1// Code generated by smithy-go-codegen DO NOT EDIT. 2 3package acmpca 4 5import ( 6 "context" 7 awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware" 8 "github.com/aws/aws-sdk-go-v2/aws/signer/v4" 9 "github.com/aws/smithy-go/middleware" 10 smithyhttp "github.com/aws/smithy-go/transport/http" 11) 12 13// Deletes the resource-based policy attached to a private CA. Deletion will remove 14// any access that the policy has granted. If there is no policy attached to the 15// private CA, this action will return successful. If you delete a policy that was 16// applied through AWS Resource Access Manager (RAM), the CA will be removed from 17// all shares in which it was included. The AWS Certificate Manager Service Linked 18// Role that the policy supports is not affected when you delete the policy. The 19// current policy can be shown with GetPolicy 20// (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_GetPolicy.html) and 21// updated with PutPolicy 22// (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_PutPolicy.html). 23// About Policies 24// 25// * A policy grants access on a private CA to an AWS customer 26// account, to AWS Organizations, or to an AWS Organizations unit. Policies are 27// under the control of a CA administrator. For more information, see Using a 28// Resource Based Policy with ACM Private CA 29// (https://docs.aws.amazon.com/acm-pca/latest/userguide/pca-rbp.html). 30// 31// * A policy 32// permits a user of AWS Certificate Manager (ACM) to issue ACM certificates signed 33// by a CA in another account. 34// 35// * For ACM to manage automatic renewal of these 36// certificates, the ACM user must configure a Service Linked Role (SLR). The SLR 37// allows the ACM service to assume the identity of the user, subject to 38// confirmation against the ACM Private CA policy. For more information, see Using 39// a Service Linked Role with ACM 40// (https://docs.aws.amazon.com/acm/latest/userguide/acm-slr.html). 41// 42// * Updates made 43// in AWS Resource Manager (RAM) are reflected in policies. For more information, 44// see Attach a Policy for Cross-Account Access 45// (https://docs.aws.amazon.com/acm-pca/latest/userguide/pca-ram.html). 46func (c *Client) DeletePolicy(ctx context.Context, params *DeletePolicyInput, optFns ...func(*Options)) (*DeletePolicyOutput, error) { 47 if params == nil { 48 params = &DeletePolicyInput{} 49 } 50 51 result, metadata, err := c.invokeOperation(ctx, "DeletePolicy", params, optFns, addOperationDeletePolicyMiddlewares) 52 if err != nil { 53 return nil, err 54 } 55 56 out := result.(*DeletePolicyOutput) 57 out.ResultMetadata = metadata 58 return out, nil 59} 60 61type DeletePolicyInput struct { 62 63 // The Amazon Resource Number (ARN) of the private CA that will have its policy 64 // deleted. You can find the CA's ARN by calling the ListCertificateAuthorities 65 // (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_ListCertificateAuthorities.html) 66 // action. The ARN value must have the form 67 // arn:aws:acm-pca:region:account:certificate-authority/01234567-89ab-cdef-0123-0123456789ab. 68 // 69 // This member is required. 70 ResourceArn *string 71} 72 73type DeletePolicyOutput struct { 74 // Metadata pertaining to the operation's result. 75 ResultMetadata middleware.Metadata 76} 77 78func addOperationDeletePolicyMiddlewares(stack *middleware.Stack, options Options) (err error) { 79 err = stack.Serialize.Add(&awsAwsjson11_serializeOpDeletePolicy{}, middleware.After) 80 if err != nil { 81 return err 82 } 83 err = stack.Deserialize.Add(&awsAwsjson11_deserializeOpDeletePolicy{}, middleware.After) 84 if err != nil { 85 return err 86 } 87 if err = addSetLoggerMiddleware(stack, options); err != nil { 88 return err 89 } 90 if err = awsmiddleware.AddClientRequestIDMiddleware(stack); err != nil { 91 return err 92 } 93 if err = smithyhttp.AddComputeContentLengthMiddleware(stack); err != nil { 94 return err 95 } 96 if err = addResolveEndpointMiddleware(stack, options); err != nil { 97 return err 98 } 99 if err = v4.AddComputePayloadSHA256Middleware(stack); err != nil { 100 return err 101 } 102 if err = addRetryMiddlewares(stack, options); err != nil { 103 return err 104 } 105 if err = addHTTPSignerV4Middleware(stack, options); err != nil { 106 return err 107 } 108 if err = awsmiddleware.AddRawResponseToMetadata(stack); err != nil { 109 return err 110 } 111 if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil { 112 return err 113 } 114 if err = addClientUserAgent(stack); err != nil { 115 return err 116 } 117 if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil { 118 return err 119 } 120 if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil { 121 return err 122 } 123 if err = addOpDeletePolicyValidationMiddleware(stack); err != nil { 124 return err 125 } 126 if err = stack.Initialize.Add(newServiceMetadataMiddleware_opDeletePolicy(options.Region), middleware.Before); err != nil { 127 return err 128 } 129 if err = addRequestIDRetrieverMiddleware(stack); err != nil { 130 return err 131 } 132 if err = addResponseErrorMiddleware(stack); err != nil { 133 return err 134 } 135 if err = addRequestResponseLogging(stack, options); err != nil { 136 return err 137 } 138 return nil 139} 140 141func newServiceMetadataMiddleware_opDeletePolicy(region string) *awsmiddleware.RegisterServiceMetadata { 142 return &awsmiddleware.RegisterServiceMetadata{ 143 Region: region, 144 ServiceID: ServiceID, 145 SigningName: "acm-pca", 146 OperationName: "DeletePolicy", 147 } 148} 149