/AWS1/IF_EC2=>CREATEVERIFIEDACCTRUSTPVDR()¶
About CreateVerifiedAccessTrustProvider¶
A trust provider is a third-party entity that creates, maintains, and manages identity information for users and devices. When an application request is made, the identity information sent by the trust provider is evaluated by Verified Access before allowing or denying the application request.
Method Signature¶
METHODS /AWS1/IF_EC2~CREATEVERIFIEDACCTRUSTPVDR
IMPORTING
!IV_TRUSTPROVIDERTYPE TYPE /AWS1/EC2TRUSTPROVIDERTYPE OPTIONAL
!IV_USERTRUSTPROVIDERTYPE TYPE /AWS1/EC2USERTRUSTPROVIDERTYPE OPTIONAL
!IV_DEVICETRUSTPROVIDERTYPE TYPE /AWS1/EC2DEVICETRUSTPVDRTYPE OPTIONAL
!IO_OIDCOPTIONS TYPE REF TO /AWS1/CL_EC2CREVERIFIEDACCTR01 OPTIONAL
!IO_DEVICEOPTIONS TYPE REF TO /AWS1/CL_EC2CREVERIFIEDACCTR02 OPTIONAL
!IV_POLICYREFERENCENAME TYPE /AWS1/EC2STRING OPTIONAL
!IV_DESCRIPTION TYPE /AWS1/EC2STRING OPTIONAL
!IT_TAGSPECIFICATIONS TYPE /AWS1/CL_EC2TAGSPECIFICATION=>TT_TAGSPECIFICATIONLIST OPTIONAL
!IV_CLIENTTOKEN TYPE /AWS1/EC2STRING OPTIONAL
!IV_DRYRUN TYPE /AWS1/EC2BOOLEAN OPTIONAL
!IO_SSESPECIFICATION TYPE REF TO /AWS1/CL_EC2VERIFIEDACCSSESP01 OPTIONAL
!IO_NATIVEAPPLICATIONOIDCOPTS TYPE REF TO /AWS1/CL_EC2CREVERIFIEDACCNA00 OPTIONAL
RETURNING
VALUE(OO_OUTPUT) TYPE REF TO /aws1/cl_ec2creverifiedacctr03
RAISING
/AWS1/CX_EC2CLIENTEXC
/AWS1/CX_EC2SERVEREXC
/AWS1/CX_RT_TECHNICAL_GENERIC
/AWS1/CX_RT_SERVICE_GENERIC.
IMPORTING¶
Required arguments:¶
iv_trustprovidertype TYPE /AWS1/EC2TRUSTPROVIDERTYPE /AWS1/EC2TRUSTPROVIDERTYPE¶
The type of trust provider.
iv_policyreferencename TYPE /AWS1/EC2STRING /AWS1/EC2STRING¶
The identifier to be used when working with policy rules.
Optional arguments:¶
iv_usertrustprovidertype TYPE /AWS1/EC2USERTRUSTPROVIDERTYPE /AWS1/EC2USERTRUSTPROVIDERTYPE¶
The type of user-based trust provider. This parameter is required when the provider type is
user.
iv_devicetrustprovidertype TYPE /AWS1/EC2DEVICETRUSTPVDRTYPE /AWS1/EC2DEVICETRUSTPVDRTYPE¶
The type of device-based trust provider. This parameter is required when the provider type is
device.
io_oidcoptions TYPE REF TO /AWS1/CL_EC2CREVERIFIEDACCTR01 /AWS1/CL_EC2CREVERIFIEDACCTR01¶
The options for a OpenID Connect-compatible user-identity trust provider. This parameter is required when the provider type is
user.
io_deviceoptions TYPE REF TO /AWS1/CL_EC2CREVERIFIEDACCTR02 /AWS1/CL_EC2CREVERIFIEDACCTR02¶
The options for a device-based trust provider. This parameter is required when the provider type is
device.
iv_description TYPE /AWS1/EC2STRING /AWS1/EC2STRING¶
A description for the Verified Access trust provider.
it_tagspecifications TYPE /AWS1/CL_EC2TAGSPECIFICATION=>TT_TAGSPECIFICATIONLIST TT_TAGSPECIFICATIONLIST¶
The tags to assign to the Verified Access trust provider.
iv_clienttoken TYPE /AWS1/EC2STRING /AWS1/EC2STRING¶
A unique, case-sensitive token that you provide to ensure idempotency of your modification request. For more information, see Ensuring idempotency.
iv_dryrun TYPE /AWS1/EC2BOOLEAN /AWS1/EC2BOOLEAN¶
Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is
DryRunOperation. Otherwise, it isUnauthorizedOperation.
io_ssespecification TYPE REF TO /AWS1/CL_EC2VERIFIEDACCSSESP01 /AWS1/CL_EC2VERIFIEDACCSSESP01¶
The options for server side encryption.
io_nativeapplicationoidcopts TYPE REF TO /AWS1/CL_EC2CREVERIFIEDACCNA00 /AWS1/CL_EC2CREVERIFIEDACCNA00¶
The OpenID Connect (OIDC) options.
RETURNING¶
oo_output TYPE REF TO /aws1/cl_ec2creverifiedacctr03 /AWS1/CL_EC2CREVERIFIEDACCTR03¶
Domain /AWS1/RT_ACCOUNT_ID Primitive Type NUMC
Examples¶
Syntax Example¶
This is an example of the syntax for calling the method. It includes every possible argument and initializes every possible value. The data provided is not necessarily semantically accurate (for example the value "string" may be provided for something that is intended to be an instance ID, or in some cases two arguments may be mutually exclusive). The syntax shows the ABAP syntax for creating the various data structures.
