/AWS1/IF_SUZ=>CREATESUPPORTPERMIT()¶
About CreateSupportPermit¶
Creates a support permit that authorizes an AWS support operator to perform specified actions on specified resources. The permit is cryptographically signed using a customer-managed AWS KMS key (ECC_NIST_P384, SIGN_VERIFY) to ensure non-repudiation.
Method Signature¶
METHODS /AWS1/IF_SUZ~CREATESUPPORTPERMIT
IMPORTING
!IO_PERMIT TYPE REF TO /AWS1/CL_SUZPERMIT OPTIONAL
!IV_NAME TYPE /AWS1/SUZNAME OPTIONAL
!IV_DESCRIPTION TYPE /AWS1/SUZDESCRIPTION OPTIONAL
!IO_SIGNINGKEYINFO TYPE REF TO /AWS1/CL_SUZSIGNINGKEYINFO OPTIONAL
!IV_SUPPORTCASEDISPLAYID TYPE /AWS1/SUZSUPPORTCASEDISPLAYID OPTIONAL
!IV_CLIENTTOKEN TYPE /AWS1/SUZCLIENTTOKEN OPTIONAL
!IT_TAGS TYPE /AWS1/CL_SUZTAGS_W=>TT_TAGS OPTIONAL
RETURNING
VALUE(OO_OUTPUT) TYPE REF TO /aws1/cl_suzcresupppermitout
RAISING
/AWS1/CX_SUZACCESSDENIEDEX
/AWS1/CX_SUZCONFLICTEXCEPTION
/AWS1/CX_SUZINTERNALSERVEREX
/AWS1/CX_SUZSERVICEQUOTAEXCDEX
/AWS1/CX_SUZTHROTTLINGEX
/AWS1/CX_SUZVLDTNEXCEPTION
/AWS1/CX_SUZCLIENTEXC
/AWS1/CX_SUZSERVEREXC
/AWS1/CX_RT_TECHNICAL_GENERIC
/AWS1/CX_RT_SERVICE_GENERIC.
IMPORTING¶
Required arguments:¶
io_permit TYPE REF TO /AWS1/CL_SUZPERMIT /AWS1/CL_SUZPERMIT¶
The permit definition specifying the actions, resources, and time-window conditions that the support operator is authorized to use.
iv_name TYPE /AWS1/SUZNAME /AWS1/SUZNAME¶
A customer-chosen name for the support permit. Must be between 1 and 256 alphanumeric characters.
io_signingkeyinfo TYPE REF TO /AWS1/CL_SUZSIGNINGKEYINFO /AWS1/CL_SUZSIGNINGKEYINFO¶
The signing key information used to sign the permit. Must reference an AWS KMS key with key usage SIGN_VERIFY and key spec ECC_NIST_P384.
Optional arguments:¶
iv_description TYPE /AWS1/SUZDESCRIPTION /AWS1/SUZDESCRIPTION¶
A human-readable description of why this permit is being created. Maximum length of 1024 characters.
iv_supportcasedisplayid TYPE /AWS1/SUZSUPPORTCASEDISPLAYID /AWS1/SUZSUPPORTCASEDISPLAYID¶
The display identifier of the AWS Support case associated with this permit.
iv_clienttoken TYPE /AWS1/SUZCLIENTTOKEN /AWS1/SUZCLIENTTOKEN¶
A unique, case-sensitive identifier to ensure that the operation completes no more than one time. If this token matches a previous request, the service returns the existing permit without creating a duplicate.
it_tags TYPE /AWS1/CL_SUZTAGS_W=>TT_TAGS TT_TAGS¶
The tags to associate with the support permit on creation.
RETURNING¶
oo_output TYPE REF TO /aws1/cl_suzcresupppermitout /AWS1/CL_SUZCRESUPPPERMITOUT¶
Examples¶
Syntax Example¶
This is an example of the syntax for calling the method. It includes every possible argument and initializes every possible value. The data provided is not necessarily semantically accurate (for example the value "string" may be provided for something that is intended to be an instance ID, or in some cases two arguments may be mutually exclusive). The syntax shows the ABAP syntax for creating the various data structures.
