import { IAM } from "aws-sdk";
import { NewKeyHandler } from "./newKeyHandler";
export declare class KeyRotator {
    private iam;
    private newKeyHandler;
    /**
     * Construct a new KeyRotator
     * @param iam the IAM Service Provider
     * @param newKeyHandler the callback invoked on creation of a new key. Takes the new key as a parameter
     */
    constructor(iam: IAM, newKeyHandler: NewKeyHandler);
    /**
     * Rotate the Access Key(s) for a given IAM User
     * @param user the IAM User
     */
    rotateKeys: (user: string) => Promise<void>;
    /**
     * Gets the existing Access Keys for a given IAM User
     * @param user the IAM User to get the Access Keys for
     */
    private getExistingKeys;
    /**
     * Performs the core key rotation steps: creating a new key, propagating it as required and
     * deleting any old keys.
     * @param user the IAM User that the Access Keys belong to
     * @param keys the Access Keys to rotate
     */
    private performKeyRotation;
    /**
     * Creates a new Access Key and performs some self-healing if an error occurs during creation.
     * If key creation fails then inactive keys will be deleted and the creation will be retried.
     * @param user the IAM User that the Access Keys belong to
     * @param keys the Access Keys to rotate
     */
    private createNewKey;
    /**
     * Creates a new Access Key.
     * @param user the IAM User to create a new Access Key for
     */
    private createKey;
    /**
     * Handles the provided key using the custom NewKeyHandler and deletes it if
     * the handler returns a rejected promise.
     * @param user the IAM User that the key belongs to
     * @param key the key to pass to the NewKeyHandler
     */
    private handleNewKey;
    /**
     * Deletes all keys in a given list for a given user which pass the given filter. If no filter is
     * provided then deletes all the given keys.
     * @param user the IAM User that the keys belong to
     * @param keys the list of keys to delete keys from
     * @param filter a function taking a single key and returning true if that key should be deleted and false
     *                  otherwise
     */
    private deleteKeys;
    /**
     * Deletes a given key.
     * @param user the IAM User that the keys belong to
     * @param key the key to delete
     */
    private deleteKey;
}