diff --git a/Godeps/Godeps.json b/Godeps/Godeps.json index ab45f39b8a2b..e0364caba45f 100644 --- a/Godeps/Godeps.json +++ b/Godeps/Godeps.json @@ -401,6 +401,11 @@ "Comment": "v1.1.2", "Rev": "8041be5461786460d86b4358305fbdf32d37cfb2" }, + { + "ImportPath": "github.com/aws/aws-sdk-go/service/kms", + "Comment": "v1.1.0", + "Rev": "be2ec39e520e3c4088c0c6288055bdc8184a89ee" + }, { "ImportPath": "github.com/aws/aws-sdk-go/service/lambda", "Comment": "v1.1.2", diff --git a/vendor/github.com/aws/aws-sdk-go/service/kms/api.go b/vendor/github.com/aws/aws-sdk-go/service/kms/api.go new file mode 100644 index 000000000000..27bc06e17b0c --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go/service/kms/api.go @@ -0,0 +1,2595 @@ +// THIS FILE IS AUTOMATICALLY GENERATED. DO NOT EDIT. + +// Package kms provides a client for AWS Key Management Service. +package kms + +import ( + "time" + + "github.com/aws/aws-sdk-go/aws/awsutil" + "github.com/aws/aws-sdk-go/aws/request" +) + +const opCancelKeyDeletion = "CancelKeyDeletion" + +// CancelKeyDeletionRequest generates a request for the CancelKeyDeletion operation. +func (c *KMS) CancelKeyDeletionRequest(input *CancelKeyDeletionInput) (req *request.Request, output *CancelKeyDeletionOutput) { + op := &request.Operation{ + Name: opCancelKeyDeletion, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &CancelKeyDeletionInput{} + } + + req = c.newRequest(op, input, output) + output = &CancelKeyDeletionOutput{} + req.Data = output + return +} + +// Cancels the deletion of a customer master key (CMK). When this operation +// is successful, the CMK is set to the Disabled state. To enable a CMK, use +// EnableKey. +// +// For more information about scheduling and canceling deletion of a CMK, go +// to Deleting Customer Master Keys (http://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys.html) +// in the AWS Key Management Service Developer Guide. +func (c *KMS) CancelKeyDeletion(input *CancelKeyDeletionInput) (*CancelKeyDeletionOutput, error) { + req, out := c.CancelKeyDeletionRequest(input) + err := req.Send() + return out, err +} + +const opCreateAlias = "CreateAlias" + +// CreateAliasRequest generates a request for the CreateAlias operation. +func (c *KMS) CreateAliasRequest(input *CreateAliasInput) (req *request.Request, output *CreateAliasOutput) { + op := &request.Operation{ + Name: opCreateAlias, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &CreateAliasInput{} + } + + req = c.newRequest(op, input, output) + output = &CreateAliasOutput{} + req.Data = output + return +} + +// Creates a display name for a customer master key. An alias can be used to +// identify a key and should be unique. The console enforces a one-to-one mapping +// between the alias and a key. An alias name can contain only alphanumeric +// characters, forward slashes (/), underscores (_), and dashes (-). An alias +// must start with the word "alias" followed by a forward slash (alias/). An +// alias that begins with "aws" after the forward slash (alias/aws...) is reserved +// by Amazon Web Services (AWS). +// +// The alias and the key it is mapped to must be in the same AWS account and +// the same region. +// +// To map an alias to a different key, call UpdateAlias. +func (c *KMS) CreateAlias(input *CreateAliasInput) (*CreateAliasOutput, error) { + req, out := c.CreateAliasRequest(input) + err := req.Send() + return out, err +} + +const opCreateGrant = "CreateGrant" + +// CreateGrantRequest generates a request for the CreateGrant operation. +func (c *KMS) CreateGrantRequest(input *CreateGrantInput) (req *request.Request, output *CreateGrantOutput) { + op := &request.Operation{ + Name: opCreateGrant, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &CreateGrantInput{} + } + + req = c.newRequest(op, input, output) + output = &CreateGrantOutput{} + req.Data = output + return +} + +// Adds a grant to a key to specify who can use the key and under what conditions. +// Grants are alternate permission mechanisms to key policies. +// +// For more information about grants, see Grants (http://docs.aws.amazon.com/kms/latest/developerguide/grants.html) +// in the AWS Key Management Service Developer Guide. +func (c *KMS) CreateGrant(input *CreateGrantInput) (*CreateGrantOutput, error) { + req, out := c.CreateGrantRequest(input) + err := req.Send() + return out, err +} + +const opCreateKey = "CreateKey" + +// CreateKeyRequest generates a request for the CreateKey operation. +func (c *KMS) CreateKeyRequest(input *CreateKeyInput) (req *request.Request, output *CreateKeyOutput) { + op := &request.Operation{ + Name: opCreateKey, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &CreateKeyInput{} + } + + req = c.newRequest(op, input, output) + output = &CreateKeyOutput{} + req.Data = output + return +} + +// Creates a customer master key. Customer master keys can be used to encrypt +// small amounts of data (less than 4K) directly, but they are most commonly +// used to encrypt or envelope data keys that are then used to encrypt customer +// data. For more information about data keys, see GenerateDataKey and GenerateDataKeyWithoutPlaintext. +func (c *KMS) CreateKey(input *CreateKeyInput) (*CreateKeyOutput, error) { + req, out := c.CreateKeyRequest(input) + err := req.Send() + return out, err +} + +const opDecrypt = "Decrypt" + +// DecryptRequest generates a request for the Decrypt operation. +func (c *KMS) DecryptRequest(input *DecryptInput) (req *request.Request, output *DecryptOutput) { + op := &request.Operation{ + Name: opDecrypt, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &DecryptInput{} + } + + req = c.newRequest(op, input, output) + output = &DecryptOutput{} + req.Data = output + return +} + +// Decrypts ciphertext. Ciphertext is plaintext that has been previously encrypted +// by using any of the following functions: GenerateDataKey GenerateDataKeyWithoutPlaintext +// Encrypt +// +// Note that if a caller has been granted access permissions to all keys (through, +// for example, IAM user policies that grant Decrypt permission on all resources), +// then ciphertext encrypted by using keys in other accounts where the key grants +// access to the caller can be decrypted. To remedy this, we recommend that +// you do not grant Decrypt access in an IAM user policy. Instead grant Decrypt +// access only in key policies. If you must grant Decrypt access in an IAM user +// policy, you should scope the resource to specific keys or to specific trusted +// accounts. +func (c *KMS) Decrypt(input *DecryptInput) (*DecryptOutput, error) { + req, out := c.DecryptRequest(input) + err := req.Send() + return out, err +} + +const opDeleteAlias = "DeleteAlias" + +// DeleteAliasRequest generates a request for the DeleteAlias operation. +func (c *KMS) DeleteAliasRequest(input *DeleteAliasInput) (req *request.Request, output *DeleteAliasOutput) { + op := &request.Operation{ + Name: opDeleteAlias, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &DeleteAliasInput{} + } + + req = c.newRequest(op, input, output) + output = &DeleteAliasOutput{} + req.Data = output + return +} + +// Deletes the specified alias. To map an alias to a different key, call UpdateAlias. +func (c *KMS) DeleteAlias(input *DeleteAliasInput) (*DeleteAliasOutput, error) { + req, out := c.DeleteAliasRequest(input) + err := req.Send() + return out, err +} + +const opDescribeKey = "DescribeKey" + +// DescribeKeyRequest generates a request for the DescribeKey operation. +func (c *KMS) DescribeKeyRequest(input *DescribeKeyInput) (req *request.Request, output *DescribeKeyOutput) { + op := &request.Operation{ + Name: opDescribeKey, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &DescribeKeyInput{} + } + + req = c.newRequest(op, input, output) + output = &DescribeKeyOutput{} + req.Data = output + return +} + +// Provides detailed information about the specified customer master key. +func (c *KMS) DescribeKey(input *DescribeKeyInput) (*DescribeKeyOutput, error) { + req, out := c.DescribeKeyRequest(input) + err := req.Send() + return out, err +} + +const opDisableKey = "DisableKey" + +// DisableKeyRequest generates a request for the DisableKey operation. +func (c *KMS) DisableKeyRequest(input *DisableKeyInput) (req *request.Request, output *DisableKeyOutput) { + op := &request.Operation{ + Name: opDisableKey, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &DisableKeyInput{} + } + + req = c.newRequest(op, input, output) + output = &DisableKeyOutput{} + req.Data = output + return +} + +// Sets the state of a master key to disabled, thereby preventing its use for +// cryptographic operations. For more information about how key state affects +// the use of a master key, go to How Key State Affects the Use of a Customer +// Master Key (http://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// in the AWS Key Management Service Developer Guide. +func (c *KMS) DisableKey(input *DisableKeyInput) (*DisableKeyOutput, error) { + req, out := c.DisableKeyRequest(input) + err := req.Send() + return out, err +} + +const opDisableKeyRotation = "DisableKeyRotation" + +// DisableKeyRotationRequest generates a request for the DisableKeyRotation operation. +func (c *KMS) DisableKeyRotationRequest(input *DisableKeyRotationInput) (req *request.Request, output *DisableKeyRotationOutput) { + op := &request.Operation{ + Name: opDisableKeyRotation, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &DisableKeyRotationInput{} + } + + req = c.newRequest(op, input, output) + output = &DisableKeyRotationOutput{} + req.Data = output + return +} + +// Disables rotation of the specified key. +func (c *KMS) DisableKeyRotation(input *DisableKeyRotationInput) (*DisableKeyRotationOutput, error) { + req, out := c.DisableKeyRotationRequest(input) + err := req.Send() + return out, err +} + +const opEnableKey = "EnableKey" + +// EnableKeyRequest generates a request for the EnableKey operation. +func (c *KMS) EnableKeyRequest(input *EnableKeyInput) (req *request.Request, output *EnableKeyOutput) { + op := &request.Operation{ + Name: opEnableKey, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &EnableKeyInput{} + } + + req = c.newRequest(op, input, output) + output = &EnableKeyOutput{} + req.Data = output + return +} + +// Marks a key as enabled, thereby permitting its use. +func (c *KMS) EnableKey(input *EnableKeyInput) (*EnableKeyOutput, error) { + req, out := c.EnableKeyRequest(input) + err := req.Send() + return out, err +} + +const opEnableKeyRotation = "EnableKeyRotation" + +// EnableKeyRotationRequest generates a request for the EnableKeyRotation operation. +func (c *KMS) EnableKeyRotationRequest(input *EnableKeyRotationInput) (req *request.Request, output *EnableKeyRotationOutput) { + op := &request.Operation{ + Name: opEnableKeyRotation, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &EnableKeyRotationInput{} + } + + req = c.newRequest(op, input, output) + output = &EnableKeyRotationOutput{} + req.Data = output + return +} + +// Enables rotation of the specified customer master key. +func (c *KMS) EnableKeyRotation(input *EnableKeyRotationInput) (*EnableKeyRotationOutput, error) { + req, out := c.EnableKeyRotationRequest(input) + err := req.Send() + return out, err +} + +const opEncrypt = "Encrypt" + +// EncryptRequest generates a request for the Encrypt operation. +func (c *KMS) EncryptRequest(input *EncryptInput) (req *request.Request, output *EncryptOutput) { + op := &request.Operation{ + Name: opEncrypt, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &EncryptInput{} + } + + req = c.newRequest(op, input, output) + output = &EncryptOutput{} + req.Data = output + return +} + +// Encrypts plaintext into ciphertext by using a customer master key. The Encrypt +// function has two primary use cases: You can encrypt up to 4 KB of arbitrary +// data such as an RSA key, a database password, or other sensitive customer +// information. If you are moving encrypted data from one region to another, +// you can use this API to encrypt in the new region the plaintext data key +// that was used to encrypt the data in the original region. This provides you +// with an encrypted copy of the data key that