DATA(lo_result) = lo_client->createsupportpermit(
io_permit = new /aws1/cl_suzpermit(
io_actions = new /aws1/cl_suzactionset(
io_allactions = new /aws1/cl_suzunit( )
it_actions = VALUE /aws1/cl_suzactions_w=>tt_actions(
( new /aws1/cl_suzactions_w( |string| ) )
)
)
io_resources = new /aws1/cl_suzresourceset(
io_allresourcesinregion = new /aws1/cl_suzunit( )
it_resources = VALUE /aws1/cl_suzresources_w=>tt_resources(
( new /aws1/cl_suzresources_w( |string| ) )
)
)
it_conditions = VALUE /aws1/cl_suzcondition=>tt_conditions(
(
new /aws1/cl_suzcondition(
iv_allowafter = '20150101000000.0000000'
iv_allowbefore = '20150101000000.0000000'
)
)
)
)
io_signingkeyinfo = new /aws1/cl_suzsigningkeyinfo( |string| )
it_tags = VALUE /aws1/cl_suztags_w=>tt_tags(
(
VALUE /aws1/cl_suztags_w=>ts_tags_maprow(
key = |string|
value = new /aws1/cl_suztags_w( |string| )
)
)
)
iv_clienttoken = |string|
iv_description = |string|
iv_name = |string|
iv_supportcasedisplayid = |string|
).
This is an example of reading all possible response values
lo_result = lo_result.
IF lo_result IS NOT INITIAL.
lv_name = lo_result->get_name( ).
lv_arn = lo_result->get_arn( ).
lv_description = lo_result->get_description( ).
lo_permit = lo_result->get_permit( ).
IF lo_permit IS NOT INITIAL.
lo_actionset = lo_permit->get_actions( ).
IF lo_actionset IS NOT INITIAL.
lo_unit = lo_actionset->get_allactions( ).
IF lo_unit IS NOT INITIAL.
ENDIF.
LOOP AT lo_actionset->get_actions( ) into lo_row.
lo_row_1 = lo_row.
IF lo_row_1 IS NOT INITIAL.
lv_action = lo_row_1->get_value( ).
ENDIF.
ENDLOOP.
ENDIF.
lo_resourceset = lo_permit->get_resources( ).
IF lo_resourceset IS NOT INITIAL.
lo_unit = lo_resourceset->get_allresourcesinregion( ).
IF lo_unit IS NOT INITIAL.
ENDIF.
LOOP AT lo_resourceset->get_resources( ) into lo_row_2.
lo_row_3 = lo_row_2.
IF lo_row_3 IS NOT INITIAL.
lv_resource = lo_row_3->get_value( ).
ENDIF.
ENDLOOP.
ENDIF.
LOOP AT lo_permit->get_conditions( ) into lo_row_4.
lo_row_5 = lo_row_4.
IF lo_row_5 IS NOT INITIAL.
lv_timestamp = lo_row_5->get_allowafter( ).
lv_timestamp = lo_row_5->get_allowbefore( ).
ENDIF.
ENDLOOP.
ENDIF.
lv_supportpermitstatus = lo_result->get_status( ).
lo_signingkeyinfo = lo_result->get_signingkeyinfo( ).
IF lo_signingkeyinfo IS NOT INITIAL.
lv_kmskeyarn = lo_signingkeyinfo->get_kmskey( ).
ENDIF.
lv_timestamp = lo_result->get_createdat( ).
lv_supportcasedisplayid = lo_result->get_supportcasedisplayid( ).
LOOP AT lo_result->get_tags( ) into ls_row_6.
lv_key = ls_row_6-key.
lo_value = ls_row_6-value.
IF lo_value IS NOT INITIAL.
lv_tagvalue = lo_value->get_value( ).
ENDIF.
ENDLOOP.
ENDIF.