forked from aws/aws-sdk-js-v3
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathDeletePermissionCommand.ts
More file actions
122 lines (113 loc) · 5.23 KB
/
DeletePermissionCommand.ts
File metadata and controls
122 lines (113 loc) · 5.23 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
import { ACMPCAClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes } from "../ACMPCAClient";
import { DeletePermissionRequest } from "../models/models_0";
import {
deserializeAws_json1_1DeletePermissionCommand,
serializeAws_json1_1DeletePermissionCommand,
} from "../protocols/Aws_json1_1";
import { getSerdePlugin } from "@aws-sdk/middleware-serde";
import { HttpRequest as __HttpRequest, HttpResponse as __HttpResponse } from "@aws-sdk/protocol-http";
import { Command as $Command } from "@aws-sdk/smithy-client";
import {
FinalizeHandlerArguments,
Handler,
HandlerExecutionContext,
MiddlewareStack,
HttpHandlerOptions as __HttpHandlerOptions,
MetadataBearer as __MetadataBearer,
SerdeContext as __SerdeContext,
} from "@aws-sdk/types";
export interface DeletePermissionCommandInput extends DeletePermissionRequest {}
export interface DeletePermissionCommandOutput extends __MetadataBearer {}
/**
* <p>Revokes permissions on a private CA granted to the AWS Certificate Manager (ACM) service principal
* (acm.amazonaws.com). </p>
* <p>These permissions allow ACM to issue and renew ACM certificates that reside in the
* same AWS account as the CA. If you revoke these permissions, ACM will no longer
* renew the affected certificates automatically.</p>
* <p>Permissions can be granted with the <a href="https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreatePermission.html">CreatePermission</a> action and
* listed with the <a href="https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_ListPermissions.html">ListPermissions</a> action. </p>
* <p class="title">
* <b>About Permissions</b>
* </p>
* <ul>
* <li>
* <p>If the private CA and the certificates it issues reside in the same
* account, you can use <code>CreatePermission</code> to grant permissions for ACM to
* carry out automatic certificate renewals.</p>
* </li>
* <li>
* <p>For automatic certificate renewal to succeed, the ACM service principal
* needs permissions to create, retrieve, and list certificates.</p>
* </li>
* <li>
* <p>If the private CA and the ACM certificates reside in different accounts,
* then permissions cannot be used to enable automatic renewals. Instead,
* the ACM certificate owner must set up a resource-based policy to enable
* cross-account issuance and renewals. For more information, see
* <a href="https://docs.aws.amazon.com/acm-pca/latest/userguide/pca-rbp.html">Using a Resource
* Based Policy with ACM Private CA</a>.</p>
* </li>
* </ul>
* @example
* Use a bare-bones client and the command you need to make an API call.
* ```javascript
* import { ACMPCAClient, DeletePermissionCommand } from "@aws-sdk/client-acm-pca"; // ES Modules import
* // const { ACMPCAClient, DeletePermissionCommand } = require("@aws-sdk/client-acm-pca"); // CommonJS import
* const client = new ACMPCAClient(config);
* const command = new DeletePermissionCommand(input);
* const response = await client.send(command);
* ```
*
* @see {@link DeletePermissionCommandInput} for command's `input` shape.
* @see {@link DeletePermissionCommandOutput} for command's `response` shape.
* @see {@link ACMPCAClientResolvedConfig | config} for command's `input` shape.
*
*/
export class DeletePermissionCommand extends $Command<
DeletePermissionCommandInput,
DeletePermissionCommandOutput,
ACMPCAClientResolvedConfig
> {
// Start section: command_properties
// End section: command_properties
constructor(readonly input: DeletePermissionCommandInput) {
// Start section: command_constructor
super();
// End section: command_constructor
}
/**
* @internal
*/
resolveMiddleware(
clientStack: MiddlewareStack<ServiceInputTypes, ServiceOutputTypes>,
configuration: ACMPCAClientResolvedConfig,
options?: __HttpHandlerOptions
): Handler<DeletePermissionCommandInput, DeletePermissionCommandOutput> {
this.middlewareStack.use(getSerdePlugin(configuration, this.serialize, this.deserialize));
const stack = clientStack.concat(this.middlewareStack);
const { logger } = configuration;
const clientName = "ACMPCAClient";
const commandName = "DeletePermissionCommand";
const handlerExecutionContext: HandlerExecutionContext = {
logger,
clientName,
commandName,
inputFilterSensitiveLog: DeletePermissionRequest.filterSensitiveLog,
outputFilterSensitiveLog: (output: any) => output,
};
const { requestHandler } = configuration;
return stack.resolve(
(request: FinalizeHandlerArguments<any>) =>
requestHandler.handle(request.request as __HttpRequest, options || {}),
handlerExecutionContext
);
}
private serialize(input: DeletePermissionCommandInput, context: __SerdeContext): Promise<__HttpRequest> {
return serializeAws_json1_1DeletePermissionCommand(input, context);
}
private deserialize(output: __HttpResponse, context: __SerdeContext): Promise<DeletePermissionCommandOutput> {
return deserializeAws_json1_1DeletePermissionCommand(output, context);
}
// Start section: command_body_extra
// End section: command_body_extra
}