can be decrypted in the new region +// and used there to decrypt the encrypted data. +// +// Unless you are moving encrypted data from one region to another, you don't +// use this function to encrypt a generated data key within a region. You retrieve +// data keys already encrypted by calling the GenerateDataKey or GenerateDataKeyWithoutPlaintext +// function. Data keys don't need to be encrypted again by calling Encrypt. +// +// If you want to encrypt data locally in your application, you can use the +// GenerateDataKey function to return a plaintext data encryption key and a +// copy of the key encrypted under the customer master key (CMK) of your choosing. +func (c *KMS) Encrypt(input *EncryptInput) (*EncryptOutput, error) { + req, out := c.EncryptRequest(input) + err := req.Send() + return out, err +} + +const opGenerateDataKey = "GenerateDataKey" + +// GenerateDataKeyRequest generates a request for the GenerateDataKey operation. +func (c *KMS) GenerateDataKeyRequest(input *GenerateDataKeyInput) (req *request.Request, output *GenerateDataKeyOutput) { + op := &request.Operation{ + Name: opGenerateDataKey, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &GenerateDataKeyInput{} + } + + req = c.newRequest(op, input, output) + output = &GenerateDataKeyOutput{} + req.Data = output + return +} + +// Generates a data key that you can use in your application to locally encrypt +// data. This call returns a plaintext version of the key in the Plaintext field +// of the response object and an encrypted copy of the key in the CiphertextBlob +// field. The key is encrypted by using the master key specified by the KeyId +// field. To decrypt the encrypted key, pass it to the Decrypt API. +// +// We recommend that you use the following pattern to locally encrypt data: +// call the GenerateDataKey API, use the key returned in the Plaintext response +// field to locally encrypt data, and then erase the plaintext data key from +// memory. Store the encrypted data key (contained in the CiphertextBlob field) +// alongside of the locally encrypted data. +// +// You should not call the Encrypt function to re-encrypt your data keys within +// a region. GenerateDataKey always returns the data key encrypted and tied +// to the customer master key that will be used to decrypt it. There is no need +// to decrypt it twice. If you decide to use the optional EncryptionContext +// parameter, you must also store the context in full or at least store enough +// information along with the encrypted data to be able to reconstruct the context +// when submitting the ciphertext to the Decrypt API. It is a good practice +// to choose a context that you can reconstruct on the fly to better secure +// the ciphertext. For more information about how this parameter is used, see +// Encryption Context (http://docs.aws.amazon.com/kms/latest/developerguide/encrypt-context.html). +// +// To decrypt data, pass the encrypted data key to the Decrypt API. Decrypt +// uses the associated master key to decrypt the encrypted data key and returns +// it as plaintext. Use the plaintext data key to locally decrypt your data +// and then erase the key from memory. You must specify the encryption context, +// if any, that you specified when you generated the key. The encryption context +// is logged by CloudTrail, and you can use this log to help track the use of +// particular data. +func (c *KMS) GenerateDataKey(input *GenerateDataKeyInput) (*GenerateDataKeyOutput, error) { + req, out := c.GenerateDataKeyRequest(input) + err := req.Send() + return out, err +} + +const opGenerateDataKeyWithoutPlaintext = "GenerateDataKeyWithoutPlaintext" + +// GenerateDataKeyWithoutPlaintextRequest generates a request for the GenerateDataKeyWithoutPlaintext operation. +func (c *KMS) GenerateDataKeyWithoutPlaintextRequest(input *GenerateDataKeyWithoutPlaintextInput) (req *request.Request, output *GenerateDataKeyWithoutPlaintextOutput) { + op := &request.Operation{ + Name: opGenerateDataKeyWithoutPlaintext, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &GenerateDataKeyWithoutPlaintextInput{} + } + + req = c.newRequest(op, input, output) + output = &GenerateDataKeyWithoutPlaintextOutput{} + req.Data = output + return +} + +// Returns a data key encrypted by a customer master key without the plaintext +// copy of that key. Otherwise, this API functions exactly like GenerateDataKey. +// You can use this API to, for example, satisfy an audit requirement that an +// encrypted key be made available without exposing the plaintext copy of that +// key. +func (c *KMS) GenerateDataKeyWithoutPlaintext(input *GenerateDataKeyWithoutPlaintextInput) (*GenerateDataKeyWithoutPlaintextOutput, error) { + req, out := c.GenerateDataKeyWithoutPlaintextRequest(input) + err := req.Send() + return out, err +} + +const opGenerateRandom = "GenerateRandom" + +// GenerateRandomRequest generates a request for the GenerateRandom operation. +func (c *KMS) GenerateRandomRequest(input *GenerateRandomInput) (req *request.Request, output *GenerateRandomOutput) { + op := &request.Operation{ + Name: opGenerateRandom, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &GenerateRandomInput{} + } + + req = c.newRequest(op, input, output) + output = &GenerateRandomOutput{} + req.Data = output + return +} + +// Generates an unpredictable byte string. +func (c *KMS) GenerateRandom(input *GenerateRandomInput) (*GenerateRandomOutput, error) { + req, out := c.GenerateRandomRequest(input) + err := req.Send() + return out, err +} + +const opGetKeyPolicy = "GetKeyPolicy" + +// GetKeyPolicyRequest generates a request for the GetKeyPolicy operation. +func (c *KMS) GetKeyPolicyRequest(input *GetKeyPolicyInput) (req *request.Request, output *GetKeyPolicyOutput) { + op := &request.Operation{ + Name: opGetKeyPolicy, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &GetKeyPolicyInput{} + } + + req = c.newRequest(op, input, output) + output = &GetKeyPolicyOutput{} + req.Data = output + return +} + +// Retrieves a policy attached to the specified key. +func (c *KMS) GetKeyPolicy(input *GetKeyPolicyInput) (*GetKeyPolicyOutput, error) { + req, out := c.GetKeyPolicyRequest(input) + err := req.Send() + return out, err +} + +const opGetKeyRotationStatus = "GetKeyRotationStatus" + +// GetKeyRotationStatusRequest generates a request for the GetKeyRotationStatus operation. +func (c *KMS) GetKeyRotationStatusRequest(input *GetKeyRotationStatusInput) (req *request.Request, output *GetKeyRotationStatusOutput) { + op := &request.Operation{ + Name: opGetKeyRotationStatus, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &GetKeyRotationStatusInput{} + } + + req = c.newRequest(op, input, output) + output = &GetKeyRotationStatusOutput{} + req.Data = output + return +} + +// Retrieves a Boolean value that indicates whether key rotation is enabled +// for the specified key. +func (c *KMS) GetKeyRotationStatus(input *GetKeyRotationStatusInput) (*GetKeyRotationStatusOutput, error) { + req, out := c.GetKeyRotationStatusRequest(input) + err := req.Send() + return out, err +} + +const opListAliases = "ListAliases" + +// ListAliasesRequest generates a request for the ListAliases operation. +func (c *KMS) ListAliasesRequest(input *ListAliasesInput) (req *request.Request, output *ListAliasesOutput) { + op := &request.Operation{ + Name: opListAliases, + HTTPMethod: "POST", + HTTPPath: "/", + Paginator: &request.Paginator{ + InputTokens: []string{"Marker"}, + OutputTokens: []string{"NextMarker"}, + LimitToken: "Limit", + TruncationToken: "Truncated", + }, + } + + if input == nil { + input = &ListAliasesInput{} + } + + req = c.newRequest(op, input, output) + output = &ListAliasesOutput{} + req.Data = output + return +} + +// Lists all of the key aliases in the account. +func (c *KMS) ListAliases(input *ListAliasesInput) (*ListAliasesOutput, error) { + req, out := c.ListAliasesRequest(input) + err := req.Send() + return out, err +} + +func (c *KMS) ListAliasesPages(input *ListAliasesInput, fn func(p *ListAliasesOutput, lastPage bool) (shouldContinue bool)) error { + page, _ := c.ListAliasesRequest(input) + page.Handlers.Build.PushBack(request.MakeAddToUserAgentFreeFormHandler("Paginator")) + return page.EachPage(func(p interface{}, lastPage bool) bool { + return fn(p.(*ListAliasesOutput), lastPage) + }) +} + +const opListGrants = "ListGrants" + +// ListGrantsRequest generates a request for the ListGrants operation. +func (c *KMS) ListGrantsRequest(input *ListGrantsInput) (req *request.Request, output *ListGrantsResponse) { + op := &request.Operation{ + Name: opListGrants, + HTTPMethod: "POST", + HTTPPath: "/", + Paginator: &request.Paginator{ + InputTokens: []string{"Marker"}, + OutputTokens: []string{"NextMarker"}, + LimitToken: "Limit", + TruncationToken: "Truncated", + }, + } + + if input == nil { + input = &ListGrantsInput{} + } + + req = c.newRequest(op, input, output) + output = &ListGrantsResponse{} + req.Data = output + return +} + +// List the grants for a specified key. +func (c *KMS) ListGrants(input *ListGrantsInput) (*ListGrantsResponse, error) { + req, out := c.ListGrantsRequest(input) + err := req.Send() + return out, err +} + +func (c *KMS) ListGrantsPages(input *ListGrantsInput, fn func(p *ListGrantsResponse, lastPage bool) (shouldContinue bool)) error { + page, _ := c.ListGrantsRequest(input) + page.Handlers.Build.PushBack(request.MakeAddToUserAgentFreeFormHandler("Paginator")) + return page.EachPage(func(p interface{}, lastPage bool) bool { + return fn(p.(*ListGrantsResponse), lastPage) + }) +} + +const opListKeyPolicies = "ListKeyPolicies" + +// ListKeyPoliciesRequest generates a request for the ListKeyPolicies operation. +func (c *KMS) ListKeyPoliciesRequest(input *ListKeyPoliciesInput) (req *request.Request, output *ListKeyPoliciesOutput) { + op := &request.Operation{ + Name: opListKeyPolicies, + HTTPMethod: "POST", + HTTPPath: "/", + Paginator: &request.Paginator{ + InputTokens: []string{"Marker"}, + OutputTokens: []string{"NextMarker"}, + LimitToken: "Limit", + TruncationToken: "Truncated", + }, + } + + if input == nil { + input = &ListKeyPoliciesInput{} + } + + req = c.newRequest(op, input, output) + output = &ListKeyPoliciesOutput{} + req.Data = output + return +} + +// Retrieves a list of policies attached to a key. +func (c *KMS) ListKeyPolicies(input *ListKeyPoliciesInput) (*ListKeyPoliciesOutput, error) { + req, out := c.ListKeyPoliciesRequest(input) + err := req.Send() + return out, err +} + +func (c *KMS) ListKeyPoliciesPages(input *ListKeyPoliciesInput, fn func(p *ListKeyPoliciesOutput, lastPage bool) (shouldContinue bool)) error { + page, _ := c.ListKeyPoliciesRequest(input) + page.Handlers.Build.PushBack(request.MakeAddToUserAgentFreeFormHandler("Paginator")) + return page.EachPage(func(p interface{}, lastPage bool) bool { + return fn(p.(*ListKeyPoliciesOutput), lastPage) + }) +} + +const opListKeys = "ListKeys" + +// ListKeysRequest generates a request for the ListKeys operation. +func (c *KMS) ListKeysRequest(input *ListKeysInput) (req *request.Request, output *ListKeysOutput) { + op := &request.Operation{ + Name: opListKeys, + HTTPMethod: "POST", + HTTPPath: "/", + Paginator: &request.Paginator{ + InputTokens: []string{"Marker"}, + OutputTokens: []string{"NextMarker"}, + LimitToken: "Limit", + TruncationToken: "Truncated", + }, + } + + if input == nil { + input = &ListKeysInput{} + } + + req = c.newRequest(op, input, output) + output = &ListKeysOutput{} + req.Data = output + return +} + +// Lists the customer master keys. +func (c *KMS) ListKeys(input *ListKeysInput) (*ListKeysOutput, error) { + req, out := c.ListKeysRequest(input) + err := req.Send() + return out, err +} + +func (c *KMS) ListKeysPages(input *ListKeysInput, fn func(p *ListKeysOutput, lastPage bool) (shouldContinue bool)) error { + page, _ := c.ListKeysRequest(input) + page.Handlers.Build.PushBack(request.MakeAddToUserAgentFreeFormHandler("Paginator")) + return page.EachPage(func(p interface{}, lastPage bool) bool { + return fn(p.