1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
|
// Code generated by smithy-go-codegen DO NOT EDIT.
package acmpca
import (
"context"
"errors"
"fmt"
awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
"github.com/aws/aws-sdk-go-v2/service/acmpca/types"
"github.com/aws/smithy-go/middleware"
smithytime "github.com/aws/smithy-go/time"
smithyhttp "github.com/aws/smithy-go/transport/http"
smithywaiter "github.com/aws/smithy-go/waiter"
"time"
)
// Retrieves a certificate from your private CA or one that has been shared with
// you. The ARN of the certificate is returned when you call the IssueCertificate (https://docs.aws.amazon.com/privateca/latest/APIReference/API_IssueCertificate.html)
// action. You must specify both the ARN of your private CA and the ARN of the
// issued certificate when calling the GetCertificate action. You can retrieve the
// certificate if it is in the ISSUED state. You can call the
// CreateCertificateAuthorityAuditReport (https://docs.aws.amazon.com/privateca/latest/APIReference/API_CreateCertificateAuthorityAuditReport.html)
// action to create a report that contains information about all of the
// certificates issued and revoked by your private CA.
func (c *Client) GetCertificate(ctx context.Context, params *GetCertificateInput, optFns ...func(*Options)) (*GetCertificateOutput, error) {
if params == nil {
params = &GetCertificateInput{}
}
result, metadata, err := c.invokeOperation(ctx, "GetCertificate", params, optFns, c.addOperationGetCertificateMiddlewares)
if err != nil {
return nil, err
}
out := result.(*GetCertificateOutput)
out.ResultMetadata = metadata
return out, nil
}
type GetCertificateInput struct {
// The ARN of the issued certificate. The ARN contains the certificate serial
// number and must be in the following form:
// arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012/certificate/286535153982981100925020015808220737245
//
// This member is required.
CertificateArn *string
// The Amazon Resource Name (ARN) that was returned when you called
// CreateCertificateAuthority (https://docs.aws.amazon.com/privateca/latest/APIReference/API_CreateCertificateAuthority.html)
// . This must be of the form:
// arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
// .
//
// This member is required.
CertificateAuthorityArn *string
noSmithyDocumentSerde
}
type GetCertificateOutput struct {
// The base64 PEM-encoded certificate specified by the CertificateArn parameter.
Certificate *string
// The base64 PEM-encoded certificate chain that chains up to the root CA
// certificate that you used to sign your private CA certificate.
CertificateChain *string
// Metadata pertaining to the operation's result.
ResultMetadata middleware.Metadata
noSmithyDocumentSerde
}
func (c *Client) addOperationGetCertificateMiddlewares(stack *middleware.Stack, options Options) (err error) {
if err := stack.Serialize.Add(&setOperationInputMiddleware{}, middleware.After); err != nil {
return err
}
err = stack.Serialize.Add(&awsAwsjson11_serializeOpGetCertificate{}, middleware.After)
if err != nil {
return err
}
err = stack.Deserialize.Add(&awsAwsjson11_deserializeOpGetCertificate{}, middleware.After)
if err != nil {
return err
}
if err := addProtocolFinalizerMiddlewares(stack, options, "GetCertificate"); err != nil {
return fmt.Errorf("add protocol finalizers: %v", err)
}
if err = addlegacyEndpointContextSetter(stack, options); err != nil {
return err
}
if err = addSetLoggerMiddleware(stack, options); err != nil {
return err
}
if err = awsmiddleware.AddClientRequestIDMiddleware(stack); err != nil {
return err
}
if err = smithyhttp.AddComputeContentLengthMiddleware(stack); err != nil {
return err
}
if err = addResolveEndpointMiddleware(stack, options); err != nil {
return err
}
if err = v4.AddComputePayloadSHA256Middleware(stack); err != nil {
return err
}
if err = addRetryMiddlewares(stack, options); err != nil {
return err
}
if err = awsmiddleware.AddRawResponseToMetadata(stack); err != nil {
return err
}
if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
return err
}
if err = addClientUserAgent(stack, options); err != nil {
return err
}
if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
return err
}
if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil {
return err
}
if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil {
return err
}
if err = addOpGetCertificateValidationMiddleware(stack); err != nil {
return err
}
if err = stack.Initialize.Add(newServiceMetadataMiddleware_opGetCertificate(options.Region), middleware.Before); err != nil {
return err
}
if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
return err
}
if err = addRequestIDRetrieverMiddleware(stack); err != nil {
return err
}
if err = addResponseErrorMiddleware(stack); err != nil {
return err
}
if err = addRequestResponseLogging(stack, options); err != nil {
return err
}
if err = addDisableHTTPSMiddleware(stack, options); err != nil {
return err
}
return nil
}
// GetCertificateAPIClient is a client that implements the GetCertificate
// operation.
type GetCertificateAPIClient interface {
GetCertificate(context.Context, *GetCertificateInput, ...func(*Options)) (*GetCertificateOutput, error)
}
var _ GetCertificateAPIClient = (*Client)(nil)
// CertificateIssuedWaiterOptions are waiter options for CertificateIssuedWaiter
type CertificateIssuedWaiterOptions struct {
// Set of options to modify how an operation is invoked. These apply to all
// operations invoked for this client. Use functional options on operation call to
// modify this list for per operation behavior.
