377 lines
19 KiB
Go
377 lines
19 KiB
Go
// Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT.
|
|
|
|
package kms
|
|
|
|
import (
|
|
"github.com/aws/aws-sdk-go/private/protocol"
|
|
)
|
|
|
|
const (
|
|
|
|
// ErrCodeAlreadyExistsException for service response error code
|
|
// "AlreadyExistsException".
|
|
//
|
|
// The request was rejected because it attempted to create a resource that already
|
|
// exists.
|
|
ErrCodeAlreadyExistsException = "AlreadyExistsException"
|
|
|
|
// ErrCodeCloudHsmClusterInUseException for service response error code
|
|
// "CloudHsmClusterInUseException".
|
|
//
|
|
// The request was rejected because the specified CloudHSM cluster is already
|
|
// associated with a custom key store or it shares a backup history with a cluster
|
|
// that is associated with a custom key store. Each custom key store must be
|
|
// associated with a different CloudHSM cluster.
|
|
//
|
|
// Clusters that share a backup history have the same cluster certificate. To
|
|
// view the cluster certificate of a cluster, use the DescribeClusters (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_DescribeClusters.html)
|
|
// operation.
|
|
ErrCodeCloudHsmClusterInUseException = "CloudHsmClusterInUseException"
|
|
|
|
// ErrCodeCloudHsmClusterInvalidConfigurationException for service response error code
|
|
// "CloudHsmClusterInvalidConfigurationException".
|
|
//
|
|
// The request was rejected because the associated CloudHSM cluster did not
|
|
// meet the configuration requirements for a custom key store.
|
|
//
|
|
// * The cluster must be configured with private subnets in at least two
|
|
// different Availability Zones in the Region.
|
|
//
|
|
// * The security group for the cluster (https://docs.aws.amazon.com/cloudhsm/latest/userguide/configure-sg.html)
|
|
// (cloudhsm-cluster-<cluster-id>-sg) must include inbound rules and outbound
|
|
// rules that allow TCP traffic on ports 2223-2225. The Source in the inbound
|
|
// rules and the Destination in the outbound rules must match the security
|
|
// group ID. These rules are set by default when you create the cluster.
|
|
// Do not delete or change them. To get information about a particular security
|
|
// group, use the DescribeSecurityGroups (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeSecurityGroups.html)
|
|
// operation.
|
|
//
|
|
// * The cluster must contain at least as many HSMs as the operation requires.
|
|
// To add HSMs, use the CloudHSM CreateHsm (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_CreateHsm.html)
|
|
// operation. For the CreateCustomKeyStore, UpdateCustomKeyStore, and CreateKey
|
|
// operations, the CloudHSM cluster must have at least two active HSMs, each
|
|
// in a different Availability Zone. For the ConnectCustomKeyStore operation,
|
|
// the CloudHSM must contain at least one active HSM.
|
|
//
|
|
// For information about the requirements for an CloudHSM cluster that is associated
|
|
// with a custom key store, see Assemble the Prerequisites (https://docs.aws.amazon.com/kms/latest/developerguide/create-keystore.html#before-keystore)
|
|
// in the Key Management Service Developer Guide. For information about creating
|
|
// a private subnet for an CloudHSM cluster, see Create a Private Subnet (https://docs.aws.amazon.com/cloudhsm/latest/userguide/create-subnets.html)
|
|
// in the CloudHSM User Guide. For information about cluster security groups,
|
|
// see Configure a Default Security Group (https://docs.aws.amazon.com/cloudhsm/latest/userguide/configure-sg.html)
|
|
// in the CloudHSM User Guide .
|
|
ErrCodeCloudHsmClusterInvalidConfigurationException = "CloudHsmClusterInvalidConfigurationException"
|
|
|
|
// ErrCodeCloudHsmClusterNotActiveException for service response error code
|
|
// "CloudHsmClusterNotActiveException".
|
|
//
|
|
// The request was rejected because the CloudHSM cluster that is associated
|
|
// with the custom key store is not active. Initialize and activate the cluster
|
|
// and try the command again. For detailed instructions, see Getting Started
|
|
// (https://docs.aws.amazon.com/cloudhsm/latest/userguide/getting-started.html)
|
|
// in the CloudHSM User Guide.
