call the "Send" method on the returned request object in order +// to execute the request. +// +// // Example sending a request using the DisableKeyRequest method. +// req, resp := client.DisableKeyRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/DisableKey +func (c *KMS) DisableKeyRequest(input *DisableKeyInput) (req *request.Request, output *DisableKeyOutput) { + op := &request.Operation{ + Name: opDisableKey, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &DisableKeyInput{} + } + + output = &DisableKeyOutput{} + req = c.newRequest(op, input, output) + req.Handlers.Unmarshal.Remove(jsonrpc.UnmarshalHandler) + req.Handlers.Unmarshal.PushBackNamed(protocol.UnmarshalDiscardBodyHandler) + return +} + +// DisableKey API operation for AWS Key Management Service. +// +// Sets the state of a customer master key (CMK) to disabled, thereby preventing +// its use for cryptographic operations. For more information about how key +// state affects the use of a CMK, see How Key State Affects the Use of a Customer +// Master Key (http://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// in the AWS Key Management Service Developer Guide. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS Key Management Service's +// API operation DisableKey for usage and error information. +// +// Returned Error Codes: +// * NotFoundException +// The request was rejected because the specified entity or resource could not +// be found. +// +// * InvalidArnException +// The request was rejected because a specified ARN was not valid. +// +// * DependencyTimeoutException +// The system timed out while trying to fulfill the request. The request can +// be retried. +// +// * InternalException +// The request was rejected because an internal exception occurred. The request +// can be retried. +// +// * InvalidStateException +// The request was rejected because the state of the specified resource is not +// valid for this request. +// +// For more information about how key state affects the use of a CMK, see How +// Key State Affects Use of a Customer Master Key (http://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// in the AWS Key Management Service Developer Guide. +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/DisableKey +func (c *KMS) DisableKey(input *DisableKeyInput) (*DisableKeyOutput, error) { + req, out := c.DisableKeyRequest(input) + err := req.Send() + return out, err +} + +const opDisableKeyRotation = "DisableKeyRotation" + +// DisableKeyRotationRequest generates a "aws/request.Request" representing the +// client's request for the DisableKeyRotation operation. The "output" return +// value can be used to capture response data after the request's "Send" method +// is called. +// +// See DisableKeyRotation for usage and error information. +// +// Creating a request object using this method should be used when you want to inject +// custom logic into the request's lifecycle using a custom handler, or if you want to +// access properties on the request object before or after sending the request. If +// you just want the service response, call the DisableKeyRotation method directly +// instead. +// +// Note: You must call the "Send" method on the returned request object in order +// to execute the request. +// +// // Example sending a request using the DisableKeyRotationRequest method. +// req, resp := client.DisableKeyRotationRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/DisableKeyRotation +func (c *KMS) DisableKeyRotationRequest(input *DisableKeyRotationInput) (req *request.Request, output *DisableKeyRotationOutput) { + op := &request.Operation{ + Name: opDisableKeyRotation, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &DisableKeyRotationInput{} + } + + output = &DisableKeyRotationOutput{} + req = c.newRequest(op, input, output) + req.Handlers.Unmarshal.Remove(jsonrpc.UnmarshalHandler) + req.Handlers.Unmarshal.PushBackNamed(protocol.UnmarshalDiscardBodyHandler) + return +} + +// DisableKeyRotation API operation for AWS Key Management Service. +// +// Disables rotation of the specified key. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS Key Management Service's +// API operation DisableKeyRotation for usage and error information. +// +// Returned Error Codes: +// * NotFoundException +// The request was rejected because the specified entity or resource could not +// be found. +// +// * DisabledException +// The request was rejected because the specified CMK is not enabled. +// +// * InvalidArnException +// The request was rejected because a specified ARN was not valid. +// +// * DependencyTimeoutException +// The system timed out while trying to fulfill the request. The request can +// be retried. +// +// * InternalException +// The request was rejected because an internal exception occurred. The request +// can be retried. +// +// * InvalidStateException +// The request was rejected because the state of the specified resource is not +// valid for this request. +// +// For more information about how key state affects the use of a CMK, see How +// Key State Affects Use of a Customer Master Key (http://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// in the AWS Key Management Service Developer Guide. +// +// * UnsupportedOperationException +// The request was rejected because a specified parameter is not supported or +// a specified resource is not valid for this operation. +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/DisableKeyRotation +func (c *KMS) DisableKeyRotation(input *DisableKeyRotationInput) (*DisableKeyRotationOutput, error) { + req, out := c.DisableKeyRotationRequest(input) + err := req.Send() + return out, err +} + +const opEnableKey = "EnableKey" + +// EnableKeyRequest generates a "aws/request.Request" representing the +// client's request for the EnableKey operation. The "output" return +// value can be used to capture response data after the request's "Send" method +// is called. +// +// See EnableKey for usage and error information. +// +// Creating a request object using this method should be used when you want to inject +// custom logic into the request's lifecycle using a custom handler, or if you want to +// access properties on the request object before or after sending the request. If +// you just want the service response, call the EnableKey method directly +// instead. +// +// Note: You must call the "Send" method on the returned request object in order +// to execute the request. +// +// // Example sending a request using the EnableKeyRequest method. +// req, resp := client.EnableKeyRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/EnableKey +func (c *KMS) EnableKeyRequest(input *EnableKeyInput) (req *request.Request, output *EnableKeyOutput) { + op := &request.Operation{ + Name: opEnableKey, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &EnableKeyInput{} + } + + output = &EnableKeyOutput{} + req = c.newRequest(op, input, output) + req.Handlers.Unmarshal.Remove(jsonrpc.UnmarshalHandler) + req.Handlers.Unmarshal.PushBackNamed(protocol.UnmarshalDiscardBodyHandler) + return +} + +// EnableKey API operation for AWS Key Management Service. +// +// Marks a key as enabled, thereby permitting its use. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS Key Management Service's +// API operation EnableKey for usage and error information. +// +// Returned Error Codes: +// * NotFoundException +// The request was rejected because the specified entity or resource could not +// be found. +// +// * InvalidArnException +// The request was rejected because a specified ARN was not valid. +// +// * DependencyTimeoutException +// The system timed out while trying to fulfill the request. The request can +// be retried. +// +// * InternalException +// The request was rejected because an internal exception occurred. The request +// can be retried. +// +// * LimitExceededException +// The request was rejected because a limit was exceeded. For more information, +// see Limits (http://docs.aws.amazon.com/kms/latest/developerguide/limits.html) +// in the AWS Key Management Service Developer Guide. +// +// * InvalidStateException +// The request was rejected because the state of the specified resource is not +// valid for this request. +// +// For more information about how key state affects the use of a CMK, see How +// Key State Affects Use of a Customer Master Key (http://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// in the AWS Key Management Service Developer Guide. +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/EnableKey +func (c *KMS) EnableKey(input *EnableKeyInput) (*EnableKeyOutput, error) { + req, out := c.EnableKeyRequest(input) + err := req.Send() + return out, err +} + +const opEnableKeyRotation = "EnableKeyRotation" + +// EnableKeyRotationRequest generates a "aws/request.Request" representing the +// client's request for the EnableKeyRotation operation. The "output" return +// value can be used to capture response data after the request's "Send" method +// is called. +// +// See EnableKeyRotation for usage and error information. +// +// Creating a request object using this method should be used when you want to inject +// custom logic into the request's lifecycle using a custom handler, or if you want to +// access properties on the request object before or after sending the request. If +// you just want the service response, call the EnableKeyRotation method directly +// instead. +// +// Note: You must call the "Send" method on the returned request object in order +// to execute the request. +// +// // Example sending a request using the EnableKeyRotationRequest method. +// req, resp := client.EnableKeyRotationRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/EnableKeyRotation +func (c *KMS) EnableKeyRotationRequest(input *EnableKeyRotationInput) (req *request.Request, output *EnableKeyRotationOutput) { + op := &request.Operation{ + Name: opEnableKeyRotation, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &EnableKeyRotationInput{} + } + + output = &EnableKeyRotationOutput{} + req = c.newRequest(op, input, output) + req.Handlers.Unmarshal.Remove(jsonrpc.UnmarshalHandler) + req.Handlers.Unmarshal.PushBackNamed(protocol.UnmarshalDiscardBodyHandler) + return +} + +// EnableKeyRotation API operation for AWS Key Management Service. +// +// Enables rotation of the specified customer master key. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS Key Management Service's +// API operation EnableKeyRotation for usage and error information. +// +// Returned Error Codes: +// * NotFoundException +// The request was rejected because the specified entity or resource could not +// be found. +// +// * DisabledException +// The request was rejected because the specified CMK is not enabled. +// +// * InvalidArnException +// The request was rejected because a specified ARN was not valid. +// +// * DependencyTimeoutException +// The system timed out while trying to fulfill the request. The request can +// be retried. +// +// * InternalException +// The request was rejected because an internal exception occurred. The request +// can be retried. +// +// * InvalidStateException +// The request was rejected because the state of the specified resource is not +// valid for this request. +// +// For more information about how key state affects the use of a CMK, see How +// Key State Affects Use of a Customer Master Key (http://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// in the AWS Key Management Service Developer Guide. +// +// * UnsupportedOperationException +// The request was rejected because a specified parameter is not supported or +// a specified resource is not valid for this operation. +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/EnableKeyRotation +func (c *KMS) EnableKeyRotation(input *EnableKeyRotationInput) (*EnableKeyRotationOutput, error) { + req, out := c.EnableKeyRotationRequest(input) + err := req.Send() + return out, err +} + +const opEncrypt = "Encrypt" + +// EncryptRequest generates a "aws/request.Request" representing the +// client's request for the Encrypt operation. The "output" return +// value can be used to capture response data after the request's "Send" method +// is called. +// +// See Encrypt for usage and error information. +// +// Creating a request object using this method should be used when you want to inject +// custom logic into the request's lifecycle using a custom handler, or if you want to +// access properties on the request object before or after sending the request. If +// you just want the service response, call the Encrypt method directly +// instead. +// +// Note: You must call the "Send" method on the returned request object in order +// to execute the request. +// +// // Example sending a request using the EncryptRequest method. +// req, resp := client.EncryptRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/Encrypt +func (c *KMS) EncryptRequest(input *EncryptInput) (req *request.Request, output *EncryptOutput) { + op := &request.Operation{ + Name: opEncrypt, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &EncryptInput{} + } + + output = &EncryptOutput{} + req = c.newRequest(op, input, output) + return +} + +// Encrypt API operation for AWS Key Management Service. +// +// Encrypts plaintext into ciphertext by using a customer master key. The Encrypt +// function has two primary use cases: +// +// * You can encrypt up to 4 KB of arbitrary data such as an RSA key, a database +// password, or other sensitive customer information. +// +// * If you are moving encrypted data from one region to another, you can +// use this API to encrypt in the new region the plaintext data key that +// was used to encrypt the data in the original region. This provides you +// with an encrypted copy of the data key that can be decrypted in the new +// region and used there to decrypt the encrypted data. +// +// Unless you are moving encrypted data from one region to another, you don't +// use this function to encrypt a generated data key within a region. You retrieve +// data keys already encrypted by calling the GenerateDataKey or GenerateDataKeyWithoutPlaintext +// function. Data keys don't need to be encrypted again by calling Encrypt. +// +// If you want to encrypt data locally in your application, you can use the +// GenerateDataKey function to return a plaintext data encryption key and a +// copy of the key encrypted under the customer master key (CMK) of your choosing. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS Key Management Service's +// API operation Encrypt for usage and error information. +// +// Returned Error Codes: +// * NotFoundException +// The request was rejected because the specified entity or resource could not +// be found. +// +// * DisabledException +// The request was rejected because the specified CMK is not enabled. +// +// * KeyUnavailableException +// The request was rejected because the specified CMK was not available. The +// request can be retried. +// +// * DependencyTimeoutException +// The system timed out while trying to fulfill the request. The request can +// be retried. +// +// * InvalidKeyUsageException +// The request was rejected because the specified KeySpec value is not valid. +// +// * InvalidGrantTokenException +// The request was rejected because the specified grant token is not valid. +// +// * InternalException +// The request was rejected because an internal exception occurred. The request +// can be retried. +// +// * InvalidStateException +// The request was rejected because the state of the specified resource is not +// valid for this request. +// +// For more information about how key state affects the use of a CMK, see How +// Key State Affects Use of a Customer Master Key (http://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// in the AWS Key Management Service Developer Guide. +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/Encrypt +func (c *KMS) Encrypt(input *EncryptInput) (*EncryptOutput, error) { + req, out := c.EncryptRequest(input) + err := req.Send() + return out, err +} + +const opGenerateDataKey = "GenerateDataKey" + +// GenerateDataKeyRequest generates a "aws/request.Request" representing the +// client's request for the GenerateDataKey operation. The "output" return +// value can be used to capture response data after the request's "Send" method +// is called. +// +// See GenerateDataKey for usage and error information. +// +// Creating a request object using this method should be used when you want to inject +// custom logic into the request's lifecycle using a custom handler, or if you want to +// access properties on the request object before or after sending the request. If +// you just want the service response, call the GenerateDataKey method directly +// instead. +// +// Note: You must call the "Send" method on the returned request object in order +// to execute the request. +// +// // Example sending a request using the GenerateDataKeyRequest method. +// req, resp := client.GenerateDataKeyRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/GenerateDataKey +func (c *KMS) GenerateDataKeyRequest(input *GenerateDataKeyInput) (req *request.Request, output *GenerateDataKeyOutput) { + op := &request.Operation{ + Name: opGenerateDataKey, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &GenerateDataKeyInput{} + } + + output = &GenerateDataKeyOutput{} + req = c.newRequest(op, input, output) + return +} + +// GenerateDataKey API operation for AWS Key Management Service. +// +// Returns a data encryption key that you can use in your application to encrypt +// data locally. +// +// You must specify the customer master key (CMK) under which to generate the +// data key. You must also specify the length of the data key using either the +// KeySpec or NumberOfBytes field. You must specify one field or the other, +// but not both. For common key lengths (128-bit and 256-bit symmetric keys), +// we recommend that you use KeySpec. +// +// This operation returns a plaintext copy of the data key in the Plaintext +// field of the response, and an encrypted copy of the data key in the CiphertextBlob +// field. The data key is encrypted under the CMK specified in the KeyId field +// of the request. +// +// We recommend that you use the following pattern to encrypt data locally in +// your application: +// +// Use this operation (GenerateDataKey) to retrieve a data encryption key. +// +// Use the plaintext data encryption key (returned in the Plaintext field of +// the response) to encrypt data locally, then erase the plaintext data key +// from memory. +// +// Store the encrypted data key (returned in the CiphertextBlob field of the +// response) alongside the locally encrypted data. +// +// To decrypt data locally: +// +// Use the Decrypt operation to decrypt the encrypted data key into a plaintext +// copy of the data key. +// +// Use the plaintext data key to decrypt data locally, then erase the plaintext +// data key from memory. +// +// To return only an encrypted copy of the data key, use GenerateDataKeyWithoutPlaintext. +// To return an arbitrary unpredictable byte string, use GenerateRandom. +// +// If you use the optional EncryptionContext field, you must store at least +// enough information to be able to reconstruct the full encryption context +// when you later send the ciphertext to the Decrypt operation. It is a good +// practice to choose an encryption context that you can reconstruct on the +// fly to better secure the ciphertext. For more information, see Encryption +// Context (http://docs.aws.amazon.com/kms/latest/developerguide/encryption-context.html) +// in the AWS Key Management Service Developer Guide. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS Key Management Service's +// API operation GenerateDataKey for usage and error information. +// +// Returned Error Codes: +// * NotFoundException +// The request was rejected because the specified entity or resource could not +// be found. +// +// * DisabledException +// The request was rejected because the specified CMK is not enabled. +// +// * KeyUnavailableException +// The request was rejected because the specified CMK was not available. The +// request can be retried. +// +// * DependencyTimeoutException +// The system timed out while trying to fulfill the request. The request can +// be retried. +// +// * InvalidKeyUsageException +// The request was rejected because the specified KeySpec value is not valid. +// +// * InvalidGrantTokenException +// The request was rejected because the specified grant token is not valid. +// +// * InternalException +// The request was rejected because an internal exception occurred. The request +// can be retried. +// +// * InvalidStateException +// The request was rejected because the state of the specified resource is not +// valid for this request. +// +// For more information about how key state affects the use of a CMK, see How +// Key State Affects Use of a Customer Master Key (http://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// in the AWS Key Management Service Developer Guide. +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/GenerateDataKey +func (c *KMS) GenerateDataKey(input *GenerateDataKeyInput) (*GenerateDataKeyOutput, error) { + req, out := c.GenerateDataKeyRequest(input) + err := req.Send() + return out, err +} + +const opGenerateDataKeyWithoutPlaintext = "GenerateDataKeyWithoutPlaintext" + +// GenerateDataKeyWithoutPlaintextRequest generates a "aws/request.Request" representing the +// client's request for the GenerateDataKeyWithoutPlaintext operation. The "output" return +// value can be used to capture response data after the request's "Send" method +// is called. +// +// See GenerateDataKeyWithoutPlaintext for usage and error information. +// +// Creating a request object using this method should be used when you want to inject +// custom logic into the request's lifecycle using a custom handler, or if you want to +// access properties on the request object before or after sending the request. If +// you just want the service response, call the GenerateDataKeyWithoutPlaintext method directly +// instead. +// +// Note: You must call the "Send" method on the returned request object in order +// to execute the request. +// +// // Example sending a request using the GenerateDataKeyWithoutPlaintextRequest method. +// req, resp := client.GenerateDataKeyWithoutPlaintextRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/GenerateDataKeyWithoutPlaintext +func (c *KMS) GenerateDataKeyWithoutPlaintextRequest(input *GenerateDataKeyWithoutPlaintextInput) (req *request.Request, output *GenerateDataKeyWithoutPlaintextOutput) { + op := &request.Operation{ + Name: opGenerateDataKeyWithoutPlaintext, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &GenerateDataKeyWithoutPlaintextInput{} + } + + output = &GenerateDataKeyWithoutPlaintextOutput{} + req = c.newRequest(op, input, output) + return +} + +// GenerateDataKeyWithoutPlaintext API operation for AWS Key Management Service. +// +// Returns a data encryption key encrypted under a customer master key (CMK). +// This operation is identical to GenerateDataKey but returns only the encrypted +// copy of the data key. +// +// This operation is useful in a system that has multiple components with different +// degrees of trust. For example, consider a system that stores encrypted data +// in containers. Each container stores the encrypted data and an encrypted +// copy of the data key. One component of the system, called the control plane, +// creates new containers. When it creates a new container, it uses this operation +// (GenerateDataKeyWithoutPlaintext) to get an encrypted data key and then stores +// it in the container. Later, a different component of the system, called the +// data plane, puts encrypted data into the containers. To do this, it passes +// the encrypted data key to the Decrypt operation, then uses the returned plaintext +// data key to encrypt data, and finally stores the encrypted data in the container. +// In this system, the control plane never sees the plaintext data key. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS Key Management Service's +// API operation GenerateDataKeyWithoutPlaintext for usage and error information. +// +// Returned Error Codes: +// * NotFoundException +// The request was rejected because the specified entity or resource could not +// be found. +// +// * DisabledException +// The request was rejected because the specified CMK is not enabled. +// +// * KeyUnavailableException +// The request was rejected because the specified CMK was not available. The +// request can be retried. +// +// * DependencyTimeoutException +// The system timed out while trying to fulfill the request. The request can +// be retried. +// +// * InvalidKeyUsageException +// The request was rejected because the specified KeySpec value is not valid. +// +// * InvalidGrantTokenException +// The request was rejected because the specified grant token is not valid. +// +// * InternalException +// The request was rejected because an internal exception occurred. The request +// can be retried. +// +// * InvalidStateException +// The request was rejected because the state of the specified resource is not +// valid for this request. +// +// For more information about how key state affects the use of a CMK, see How +// Key State Affects Use of a Customer Master Key (http://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// in the AWS Key Management Service Developer Guide. +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/GenerateDataKeyWithoutPlaintext +func (c *KMS) GenerateDataKeyWithoutPlaintext(input *GenerateDataKeyWithoutPlaintextInput) (*GenerateDataKeyWithoutPlaintextOutput, error) { + req, out := c.GenerateDataKeyWithoutPlaintextRequest(input) + err := req.Send() + return out, err +} + +const opGenerateRandom = "GenerateRandom" + +// GenerateRandomRequest generates a "aws/request.Request" representing the +// client's request for the GenerateRandom operation. The "output" return +// value can be used to capture response data after the request's "Send" method +// is called. +// +// See GenerateRandom for usage and error information. +// +// Creating a request object using this method should be used when you want to inject +// custom logic into the request's lifecycle using a custom handler, or if you want to +// access properties on the request object before or after sending the request. If +// you just want the service response, call the GenerateRandom method directly +// instead. +// +// Note: You must call the "Send" method on the returned request object in order +// to execute the request. +// +// // Example sending a request using the GenerateRandomRequest method. +// req, resp := client.GenerateRandomRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/GenerateRandom +func (c *KMS) GenerateRandomRequest(input *GenerateRandomInput) (req *request.Request, output *GenerateRandomOutput) { + op := &request.Operation{ + Name: opGenerateRandom, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &GenerateRandomInput{} + } + + output = &GenerateRandomOutput{} + req = c.newRequest(op, input, output) + return +} + +// GenerateRandom API operation for AWS Key Management Service. +// +// Generates an unpredictable byte string. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS Key Management Service's +// API operation GenerateRandom for usage and error information. +// +// Returned Error Codes: +// * DependencyTimeoutException +// The system timed out while trying to fulfill the request. The request can +// be retried. +// +// * InternalException +// The request was rejected because an internal exception occurred. The request +// can be retried. +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/GenerateRandom +func (c *KMS) GenerateRandom(input *GenerateRandomInput) (*GenerateRandomOutput, error) { + req, out := c.GenerateRandomRequest(input) + err := req.Send() + return out, err +} + +const opGetKeyPolicy = "GetKeyPolicy" + +// GetKeyPolicyRequest generates a "aws/request.Request" representing the +// client's request for the GetKeyPolicy operation. The "output" return +// value can be used to capture response data after the request's "Send" method +// is called. +// +// See GetKeyPolicy for usage and error information. +// +// Creating a request object using this method should be used when you want to inject +// custom logic into the request's lifecycle using a custom handler, or if you want to +// access properties on the request object before or after sending the request. If +// you just want the service response, call the GetKeyPolicy method directly +// instead. +// +// Note: You must call the "Send" method on the returned request object in order +// to execute the request. +// +// // Example sending a request using the GetKeyPolicyRequest method. +// req, resp := client.GetKeyPolicyRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/GetKeyPolicy +func (c *KMS) GetKeyPolicyRequest(input *GetKeyPolicyInput) (req *request.Request, output *GetKeyPolicyOutput) { + op := &request.Operation{ + Name: opGetKeyPolicy, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &GetKeyPolicyInput{} + } + + output = &GetKeyPolicyOutput{} + req = c.newRequest(op, input, output) + return +} + +// GetKeyPolicy API operation for AWS Key Management Service. +// +// Retrieves a policy attached to the specified key. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS Key Management Service's +// API operation GetKeyPolicy for usage and error information. +// +// Returned Error Codes: +// * NotFoundException +// The request was rejected because the specified entity or resource could not +// be found. +// +// * InvalidArnException +// The request was rejected because a specified ARN was not valid. +// +// * DependencyTimeoutException +// The system timed out while trying to fulfill the request. The request can +// be retried. +// +// * InternalException +// The request was rejected because an internal exception occurred. The request +// can be retried. +// +// * InvalidStateException +// The request was rejected because the state of the specified resource is not +// valid for this request. +// +// For more information about how key state affects the use of a CMK, see How +// Key State Affects Use of a Customer Master Key (http://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// in the AWS Key Management Service Developer Guide. +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/GetKeyPolicy +func (c *KMS) GetKeyPolicy(input *GetKeyPolicyInput) (*GetKeyPolicyOutput, error) { + req, out := c.GetKeyPolicyRequest(input) + err := req.Send() + return out, err +} + +const opGetKeyRotationStatus = "GetKeyRotationStatus" + +// GetKeyRotationStatusRequest generates a "aws/request.Request" representing the +// client's request for the GetKeyRotationStatus operation. The "output" return +// value can be used to capture response data after the request's "Send" method +// is called. +// +// See GetKeyRotationStatus for usage and error information. +// +// Creating a request object using this method should be used when you want to inject +// custom logic into the request's lifecycle using a custom handler, or if you want to +// access properties on the request object before or after sending the request. If +// you just want the service response, call the GetKeyRotationStatus method directly +// instead. +// +// Note: You must call the "Send" method on the returned request object in order +// to execute the request. +// +// // Example sending a request using the GetKeyRotationStatusRequest method. +// req, resp := client.GetKeyRotationStatusRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/GetKeyRotationStatus +func (c *KMS) GetKeyRotationStatusRequest(input *GetKeyRotationStatusInput) (req *request.Request, output *GetKeyRotationStatusOutput) { + op := &request.Operation{ + Name: opGetKeyRotationStatus, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &GetKeyRotationStatusInput{} + } + + output = &GetKeyRotationStatusOutput{} + req = c.newRequest(op, input, output) + return +} + +// GetKeyRotationStatus API operation for AWS Key Management Service. +// +// Retrieves a Boolean value that indicates whether key rotation is enabled +// for the specified key. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS Key Management Service's +// API operation GetKeyRotationStatus for usage and error information. +// +// Returned Error Codes: +// * NotFoundException +// The request was rejected because the specified entity or resource could not +// be found. +// +// * InvalidArnException +// The request was rejected because a specified ARN was not valid. +// +// * DependencyTimeoutException +// The system timed out while trying to fulfill the request. The request can +// be retried. +// +// * InternalException +// The request was rejected because an internal exception occurred. The request +// can be retried. +// +// * InvalidStateException +// The request was rejected because the state of the specified resource is not +// valid for this request. +// +// For more information about how key state affects the use of a CMK, see How +// Key State Affects Use of a Customer Master Key (http://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// in the AWS Key Management Service Developer Guide. +// +// * UnsupportedOperationException +// The request was rejected because a specified parameter is not supported or +// a specified resource is not valid for this operation. +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/GetKeyRotationStatus +func (c *KMS) GetKeyRotationStatus(input *GetKeyRotationStatusInput) (*GetKeyRotationStatusOutput, error) { + req, out := c.GetKeyRotationStatusRequest(input) + err := req.Send() + return out, err +} + +const opGetParametersForImport = "GetParametersForImport" + +// GetParametersForImportRequest generates a "aws/request.Request" representing the +// client's request for the GetParametersForImport operation. The "output" return +// value can be used to capture response data after the request's "Send" method +// is called. +// +// See GetParametersForImport for usage and error information. +// +// Creating a request object using this method should be used when you want to inject +// custom logic into the request's lifecycle using a custom handler, or if you want to +// access properties on the request object before or after sending the request. If +// you just want the service response, call the GetParametersForImport method directly +// instead. +// +// Note: You must call the "Send" method on the returned request object in order +// to execute the request. +// +// // Example sending a request using the GetParametersForImportRequest method. +// req, resp := client.GetParametersForImportRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/GetParametersForImport +func (c *KMS) GetParametersForImportRequest(input *GetParametersForImportInput) (req *request.Request, output *GetParametersForImportOutput) { + op := &request.Operation{ + Name: opGetParametersForImport, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &GetParametersForImportInput{} + } + + output = &GetParametersForImportOutput{} + req = c.newRequest(op, input, output) + return +} + +// GetParametersForImport API operation for AWS Key Management Service. +// +// Returns the items you need in order to import key material into AWS KMS from +// your existing key management infrastructure. For more information about importing +// key material into AWS KMS, see Importing Key Material (http://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html) +// in the AWS Key Management Service Developer Guide. +// +// You must specify the key ID of the customer master key (CMK) into which you +// will import key material. This CMK's Origin must be EXTERNAL. You must also +// specify the wrapping algorithm and type of wrapping key (public key) that +// you will use to encrypt the key material. +// +// This operation returns a public key and an import token. Use the public key +// to encrypt the key material. Store the import token to send with a subsequent +// ImportKeyMaterial request. The public key and import token from the same +// response must be used together. These items are valid for 24 hours, after +// which they cannot be used for a subsequent ImportKeyMaterial request. To +// retrieve new ones, send another GetParametersForImport request. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS Key Management Service's +// API operation GetParametersForImport for usage and error information. +// +// Returned Error Codes: +// * InvalidArnException +// The request was rejected because a specified ARN was not valid. +// +// * UnsupportedOperationException +// The request was rejected because a specified parameter is not supported or +// a specified resource is not valid for this operation. +// +// * DependencyTimeoutException +// The system timed out while trying to fulfill the request. The request can +// be retried. +// +// * NotFoundException +// The request was rejected because the specified entity or resource could not +// be found. +// +// * InternalException +// The request was rejected because an internal exception occurred. The request +// can be retried. +// +// * InvalidStateException +// The request was rejected because the state of the specified resource is not +// valid for this request. +// +// For more information about how key state affects the use of a CMK, see How +// Key State Affects Use of a Customer Master Key (http://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// in the AWS Key Management Service Developer Guide. +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/GetParametersForImport +func (c *KMS) GetParametersForImport(input *GetParametersForImportInput) (*GetParametersForImportOutput, error) { + req, out := c.GetParametersForImportRequest(input) + err := req.Send() + return out, err +} + +const opImportKeyMaterial = "ImportKeyMaterial" + +// ImportKeyMaterialRequest generates a "aws/request.Request" representing the +// client's request for the ImportKeyMaterial operation. The "output" return +// value can be used to capture response data after the request's "Send" method +// is called. +// +// See ImportKeyMaterial for usage and error information. +// +// Creating a request object using this method should be used when you want to inject +// custom logic into the request's lifecycle using a custom handler, or if you want to +// access properties on the request object before or after sending the request. If +// you just want the service response, call the ImportKeyMaterial method directly +// instead. +// +// Note: You must call the "Send" method on the returned request object in order +// to execute the request. +// +// // Example sending a request using the ImportKeyMaterialRequest method. +// req, resp := client.ImportKeyMaterialRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ImportKeyMaterial +func (c *KMS) ImportKeyMaterialRequest(input *ImportKeyMaterialInput) (req *request.Request, output *ImportKeyMaterialOutput) { + op := &request.Operation{ + Name: opImportKeyMaterial, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &ImportKeyMaterialInput{} + } + + output = &ImportKeyMaterialOutput{} + req = c.newRequest(op, input, output) + return +} + +// ImportKeyMaterial API operation for AWS Key Management Service. +// +// Imports key material into an AWS KMS customer master key (CMK) from your +// existing key management infrastructure. For more information about importing +// key material into AWS KMS, see Importing Key Material (http://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html) +// in the AWS Key Management Service Developer Guide. +// +// You must specify the key ID of the CMK to import the key material into. This +// CMK's Origin must be EXTERNAL. You must also send an import token and the +// encrypted key material. Send the import token that you received in the same +// GetParametersForImport response that contained the public key that you used +// to encrypt the key material. You must also specify whether the key material +// expires and if so, when. When the key material expires, AWS KMS deletes the +// key material and the CMK becomes unusable. To use the CMK again, you can +// reimport the same key material. If you set an expiration date, you can change +// it only by reimporting the same key material and specifying a new expiration +// date. +// +// When this operation is successful, the specified CMK's key state changes +// to Enabled, and you can use the CMK. +// +// After you successfully import key material into a CMK, you can reimport the +// same key material into that CMK, but you cannot import different key material. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS Key Management Service's +// API operation ImportKeyMaterial for usage and error information. +// +// Returned Error Codes: +// * InvalidArnException +// The request was rejected because a specified ARN was not valid. +// +// * UnsupportedOperationException +// The request was rejected because a specified parameter is not supported or +// a specified resource is not valid for this operation. +// +// * DependencyTimeoutException +// The system timed out while trying to fulfill the request. The request can +// be retried. +// +// * NotFoundException +// The request was rejected because the specified entity or resource could not +// be found. +// +// * InternalException +// The request was rejected because an internal exception occurred. The request +// can be retried. +// +// * InvalidStateException +// The request was rejected because the state of the specified resource is not +// valid for this request. +// +// For more information about how key state affects the use of a CMK, see How +// Key State Affects Use of a Customer Master Key (http://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// in the AWS Key Management Service Developer Guide. +// +// * InvalidCiphertextException +// The request was rejected because the specified ciphertext has been corrupted +// or is otherwise invalid. +// +// * IncorrectKeyMaterialException +// The request was rejected because the provided key material is invalid or +// is not the same key material that was previously imported into this customer +// master key (CMK). +// +// * ExpiredImportTokenException +// The request was rejected because the provided import token is expired. Use +// GetParametersForImport to retrieve a new import token and public key, use +// the new public key to encrypt the key material, and then try the request +// again. +// +// * InvalidImportTokenException +// The request was rejected because the provided import token is invalid or +// is associated with a different customer master key (CMK). +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ImportKeyMaterial +func (c *KMS) ImportKeyMaterial(input *ImportKeyMaterialInput) (*ImportKeyMaterialOutput, error) { + req, out := c.ImportKeyMaterialRequest(input) + err := req.Send() + return out, err +} + +const opListAliases = "ListAliases" + +// ListAliasesRequest generates a "aws/request.Request" representing the +// client's request for the ListAliases operation. The "output" return +// value can be used to capture response data after the request's "Send" method +// is called. +// +// See ListAliases for usage and error information. +// +// Creating a request object using this method should be used when you want to inject +// custom logic into the request's lifecycle using a custom handler, or if you want to +// access properties on the request object before or after sending the request. If +// you just want the service response, call the ListAliases method directly +// instead. +// +// Note: You must call the "Send" method on the returned request object in order +// to execute the request. +// +// // Example sending a request using the ListAliasesRequest method. +// req, resp := client.ListAliasesRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ListAliases +func (c *KMS) ListAliasesRequest(input *ListAliasesInput) (req *request.Request, output *ListAliasesOutput) { + op := &request.Operation{ + Name: opListAliases, + HTTPMethod: "POST", + HTTPPath: "/", + Paginator: &request.Paginator{ + InputTokens: []string{"Marker"}, + OutputTokens: []string{"NextMarker"}, + LimitToken: "Limit", + TruncationToken: "Truncated", + }, + } + + if input == nil { + input = &ListAliasesInput{} + } + + output = &ListAliasesOutput{} + req = c.newRequest(op, input, output) + return +} + +// ListAliases API operation for AWS Key Management Service. +// +// Lists all of the key aliases in the account. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS Key Management Service's +// API operation ListAliases for usage and error information. +// +// Returned Error Codes: +// * DependencyTimeoutException +// The system timed out while trying to fulfill the request. The request can +// be retried. +// +// * InvalidMarkerException +// The request was rejected because the marker that specifies where pagination +// should next begin is not valid. +// +// * InternalException +// The request was rejected because an internal exception occurred. The request +// can be retried. +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ListAliases +func (c *KMS) ListAliases(input *ListAliasesInput) (*ListAliasesOutput, error) { + req, out := c.ListAliasesRequest(input) + err := req.Send() + return out, err +} + +// ListAliasesPages iterates over the pages of a ListAliases operation, +// calling the "fn" function with the response data for each page. To stop +// iterating, return false from the fn function. +// +// See ListAliases method for more information on how to use this operation. +// +// Note: This operation can generate multiple requests to a service. +// +// // Example iterating over at most 3 pages of a ListAliases operation. +// pageNum := 0 +// err := client.ListAliasesPages(params, +// func(page *ListAliasesOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) +// +func (c *KMS) ListAliasesPages(input *ListAliasesInput, fn func(p *ListAliasesOutput, lastPage bool) (shouldContinue bool)) error { + page, _ := c.ListAliasesRequest(input) + page.Handlers.Build.PushBack(request.MakeAddToUserAgentFreeFormHandler("Paginator")) + return page.EachPage(func(p interface{}, lastPage bool) bool { + return fn(p.(*ListAliasesOutput), lastPage) + }) +} + +const opListGrants = "ListGrants" + +// ListGrantsRequest generates a "aws/request.Request" representing the +// client's request for the ListGrants operation. The "output" return +// value can be used to capture response data after the request's "Send" method +// is called. +// +// See ListGrants for usage and error information. +// +// Creating a request object using this method should be used when you want to inject +// custom logic into the request's lifecycle using a custom handler, or if you want to +// access properties on the request object before or after sending the request. If +// you just want the service response, call the ListGrants method directly +// instead. +// +// Note: You must call the "Send" method on the returned request object in order +// to execute the request. +// +// // Example sending a request using the ListGrantsRequest method. +// req, resp := client.ListGrantsRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ListGrants +func (c *KMS) ListGrantsRequest(input *ListGrantsInput) (req *request.Request, output *ListGrantsResponse) { + op := &request.Operation{ + Name: opListGrants, + HTTPMethod: "POST", + HTTPPath: "/", + Paginator: &request.Paginator{ + InputTokens: []string{"Marker"}, + OutputTokens: []string{"NextMarker"}, + LimitToken: "Limit", + TruncationToken: "Truncated", + }, + } + + if input == nil { + input = &ListGrantsInput{} + } + + output = &ListGrantsResponse{} + req = c.newRequest(op, input, output) + return +} + +// ListGrants API operation for AWS Key Management Service. +// +// List the grants for a specified key. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS Key Management Service's +// API operation ListGrants for usage and error information. +// +// Returned Error Codes: +// * NotFoundException +// The request was rejected because the specified entity or resource could not +// be found. +// +// * DependencyTimeoutException +// The system timed out while trying to fulfill the request. The request can +// be retried. +// +// * InvalidMarkerException +// The request was rejected because the marker that specifies where pagination +// should next begin is not valid. +// +// * InvalidArnException +// The request was rejected because a specified ARN was not valid. +// +// * InternalException +// The request was rejected because an internal exception occurred. The request +// can be retried. +// +// * InvalidStateException +// The request was rejected because the state of the specified resource is not +// valid for this request. +// +// For more information about how key state affects the use of a CMK, see How +// Key State Affects Use of a Customer Master Key (http://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// in the AWS Key Management Service Developer Guide. +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ListGrants +func (c *KMS) ListGrants(input *ListGrantsInput) (*ListGrantsResponse, error) { + req, out := c.ListGrantsRequest(input) + err := req.Send() + return out, err +} + +// ListGrantsPages iterates over the pages of a ListGrants operation, +// calling the "fn" function with the response data for each page. To stop +// iterating, return false from the fn function. +// +// See ListGrants method for more information on how to use this operation. +// +// Note: This operation can generate multiple requests to a service. +// +// // Example iterating over at most 3 pages of a ListGrants operation. +// pageNum := 0 +// err := client.ListGrantsPages(params, +// func(page *ListGrantsResponse, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) +// +func (c *KMS) ListGrantsPages(input *ListGrantsInput, fn func(p *ListGrantsResponse, lastPage bool) (shouldContinue bool)) error { + page, _ := c.ListGrantsRequest(input) + page.Handlers.Build.PushBack(request.MakeAddToUserAgentFreeFormHandler("Paginator")) + return page.EachPage(func(p interface{}, lastPage bool) bool { + return fn(p.