(*ListKeysOutput), lastPage) + }) +} + +const opListRetirableGrants = "ListRetirableGrants" + +// ListRetirableGrantsRequest generates a request for the ListRetirableGrants operation. +func (c *KMS) ListRetirableGrantsRequest(input *ListRetirableGrantsInput) (req *request.Request, output *ListGrantsResponse) { + op := &request.Operation{ + Name: opListRetirableGrants, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &ListRetirableGrantsInput{} + } + + req = c.newRequest(op, input, output) + output = &ListGrantsResponse{} + req.Data = output + return +} + +// Returns a list of all grants for which the grant's RetiringPrincipal matches +// the one specified. +// +// A typical use is to list all grants that you are able to retire. To retire +// a grant, use RetireGrant. +func (c *KMS) ListRetirableGrants(input *ListRetirableGrantsInput) (*ListGrantsResponse, error) { + req, out := c.ListRetirableGrantsRequest(input) + err := req.Send() + return out, err +} + +const opPutKeyPolicy = "PutKeyPolicy" + +// PutKeyPolicyRequest generates a request for the PutKeyPolicy operation. +func (c *KMS) PutKeyPolicyRequest(input *PutKeyPolicyInput) (req *request.Request, output *PutKeyPolicyOutput) { + op := &request.Operation{ + Name: opPutKeyPolicy, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &PutKeyPolicyInput{} + } + + req = c.newRequest(op, input, output) + output = &PutKeyPolicyOutput{} + req.Data = output + return +} + +// Attaches a policy to the specified key. +func (c *KMS) PutKeyPolicy(input *PutKeyPolicyInput) (*PutKeyPolicyOutput, error) { + req, out := c.PutKeyPolicyRequest(input) + err := req.Send() + return out, err +} + +const opReEncrypt = "ReEncrypt" + +// ReEncryptRequest generates a request for the ReEncrypt operation. +func (c *KMS) ReEncryptRequest(input *ReEncryptInput) (req *request.Request, output *ReEncryptOutput) { + op := &request.Operation{ + Name: opReEncrypt, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &ReEncryptInput{} + } + + req = c.newRequest(op, input, output) + output = &ReEncryptOutput{} + req.Data = output + return +} + +// Encrypts data on the server side with a new customer master key without exposing +// the plaintext of the data on the client side. The data is first decrypted +// and then encrypted. This operation can also be used to change the encryption +// context of a ciphertext. +// +// Unlike other actions, ReEncrypt is authorized twice - once as ReEncryptFrom +// on the source key and once as ReEncryptTo on the destination key. We therefore +// recommend that you include the "action":"kms:ReEncrypt*" statement in your +// key policies to permit re-encryption from or to the key. The statement is +// included automatically when you authorize use of the key through the console +// but must be included manually when you set a policy by using the PutKeyPolicy +// function. +func (c *KMS) ReEncrypt(input *ReEncryptInput) (*ReEncryptOutput, error) { + req, out := c.ReEncryptRequest(input) + err := req.Send() + return out, err +} + +const opRetireGrant = "RetireGrant" + +// RetireGrantRequest generates a request for the RetireGrant operation. +func (c *KMS) RetireGrantRequest(input *RetireGrantInput) (req *request.Request, output *RetireGrantOutput) { + op := &request.Operation{ + Name: opRetireGrant, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &RetireGrantInput{} + } + + req = c.newRequest(op, input, output) + output = &RetireGrantOutput{} + req.Data = output + return +} + +// Retires a grant. You can retire a grant when you're done using it to clean +// up. You should revoke a grant when you intend to actively deny operations +// that depend on it. The following are permitted to call this API: The account +// that created the grant The RetiringPrincipal, if present The GranteePrincipal, +// if RetireGrant is a grantee operation The grant to retire must be identified +// by its grant token or by a combination of the key ARN and the grant ID. A +// grant token is a unique variable-length base64-encoded string. A grant ID +// is a 64 character unique identifier of a grant. Both are returned by the +// CreateGrant function. +func (c *KMS) RetireGrant(input *RetireGrantInput) (*RetireGrantOutput, error) { + req, out := c.RetireGrantRequest(input) + err := req.Send() + return out, err +} + +const opRevokeGrant = "RevokeGrant" + +// RevokeGrantRequest generates a request for the RevokeGrant operation. +func (c *KMS) RevokeGrantRequest(input *RevokeGrantInput) (req *request.Request, output *RevokeGrantOutput) { + op := &request.Operation{ + Name: opRevokeGrant, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &RevokeGrantInput{} + } + + req = c.newRequest(op, input, output) + output = &RevokeGrantOutput{} + req.Data = output + return +} + +// Revokes a grant. You can revoke a grant to actively deny operations that +// depend on it. +func (c *KMS) RevokeGrant(input *RevokeGrantInput) (*RevokeGrantOutput, error) { + req, out := c.RevokeGrantRequest(input) + err := req.Send() + return out, err +} + +const opScheduleKeyDeletion = "ScheduleKeyDeletion" + +// ScheduleKeyDeletionRequest generates a request for the ScheduleKeyDeletion operation. +func (c *KMS) ScheduleKeyDeletionRequest(input *ScheduleKeyDeletionInput) (req *request.Request, output *ScheduleKeyDeletionOutput) { + op := &request.Operation{ + Name: opScheduleKeyDeletion, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &ScheduleKeyDeletionInput{} + } + + req = c.newRequest(op, input, output) + output = &ScheduleKeyDeletionOutput{} + req.Data = output + return +} + +// Schedules the deletion of a customer master key (CMK). You may provide a +// waiting period, specified in days, before deletion occurs. If you do not +// provide a waiting period, the default period of 30 days is used. When this +// operation is successful, the state of the CMK changes to PendingDeletion. +// Before the waiting period ends, you can use CancelKeyDeletion to cancel the +// deletion of the CMK. After the waiting period ends, AWS KMS deletes the CMK +// and all AWS KMS data associated with it, including all aliases that point +// to it. +// +// Deleting a CMK is a destructive and potentially dangerous operation. When +// a CMK is deleted, all data that was encrypted under the CMK is rendered unrecoverable. +// To restrict the use of a CMK without deleting it, use DisableKey. +// +// For more information about scheduling a CMK for deletion, go to Deleting +// Customer Master Keys (http://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys.html) +// in the AWS Key Management Service Developer Guide. +func (c *KMS) ScheduleKeyDeletion(input *ScheduleKeyDeletionInput) (*ScheduleKeyDeletionOutput, error) { + req, out := c.ScheduleKeyDeletionRequest(input) + err := req.Send() + return out, err +} + +const opUpdateAlias = "UpdateAlias" + +// UpdateAliasRequest generates a request for the UpdateAlias operation. +func (c *KMS) UpdateAliasRequest(input *UpdateAliasInput) (req *request.Request, output *UpdateAliasOutput) { + op := &request.Operation{ + Name: opUpdateAlias, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &UpdateAliasInput{} + } + + req = c.newRequest(op, input, output) + output = &UpdateAliasOutput{} + req.Data = output + return +} + +// Updates an alias to map it to a different key. +// +// An alias is not a property of a key. Therefore, an alias can be mapped to +// and unmapped from an existing key without changing the properties of the +// key. +// +// An alias name can contain only alphanumeric characters, forward slashes +// (/), underscores (_), and dashes (-). An alias must start with the word "alias" +// followed by a forward slash (alias/). An alias that begins with "aws" after +// the forward slash (alias/aws...) is reserved by Amazon Web Services (AWS). +// +// The alias and the key it is mapped to must be in the same AWS account and +// the same region. +func (c *KMS) UpdateAlias(input *UpdateAliasInput) (*UpdateAliasOutput, error) { + req, out := c.UpdateAliasRequest(input) + err := req.Send() + return out, err +} + +const opUpdateKeyDescription = "UpdateKeyDescription" + +// UpdateKeyDescriptionRequest generates a request for the UpdateKeyDescription operation. +func (c *KMS) UpdateKeyDescriptionRequest(input *UpdateKeyDescriptionInput) (req *request.Request, output *UpdateKeyDescriptionOutput) { + op := &request.Operation{ + Name: opUpdateKeyDescription, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &UpdateKeyDescriptionInput{} + } + + req = c.newRequest(op, input, output) + output = &UpdateKeyDescriptionOutput{} + req.Data = output + return +} + +// Updates the description of a key. +func (c *KMS) UpdateKeyDescription(input *UpdateKeyDescriptionInput) (*UpdateKeyDescriptionOutput, error) { + req, out := c.UpdateKeyDescriptionRequest(input) + err := req.Send() + return out, err +} + +// Contains information about an alias. +type AliasListEntry struct { + _ struct{} `type:"structure"` + + // String that contains the key ARN. + AliasArn *string `min:"20" type:"string"` + + // String that contains the alias. + AliasName *string `min:"1" type:"string"` + + // String that contains the key identifier pointed to by the alias. + TargetKeyId *string `min:"1" type:"string"` +} + +// String returns the string representation +func (s AliasListEntry) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s AliasListEntry) GoString() string { + return s.String() +} + +type CancelKeyDeletionInput struct { + _ struct{} `type:"structure"` + + // The unique identifier for the customer master key (CMK) for which to cancel + // deletion. + // + // To specify this value, use the unique key ID or the Amazon Resource Name + // (ARN) of the CMK. Examples: Unique key ID: 1234abcd-12ab-34cd-56ef-1234567890ab + // Key ARN: arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab + // + // + // To obtain the unique key ID and key ARN for a given CMK, use ListKeys or + // DescribeKey. + KeyId *string `min:"1" type:"string" required:"true"` +} + +// String returns the string representation +func (s CancelKeyDeletionInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s CancelKeyDeletionInput) GoString() string { + return s.String() +} + +type CancelKeyDeletionOutput struct { + _ struct{} `type:"structure"` + + // The unique identifier of the master key for which deletion is canceled. + KeyId *string `min:"1" type:"string"` +} + +// String returns the string representation +func (s CancelKeyDeletionOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s CancelKeyDeletionOutput) GoString() string { + return s.String() +} + +type CreateAliasInput struct { + _ struct{} `type:"structure"` + + // String that contains the display name. The name must start with the word + // "alias" followed by a forward slash (alias/). Aliases that begin with "alias/AWS" + // are reserved. + AliasName *string `min:"1" type:"string" required:"true"` + + // An identifier of the key for which you are creating the alias. This value + // cannot be another alias but can be a globally unique identifier or a fully + // specified ARN to a key. Key ARN Example - arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012 + // Globally Unique Key ID Example - 12345678-1234-1234-1234-123456789012 + TargetKeyId *string `min:"1" type:"string" required:"true"` +} + +// String returns the string representation +func (s CreateAliasInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s CreateAliasInput) GoString() string { + return s.String() +} + +type CreateAliasOutput struct { + _ struct{} `type:"structure"` +} + +// String returns the string representation +func (s CreateAliasOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s CreateAliasOutput) GoString() string { + return s.String() +} + +type CreateGrantInput struct { + _ struct{} `type:"structure"` + + // The conditions under which the operations permitted by the grant are allowed. + // + // You can use this value to allow the operations permitted by the grant only + // when a specified encryption context is present. For more information, see + // Encryption Context (http://docs.aws.amazon.com/kms/latest/developerguide/encrypt-context.html) + // in the AWS Key Management Service Developer Guide. + Constraints *GrantConstraints `type:"structure"` + + // A list of grant