|
|
ErrCodeCloudHsmClusterNotActiveException = "CloudHsmClusterNotActiveException"
|
|
|
|
// ErrCodeCloudHsmClusterNotFoundException for service response error code
|
|
// "CloudHsmClusterNotFoundException".
|
|
//
|
|
// The request was rejected because KMS cannot find the CloudHSM cluster with
|
|
// the specified cluster ID. Retry the request with a different cluster ID.
|
|
ErrCodeCloudHsmClusterNotFoundException = "CloudHsmClusterNotFoundException"
|
|
|
|
// ErrCodeCloudHsmClusterNotRelatedException for service response error code
|
|
// "CloudHsmClusterNotRelatedException".
|
|
//
|
|
// The request was rejected because the specified CloudHSM cluster has a different
|
|
// cluster certificate than the original cluster. You cannot use the operation
|
|
// to specify an unrelated cluster.
|
|
//
|
|
// Specify a cluster that shares a backup history with the original cluster.
|
|
// This includes clusters that were created from a backup of the current cluster,
|
|
// and clusters that were created from the same backup that produced the current
|
|
// cluster.
|
|
//
|
|
// Clusters that share a backup history have the same cluster certificate. To
|
|
// view the cluster certificate of a cluster, use the DescribeClusters (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_DescribeClusters.html)
|
|
// operation.
|
|
ErrCodeCloudHsmClusterNotRelatedException = "CloudHsmClusterNotRelatedException"
|
|
|
|
// ErrCodeCustomKeyStoreHasCMKsException for service response error code
|
|
// "CustomKeyStoreHasCMKsException".
|
|
//
|
|
// The request was rejected because the custom key store contains KMS keys.
|
|
// After verifying that you do not need to use the KMS keys, use the ScheduleKeyDeletion
|
|
// operation to delete the KMS keys. After they are deleted, you can delete
|
|
// the custom key store.
|
|
ErrCodeCustomKeyStoreHasCMKsException = "CustomKeyStoreHasCMKsException"
|
|
|
|
// ErrCodeCustomKeyStoreInvalidStateException for service response error code
|
|
// "CustomKeyStoreInvalidStateException".
|
|
//
|
|
// The request was rejected because of the ConnectionState of the custom key
|
|
// store. To get the ConnectionState of a custom key store, use the DescribeCustomKeyStores
|
|
// operation.
|
|
//
|
|
// This exception is thrown under the following conditions:
|
|
//
|
|
// * You requested the CreateKey or GenerateRandom operation in a custom
|
|
// key store that is not connected. These operations are valid only when
|
|
// the custom key store ConnectionState is CONNECTED.
|
|
//
|
|
// * You requested the UpdateCustomKeyStore or DeleteCustomKeyStore operation
|
|
// on a custom key store that is not disconnected. This operation is valid
|
|
// only when the custom key store ConnectionState is DISCONNECTED.
|
|
//
|
|
// * You requested the ConnectCustomKeyStore operation on a custom key store
|
|
// with a ConnectionState of DISCONNECTING or FAILED. This operation is valid
|
|
// for all other ConnectionState values.
|
|
ErrCodeCustomKeyStoreInvalidStateException = "CustomKeyStoreInvalidStateException"
|
|
|
|
// ErrCodeCustomKeyStoreNameInUseException for service response error code
|
|
// "CustomKeyStoreNameInUseException".
|
|
//
|
|
// The request was rejected because the specified custom key store name is already
|
|
// assigned to another custom key store in the account. Try again with a custom
|
|
// key store name that is unique in the account.
|
|
ErrCodeCustomKeyStoreNameInUseException = "CustomKeyStoreNameInUseException"
|
|
|
|
// ErrCodeCustomKeyStoreNotFoundException for service response error code
|
|
// "CustomKeyStoreNotFoundException".
|
|
//
|
|
// The request was rejected because KMS cannot find a custom key store with
|
|
// the specified key store name or ID.
|
|
ErrCodeCustomKeyStoreNotFoundException = "CustomKeyStoreNotFoundException"
|
|
|
|
// ErrCodeDependencyTimeoutException for service response error code
|
|
// "DependencyTimeoutException".
