Documentation
¶
Index ¶
- Constants
- Variables
- type AlgorithmSpec
- type AliasListEntry
- type ConnectionErrorCodeType
- type ConnectionStateType
- type CustomKeyParameters
- type CustomKeyStoresListEntry
- type CustomerMasterKeySpec
- type DataKeyPairSpec
- type DataKeySpec
- type EncryptionAlgorithmSpec
- type ExpirationModelType
- type GrantListEntry
- type GrantOperation
- type Key
- func (in *Key) DeepCopy() *Key
- func (in *Key) DeepCopyInto(out *Key)
- func (in *Key) DeepCopyObject() runtime.Object
- func (mg *Key) GetCondition(ct xpv1.ConditionType) xpv1.Condition
- func (mg *Key) GetDeletionPolicy() xpv1.DeletionPolicy
- func (mg *Key) GetProviderConfigReference() *xpv1.Reference
- func (mg *Key) GetProviderReference() *xpv1.Reference
- func (mg *Key) GetWriteConnectionSecretToReference() *xpv1.SecretReference
- func (mg *Key) SetConditions(c ...xpv1.Condition)
- func (mg *Key) SetDeletionPolicy(r xpv1.DeletionPolicy)
- func (mg *Key) SetProviderConfigReference(r *xpv1.Reference)
- func (mg *Key) SetProviderReference(r *xpv1.Reference)
- func (mg *Key) SetWriteConnectionSecretToReference(r *xpv1.SecretReference)
- type KeyList
- type KeyListEntry
- type KeyManagerType
- type KeyMetadata
- type KeyObservation
- type KeyParameters
- type KeySpec
- type KeyState
- type KeyStatus
- type KeyUsageType
- type MessageType
- type OriginType
- type SigningAlgorithmSpec
- type Tag
- type WrappingKeySpec
Constants ¶
View Source
const ( Group = "kms.aws.crossplane.io" Version = "v1alpha1" )
Package type metadata.
Variables ¶
View Source
var ( // GroupVersion is the API Group Version used to register the objects GroupVersion = schema.GroupVersion{Group: Group, Version: Version} // SchemeBuilder is used to add go types to the GroupVersionKind scheme SchemeBuilder = &scheme.Builder{GroupVersion: GroupVersion} // AddToScheme adds the types in this group-version to the given scheme. AddToScheme = SchemeBuilder.AddToScheme )
View Source
var ( KeyKind = "Key" KeyGroupKind = schema.GroupKind{Group: Group, Kind: KeyKind}.String() KeyKindAPIVersion = KeyKind + "." + GroupVersion.String() KeyGroupVersionKind = GroupVersion.WithKind(KeyKind) )
Repository type metadata.
Functions ¶
This section is empty.
Types ¶
type AlgorithmSpec ¶
type AlgorithmSpec string
const ( AlgorithmSpec_RSAES_PKCS1_V1_5 AlgorithmSpec = "RSAES_PKCS1_V1_5" AlgorithmSpec_RSAES_OAEP_SHA_1 AlgorithmSpec = "RSAES_OAEP_SHA_1" AlgorithmSpec_RSAES_OAEP_SHA_256 AlgorithmSpec = "RSAES_OAEP_SHA_256" )
type AliasListEntry ¶
type AliasListEntry struct {
AliasARN *string `json:"aliasARN,omitempty"`
TargetKeyID *string `json:"targetKeyID,omitempty"`
}
func (*AliasListEntry) DeepCopy ¶
func (in *AliasListEntry) DeepCopy() *AliasListEntry
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AliasListEntry.