APIOptions []func(*middleware.Stack) error
// MinDelay is the minimum amount of time to delay between retries. If unset,
// CertificateIssuedWaiter will use default minimum delay of 3 seconds. Note that
// MinDelay must resolve to a value lesser than or equal to the MaxDelay.
MinDelay time.Duration
// MaxDelay is the maximum amount of time to delay between retries. If unset or
// set to zero, CertificateIssuedWaiter will use default max delay of 120 seconds.
// Note that MaxDelay must resolve to value greater than or equal to the MinDelay.
MaxDelay time.Duration
// LogWaitAttempts is used to enable logging for waiter retry attempts
LogWaitAttempts bool
// Retryable is function that can be used to override the service defined
// waiter-behavior based on operation output, or returned error. This function is
// used by the waiter to decide if a state is retryable or a terminal state. By
// default service-modeled logic will populate this option. This option can thus be
// used to define a custom waiter state with fall-back to service-modeled waiter
// state mutators.The function returns an error in case of a failure state. In case
// of retry state, this function returns a bool value of true and nil error, while
// in case of success it returns a bool value of false and nil error.
Retryable func(context.Context, *GetCertificateInput, *GetCertificateOutput, error) (bool, error)
}
// CertificateIssuedWaiter defines the waiters for CertificateIssued
type CertificateIssuedWaiter struct {
client GetCertificateAPIClient
options CertificateIssuedWaiterOptions
}
// NewCertificateIssuedWaiter constructs a CertificateIssuedWaiter.
func NewCertificateIssuedWaiter(client GetCertificateAPIClient, optFns ...func(*CertificateIssuedWaiterOptions)) *CertificateIssuedWaiter {
options := CertificateIssuedWaiterOptions{}
options.MinDelay = 3 * time.Second
options.MaxDelay = 120 * time.Second
options.Retryable = certificateIssuedStateRetryable
for _, fn := range optFns {
fn(&options)
}
return &CertificateIssuedWaiter{
client: client,
options: options,
}
}
// Wait calls the waiter function for CertificateIssued waiter. The maxWaitDur is
// the maximum wait duration the waiter will wait. The maxWaitDur is required and
// must be greater than zero.
func (w *CertificateIssuedWaiter) Wait(ctx context.Context, params *GetCertificateInput, maxWaitDur time.Duration, optFns ...func(*CertificateIssuedWaiterOptions)) error {
_, err := w.WaitForOutput(ctx, params, maxWaitDur, optFns...)
return err
}
// WaitForOutput calls the waiter function for CertificateIssued waiter and
// returns the output of the successful operation. The maxWaitDur is the maximum
// wait duration the waiter will wait. The maxWaitDur is required and must be
// greater than zero.
func (w *CertificateIssuedWaiter) WaitForOutput(ctx context.Context, params *GetCertificateInput, maxWaitDur time.Duration, optFns ...func(*CertificateIssuedWaiterOptions)) (*GetCertificateOutput, error) {
if maxWaitDur <= 0 {
return nil, fmt.Errorf("maximum wait time for waiter must be greater than zero")
}
options := w.options
for _, fn := range optFns {
fn(&options)
}
if options.MaxDelay <= 0 {
options.MaxDelay = 120 * time.Second
}
if options.MinDelay > options.MaxDelay {
return nil, fmt.Errorf("minimum waiter delay %v must be lesser than or equal to maximum waiter delay of %v.", options.MinDelay, options.MaxDelay)
}
ctx, cancelFn := context.WithTimeout(ctx, maxWaitDur)
defer cancelFn()
logger := smithywaiter.Logger{}
remainingTime := maxWaitDur
var attempt int64
for {
attempt++
apiOptions := options.APIOptions
start := time.Now()
if options.LogWaitAttempts {
logger.Attempt = attempt
apiOptions = append([]func(*middleware.Stack) error{}, options.APIOptions...)
apiOptions = append(apiOptions, logger.AddLogger)
}
out, err := w.client.GetCertificate(ctx, params, func(o *Options) {
o.APIOptions = append(o.APIOptions, apiOptions...)
})
retryable, err := options.Retryable(ctx, params, out, err)
if err != nil {
return nil, err
}
if !retryable {
return out, nil
}
remainingTime -= time.Since(start)
if remainingTime < options.MinDelay || remainingTime <= 0 {
break
}
// compute exponential backoff between waiter retries
delay, err := smithywaiter.ComputeDelay(
attempt, options.MinDelay, options.MaxDelay, remainingTime,
)
if err != nil {
return nil, fmt.Errorf("error computing waiter delay, %w", err)
}
remainingTime -= delay
// sleep for the delay amount before invoking a request
if err := smithytime.SleepWithContext(ctx, delay); err != nil {
return nil, fmt.Errorf("request cancelled while waiting, %w", err)
}
}
return nil, fmt.Errorf("exceeded max wait time for CertificateIssued waiter")
}
func certificateIssuedStateRetryable(ctx context.Context, input *GetCertificateInput, output *GetCertificateOutput, err error) (bool, error) {
if err == nil {
return false, nil
}
if err != nil {
var errorType *types.RequestInProgressException
if errors.As(err, &errorType) {
return true, nil
}
}
return true, nil
}
func newServiceMetadataMiddleware_opGetCertificate(region string) *awsmiddleware.RegisterServiceMetadata {
return &awsmiddleware.RegisterServiceMetadata{
Region: region,
ServiceID: ServiceID,
OperationName: "GetCertificate",
}
}
|