|
|
//
|
|
// The system timed out while trying to fulfill the request. The request can
|
|
// be retried.
|
|
ErrCodeDependencyTimeoutException = "DependencyTimeoutException"
|
|
|
|
// ErrCodeDisabledException for service response error code
|
|
// "DisabledException".
|
|
//
|
|
// The request was rejected because the specified KMS key is not enabled.
|
|
ErrCodeDisabledException = "DisabledException"
|
|
|
|
// ErrCodeExpiredImportTokenException for service response error code
|
|
// "ExpiredImportTokenException".
|
|
//
|
|
// The request was rejected because the specified import token is expired. Use
|
|
// GetParametersForImport to get a new import token and public key, use the
|
|
// new public key to encrypt the key material, and then try the request again.
|
|
ErrCodeExpiredImportTokenException = "ExpiredImportTokenException"
|
|
|
|
// ErrCodeIncorrectKeyException for service response error code
|
|
// "IncorrectKeyException".
|
|
//
|
|
// The request was rejected because the specified KMS key cannot decrypt the
|
|
// data. The KeyId in a Decrypt request and the SourceKeyId in a ReEncrypt request
|
|
// must identify the same KMS key that was used to encrypt the ciphertext.
|
|
ErrCodeIncorrectKeyException = "IncorrectKeyException"
|
|
|
|
// ErrCodeIncorrectKeyMaterialException for service response error code
|
|
// "IncorrectKeyMaterialException".
|
|
//
|
|
// The request was rejected because the key material in the request is, expired,
|
|
// invalid, or is not the same key material that was previously imported into
|
|
// this KMS key.
|
|
ErrCodeIncorrectKeyMaterialException = "IncorrectKeyMaterialException"
|
|
|
|
// ErrCodeIncorrectTrustAnchorException for service response error code
|
|
// "IncorrectTrustAnchorException".
|
|
//
|
|
// The request was rejected because the trust anchor certificate in the request
|
|
// is not the trust anchor certificate for the specified CloudHSM cluster.
|
|
//
|
|
// When you initialize the cluster (https://docs.aws.amazon.com/cloudhsm/latest/userguide/initialize-cluster.html#sign-csr),
|
|
// you create the trust anchor certificate and save it in the customerCA.crt
|
|
// file.
|
|
ErrCodeIncorrectTrustAnchorException = "IncorrectTrustAnchorException"
|
|
|
|
// ErrCodeInternalException for service response error code
|
|
// "KMSInternalException".
|
|
//
|
|
// The request was rejected because an internal exception occurred. The request
|
|
// can be retried.
|
|
ErrCodeInternalException = "KMSInternalException"
|
|
|
|
// ErrCodeInvalidAliasNameException for service response error code
|
|
// "InvalidAliasNameException".
|
|
//
|
|
// The request was rejected because the specified alias name is not valid.
|
|
ErrCodeInvalidAliasNameException = "InvalidAliasNameException"
|
|
|
|
// ErrCodeInvalidArnException for service response error code
|
|
// "InvalidArnException".
|
|
//
|
|
// The request was rejected because a specified ARN, or an ARN in a key policy,
|
|
// is not valid.
|
|
ErrCodeInvalidArnException = "InvalidArnException"
|
|
|
|
// ErrCodeInvalidCiphertextException for service response error code
|
|
// "InvalidCiphertextException".
|
|
//
|
|
// From the Decrypt or ReEncrypt operation, the request was rejected because
|
|
// the specified ciphertext, or additional authenticated data incorporated into
|
|
// the ciphertext, such as the encryption context, is corrupted, missing, or
|
|
// otherwise invalid.
|
|
//
|
|
// From the ImportKeyMaterial operation, the request was rejected because KMS
|
|
// could not decrypt the encrypted (wrapped) key material.
|
|
ErrCodeInvalidCiphertextException = "InvalidCiphertextException"
|
|
|
|
// ErrCodeInvalidGrantIdException for service response error code
|
|
// "InvalidGrantIdException".
|
|
//
|
|
// The request was rejected because the specified GrantId is not valid.