func (*AliasListEntry) DeepCopyInto ¶
func (in *AliasListEntry) DeepCopyInto(out *AliasListEntry)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ConnectionErrorCodeType ¶
type ConnectionErrorCodeType string
const ( ConnectionErrorCodeType_INVALID_CREDENTIALS ConnectionErrorCodeType = "INVALID_CREDENTIALS" ConnectionErrorCodeType_CLUSTER_NOT_FOUND ConnectionErrorCodeType = "CLUSTER_NOT_FOUND" ConnectionErrorCodeType_NETWORK_ERRORS ConnectionErrorCodeType = "NETWORK_ERRORS" ConnectionErrorCodeType_INTERNAL_ERROR ConnectionErrorCodeType = "INTERNAL_ERROR" ConnectionErrorCodeType_INSUFFICIENT_CLOUDHSM_HSMS ConnectionErrorCodeType = "INSUFFICIENT_CLOUDHSM_HSMS" ConnectionErrorCodeType_USER_LOCKED_OUT ConnectionErrorCodeType = "USER_LOCKED_OUT" ConnectionErrorCodeType_USER_NOT_FOUND ConnectionErrorCodeType = "USER_NOT_FOUND" ConnectionErrorCodeType_USER_LOGGED_IN ConnectionErrorCodeType = "USER_LOGGED_IN" ConnectionErrorCodeType_SUBNET_NOT_FOUND ConnectionErrorCodeType = "SUBNET_NOT_FOUND" )
type ConnectionStateType ¶
type ConnectionStateType string
const ( ConnectionStateType_CONNECTED ConnectionStateType = "CONNECTED" ConnectionStateType_CONNECTING ConnectionStateType = "CONNECTING" ConnectionStateType_FAILED ConnectionStateType = "FAILED" ConnectionStateType_DISCONNECTED ConnectionStateType = "DISCONNECTED" ConnectionStateType_DISCONNECTING ConnectionStateType = "DISCONNECTING" )
type CustomKeyParameters ¶
type CustomKeyParameters struct {
// Specifies whether the CMK is enabled.
Enabled *bool `json:"enabled,omitempty"`
// Specifies how many days the Key is retained when scheduled for deletion. Defaults to 30 days.
PendingWindowInDays *int64 `json:"pendingWindowInDays,omitempty"`
}
CustomKeyParameters are custom parameters for Key.
func (*CustomKeyParameters) DeepCopy ¶
func (in *CustomKeyParameters) DeepCopy() *CustomKeyParameters
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CustomKeyParameters.
func (*CustomKeyParameters) DeepCopyInto ¶
func (in *CustomKeyParameters) DeepCopyInto(out *CustomKeyParameters)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type CustomKeyStoresListEntry ¶
type CustomKeyStoresListEntry struct {
CloudHsmClusterID *string `json:"cloudHsmClusterID,omitempty"`
CreationDate *metav1.Time `json:"creationDate,omitempty"`
CustomKeyStoreID *string `json:"customKeyStoreID,omitempty"`
}
func (*CustomKeyStoresListEntry) DeepCopy ¶
func (in *CustomKeyStoresListEntry) DeepCopy() *CustomKeyStoresListEntry
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CustomKeyStoresListEntry.
func (*CustomKeyStoresListEntry) DeepCopyInto ¶
func (in *CustomKeyStoresListEntry) DeepCopyInto(out *CustomKeyStoresListEntry)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type CustomerMasterKeySpec ¶
type CustomerMasterKeySpec string
const ( CustomerMasterKeySpec_RSA_2048 CustomerMasterKeySpec = "RSA_2048" CustomerMasterKeySpec_RSA_3072 CustomerMasterKeySpec = "RSA_3072" CustomerMasterKeySpec_RSA_4096 CustomerMasterKeySpec = "RSA_4096" CustomerMasterKeySpec_ECC_NIST_P256 CustomerMasterKeySpec = "ECC_NIST_P256" CustomerMasterKeySpec_ECC_NIST_P384 CustomerMasterKeySpec = "ECC_NIST_P384" CustomerMasterKeySpec_ECC_NIST_P521 CustomerMasterKeySpec = "ECC_NIST_P521" CustomerMasterKeySpec_ECC_SECG_P256K1 CustomerMasterKeySpec = "ECC_SECG_P256K1" CustomerMasterKeySpec_SYMMETRIC_DEFAULT CustomerMasterKeySpec = "SYMMETRIC_DEFAULT" )
type DataKeyPairSpec ¶
type DataKeyPairSpec string
const ( DataKeyPairSpec_RSA_2048 DataKeyPairSpec = "RSA_2048" DataKeyPairSpec_RSA_3072 DataKeyPairSpec = "RSA_3072" DataKeyPairSpec_RSA_4096 DataKeyPairSpec = "RSA_4096" DataKeyPairSpec_ECC_NIST_P256 DataKeyPairSpec = "ECC_NIST_P256" DataKeyPairSpec_ECC_NIST_P384 DataKeyPairSpec = "ECC_NIST_P384" DataKeyPairSpec_ECC_NIST_P521 DataKeyPairSpec = "ECC_NIST_P521" DataKeyPairSpec_ECC_SECG_P256K1 DataKeyPairSpec = "ECC_SECG_P256K1" )