(*ListGrantsResponse), lastPage) + }) +} + +const opListKeyPolicies = "ListKeyPolicies" + +// ListKeyPoliciesRequest generates a "aws/request.Request" representing the +// client's request for the ListKeyPolicies operation. The "output" return +// value can be used to capture response data after the request's "Send" method +// is called. +// +// See ListKeyPolicies for usage and error information. +// +// Creating a request object using this method should be used when you want to inject +// custom logic into the request's lifecycle using a custom handler, or if you want to +// access properties on the request object before or after sending the request. If +// you just want the service response, call the ListKeyPolicies method directly +// instead. +// +// Note: You must call the "Send" method on the returned request object in order +// to execute the request. +// +// // Example sending a request using the ListKeyPoliciesRequest method. +// req, resp := client.ListKeyPoliciesRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ListKeyPolicies +func (c *KMS) ListKeyPoliciesRequest(input *ListKeyPoliciesInput) (req *request.Request, output *ListKeyPoliciesOutput) { + op := &request.Operation{ + Name: opListKeyPolicies, + HTTPMethod: "POST", + HTTPPath: "/", + Paginator: &request.Paginator{ + InputTokens: []string{"Marker"}, + OutputTokens: []string{"NextMarker"}, + LimitToken: "Limit", + TruncationToken: "Truncated", + }, + } + + if input == nil { + input = &ListKeyPoliciesInput{} + } + + output = &ListKeyPoliciesOutput{} + req = c.newRequest(op, input, output) + return +} + +// ListKeyPolicies API operation for AWS Key Management Service. +// +// Retrieves a list of policies attached to a key. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS Key Management Service's +// API operation ListKeyPolicies for usage and error information. +// +// Returned Error Codes: +// * NotFoundException +// The request was rejected because the specified entity or resource could not +// be found. +// +// * InvalidArnException +// The request was rejected because a specified ARN was not valid. +// +// * DependencyTimeoutException +// The system timed out while trying to fulfill the request. The request can +// be retried. +// +// * InternalException +// The request was rejected because an internal exception occurred. The request +// can be retried. +// +// * InvalidStateException +// The request was rejected because the state of the specified resource is not +// valid for this request. +// +// For more information about how key state affects the use of a CMK, see How +// Key State Affects Use of a Customer Master Key (http://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// in the AWS Key Management Service Developer Guide. +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ListKeyPolicies +func (c *KMS) ListKeyPolicies(input *ListKeyPoliciesInput) (*ListKeyPoliciesOutput, error) { + req, out := c.ListKeyPoliciesRequest(input) + err := req.Send() + return out, err +} + +// ListKeyPoliciesPages iterates over the pages of a ListKeyPolicies operation, +// calling the "fn" function with the response data for each page. To stop +// iterating, return false from the fn function. +// +// See ListKeyPolicies method for more information on how to use this operation. +// +// Note: This operation can generate multiple requests to a service. +// +// // Example iterating over at most 3 pages of a ListKeyPolicies operation. +// pageNum := 0 +// err := client.ListKeyPoliciesPages(params, +// func(page *ListKeyPoliciesOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) +// +func (c *KMS) ListKeyPoliciesPages(input *ListKeyPoliciesInput, fn func(p *ListKeyPoliciesOutput, lastPage bool) (shouldContinue bool)) error { + page, _ := c.ListKeyPoliciesRequest(input) + page.Handlers.Build.PushBack(request.MakeAddToUserAgentFreeFormHandler("Paginator")) + return page.EachPage(func(p interface{}, lastPage bool) bool { + return fn(p.(*ListKeyPoliciesOutput), lastPage) + }) +} + +const opListKeys = "ListKeys" + +// ListKeysRequest generates a "aws/request.Request" representing the +// client's request for the ListKeys operation. The "output" return +// value can be used to capture response data after the request's "Send" method +// is called. +// +// See ListKeys for usage and error information. +// +// Creating a request object using this method should be used when you want to inject +// custom logic into the request's lifecycle using a custom handler, or if you want to +// access properties on the request object before or after sending the request. If +// you just want the service response, call the ListKeys method directly +// instead. +// +// Note: You must call the "Send" method on the returned request object in order +// to execute the request. +// +// // Example sending a request using the ListKeysRequest method. +// req, resp := client.ListKeysRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ListKeys +func (c *KMS) ListKeysRequest(input *ListKeysInput) (req *request.Request, output *ListKeysOutput) { + op := &request.Operation{ + Name: opListKeys, + HTTPMethod: "POST", + HTTPPath: "/", + Paginator: &request.Paginator{ + InputTokens: []string{"Marker"}, + OutputTokens: []string{"NextMarker"}, + LimitToken: "Limit", + TruncationToken: "Truncated", + }, + } + + if input == nil { + input = &ListKeysInput{} + } + + output = &ListKeysOutput{} + req = c.newRequest(op, input, output) + return +} + +// ListKeys API operation for AWS Key Management Service. +// +// Lists the customer master keys. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS Key Management Service's +// API operation ListKeys for usage and error information. +// +// Returned Error Codes: +// * DependencyTimeoutException +// The system timed out while trying to fulfill the request. The request can +// be retried. +// +// * InternalException +// The request was rejected because an internal exception occurred. The request +// can be retried. +// +// * InvalidMarkerException +// The request was rejected because the marker that specifies where pagination +// should next begin is not valid. +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ListKeys +func (c *KMS) ListKeys(input *ListKeysInput) (*ListKeysOutput, error) { + req, out := c.ListKeysRequest(input) + err := req.Send() + return out, err +} + +// ListKeysPages iterates over the pages of a ListKeys operation, +// calling the "fn" function with the response data for each page. To stop +// iterating, return false from the fn function. +// +// See ListKeys method for more information on how to use this operation. +// +// Note: This operation can generate multiple requests to a service. +// +// // Example iterating over at most 3 pages of a ListKeys operation. +// pageNum := 0 +// err := client.ListKeysPages(params, +// func(page *ListKeysOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) +// +func (c *KMS) ListKeysPages(input *ListKeysInput, fn func(p *ListKeysOutput, lastPage bool) (shouldContinue bool)) error { + page, _ := c.ListKeysRequest(input) + page.Handlers.Build.PushBack(request.MakeAddToUserAgentFreeFormHandler("Paginator")) + return page.EachPage(func(p interface{}, lastPage bool) bool { + return fn(p.(*ListKeysOutput), lastPage) + }) +} + +const opListRetirableGrants = "ListRetirableGrants" + +// ListRetirableGrantsRequest generates a "aws/request.Request" representing the +// client's request for the ListRetirableGrants operation. The "output" return +// value can be used to capture response data after the request's "Send" method +// is called. +// +// See ListRetirableGrants for usage and error information. +// +// Creating a request object using this method should be used when you want to inject +// custom logic into the request's lifecycle using a custom handler, or if you want to +// access properties on the request object before or after sending the request. If +// you just want the service response, call the ListRetirableGrants method directly +// instead. +// +// Note: You must call the "Send" method on the returned request object in order +// to execute the request. +// +// // Example sending a request using the ListRetirableGrantsRequest method. +// req, resp := client.ListRetirableGrantsRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ListRetirableGrants +func (c *KMS) ListRetirableGrantsRequest(input *ListRetirableGrantsInput) (req *request.Request, output *ListGrantsResponse) { + op := &request.Operation{ + Name: opListRetirableGrants, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &ListRetirableGrantsInput{} + } + + output = &ListGrantsResponse{} + req = c.newRequest(op, input, output) + return +} + +// ListRetirableGrants API operation for AWS Key Management Service. +// +// Returns a list of all grants for which the grant's RetiringPrincipal matches +// the one specified. +// +// A typical use is to list all grants that you are able to retire. To retire +// a grant, use RetireGrant. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS Key Management Service's +// API operation ListRetirableGrants for usage and error information. +// +// Returned Error Codes: +// * DependencyTimeoutException +// The system timed out while trying to fulfill the request. The request can +// be retried. +// +// * InvalidMarkerException +// The request was rejected because the marker that specifies where pagination +// should next begin is not valid. +// +// * InvalidArnException +// The request was rejected because a specified ARN was not valid. +// +// * NotFoundException +// The request was rejected because the specified entity or resource could not +// be found. +// +// * InternalException +// The request was rejected because an internal exception occurred. The request +// can be retried. +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ListRetirableGrants +func (c *KMS) ListRetirableGrants(input *ListRetirableGrantsInput) (*ListGrantsResponse, error) { + req, out := c.ListRetirableGrantsRequest(input) + err := req.Send() + return out, err +} + +const opPutKeyPolicy = "PutKeyPolicy" + +// PutKeyPolicyRequest generates a "aws/request.Request" representing the +// client's request for the PutKeyPolicy operation. The "output" return +// value can be used to capture response data after the request's "Send" method +// is called. +// +// See PutKeyPolicy for usage and error information. +// +// Creating a request object using this method should be used when you want to inject +// custom logic into the request's lifecycle using a custom handler, or if you want to +// access properties on the request object before or after sending the request. If +// you just want the service response, call the PutKeyPolicy method directly +// instead. +// +// Note: You must call the "Send" method on the returned request object in order +// to execute the request. +// +// // Example sending a request using the PutKeyPolicyRequest method. +// req, resp := client.PutKeyPolicyRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/PutKeyPolicy +func (c *KMS) PutKeyPolicyRequest(input *PutKeyPolicyInput) (req *request.Request, output *PutKeyPolicyOutput) { + op := &request.Operation{ + Name: opPutKeyPolicy, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &PutKeyPolicyInput{} + } + + output = &PutKeyPolicyOutput{} + req = c.newRequest(op, input, output) + req.Handlers.Unmarshal.Remove(jsonrpc.UnmarshalHandler) + req.Handlers.Unmarshal.PushBackNamed(protocol.UnmarshalDiscardBodyHandler) + return +} + +// PutKeyPolicy API operation for AWS Key Management Service. +// +// Attaches a key policy to the specified customer master key (CMK). +// +// For more information about key policies, see Key Policies (http://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html) +// in the AWS Key Management Service Developer Guide. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS Key Management Service's +// API operation PutKeyPolicy for usage and error information. +// +// Returned Error Codes: +// * NotFoundException +// The request was rejected because the specified entity or resource could not +// be found. +// +// * InvalidArnException +// The request was rejected because a specified ARN was not valid. +// +// * MalformedPolicyDocumentException +// The request was rejected because the specified policy is not syntactically +// or semantically correct. +// +// * DependencyTimeoutException +// The system timed out while trying to fulfill the request. The request can +// be retried. +// +// * UnsupportedOperationException +// The request was rejected because a specified parameter is not supported or +// a specified resource is not valid for this operation. +// +// * InternalException +// The request was rejected because an internal exception occurred. The request +// can be retried. +// +// * LimitExceededException +// The request was rejected because a limit was exceeded. For more information, +// see Limits (http://docs.aws.amazon.com/kms/latest/developerguide/limits.html) +// in the AWS Key Management Service Developer Guide. +// +// * InvalidStateException +// The request was rejected because the state of the specified resource is not +// valid for this request. +// +// For more information about how key state affects the use of a CMK, see How +// Key State Affects Use of a Customer Master Key (http://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// in the AWS Key Management Service Developer Guide. +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/PutKeyPolicy +func (c *KMS) PutKeyPolicy(input *PutKeyPolicyInput) (*PutKeyPolicyOutput, error) { + req, out := c.PutKeyPolicyRequest(input) + err := req.Send() + return out, err +} + +const opReEncrypt = "ReEncrypt" + +// ReEncryptRequest generates a "aws/request.Request" representing the +// client's request for the ReEncrypt operation. The "output" return +// value can be used to capture response data after the request's "Send" method +// is called. +// +// See ReEncrypt for usage and error information. +// +// Creating a request object using this method should be used when you want to inject +// custom logic into the request's lifecycle using a custom handler, or if you want to +// access properties on the request object before or after sending the request. If +// you just want the service response, call the ReEncrypt method directly +// instead. +// +// Note: You must call the "Send" method on the returned request object in order +// to execute the request. +// +// // Example sending a request using the ReEncryptRequest method. +// req, resp := client.ReEncryptRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ReEncrypt +func (c *KMS) ReEncryptRequest(input *ReEncryptInput) (req *request.Request, output *ReEncryptOutput) { + op := &request.Operation{ + Name: opReEncrypt, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &ReEncryptInput{} + } + + output = &ReEncryptOutput{} + req = c.newRequest(op, input, output) + return +} + +// ReEncrypt API operation for AWS Key Management Service. +// +// Encrypts data on the server side with a new customer master key (CMK) without +// exposing the plaintext of the data on the client side. The data is first +// decrypted and then reencrypted. You can also use this operation to change +// the encryption context of a ciphertext. +// +// Unlike other operations, ReEncrypt is authorized twice, once as ReEncryptFrom +// on the source CMK and once as ReEncryptTo on the destination CMK. We recommend +// that you include the "kms:ReEncrypt*" permission in your key policies (http://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html) +// to permit reencryption from or to the CMK. This permission is automatically +// included in the key policy when you create a CMK through the console, but +// you must include it manually when you create a CMK programmatically or when +// you set a key policy with the PutKeyPolicy operation. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS Key Management Service's +// API operation ReEncrypt for usage and error information. +// +// Returned Error Codes: +// * NotFoundException +// The request was rejected because the specified entity or resource could not +// be found. +// +// * DisabledException +// The request was rejected because the specified CMK is not enabled. +// +// * InvalidCiphertextException +// The request was rejected because the specified ciphertext has been corrupted +// or is otherwise invalid. +// +// * KeyUnavailableException +// The request was rejected because the specified CMK was not available. The +// request can be retried. +// +// * DependencyTimeoutException +// The system timed out while trying to fulfill the request. The request can +// be retried. +// +// * InvalidKeyUsageException +// The request was rejected because the specified KeySpec value is not valid. +// +// * InvalidGrantTokenException +// The request was rejected because the specified grant token is not valid. +// +// * InternalException +// The request was rejected because an internal exception occurred. The request +// can be retried. +// +// * InvalidStateException +// The request was rejected because the state of the specified resource is not +// valid for this request. +// +// For more information about how key state affects the use of a CMK, see How +// Key State Affects Use of a Customer Master Key (http://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// in the AWS Key Management Service Developer Guide. +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ReEncrypt +func (c *KMS) ReEncrypt(input *ReEncryptInput) (*ReEncryptOutput, error) { + req, out := c.ReEncryptRequest(input) + err := req.Send() + return out, err +} + +const opRetireGrant = "RetireGrant" + +// RetireGrantRequest generates a "aws/request.Request" representing the +// client's request for the RetireGrant operation. The "output" return +// value can be used to capture response data after the request's "Send" method +// is called. +// +// See RetireGrant for usage and error information. +// +// Creating a request object using this method should be used when you want to inject +// custom logic into the request's lifecycle using a custom handler, or if you want to +// access properties on the request object before or after sending the request. If +// you just want the service response, call the RetireGrant method directly +// instead. +// +// Note: You must call the "Send" method on the returned request object in order +// to execute the request. +// +// // Example sending a request using the RetireGrantRequest method. +// req, resp := client.RetireGrantRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/RetireGrant +func (c *KMS) RetireGrantRequest(input *RetireGrantInput) (req *request.Request, output *RetireGrantOutput) { + op := &request.Operation{ + Name: opRetireGrant, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &RetireGrantInput{} + } + + output = &RetireGrantOutput{} + req = c.newRequest(op, input, output) + req.Handlers.Unmarshal.Remove(jsonrpc.UnmarshalHandler) + req.Handlers.Unmarshal.PushBackNamed(protocol.UnmarshalDiscardBodyHandler) + return +} + +// RetireGrant API operation for AWS Key Management Service. +// +// Retires a grant. To clean up, you can retire a grant when you're done using +// it. You should revoke a grant when you intend to actively deny operations +// that depend on it. The following are permitted to call this API: +// +// * The AWS account (root user) under which the grant was created +// +// * The RetiringPrincipal, if present in the grant +// +// * The GranteePrincipal, if RetireGrant is an operation specified in the +// grant +// +// You must identify the grant to retire by its grant token or by a combination +// of the grant ID and the Amazon Resource Name (ARN) of the customer master +// key (CMK). A grant token is a unique variable-length base64-encoded string. +// A grant ID is a 64 character unique identifier of a grant. The CreateGrant +// operation returns both. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS Key Management Service's +// API operation RetireGrant for usage and error information. +// +// Returned Error Codes: +// * InvalidGrantTokenException +// The request was rejected because the specified grant token is not valid. +// +// * InvalidGrantIdException +// The request was rejected because the specified GrantId is not valid. +// +// * NotFoundException +// The request was rejected because the specified entity or resource could not +// be found. +// +// * DependencyTimeoutException +// The system timed out while trying to fulfill the request. The request can +// be retried. +// +// * InternalException +// The request was rejected because an internal exception occurred. The request +// can be retried. +// +// * InvalidStateException +// The request was rejected because the state of the specified resource is not +// valid for this request. +// +// For more information about how key state affects the use of a CMK, see How +// Key State Affects Use of a Customer Master Key (http://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// in the AWS Key Management Service Developer Guide. +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/RetireGrant +func (c *KMS) RetireGrant(input *RetireGrantInput) (*RetireGrantOutput, error) { + req, out := c.RetireGrantRequest(input) + err := req.Send() + return out, err +} + +const opRevokeGrant = "RevokeGrant" + +// RevokeGrantRequest generates a "aws/request.Request" representing the +// client's request for the RevokeGrant operation. The "output" return +// value can be used to capture response data after the request's "Send" method +// is called. +// +// See RevokeGrant for usage and error information. +// +// Creating a request object using this method should be used when you want to inject +// custom logic into the request's lifecycle using a custom handler, or if you want to +// access properties on the request object before or after sending the request. If +// you just want the service response, call the RevokeGrant method directly +// instead. +// +// Note: You must call the "Send" method on the returned request object in order +// to execute the request. +// +// // Example sending a request using the RevokeGrantRequest method. +// req, resp := client.RevokeGrantRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/RevokeGrant +func (c *KMS) RevokeGrantRequest(input *RevokeGrantInput) (req *request.Request, output *RevokeGrantOutput) { + op := &request.Operation{ + Name: opRevokeGrant, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &RevokeGrantInput{} + } + + output = &RevokeGrantOutput{} + req = c.newRequest(op, input, output) + req.Handlers.Unmarshal.Remove(jsonrpc.UnmarshalHandler) + req.Handlers.Unmarshal.PushBackNamed(protocol.UnmarshalDiscardBodyHandler) + return +} + +// RevokeGrant API operation for AWS Key Management Service. +// +// Revokes a grant. You can revoke a grant to actively deny operations that +// depend on it. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS Key Management Service's +// API operation RevokeGrant for usage and error information. +// +// Returned Error Codes: +// * NotFoundException +// The request was rejected because the specified entity or resource could not +// be found. +// +// * DependencyTimeoutException +// The system timed out while trying to fulfill the request. The request can +// be retried. +// +// * InvalidArnException +// The request was rejected because a specified ARN was not valid. +// +// * InvalidGrantIdException +// The request was rejected because the specified GrantId is not valid. +// +// * InternalException +// The request was rejected because an internal exception occurred. The request +// can be retried. +// +// * InvalidStateException +// The request was rejected because the state of the specified resource is not +// valid for this request. +// +// For more information about how key state affects the use of a CMK, see How +// Key State Affects Use of a Customer Master Key (http://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// in the AWS Key Management Service Developer Guide. +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/RevokeGrant +func (c *KMS) RevokeGrant(input *RevokeGrantInput) (*RevokeGrantOutput, error) { + req, out := c.RevokeGrantRequest(input) + err := req.Send() + return out, err +} + +const opScheduleKeyDeletion = "ScheduleKeyDeletion" + +// ScheduleKeyDeletionRequest generates a "aws/request.Request" representing the +// client's request for the ScheduleKeyDeletion operation. The "output" return +// value can be used to capture response data after the request's "Send" method +// is called. +// +// See ScheduleKeyDeletion for usage and error information. +// +// Creating a request object using this method should be used when you want to inject +// custom logic into the request's lifecycle using a custom handler, or if you want to +// access properties on the request object before or after sending the request. If +// you just want the service response, call the ScheduleKeyDeletion method directly +// instead. +// +// Note: You must call the "Send" method on the returned request object in order +// to execute the request. +// +// // Example sending a request using the ScheduleKeyDeletionRequest method. +// req, resp := client.ScheduleKeyDeletionRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ScheduleKeyDeletion +func (c *KMS) ScheduleKeyDeletionRequest(input *ScheduleKeyDeletionInput) (req *request.Request, output *ScheduleKeyDeletionOutput) { + op := &request.Operation{ + Name: opScheduleKeyDeletion, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &ScheduleKeyDeletionInput{} + } + + output = &ScheduleKeyDeletionOutput{} + req = c.newRequest(op, input, output) + return +} + +// ScheduleKeyDeletion API operation for AWS Key Management Service. +// +// Schedules the deletion of a customer master key (CMK). You may provide a +// waiting period, specified in days, before deletion occurs. If you do not +// provide a waiting period, the default period of 30 days is used. When this +// operation is successful, the state of the CMK changes to PendingDeletion. +// Before the waiting period ends, you can use CancelKeyDeletion to cancel the +// deletion of the CMK. After the waiting period ends, AWS KMS deletes the CMK +// and all AWS KMS data associated with it, including all aliases that refer +// to it. +// +// Deleting a CMK is a destructive and potentially dangerous operation. When +// a CMK is deleted, all data that was encrypted under the CMK is rendered unrecoverable. +// To restrict the use of a CMK without deleting it, use DisableKey. +// +// For more information about scheduling a CMK for deletion, see Deleting Customer +// Master Keys (http://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys.html) +// in the AWS Key Management Service Developer Guide. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS Key Management Service's +// API operation ScheduleKeyDeletion for usage and error information. +// +// Returned Error Codes: +// * NotFoundException +// The request was rejected because the specified entity or resource could not +// be found. +// +// * InvalidArnException +// The request was rejected because a specified ARN was not valid. +// +// * DependencyTimeoutException +// The system timed out while trying to fulfill the request. The request can +// be retried. +// +// * InternalException +// The request was rejected because an internal exception occurred. The request +// can be retried. +// +// * InvalidStateException +// The request was rejected because the state of the specified resource is not +// valid for this request. +// +// For more information about how key state affects the use of a CMK, see How +// Key State Affects Use of a Customer Master Key (http://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// in the AWS Key Management Service Developer Guide. +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ScheduleKeyDeletion +func (c *KMS) ScheduleKeyDeletion(input *ScheduleKeyDeletionInput) (*ScheduleKeyDeletionOutput, error) { + req, out := c.ScheduleKeyDeletionRequest(input) + err := req.Send() + return out, err +} + +const opUpdateAlias = "UpdateAlias" + +// UpdateAliasRequest generates a "aws/request.Request" representing the +// client's request for the UpdateAlias operation. The "output" return +// value can be used to capture response data after the request's "Send" method +// is called. +// +// See UpdateAlias for usage and error information. +// +// Creating a request object using this method should be used when you want to inject +// custom logic into the request's lifecycle using a custom handler, or if you want to +// access properties on the request object before or after sending the request. If +// you just want the service response, call the UpdateAlias method directly +// instead. +// +// Note: You must call the "Send" method on the returned request object in order +// to execute the request. +// +// // Example sending a request using the UpdateAliasRequest method. +// req, resp := client.UpdateAliasRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/UpdateAlias +func (c *KMS) UpdateAliasRequest(input *UpdateAliasInput) (req *request.Request, output *UpdateAliasOutput) { + op := &request.Operation{ + Name: opUpdateAlias, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &UpdateAliasInput{} + } + + output = &UpdateAliasOutput{} + req = c.newRequest(op, input, output) + req.Handlers.Unmarshal.Remove(jsonrpc.UnmarshalHandler) + req.Handlers.Unmarshal.PushBackNamed(protocol.UnmarshalDiscardBodyHandler) + return +} + +// UpdateAlias API operation for AWS Key Management Service. +// +// Updates an alias to map it to a different key. +// +// An alias is not a property of a key. Therefore, an alias can be mapped to +// and unmapped from an existing key without changing the properties of the +// key. +// +// An alias name can contain only alphanumeric characters, forward slashes (/), +// underscores (_), and dashes (-). An alias must start with the word "alias" +// followed by a forward slash (alias/). An alias that begins with "aws" after +// the forward slash (alias/aws...) is reserved by Amazon Web Services (AWS). +// +// The alias and the key it is mapped to must be in the same AWS account and +// the same region. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS Key Management Service's +// API operation UpdateAlias for usage and error information. +// +// Returned Error Codes: +// * DependencyTimeoutException +// The system timed out while trying to fulfill the request. The request can +// be retried. +// +// * NotFoundException +// The request was rejected because the specified entity or resource could not +// be found. +// +// * InternalException +// The request was rejected because an internal exception occurred. The request +// can be retried. +// +// * InvalidStateException +// The request was rejected because the state of the specified resource is not +// valid for this request. +// +// For more information about how key state affects the use of a CMK, see How +// Key State Affects Use of a Customer Master Key (http://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// in the AWS Key Management Service Developer Guide. +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/UpdateAlias +func (c *KMS) UpdateAlias(input *UpdateAliasInput) (*UpdateAliasOutput, error) { + req, out := c.UpdateAliasRequest(input) + err := req.Send() + return out, err +} + +const opUpdateKeyDescription = "UpdateKeyDescription" + +// UpdateKeyDescriptionRequest generates a "aws/request.Request" representing the +// client's request for the UpdateKeyDescription operation. The "output" return +// value can be used to capture response data after the request's "Send" method +// is called. +// +// See UpdateKeyDescription for usage and error information. +// +// Creating a request object using this method should be used when you want to inject +// custom logic into the request's lifecycle using a custom handler, or if you want to +// access properties on the request object before or after sending the request. If +// you just want the service response, call the UpdateKeyDescription method directly +// instead. +// +// Note: You must call the "Send" method on the returned request object in order +// to execute the request. +// +// // Example sending a request using the UpdateKeyDescriptionRequest method. +// req, resp := client.UpdateKeyDescriptionRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/UpdateKeyDescription +func (c *KMS) UpdateKeyDescriptionRequest(input *UpdateKeyDescriptionInput) (req *request.Request, output *UpdateKeyDescriptionOutput) { + op := &request.Operation{ + Name: opUpdateKeyDescription, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &UpdateKeyDescriptionInput{} + } + + output = &UpdateKeyDescriptionOutput{} + req = c.newRequest(op, input, output) + req.Handlers.Unmarshal.Remove(jsonrpc.UnmarshalHandler) + req.Handlers.Unmarshal.PushBackNamed(protocol.UnmarshalDiscardBodyHandler) + return +} + +// UpdateKeyDescription API operation for AWS Key Management Service. +// +// Updates the description of a customer master key (CMK). +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS Key Management Service's +// API operation UpdateKeyDescription for usage and error information. +// +// Returned Error Codes: +// * NotFoundException +// The request was rejected because the specified entity or resource could not +// be found. +// +// * InvalidArnException +// The request was rejected because a specified ARN was not valid. +// +// * DependencyTimeoutException +// The system timed out while trying to fulfill the request. The request can +// be retried. +// +// * InternalException +// The request was rejected because an internal exception occurred. The request +// can be retried. +// +// * InvalidStateException +// The request was rejected because the state of the specified resource is not +// valid for this request. +// +// For more information about how key state affects the use of a CMK, see How +// Key State Affects Use of a Customer Master Key (http://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// in the AWS Key Management Service Developer Guide. +// +// Please also see https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/UpdateKeyDescription +func (c *KMS) UpdateKeyDescription(input *UpdateKeyDescriptionInput) (*UpdateKeyDescriptionOutput, error) { + req, out := c.UpdateKeyDescriptionRequest(input) + err := req.Send() + return out, err +} + +// Contains information about an alias. +// Please also see https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/AliasListEntry +type AliasListEntry struct { + _ struct{} `type:"structure"` + + // String that contains the key ARN. + AliasArn *string `min:"20" type:"string"` + + // String that contains the alias. + AliasName *string `min:"1" type:"string"` + + // String that contains the key identifier referred to by the alias. + TargetKeyId *string `min:"1" type:"string"` +} + +// String returns the string representation +func (s AliasListEntry) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s AliasListEntry) GoString() string { + return s.String() +} + +// SetAliasArn sets the AliasArn field's value. +func (s *AliasListEntry) SetAliasArn(v string) *AliasListEntry { + s.AliasArn = &v + return s +} + +// SetAliasName sets the AliasName field's value. +func (s *AliasListEntry) SetAliasName(v string) *AliasListEntry { + s.AliasName = &v + return s +} + +// SetTargetKeyId sets the TargetKeyId field's value. +func (s *AliasListEntry) SetTargetKeyId(v string) *AliasListEntry { + s.TargetKeyId = &v + return s +} + +// Please also see https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/CancelKeyDeletionRequest +type CancelKeyDeletionInput struct { + _ struct{} `type:"structure"` + + // The unique identifier for the customer master key (CMK) for which to cancel + // deletion. + // + // To specify this value, use the unique key ID or the Amazon Resource Name + // (ARN) of the CMK. Examples: + // + // * Unique key ID: 1234abcd-12ab-34cd-56ef-1234567890ab + // + // * Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab + // + // To obtain the unique key ID and key ARN for a given CMK, use ListKeys or + // DescribeKey. + // + // KeyId is a required field + KeyId *string `min:"1" type:"string" required:"true"` +} + +// String returns the string representation +func (s CancelKeyDeletionInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s CancelKeyDeletionInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *CancelKeyDeletionInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "CancelKeyDeletionInput"} + if s.KeyId == nil { + invalidParams.Add(request.NewErrParamRequired("KeyId")) + } + if s.KeyId != nil && len(*s.KeyId) < 1 { + invalidParams.Add(request.NewErrParamMinLen("KeyId", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetKeyId sets the KeyId field's value. +func (s *CancelKeyDeletionInput) SetKeyId(v string) *CancelKeyDeletionInput { + s.KeyId = &v + return s +} + +// Please also see https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/CancelKeyDeletionResponse +type CancelKeyDeletionOutput struct { + _ struct{} `type:"structure"` + + // The unique identifier of the master key for which deletion is canceled. + KeyId *string `min:"1" type:"string"` +} + +// String returns the string representation +func (s CancelKeyDeletionOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s CancelKeyDeletionOutput) GoString() string { + return s.String() +} + +// SetKeyId sets the KeyId field's value. +func (s *CancelKeyDeletionOutput) SetKeyId(v string) *CancelKeyDeletionOutput { + s.KeyId = &v + return s +} + +// Please also see https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/CreateAliasRequest +type CreateAliasInput struct { + _ struct{} `type:"structure"` + + // String that contains the display name. The name must start with the word + // "alias" followed by a forward slash (alias/). Aliases that begin with "alias/AWS" + // are reserved. + // + // AliasName is a required field + AliasName *string `min:"1" type:"string" required:"true"` + + // An identifier of the key for which you are creating the alias. This value + // cannot be another alias but can be a globally unique identifier or a fully + // specified ARN to a key. + // + // * Key ARN Example - arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012 + // + // * Globally Unique Key ID Example - 12345678-1234-1234-1234-123456789012 + // + // TargetKeyId is a required field + TargetKeyId *string `min:"1" type:"string" required:"true"` +} + +// String returns the string representation +func (s CreateAliasInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s CreateAliasInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *CreateAliasInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "CreateAliasInput"} + if s.AliasName == nil { + invalidParams.Add(request.NewErrParamRequired("AliasName")) + } + if s.AliasName != nil && len(*s.AliasName) < 1 { + invalidParams.Add(request.NewErrParamMinLen("AliasName", 1)) + } + if s.TargetKeyId == nil { + invalidParams.Add(request.NewErrParamRequired("TargetKeyId")) + } + if s.TargetKeyId != nil && len(*s.TargetKeyId) < 1 { + invalidParams.Add(request.NewErrParamMinLen("TargetKeyId", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetAliasName sets the AliasName field's value. +func (s *CreateAliasInput) SetAliasName(v string) *CreateAliasInput { + s.AliasName = &v + return s +} + +// SetTargetKeyId sets the TargetKeyId field's value. +func (s *CreateAliasInput) SetTargetKeyId(v string) *CreateAliasInput { + s.TargetKeyId = &v + return s +} + +// Please also see https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/CreateAliasOutput +type CreateAliasOutput struct { + _ struct{} `type:"structure"` +} + +// String returns the string representation +func (s CreateAliasOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s CreateAliasOutput) GoString() string { + return s.String() +} + +// Please also see https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/CreateGrantRequest +type CreateGrantInput struct { + _ struct{} `type:"structure"` + + // The conditions under which the operations permitted by the grant are allowed. + // + // You can use this value to allow the operations permitted by the grant only + // when a specified encryption context is present. For more information, see + // Encryption Context (http://docs.aws.amazon.com/kms/latest/developerguide/encryption-context.html) + // in the AWS Key Management Service Developer Guide. + Constraints *GrantConstraints `type:"structure"` + + // A list of grant tokens. + // + // For more information, see Grant Tokens (http://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token) + // in the AWS Key Management Service Developer Guide. + GrantTokens []*string `type:"list"` + + // The principal that is given permission to perform the operations that the + // grant permits. + // + // To specify the principal, use the Amazon Resource Name (ARN) (http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) + // of an AWS principal. Valid AWS principals include AWS accounts (root), IAM + // users, federated users, and assumed role users. For examples of the ARN syntax + // to use for specifying a principal, see AWS Identity and Access Management + // (IAM) (http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#arn-syntax-iam) + // in the Example ARNs section of the AWS General Reference. + // + // GranteePrincipal is a required field + GranteePrincipal *string `min:"1" type:"string" required:"true"` + + // The unique identifier for the customer master key (CMK) that the grant applies + // to. + // + // To specify this value, use the globally unique key ID or the Amazon Resource + // Name (ARN) of the key. Examples: + // + // * Globally unique key ID: 12345678-1234-1234-1234-123456789012 + // + // * Key ARN: arn:aws:kms:us-west-2:123456789012:key/12345678-1234-1234-1234-123456789012 + // + // KeyId is a required field + KeyId *string `min:"1" type:"string" required:"true"` + + // A friendly name for identifying the grant. Use this value to prevent unintended + // creation of duplicate grants when retrying this request. + // + // When this value is absent, all CreateGrant requests result in a new grant + // with a unique GrantId even if all the supplied parameters are identical. + // This can result in unintended duplicates when you retry the CreateGrant request. + // + // When this value is present, you can retry a CreateGrant request with identical + // parameters; if the grant already exists, the original GrantId is returned + // without creating a new grant. Note that the returned grant token is unique + // with every CreateGrant request, even when a duplicate GrantId is returned. + // All grant tokens obtained in this way can be used interchangeably. + Name *string `min:"1" type:"string"` + + // A list of operations that the grant permits. + Operations []*string `type:"list"` + + // The principal that is given permission to retire the grant by using RetireGrant + // operation. + // + // To specify the principal, use the Amazon Resource Name (ARN) (http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) + // of an AWS principal. Valid AWS principals include AWS accounts (root), IAM + // users, federated users, and assumed role users. For examples of the ARN syntax + // to use for specifying a principal, see AWS Identity and Access Management + // (IAM) (http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#arn-syntax-iam) + // in the Example ARNs section of the AWS General Reference. + RetiringPrincipal *string `min:"1" type:"string"` +} + +// String returns the string representation +func (s CreateGrantInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s CreateGrantInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *CreateGrantInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "CreateGrantInput"} + if s.GranteePrincipal == nil { + invalidParams.Add(request.NewErrParamRequired("GranteePrincipal")) + } + if s.GranteePrincipal != nil && len(*s.GranteePrincipal) < 1 { + invalidParams.Add(request.NewErrParamMinLen("GranteePrincipal", 1)) + } + if s.KeyId == nil { + invalidParams.Add(request.NewErrParamRequired("KeyId")) + } + if s.KeyId != nil && len(*s.KeyId) < 1 { + invalidParams.Add(request.NewErrParamMinLen("KeyId", 1)) + } + if s.Name != nil && len(*s.Name) < 1 { + invalidParams.Add(request.NewErrParamMinLen("Name", 1)) + } + if s.RetiringPrincipal != nil && len(*s.RetiringPrincipal) < 1 { + invalidParams.Add(request.NewErrParamMinLen("RetiringPrincipal", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetConstraints sets the Constraints field's value. +func (s *CreateGrantInput) SetConstraints(v *GrantConstraints) *CreateGrantInput { + s.Constraints = v + return s +} + +// SetGrantTokens sets the GrantTokens field's value. +func (s *CreateGrantInput) SetGrantTokens(v []*string) *CreateGrantInput { + s.GrantTokens = v + return s +} + +// SetGranteePrincipal sets the GranteePrincipal field's value. +func (s *CreateGrantInput) SetGranteePrincipal(v string) *CreateGrantInput { + s.GranteePrincipal = &v + return s +} + +// SetKeyId sets the KeyId field's value. +func (s *CreateGrantInput) SetKeyId(v string) *CreateGrantInput { + s.KeyId = &v + return s +} + +// SetName sets the Name field's value. +func (s *CreateGrantInput) SetName(v string) *CreateGrantInput { + s.Name = &v + return s +} + +// SetOperations sets the Operations field's value. +func (s *CreateGrantInput) SetOperations(v []*string) *CreateGrantInput { + s.Operations = v + return s +} + +// SetRetiringPrincipal sets the RetiringPrincipal field's value. +func (s *CreateGrantInput) SetRetiringPrincipal(v string) *CreateGrantInput { + s.RetiringPrincipal = &v + return s +} + +// Please also see https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/CreateGrantResponse +type CreateGrantOutput struct { + _ struct{} `type:"structure"` + + // The unique identifier for the grant. + // + // You can use the GrantId in a subsequent RetireGrant or RevokeGrant operation. + GrantId *string `min:"1" type:"string"` + + // The grant token. + // + // For more information, see Grant Tokens (http://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token) + // in the AWS Key Management Service Developer Guide. + GrantToken *string `min:"1" type:"string"` +} + +// String returns the string representation +func (s CreateGrantOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s CreateGrantOutput) GoString() string { + return s.String() +} + +// SetGrantId sets the GrantId field's value. +func (s *CreateGrantOutput) SetGrantId(v string) *CreateGrantOutput { + s.GrantId = &v + return s +} + +// SetGrantToken sets the GrantToken field's value. +func (s *CreateGrantOutput) SetGrantToken(v string) *CreateGrantOutput { + s.GrantToken = &v + return s +} + +// Please also see https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/CreateKeyRequest +type CreateKeyInput struct { + _ struct{} `type:"structure"` + + // A flag to indicate whether to bypass the key policy lockout safety check. + // + // Setting this value to true increases the likelihood that the CMK becomes + // unmanageable. Do not set this value to true indiscriminately. + // + // For more information, refer to the scenario in the Default Key Policy (http://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default-allow-root-enable-iam) + // section in the AWS Key Management Service Developer Guide. + // + // Use this parameter only when you include a policy in the request and you + // intend to prevent the principal making the request from making a subsequent + // PutKeyPolicy request on the CMK. + // + // The default value is false. + BypassPolicyLockoutSafetyCheck *bool `type:"boolean"` + + // A description of the CMK. + // + // Use a description that helps you decide whether the CMK is appropriate for + // a task. + Description *string `type:"string"` + + // The intended use of the CMK. + // + // You can use CMKs only for symmetric encryption and decryption. + KeyUsage *string `type:"string" enum:"KeyUsageType"` + + // The source of the CMK's key material. + // + // The default is AWS_KMS, which means AWS KMS creates the key material. When + // this parameter is set to EXTERNAL, the request creates a CMK without key + // material so that you can import key material from your existing key management + // infrastructure. For more information about importing key material into AWS + // KMS, see Importing Key Material (http://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html) + // in the AWS Key Management Service Developer Guide. + // + // The CMK's Origin is immutable and is set when the CMK is created. + Origin *string `type:"string" enum:"OriginType"` + + // The key policy to attach to the CMK. + // + // If you specify a policy and do not set BypassPolicyLockoutSafetyCheck to + // true, the policy must meet the following criteria: + // + // * It must allow the principal making the CreateKey request to make a subsequent + // PutKeyPolicy request on the CMK. This reduces the likelihood that the + // CMK becomes unmanageable. For more information, refer to the scenario + // in the Default Key Policy (http://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default-allow-root-enable-iam) + // section in the AWS Key Management Service Developer Guide. + // + // * The principal(s) specified in the key policy must exist and be visible + // to AWS KMS. When you create a new AWS principal (for example, an IAM user + // or role), you might need to enforce a delay before specifying the new + // principal in a key policy because the new principal might not immediately + // be visible to AWS KMS. For more information, see Changes that I make are + // not always immediately visible (http://docs.aws.amazon.com/IAM/latest/UserGuide/troubleshoot_general.html#troubleshoot_general_eventual-consistency) + // in the IAM User Guide. + // + // If you do not specify a policy, AWS KMS attaches a default key policy to + // the CMK. For more information, see Default Key Policy (http://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default) + // in the AWS Key Management Service Developer Guide. + // + // The policy size limit is 32 KiB (32768 bytes). + Policy *string `min:"1" type:"string"` +} + +// String returns the string representation +func (s CreateKeyInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s CreateKeyInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *CreateKeyInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "CreateKeyInput"} + if s.Policy != nil && len(*s.Policy) < 1 { + invalidParams.Add(request.NewErrParamMinLen("Policy", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetBypassPolicyLockoutSafetyCheck sets the BypassPolicyLockoutSafetyCheck field's value. +func (s *CreateKeyInput) SetBypassPolicyLockoutSafetyCheck(v bool) *CreateKeyInput { + s.BypassPolicyLockoutSafetyCheck = &v + return s +} + +// SetDescription sets the Description field's value. +func (s *CreateKeyInput) SetDescription(v string) *CreateKeyInput { + s.Description = &v + return s +} + +// SetKeyUsage sets the KeyUsage field's value. +func (s *CreateKeyInput) SetKeyUsage(v string) *CreateKeyInput { + s.KeyUsage = &v + return s +} + +// SetOrigin sets the Origin field's value. +func (s *CreateKeyInput) SetOrigin(v string) *CreateKeyInput { + s.Origin = &v + return s +} + +// SetPolicy sets the Policy field's value. +func (s *CreateKeyInput) SetPolicy(v string) *CreateKeyInput { + s.Policy = &v + return s +} + +// Please also see https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/CreateKeyResponse +type CreateKeyOutput struct { + _ struct{} `type:"structure"` + + // Metadata associated with the CMK. + KeyMetadata *KeyMetadata `type:"structure"` +} + +// String returns the string representation +func (s CreateKeyOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s CreateKeyOutput) GoString() string { + return s.String() +} + +// SetKeyMetadata sets the KeyMetadata field's value. +func (s *CreateKeyOutput) SetKeyMetadata(v *KeyMetadata) *CreateKeyOutput { + s.KeyMetadata = v + return s +} + +// Please also see https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/DecryptRequest +type DecryptInput struct { + _ struct{} `type:"structure"` + + // Ciphertext to be decrypted. The blob includes metadata. + // + // CiphertextBlob is automatically base64 encoded/decoded by the SDK. + // + // CiphertextBlob is a required field + CiphertextBlob []byte `min:"1" type:"blob" required:"true"` + + // The encryption context. If this was specified in the Encrypt function, it + // must be specified here or the decryption operation will fail. For more information, + // see Encryption Context (http://docs.aws.amazon.com/kms/latest/developerguide/encryption-context.html). + EncryptionContext map[string]*string `type:"map"` + + // A list of grant tokens. + // + // For more information, see Grant Tokens (http://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token) + // in the AWS Key Management Service Developer Guide. + GrantTokens []*string `type:"list"` +} + +// String returns the string representation +func (s DecryptInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DecryptInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *DecryptInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DecryptInput"} + if s.CiphertextBlob == nil { + invalidParams.Add(request.NewErrParamRequired("CiphertextBlob")) + } + if s.CiphertextBlob != nil && len(s.CiphertextBlob) < 1 { + invalidParams.Add(request.NewErrParamMinLen("CiphertextBlob", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetCiphertextBlob sets the CiphertextBlob field's value. +func (s *DecryptInput) SetCiphertextBlob(v []byte) *DecryptInput { + s.CiphertextBlob = v + return s +} + +// SetEncryptionContext sets the EncryptionContext field's value. +func (s *DecryptInput) SetEncryptionContext(v map[string]*string) *DecryptInput { + s.EncryptionContext = v + return s +} + +// SetGrantTokens sets the GrantTokens field's value. +func (s *DecryptInput) SetGrantTokens(v []*string) *DecryptInput { + s.GrantTokens = v + return s +} + +// Please also see https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/DecryptResponse +type DecryptOutput struct { + _ struct{} `type:"structure"` + + // ARN of the key used to perform the decryption. This value is returned if + // no errors are encountered during the operation. + KeyId *string `min:"1" type:"string"` + + // Decrypted plaintext data. This value may not be returned if the customer + // master key is not available or if you didn't have permission to use it. + // + // Plaintext is automatically base64 encoded/decoded by the SDK. + Plaintext []byte `min:"1" type:"blob"` +} + +// String returns the string representation +func (s DecryptOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DecryptOutput) GoString() string { + return s.String() +} + +// SetKeyId sets the KeyId field's value. +func (s *DecryptOutput) SetKeyId(v string) *DecryptOutput { + s.KeyId = &v + return s +} + +// SetPlaintext sets the Plaintext field's value. +func (s *DecryptOutput) SetPlaintext(v []byte) *DecryptOutput { + s.Plaintext = v + return s +} + +// Please also see https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/DeleteAliasRequest +type DeleteAliasInput struct { + _ struct{} `type:"structure"` + + // The alias to be deleted. The name must start with the word "alias" followed + // by a forward slash (alias/). Aliases that begin with "alias/AWS" are reserved. + // + // AliasName is a required field + AliasName *string `min:"1" type:"string" required:"true"` +} + +// String returns the string representation +func (s DeleteAliasInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DeleteAliasInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *DeleteAliasInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DeleteAliasInput"} + if s.AliasName == nil { + invalidParams.Add(request.NewErrParamRequired("AliasName")) + } + if s.AliasName != nil && len(*s.AliasName) < 1 { + invalidParams.Add(request.NewErrParamMinLen("AliasName", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetAliasName sets the AliasName field's value. +func (s *DeleteAliasInput) SetAliasName(v string) *DeleteAliasInput { + s.AliasName = &v + return s +} + +// Please also see https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/DeleteAliasOutput +type DeleteAliasOutput struct { + _ struct{} `type:"structure"` +} + +// String returns the string representation +func (s DeleteAliasOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DeleteAliasOutput) GoString() string { + return s.String() +} + +// Please also see https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/DeleteImportedKeyMaterialRequest +type DeleteImportedKeyMaterialInput struct { + _ struct{} `type:"structure"` + + // The identifier of the CMK whose key material to delete. The CMK's Origin + // must be EXTERNAL. + // + // A valid identifier is the unique key ID or the Amazon Resource Name (ARN) + // of the CMK. Examples: + // + // * Unique key ID: 1234abcd-12ab-34cd-56ef-1234567890ab + // + // * Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab + // + // KeyId is a required field + KeyId *string `min:"1" type:"string" required:"true"` +} + +// String returns the string representation +func (s DeleteImportedKeyMaterialInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DeleteImportedKeyMaterialInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *DeleteImportedKeyMaterialInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DeleteImportedKeyMaterialInput"} + if s.KeyId == nil { + invalidParams.Add(request.NewErrParamRequired("KeyId")) + } + if s.KeyId != nil && len(*s.KeyId) < 1 { + invalidParams.Add(request.NewErrParamMinLen("KeyId", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetKeyId sets the KeyId field's value. +func (s *DeleteImportedKeyMaterialInput) SetKeyId(v string) *DeleteImportedKeyMaterialInput { + s.KeyId = &v + return s +} + +// Please also see https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/DeleteImportedKeyMaterialOutput +type DeleteImportedKeyMaterialOutput struct { + _ struct{} `type:"structure"` +} + +// String returns the string representation +func (s DeleteImportedKeyMaterialOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DeleteImportedKeyMaterialOutput) GoString() string { + return s.String() +} + +// Please also see https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/DescribeKeyRequest +type DescribeKeyInput struct { + _ struct{} `type:"structure"` + + // A list of grant tokens. + // + // For more information, see Grant Tokens (http://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token) + // in the AWS Key Management Service Developer Guide. + GrantTokens []*string `type:"list"` + + // A unique identifier for the customer master key. This value can be a globally + // unique identifier, a fully specified ARN to either an alias or a key, or + // an alias name prefixed by "alias/". + // + // * Key ARN Example - arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012 + // + // * Alias ARN Example - arn:aws:kms:us-east-1:123456789012:alias/MyAliasName + // + // * Globally Unique Key ID Example - 12345678-1234-1234-1234-123456789012 + // + // * Alias Name Example - alias/MyAliasName + // + // KeyId is a required field + KeyId *string `min:"1" type:"string" required:"true"` +} + +// String returns the string representation +func (s DescribeKeyInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DescribeKeyInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *DescribeKeyInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DescribeKeyInput"} + if s.KeyId == nil { + invalidParams.Add(request.NewErrParamRequired("KeyId")) + } + if s.KeyId != nil && len(*s.KeyId) < 1 { + invalidParams.Add(request.NewErrParamMinLen("KeyId", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetGrantTokens sets the GrantTokens field's value. +func (s *DescribeKeyInput) SetGrantTokens(v []*string) *DescribeKeyInput { + s.GrantTokens = v + return s +} + +// SetKeyId sets the KeyId field's value. +func (s *DescribeKeyInput) SetKeyId(v string) *DescribeKeyInput { + s.KeyId = &v + return s +} + +// Please also see https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/DescribeKeyResponse +type DescribeKeyOutput struct { + _ struct{} `type:"structure"` + + // Metadata associated with the key. + KeyMetadata *KeyMetadata `type:"structure"` +} + +// String returns the string representation +func (s DescribeKeyOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DescribeKeyOutput) GoString() string { + return s.String() +} + +// SetKeyMetadata sets the KeyMetadata field's value. +func (s *DescribeKeyOutput) SetKeyMetadata(v *KeyMetadata) *DescribeKeyOutput { + s.KeyMetadata = v + return s +} + +// Please also see https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/DisableKeyRequest +type DisableKeyInput struct { + _ struct{} `type:"structure"` + + // A unique identifier for the CMK. + // + // Use the CMK's unique identifier or its Amazon Resource Name (ARN). For example: + // + // * Unique ID: 1234abcd-12ab-34cd-56ef-1234567890ab + // + // * ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab + // + // KeyId is a required field + KeyId *string `min:"1" type:"string" required:"true"` +} + +// String returns the string representation +func (s DisableKeyInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DisableKeyInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *DisableKeyInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DisableKeyInput"} + if s.KeyId == nil { + invalidParams.Add(request.NewErrParamRequired("KeyId")) + } + if s.KeyId != nil && len(*s.KeyId) < 1 { + invalidParams.Add(request.NewErrParamMinLen("KeyId", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetKeyId sets the KeyId field's value. +func (s *DisableKeyInput) SetKeyId(v string) *DisableKeyInput { + s.KeyId = &v + return s +} + +// Please also see https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/DisableKeyOutput +type DisableKeyOutput struct { + _ struct{} `type:"structure"` +} + +// String returns the string representation +func (s DisableKeyOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DisableKeyOutput) GoString() string { + return s.String() +} + +// Please also see https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/DisableKeyRotationRequest +type DisableKeyRotationInput struct { + _ struct{} `type:"structure"` + + // A unique identifier for the customer master key. This value can be a globally + // unique identifier or the fully specified ARN to a key. + // + // * Key ARN Example - arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012 + // + // * Globally Unique Key ID Example - 12345678-1234-1234-1234-123456789012 + // + // KeyId is a required field + KeyId *string `min:"1" type:"string" required:"true"` +} + +// String returns the string representation +func (s DisableKeyRotationInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DisableKeyRotationInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *DisableKeyRotationInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DisableKeyRotationInput"} + if s.KeyId == nil { + invalidParams.Add(request.NewErrParamRequired("KeyId")) + } + if s.KeyId != nil && len(*s.KeyId) < 1 { + invalidParams.Add(request.NewErrParamMinLen("KeyId", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetKeyId sets the KeyId field's value. +func (s *DisableKeyRotationInput) SetKeyId(v string) *DisableKeyRotationInput { + s.KeyId = &v + return s +} + +// Please also see https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/DisableKeyRotationOutput +type DisableKeyRotationOutput struct { + _ struct{} `type:"structure"` +} + +// String returns the string representation +func (s DisableKeyRotationOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DisableKeyRotationOutput) GoString() string { + return s.String() +} + +// Please also see https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/EnableKeyRequest +type EnableKeyInput struct { + _ struct{} `type:"structure"` + + // A unique identifier for the customer master key. This value can be a globally + // unique identifier or the fully specified ARN to a key. + // + // * Key ARN Example - arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012 + // + // * Globally Unique Key ID Example - 12345678-1234-1234-1234-123456789012 + // + // KeyId is a required field + KeyId *string `min:"1" type:"string" required:"true"` +} + +// String returns the string representation +func (s EnableKeyInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s EnableKeyInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *EnableKeyInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "EnableKeyInput"} + if s.KeyId == nil { + invalidParams.Add(request.NewErrParamRequired("KeyId")) + } + if s.KeyId != nil && len(*s.KeyId) < 1 { + invalidParams.Add(request.NewErrParamMinLen("KeyId", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetKeyId sets the KeyId field's value. +func (s *EnableKeyInput) SetKeyId(v string) *EnableKeyInput { + s.KeyId = &v + return s +} + +// Please also see https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/EnableKeyOutput +type EnableKeyOutput struct { + _ struct{} `type:"structure"` +} + +// String returns the string representation +func (s EnableKeyOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s EnableKeyOutput) GoString() string { + return s.String() +} + +// Please also see https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/EnableKeyRotationRequest +type EnableKeyRotationInput struct { + _ struct{} `type:"structure"` + + // A unique identifier for the customer master key. This value can be a globally + // unique identifier or the fully specified ARN to a key. + // + // * Key ARN Example - arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012 + // + // * Globally Unique Key ID Example - 12345678-1234-1234-1234-123456789012 + // + // KeyId is a required field + KeyId *string `min:"1" type:"string" required:"true"` +} + +// String returns the string representation +func (s EnableKeyRotationInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s EnableKeyRotationInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *EnableKeyRotationInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "EnableKeyRotationInput"} + if s.KeyId == nil { + invalidParams.Add(request.NewErrParamRequired("KeyId")) + } + if s.KeyId != nil && len(*s.KeyId) < 1 { + invalidParams.Add(request.NewErrParamMinLen("KeyId", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetKeyId sets the KeyId field's value. +func (s *EnableKeyRotationInput) SetKeyId(v string) *EnableKeyRotationInput { + s.KeyId = &v + return s +} + +// Please also see https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/EnableKeyRotationOutput +type EnableKeyRotationOutput struct { + _ struct{} `type:"structure"` +} + +// String returns the string representation +func (s EnableKeyRotationOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s EnableKeyRotationOutput) GoString() string { + return s.String() +} + +// Please also see https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/EncryptRequest +type EncryptInput struct { + _ struct{} `type:"structure"` + + // Name-value pair that specifies the encryption context to be used for authenticated + // encryption. If used here, the same value must be supplied to the Decrypt + // API or decryption will fail. For more information, see Encryption Context + // (http://docs.aws.amazon.com/kms/latest/developerguide/encryption-context.html). + EncryptionContext map[string]*string `type:"map"` + + // A list of grant tokens. + // + // For more information, see Grant Tokens (http://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token) + // in the AWS Key Management Service Developer Guide. + GrantTokens []*string `type:"list"` + + // A unique identifier for the customer master key. This value can be a globally + // unique identifier, a fully specified ARN to either an alias or a key, or + // an alias name prefixed by "alias/". + // + // * Key ARN Example - arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012 + // + // * Alias ARN Example - arn:aws:kms:us-east-1:123456789012:alias/MyAliasName + // + // * Globally Unique Key ID Example - 12345678-1234-1234-1234-123456789012 + // + // * Alias Name Example - alias/MyAliasName + // + // KeyId is a required field + KeyId *string `min:"1" type:"string" required:"true"` + + // Data to be encrypted. + // + // Plaintext is automatically base64 encoded/decoded by the SDK. + // + // Plaintext is a required field + Plaintext []byte `min:"1" type:"blob" required:"true"` +} + +// String returns the string representation +func (s EncryptInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s EncryptInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *EncryptInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "EncryptInput"} + if s.KeyId == nil { + invalidParams.Add(request.NewErrParamRequired("KeyId")) + } + if s.KeyId != nil && len(*s.KeyId) < 1 { + invalidParams.Add(request.NewErrParamMinLen("KeyId", 1)) + } + if s.Plaintext == nil { + invalidParams.Add(request.NewErrParamRequired("Plaintext")) + } + if s.Plaintext != nil && len(s.Plaintext) < 1 { + invalidParams.Add(request.NewErrParamMinLen("Plaintext", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetEncryptionContext sets the EncryptionContext field's value. +func (s *EncryptInput) SetEncryptionContext(v map[string]*string) *EncryptInput { + s.EncryptionContext = v + return s +} + +// SetGrantTokens sets the GrantTokens field's value. +func (s *EncryptInput) SetGrantTokens(v []*string) *EncryptInput { + s.GrantTokens = v + return s +} + +// SetKeyId sets the KeyId field's value. +func (s *EncryptInput) SetKeyId(v string) *EncryptInput { + s.KeyId = &v + return s +} + +// SetPlaintext sets the Plaintext field's value. +func (s *EncryptInput) SetPlaintext(v []byte) *EncryptInput { + s.Plaintext = v + return s +} + +// Please also see https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/EncryptResponse +type EncryptOutput struct { + _ struct{} `type:"structure"` + + // The encrypted plaintext. If you are using the CLI, the value is Base64 encoded. + // Otherwise, it is not encoded. + // + // CiphertextBlob is automatically base64 encoded/decoded by the SDK. + CiphertextBlob []byte `min:"1" type:"blob"` + + // The ID of the key used during encryption. + KeyId *string `min:"1" type:"string"` +} + +// String returns the string representation +func (s EncryptOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s EncryptOutput) GoString() string { + return s.String() +} + +// SetCiphertextBlob sets the CiphertextBlob field's value. +func (s *EncryptOutput) SetCiphertextBlob(v []byte) *EncryptOutput { + s.CiphertextBlob = v + return s +} + +// SetKeyId sets the KeyId field's value. +func (s *EncryptOutput) SetKeyId(v string) *EncryptOutput { + s.KeyId = &v + return s +} + +// Please also see https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/GenerateDataKeyRequest +type GenerateDataKeyInput struct { + _ struct{} `type:"structure"` + + // A set of key-value pairs that represents additional authenticated data. + // + // For more information, see Encryption Context (http://docs.aws.amazon.com/kms/latest/developerguide/encryption-context.html) + // in the AWS Key Management Service Developer Guide. + EncryptionContext map[string]*string `type:"map"` + + // A list of grant tokens. + // + // For more information, see Grant Tokens (http://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token) + // in the AWS Key Management Service Developer Guide. + GrantTokens []*string `type:"list"` + + // The identifier of the CMK under which to generate and encrypt the data encryption + // key. + // + // A valid identifier is the unique key ID or the Amazon Resource Name (ARN) + // of the CMK, or the alias name or ARN of an alias that refers to the CMK. + // Examples: + // + // * Unique key ID: 1234abcd-12ab-34cd-56ef-1234567890ab + // + // * CMK ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab + // + // * Alias name: alias/ExampleAlias + // + // * Alias ARN: arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias + // + // KeyId is a required field + KeyId *string `min:"1" type:"string" required:"true"` + + // The length of the data encryption key. Use AES_128 to generate a 128-bit + // symmetric key, or AES_256 to generate a 256-bit symmetric key. + KeySpec *string `type:"string" enum:"DataKeySpec"` + + // The length of the data encryption key in bytes. For example, use the value + // 64 to generate a 512-bit data key (64 bytes is 512 bits). For common key + // lengths (128-bit and 256-bit symmetric keys), we recommend that you use the + // KeySpec field instead of this one. + NumberOfBytes *int64 `min:"1" type:"integer"` +} + +// String returns the string representation +func (s GenerateDataKeyInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s GenerateDataKeyInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *GenerateDataKeyInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "GenerateDataKeyInput"} + if s.KeyId == nil { + invalidParams.Add(request.NewErrParamRequired("KeyId")) + } + if s.KeyId != nil && len(*s.KeyId) < 1 { + invalidParams.Add(request.NewErrParamMinLen("KeyId", 1)) + } + if s.NumberOfBytes != nil && *s.NumberOfBytes < 1 { + invalidParams.Add(request.NewErrParamMinValue("NumberOfBytes", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetEncryptionContext sets the EncryptionContext field's value. +func (s *GenerateDataKeyInput) SetEncryptionContext(v map[string]*string) *GenerateDataKeyInput { + s.EncryptionContext = v + return s +} + +// SetGrantTokens sets the GrantTokens field's value. +func (s *GenerateDataKeyInput) SetGrantTokens(v []*string) *GenerateDataKeyInput { + s.GrantTokens = v + return s +} + +// SetKeyId sets the KeyId field's value. +func (s *GenerateDataKeyInput) SetKeyId(v string) *GenerateDataKeyInput { + s.KeyId = &v + return s +} + +// SetKeySpec sets the KeySpec field's value. +func (s *GenerateDataKeyInput) SetKeySpec(v string) *GenerateDataKeyInput { + s.KeySpec = &v + return s +} + +// SetNumberOfBytes sets the NumberOfBytes field's value. +func (s *GenerateDataKeyInput) SetNumberOfBytes(v int64) *GenerateDataKeyInput { + s.NumberOfBytes = &v + return s +} + +// Please also see https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/GenerateDataKeyResponse +type GenerateDataKeyOutput struct { + _ struct{} `type:"structure"` + + // The encrypted data encryption key. + // + // CiphertextBlob is automatically base64 encoded/decoded by the SDK. + CiphertextBlob []byte `min:"1" type:"blob"` + + // The identifier of the CMK under which the data encryption key was generated + // and encrypted. + KeyId *string `min:"1" type:"string"` + + // The data encryption key. Use this data key for local encryption and decryption, + // then remove it from memory as soon as possible. + // + // Plaintext is automatically base64 encoded/decoded by the SDK. + Plaintext []byte `min:"1" type:"blob"` +} + +// String returns the string representation +func (s GenerateDataKeyOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s GenerateDataKeyOutput) GoString() string { + return s.String() +} + +// SetCiphertextBlob sets the CiphertextBlob field's value. +func (s *GenerateDataKeyOutput) SetCiphertextBlob(v []byte) *GenerateDataKeyOutput { + s.CiphertextBlob = v + return s +} + +// SetKeyId sets the KeyId field's value. +func (s *GenerateDataKeyOutput) SetKeyId(v string) *GenerateDataKeyOutput { + s.KeyId = &v + return s +} + +// SetPlaintext sets the Plaintext field's value. +func (s *GenerateDataKeyOutput) SetPlaintext(v []byte) *GenerateDataKeyOutput { + s.Plaintext = v + return s +} + +// Please also see https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/GenerateDataKeyWithoutPlaintextRequest +type GenerateDataKeyWithoutPlaintextInput struct { + _ struct{} `type:"structure"` + + // A set of key-value pairs that represents additional authenticated data. + // + // For more information, see Encryption Context (http://docs.aws.amazon.com/kms/latest/developerguide/encryption-context.html) + // in the AWS Key Management Service Developer Guide. + EncryptionContext map[string]*string `type:"map"` + + // A list of grant tokens. + // + // For more information, see Grant Tokens (http://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token) + // in the AWS Key Management Service Developer Guide. + GrantTokens []*string `type:"list"` + + // The identifier of the CMK under which to generate and encrypt the data encryption + // key. + // + // A valid identifier is the unique key ID or the Amazon Resource Name (ARN) + // of the CMK, or the alias name or ARN of an alias that refers to the CMK. + // Examples: + // + // * Unique key ID: 1234abcd-12ab-34cd-56ef-1234567890ab + // + // * CMK ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab + // + // * Alias name: alias/ExampleAlias + // + // * Alias ARN: arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias + // + // KeyId is a required field + KeyId *string `min:"1" type:"string" required:"true"` + + // The length of the data encryption key. Use AES_128 to generate a 128-bit + // symmetric key, or AES_256 to generate a 256-bit symmetric key. + KeySpec *string `type:"string" enum:"DataKeySpec"` + + // The length of the data encryption key in bytes. For example, use the value + // 64 to generate a 512-bit data key (64 bytes is 512 bits). For common key + // lengths (128-bit and 256-bit symmetric keys), we recommend that you use the + // KeySpec field instead of this one. + NumberOfBytes *int64 `min:"1" type:"integer"` +} + +// String returns the string representation +func (s GenerateDataKeyWithoutPlaintextInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s GenerateDataKeyWithoutPlaintextInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *GenerateDataKeyWithoutPlaintextInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "GenerateDataKeyWithoutPlaintextInput"} + if s.KeyId == nil { + invalidParams.Add(request.NewErrParamRequired("KeyId")) + } + if s.KeyId != nil && len(*s.KeyId) < 1 { + invalidParams.Add(request.NewErrParamMinLen("KeyId", 1)) + } + if s.NumberOfBytes != nil && *s.NumberOfBytes < 1 { + invalidParams.Add(request.NewErrParamMinValue("NumberOfBytes", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetEncryptionContext sets the EncryptionContext field's value. +func (s *GenerateDataKeyWithoutPlaintextInput) SetEncryptionContext(v map[string]*string) *GenerateDataKeyWithoutPlaintextInput { + s.EncryptionContext = v + return s +} + +// SetGrantTokens sets the GrantTokens field's value. +func (s *GenerateDataKeyWithoutPlaintextInput) SetGrantTokens(v []*string) *GenerateDataKeyWithoutPlaintextInput { + s.GrantTokens = v + return s +} + +// SetKeyId sets the KeyId field's value. +func (s *GenerateDataKeyWithoutPlaintextInput) SetKeyId(v string) *GenerateDataKeyWithoutPlaintextInput { + s.KeyId = &v + return s +} + +// SetKeySpec sets the KeySpec field's value. +func (s *GenerateDataKeyWithoutPlaintextInput) SetKeySpec(v string) *GenerateDataKeyWithoutPlaintextInput { + s.KeySpec = &v + return s +} + +// SetNumberOfBytes sets the NumberOfBytes field's value. +func (s *GenerateDataKeyWithoutPlaintextInput) SetNumberOfBytes(v int64) *GenerateDataKeyWithoutPlaintextInput { + s.NumberOfBytes = &v + return s +} + +// Please also see https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/GenerateDataKeyWithoutPlaintextResponse +type GenerateDataKeyWithoutPlaintextOutput struct { + _ struct{} `type:"structure"` + + // The encrypted data encryption key. + // + // CiphertextBlob is automatically base64 encoded/decoded by the SDK. + CiphertextBlob []byte `min:"1" type:"blob"` + + // The identifier of the CMK under which the data encryption key was generated + // and encrypted. + KeyId *string `min:"1" type:"string"` +} + +// String returns the string representation +func (s GenerateDataKeyWithoutPlaintextOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s GenerateDataKeyWithoutPlaintextOutput) GoString() string { + return s.String() +} + +// SetCiphertextBlob sets the CiphertextBlob field's value. +func (s *GenerateDataKeyWithoutPlaintextOutput) SetCiphertextBlob(v []byte) *GenerateDataKeyWithoutPlaintextOutput { + s.CiphertextBlob = v + return s +} + +// SetKeyId sets the KeyId field's value. +func (s *GenerateDataKeyWithoutPlaintextOutput) SetKeyId(v string) *GenerateDataKeyWithoutPlaintextOutput { + s.KeyId = &v + return s +} + +// Please also see https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/GenerateRandomRequest +type GenerateRandomInput struct { + _ struct{} `type:"structure"` + + // The length of the byte string. + NumberOfBytes *int64 `min:"1" type:"integer"` +} + +// String returns the string representation +func (s GenerateRandomInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s GenerateRandomInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *GenerateRandomInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "GenerateRandomInput"} + if s.NumberOfBytes != nil && *s.NumberOfBytes < 1 { + invalidParams.Add(request.NewErrParamMinValue("NumberOfBytes", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetNumberOfBytes sets the NumberOfBytes field's value. +func (s *GenerateRandomInput) SetNumberOfBytes(v int64) *GenerateRandomInput { + s.NumberOfBytes = &v + return s +} + +// Please also see https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/GenerateRandomResponse +type GenerateRandomOutput struct { + _ struct{} `type:"structure"` + + // The unpredictable byte string. + // + // Plaintext is automatically base64 encoded/decoded by the SDK. + Plaintext []byte `min:"1" type:"blob"` +} + +// String returns the string representation +func (s GenerateRandomOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s GenerateRandomOutput) GoString() string { + return s.String() +} + +// SetPlaintext sets the Plaintext field's value. +func (s *GenerateRandomOutput) SetPlaintext(v []byte) *GenerateRandomOutput { + s.Plaintext = v + return s +} + +// Please also see https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/GetKeyPolicyRequest +type GetKeyPolicyInput struct { + _ struct{} `type:"structure"` + + // A unique identifier for the customer master key. This value can be a globally + // unique identifier or the fully specified ARN to a key. + // + // * Key ARN Example - arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012 + // + // * Globally Unique Key ID Example - 12345678-1234-1234-1234-123456789012 + // + // KeyId is a required field + KeyId *string `min:"1" type:"string" required:"true"` + + // String that contains the name of the policy. Currently, this must be "default". + // Policy names can be discovered by calling ListKeyPolicies. + // + // PolicyName is a required field + PolicyName *string `min:"1" type:"string" required:"true"` +} + +// String returns the string representation +func (s GetKeyPolicyInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s GetKeyPolicyInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *GetKeyPolicyInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "GetKeyPolicyInput"} + if s.KeyId == nil { + invalidParams.Add(request.NewErrParamRequired("KeyId")) + } + if s.KeyId != nil && len(*s.KeyId) < 1 { + invalidParams.Add(request.NewErrParamMinLen("KeyId", 1)) + } + if s.PolicyName == nil { + invalidParams.Add(request.NewErrParamRequired("PolicyName")) + } + if s.PolicyName != nil && len(*s.PolicyName) < 1 { + invalidParams.Add(request.NewErrParamMinLen("PolicyName", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetKeyId sets the KeyId field's value. +func (s *GetKeyPolicyInput) SetKeyId(v string) *GetKeyPolicyInput { + s.KeyId = &v + return s +} + +// SetPolicyName sets the PolicyName field's value. +func (s *GetKeyPolicyInput) SetPolicyName(v string) *GetKeyPolicyInput { + s.PolicyName = &v + return s +} + +// Please also see https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/GetKeyPolicyResponse +type GetKeyPolicyOutput struct { + _ struct{} `type:"structure"` + + // A policy document in JSON format. + Policy *string `min:"1" type:"string"` +} + +// String returns the string representation +func (s GetKeyPolicyOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s GetKeyPolicyOutput) GoString() string { + return s.String() +} + +// SetPolicy sets the Policy field's value. +func (s *GetKeyPolicyOutput) SetPolicy(v string) *GetKeyPolicyOutput { + s.Policy = &v + return s +} + +// Please also see https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/GetKeyRotationStatusRequest +type GetKeyRotationStatusInput struct { + _ struct{} `type:"structure"` + + // A unique identifier for the customer master key. This value can be a globally + // unique identifier or the fully specified ARN to a key. + // + // * Key ARN Example - arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012 + // + // * Globally Unique Key ID Example - 12345678-1234-1234-1234-123456789012 + // + // KeyId is a required field + KeyId *string `min:"1" type:"string" required:"true"` +} + +// String returns the string representation +func (s GetKeyRotationStatusInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s GetKeyRotationStatusInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *GetKeyRotationStatusInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "GetKeyRotationStatusInput"} + if s.KeyId == nil { + invalidParams.Add(request.NewErrParamRequired("KeyId")) + } + if s.KeyId != nil && len(*s.KeyId) < 1 { + invalidParams.Add(request.NewErrParamMinLen("KeyId", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetKeyId sets the KeyId field's value. +func (s *GetKeyRotationStatusInput) SetKeyId(v string) *GetKeyRotationStatusInput { + s.KeyId = &v + return s +} + +// Please also see https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/GetKeyRotationStatusResponse +type GetKeyRotationStatusOutput struct { + _ struct{} `type:"structure"` + + // A Boolean value that specifies whether key rotation is enabled. + KeyRotationEnabled *bool `type:"boolean"` +} + +// String returns the string representation +func (s GetKeyRotationStatusOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s GetKeyRotationStatusOutput) GoString() string { + return s.String() +} + +// SetKeyRotationEnabled sets the KeyRotationEnabled field's value. +func (s *GetKeyRotationStatusOutput) SetKeyRotationEnabled(v bool) *GetKeyRotationStatusOutput { + s.KeyRotationEnabled = &v + return s +} + +// Please also see https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/GetParametersForImportRequest +type GetParametersForImportInput struct { + _ struct{} `type:"structure"` + + // The identifier of the CMK into which you will import key material. The CMK's + // Origin must be EXTERNAL. + // + // A valid identifier is the unique key ID or the Amazon Resource Name (ARN) + // of the CMK. Examples: + // + // * Unique key ID: 1234abcd-12ab-34cd-56ef-1234567890ab + // + // * Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab + // + // KeyId is a required field + KeyId *string `min:"1" type:"string" required:"true"` + + // The algorithm you will use to encrypt the key material before importing it + // with ImportKeyMaterial. For more information, see Encrypt the Key Material + // (http://docs.aws.amazon.com/kms/latest/developerguide/importing-keys-encrypt-key-material.html) + // in the AWS Key Management Service Developer Guide. + // + // WrappingAlgorithm is a required field + WrappingAlgorithm *string `type:"string" required:"true" enum:"AlgorithmSpec"` + + // The type of wrapping key (public key) to return in the response. Only 2048-bit + // RSA public keys are supported. + // + // WrappingKeySpec is a required field + WrappingKeySpec *string `type:"string" required:"true" enum:"WrappingKeySpec"` +} + +// String returns the string representation +func (s GetParametersForImportInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s GetParametersForImportInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *GetParametersForImportInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "GetParametersForImportInput"} + if s.KeyId == nil { + invalidParams.Add(request.NewErrParamRequired("KeyId")) + } + if s.KeyId != nil && len(*s.KeyId) < 1 { + invalidParams.Add(request.NewErrParamMinLen("KeyId", 1)) + } + if s.WrappingAlgorithm == nil { + invalidParams.Add(request.NewErrParamRequired("WrappingAlgorithm")) + } + if s.WrappingKeySpec == nil { + invalidParams.Add(request.NewErrParamRequired("WrappingKeySpec")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetKeyId sets the KeyId field's value. +func (s *GetParametersForImportInput) SetKeyId(v string) *GetParametersForImportInput { + s.KeyId = &v + return s +} + +// SetWrappingAlgorithm sets the WrappingAlgorithm field's value. +func (s *GetParametersForImportInput) SetWrappingAlgorithm(v string) *GetParametersForImportInput { + s.WrappingAlgorithm = &v + return s +} + +// SetWrappingKeySpec sets the WrappingKeySpec field's value. +func (s *GetParametersForImportInput) SetWrappingKeySpec(v string) *GetParametersForImportInput { + s.WrappingKeySpec = &v + return s +} + +// Please also see https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/GetParametersForImportResponse +type GetParametersForImportOutput struct { + _ struct{} `type:"structure"` + + // The import token to send in a subsequent ImportKeyMaterial request. + // + // ImportToken is automatically base64 encoded/decoded by the SDK. + ImportToken []byte `min:"1" type:"blob"` + + // The identifier of the CMK to use in a subsequent ImportKeyMaterial request. + // This is the same CMK specified in the GetParametersForImport request. + KeyId *string `min:"1" type:"string"` + + // The time at which the import token and public key are no longer valid. After + // this time, you cannot use them to make an ImportKeyMaterial request and you + // must send another GetParametersForImport request to retrieve new ones. + ParametersValidTo *time.Time `type:"timestamp" timestampFormat:"unix"` + + // The public key to use to encrypt the key material before importing it with + // ImportKeyMaterial. + // + // PublicKey is automatically base64 encoded/decoded by the SDK. + PublicKey []byte `min:"1" type:"blob"` +} + +// String returns the string representation +func (s GetParametersForImportOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s GetParametersForImportOutput) GoString() string { + return s.String() +} + +// SetImportToken sets the ImportToken field's value. +func (s *GetParametersForImportOutput) SetImportToken(v []byte) *GetParametersForImportOutput { + s.ImportToken = v + return s +} + +// SetKeyId sets the KeyId field's value. +func (s *GetParametersForImportOutput) SetKeyId(v string) *GetParametersForImportOutput { + s.KeyId = &v + return s +} + +// SetParametersValidTo sets the ParametersValidTo field's value. +func (s *GetParametersForImportOutput) SetParametersValidTo(v time.Time) *GetParametersForImportOutput { + s.ParametersValidTo = &v + return s +} + +// SetPublicKey sets the PublicKey field's value. +func (s *GetParametersForImportOutput) SetPublicKey(v []byte) *GetParametersForImportOutput { + s.PublicKey = v + return s +} + +// A structure for specifying the conditions under which the operations permitted +// by the grant are allowed. +// +// You can use this structure to allow the operations permitted by the grant +// only when a specified encryption context is present. For more information +// about encryption context, see Encryption Context (http://docs.aws.amazon.com/kms/latest/developerguide/encryption-context.html) +// in the AWS Key Management Service Developer Guide. +// Please also see https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/GrantConstraints +type GrantConstraints struct { + _ struct{} `type:"structure"` + + // Contains a list of key-value pairs that must be present in the encryption + // context of a subsequent operation permitted by the grant. When a subsequent + // operation permitted by the grant includes an encryption context that matches + // this list, the grant allows the operation. Otherwise, the operation is not + // allowed. + EncryptionContextEquals map[string]*string `type:"map"` + + // Contains a list of key-value pairs, a subset of which must be present in + // the encryption context of a subsequent operation permitted by the grant. + // When a subsequent operation permitted by the grant includes an encryption + // context that matches this list or is a subset of this list, the grant allows + // the operation. Otherwise, the operation is not allowed. + EncryptionContextSubset map[string]*string `type:"map"` +} + +// String returns the string representation +func (s GrantConstraints) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s GrantConstraints) GoString() string { + return s.String() +} + +// SetEncryptionContextEquals sets the EncryptionContextEquals field's value. +func (s *GrantConstraints) SetEncryptionContextEquals(v map[string]*string) *GrantConstraints { + s.EncryptionContextEquals = v + return s +} + +// SetEncryptionContextSubset sets the EncryptionContextSubset field's value. +func (s *GrantConstraints) SetEncryptionContextSubset(v map[string]*string) *GrantConstraints { + s.EncryptionContextSubset = v + return s +} + +// Contains information about an entry in a list of grants. +// Please also see https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/GrantListEntry +type GrantListEntry struct { + _ struct{} `type:"structure"` + + // The conditions under which the grant's operations are allowed. + Constraints *GrantConstraints `type:"structure"` + + // The date and time when the grant was created. + CreationDate *time.Time `type:"timestamp" timestampFormat:"unix"` + + // The unique identifier for the grant. + GrantId *string `min:"1" type:"string"` + + // The principal that receives the grant's permissions. + GranteePrincipal *string `min:"1" type:"string"` + + // The AWS account under which the grant was issued. + IssuingAccount *string `min:"1" type:"string"` + + // The unique identifier for the customer master key (CMK) to which the grant + // applies. + KeyId *string `min:"1" type:"string"` + + // The friendly name that identifies the grant. If a name was provided in the + // CreateGrant request, that name is returned. Otherwise this value is null. + Name *string `min:"1" type:"string"` + + // The list of operations permitted by the grant. + Operations []*string `type:"list"` + + // The principal that can retire the grant. + RetiringPrincipal *string `min:"1" type:"string"` +} + +// String returns the string representation +func (s GrantListEntry) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s GrantListEntry) GoString() string { + return s.String() +} + +// SetConstraints sets the Constraints field's value. +func (s *GrantListEntry) SetConstraints(v *GrantConstraints) *GrantListEntry { + s.Constraints = v + return s +} + +// SetCreationDate sets the CreationDate field's value. +func (s *GrantListEntry) SetCreationDate(v time.Time) *GrantListEntry { + s.CreationDate = &v + return s +} + +// SetGrantId sets the GrantId field's value. +func (s *GrantListEntry) SetGrantId(v string) *GrantListEntry { + s.GrantId = &v + return s +} + +// SetGranteePrincipal sets the GranteePrincipal field's value. +func (s *GrantListEntry) SetGranteePrincipal(v string) *GrantListEntry { + s.GranteePrincipal = &v + return s +} + +// SetIssuingAccount sets the IssuingAccount field's value. +func (s *GrantListEntry) SetIssuingAccount(v string) *GrantListEntry { + s.IssuingAccount = &v + return s +} + +// SetKeyId sets the KeyId field's value. +func (s *GrantListEntry) SetKeyId(v string) *GrantListEntry { + s.KeyId = &v + return s +} + +// SetName sets the Name field's value. +func (s *GrantListEntry) SetName(v string) *GrantListEntry { + s.Name = &v + return s +} + +// SetOperations sets the Operations field's value. +func (s *GrantListEntry) SetOperations(v []*string) *GrantListEntry { + s.Operations = v + return s +} + +// SetRetiringPrincipal sets the RetiringPrincipal field's value. +func (s *GrantListEntry) SetRetiringPrincipal(v string) *GrantListEntry { + s.RetiringPrincipal = &v + return s +} + +// Please also see https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ImportKeyMaterialRequest +type ImportKeyMaterialInput struct { + _ struct{} `type:"structure"` + + // The encrypted key material to import. It must be encrypted with the public + // key that you received in the response to a previous GetParametersForImport + // request, using the wrapping algorithm that you specified in that request. + // + // EncryptedKeyMaterial is automatically base64 encoded/decoded by the SDK. + // + // EncryptedKeyMaterial is a required field + EncryptedKeyMaterial []byte `min:"1" type:"blob" required:"true"` + + // Specifies whether the key material expires. The default is KEY_MATERIAL_EXPIRES, + // in which case you must include the ValidTo parameter. When this parameter + // is set to KEY_MATERIAL_DOES_NOT_EXPIRE, you must omit the ValidTo parameter. + ExpirationModel *string `type:"string" enum:"ExpirationModelType"` + + // The import token that you received in the response to a previous GetParametersForImport + // request. It must be from the same response that contained the public key + // that you used to encrypt the key material. + // + // ImportToken is automatically base64 encoded/decoded by the SDK. + // + // ImportToken is a required field + ImportToken []byte `min:"1" type:"blob" required:"true"` + + // The identifier of the CMK to import the key material into. The CMK's Origin + // must be EXTERNAL. + // + // A valid identifier is the unique key ID or the Amazon Resource Name (ARN) + // of the CMK. Examples: + // + // * Unique key ID: 1234abcd-12ab-34cd-56ef-1234567890ab + // + // * Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab + // + // KeyId is a required field + KeyId *string `min:"1" type:"string" required:"true"` + + // The time at which the imported key material expires. When the key material + // expires, AWS KMS deletes the key material and the CMK becomes unusable. You + // must omit this parameter when the ExpirationModel parameter is set to KEY_MATERIAL_DOES_NOT_EXPIRE. + // Otherwise it is required. + ValidTo *time.Time `type:"timestamp" timestampFormat:"unix"` +} + +// String returns the string representation +func (s ImportKeyMaterialInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s ImportKeyMaterialInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *ImportKeyMaterialInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "ImportKeyMaterialInput"} + if s.EncryptedKeyMaterial == nil { + invalidParams.Add(request.NewErrParamRequired("EncryptedKeyMaterial")) + } + if s.EncryptedKeyMaterial != nil && len(s.EncryptedKeyMaterial) < 1 { + invalidParams.Add(request.NewErrParamMinLen("EncryptedKeyMaterial", 1)) + } + if s.ImportToken == nil { + invalidParams.Add(request.NewErrParamRequired("ImportToken")) + } + if s.ImportToken != nil && len(s.ImportToken) < 1 { + invalidParams.Add(request.NewErrParamMinLen("ImportToken", 1)) + } + if s.KeyId == nil { + invalidParams.Add(request.NewErrParamRequired("KeyId")) + } + if s.KeyId != nil && len(*s.KeyId) < 1 { + invalidParams.Add(request.NewErrParamMinLen("KeyId", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetEncryptedKeyMaterial sets the EncryptedKeyMaterial field's value. +func (s *ImportKeyMaterialInput) SetEncryptedKeyMaterial(v []byte) *ImportKeyMaterialInput { + s.EncryptedKeyMaterial = v + return s +} + +// SetExpirationModel sets the ExpirationModel field's value. +func (s *ImportKeyMaterialInput) SetExpirationModel(v string) *ImportKeyMaterialInput { + s.ExpirationModel = &v + return s +} + +// SetImportToken sets the ImportToken field's value. +func (s *ImportKeyMaterialInput) SetImportToken(v []byte) *ImportKeyMaterialInput { + s.ImportToken = v + return s +} + +// SetKeyId sets the KeyId field's value. +func (s *ImportKeyMaterialInput) SetKeyId(v string) *ImportKeyMaterialInput { + s.KeyId = &v + return s +} + +// SetValidTo sets the ValidTo field's value. +func (s *ImportKeyMaterialInput) SetValidTo(v time.Time) *ImportKeyMaterialInput { + s.ValidTo = &v + return s +} + +// Please also see https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ImportKeyMaterialResponse +type ImportKeyMaterialOutput struct { + _ struct{} `type:"structure"` +} + +// String returns the string representation +func (s ImportKeyMaterialOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s ImportKeyMaterialOutput) GoString() string { + return s.String() +} + +// Contains information about each entry in the key list. +// Please also see https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/KeyListEntry +type KeyListEntry struct { + _ struct{} `type:"structure"` + + // ARN of the key. + KeyArn *string `min:"20" type:"string"` + + // Unique identifier of the key. + KeyId *string `min:"1" type:"string"` +} + +// String returns the string representation +func (s KeyListEntry) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s KeyListEntry) GoString() string { + return s.String() +} + +// SetKeyArn sets the KeyArn field's value. +func (s *KeyListEntry) SetKeyArn(v string) *KeyListEntry { + s.KeyArn = &v + return s +} + +// SetKeyId sets the KeyId field's value. +func (s *KeyListEntry) SetKeyId(v string) *KeyListEntry { + s.KeyId = &v + return s +} + +// Contains metadata about a customer master key (CMK). +// +// This data type is used as a response element for the CreateKey and DescribeKey +// operations. +// Please also see https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/KeyMetadata +type KeyMetadata struct { + _ struct{} `type:"structure"` + + // The twelve-digit account ID of the AWS account that owns the CMK. + AWSAccountId *string `type:"string"` + + // The Amazon Resource Name (ARN) of the CMK. For examples, see AWS Key Management + // Service (AWS KMS) (http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#arn-syntax-kms) + // in the Example ARNs section of the AWS General Reference. + Arn *string `min:"20" type:"string"` + + // The date and time when the CMK was created. + CreationDate *time.Time `type:"timestamp" timestampFormat:"unix"` + + // The date and time after which AWS KMS deletes