listRetirableGrants method

Future<ListGrantsResponse> listRetirableGrants({ required String retiringPrincipal, int? limit, String? marker, })

Returns all grants in which the specified principal is the RetiringPrincipal in the grant.

You can specify any principal in your AWS account. The grants that are returned include grants for CMKs in your AWS account and other AWS accounts.

You might use this operation to determine which grants you may retire. To retire a grant, use the RetireGrant operation.

Cross-account use: You must specify a principal in your AWS account. However, this operation can return grants in any AWS account. You do not need kms:ListRetirableGrants permission (or any other additional permission) in any AWS account other than your own.

Required permissions: kms:ListRetirableGrants (IAM policy) in your AWS account.

Related operations:

• CreateGrant
• ListGrants
• RetireGrant
• RevokeGrant

May throw DependencyTimeoutException. May throw InvalidMarkerException. May throw InvalidArnException. May throw NotFoundException. May throw KMSInternalException.

Parameter retiringPrincipal : The retiring principal for which to list grants. Enter a principal in your AWS account.

To specify the retiring principal, use the Amazon Resource Name (ARN) of an AWS principal. Valid AWS principals include AWS accounts (root), IAM users, federated users, and assumed role users. For examples of the ARN syntax for specifying a principal, see AWS Identity and Access Management (IAM) in the Example ARNs section of the Amazon Web Services General Reference.

Parameter limit : Use this parameter to specify the maximum number of items to return. When this value is present, AWS KMS does not return more than the specified number of items, but it might return fewer.

This value is optional. If you include a value, it must be between 1 and 100, inclusive. If you do not include a value, it defaults to 50.

Parameter marker : Use this parameter in a subsequent request after you receive a response with truncated results. Set it to the value of NextMarker from the truncated response you just received.

Implementation

Future<ListGrantsResponse> listRetirableGrants({
  required String retiringPrincipal,
  int? limit,
  String? marker,
}) async {
  ArgumentError.checkNotNull(retiringPrincipal, 'retiringPrincipal');
  _s.validateStringLength(
    'retiringPrincipal',
    retiringPrincipal,
    1,
    256,
    isRequired: true,
  );
  _s.validateNumRange(
    'limit',
    limit,
    1,
    1000,
  );
  _s.validateStringLength(
    'marker',
    marker,
    1,
    1024,
  );
  final headers = <String, String>{
    'Content-Type': 'application/x-amz-json-1.1',
    'X-Amz-Target': 'TrentService.ListRetirableGrants'
  };
  final jsonResponse = await _protocol.send(
    method: 'POST',
    requestUri: '/',
    exceptionFnMap: _exceptionFns,
    // TODO queryParams
    headers: headers,
    payload: {
      'RetiringPrincipal': retiringPrincipal,
      if (limit != null) 'Limit': limit,
      if (marker != null) 'Marker': marker,
    },
  );

  return ListGrantsResponse.fromJson(jsonResponse.body);
}