type DataKeySpec ¶
type DataKeySpec string
const ( DataKeySpec_AES_256 DataKeySpec = "AES_256" DataKeySpec_AES_128 DataKeySpec = "AES_128" )
type EncryptionAlgorithmSpec ¶
type EncryptionAlgorithmSpec string
const ( EncryptionAlgorithmSpec_SYMMETRIC_DEFAULT EncryptionAlgorithmSpec = "SYMMETRIC_DEFAULT" EncryptionAlgorithmSpec_RSAES_OAEP_SHA_1 EncryptionAlgorithmSpec = "RSAES_OAEP_SHA_1" EncryptionAlgorithmSpec_RSAES_OAEP_SHA_256 EncryptionAlgorithmSpec = "RSAES_OAEP_SHA_256" )
type ExpirationModelType ¶
type ExpirationModelType string
const ( ExpirationModelType_KEY_MATERIAL_EXPIRES ExpirationModelType = "KEY_MATERIAL_EXPIRES" ExpirationModelType_KEY_MATERIAL_DOES_NOT_EXPIRE ExpirationModelType = "KEY_MATERIAL_DOES_NOT_EXPIRE" )
type GrantListEntry ¶
type GrantListEntry struct {
CreationDate *metav1.Time `json:"creationDate,omitempty"`
KeyID *string `json:"keyID,omitempty"`
}
func (*GrantListEntry) DeepCopy ¶
func (in *GrantListEntry) DeepCopy() *GrantListEntry
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GrantListEntry.
func (*GrantListEntry) DeepCopyInto ¶
func (in *GrantListEntry) DeepCopyInto(out *GrantListEntry)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type GrantOperation ¶
type GrantOperation string
const ( GrantOperation_Decrypt GrantOperation = "Decrypt" GrantOperation_Encrypt GrantOperation = "Encrypt" GrantOperation_GenerateDataKey GrantOperation = "GenerateDataKey" GrantOperation_GenerateDataKeyWithoutPlaintext GrantOperation = "GenerateDataKeyWithoutPlaintext" GrantOperation_ReEncryptFrom GrantOperation = "ReEncryptFrom" GrantOperation_ReEncryptTo GrantOperation = "ReEncryptTo" GrantOperation_Sign GrantOperation = "Sign" GrantOperation_Verify GrantOperation = "Verify" GrantOperation_GetPublicKey GrantOperation = "GetPublicKey" GrantOperation_CreateGrant GrantOperation = "CreateGrant" GrantOperation_RetireGrant GrantOperation = "RetireGrant" GrantOperation_DescribeKey GrantOperation = "DescribeKey" GrantOperation_GenerateDataKeyPair GrantOperation = "GenerateDataKeyPair" GrantOperation_GenerateDataKeyPairWithoutPlaintext GrantOperation = "GenerateDataKeyPairWithoutPlaintext" )
type Key ¶
type Key struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`
Spec KeySpec `json:"spec,omitempty"`
Status KeyStatus `json:"status,omitempty"`
}
Key is the Schema for the Keys API +kubebuilder:printcolumn:name="READY",type="string",JSONPath=".status.conditions[?(@.type=='Ready')].status" +kubebuilder:printcolumn:name="SYNCED",type="string",JSONPath=".status.conditions[?(@.type=='Synced')].status" +kubebuilder:printcolumn:name="EXTERNAL-NAME",type="string",JSONPath=".metadata.annotations.crossplane\\.io/external-name" +kubebuilder:subresource:status +kubebuilder:resource:scope=Cluster,categories={crossplane,managed,aws}
func (*Key) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Key.
func (*Key) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*Key) DeepCopyObject ¶
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (*Key) GetCondition ¶
func (mg *Key) GetCondition(ct xpv1.ConditionType) xpv1.Condition
GetCondition of this Key.
func (*Key) GetDeletionPolicy ¶
func (mg *Key) GetDeletionPolicy() xpv1.DeletionPolicy
GetDeletionPolicy of this Key.
func (*Key) GetProviderConfigReference ¶
GetProviderConfigReference of this Key.
func (*Key) GetProviderReference ¶
GetProviderReference of this Key. Deprecated: Use GetProviderConfigReference.
func (*Key) GetWriteConnectionSecretToReference ¶
func (mg *Key) GetWriteConnectionSecretToReference() *xpv1.SecretReference
GetWriteConnectionSecretToReference of this Key.