DATA(lo_result) = lo_client->createverifiedacctrustpvdr(
io_deviceoptions = new /aws1/cl_ec2creverifiedacctr02(
iv_publicsigningkeyurl = |string|
iv_tenantid = |string|
)
io_nativeapplicationoidcopts = new /aws1/cl_ec2creverifiedaccna00(
iv_authorizationendpoint = |string|
iv_clientid = |string|
iv_clientsecret = |string|
iv_issuer = |string|
iv_publicsigningkeyendpoint = |string|
iv_scope = |string|
iv_tokenendpoint = |string|
iv_userinfoendpoint = |string|
)
io_oidcoptions = new /aws1/cl_ec2creverifiedacctr01(
iv_authorizationendpoint = |string|
iv_clientid = |string|
iv_clientsecret = |string|
iv_issuer = |string|
iv_scope = |string|
iv_tokenendpoint = |string|
iv_userinfoendpoint = |string|
)
io_ssespecification = new /aws1/cl_ec2verifiedaccssesp01(
iv_customermanagedkeyenabled = ABAP_TRUE
iv_kmskeyarn = |string|
)
it_tagspecifications = VALUE /aws1/cl_ec2tagspecification=>tt_tagspecificationlist(
(
new /aws1/cl_ec2tagspecification(
it_tags = VALUE /aws1/cl_ec2tag=>tt_taglist(
(
new /aws1/cl_ec2tag(
iv_key = |string|
iv_value = |string|
)
)
)
iv_resourcetype = |string|
)
)
)
iv_clienttoken = |string|
iv_description = |string|
iv_devicetrustprovidertype = |string|
iv_dryrun = ABAP_TRUE
iv_policyreferencename = |string|
iv_trustprovidertype = |string|
iv_usertrustprovidertype = |string|
).
This is an example of reading all possible response values
lo_result = lo_result.
IF lo_result IS NOT INITIAL.
lo_verifiedaccesstrustprov = lo_result->get_verifiedaccesstrustpvdr( ).
IF lo_verifiedaccesstrustprov IS NOT INITIAL.
lv_string = lo_verifiedaccesstrustprov->get_verifiedacctrustpvdrid( ).
lv_string = lo_verifiedaccesstrustprov->get_description( ).
lv_trustprovidertype = lo_verifiedaccesstrustprov->get_trustprovidertype( ).
lv_usertrustprovidertype = lo_verifiedaccesstrustprov->get_usertrustprovidertype( ).
lv_devicetrustprovidertype = lo_verifiedaccesstrustprov->get_devicetrustprovidertype( ).
lo_oidcoptions = lo_verifiedaccesstrustprov->get_oidcoptions( ).
IF lo_oidcoptions IS NOT INITIAL.
lv_string = lo_oidcoptions->get_issuer( ).
lv_string = lo_oidcoptions->get_authorizationendpoint( ).
lv_string = lo_oidcoptions->get_tokenendpoint( ).
lv_string = lo_oidcoptions->get_userinfoendpoint( ).
lv_string = lo_oidcoptions->get_clientid( ).
lv_clientsecrettype = lo_oidcoptions->get_clientsecret( ).
lv_string = lo_oidcoptions->get_scope( ).
ENDIF.
lo_deviceoptions = lo_verifiedaccesstrustprov->get_deviceoptions( ).
IF lo_deviceoptions IS NOT INITIAL.
lv_string = lo_deviceoptions->get_tenantid( ).
lv_string = lo_deviceoptions->get_publicsigningkeyurl( ).
ENDIF.
lv_string = lo_verifiedaccesstrustprov->get_policyreferencename( ).
lv_string = lo_verifiedaccesstrustprov->get_creationtime( ).
lv_string = lo_verifiedaccesstrustprov->get_lastupdatedtime( ).
LOOP AT lo_verifiedaccesstrustprov->get_tags( ) into lo_row.
lo_row_1 = lo_row.
IF lo_row_1 IS NOT INITIAL.
lv_string = lo_row_1->get_key( ).
lv_string = lo_row_1->get_value( ).
ENDIF.
ENDLOOP.
lo_verifiedaccessssespecif = lo_verifiedaccesstrustprov->get_ssespecification( ).
IF lo_verifiedaccessssespecif IS NOT INITIAL.
lv_boolean = lo_verifiedaccessssespecif->get_cusmanagedkeyenabled( ).
lv_kmskeyarn = lo_verifiedaccessssespecif->get_kmskeyarn( ).
ENDIF.
lo_nativeapplicationoidcop = lo_verifiedaccesstrustprov->get_nativeapplicationoidco00( ).
IF lo_nativeapplicationoidcop IS NOT INITIAL.
lv_string = lo_nativeapplicationoidcop->get_publicsigningkeyendpoint( ).
lv_string = lo_nativeapplicationoidcop->get_issuer( ).
lv_string = lo_nativeapplicationoidcop->get_authorizationendpoint( ).
lv_string = lo_nativeapplicationoidcop->get_tokenendpoint( ).
lv_string = lo_nativeapplicationoidcop->get_userinfoendpoint( ).
lv_string = lo_nativeapplicationoidcop->get_clientid( ).
lv_string = lo_nativeapplicationoidcop->get_scope( ).
ENDIF.
ENDIF.
ENDIF.