Skip to content

/AWS1/IF_SUZ=>CREATESUPPORTPERMIT()

About CreateSupportPermit

Creates a support permit that authorizes an AWS support operator to perform specified actions on specified resources. The permit is cryptographically signed using a customer-managed AWS KMS key (ECC_NIST_P384, SIGN_VERIFY) to ensure non-repudiation.

Method Signature

METHODS /AWS1/IF_SUZ~CREATESUPPORTPERMIT
  IMPORTING
    !IO_PERMIT TYPE REF TO /AWS1/CL_SUZPERMIT OPTIONAL
    !IV_NAME TYPE /AWS1/SUZNAME OPTIONAL
    !IV_DESCRIPTION TYPE /AWS1/SUZDESCRIPTION OPTIONAL
    !IO_SIGNINGKEYINFO TYPE REF TO /AWS1/CL_SUZSIGNINGKEYINFO OPTIONAL
    !IV_SUPPORTCASEDISPLAYID TYPE /AWS1/SUZSUPPORTCASEDISPLAYID OPTIONAL
    !IV_CLIENTTOKEN TYPE /AWS1/SUZCLIENTTOKEN OPTIONAL
    !IT_TAGS TYPE /AWS1/CL_SUZTAGS_W=>TT_TAGS OPTIONAL
  RETURNING
    VALUE(OO_OUTPUT) TYPE REF TO /aws1/cl_suzcresupppermitout
  RAISING
    /AWS1/CX_SUZACCESSDENIEDEX
    /AWS1/CX_SUZCONFLICTEXCEPTION
    /AWS1/CX_SUZINTERNALSERVEREX
    /AWS1/CX_SUZSERVICEQUOTAEXCDEX
    /AWS1/CX_SUZTHROTTLINGEX
    /AWS1/CX_SUZVLDTNEXCEPTION
    /AWS1/CX_SUZCLIENTEXC
    /AWS1/CX_SUZSERVEREXC
    /AWS1/CX_RT_TECHNICAL_GENERIC
    /AWS1/CX_RT_SERVICE_GENERIC.

IMPORTING

Required arguments:

io_permit TYPE REF TO /AWS1/CL_SUZPERMIT /AWS1/CL_SUZPERMIT

The permit definition specifying the actions, resources, and time-window conditions that the support operator is authorized to use.

iv_name TYPE /AWS1/SUZNAME /AWS1/SUZNAME

A customer-chosen name for the support permit. Must be between 1 and 256 alphanumeric characters.

io_signingkeyinfo TYPE REF TO /AWS1/CL_SUZSIGNINGKEYINFO /AWS1/CL_SUZSIGNINGKEYINFO

The signing key information used to sign the permit. Must reference an AWS KMS key with key usage SIGN_VERIFY and key spec ECC_NIST_P384.

Optional arguments:

iv_description TYPE /AWS1/SUZDESCRIPTION /AWS1/SUZDESCRIPTION

A human-readable description of why this permit is being created. Maximum length of 1024 characters.

iv_supportcasedisplayid TYPE /AWS1/SUZSUPPORTCASEDISPLAYID /AWS1/SUZSUPPORTCASEDISPLAYID

The display identifier of the AWS Support case associated with this permit.

iv_clienttoken TYPE /AWS1/SUZCLIENTTOKEN /AWS1/SUZCLIENTTOKEN

A unique, case-sensitive identifier to ensure that the operation completes no more than one time. If this token matches a previous request, the service returns the existing permit without creating a duplicate.

it_tags TYPE /AWS1/CL_SUZTAGS_W=>TT_TAGS TT_TAGS

The tags to associate with the support permit on creation.

RETURNING

oo_output TYPE REF TO /aws1/cl_suzcresupppermitout /AWS1/CL_SUZCRESUPPPERMITOUT

Examples

Syntax Example

This is an example of the syntax for calling the method. It includes every possible argument and initializes every possible value. The data provided is not necessarily semantically accurate (for example the value "string" may be provided for something that is intended to be an instance ID, or in some cases two arguments may be mutually exclusive). The syntax shows the ABAP syntax for creating the various data structures.