func (*Key) SetConditions ¶
SetConditions of this Key.
func (*Key) SetDeletionPolicy ¶
func (mg *Key) SetDeletionPolicy(r xpv1.DeletionPolicy)
SetDeletionPolicy of this Key.
func (*Key) SetProviderConfigReference ¶
SetProviderConfigReference of this Key.
func (*Key) SetProviderReference ¶
SetProviderReference of this Key. Deprecated: Use SetProviderConfigReference.
func (*Key) SetWriteConnectionSecretToReference ¶
func (mg *Key) SetWriteConnectionSecretToReference(r *xpv1.SecretReference)
SetWriteConnectionSecretToReference of this Key.
type KeyList ¶
type KeyList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata,omitempty"`
Items []Key `json:"items"`
}
KeyList contains a list of Keys
func (*KeyList) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KeyList.
func (*KeyList) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*KeyList) DeepCopyObject ¶
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type KeyListEntry ¶
type KeyListEntry struct {
KeyARN *string `json:"keyARN,omitempty"`
KeyID *string `json:"keyID,omitempty"`
}
func (*KeyListEntry) DeepCopy ¶
func (in *KeyListEntry) DeepCopy() *KeyListEntry
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KeyListEntry.
func (*KeyListEntry) DeepCopyInto ¶
func (in *KeyListEntry) DeepCopyInto(out *KeyListEntry)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type KeyManagerType ¶
type KeyManagerType string
const ( KeyManagerType_AWS KeyManagerType = "AWS" KeyManagerType_CUSTOMER KeyManagerType = "CUSTOMER" )
type KeyMetadata ¶
type KeyMetadata struct {
AWSAccountID *string `json:"awsAccountID,omitempty"`
ARN *string `json:"arn,omitempty"`
CloudHsmClusterID *string `json:"cloudHsmClusterID,omitempty"`
CreationDate *metav1.Time `json:"creationDate,omitempty"`
CustomKeyStoreID *string `json:"customKeyStoreID,omitempty"`
CustomerMasterKeySpec *string `json:"customerMasterKeySpec,omitempty"`
DeletionDate *metav1.Time `json:"deletionDate,omitempty"`
Description *string `json:"description,omitempty"`
Enabled *bool `json:"enabled,omitempty"`
EncryptionAlgorithms []*string `json:"encryptionAlgorithms,omitempty"`
ExpirationModel *string `json:"expirationModel,omitempty"`
KeyID *string `json:"keyID,omitempty"`
KeyManager *string `json:"keyManager,omitempty"`
KeyState *string `json:"keyState,omitempty"`
KeyUsage *string `json:"keyUsage,omitempty"`
Origin *string `json:"origin,omitempty"`
SigningAlgorithms []*string `json:"signingAlgorithms,omitempty"`
ValidTo *metav1.Time `json:"validTo,omitempty"`
}
func (*KeyMetadata) DeepCopy ¶
func (in *KeyMetadata) DeepCopy() *KeyMetadata
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KeyMetadata.
func (*KeyMetadata) DeepCopyInto ¶
func (in *KeyMetadata) DeepCopyInto(out *KeyMetadata)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type KeyObservation ¶
type KeyObservation struct {
// The twelve-digit account ID of the AWS account that owns the CMK.
AWSAccountID *string `json:"awsAccountID,omitempty"`
// The Amazon Resource Name (ARN) of the CMK. For examples, see AWS Key Management
// Service (AWS KMS) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#arn-syntax-kms)
// in the Example ARNs section of the AWS General Reference.
ARN *string `json:"arn,omitempty"`
// The cluster ID of the AWS CloudHSM cluster that contains the key material
// for the CMK. When you create a CMK in a custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html),
// AWS KMS creates the key material for the CMK in the associated AWS CloudHSM
// cluster. This value is present only when the CMK is created in a custom key
// store.
CloudHsmClusterID *string `json:"cloudHsmClusterID,omitempty"`
// The date and time when the CMK was created.
CreationDate *metav1.Time `json:"creationDate,omitempty"`
// The date and time after which AWS KMS deletes the CMK. This value is present
// only when KeyState is PendingDeletion.
DeletionDate *metav1.Time `json:"deletionDate,omitempty"`
// Specifies whether the CMK is enabled. When KeyState is Enabled this value
// is true, otherwise it is false.