tokens. + // + // For more information, go to Grant Tokens (http://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token) + // in the AWS Key Management Service Developer Guide. + GrantTokens []*string `type:"list"` + + // The principal that is given permission to perform the operations that the + // grant permits. + // + // To specify the principal, use the Amazon Resource Name (ARN) (http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) + // of an AWS principal. Valid AWS principals include AWS accounts (root), IAM + // users, federated users, and assumed role users. For examples of the ARN syntax + // to use for specifying a principal, see AWS Identity and Access Management + // (IAM) (http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#arn-syntax-iam) + // in the Example ARNs section of the AWS General Reference. + GranteePrincipal *string `min:"1" type:"string" required:"true"` + + // The unique identifier for the customer master key (CMK) that the grant applies + // to. + // + // To specify this value, use the globally unique key ID or the Amazon Resource + // Name (ARN) of the key. Examples: Globally unique key ID: 12345678-1234-1234-1234-123456789012 + // Key ARN: arn:aws:kms:us-west-2:123456789012:key/12345678-1234-1234-1234-123456789012 + KeyId *string `min:"1" type:"string" required:"true"` + + // A friendly name for identifying the grant. Use this value to prevent unintended + // creation of duplicate grants when retrying this request. + // + // When this value is absent, all CreateGrant requests result in a new grant + // with a unique GrantId even if all the supplied parameters are identical. + // This can result in unintended duplicates when you retry the CreateGrant request. + // + // When this value is present, you can retry a CreateGrant request with identical + // parameters; if the grant already exists, the original GrantId is returned + // without creating a new grant. Note that the returned grant token is unique + // with every CreateGrant request, even when a duplicate GrantId is returned. + // All grant tokens obtained in this way can be used interchangeably. + Name *string `min:"1" type:"string"` + + // A list of operations that the grant permits. The list can contain any combination + // of one or more of the following values: Decrypt Encrypt GenerateDataKey + // GenerateDataKeyWithoutPlaintext ReEncryptFrom ReEncryptTo CreateGrant RetireGrant + Operations []*string `type:"list"` + + // The principal that is given permission to retire the grant by using RetireGrant + // operation. + // + // To specify the principal, use the Amazon Resource Name (ARN) (http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) + // of an AWS principal. Valid AWS principals include AWS accounts (root), IAM + // users, federated users, and assumed role users. For examples of the ARN syntax + // to use for specifying a principal, see AWS Identity and Access Management + // (IAM) (http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#arn-syntax-iam) + // in the Example ARNs section of the AWS General Reference. + RetiringPrincipal *string `min:"1" type:"string"` +} + +// String returns the string representation +func (s CreateGrantInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s CreateGrantInput) GoString() string { + return s.String() +} + +type CreateGrantOutput struct { + _ struct{} `type:"structure"` + + // The unique identifier for the grant. + // + // You can use the GrantId in a subsequent RetireGrant or RevokeGrant operation. + GrantId *string `min:"1" type:"string"` + + // The grant token. + // + // For more information about using grant tokens, see Grant Tokens (http://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token) + // in the AWS Key Management Service Developer Guide. + GrantToken *string `min:"1" type:"string"` +} + +// String returns the string representation +func (s CreateGrantOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s CreateGrantOutput) GoString() string { + return s.String() +} + +type CreateKeyInput struct { + _ struct{} `type:"structure"` + + // Description of the key. We recommend that you choose a description that helps + // your customer decide whether the key is appropriate for a task. + Description *string `type:"string"` + + // Specifies the intended use of the key. Currently this defaults to ENCRYPT/DECRYPT, + // and only symmetric encryption and decryption are supported. + KeyUsage *string `type:"string" enum:"KeyUsageType"` + + // Policy to attach to the key. This is required and delegates back to the account. + // The key is the root of trust. The policy size limit is 32 KiB (32768 bytes). + Policy *string `min:"1" type:"string"` +} + +// String returns the string representation +func (s CreateKeyInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s CreateKeyInput) GoString() string { + return s.String() +} + +type CreateKeyOutput struct { + _ struct{} `type:"structure"` + + // Metadata associated with the key. + KeyMetadata *KeyMetadata `type:"structure"` +} + +// String returns the string representation +func (s CreateKeyOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s CreateKeyOutput) GoString() string { + return s.String() +} + +type DecryptInput struct { + _ struct{} `type:"structure"` + + // Ciphertext to be decrypted. The blob includes metadata. + CiphertextBlob []byte `min:"1" type:"blob" required:"true"` + + // The encryption context. If this was specified in the Encrypt function, it + // must be specified here or the decryption operation will fail. For more information, + // see Encryption Context (http://docs.aws.amazon.com/kms/latest/developerguide/encrypt-context.html). + EncryptionContext map[string]*string `type:"map"` + + // A list of grant tokens. + // + // For more information, go to Grant Tokens (http://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token) + // in the AWS Key Management Service Developer Guide. + GrantTokens []*string `type:"list"` +} + +// String returns the string representation +func (s DecryptInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DecryptInput) GoString() string { + return s.String() +} + +type DecryptOutput struct { + _ struct{} `type:"structure"` + + // ARN of the key used to perform the decryption. This value is returned if + // no errors are encountered during the operation. + KeyId *string `min:"1" type:"string"` + + // Decrypted plaintext data. This value may not be returned if the customer + // master key is not available or if you didn't have permission to use it. + Plaintext []byte `min:"1" type:"blob"` +} + +// String returns the string representation +func (s DecryptOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DecryptOutput) GoString() string { + return s.String() +} + +type DeleteAliasInput struct { + _ struct{} `type:"structure"` + + // The alias to be deleted. The name must start with the word "alias" followed + // by a forward slash (alias/). Aliases that begin with "alias/AWS" are reserved. + AliasName *string `min:"1" type:"string" required:"true"` +} + +// String returns the string representation +func (s DeleteAliasInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DeleteAliasInput) GoString() string { + return s.String() +} + +type DeleteAliasOutput struct { + _ struct{} `type:"structure"` +} + +// String returns the string representation +func (s DeleteAliasOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DeleteAliasOutput) GoString() string { + return s.String() +} + +type DescribeKeyInput struct { + _ struct{} `type:"structure"` + + // A list of grant tokens. + // + // For more information, go to Grant Tokens (http://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token) + // in the AWS Key Management Service Developer Guide. + GrantTokens []*string `type:"list"` + + // A unique identifier for the customer master key. This value can be a globally + // unique identifier, a fully specified ARN to either an alias or a key, or + // an alias name prefixed by "alias/". Key ARN Example - arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012 + // Alias ARN Example - arn:aws:kms:us-east-1:123456789012:alias/MyAliasName + // Globally Unique Key ID Example - 12345678-1234-1234-1234-123456789012 Alias + // Name Example - alias/MyAliasName + KeyId *string `min:"1" type:"string" required:"true"` +} + +// String returns the string representation +func (s DescribeKeyInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DescribeKeyInput) GoString() string { + return s.String() +} + +type DescribeKeyOutput struct { + _ struct{} `type:"structure"` + + // Metadata associated with the key. + KeyMetadata *KeyMetadata `type:"structure"` +} + +// String returns the string representation +func (s DescribeKeyOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DescribeKeyOutput) GoString() string { + return s.String() +} + +type DisableKeyInput struct { + _ struct{} `type:"structure"` + + // A unique identifier for the customer master key. This value can be a globally + // unique identifier or the fully specified ARN to a key. Key ARN Example - + // arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012 + // Globally Unique Key ID Example - 12345678-1234-1234-1234-123456789012 + KeyId *string `min:"1" type:"string" required:"true"` +} + +// String returns the string representation +func (s DisableKeyInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DisableKeyInput) GoString() string { + return s.String() +} + +type DisableKeyOutput struct { + _ struct{} `type:"structure"` +} + +// String returns the string representation +func (s DisableKeyOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DisableKeyOutput) GoString() string { + return s.String() +} + +type DisableKeyRotationInput struct { + _ struct{} `type:"structure"` + + // A unique identifier for the customer master key. This value can be a globally + // unique identifier or the fully specified ARN to a key. Key ARN Example - + // arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012 + // Globally Unique Key ID Example - 12345678-1234-1234-1234-123456789012 + KeyId *string `min:"1" type:"string" required:"true"` +} + +// String returns the string representation +func (s DisableKeyRotationInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DisableKeyRotationInput) GoString() string { + return s.String() +} + +type DisableKeyRotationOutput struct { + _ struct{} `type:"structure"` +} + +// String returns the string representation +func (s DisableKeyRotationOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DisableKeyRotationOutput) GoString() string { + return s.String() +} + +type EnableKeyInput struct { + _ struct{} `type:"structure"` + + // A unique identifier for the customer master key. This value can be a globally + // unique identifier or the fully specified ARN to a key. Key ARN Example - + // arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012 + // Globally Unique Key ID Example - 12345678-1234-1234-1234-123456789012 + KeyId *string `min:"1" type:"string" required:"true"` +} + +// String returns the string representation +func (s EnableKeyInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s EnableKeyInput) GoString() string { + return s.String() +} + +type EnableKeyOutput struct { + _ struct{} `type:"structure"` +} + +// String returns the string representation +func (s EnableKeyOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s EnableKeyOutput) GoString() string { + return s.String() +} + +type EnableKeyRotationInput struct { + _ struct{} `type:"structure"` + + // A unique identifier for the customer master key. This value can be a globally + // unique identifier or the fully specified ARN to a key. Key ARN Example - + // arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012 + // Globally Unique Key ID Example - 12345678-1234-1234-1234-123456789012 + KeyId *string `min:"1" type:"string" required:"true"` +} + +// String returns the string representation +func (s EnableKeyRotationInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s EnableKeyRotationInput) GoString() string { + return s.String() +} + +type EnableKeyRotationOutput struct { + _ struct{} `type:"structure"` +} + +// String returns the string representation +func (s EnableKeyRotationOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s EnableKeyRotationOutput) GoString() string { + return s.String() +} + +type EncryptInput struct { + _ struct{} `type:"structure"` + + // Name/value pair that specifies the encryption context to be used for authenticated + // encryption. If used here, the same value must be supplied to the Decrypt + // API or decryption will fail. For more information, see Encryption Context + // (http://docs.aws.amazon.com/kms/latest/developerguide/encrypt-context.html). + EncryptionContext map[string]*string `type:"map"` + + // A list of grant tokens. + // + // For more information, go to Grant Tokens (http://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token) + // in the AWS Key Management Service Developer Guide. + GrantTokens []*string `type:"list"` + + // A unique identifier for the customer master key. This value can be a globally + // unique identifier, a fully specified ARN to either an alias or a key, or + // an alias name prefixed by "alias/". Key ARN Example - arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012 + // Alias ARN Example - arn:aws:kms:us-east-1:123456789012:alias/MyAliasName + // Globally Unique Key ID Example - 12345678-1234-1234-1234-123456789012 Alias + // Name Example - alias/MyAliasName + KeyId *string `min:"1" type:"string" required:"true"` + + // Data to be encrypted. + Plaintext []byte `min:"1" type:"blob" required:"true"` +} + +// String returns the string representation +func (s EncryptInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s EncryptInput) GoString() string { + return s.String() +} + +type EncryptOutput struct { + _ struct{} `type:"structure"` + + // The encrypted plaintext. If you are using the CLI, the value is Base64 encoded. + // Otherwise, it is not encoded. + CiphertextBlob []byte `min:"1" type:"blob"` + + // The ID of the key used during encryption. + KeyId *string `min:"1" type:"string"` +} + +// String returns the string representation +func (s EncryptOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s EncryptOutput) GoString() string { + return s.String() +} + +type GenerateDataKeyInput struct { + _ struct{} `type:"structure"` + + // Name/value pair that contains additional data to be authenticated during + // the encryption and decryption processes that use the key. This value is logged + // by AWS CloudTrail to provide context around the data encrypted by the key. + EncryptionContext map[string]*string `type:"map"` + + // A list of grant tokens. + // + // For more information, go to Grant Tokens (http://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token) + // in the AWS Key Management Service Developer Guide. + GrantTokens []*string `type:"list"` + + // A unique identifier for the customer master key. This value can be a globally + // unique identifier, a fully specified ARN to either an alias or a key, or + // an alias name prefixed by "alias/". Key ARN Example - arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012 + // Alias ARN Example - arn:aws:kms:us-east-1:123456789012:alias/MyAliasName + // Globally Unique Key ID Example - 12345678-1234-1234-1234-123456789012 Alias + // Name Example - alias/MyAliasName + KeyId *string `min:"1" type:"string" required:"true"` + + // Value that identifies the encryption algorithm and key size to generate a + // data key for. Currently this can be AES_128 or AES_256. + KeySpec *string `type:"string" enum:"DataKeySpec"` + + // Integer that contains the number of bytes to generate. Common values are + // 128, 256, 512, and 1024. 1024 is the current limit. We recommend that you + // use the KeySpec parameter instead. + NumberOfBytes *int64 `min:"1" type:"integer"` +} + +// String returns the string representation +func (s GenerateDataKeyInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s GenerateDataKeyInput) GoString() string { + return s.String() +} + +type GenerateDataKeyOutput struct { + _ struct{} `type:"structure"` + + // Ciphertext that contains the encrypted data key. You must store the blob + // and enough information to reconstruct the encryption context so that the + // data encrypted by using the key can later be decrypted. You must provide + // both the ciphertext blob and the encryption context to the Decrypt API to + // recover the plaintext data key and decrypt the object. + // + // If you are using the CLI, the value is Base64 encoded. Otherwise, it is + // not encoded. + CiphertextBlob []byte `min:"1" type:"blob"` + + // System generated unique identifier of the key to be used to decrypt the encrypted + // copy of the data key. + KeyId *string `min:"1" type:"string"` + + // Plaintext that contains the data key. Use this for encryption and decryption + // and then remove it from memory as soon as possible. + Plaintext []byte `min:"1" type:"blob"` +} + +// String returns the string representation +func (s GenerateDataKeyOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s GenerateDataKeyOutput) GoString() string { + return s.String() +} + +type GenerateDataKeyWithoutPlaintextInput struct { + _ struct{} `type:"structure"` + + // Name:value pair that contains additional data to be authenticated during + // the encryption and decryption processes. + EncryptionContext map[string]*string `type:"map"` + + // A list of grant tokens. + // + // For more information, go to Grant Tokens (http://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token) + // in the AWS Key Management Service Developer Guide. + GrantTokens []*string `type:"list"` + + // A unique identifier for the customer master key. This value can be a globally + // unique identifier, a fully specified ARN to either an alias or a key, or + // an alias name prefixed by "alias/". Key ARN Example - arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012 + // Alias ARN Example - arn:aws:kms:us-east-1:123456789012:alias/MyAliasName + // Globally Unique Key ID Example - 12345678-1234-1234-1234-123456789012 Alias + // Name Example - alias/MyAliasName + KeyId *string `min:"1" type:"string" required:"true"` + + // Value that identifies the encryption algorithm and key size. Currently this + // can be AES_128 or AES_256. + KeySpec *string `type:"string" enum:"DataKeySpec"` + + // Integer that contains the number of bytes to generate. Common values are + // 128, 256, 512, 1024 and so on. We recommend that you use the KeySpec parameter + // instead. + NumberOfBytes *int64 `min:"1" type:"integer"` +} + +// String returns the string representation +func (s GenerateDataKeyWithoutPlaintextInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s GenerateDataKeyWithoutPlaintextInput) GoString() string { + return s.String() +} + +type GenerateDataKeyWithoutPlaintextOutput struct { + _ struct{} `type:"structure"` + + // Ciphertext that contains the wrapped data key. You must store the blob and + // encryption context so that the key can be used in a future decrypt operation. + // + // If you are using the CLI, the value is Base64 encoded. Otherwise, it is + // not encoded. + CiphertextBlob []byte `min:"1" type:"blob"` + + // System generated unique identifier of the key to be used to decrypt the encrypted + // copy of the data key. + KeyId *string `min:"1" type:"string"` +} + +// String returns the string representation +func (s GenerateDataKeyWithoutPlaintextOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s GenerateDataKeyWithoutPlaintextOutput) GoString() string { + return s.String() +} + +type GenerateRandomInput struct { + _ struct{} `type:"structure"` + + // Integer that contains the number of bytes to generate. Common values are + // 128, 256, 512, 1024 and so on. The current limit is 1024 bytes. + NumberOfBytes *int64 `min:"1" type:"integer"` +} + +// String returns the string representation +func (s GenerateRandomInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s GenerateRandomInput) GoString() string { + return s.String() +} + +type GenerateRandomOutput struct { + _ struct{} `type:"structure"` + + // Plaintext that contains the unpredictable byte string. + Plaintext []byte `min:"1" type:"blob"` +} + +// String returns the string representation +func (s GenerateRandomOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s GenerateRandomOutput) GoString() string { + return s.String() +} + +type GetKeyPolicyInput struct { + _ struct{} `type:"structure"` + + // A unique identifier for the customer master key. This value can be a globally + // unique identifier or the fully specified ARN to a key. Key ARN Example - + // arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012 + // Globally Unique Key ID Example - 12345678-1234-1234-1234-123456789012 + KeyId *string `min:"1" type:"string" required:"true"` + + // String that contains the name of the policy. Currently, this must be "default". + // Policy names can be discovered by calling ListKeyPolicies. + PolicyName *string `min:"1" type:"string" required:"true"` +} + +// String returns the string representation +func (s GetKeyPolicyInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s GetKeyPolicyInput) GoString() string { + return s.String() +} + +type GetKeyPolicyOutput struct { + _ struct{} `type:"structure"` + + // A policy document in JSON format. + Policy *string `min:"1" type:"string"` +} + +// String returns the string representation +func (s GetKeyPolicyOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s GetKeyPolicyOutput) GoString() string { + return s.String() +} + +type GetKeyRotationStatusInput struct { + _ struct{} `type:"structure"` + + // A unique identifier for the customer master key. This value can be a globally + // unique identifier or the fully specified ARN to a key. Key ARN Example - + // arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012 + // Globally Unique Key ID Example - 12345678-1234-1234-1234-123456789012 + KeyId *string `min:"1" type:"string" required:"true"` +} + +// String returns the string representation +func (s GetKeyRotationStatusInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s GetKeyRotationStatusInput) GoString() string { + return s.String() +} + +type GetKeyRotationStatusOutput struct { + _ struct{} `type:"structure"` + + // A Boolean value that specifies whether key rotation is enabled. + KeyRotationEnabled *bool `type:"boolean"` +} + +// String returns the string representation +func (s GetKeyRotationStatusOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s GetKeyRotationStatusOutput) GoString() string { + return s.String() +} + +// A structure for specifying the conditions under which the operations permitted +// by the grant are allowed. +// +// You can use this structure to allow the operations permitted by the grant +// only when a specified encryption context is present. For more information +// about encryption context, see Encryption Context (http://docs.aws.amazon.com/kms/latest/developerguide/encrypt-context.html) +// in the AWS Key Management Service Developer Guide. +type GrantConstraints struct { + _ struct{} `type:"structure"` + + // Contains a list of key-value pairs that must be present in the encryption + // context of a subsequent operation permitted by the grant. When a subsequent + // operation permitted by the grant includes an encryption context that matches + // this list, the grant allows the operation. Otherwise, the operation is not + // allowed. + EncryptionContextEquals map[string]*string `type:"map"` + + // Contains a list of key-value pairs, a subset of which must be present in + // the encryption context of a subsequent operation permitted by the grant. + // When a subsequent operation permitted by the grant includes an encryption + // context that matches this list or is a subset of this list, the grant allows + // the operation. Otherwise, the operation is not allowed. + EncryptionContextSubset map[string]*string `type:"map"` +} + +// String returns the string representation +func (s GrantConstraints) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s GrantConstraints) GoString() string { + return s.String() +} + +// Contains information about an