{
  "$schema": "https://json-schema.org/draft/2020-12/schema",
  "$id": "https://raw.githubusercontent.com/api-evangelist/amazon-private-ca/refs/heads/main/json-schema/amazon-private-ca-create-permission-request-schema.json",
  "title": "CreatePermissionRequest",
  "description": "CreatePermissionRequest schema from Amazon Private CA API",
  "type": "object",
  "properties": {
    "CertificateAuthorityArn": {
      "allOf": [
        {
          "$ref": "#/components/schemas/Arn"
        },
        {
          "description": "<p>The Amazon Resource Name (ARN) of the CA that grants the permissions. You can find the ARN by calling the <a href=\"https://docs.aws.amazon.com/privateca/latest/APIReference/API_ListCertificateAuthorities.html\">ListCertificateAuthorities</a> action. This must have the following form: </p> <p> <code>arn:aws:acm-pca:<i>region</i>:<i>account</i>:certificate-authority/<i>12345678-1234-1234-1234-123456789012</i> </code>. </p>"
        }
      ]
    },
    "Principal": {
      "allOf": [
        {
          "$ref": "#/components/schemas/Principal"
        },
        {
          "description": "The Amazon Web Services service or identity that receives the permission. At this time, the only valid principal is <code>acm.amazonaws.com</code>."
        }
      ]
    },
    "SourceAccount": {
      "allOf": [
        {
          "$ref": "#/components/schemas/AccountId"
        },
        {
          "description": "The ID of the calling account."
        }
      ]
    },
    "Actions": {
      "allOf": [
        {
          "$ref": "#/components/schemas/ActionList"
        },
        {
          "description": "The actions that the specified Amazon Web Services service principal can use. These include <code>IssueCertificate</code>, <code>GetCertificate</code>, and <code>ListPermissions</code>."
        }
      ]
    }
  },
  "required": [
    "CertificateAuthorityArn",
    "Principal",
    "Actions"
  ]
}