Enabled *bool `json:"enabled,omitempty"`
// The encryption algorithms that the CMK supports. You cannot use the CMK with
// other encryption algorithms within AWS KMS.
//
// This field appears only when the KeyUsage of the CMK is ENCRYPT_DECRYPT.
EncryptionAlgorithms []*string `json:"encryptionAlgorithms,omitempty"`
// Specifies whether the CMK's key material expires. This value is present only
// when Origin is EXTERNAL, otherwise this value is omitted.
ExpirationModel *string `json:"expirationModel,omitempty"`
// The globally unique identifier for the CMK.
KeyID *string `json:"keyID,omitempty"`
// The manager of the CMK. CMKs in your AWS account are either customer managed
// or AWS managed. For more information about the difference, see Customer Master
// Keys (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#master_keys)
// in the AWS Key Management Service Developer Guide.
KeyManager *string `json:"keyManager,omitempty"`
// The current status of the CMK.
//
// For more information about how key state affects the use of a CMK, see Key
// state: Effect on your CMK (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html)
// in the AWS Key Management Service Developer Guide.
KeyState *string `json:"keyState,omitempty"`
// The signing algorithms that the CMK supports. You cannot use the CMK with
// other signing algorithms within AWS KMS.
//
// This field appears only when the KeyUsage of the CMK is SIGN_VERIFY.
SigningAlgorithms []*string `json:"signingAlgorithms,omitempty"`
// The time at which the imported key material expires. When the key material
// expires, AWS KMS deletes the key material and the CMK becomes unusable. This
// value is present only for CMKs whose Origin is EXTERNAL and whose ExpirationModel
// is KEY_MATERIAL_EXPIRES, otherwise this value is omitted.
ValidTo *metav1.Time `json:"validTo,omitempty"`
}
KeyObservation defines the observed state of Key
func (*KeyObservation) DeepCopy ¶
func (in *KeyObservation) DeepCopy() *KeyObservation
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KeyObservation.
func (*KeyObservation) DeepCopyInto ¶
func (in *KeyObservation) DeepCopyInto(out *KeyObservation)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type KeyParameters ¶
type KeyParameters struct {
// Region is which region the Key will be created.
// +kubebuilder:validation:Required
Region string `json:"region"`
// A flag to indicate whether to bypass the key policy lockout safety check.
//
// Setting this value to true increases the risk that the CMK becomes unmanageable.
// Do not set this value to true indiscriminately.
//
// For more information, refer to the scenario in the Default Key Policy (https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default-allow-root-enable-iam)
// section in the AWS Key Management Service Developer Guide .
//
// Use this parameter only when you include a policy in the request and you
// intend to prevent the principal that is making the request from making a
// subsequent PutKeyPolicy request on the CMK.
//
// The default value is false.
BypassPolicyLockoutSafetyCheck *bool `json:"bypassPolicyLockoutSafetyCheck,omitempty"`
// Creates the CMK in the specified custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html)
// and the key material in its associated AWS CloudHSM cluster. To create a
// CMK in a custom key store, you must also specify the Origin parameter with
// a value of AWS_CLOUDHSM. The AWS CloudHSM cluster that is associated with
// the custom key store must have at least two active HSMs, each in a different
// Availability Zone in the Region.
//
// This parameter is valid only for symmetric CMKs. You cannot create an asymmetric
// CMK in a custom key store.
//
// To find the ID of a custom key store, use the DescribeCustomKeyStores operation.
//
// The response includes the custom key store ID and the ID of the AWS CloudHSM
// cluster.
//
// This operation is part of the Custom Key Store feature (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html)
// feature in AWS KMS, which combines the convenience and extensive integration
// of AWS KMS with the isolation and control of a single-tenant key store.
CustomKeyStoreID *string `json:"customKeyStoreID,omitempty"`
// Specifies the type of CMK to create. The default value, SYMMETRIC_DEFAULT,
// creates a CMK with a 256-bit symmetric key for encryption and decryption.
// For help choosing a key spec for your CMK, see How to Choose Your CMK Configuration
// (https://docs.aws.amazon.com/kms/latest/developerguide/symm-asymm-choose.html)
// in the AWS Key Management Service Developer Guide.
