api_op_CreateKeySigningKey.go raw

   1  // Code generated by smithy-go-codegen DO NOT EDIT.
   2  
   3  package route53
   4  
   5  import (
   6  	"context"
   7  	"fmt"
   8  	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
   9  	"github.com/aws/aws-sdk-go-v2/service/route53/types"
  10  	"github.com/aws/smithy-go/middleware"
  11  	smithyhttp "github.com/aws/smithy-go/transport/http"
  12  )
  13  
  14  // Creates a new key-signing key (KSK) associated with a hosted zone. You can only
  15  // have two KSKs per hosted zone.
  16  func (c *Client) CreateKeySigningKey(ctx context.Context, params *CreateKeySigningKeyInput, optFns ...func(*Options)) (*CreateKeySigningKeyOutput, error) {
  17  	if params == nil {
  18  		params = &CreateKeySigningKeyInput{}
  19  	}
  20  
  21  	result, metadata, err := c.invokeOperation(ctx, "CreateKeySigningKey", params, optFns, c.addOperationCreateKeySigningKeyMiddlewares)
  22  	if err != nil {
  23  		return nil, err
  24  	}
  25  
  26  	out := result.(*CreateKeySigningKeyOutput)
  27  	out.ResultMetadata = metadata
  28  	return out, nil
  29  }
  30  
  31  type CreateKeySigningKeyInput struct {
  32  
  33  	// A unique string that identifies the request.
  34  	//
  35  	// This member is required.
  36  	CallerReference *string
  37  
  38  	// The unique string (ID) used to identify a hosted zone.
  39  	//
  40  	// This member is required.
  41  	HostedZoneId *string
  42  
  43  	// The Amazon resource name (ARN) for a customer managed key in Key Management
  44  	// Service (KMS). The KeyManagementServiceArn must be unique for each key-signing
  45  	// key (KSK) in a single hosted zone. To see an example of KeyManagementServiceArn
  46  	// that grants the correct permissions for DNSSEC, scroll down to Example.
  47  	//
  48  	// You must configure the customer managed customer managed key as follows:
  49  	//
  50  	// Status Enabled
  51  	//
  52  	// Key spec ECC_NIST_P256
  53  	//
  54  	// Key usage Sign and verify
  55  	//
  56  	// Key policy The key policy must give permission for the following actions:
  57  	//
  58  	//   - DescribeKey
  59  	//
  60  	//   - GetPublicKey
  61  	//
  62  	//   - Sign
  63  	//
  64  	// The key policy must also include the Amazon Route 53 service in the principal
  65  	// for your account. Specify the following:
  66  	//
  67  	//   - "Service": "dnssec-route53.amazonaws.com"
  68  	//
  69  	// For more information about working with a customer managed key in KMS, see [Key Management Service concepts].
  70  	//
  71  	// [Key Management Service concepts]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html
  72  	//
  73  	// This member is required.
  74  	KeyManagementServiceArn *string
  75  
  76  	// A string used to identify a key-signing key (KSK). Name can include numbers,
  77  	// letters, and underscores (_). Name must be unique for each key-signing key in
  78  	// the same hosted zone.
  79  	//
  80  	// This member is required.
  81  	Name *string
  82  
  83  	// A string specifying the initial status of the key-signing key (KSK). You can
  84  	// set the value to ACTIVE or INACTIVE .
  85  	//
  86  	// This member is required.
  87  	Status *string
  88  
  89  	noSmithyDocumentSerde
  90  }
  91  
  92  type CreateKeySigningKeyOutput struct {
  93  
  94  	// A complex type that describes change information about changes made to your
  95  	// hosted zone.
  96  	//
  97  	// This member is required.
  98  	ChangeInfo *types.ChangeInfo
  99  
 100  	// The key-signing key (KSK) that the request creates.
 101  	//
 102  	// This member is required.
 103  	KeySigningKey *types.KeySigningKey
 104  
 105  	// The unique URL representing the new key-signing key (KSK).
 106  	//
 107  	// This member is required.
 108  	Location *string
 109  
 110  	// Metadata pertaining to the operation's result.