|
|
ErrCodeInvalidGrantIdException = "InvalidGrantIdException"
|
|
|
|
// ErrCodeInvalidGrantTokenException for service response error code
|
|
// "InvalidGrantTokenException".
|
|
//
|
|
// The request was rejected because the specified grant token is not valid.
|
|
ErrCodeInvalidGrantTokenException = "InvalidGrantTokenException"
|
|
|
|
// ErrCodeInvalidImportTokenException for service response error code
|
|
// "InvalidImportTokenException".
|
|
//
|
|
// The request was rejected because the provided import token is invalid or
|
|
// is associated with a different KMS key.
|
|
ErrCodeInvalidImportTokenException = "InvalidImportTokenException"
|
|
|
|
// ErrCodeInvalidKeyUsageException for service response error code
|
|
// "InvalidKeyUsageException".
|
|
//
|
|
// The request was rejected for one of the following reasons:
|
|
//
|
|
// * The KeyUsage value of the KMS key is incompatible with the API operation.
|
|
//
|
|
// * The encryption algorithm or signing algorithm specified for the operation
|
|
// is incompatible with the type of key material in the KMS key (KeySpec).
|
|
//
|
|
// For encrypting, decrypting, re-encrypting, and generating data keys, the
|
|
// KeyUsage must be ENCRYPT_DECRYPT. For signing and verifying messages, the
|
|
// KeyUsage must be SIGN_VERIFY. For generating and verifying message authentication
|
|
// codes (MACs), the KeyUsage must be GENERATE_VERIFY_MAC. To find the KeyUsage
|
|
// of a KMS key, use the DescribeKey operation.
|
|
//
|
|
// To find the encryption or signing algorithms supported for a particular KMS
|
|
// key, use the DescribeKey operation.
|
|
ErrCodeInvalidKeyUsageException = "InvalidKeyUsageException"
|
|
|
|
// ErrCodeInvalidMarkerException for service response error code
|
|
// "InvalidMarkerException".
|
|
//
|
|
// The request was rejected because the marker that specifies where pagination
|
|
// should next begin is not valid.
|
|
ErrCodeInvalidMarkerException = "InvalidMarkerException"
|
|
|
|
// ErrCodeInvalidStateException for service response error code
|
|
// "KMSInvalidStateException".
|
|
//
|
|
// The request was rejected because the state of the specified resource is not
|
|
// valid for this request.
|
|
//
|
|
// For more information about how key state affects the use of a KMS key, see
|
|
// Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html)
|
|
// in the Key Management Service Developer Guide .
|
|
ErrCodeInvalidStateException = "KMSInvalidStateException"
|
|
|
|
// ErrCodeKMSInvalidMacException for service response error code
|
|
// "KMSInvalidMacException".
|
|
//
|
|
// The request was rejected because the HMAC verification failed. HMAC verification
|
|
// fails when the HMAC computed by using the specified message, HMAC KMS key,
|
|
// and MAC algorithm does not match the HMAC specified in the request.
|
|
ErrCodeKMSInvalidMacException = "KMSInvalidMacException"
|
|
|
|
// ErrCodeKMSInvalidSignatureException for service response error code
|
|
// "KMSInvalidSignatureException".
|
|
//
|
|
// The request was rejected because the signature verification failed. Signature
|
|
// verification fails when it cannot confirm that signature was produced by
|
|
// signing the specified message with the specified KMS key and signing algorithm.
|
|
ErrCodeKMSInvalidSignatureException = "KMSInvalidSignatureException"
|
|
|
|
// ErrCodeKeyUnavailableException for service response error code
|
|
// "KeyUnavailableException".
|
|
//
|
|
// The request was rejected because the specified KMS key was not available.
|
|
// You can retry the request.
|
|
ErrCodeKeyUnavailableException = "KeyUnavailableException"
|
|
|
|
// ErrCodeLimitExceededException for service response error code
|
|
// "LimitExceededException".
|
|
//
|
|
// The request was rejected because a quota was exceeded. For more information,
|
|
// see Quotas (https://docs.aws.amazon.com/kms/latest/developerguide/limits.html)
|
|
// in the Key Management Service Developer Guide.