//
// The CustomerMasterKeySpec determines whether the CMK contains a symmetric
// key or an asymmetric key pair. It also determines the encryption algorithms
// or signing algorithms that the CMK supports. You can't change the CustomerMasterKeySpec
// after the CMK is created. To further restrict the algorithms that can be
// used with the CMK, use a condition key in its key policy or IAM policy. For
// more information, see kms:EncryptionAlgorithm (https://docs.aws.amazon.com/kms/latest/developerguide/policy-conditions.html#conditions-kms-encryption-algorithm)
// or kms:Signing Algorithm (https://docs.aws.amazon.com/kms/latest/developerguide/policy-conditions.html#conditions-kms-signing-algorithm)
// in the AWS Key Management Service Developer Guide.
//
// AWS services that are integrated with AWS KMS (http://aws.amazon.com/kms/features/#AWS_Service_Integration)
// use symmetric CMKs to protect your data. These services do not support asymmetric
// CMKs. For help determining whether a CMK is symmetric or asymmetric, see
// Identifying Symmetric and Asymmetric CMKs (https://docs.aws.amazon.com/kms/latest/developerguide/find-symm-asymm.html)
// in the AWS Key Management Service Developer Guide.
//
// AWS KMS supports the following key specs for CMKs:
//
// * Symmetric key (default) SYMMETRIC_DEFAULT (AES-256-GCM)
//
// * Asymmetric RSA key pairs RSA_2048 RSA_3072 RSA_4096
//
// * Asymmetric NIST-recommended elliptic curve key pairs ECC_NIST_P256 (secp256r1)
// ECC_NIST_P384 (secp384r1) ECC_NIST_P521 (secp521r1)
//
// * Other asymmetric elliptic curve key pairs ECC_SECG_P256K1 (secp256k1),
// commonly used for cryptocurrencies.
CustomerMasterKeySpec *string `json:"customerMasterKeySpec,omitempty"`
// A description of the CMK.
//
// Use a description that helps you decide whether the CMK is appropriate for
// a task.
Description *string `json:"description,omitempty"`
// Determines the cryptographic operations (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations)
// for which you can use the CMK. The default value is ENCRYPT_DECRYPT. This
// parameter is required only for asymmetric CMKs. You can't change the KeyUsage
// value after the CMK is created.
//
// Select only one valid value.
//
// * For symmetric CMKs, omit the parameter or specify ENCRYPT_DECRYPT.
//
// * For asymmetric CMKs with RSA key material, specify ENCRYPT_DECRYPT or
// SIGN_VERIFY.
//
// * For asymmetric CMKs with ECC key material, specify SIGN_VERIFY.
KeyUsage *string `json:"keyUsage,omitempty"`
// The source of the key material for the CMK. You cannot change the origin
// after you create the CMK. The default is AWS_KMS, which means AWS KMS creates
// the key material.
//
// When the parameter value is EXTERNAL, AWS KMS creates a CMK without key material
// so that you can import key material from your existing key management infrastructure.
// For more information about importing key material into AWS KMS, see Importing
// Key Material (https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html)
// in the AWS Key Management Service Developer Guide. This value is valid only
// for symmetric CMKs.
//
// When the parameter value is AWS_CLOUDHSM, AWS KMS creates the CMK in an AWS
// KMS custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html)
// and creates its key material in the associated AWS CloudHSM cluster. You
// must also use the CustomKeyStoreId parameter to identify the custom key store.
// This value is valid only for symmetric CMKs.
Origin *string `json:"origin,omitempty"`
// The key policy to attach to the CMK.
//
// If you provide a key policy, it must meet the following criteria:
//
// * If you don't set BypassPolicyLockoutSafetyCheck to true, the key policy
// must allow the principal that is making the CreateKey request to make
// a subsequent PutKeyPolicy request on the CMK. This reduces the risk that
// the CMK becomes unmanageable. For more information, refer to the scenario
// in the Default Key Policy (https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default-allow-root-enable-iam)
// section of the AWS Key Management Service Developer Guide .
//
// * Each statement in the key policy must contain one or more principals.
// The principals in the key policy must exist and be visible to AWS KMS.
// When you create a new AWS principal (for example, an IAM user or role),
// you might need to enforce a delay before including the new principal in
// a key policy because the new principal might not be immediately visible
// to AWS KMS. For more information, see Changes that I make are not always
// immediately visible (https://docs.aws.amazon.com/IAM/latest/UserGuide/troubleshoot_general.html#troubleshoot_general_eventual-consistency)
// in the AWS Identity and Access Management User Guide.