entry in a list of grants. +type GrantListEntry struct { + _ struct{} `type:"structure"` + + // The conditions under which the grant's operations are allowed. + Constraints *GrantConstraints `type:"structure"` + + // The date and time when the grant was created. + CreationDate *time.Time `type:"timestamp" timestampFormat:"unix"` + + // The unique identifier for the grant. + GrantId *string `min:"1" type:"string"` + + // The principal that receives the grant's permissions. + GranteePrincipal *string `min:"1" type:"string"` + + // The AWS account under which the grant was issued. + IssuingAccount *string `min:"1" type:"string"` + + // The unique identifier for the customer master key (CMK) to which the grant + // applies. + KeyId *string `min:"1" type:"string"` + + // The friendly name that identifies the grant. If a name was provided in the + // CreateGrant request, that name is returned. Otherwise this value is null. + Name *string `min:"1" type:"string"` + + // The list of operations permitted by the grant. + Operations []*string `type:"list"` + + // The principal that can retire the grant. + RetiringPrincipal *string `min:"1" type:"string"` +} + +// String returns the string representation +func (s GrantListEntry) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s GrantListEntry) GoString() string { + return s.String() +} + +// Contains information about each entry in the key list. +type KeyListEntry struct { + _ struct{} `type:"structure"` + + // ARN of the key. + KeyArn *string `min:"20" type:"string"` + + // Unique identifier of the key. + KeyId *string `min:"1" type:"string"` +} + +// String returns the string representation +func (s KeyListEntry) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s KeyListEntry) GoString() string { + return s.String() +} + +// Contains metadata about a customer master key (CMK). +// +// This data type is used as a response element for the CreateKey and DescribeKey +// operations. +type KeyMetadata struct { + _ struct{} `type:"structure"` + + // The twelve-digit account ID of the AWS account that owns the key. + AWSAccountId *string `type:"string"` + + // The Amazon Resource Name (ARN) of the key. For examples, see AWS Key Management + // Service (AWS KMS) (http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#arn-syntax-kms) + // in the Example ARNs section of the AWS General Reference. + Arn *string `min:"20" type:"string"` + + // The date and time when the key was created. + CreationDate *time.Time `type:"timestamp" timestampFormat:"unix"` + + // The date and time after which AWS KMS deletes the customer master key (CMK). + // This value is present only when KeyState is PendingDeletion, otherwise this + // value is null. + DeletionDate *time.Time `type:"timestamp" timestampFormat:"unix"` + + // The friendly description of the key. + Description *string `type:"string"` + + // Specifies whether the key is enabled. When KeyState is Enabled this value + // is true, otherwise it is false. + Enabled *bool `type:"boolean"` + + // The globally unique identifier for the key. + KeyId *string `min:"1" type:"string" required:"true"` + + // The state of the customer master key (CMK). + // + // For more information about how key state affects the use of a CMK, go to + // How Key State Affects the Use of a Customer Master Key (http://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) + // in the AWS Key Management Service Developer Guide. + KeyState *string `type:"string" enum:"KeyState"` + + // The cryptographic operations for which you can use the key. Currently the + // only allowed value is ENCRYPT_DECRYPT, which means you can use the key for + // the Encrypt and Decrypt operations. + KeyUsage *string `type:"string" enum:"KeyUsageType"` +} + +// String returns the string representation +func (s KeyMetadata) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s KeyMetadata) GoString() string { + return s.String() +} + +type ListAliasesInput struct { + _ struct{} `type:"structure"` + + // When paginating results, specify the maximum number of items to return in + // the response. If additional items exist beyond the number you specify, the + // Truncated element in the response is set to true. + // + // This value is optional. If you include a value, it must be between 1 and + // 100, inclusive. If you do not include a value, it defaults to 50. + Limit *int64 `min:"1" type:"integer"` + + // Use this parameter only when paginating results and only in a subsequent + // request after you've received a response with truncated results. Set it to + // the value of NextMarker from the response you just received. + Marker *string `min:"1" type:"string"` +} + +// String returns the string representation +func (s ListAliasesInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s ListAliasesInput) GoString() string { + return s.String() +} + +type ListAliasesOutput struct { + _ struct{} `type:"structure"` + + // A list of key aliases in the user's account. + Aliases []*AliasListEntry `type:"list"` + + // When Truncated is true, this value is present and contains the value to use + // for the Marker parameter in a subsequent pagination request. + NextMarker *string `min:"1" type:"string"` + + // A flag that indicates whether there are more items in the list. If your results + // were truncated, you can use the Marker parameter to make a subsequent pagination + // request to retrieve more items in the list. + Truncated *bool `type:"boolean"` +} + +// String returns the string representation +func (s ListAliasesOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s ListAliasesOutput) GoString() string { + return s.String() +} + +type ListGrantsInput struct { + _ struct{} `type:"structure"` + + // A unique identifier for the customer master key. This value can be a globally + // unique identifier or the fully specified ARN to a key. Key ARN Example - + // arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012 + // Globally Unique Key ID Example - 12345678-1234-1234-1234-123456789012 + KeyId *string `min:"1" type:"string" required:"true"` + + // When paginating results, specify the maximum number of items to return in + // the response. If additional items exist beyond the number you specify, the + // Truncated element in the response is set to true. + // + // This value is optional. If you include a value, it must be between 1 and + // 100, inclusive. If you do not include a value, it defaults to 50. + Limit *int64 `min:"1" type:"integer"` + + // Use this parameter only when paginating results and only in a subsequent + // request after you've received a response with truncated results. Set it to + // the value of NextMarker from the response you just received. + Marker *string `min:"1" type:"string"` +} + +// String returns the string representation +func (s ListGrantsInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s ListGrantsInput) GoString() string { + return s.String() +} + +type ListGrantsResponse struct { + _ struct{} `type:"structure"` + + // A list of grants. + Grants []*GrantListEntry `type:"list"` + + // When Truncated is true, this value is present and contains the value to use + // for the Marker parameter in a subsequent pagination request. + NextMarker *string `min:"1" type:"string"` + + // A flag that indicates whether there are more items in the list. If your results + // were truncated, you can use the Marker parameter to make a subsequent pagination + // request to retrieve more items in the list. + Truncated *bool `type:"boolean"` +} + +// String returns the string representation +func (s ListGrantsResponse) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s ListGrantsResponse) GoString() string { + return s.String() +} + +type ListKeyPoliciesInput struct { + _ struct{} `type:"structure"` + + // A unique identifier for the customer master key. This value can be a globally + // unique identifier, a fully specified ARN to either an alias or a key, or + // an alias name prefixed by "alias/". Key ARN Example - arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012 + // Alias ARN Example - arn:aws:kms:us-east-1:123456789012:alias/MyAliasName + // Globally Unique Key ID Example - 12345678-1234-1234-1234-123456789012 Alias + // Name Example - alias/MyAliasName + KeyId *string `min:"1" type:"string" required:"true"` + + // When paginating results, specify the maximum number of items to return in + // the response. If additional items exist beyond the number you specify, the + // Truncated element in the response is set to true. + // + // This value is optional. If you include a value, it must be between 1 and + // 1000, inclusive. If you do not include a value, it defaults to 100. + // + // Currently only 1 policy can be attached to a key. + Limit *int64 `min:"1" type:"integer"` + + // Use this parameter only when paginating results and only in a subsequent + // request after you've received a response with truncated results. Set it to + // the value of NextMarker from the response you just received. + Marker *string `min:"1" type:"string"` +} + +// String returns the string representation +func (s ListKeyPoliciesInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s ListKeyPoliciesInput) GoString() string { + return s.String() +} + +type ListKeyPoliciesOutput struct { + _ struct{} `type:"structure"` + + // When Truncated is true, this value is present and contains the value to use + // for the Marker parameter in a subsequent pagination request. + NextMarker *string `min:"1" type:"string"` + + // A list of policy names. Currently, there is only one policy and it is named + // "Default". + PolicyNames []*string `type:"list"` + + // A flag that indicates whether there are more items in the list. If your results + // were truncated, you can use the Marker parameter to make a subsequent pagination + // request to retrieve more items in the list. + Truncated *bool `type:"boolean"` +} + +// String returns the string representation +func (s ListKeyPoliciesOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s ListKeyPoliciesOutput) GoString() string { + return s.String() +} + +type ListKeysInput struct { + _ struct{} `type:"structure"` + + // When paginating results, specify the maximum number of items to return in + // the response. If additional items exist beyond the number you specify, the + // Truncated element in the response is set to true. + // + // This value is optional. If you include a value, it must be between 1 and + // 1000, inclusive. If you do not include a value, it defaults to 100. + Limit *int64 `min:"1" type:"integer"` + + // Use this parameter only when paginating results and only in a subsequent + // request after you've received a response with truncated results. Set it to + // the value of NextMarker from the response you just received. + Marker *string `min:"1" type:"string"` +} + +// String returns the string representation +func (s ListKeysInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s ListKeysInput) GoString() string { + return s.String() +} + +type ListKeysOutput struct { + _ struct{} `type:"structure"` + + // A list of keys. + Keys []*KeyListEntry `type:"list"` + + // When Truncated is true, this value is present and contains the value to use + // for the Marker parameter in a subsequent pagination request. + NextMarker *string `min:"1" type:"string"` + + // A flag that indicates whether there are more items in the list. If your results + // were truncated, you can use the Marker parameter to make a subsequent pagination + // request to retrieve more items in the list. + Truncated *bool `type:"boolean"` +} + +// String returns the string representation +func (s ListKeysOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s ListKeysOutput) GoString() string { + return s.String() +} + +type ListRetirableGrantsInput struct { + _ struct{} `type:"structure"` + + // When paginating results, specify the maximum number of items to return in + // the response. If additional items exist beyond the number you specify, the + // Truncated element in the response is set to true. + // + // This value is optional. If you include a value, it must be between 