1// Code generated by smithy-go-codegen DO NOT EDIT.
2
3package acmpca
4
5import (
6	"context"
7	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
8	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
9	"github.com/aws/smithy-go/middleware"
10	smithyhttp "github.com/aws/smithy-go/transport/http"
11)
12
13// Deletes the resource-based policy attached to a private CA. Deletion will remove
14// any access that the policy has granted. If there is no policy attached to the
15// private CA, this action will return successful. If you delete a policy that was
16// applied through AWS Resource Access Manager (RAM), the CA will be removed from
17// all shares in which it was included. The AWS Certificate Manager Service Linked
18// Role that the policy supports is not affected when you delete the policy. The
19// current policy can be shown with GetPolicy
20// (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_GetPolicy.html) and
21// updated with PutPolicy
22// (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_PutPolicy.html).
23// About Policies
24//
25// * A policy grants access on a private CA to an AWS customer
26// account, to AWS Organizations, or to an AWS Organizations unit. Policies are
27// under the control of a CA administrator. For more information, see Using a
28// Resource Based Policy with ACM Private CA
29// (https://docs.aws.amazon.com/acm-pca/latest/userguide/pca-rbp.html).
30//
31// * A policy
32// permits a user of AWS Certificate Manager (ACM) to issue ACM certificates signed
33// by a CA in another account.
34//
35// * For ACM to manage automatic renewal of these
36// certificates, the ACM user must configure a Service Linked Role (SLR). The SLR
37// allows the ACM service to assume the identity of the user, subject to
38// confirmation against the ACM Private CA policy. For more information, see Using
39// a Service Linked Role with ACM
40// (https://docs.aws.amazon.com/acm/latest/userguide/acm-slr.html).
41//
42// * Updates made
43// in AWS Resource Manager (RAM) are reflected in policies. For more information,
44// see Attach a Policy for Cross-Account Access
45// (https://docs.aws.amazon.com/acm-pca/latest/userguide/pca-ram.html).
46func (c *Client) DeletePolicy(ctx context.Context, params *DeletePolicyInput, optFns ...func(*Options)) (*DeletePolicyOutput, error) {
47	if params == nil {
48		params = &DeletePolicyInput{}
49	}
50
51	result, metadata, err := c.invokeOperation(ctx, "DeletePolicy", params, optFns, addOperationDeletePolicyMiddlewares)
52	if err != nil {
53		return nil, err
54	}
55
56	out := result.(*DeletePolicyOutput)
57	out.ResultMetadata = metadata
58	return out, nil
59}
60
61type DeletePolicyInput struct {
62
63	// The Amazon Resource Number (ARN) of the private CA that will have its policy
64	// deleted. You can find the CA's ARN by calling the ListCertificateAuthorities
65	// (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_ListCertificateAuthorities.html)
66	// action. The ARN value must have the form
67	// arn:aws:acm-pca:region:account:certificate-authority/01234567-89ab-cdef-0123-0123456789ab.
68	//
69	// This member is required.
70	ResourceArn *string
71}
72
73type DeletePolicyOutput struct {
74	// Metadata pertaining to the operation's result.
75	ResultMetadata middleware.Metadata
76}
77
78func addOperationDeletePolicyMiddlewares(stack *middleware.Stack, options Options) (err error) {
79	err = stack.Serialize.Add(&awsAwsjson11_serializeOpDeletePolicy{}, middleware.After)
80	if err != nil {
81		return err
82	}
83	err = stack.Deserialize.Add(&awsAwsjson11_deserializeOpDeletePolicy{}, middleware.After)
84	if err != nil {
85		return err
86	}
87	if err = addSetLoggerMiddleware(stack, options); err != nil {
88		return err
89	}
90	if err = awsmiddleware.AddClientRequestIDMiddleware(stack); err != nil {
91		return err
92	}
93	if err = smithyhttp.AddComputeContentLengthMiddleware(stack); err != nil {
94		return err
95	}
96	if err = addResolveEndpointMiddleware(stack, options); err != nil {
97		return err
98	}
99	if err = v4.AddComputePayloadSHA256Middleware(stack); err != nil {
100		return err
101	}
102	if err = addRetryMiddlewares(stack, options); err != nil {
103		return err
104	}
105	if err = addHTTPSignerV4Middleware(stack, options); err != nil {
106		return err
107	}
108	if err = awsmiddleware.AddRawResponseToMetadata(stack); err != nil {
109		return err
110	}
111	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
112		return err
113	}
114	if err = addClientUserAgent(stack); err != nil {
115		return err
116	}
117	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
118		return err
119	}
120	if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil {
121		return err
122	}
123	if err = addOpDeletePolicyValidationMiddleware(stack); err != nil {
124		return err
125	}
126	if err = stack.Initialize.Add(newServiceMetadataMiddleware_opDeletePolicy(options.Region), middleware.Before); err != nil {
127		return err
128	}
129	if err = addRequestIDRetrieverMiddleware(stack); err != nil {
130		return err
131	}
132	if err = addResponseErrorMiddleware(stack); err != nil {
133		return err
134	}
135	if err = addRequestResponseLogging(stack, options); err != nil {
136		return err
137	}
138	return nil
139}
140
141func newServiceMetadataMiddleware_opDeletePolicy(region string) *awsmiddleware.RegisterServiceMetadata {
142	return &awsmiddleware.RegisterServiceMetadata{
143		Region:        region,
144		ServiceID:     ServiceID,
145		SigningName:   "acm-pca",
146		OperationName: "DeletePolicy",
147	}
148}
149