-
Notifications
You must be signed in to change notification settings - Fork 16
/
Copy pathgenerator.yaml
191 lines (191 loc) · 5.85 KB
/
generator.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
ignore:
field_paths:
- "RequestCertificateInput.IdempotencyToken"
- "RequestCertificateInput.ValidationMethod"
operations:
RequestCertificate:
resource_name: Certificate
operation_type: CREATE
# NOTE(jaypipes): There is a GetCertificate API call, but that returns the
# actual cert bytes, not the attributes of the certificate request
DescribeCertificate:
resource_name: Certificate
operation_type: READ_ONE
UpdateCertificateOptions:
resource_name: Certificate
operation_type: UPDATE
resources:
Certificate:
hooks:
sdk_update_pre_build_request:
template_path: hooks/certificate/sdk_update_pre_build_request.go.tpl
sdk_create_pre_build_request:
template_path: hooks/certificate/sdk_create_pre_build_request.go.tpl
sdk_create_post_build_request:
# NOTE(jaypipes): We only support DNS-based validation, because
# certificate renewal is not really automatable when email verification
# is used.
#
# See discussion here:
# https://docs.aws.amazon.com/acm/latest/userguide/email-validation.html
#
# Unfortunately, because fields in the "ignore" configuration list are
# now deleted from the aws-sdk-go private/model/api.Shape object,
# setting `override_values` above does not work :(
code: input.SetValidationMethod("DNS")
sdk_read_one_pre_set_output:
template_path: hooks/certificate/sdk_read_one_pre_set_output.go.tpl
sdk_file_end:
template_path: hooks/certificate/sdk_file_end.go.tpl
late_initialize_post_read_one:
template_path: hooks/certificate/late_initialize_post_read_one.go.tpl
exceptions:
terminal_codes:
- InvalidParameter
- InvalidDomainValidationOptionsException
- InvalidTagException
- TagPolicyException
- TooManyTagsException
- InvalidArnException
reconcile:
requeue_on_success_seconds: 60
fields:
DomainName:
is_primary_key: false
is_required: false
Certificate:
type: "bytes"
is_secret: true
is_immutable: true
compare:
is_ignored: true
PrivateKey:
type: "bytes"
is_secret: true
is_immutable: true
compare:
is_ignored: true
CertificateArn:
type: string
is_immutable: true
CertificateChain:
type: "bytes"
is_immutable: true
is_secret: true
compare:
is_ignored: true
CertificateAuthorityARN:
references:
service_name: acmpca
resource: CertificateAuthority
path: Status.ACKResourceMetadata.ARN
is_immutable: true
KeyAlgorithm:
late_initialize: {}
Options:
late_initialize: {}
# NOTE(jaypipes): The Create operation (RequestCertificate) has a
# response with only a single field (certificateArn). All of the status
# fields for the certificate are in the ReadOne operation
# (DescribeCertificate) response, so we need to tell the code-generator
# about all of those fields manually here...
CreatedAt:
is_read_only: true
from:
operation: DescribeCertificate
path: Certificate.CreatedAt
DomainValidations:
is_read_only: true
from:
operation: DescribeCertificate
path: Certificate.DomainValidationOptions
ExtendedKeyUsages:
is_read_only: true
from:
operation: DescribeCertificate
path: Certificate.ExtendedKeyUsages
FailureReason:
is_read_only: true
from:
operation: DescribeCertificate
path: Certificate.FailureReason
ImportedAt:
is_read_only: true
from:
operation: DescribeCertificate
path: Certificate.ImportedAt
InUseBy:
is_read_only: true
from:
operation: DescribeCertificate
path: Certificate.InUseBy
IssuedAt:
is_read_only: true
from:
operation: DescribeCertificate
path: Certificate.IssuedAt
Issuer:
is_read_only: true
from:
operation: DescribeCertificate
path: Certificate.Issuer
KeyUsages:
is_read_only: true
from:
operation: DescribeCertificate
path: Certificate.KeyUsages
NotAfter:
is_read_only: true
from:
operation: DescribeCertificate
path: Certificate.NotAfter
NotBefore:
is_read_only: true
from:
operation: DescribeCertificate
path: Certificate.NotBefore
RenewalEligibility:
is_read_only: true
from:
operation: DescribeCertificate
path: Certificate.RenewalEligibility
RenewalSummary:
is_read_only: true
from:
operation: DescribeCertificate
path: Certificate.RenewalSummary
RevocationReason:
is_read_only: true
from:
operation: DescribeCertificate
path: Certificate.RevocationReason
RevokedAt:
is_read_only: true
from:
operation: DescribeCertificate
path: Certificate.RevokedAt
Serial:
is_read_only: true
from:
operation: DescribeCertificate
path: Certificate.Serial
SignatureAlgorithm:
is_read_only: true
from:
operation: DescribeCertificate
path: Certificate.SignatureAlgorithm
Status:
is_read_only: true
from:
operation: DescribeCertificate
path: Certificate.Status
Subject:
is_read_only: true
from:
operation: DescribeCertificate
path: Certificate.Subject
Type:
is_read_only: true
from:
operation: DescribeCertificate
path: Certificate.Type