|
|
ErrCodeLimitExceededException = "LimitExceededException"
|
|
|
|
// ErrCodeMalformedPolicyDocumentException for service response error code
|
|
// "MalformedPolicyDocumentException".
|
|
//
|
|
// The request was rejected because the specified policy is not syntactically
|
|
// or semantically correct.
|
|
ErrCodeMalformedPolicyDocumentException = "MalformedPolicyDocumentException"
|
|
|
|
// ErrCodeNotFoundException for service response error code
|
|
// "NotFoundException".
|
|
//
|
|
// The request was rejected because the specified entity or resource could not
|
|
// be found.
|
|
ErrCodeNotFoundException = "NotFoundException"
|
|
|
|
// ErrCodeTagException for service response error code
|
|
// "TagException".
|
|
//
|
|
// The request was rejected because one or more tags are not valid.
|
|
ErrCodeTagException = "TagException"
|
|
|
|
// ErrCodeUnsupportedOperationException for service response error code
|
|
// "UnsupportedOperationException".
|
|
//
|
|
// The request was rejected because a specified parameter is not supported or
|
|
// a specified resource is not valid for this operation.
|
|
ErrCodeUnsupportedOperationException = "UnsupportedOperationException"
|
|
)
|
|
|
|
var exceptionFromCode = map[string]func(protocol.ResponseMetadata) error{
|
|
"AlreadyExistsException": newErrorAlreadyExistsException,
|
|
"CloudHsmClusterInUseException": newErrorCloudHsmClusterInUseException,
|
|
"CloudHsmClusterInvalidConfigurationException": newErrorCloudHsmClusterInvalidConfigurationException,
|
|
"CloudHsmClusterNotActiveException": newErrorCloudHsmClusterNotActiveException,
|
|
"CloudHsmClusterNotFoundException": newErrorCloudHsmClusterNotFoundException,
|
|
"CloudHsmClusterNotRelatedException": newErrorCloudHsmClusterNotRelatedException,
|
|
"CustomKeyStoreHasCMKsException": newErrorCustomKeyStoreHasCMKsException,
|
|
"CustomKeyStoreInvalidStateException": newErrorCustomKeyStoreInvalidStateException,
|
|
"CustomKeyStoreNameInUseException": newErrorCustomKeyStoreNameInUseException,
|
|
"CustomKeyStoreNotFoundException": newErrorCustomKeyStoreNotFoundException,
|
|
"DependencyTimeoutException": newErrorDependencyTimeoutException,
|
|
"DisabledException": newErrorDisabledException,
|
|
"ExpiredImportTokenException": newErrorExpiredImportTokenException,
|
|
"IncorrectKeyException": newErrorIncorrectKeyException,
|
|
"IncorrectKeyMaterialException": newErrorIncorrectKeyMaterialException,
|
|
"IncorrectTrustAnchorException": newErrorIncorrectTrustAnchorException,
|
|
"KMSInternalException": newErrorInternalException,
|
|
"InvalidAliasNameException": newErrorInvalidAliasNameException,
|
|
"InvalidArnException": newErrorInvalidArnException,
|
|
"InvalidCiphertextException": newErrorInvalidCiphertextException,
|
|
"InvalidGrantIdException": newErrorInvalidGrantIdException,
|
|
"InvalidGrantTokenException": newErrorInvalidGrantTokenException,
|
|
"InvalidImportTokenException": newErrorInvalidImportTokenException,
|
|
"InvalidKeyUsageException": newErrorInvalidKeyUsageException,
|
|
"InvalidMarkerException": newErrorInvalidMarkerException,
|
|
"KMSInvalidStateException": newErrorInvalidStateException,
|
|
"KMSInvalidMacException": newErrorKMSInvalidMacException,
|
|
"KMSInvalidSignatureException": newErrorKMSInvalidSignatureException,
|
|
"KeyUnavailableException": newErrorKeyUnavailableException,
|
|
"LimitExceededException": newErrorLimitExceededException,
|
|
"MalformedPolicyDocumentException": newErrorMalformedPolicyDocumentException,
|
|
"NotFoundException": newErrorNotFoundException,
|
|
"TagException": newErrorTagException,
|
|
"UnsupportedOperationException": newErrorUnsupportedOperationException,
|
|
}
|