the CMK. This value is present + // only when KeyState is PendingDeletion, otherwise this value is omitted. + DeletionDate *time.Time `type:"timestamp" timestampFormat:"unix"` + + // The description of the CMK. + Description *string `type:"string"` + + // Specifies whether the CMK is enabled. When KeyState is Enabled this value + // is true, otherwise it is false. + Enabled *bool `type:"boolean"` + + // Specifies whether the CMK's key material expires. This value is present only + // when Origin is EXTERNAL, otherwise this value is omitted. + ExpirationModel *string `type:"string" enum:"ExpirationModelType"` + + // The globally unique identifier for the CMK. + // + // KeyId is a required field + KeyId *string `min:"1" type:"string" required:"true"` + + // The state of the CMK. + // + // For more information about how key state affects the use of a CMK, see How + // Key State Affects the Use of a Customer Master Key (http://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) + // in the AWS Key Management Service Developer Guide. + KeyState *string `type:"string" enum:"KeyState"` + + // The cryptographic operations for which you can use the CMK. Currently the + // only allowed value is ENCRYPT_DECRYPT, which means you can use the CMK for + // the Encrypt and Decrypt operations. + KeyUsage *string `type:"string" enum:"KeyUsageType"` + + // The source of the CMK's key material. When this value is AWS_KMS, AWS KMS + // created the key material. When this value is EXTERNAL, the key material was + // imported from your existing key management infrastructure or the CMK lacks + // key material. + Origin *string `type:"string" enum:"OriginType"` + + // The time at which the imported key material expires. When the key material + // expires, AWS KMS deletes the key material and the CMK becomes unusable. This + // value is present only for CMKs whose Origin is EXTERNAL and whose ExpirationModel + // is KEY_MATERIAL_EXPIRES, otherwise this value is omitted. + ValidTo *time.Time `type:"timestamp" timestampFormat:"unix"` +} + +// String returns the string representation +func (s KeyMetadata) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s KeyMetadata) GoString() string { + return s.String() +} + +// SetAWSAccountId sets the AWSAccountId field's value. +func (s *KeyMetadata) SetAWSAccountId(v string) *KeyMetadata { + s.AWSAccountId = &v + return s +} + +// SetArn sets the Arn field's value. +func (s *KeyMetadata) SetArn(v string) *KeyMetadata { + s.Arn = &v + return s +} + +// SetCreationDate sets the CreationDate field's value. +func (s *KeyMetadata) SetCreationDate(v time.Time) *KeyMetadata { + s.CreationDate = &v + return s +} + +// SetDeletionDate sets the DeletionDate field's value. +func (s *KeyMetadata) SetDeletionDate(v time.Time) *KeyMetadata { + s.DeletionDate = &v + return s +} + +// SetDescription sets the Description field's value. +func (s *KeyMetadata) SetDescription(v string) *KeyMetadata { + s.Description = &v + return s +} + +// SetEnabled sets the Enabled field's value. +func (s *KeyMetadata) SetEnabled(v bool) *KeyMetadata { + s.Enabled = &v + return s +} + +// SetExpirationModel sets the ExpirationModel field's value. +func (s *KeyMetadata) SetExpirationModel(v string) *KeyMetadata { + s.ExpirationModel = &v + return s +} + +// SetKeyId sets the KeyId field's value. +func (s *KeyMetadata) SetKeyId(v string) *KeyMetadata { + s.KeyId = &v + return s +} + +// SetKeyState sets the KeyState field's value. +func (s *KeyMetadata) SetKeyState(v string) *KeyMetadata { + s.KeyState = &v + return s +} + +// SetKeyUsage sets the KeyUsage field's value. +func (s *KeyMetadata) SetKeyUsage(v string) *KeyMetadata { + s.KeyUsage = &v + return s +} + +// SetOrigin sets the Origin field's value. +func (s *KeyMetadata) SetOrigin(v string) *KeyMetadata { + s.Origin = &v + return s +} + +// SetValidTo sets the ValidTo field's value. +func (s *KeyMetadata) SetValidTo(v time.Time) *KeyMetadata { + s.ValidTo = &v + return s +} + +// Please also see https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ListAliasesRequest +type ListAliasesInput struct { + _ struct{} `type:"structure"` + + // When paginating results, specify the maximum number of items to return in + // the response. If additional items exist beyond the number you specify, the + // Truncated element in the response is set to true. + // + // This value is optional. If you include a value, it must be between 1 and + // 100, inclusive. If you do not include a value, it defaults to 50. + Limit *int64 `min:"1" type:"integer"` + + // Use this parameter only when paginating results and only in a subsequent + // request after you receive a response with truncated results. Set it to the + // value of NextMarker from the response you just received. + Marker *string `min:"1" type:"string"` +} + +// String returns the string representation +func (s ListAliasesInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s ListAliasesInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *ListAliasesInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "ListAliasesInput"} + if s.Limit != nil && *s.Limit < 1 { + invalidParams.Add(request.NewErrParamMinValue("Limit", 1)) + } + if s.Marker != nil && len(*s.Marker) < 1 { + invalidParams.Add(request.NewErrParamMinLen("Marker", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetLimit sets the Limit field's value. +func (s *ListAliasesInput) SetLimit(v int64) *ListAliasesInput { + s.Limit = &v + return s +} + +// SetMarker sets the Marker field's value. +func (s *ListAliasesInput) SetMarker(v string) *ListAliasesInput { + s.Marker = &v + return s +} + +// Please also see https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ListAliasesResponse +type ListAliasesOutput struct { + _ struct{} `type:"structure"` + + // A list of key aliases in the user's account. + Aliases []*AliasListEntry `type:"list"` + + // When Truncated is true, this value is present and contains the value to use + // for the Marker parameter in a subsequent pagination request. + NextMarker *string `min:"1" type:"string"` + + // A flag that indicates whether there are more items in the list. If your results + // were truncated, you can use the Marker parameter to make a subsequent pagination + // request to retrieve more items in the list. + Truncated *bool `type:"boolean"` +} + +// String returns the string representation +func (s ListAliasesOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s ListAliasesOutput) GoString() string { + return s.String() +} + +// SetAliases sets the Aliases field's value. +func (s *ListAliasesOutput) SetAliases(v []*AliasListEntry) *ListAliasesOutput { + s.Aliases = v + return s +} + +// SetNextMarker sets the NextMarker field's value. +func (s *ListAliasesOutput) SetNextMarker(v string) *ListAliasesOutput { + s.NextMarker = &v + return s +} + +// SetTruncated sets the Truncated field's value. +func (s *ListAliasesOutput) SetTruncated(v bool) *ListAliasesOutput { + s.Truncated = &v + return s +} + +// Please also see https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ListGrantsRequest +type ListGrantsInput struct { + _ struct{} `type:"structure"` + + // A unique identifier for the customer master key. This value can be a globally + // unique identifier or the fully specified ARN to a key. + // + // * Key ARN Example - arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012 + // + // * Globally Unique Key ID Example - 12345678-1234-1234-1234-123456789012 + // + // KeyId is a required field + KeyId *string `min:"1" type:"string" required:"true"` + + // When paginating results, specify the maximum number of items to return in + // the response. If additional items exist beyond the number you specify, the + // Truncated element in the response is set to true. + // + // This value is optional. If you include a value, it must be between 1 and + // 100, inclusive. If you do not include a value, it defaults to 50. + Limit *int64 `min:"1" type:"integer"` + + // Use this parameter only when paginating results and only in a subsequent + // request after you receive a response with truncated results. Set it to the + // value of NextMarker from the response you just received. + Marker *string `min:"1" type:"string"` +} + +// String returns the string representation +func (s ListGrantsInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s ListGrantsInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *ListGrantsInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "ListGrantsInput"} + if s.KeyId == nil { + invalidParams.Add(request.NewErrParamRequired("KeyId")) + } + if s.KeyId != nil && len(*s.KeyId) < 1 { + invalidParams.Add(request.NewErrParamMinLen("KeyId", 1)) + } + if s.Limit != nil && *s.Limit < 1 { + invalidParams.Add(request.NewErrParamMinValue("Limit", 1)) + } + if s.Marker != nil && len(*s.Marker) < 1 { + invalidParams.Add(request.NewErrParamMinLen("Marker", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetKeyId sets the KeyId field's value. +func (s *ListGrantsInput) SetKeyId(v string) *ListGrantsInput { + s.KeyId = &v + return s +} + +// SetLimit sets the Limit field's value. +func (s *ListGrantsInput) SetLimit(v int64) *ListGrantsInput { + s.Limit = &v + return s +} + +// SetMarker sets the Marker field's value. +func (s *ListGrantsInput) SetMarker(v string) *ListGrantsInput { + s.Marker = &v + return s +} + +// Please also see https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ListGrantsResponse +type ListGrantsResponse struct { + _ struct{} `type:"structure"` + + // A list of grants. + Grants []*GrantListEntry `type:"list"` + + // When Truncated is true, this value is present and contains the value to use + // for the Marker parameter in a subsequent pagination request. + NextMarker *string `min:"1" type:"string"` + + // A flag that indicates whether there are more items in the list. If your results + // were truncated, you can use the Marker parameter to make a subsequent pagination + // request to retrieve more items in the list. + Truncated *bool `type:"boolean"` +} + +// String returns the string representation +func (s ListGrantsResponse) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s ListGrantsResponse) GoString() string { + return s.String() +} + +// SetGrants sets the Grants field's value. +func (s *ListGrantsResponse) SetGrants(v []*GrantListEntry) *ListGrantsResponse { + s.Grants = v + return s +} + +// SetNextMarker sets the NextMarker field's value. +func (s *ListGrantsResponse) SetNextMarker(v string) *ListGrantsResponse { + s.NextMarker = &v + return s +} + +// SetTruncated sets the Truncated field's value. +func (s *ListGrantsResponse) SetTruncated(v bool) *ListGrantsResponse { + s.Truncated = &v + return s +} + +// Please also see https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ListKeyPoliciesRequest +type ListKeyPoliciesInput struct { + _ struct{} `type:"structure"` + + // A unique identifier for the customer master key (CMK). You can use the unique + // key ID or the Amazon Resource Name (ARN) of the CMK. Examples: + // + // * Unique key ID: 1234abcd-12ab-34cd-56ef-1234567890ab + // + // * Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab + // + // KeyId is a required field + KeyId *string `min:"1" type:"string" required:"true"` + + // When paginating results, specify the maximum number of items to return in + // the response. If additional items exist beyond the number you specify, the + // Truncated element in the response is set to true. + // + // This value is optional. If you include a value, it must be between 1 and + // 1000, inclusive. If you do not include a value, it defaults to 100. + // + // Currently only 1 policy can be attached to a key. + Limit *int64 `min:"1" type:"integer"` + + // Use this parameter only when paginating results and only in a subsequent + // request after you receive a response with truncated results. Set it to the + // value of NextMarker from the response you just received. + Marker *string `min:"1" type:"string"` +} + +// String returns the string representation +func (s ListKeyPoliciesInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s ListKeyPoliciesInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *ListKeyPoliciesInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "ListKeyPoliciesInput"} + if s.KeyId == nil { + invalidParams.Add(request.NewErrParamRequired("KeyId")) + } + if s.KeyId != nil && len(*s.KeyId) < 1 { + invalidParams.Add(request.NewErrParamMinLen("KeyId", 1)) + } + if s.Limit != nil && *s.Limit < 1 { + invalidParams.Add(request.NewErrParamMinValue("Limit", 1)) + } + if s.Marker != nil && len(*s.Marker) < 1 { + invalidParams.Add(request.NewErrParamMinLen("Marker", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetKeyId sets the KeyId field's value. +func (s *ListKeyPoliciesInput) SetKeyId(v string) *ListKeyPoliciesInput { + s.KeyId = &v + return s +} + +// SetLimit sets the Limit field's value. +func (s *ListKeyPoliciesInput) SetLimit(v int64) *ListKeyPoliciesInput { + s.Limit = &v + return s +} + +// SetMarker sets the Marker field's value. +func (s *ListKeyPoliciesInput) SetMarker(v string) *ListKeyPoliciesInput { + s.Marker = &v + return s +} + +// Please also see https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ListKeyPoliciesResponse +type ListKeyPoliciesOutput struct { + _ struct{} `type:"structure"` + + // When Truncated is true, this value is present and contains the value to use + // for the Marker parameter in a subsequent pagination request. + NextMarker *string `min:"1" type:"string"` + + // A list of policy names. Currently, there is only one policy and it is named + // "Default". + PolicyNames []*string `type:"list"` + + // A flag that indicates whether there are more items in the list. If your results + // were truncated, you can use the Marker parameter to make a subsequent pagination + // request to retrieve more items in the list. + Truncated *bool `type:"boolean"` +} + +// String returns the string representation +func (s ListKeyPoliciesOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s ListKeyPoliciesOutput) GoString() string { + return s.String() +} + +// SetNextMarker sets the NextMarker field's value. +func (s *ListKeyPoliciesOutput) SetNextMarker(v string) *ListKeyPoliciesOutput { + s.NextMarker = &v + return s +} + +// SetPolicyNames sets the PolicyNames field's value. +func (s *ListKeyPoliciesOutput) SetPolicyNames(v []*string) *ListKeyPoliciesOutput { + s.PolicyNames = v + return s +} + +// SetTruncated sets the Truncated field's value. +func (s *ListKeyPoliciesOutput) SetTruncated(v bool) *ListKeyPoliciesOutput { + s.Truncated = &v + return s +} + +// Please also see https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ListKeysRequest +type ListKeysInput struct { + _ struct{} `type:"structure"` + + // When paginating results, specify the maximum number of items to return in + // the response. If additional items exist beyond the number you specify, the + // Truncated element in the response is set to true. + // + // This value is optional. If you include a value, it must be between 1 and + // 1000, inclusive. If you do not include a value, it defaults to 100. + Limit *int64 `min:"1" type:"integer"` + + // Use this parameter only when paginating results and only in a subsequent + // request after you receive a response with truncated results. Set it to the + // value of NextMarker from the response you just received. + Marker *string `min:"1" type:"string"` +} + +// String returns the string representation +func (s ListKeysInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s ListKeysInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *ListKeysInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "ListKeysInput"} + if s.Limit != nil && *s.Limit < 1 { + invalidParams.Add(request.NewErrParamMinValue("Limit", 1)) + } + if s.Marker != nil && len(*s.Marker) < 1 { + invalidParams.Add(request.NewErrParamMinLen("Marker", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetLimit sets the Limit field's value. +func (s *ListKeysInput) SetLimit(v int64) *ListKeysInput { + s.Limit = &v + return s +} + +// SetMarker sets the Marker field's value. +func (s *ListKeysInput) SetMarker(v string) *ListKeysInput { + s.Marker = &v + return s +} + +// Please also see https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ListKeysResponse +type ListKeysOutput struct { + _ struct{} `type:"structure"` + + // A list of keys. + Keys []*KeyListEntry `type:"list"` + + // When Truncated is true, this value is present and contains the value to use + // for the Marker parameter in a subsequent pagination request. + NextMarker *string `min:"1" type:"string"` + + // A flag that indicates whether there are more items in the list. If your results + // were truncated, you can use the Marker parameter to make a subsequent pagination + // request to retrieve more items in the list. + Truncated *bool `type:"boolean"` +} + +// String returns the string representation +func (s ListKeysOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s ListKeysOutput) GoString() string { + return s.String() +} + +// SetKeys sets the Keys field's value. +func (s *ListKeysOutput) SetKeys(v []*KeyListEntry) *ListKeysOutput { + s.Keys = v + return s +} + +// SetNextMarker sets the NextMarker field's value. +func (s *ListKeysOutput) SetNextMarker(v string) *ListKeysOutput { + s.NextMarker = &v + return s +} + +// SetTruncated sets the Truncated field's value. +func (s *ListKeysOutput) SetTruncated(v bool) *ListKeysOutput { + s.Truncated = &v + return s +} + +// Please also see https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ListRetirableGrantsRequest +type ListRetirableGrantsInput struct { + _ struct{} `type:"structure"` + + // When paginating results, specify the maximum number of items to return in + // the response. If additional items exist beyond the number you specify, the + // Truncated element in the response is set to true. + // + // This value is optional. If you include a value, it must be between 1 and + // 100, inclusive. If you do not include a value, it defaults to 50. + Limit *int64 `min:"1" type:"integer"` + + // Use this parameter only when paginating results and only in a subsequent + // request after you receive a response with truncated results. Set it to the + // value of NextMarker from the response you just received. + Marker *string `min:"1" type:"string"` + + // The retiring principal for which to list grants. + // + // To specify the retiring principal, use the Amazon Resource Name (ARN) (http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) + // of an AWS principal. Valid AWS principals include AWS accounts (root), IAM + // users, federated users, and assumed role users. For examples of the ARN syntax + // for specifying a principal, see AWS Identity and Access Management (IAM) + // (http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#arn-syntax-iam) + // in the Example ARNs section of the Amazon Web Services General Reference. + // + // RetiringPrincipal is a required field + RetiringPrincipal *string `min:"1" type:"string" required:"true"` +} + +// String returns the string representation +func (s ListRetirableGrantsInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s ListRetirableGrantsInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *ListRetirableGrantsInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "ListRetirableGrantsInput"} + if s.Limit != nil && *s.Limit < 1 { + invalidParams.Add(request.NewErrParamMinValue("Limit", 1)) + } + if s.Marker != nil && len(*s.Marker) < 1 { + invalidParams.Add(request.NewErrParamMinLen("Marker", 1)) + } + if s.RetiringPrincipal == nil { + invalidParams.Add(request.NewErrParamRequired("RetiringPrincipal")) + } + if s.RetiringPrincipal != nil && len(*s.RetiringPrincipal) < 1 { + invalidParams.Add(request.NewErrParamMinLen("RetiringPrincipal", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetLimit sets the Limit field's value. +func (s *ListRetirableGrantsInput) SetLimit(v int64) *ListRetirableGrantsInput { + s.Limit = &v + return s +} + +// SetMarker sets the Marker field's value. +func (s *ListRetirableGrantsInput) SetMarker(v string) *ListRetirableGrantsInput { + s.Marker = &v + return s +} + +// SetRetiringPrincipal sets the RetiringPrincipal field's value. +func (s *ListRetirableGrantsInput) SetRetiringPrincipal(v string) *ListRetirableGrantsInput { + s.RetiringPrincipal = &v + return s +} + +// Please also see https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/PutKeyPolicyRequest +type PutKeyPolicyInput struct { + _ struct{} `type:"structure"` + + // A flag to indicate whether to bypass the key policy lockout safety check. + // + // Setting this value to true increases the likelihood that the CMK becomes + // unmanageable. Do not set this value to true indiscriminately. + // + // For more information, refer to the scenario in the Default Key Policy (http://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default-allow-root-enable-iam) + // section in the AWS Key Management Service Developer Guide. + // + // Use this parameter only when you intend to prevent the principal making the + // request from making a subsequent PutKeyPolicy request on the CMK. + // + // The default value is false. + BypassPolicyLockoutSafetyCheck *bool `type:"boolean"` + + // A unique identifier for the CMK. + // + // Use the CMK's unique identifier or its Amazon Resource Name (ARN). For example: + // + // * Unique ID: 1234abcd-12ab-34cd-56ef-1234567890ab + // + // * ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab + // + // KeyId is a required field + KeyId *string `min:"1" type:"string" required:"true"` + + // The key policy to attach to the CMK. + // + // If you do not set BypassPolicyLockoutSafetyCheck to true, the policy must + // meet the following criteria: + // + // * It must allow the principal making the PutKeyPolicy request to make + // a subsequent PutKeyPolicy request on the CMK. This reduces the likelihood + // that the CMK becomes unmanageable. For more information, refer to the + // scenario in the Default Key Policy (http://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default-allow-root-enable-iam) + // section in the AWS Key Management Service Developer Guide. + // + // * The principal(s) specified in the key policy must exist and be visible + // to AWS KMS. When you create a new AWS principal (for example, an IAM user + // or role), you might need to enforce a delay before specifying the new + // principal in a key policy because the new principal might not immediately + // be visible to AWS KMS. For more information, see Changes that I make are + // not always immediately visible (http://docs.aws.amazon.com/IAM/latest/UserGuide/troubleshoot_general.html#troubleshoot_general_eventual-consistency) + // in the IAM User Guide. + // + // The policy size limit is 32 KiB (32768 bytes). + // + // Policy is a required field + Policy *string `min:"1" type:"string" required:"true"` + + // The name of the key policy. + // + // This value must be default. + // + // PolicyName is a required field + PolicyName *string `min:"1" type:"string" required:"true"` +} + +// String returns the string representation +func (s PutKeyPolicyInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s PutKeyPolicyInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *PutKeyPolicyInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "PutKeyPolicyInput"} + if s.KeyId == nil { + invalidParams.Add(request.NewErrParamRequired("KeyId")) + } + if s.KeyId != nil && len(*s.KeyId) < 1 { + invalidParams.Add(request.NewErrParamMinLen("KeyId", 1)) + } + if s.Policy == nil { + invalidParams.Add(request.NewErrParamRequired("Policy")) + } + if s.Policy != nil && len(*s.Policy) < 1 { + invalidParams.Add(request.NewErrParamMinLen("Policy", 1)) + } + if s.PolicyName == nil { + invalidParams.Add(request.NewErrParamRequired("PolicyName")) + } + if s.PolicyName != nil && len(*s.PolicyName) < 1 { + invalidParams.Add(request.NewErrParamMinLen("PolicyName", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetBypassPolicyLockoutSafetyCheck sets the BypassPolicyLockoutSafetyCheck field's value. +func (s *PutKeyPolicyInput) SetBypassPolicyLockoutSafetyCheck(v bool) *PutKeyPolicyInput { + s.BypassPolicyLockoutSafetyCheck = &v + return s +} + +// SetKeyId sets the KeyId field's value. +func (s *PutKeyPolicyInput) SetKeyId(v string) *PutKeyPolicyInput { + s.KeyId = &v + return s +} + +// SetPolicy sets the Policy field's value. +func (s *PutKeyPolicyInput) SetPolicy(v string) *PutKeyPolicyInput { + s.Policy = &v + return s +} + +// SetPolicyName sets the PolicyName field's value. +func (s *PutKeyPolicyInput) SetPolicyName(v string) *PutKeyPolicyInput { + s.PolicyName = &v + return s +} + +// Please also see https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/PutKeyPolicyOutput +type PutKeyPolicyOutput struct { + _ struct{} `type:"structure"` +} + +// String returns the string representation +func (s PutKeyPolicyOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s PutKeyPolicyOutput) GoString() string { + return s.String() +} + +// Please also see https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ReEncryptRequest +type ReEncryptInput struct { + _ struct{} `type:"structure"` + + // Ciphertext of the data to reencrypt. + // + // CiphertextBlob is automatically base64 encoded/decoded by the SDK. + // + // CiphertextBlob is a required field + CiphertextBlob []byte `min:"1" type:"blob" required:"true"` + + // Encryption context to use when the data is reencrypted. + DestinationEncryptionContext map[string]*string `type:"map"` + + // A unique identifier for the CMK to use to reencrypt the data. This value + // can be a globally unique identifier, a fully specified ARN to either an alias + // or a key, or an alias name prefixed by "alias/". + // + // * Key ARN Example - arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012 + // + // * Alias ARN Example - arn:aws:kms:us-east-1:123456789012:alias/MyAliasName + // + // * Globally Unique Key ID Example - 12345678-1234-1234-1234-123456789012 + // + // * Alias Name Example - alias/MyAliasName + // + // DestinationKeyId is a required field + DestinationKeyId *string `min:"1" type:"string" required:"true"` + + // A list of grant tokens. + // + // For more information, see Grant Tokens (http://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token) + // in the AWS Key Management Service Developer Guide. + GrantTokens []*string `type:"list"` + + // Encryption context used to encrypt and decrypt the data specified in the + // CiphertextBlob parameter. + SourceEncryptionContext map[string]*string `type:"map"` +} + +// String returns the string representation +func (s ReEncryptInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s ReEncryptInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *ReEncryptInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "ReEncryptInput"} + if s.CiphertextBlob == nil { + invalidParams.Add(request.NewErrParamRequired("CiphertextBlob")) + } + if s.CiphertextBlob != nil && len(s.CiphertextBlob) < 1 { + invalidParams.Add(request.NewErrParamMinLen("CiphertextBlob", 1)) + } + if s.DestinationKeyId == nil { + invalidParams.Add(request.NewErrParamRequired("DestinationKeyId")) + } + if s.DestinationKeyId != nil && len(*s.DestinationKeyId) < 1 { + invalidParams.Add(request.NewErrParamMinLen("DestinationKeyId", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetCiphertextBlob sets the CiphertextBlob field's value. +func (s *ReEncryptInput) SetCiphertextBlob(v []byte) *ReEncryptInput { + s.CiphertextBlob = v + return s +} + +// SetDestinationEncryptionContext sets the DestinationEncryptionContext field's value. +func (s *ReEncryptInput) SetDestinationEncryptionContext(v map[string]*string) *ReEncryptInput { + s.DestinationEncryptionContext = v + return s +} + +// SetDestinationKeyId sets the DestinationKeyId field's value. +func (s *ReEncryptInput) SetDestinationKeyId(v string) *ReEncryptInput { + s.DestinationKeyId = &v + return s +} + +// SetGrantTokens sets the GrantTokens field's value. +func (s *ReEncryptInput) SetGrantTokens(v []*string) *ReEncryptInput { + s.GrantTokens = v + return s +} + +// SetSourceEncryptionContext sets the SourceEncryptionContext field's value. +func (s *ReEncryptInput) SetSourceEncryptionContext(v map[string]*string) *ReEncryptInput { + s.SourceEncryptionContext = v + return s +} + +// Please also see https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ReEncryptResponse +type ReEncryptOutput struct { + _ struct{} `type:"structure"` + + // The reencrypted data. + // + // CiphertextBlob is automatically base64 encoded/decoded by the SDK. + CiphertextBlob []byte `min:"1" type:"blob"` + + // Unique identifier of the CMK used to reencrypt the data. + KeyId *string `min:"1" type:"string"` + + // Unique identifier of the CMK used to originally encrypt the data. + SourceKeyId *string `min:"1" type:"string"` +} + +// String returns the string representation +func (s ReEncryptOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s ReEncryptOutput) GoString() string { + return s.String() +} + +// SetCiphertextBlob sets the CiphertextBlob field's value. +func (s *ReEncryptOutput) SetCiphertextBlob(v []byte) *ReEncryptOutput { + s.CiphertextBlob = v + return s +} + +// SetKeyId sets the KeyId field's value. +func (s *ReEncryptOutput) SetKeyId(v string) *ReEncryptOutput { + s.KeyId = &v + return s +} + +// SetSourceKeyId sets the SourceKeyId field's value. +func (s *ReEncryptOutput) SetSourceKeyId(v string) *ReEncryptOutput { + s.SourceKeyId = &v + return s +} + +// Please also see https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/RetireGrantRequest +type RetireGrantInput struct { + _ struct{} `type:"structure"` + + // Unique identifier of the grant to retire. The grant ID is returned in the + // response to a CreateGrant operation. + // + // * Grant ID Example - 0123456789012345678901234567890123456789012345678901234567890123 + GrantId *string `min:"1" type:"string"` + + // Token that identifies the grant to be retired. + GrantToken *string `min:"1" type:"string"` + + // The Amazon Resource Name of the CMK associated with the grant. Example: + // + // * arn:aws:kms:us-east-2:444455556666:key/1234abcd-12ab-34cd-56ef-1234567890ab + KeyId *string `min:"1" type:"string"` +} + +// String returns the string representation +func (s RetireGrantInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s RetireGrantInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *RetireGrantInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "RetireGrantInput"} + if s.GrantId != nil && len(*s.GrantId) < 1 { + invalidParams.Add(request.NewErrParamMinLen("GrantId", 1)) + } + if s.GrantToken != nil && len(*s.GrantToken) < 1 { + invalidParams.Add(request.NewErrParamMinLen("GrantToken", 1)) + } + if s.KeyId != nil && len(*s.KeyId) < 1 { + invalidParams.Add(request.NewErrParamMinLen("KeyId", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetGrantId sets the GrantId field's value. +func (s *RetireGrantInput) SetGrantId(v string) *RetireGrantInput { + s.GrantId = &v + return s +} + +// SetGrantToken sets the GrantToken field's value. +func (s *RetireGrantInput) SetGrantToken(v string) *RetireGrantInput { + s.GrantToken = &v + return s +} + +// SetKeyId sets the KeyId field's value. +func (s *RetireGrantInput) SetKeyId(v string) *RetireGrantInput { + s.KeyId = &v + return s +} + +// Please also see https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/RetireGrantOutput +type RetireGrantOutput struct { + _ struct{} `type:"structure"` +} + +// String returns the string representation +func (s RetireGrantOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s RetireGrantOutput) GoString() string { + return s.String() +} + +// Please also see https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/RevokeGrantRequest +type RevokeGrantInput struct { + _ struct{} `type:"structure"` + + // Identifier of the grant to be revoked. + // + // GrantId is a required field + GrantId *string `min:"1" type:"string" required:"true"` + + // A unique identifier for the customer master key associated with the grant. + // This value can be a globally unique identifier or the fully specified ARN + // to a key. + // + // * Key ARN Example - arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012 + // + // * Globally Unique Key ID Example - 12345678-1234-1234-1234-123456789012 + // + // KeyId is a required field + KeyId *string `min:"1" type:"string" required:"true"` +} + +// String returns the string representation +func (s RevokeGrantInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s RevokeGrantInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *RevokeGrantInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "RevokeGrantInput"} + if s.GrantId == nil { + invalidParams.Add(request.NewErrParamRequired("GrantId")) + } + if s.GrantId != nil && len(*s.GrantId) < 1 { + invalidParams.Add(request.NewErrParamMinLen("GrantId", 1)) + } + if s.KeyId == nil { + invalidParams.Add(request.NewErrParamRequired("KeyId")) + } + if s.KeyId != nil && len(*s.KeyId) < 1 { + invalidParams.Add(request.NewErrParamMinLen("KeyId", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetGrantId sets the GrantId field's value. +func (s *RevokeGrantInput) SetGrantId(v string) *RevokeGrantInput { + s.GrantId = &v + return s +} + +// SetKeyId sets the KeyId field's value. +func (s *RevokeGrantInput) SetKeyId(v string) *RevokeGrantInput { + s.KeyId = &v + return s +} + +// Please also see https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/RevokeGrantOutput +type RevokeGrantOutput struct { + _ struct{} `type:"structure"` +} + +// String returns the string representation +func (s RevokeGrantOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s RevokeGrantOutput) GoString() string { + return s.String() +} + +// Please also see https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ScheduleKeyDeletionRequest +type ScheduleKeyDeletionInput struct { + _ struct{} `type:"structure"` + + // The unique identifier for the customer master key (CMK) to delete. + // + // To specify this value, use the unique key ID or the Amazon Resource Name + // (ARN) of the CMK. Examples: + // + // * Unique key ID: 1234abcd-12ab-34cd-56ef-1234567890ab + // + // * Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab + // + // To obtain the unique key ID and key ARN for a given CMK, use ListKeys or + // DescribeKey. + // + // KeyId is a required field + KeyId *string `min:"1" type:"string" required:"true"` + + // The waiting period, specified in number of days. After the waiting period + // ends, AWS KMS deletes the customer master key (CMK). + // + // This value is optional. If you include a value, it must be between 7 and + // 30, inclusive. If you do not include a value, it defaults to 30. + PendingWindowInDays *int64 `min:"1" type:"integer"` +} + +// String returns the string representation +func (s ScheduleKeyDeletionInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s ScheduleKeyDeletionInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *ScheduleKeyDeletionInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "ScheduleKeyDeletionInput"} + if s.KeyId == nil { + invalidParams.Add(request.NewErrParamRequired("KeyId")) + } + if s.KeyId != nil && len(*s.KeyId) < 1 { + invalidParams.Add(request.NewErrParamMinLen("KeyId", 1)) + } + if s.PendingWindowInDays != nil && *s.PendingWindowInDays < 1 { + invalidParams.Add(request.NewErrParamMinValue("PendingWindowInDays", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetKeyId sets the KeyId field's value. +func (s *ScheduleKeyDeletionInput) SetKeyId(v string) *ScheduleKeyDeletionInput { + s.KeyId = &v + return s +} + +// SetPendingWindowInDays sets the PendingWindowInDays field's value. +func (s *ScheduleKeyDeletionInput) SetPendingWindowInDays(v int64) *ScheduleKeyDeletionInput { + s.PendingWindowInDays = &v + return s +} + +// Please also see https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ScheduleKeyDeletionResponse +type ScheduleKeyDeletionOutput struct { + _ struct{} `type:"structure"` + + // The date and time after which AWS KMS deletes the customer master key (CMK). + DeletionDate *time.Time `type:"timestamp" timestampFormat:"unix"` + + // The unique identifier of the customer master key (CMK) for which deletion + // is scheduled. + KeyId *string `min:"1" type:"string"` +} + +// String returns the string representation +func (s ScheduleKeyDeletionOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s ScheduleKeyDeletionOutput) GoString() string { + return s.String() +} + +// SetDeletionDate sets the DeletionDate field's value. +func (s *ScheduleKeyDeletionOutput) SetDeletionDate(v time.Time) *ScheduleKeyDeletionOutput { + s.DeletionDate = &v + return s +} + +// SetKeyId sets the KeyId field's value. +func (s *ScheduleKeyDeletionOutput) SetKeyId(v string) *ScheduleKeyDeletionOutput { + s.KeyId = &v + return s +} + +// Please also see https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/UpdateAliasRequest +type UpdateAliasInput struct { + _ struct{} `type:"structure"` + + // String that contains the name of the alias to be modified. The name must + // start with the word "alias" followed by a forward slash (alias/). Aliases + // that begin with "alias/aws" are reserved. + // + // AliasName is a required field + AliasName *string `min:"1" type:"string" required:"true"` + + // Unique identifier of the customer master key to be mapped to the alias. This + // value can be a globally unique identifier or the fully specified ARN of a + // key. + // + // * Key ARN Example - arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012 + // + // * Globally Unique Key ID Example - 12345678-1234-1234-1234-123456789012 + // + // You can call ListAliases to verify that the alias is mapped to the correct + // TargetKeyId. + // + // TargetKeyId is a required field + TargetKeyId *string `min:"1" type:"string" required:"true"` +} + +// String returns the string representation +func (s UpdateAliasInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s UpdateAliasInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *UpdateAliasInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "UpdateAliasInput"} + if s.AliasName == nil { + invalidParams.Add(request.NewErrParamRequired("AliasName")) + } + if s.AliasName != nil && len(*s.AliasName) < 1 { + invalidParams.Add(request.NewErrParamMinLen("AliasName", 1)) + } + if s.TargetKeyId == nil { + invalidParams.Add(request.NewErrParamRequired("TargetKeyId")) + } + if s.TargetKeyId != nil && len(*s.TargetKeyId) < 1 { + invalidParams.Add(request.NewErrParamMinLen("TargetKeyId", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetAliasName sets the AliasName field's value. +func (s *UpdateAliasInput) SetAliasName(v string) *UpdateAliasInput { + s.AliasName = &v + return s +} + +// SetTargetKeyId sets the TargetKeyId field's value. +func (s *UpdateAliasInput) SetTargetKeyId(v string) *UpdateAliasInput { + s.TargetKeyId = &v + return s +} + +// Please also see https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/UpdateAliasOutput +type UpdateAliasOutput struct { + _ struct{} `type:"structure"` +} + +// String returns the string representation +func (s UpdateAliasOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s UpdateAliasOutput) GoString() string { + return s.String() +} + +// Please also see https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/UpdateKeyDescriptionRequest +type UpdateKeyDescriptionInput struct { + _ struct{} `type:"structure"` + + // New description for the CMK. + // + // Description is a required field + Description *string `type:"string" required:"true"` + + // A unique identifier for the CMK. This value can be a globally unique identifier + // or the fully specified ARN to a key. + // + // * Key ARN Example - arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012 + // + // * Globally Unique Key ID Example - 12345678-1234-1234-1234-123456789012 + // + // KeyId is a required field + KeyId *string `min:"1" type:"string" required:"true"` +} + +// String returns the string representation +func (s UpdateKeyDescriptionInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s UpdateKeyDescriptionInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *UpdateKeyDescriptionInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "UpdateKeyDescriptionInput"} + if s.Description == nil { + invalidParams.Add(request.NewErrParamRequired("Description")) + } + if s.KeyId == nil { + invalidParams.Add(request.NewErrParamRequired("KeyId")) + } + if s.KeyId != nil && len(*s.KeyId) < 1 { + invalidParams.Add(request.NewErrParamMinLen("KeyId", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetDescription sets the Description field's value. +func (s *UpdateKeyDescriptionInput) SetDescription(v string) *UpdateKeyDescriptionInput { + s.Description = &v + return s +} + +// SetKeyId sets the KeyId field's value. +func (s *UpdateKeyDescriptionInput) SetKeyId(v string) *UpdateKeyDescriptionInput { + s.KeyId = &v + return s +} + +// Please also see https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/UpdateKeyDescriptionOutput +type UpdateKeyDescriptionOutput struct { + _ struct{} `type:"structure"` +} + +// String returns the string representation +func (s UpdateKeyDescriptionOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s UpdateKeyDescriptionOutput) GoString() string { + return s.String() +} + +const ( + // AlgorithmSpecRsaesPkcs1V15 is a AlgorithmSpec enum value + AlgorithmSpecRsaesPkcs1V15 = "RSAES_PKCS1_V1_5" + + // AlgorithmSpecRsaesOaepSha1 is a AlgorithmSpec enum value + AlgorithmSpecRsaesOaepSha1 = "RSAES_OAEP_SHA_1" + + // AlgorithmSpecRsaesOaepSha256 is a AlgorithmSpec enum value + AlgorithmSpecRsaesOaepSha256 = "RSAES_OAEP_SHA_256" +) + +const ( + // DataKeySpecAes256 is a DataKeySpec enum value + DataKeySpecAes256 = "AES_256" + + // DataKeySpecAes128 is a DataKeySpec enum value + DataKeySpecAes128 = "AES_128" +) + +const ( + // ExpirationModelTypeKeyMaterialExpires is a ExpirationModelType enum value + ExpirationModelTypeKeyMaterialExpires = "KEY_MATERIAL_EXPIRES" + + // ExpirationModelTypeKeyMaterialDoesNotExpire is a ExpirationModelType enum value + ExpirationModelTypeKeyMaterialDoesNotExpire = "KEY_MATERIAL_DOES_NOT_EXPIRE" +) + +const ( + // GrantOperationDecrypt is a GrantOperation enum value + GrantOperationDecrypt = "Decrypt" + + // GrantOperationEncrypt is a GrantOperation enum value + GrantOperationEncrypt = "Encrypt" + + // GrantOperationGenerateDataKey is a GrantOperation enum value + GrantOperationGenerateDataKey = "GenerateDataKey" + + // GrantOperationGenerateDataKeyWithoutPlaintext is a GrantOperation enum value + GrantOperationGenerateDataKeyWithoutPlaintext = "GenerateDataKeyWithoutPlaintext" + + // GrantOperationReEncryptFrom is a GrantOperation enum value + GrantOperationReEncryptFrom = "ReEncryptFrom" + + // GrantOperationReEncryptTo is a GrantOperation enum value + GrantOperationReEncryptTo = "ReEncryptTo" + + // GrantOperationCreateGrant is a GrantOperation enum value + GrantOperationCreateGrant = "CreateGrant" + + // GrantOperationRetireGrant is a GrantOperation enum value + GrantOperationRetireGrant = "RetireGrant" + + // GrantOperationDescribeKey is a GrantOperation enum value + GrantOperationDescribeKey = "DescribeKey" +) + +const ( + // KeyStateEnabled is a KeyState enum value + KeyStateEnabled = "Enabled" + + // KeyStateDisabled is a KeyState enum value + KeyStateDisabled = "Disabled" + + // KeyStatePendingDeletion is a KeyState enum value + KeyStatePendingDeletion = "PendingDeletion" + + // KeyStatePendingImport is a KeyState enum value + KeyStatePendingImport = "PendingImport" +) + +const ( + // KeyUsageTypeEncryptDecrypt is a KeyUsageType enum value + KeyUsageTypeEncryptDecrypt = "ENCRYPT_DECRYPT" +) + +const ( + // OriginTypeAwsKms is a OriginType enum value + OriginTypeAwsKms = "AWS_KMS" + + // OriginTypeExternal is a OriginType enum value + OriginTypeExternal = "EXTERNAL" +) + +const ( + // WrappingKeySpecRsa2048 is a WrappingKeySpec enum value + WrappingKeySpecRsa2048 = "RSA_2048" +) diff --git a/vendor/github.com/aws/aws-sdk-go/service/kms/service.go b/vendor/github.com/aws/aws-sdk-go/service/kms/service.go new file mode 100644 index 00000000000..b4688cad32b --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go/service/kms/service.go @@ -0,0 +1,163 @@ +// THIS FILE IS AUTOMATICALLY GENERATED. DO NOT EDIT. + +package kms + +import ( + "github.com/aws/aws-sdk-go/aws" + "github.com/aws/aws-sdk-go/aws/client" + "github.com/aws/aws-sdk-go/aws/client/metadata" + "github.com/aws/aws-sdk-go/aws/request" + "github.com/aws/aws-sdk-go/aws/signer/v4" + "github.com/aws/aws-sdk-go/private/protocol/jsonrpc" +) + +// AWS Key Management Service (AWS KMS) is an encryption and key management +// web service. This guide describes the AWS KMS operations that you can call +// programmatically. For general information about AWS KMS, see the AWS Key +// Management Service Developer Guide (http://docs.aws.amazon.com/kms/latest/developerguide/). +// +// AWS provides SDKs that consist of libraries and sample code for various programming +// languages and platforms (Java, Ruby, .Net, iOS, Android, etc.). The SDKs +// provide a convenient way to create programmatic access to AWS KMS and other +// AWS services. For example, the SDKs take care of tasks such as signing requests +// (see below), managing errors, and retrying requests automatically. For more +// information about the AWS SDKs, including how to download and install them, +// see Tools for Amazon Web Services (http://aws.amazon.com/tools/). +// +// We recommend that you use the AWS SDKs to make programmatic API calls to +// AWS KMS. +// +// Clients must support TLS (Transport Layer Security) 1.0. We recommend TLS +// 1.2. Clients must also support cipher suites with Perfect Forward Secrecy +// (PFS) such as Ephemeral Diffie-Hellman (DHE) or Elliptic Curve Ephemeral +// Diffie-Hellman (ECDHE). Most modern systems such as Java 7 and later support +// these modes. +// +// Signing Requests +// +// Requests must be signed by using an access key ID and a secret access key. +// We strongly recommend that you do not use your AWS account (root) access +// key ID and secret key for everyday work with AWS KMS. Instead, use the access +// key ID and secret access key for an IAM user, or you can use the AWS Security +// Token Service to generate temporary security credentials that you can use +// to sign requests. +// +// All AWS KMS operations require Signature Version 4 (http://docs.aws.amazon.com/general/latest/gr/signature-version-4.html). +// +// Logging API Requests +// +// AWS KMS supports AWS CloudTrail, a service that logs AWS API calls and related +// events for your AWS account and delivers them to an Amazon S3 bucket that +// you specify. By using the information collected by CloudTrail, you can determine +// what requests were made to AWS KMS, who made the request, when it was made, +// and so on. To learn more about CloudTrail, including how to turn it on and +// find your log files, see the AWS CloudTrail User Guide (http://docs.aws.amazon.com/awscloudtrail/latest/userguide/). +// +// Additional Resources +// +// For more information about credentials and request signing, see the following: +// +// * AWS Security Credentials (http://docs.aws.amazon.com/general/latest/gr/aws-security-credentials.html) +// - This topic provides general information about the types of credentials +// used for accessing AWS. +// +// * Temporary Security Credentials (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html) +// - This section of the IAM User Guide describes how to create and use temporary +// security credentials. +// +// * Signature Version 4 Signing Process (http://docs.aws.amazon.com/general/latest/gr/signature-version-4.html) +// - This set of topics walks you through the process of signing a request +// using an access key ID and a secret access key. +// +// Commonly Used APIs +// +// Of the APIs discussed in this guide, the following will prove the most useful +// for most applications. You will likely perform actions other than these, +// such as creating keys and assigning policies, by using the console. +// +// * Encrypt +// +// * Decrypt +// +// * GenerateDataKey +// +// * GenerateDataKeyWithoutPlaintext +// The service client's operations are safe to be used concurrently. +// It is not safe to mutate any of the client's properties though. +// Please also see https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01 +type KMS struct { + *client.Client +} + +// Used for custom client initialization logic +var initClient func(*client.Client) + +// Used for custom request initialization logic +var initRequest func(*request.Request) + +// Service information constants +const ( + ServiceName = "kms" // Service endpoint prefix API calls made to. + EndpointsID = ServiceName // Service ID for Regions and Endpoints metadata. +) + +// New creates a new instance of the KMS client with a session. +// If additional configuration is needed for the client instance use the optional +// aws.Config parameter to add your extra config. +// +// Example: +// // Create a KMS client from just a session. +// svc := kms.New(mySession) +// +// // Create a KMS client with additional configuration +// svc := kms.New(mySession, aws.NewConfig().WithRegion("us-west-2")) +func New(p client.ConfigProvider, cfgs ...*aws.Config) *KMS { + c := p.ClientConfig(EndpointsID, cfgs...) + return newClient(*c.Config, c.Handlers, c.Endpoint, c.SigningRegion, c.SigningName) +} + +// newClient creates, initializes and returns a new service client instance. +func newClient(cfg aws.Config, handlers request.Handlers, endpoint, signingRegion, signingName string) *KMS { + svc := &KMS{ + Client: client.New( + cfg, + metadata.ClientInfo{ + ServiceName: ServiceName, + SigningName: signingName, + SigningRegion: signingRegion, + Endpoint: endpoint, + APIVersion: "2014-11-01", + JSONVersion: "1.1", + TargetPrefix: "TrentService", + }, + handlers, + ), + } + + // Handlers + svc.Handlers.Sign.PushBackNamed(v4.SignRequestHandler) + svc.Handlers.Build.PushBackNamed(jsonrpc.BuildHandler) + svc.Handlers.Unmarshal.PushBackNamed(jsonrpc.UnmarshalHandler) + svc.Handlers.UnmarshalMeta.PushBackNamed(jsonrpc.UnmarshalMetaHandler) + svc.Handlers.UnmarshalError.PushBackNamed(jsonrpc.UnmarshalErrorHandler) + + // Run custom client initialization if present + if initClient != nil { + initClient(svc.Client) + } + + return svc +} + +// newRequest creates a new request for a KMS operation and runs any +// custom request initialization. +func (c *KMS) newRequest(op *request.Operation, params, data interface{}) *request.Request { + req := c.NewRequest(op, params, data) + + // Run custom request initialization if present + if initRequest != nil { + initRequest(req) + } + + return req +}