DATA(lo_result) = lo_client->createsupportpermit(
  io_permit = new /aws1/cl_suzpermit(
    io_actions = new /aws1/cl_suzactionset(
      io_allactions = new /aws1/cl_suzunit( )
      it_actions = VALUE /aws1/cl_suzactions_w=>tt_actions(
        ( new /aws1/cl_suzactions_w( |string| ) )
      )
    )
    io_resources = new /aws1/cl_suzresourceset(
      io_allresourcesinregion = new /aws1/cl_suzunit( )
      it_resources = VALUE /aws1/cl_suzresources_w=>tt_resources(
        ( new /aws1/cl_suzresources_w( |string| ) )
      )
    )
    it_conditions = VALUE /aws1/cl_suzcondition=>tt_conditions(
      (
        new /aws1/cl_suzcondition(
          iv_allowafter = '20150101000000.0000000'
          iv_allowbefore = '20150101000000.0000000'
        )
      )
    )
  )
  io_signingkeyinfo = new /aws1/cl_suzsigningkeyinfo( |string| )
  it_tags = VALUE /aws1/cl_suztags_w=>tt_tags(
    (
      VALUE /aws1/cl_suztags_w=>ts_tags_maprow(
        key = |string|
        value = new /aws1/cl_suztags_w( |string| )
      )
    )
  )
  iv_clienttoken = |string|
  iv_description = |string|
  iv_name = |string|
  iv_supportcasedisplayid = |string|
).

This is an example of reading all possible response values

lo_result = lo_result.
IF lo_result IS NOT INITIAL.
  lv_name = lo_result->get_name( ).
  lv_arn = lo_result->get_arn( ).
  lv_description = lo_result->get_description( ).
  lo_permit = lo_result->get_permit( ).
  IF lo_permit IS NOT INITIAL.
    lo_actionset = lo_permit->get_actions( ).
    IF lo_actionset IS NOT INITIAL.
      lo_unit = lo_actionset->get_allactions( ).
      IF lo_unit IS NOT INITIAL.
      ENDIF.
      LOOP AT lo_actionset->get_actions( ) into lo_row.
        lo_row_1 = lo_row.
        IF lo_row_1 IS NOT INITIAL.
          lv_action = lo_row_1->get_value( ).
        ENDIF.
      ENDLOOP.
    ENDIF.
    lo_resourceset = lo_permit->get_resources( ).
    IF lo_resourceset IS NOT INITIAL.
      lo_unit = lo_resourceset->get_allresourcesinregion( ).
      IF lo_unit IS NOT INITIAL.
      ENDIF.
      LOOP AT lo_resourceset->get_resources( ) into lo_row_2.
        lo_row_3 = lo_row_2.
        IF lo_row_3 IS NOT INITIAL.
          lv_resource = lo_row_3->get_value( ).
        ENDIF.
      ENDLOOP.
    ENDIF.
    LOOP AT lo_permit->get_conditions( ) into lo_row_4.
      lo_row_5 = lo_row_4.
      IF lo_row_5 IS NOT INITIAL.
        lv_timestamp = lo_row_5->get_allowafter( ).
        lv_timestamp = lo_row_5->get_allowbefore( ).
      ENDIF.
    ENDLOOP.
  ENDIF.
  lv_supportpermitstatus = lo_result->get_status( ).
  lo_signingkeyinfo = lo_result->get_signingkeyinfo( ).
  IF lo_signingkeyinfo IS NOT INITIAL.
    lv_kmskeyarn = lo_signingkeyinfo->get_kmskey( ).
  ENDIF.
  lv_timestamp = lo_result->get_createdat( ).
  lv_supportcasedisplayid = lo_result->get_supportcasedisplayid( ).
  LOOP AT lo_result->get_tags( ) into ls_row_6.
    lv_key = ls_row_6-key.
    lo_value = ls_row_6-value.
    IF lo_value IS NOT INITIAL.
      lv_tagvalue = lo_value->get_value( ).
    ENDIF.
  ENDLOOP.
ENDIF.