 111  	ResultMetadata middleware.Metadata
 112  
 113  	noSmithyDocumentSerde
 114  }
 115  
 116  func (c *Client) addOperationCreateKeySigningKeyMiddlewares(stack *middleware.Stack, options Options) (err error) {
 117  	if err := stack.Serialize.Add(&setOperationInputMiddleware{}, middleware.After); err != nil {
 118  		return err
 119  	}
 120  	err = stack.Serialize.Add(&awsRestxml_serializeOpCreateKeySigningKey{}, middleware.After)
 121  	if err != nil {
 122  		return err
 123  	}
 124  	err = stack.Deserialize.Add(&awsRestxml_deserializeOpCreateKeySigningKey{}, middleware.After)
 125  	if err != nil {
 126  		return err
 127  	}
 128  	if err := addProtocolFinalizerMiddlewares(stack, options, "CreateKeySigningKey"); err != nil {
 129  		return fmt.Errorf("add protocol finalizers: %v", err)
 130  	}
 131  
 132  	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
 133  		return err
 134  	}
 135  	if err = addSetLoggerMiddleware(stack, options); err != nil {
 136  		return err
 137  	}
 138  	if err = addClientRequestID(stack); err != nil {
 139  		return err
 140  	}
 141  	if err = addComputeContentLength(stack); err != nil {
 142  		return err
 143  	}
 144  	if err = addResolveEndpointMiddleware(stack, options); err != nil {
 145  		return err
 146  	}
 147  	if err = addComputePayloadSHA256(stack); err != nil {
 148  		return err
 149  	}
 150  	if err = addRetry(stack, options); err != nil {
 151  		return err
 152  	}
 153  	if err = addRawResponseToMetadata(stack); err != nil {
 154  		return err
 155  	}
 156  	if err = addRecordResponseTiming(stack); err != nil {
 157  		return err
 158  	}
 159  	if err = addSpanRetryLoop(stack, options); err != nil {
 160  		return err
 161  	}
 162  	if err = addClientUserAgent(stack, options); err != nil {
 163  		return err
 164  	}
 165  	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
 166  		return err
 167  	}
 168  	if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil {
 169  		return err
 170  	}
 171  	if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil {
 172  		return err
 173  	}
 174  	if err = addTimeOffsetBuild(stack, c); err != nil {
 175  		return err
 176  	}
 177  	if err = addUserAgentRetryMode(stack, options); err != nil {
 178  		return err
 179  	}
 180  	if err = addCredentialSource(stack, options); err != nil {
 181  		return err
 182  	}
 183  	if err = addOpCreateKeySigningKeyValidationMiddleware(stack); err != nil {
 184  		return err
 185  	}
 186  	if err = stack.Initialize.Add(newServiceMetadataMiddleware_opCreateKeySigningKey(options.Region), middleware.Before); err != nil {
 187  		return err
 188  	}
 189  	if err = addRecursionDetection(stack); err != nil {
 190  		return err
 191  	}
 192  	if err = addRequestIDRetrieverMiddleware(stack); err != nil {
 193  		return err
 194  	}
 195  	if err = addResponseErrorMiddleware(stack); err != nil {
 196  		return err
 197  	}
 198  	if err = addSanitizeURLMiddleware(stack); err != nil {
 199  		return err
 200  	}
 201  	if err = addRequestResponseLogging(stack, options); err != nil {
 202  		return err
 203  	}
 204  	if err = addDisableHTTPSMiddleware(stack, options); err != nil {
 205  		return err
 206  	}
 207  	if err = addInterceptBeforeRetryLoop(stack, options); err != nil {
 208  		return err
 209  	}
 210  	if err = addInterceptAttempt(stack, options); err != nil {
 211  		return err
 212  	}
 213  	if err = addInterceptors(stack, options); err != nil {
 214  		return err
 215  	}
 216  	return nil
 217  }
 218  
 219  func newServiceMetadataMiddleware_opCreateKeySigningKey(region string) *awsmiddleware.RegisterServiceMetadata {
 220  	return &awsmiddleware.RegisterServiceMetadata{
 221  		Region:        region,
 222  		ServiceID:     ServiceID,
 223  		OperationName: "CreateKeySigningKey",
 224  	}
 225  }
 226