//
// If you do not provide a key policy, AWS KMS attaches a default key policy
// to the CMK. For more information, see Default Key Policy (https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default)
// in the AWS Key Management Service Developer Guide.
//
// The key policy size quota is 32 kilobytes (32768 bytes).
Policy *string `json:"policy,omitempty"`
// One or more tags. Each tag consists of a tag key and a tag value. Both the
// tag key and the tag value are required, but the tag value can be an empty
// (null) string.
//
// When you add tags to an AWS resource, AWS generates a cost allocation report
// with usage and costs aggregated by tags. For information about adding, changing,
// deleting and listing tags for CMKs, see Tagging Keys (https://docs.aws.amazon.com/kms/latest/developerguide/tagging-keys.html).
//
// Use this parameter to tag the CMK when it is created. To add tags to an existing
// CMK, use the TagResource operation.
Tags []*Tag `json:"tags,omitempty"`
CustomKeyParameters `json:",inline"`
}
KeyParameters defines the desired state of Key
func (*KeyParameters) DeepCopy ¶
func (in *KeyParameters) DeepCopy() *KeyParameters
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KeyParameters.
func (*KeyParameters) DeepCopyInto ¶
func (in *KeyParameters) DeepCopyInto(out *KeyParameters)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type KeySpec ¶
type KeySpec struct {
xpv1.ResourceSpec `json:",inline"`
ForProvider KeyParameters `json:"forProvider"`
}
KeySpec defines the desired state of Key
func (*KeySpec) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KeySpec.
func (*KeySpec) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type KeyStatus ¶
type KeyStatus struct {
xpv1.ResourceStatus `json:",inline"`
AtProvider KeyObservation `json:"atProvider"`
}
KeyStatus defines the observed state of Key.
func (*KeyStatus) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KeyStatus.
func (*KeyStatus) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type KeyUsageType ¶
type KeyUsageType string
const ( KeyUsageType_SIGN_VERIFY KeyUsageType = "SIGN_VERIFY" KeyUsageType_ENCRYPT_DECRYPT KeyUsageType = "ENCRYPT_DECRYPT" )
type MessageType ¶
type MessageType string
const ( MessageType_RAW MessageType = "RAW" MessageType_DIGEST MessageType = "DIGEST" )
type OriginType ¶
type OriginType string
const ( OriginType_AWS_KMS OriginType = "AWS_KMS" OriginType_EXTERNAL OriginType = "EXTERNAL" OriginType_AWS_CLOUDHSM OriginType = "AWS_CLOUDHSM" )
type SigningAlgorithmSpec ¶
type SigningAlgorithmSpec string
const ( SigningAlgorithmSpec_RSASSA_PSS_SHA_256 SigningAlgorithmSpec = "RSASSA_PSS_SHA_256" SigningAlgorithmSpec_RSASSA_PSS_SHA_384 SigningAlgorithmSpec = "RSASSA_PSS_SHA_384" SigningAlgorithmSpec_RSASSA_PSS_SHA_512 SigningAlgorithmSpec = "RSASSA_PSS_SHA_512" SigningAlgorithmSpec_RSASSA_PKCS1_V1_5_SHA_256 SigningAlgorithmSpec = "RSASSA_PKCS1_V1_5_SHA_256" SigningAlgorithmSpec_RSASSA_PKCS1_V1_5_SHA_384 SigningAlgorithmSpec = "RSASSA_PKCS1_V1_5_SHA_384" SigningAlgorithmSpec_RSASSA_PKCS1_V1_5_SHA_512 SigningAlgorithmSpec = "RSASSA_PKCS1_V1_5_SHA_512" SigningAlgorithmSpec_ECDSA_SHA_256 SigningAlgorithmSpec = "ECDSA_SHA_256" SigningAlgorithmSpec_ECDSA_SHA_384 SigningAlgorithmSpec = "ECDSA_SHA_384" SigningAlgorithmSpec_ECDSA_SHA_512 SigningAlgorithmSpec = "ECDSA_SHA_512" )
type Tag ¶
type Tag struct {
TagKey *string `json:"tagKey,omitempty"`
TagValue *string `json:"tagValue,omitempty"`
}
func (*Tag) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Tag.
func (*Tag) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type WrappingKeySpec ¶
type WrappingKeySpec string
const (
WrappingKeySpec_RSA_2048 WrappingKeySpec = "RSA_2048"
)
Source Files
Click to show internal directories.
Click to hide internal directories.