1 and + // 100, inclusive. If you do not include a value, it defaults to 50. + Limit *int64 `min:"1" type:"integer"` + + // Use this parameter only when paginating results and only in a subsequent + // request after you've received a response with truncated results. Set it to + // the value of NextMarker from the response you just received. + Marker *string `min:"1" type:"string"` + + // The retiring principal for which to list grants. + // + // To specify the retiring principal, use the Amazon Resource Name (ARN) (http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) + // of an AWS principal. Valid AWS principals include AWS accounts (root), IAM + // users, federated users, and assumed role users. For examples of the ARN syntax + // for specifying a principal, go to AWS Identity and Access Management (IAM) + // (http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#arn-syntax-iam) + // in the Example ARNs section of the Amazon Web Services General Reference. + RetiringPrincipal *string `min:"1" type:"string" required:"true"` +} + +// String returns the string representation +func (s ListRetirableGrantsInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s ListRetirableGrantsInput) GoString() string { + return s.String() +} + +type PutKeyPolicyInput struct { + _ struct{} `type:"structure"` + + // A unique identifier for the customer master key. This value can be a globally + // unique identifier or the fully specified ARN to a key. Key ARN Example - + // arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012 + // Globally Unique Key ID Example - 12345678-1234-1234-1234-123456789012 + KeyId *string `min:"1" type:"string" required:"true"` + + // The policy to attach to the key. This is required and delegates back to the + // account. The key is the root of trust. The policy size limit is 32 KiB (32768 + // bytes). + Policy *string `min:"1" type:"string" required:"true"` + + // Name of the policy to be attached. Currently, the only supported name is + // "default". + PolicyName *string `min:"1" type:"string" required:"true"` +} + +// String returns the string representation +func (s PutKeyPolicyInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s PutKeyPolicyInput) GoString() string { + return s.String() +} + +type PutKeyPolicyOutput struct { + _ struct{} `type:"structure"` +} + +// String returns the string representation +func (s PutKeyPolicyOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s PutKeyPolicyOutput) GoString() string { + return s.String() +} + +type ReEncryptInput struct { + _ struct{} `type:"structure"` + + // Ciphertext of the data to re-encrypt. + CiphertextBlob []byte `min:"1" type:"blob" required:"true"` + + // Encryption context to be used when the data is re-encrypted. + DestinationEncryptionContext map[string]*string `type:"map"` + + // A unique identifier for the customer master key used to re-encrypt the data. + // This value can be a globally unique identifier, a fully specified ARN to + // either an alias or a key, or an alias name prefixed by "alias/". Key ARN + // Example - arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012 + // Alias ARN Example - arn:aws:kms:us-east-1:123456789012:alias/MyAliasName + // Globally Unique Key ID Example - 12345678-1234-1234-1234-123456789012 Alias + // Name Example - alias/MyAliasName + DestinationKeyId *string `min:"1" type:"string" required:"true"` + + // A list of grant tokens. + // + // For more information, go to Grant Tokens (http://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token) + // in the AWS Key Management Service Developer Guide. + GrantTokens []*string `type:"list"` + + // Encryption context used to encrypt and decrypt the data specified in the + // CiphertextBlob parameter. + SourceEncryptionContext map[string]*string `type:"map"` +} + +// String returns the string representation +func (s ReEncryptInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s ReEncryptInput) GoString() string { + return s.String() +} + +type ReEncryptOutput struct { + _ struct{} `type:"structure"` + + // The re-encrypted data. If you are using the CLI, the value is Base64 encoded. + // Otherwise, it is not encoded. + CiphertextBlob []byte `min:"1" type:"blob"` + + // Unique identifier of the key used to re-encrypt the data. + KeyId *string `min:"1" type:"string"` + + // Unique identifier of the key used to originally encrypt the data. + SourceKeyId *string `min:"1" type:"string"` +} + +// String returns the string representation +func (s ReEncryptOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s ReEncryptOutput) GoString() string { + return s.String() +} + +type RetireGrantInput struct { + _ struct{} `type:"structure"` + + // Unique identifier of the grant to be retired. The grant ID is returned by + // the CreateGrant function. Grant ID Example - 0123456789012345678901234567890123456789012345678901234567890123 + GrantId *string `min:"1" type:"string"` + + // Token that identifies the grant to be retired. + GrantToken *string `min:"1" type:"string"` + + // A unique identifier for the customer master key associated with the grant. + // This value can be a globally unique identifier or a fully specified ARN of + // the key. Key ARN Example - arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012 + // Globally Unique Key ID Example - 12345678-1234-1234-1234-123456789012 + KeyId *string `min:"1" type:"string"` +} + +// String returns the string representation +func (s RetireGrantInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s RetireGrantInput) GoString() string { + return s.String() +} + +type RetireGrantOutput struct { + _ struct{} `type:"structure"` +} + +// String returns the string representation +func (s RetireGrantOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s RetireGrantOutput) GoString() string { + return s.String() +} + +type RevokeGrantInput struct { + _ struct{} `type:"structure"` + + // Identifier of the grant to be revoked. + GrantId *string `min:"1" type:"string" required:"true"` + + // A unique identifier for the customer master key associated with the grant. + // This value can be a globally unique identifier or the fully specified ARN + // to a key. Key ARN Example - arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012 + // Globally Unique Key ID Example - 12345678-1234-1234-1234-123456789012 + KeyId *string `min:"1" type:"string" required:"true"` +} + +// String returns the string representation +func (s RevokeGrantInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s RevokeGrantInput) GoString() string { + return s.String() +} + +type RevokeGrantOutput struct { + _ struct{} `type:"structure"` +} + +// String returns the string representation +func (s RevokeGrantOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s RevokeGrantOutput) GoString() string { + return s.String() +} + +type ScheduleKeyDeletionInput struct { + _ struct{} `type:"structure"` + + // The unique identifier for the customer master key (CMK) to delete. + // + // To specify this value, use the unique key ID or the Amazon Resource Name + // (ARN) of the CMK. Examples: Unique key ID: 1234abcd-12ab-34cd-56ef-1234567890ab + // Key ARN: arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab + // + // + // To obtain the unique key ID and key ARN for a given CMK, use ListKeys or + // DescribeKey. + KeyId *string `min:"1" type:"string" required:"true"` + + // The waiting period, specified in number of days. After the waiting period + // ends, AWS KMS deletes the customer master key (CMK). + // + // This value is optional. If you include a value, it must be between 7 and + // 30, inclusive. If you do not include a value, it defaults to 30. + PendingWindowInDays *int64 `min:"1" type:"integer"` +} + +// String returns the string representation +func (s ScheduleKeyDeletionInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s ScheduleKeyDeletionInput) GoString() string { + return s.String() +} + +type ScheduleKeyDeletionOutput struct { + _ struct{} `type:"structure"` + + // The date and time after which AWS KMS deletes the customer master key (CMK). + DeletionDate *time.Time `type:"timestamp" timestampFormat:"unix"` + + // The unique identifier of the customer master key (CMK) for which deletion + // is scheduled. + KeyId *string `min:"1" type:"string"` +} + +// String returns the string representation +func (s ScheduleKeyDeletionOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s ScheduleKeyDeletionOutput) GoString() string { + return s.String() +} + +type UpdateAliasInput struct { + _ struct{} `type:"structure"` + + // String that contains the name of the alias to be modified. The name must + // start with the word "alias" followed by a forward slash (alias/). Aliases + // that begin with "alias/aws" are reserved. + AliasName *string `min:"1" type:"string" required:"true"` + + // Unique identifier of the customer master key to be mapped to the alias. This + // value can be a globally unique identifier or the fully specified ARN of a + // key. Key ARN Example - arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012 + // Globally Unique Key ID Example - 12345678-1234-1234-1234-123456789012 + // + // You can call ListAliases to verify that the alias is mapped to the correct + // TargetKeyId. + TargetKeyId *string `min:"1" type:"string" required:"true"` +} + +// String returns the string representation +func (s UpdateAliasInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s UpdateAliasInput) GoString() string { + return s.String() +} + +type UpdateAliasOutput struct { + _ struct{} `type:"structure"` +} + +// String returns the string representation +func (s UpdateAliasOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s UpdateAliasOutput) GoString() string { + return s.String() +} + +type UpdateKeyDescriptionInput struct { + _ struct{} `type:"structure"` + + // New description for the key. + Description *string `type:"string" required:"true"` + + // A unique identifier for the customer master key. This value can be a globally + // unique identifier or the fully specified ARN to a key. Key ARN Example - + // arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012 + // Globally Unique Key ID Example - 12345678-1234-1234-1234-123456789012 + KeyId *string `min:"1" type:"string" required:"true"` +} + +// String returns the string representation +func (s UpdateKeyDescriptionInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s UpdateKeyDescriptionInput) GoString() string { + return s.String() +} + +type UpdateKeyDescriptionOutput struct { + _ struct{} `type:"structure"` +} + +// String returns the string representation +func (s UpdateKeyDescriptionOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s UpdateKeyDescriptionOutput) GoString() string { + return s.String() +} + +const ( + // @enum DataKeySpec + DataKeySpecAes256 = "AES_256" + // @enum DataKeySpec + DataKeySpecAes128 = "AES_128" +) + +const ( + // @enum GrantOperation + GrantOperationDecrypt = "Decrypt" + // @enum GrantOperation + GrantOperationEncrypt = "Encrypt" + // @enum GrantOperation + GrantOperationGenerateDataKey = "GenerateDataKey" + // @enum GrantOperation + GrantOperationGenerateDataKeyWithoutPlaintext = "GenerateDataKeyWithoutPlaintext" + // @enum GrantOperation + GrantOperationReEncryptFrom = "ReEncryptFrom" + // @enum GrantOperation + GrantOperationReEncryptTo = "ReEncryptTo" + // @enum GrantOperation + GrantOperationCreateGrant = "CreateGrant" + // @enum GrantOperation + GrantOperationRetireGrant = "RetireGrant" + // @enum GrantOperation + GrantOperationDescribeKey = "DescribeKey" +) + +const ( + // @enum KeyState + KeyStateEnabled = "Enabled" + // @enum KeyState + KeyStateDisabled = "Disabled" + // @enum KeyState + KeyStatePendingDeletion = "PendingDeletion" +) + +const ( + // @enum KeyUsageType + KeyUsageTypeEncryptDecrypt = "ENCRYPT_DECRYPT" +) diff --git a/vendor/github.com/aws/aws-sdk-go/service/kms/kmsiface/interface.go b/vendor/github.com/aws/aws-sdk-go/service/kms/kmsiface/interface.go new file mode 100644 index 000000000000..34628c02b116 --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go/service/kms/kmsiface/interface.go @@ -0,0 +1,138 @@ +// THIS FILE IS AUTOMATICALLY GENERATED. DO NOT EDIT. + +// Package kmsiface provides an interface for the AWS Key Management Service. +package kmsiface + +import ( + "github.com/aws/aws-sdk-go/aws/request" + "github.com/aws/aws-sdk-go/service/kms" +) + +// KMSAPI is the interface type for kms.KMS. +type KMSAPI interface { + CancelKeyDeletionRequest(*kms.CancelKeyDeletionInput) (*request.Request, *kms.CancelKeyDeletionOutput) + + CancelKeyDeletion(*kms.CancelKeyDeletionInput) (*kms.CancelKeyDeletionOutput, error) + + CreateAliasRequest(*kms.CreateAliasInput) (*request.Request, *kms.CreateAliasOutput) + + CreateAlias(*kms.CreateAliasInput) (*kms.CreateAliasOutput, error) + + CreateGrantRequest(*kms.CreateGrantInput) (*request.Request, *kms.CreateGrantOutput) + + CreateGrant(*kms.CreateGrantInput) (*kms.CreateGrantOutput, error) + + CreateKeyRequest(*kms.CreateKeyInput) (*request.Request, *kms.CreateKeyOutput) + + CreateKey(*kms.CreateKeyInput) (*kms.CreateKeyOutput, error) + + DecryptRequest(*kms.DecryptInput) (*request.Request, *kms.DecryptOutput) + + Decrypt(*kms.DecryptInput) (*kms.DecryptOutput, error) + + DeleteAliasRequest(*kms.DeleteAliasInput) (*request.Request, *kms.DeleteAliasOutput) + + DeleteAlias(*kms.DeleteAliasInput) (*kms.DeleteAliasOutput, error) + + DescribeKeyRequest(*kms.DescribeKeyInput) (*request.Request, *kms.DescribeKeyOutput) + + DescribeKey(*kms.DescribeKeyInput) (*kms.DescribeKeyOutput, error) + + DisableKeyRequest(*kms.DisableKeyInput) (*request.Request, *kms.DisableKeyOutput) + + DisableKey(*kms.DisableKeyInput) (*kms.DisableKeyOutput, error) + + DisableKeyRotationRequest(*kms.DisableKeyRotationInput) (*request.Request, *kms.DisableKeyRotationOutput) + + DisableKeyRotation(*kms.DisableKeyRotationInput) (*kms.DisableKeyRotationOutput, error) + + EnableKeyRequest(*kms.EnableKeyInput) (*request.Request, *kms.EnableKeyOutput) + + EnableKey(*kms.EnableKeyInput) (*kms.EnableKeyOutput, error) + + EnableKeyRotationRequest(*kms.EnableKeyRotationInput) (*request.Request, *kms.EnableKeyRotationOutput) + + EnableKeyRotation(*kms.EnableKeyRotationInput) (*kms.EnableKeyRotationOutput, error) + + EncryptRequest(*kms.EncryptInput) (*request.Request, *kms.EncryptOutput) + + Encrypt(*kms.EncryptInput) (*kms.EncryptOutput, error) + + GenerateDataKeyRequest(*kms.GenerateDataKeyInput) (*request.Request, *kms.GenerateDataKeyOutput) + + GenerateDataKey(*kms.GenerateDataKeyInput) (*kms.GenerateDataKeyOutput, error) + + GenerateDataKeyWithoutPlaintextRequest(*kms.GenerateDataKeyWithoutPlaintextInput) (*request.Request, *kms.GenerateDataKeyWithoutPlaintextOutput) + + GenerateDataKeyWithoutPlaintext(*kms.GenerateDataKeyWithoutPlaintextInput) (*kms.GenerateDataKeyWithoutPlaintextOutput, error) + + GenerateRandomRequest(*kms.GenerateRandomInput) (*request.Request, *kms.GenerateRandomOutput) + + GenerateRandom(*kms.GenerateRandomInput) (*kms.GenerateRandomOutput, error) + + GetKeyPolicyRequest(*kms.GetKeyPolicyInput) (*request.Request, *kms.GetKeyPolicyOutput) + + GetKeyPolicy(*kms.GetKeyPolicyInput) (*kms.GetKeyPolicyOutput, error) + + GetKeyRotationStatusRequest(*kms.GetKeyRotationStatusInput) (*request.Request, *kms.GetKeyRotationStatusOutput) + + GetKeyRotationStatus(*kms.GetKeyRotationStatusInput) (*kms.GetKeyRotationStatusOutput, error) + + ListAliasesRequest(*kms.ListAliasesInput) (*request.Request, *kms.ListAliasesOutput) + + ListAliases(*kms.ListAliasesInput) (*kms.ListAliasesOutput, error) + + ListAliasesPages(*kms.ListAliasesInput, func(*kms.ListAliasesOutput, bool) bool) error + + ListGrantsRequest(*kms.ListGrantsInput) (*request.Request, *kms.ListGrantsResponse) + + ListGrants(*kms.ListGrantsInput) (*kms.ListGrantsResponse, error) + + ListGrantsPages(*kms.ListGrantsInput, func(*kms.ListGrantsResponse, bool) bool) error + + ListKeyPoliciesRequest(*kms.ListKeyPoliciesInput) (*request.Request, *kms.ListKeyPoliciesOutput) + + ListKeyPolicies(*kms.ListKeyPoliciesInput) (*kms.ListKeyPoliciesOutput, error) + + ListKeyPoliciesPages(*kms.ListKeyPoliciesInput, func(*kms.ListKeyPoliciesOutput, bool) bool) error + + ListKeysRequest(*kms.ListKeysInput) (*request.Request, *kms.ListKeysOutput) + + ListKeys(*kms.ListKeysInput) (*kms.ListKeysOutput, error) + + ListKeysPages(*kms.ListKeysInput, func(*kms.ListKeysOutput, bool) bool) error + + ListRetirableGrantsRequest(*kms.ListRetirableGrantsInput) (*request.Request, *kms.ListGrantsResponse) + + ListRetirableGrants(*kms.ListRetirableGrantsInput) (*kms.ListGrantsResponse, error) + + PutKeyPolicyRequest(*kms.PutKeyPolicyInput) (*request.Request, *kms.PutKeyPolicyOutput) + + PutKeyPolicy(*kms.PutKeyPolicyInput) (*kms.PutKeyPolicyOutput, error) + + ReEncryptRequest(*kms.ReEncryptInput) (*request.Request, *kms.ReEncryptOutput) + + ReEncrypt(*kms.ReEncryptInput) (*kms.ReEncryptOutput, error) + + RetireGrantRequest(*kms.RetireGrantInput) (*request.Request, *kms.RetireGrantOutput) + + RetireGrant(*kms.RetireGrantInput) (*kms.RetireGrantOutput, error) + + RevokeGrantRequest(*kms.RevokeGrantInput) (*request.Request, *kms.RevokeGrantOutput) + + RevokeGrant(*kms.RevokeGrantInput) (*kms.RevokeGrantOutput, error) + + ScheduleKeyDeletionRequest(*kms.ScheduleKeyDeletionInput) (*request.Request, *kms.ScheduleKeyDeletionOutput) + + ScheduleKeyDeletion(*kms.ScheduleKeyDeletionInput) (*kms.ScheduleKeyDeletionOutput, error) + + UpdateAliasRequest(*kms.UpdateAliasInput) (*request.Request, *kms.UpdateAliasOutput) + + UpdateAlias(*kms.UpdateAliasInput) (*kms.UpdateAliasOutput, error) + + UpdateKeyDescriptionRequest(*kms.UpdateKeyDescriptionInput) (*request.Request, *kms.UpdateKeyDescriptionOutput) + + UpdateKeyDescription(*kms.UpdateKeyDescriptionInput) (*kms.UpdateKeyDescriptionOutput, error) +} + +var _ KMSAPI = (*kms.KMS)(nil) diff --git a/vendor/github.com/aws/aws-sdk-go/service/kms/service.go b/vendor/github.com/aws/aws-sdk-go/service/kms/service.go new file mode 100644 index 000000000000..46d6cd2c0556 --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go/service/kms/service.go @@ -0,0 +1,146 @@ +// THIS FILE IS AUTOMATICALLY GENERATED. DO NOT EDIT. + +package kms + +import ( + "github.com/aws/aws-sdk-go/aws" + "github.com/aws/aws-sdk-go/aws/client" + "github.com/aws/aws-sdk-go/aws/client/metadata" + "github.com/aws/aws-sdk-go/aws/request" + "github.com/aws/aws-sdk-go/private/protocol/jsonrpc" + "github.com/aws/aws-sdk-go/private/signer/v4" +) + +// AWS Key Management Service (AWS KMS) is an encryption and key management +// web service. This guide describes the AWS KMS operations that you can call +// programmatically. For general information about AWS KMS, see the AWS Key +// Management Service Developer Guide (http://docs.aws.amazon.com/kms/latest/developerguide/). +// +// AWS provides SDKs that consist of libraries and sample code for various +// programming languages and platforms (Java, Ruby, .Net, iOS, Android, etc.). +// The SDKs provide a convenient way to create programmatic access to AWS KMS +// and other AWS services. For example, the SDKs take care of tasks such as +// signing requests (see below), managing errors, and retrying requests automatically. +// For more information about the AWS SDKs, including how to download and install +// them, see Tools for Amazon Web Services (http://aws.amazon.com/tools/). +// +// We recommend that you use the AWS SDKs to make programmatic API calls to +// AWS KMS. +// +// Clients must support TLS (Transport Layer Security) 1.0. We recommend TLS +// 1.2. Clients must also support cipher suites with Perfect Forward Secrecy +// (PFS) such as Ephemeral Diffie-Hellman (DHE) or Elliptic Curve Ephemeral +// Diffie-Hellman (ECDHE). Most modern systems such as Java 7 and later support +// these modes. +// +// Signing Requests +// +// Requests must be signed by using an access key ID and a secret access key. +// We strongly recommend that you do not use your AWS account access key ID +// and secret key for everyday work with AWS KMS. Instead, use the access key +// ID and secret access key for an IAM user, or you can use the AWS Security +// Token Service to generate temporary security credentials that you can use +// to sign requests. +// +// All AWS KMS operations require Signature Version 4 (http://docs.aws.amazon.com/general/latest/gr/signature-version-4.html). +// +// Logging API Requests +// +// AWS KMS supports AWS CloudTrail, a service that logs AWS API calls and related +// events for your AWS account and delivers them to an Amazon S3 bucket that +// you specify. By using the information collected by CloudTrail, you can determine +// what requests were made to AWS KMS, who made the request, when it was made, +// and so on. To learn more about CloudTrail, including how to turn it on and +// find your log files, see the AWS CloudTrail User Guide (http://docs.aws.amazon.com/awscloudtrail/latest/userguide/). +// +// Additional Resources +// +// For more information about credentials and request signing, see the following: +// +// AWS Security Credentials (http://docs.aws.amazon.com/general/latest/gr/aws-security-credentials.html) +// - This topic provides general information about the types of credentials +// used for accessing AWS. AWS Security Token Service (http://docs.aws.amazon.com/STS/latest/UsingSTS/) +// - This guide describes how to create and use temporary security credentials. +// Signing AWS API Requests (http://docs.aws.amazon.com/general/latest/gr/signing_aws_api_requests.html) +// - This set of topics walks you through the process of signing a request using +// an access key ID and a secret access key. Commonly Used APIs +// +// Of the APIs discussed in this guide, the following will prove the most +// useful for most applications. You will likely perform actions other than +// these, such as creating keys and assigning policies, by using the console. +// +// Encrypt Decrypt GenerateDataKey GenerateDataKeyWithoutPlaintext +//The service client's operations are safe to be used concurrently. +// It is not safe to mutate any of the client's properties though. +type KMS struct { + *client.Client +} + +// Used for custom client initialization logic +var initClient func(*client.Client) + +// Used for custom request initialization logic +var initRequest func(*request.Request) + +// A ServiceName is the name of the service the client will make API calls to. +const ServiceName = "kms" + +// New creates a new instance of the KMS client with a session. +// If additional configuration is needed for the client instance use the optional +// aws.Config parameter to add your extra config. +// +// Example: +// // Create a KMS client from just a session. +// svc := kms.New(mySession) +// +// // Create a KMS client with additional configuration +// svc := kms.New(mySession, aws.NewConfig().WithRegion("us-west-2")) +func New(p client.ConfigProvider, cfgs ...*aws.Config) *KMS { + c := p.ClientConfig(ServiceName, cfgs...) + return newClient(*c.Config, c.Handlers, c.Endpoint, c.SigningRegion) +} + +// newClient creates, initializes and returns a new service client instance. +func newClient(cfg aws.Config, handlers request.Handlers, endpoint, signingRegion string) *KMS { + svc := &KMS{ + Client: client.New( + cfg, + metadata.ClientInfo{ + ServiceName: ServiceName, + SigningRegion: signingRegion, + Endpoint: endpoint, + APIVersion: "2014-11-01", + JSONVersion: "1.1", + TargetPrefix: "TrentService", + }, + handlers, + ), + } + + // Handlers + svc.Handlers.Sign.PushBack(v4.Sign) + svc.Handlers.Build.PushBack(jsonrpc.Build) + svc.Handlers.Unmarshal.PushBack(jsonrpc.Unmarshal) + svc.Handlers.UnmarshalMeta.PushBack(jsonrpc.UnmarshalMeta) + svc.Handlers.UnmarshalError.PushBack(jsonrpc.UnmarshalError) + + // Run custom client initialization if present + if initClient != nil { + initClient(svc.Client) + } + + return svc +} + +// newRequest creates a new request for a KMS operation and runs any +// custom request initialization. +func (c *KMS) newRequest(op *request.Operation, params, data interface{}) *request.Request { + req := c.NewRequest(op, params, data) + + // Run custom request initialization if present + if initRequest != nil { + initRequest(req) + } + + return req +}