1// Code generated by smithy-go-codegen DO NOT EDIT. 2 3package s3control 4 5import ( 6 "context" 7 "fmt" 8 awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware" 9 "github.com/aws/aws-sdk-go-v2/aws/signer/v4" 10 s3controlcust "github.com/aws/aws-sdk-go-v2/service/s3control/internal/customizations" 11 smithy "github.com/aws/smithy-go" 12 "github.com/aws/smithy-go/middleware" 13 smithyhttp "github.com/aws/smithy-go/transport/http" 14 "strings" 15) 16 17// This action gets a bucket policy for an Amazon S3 on Outposts bucket. To get a 18// policy for an S3 bucket, see GetBucketPolicy 19// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketPolicy.html) in 20// the Amazon S3 API Reference. Returns the policy of a specified Outposts bucket. 21// For more information, see Using Amazon S3 on Outposts 22// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) in the 23// Amazon S3 User Guide. If you are using an identity other than the root user of 24// the Amazon Web Services account that owns the bucket, the calling identity must 25// have the GetBucketPolicy permissions on the specified bucket and belong to the 26// bucket owner's account in order to use this action. Only users from Outposts 27// bucket owner account with the right permissions can perform actions on an 28// Outposts bucket. If you don't have s3-outposts:GetBucketPolicy permissions or 29// you're not using an identity that belongs to the bucket owner's account, Amazon 30// S3 returns a 403 Access Denied error. As a security precaution, the root user of 31// the Amazon Web Services account that owns a bucket can always use this action, 32// even if the policy explicitly denies the root user the ability to perform this 33// action. For more information about bucket policies, see Using Bucket Policies 34// and User Policies 35// (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-iam-policies.html). All 36// Amazon S3 on Outposts REST API requests for this action require an additional 37// parameter of x-amz-outpost-id to be passed with the request and an S3 on 38// Outposts endpoint hostname prefix instead of s3-control. For an example of the 39// request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint 40// hostname prefix and the x-amz-outpost-id derived using the access point ARN, see 41// the Examples 42// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_GetBucketPolicy.html#API_control_GetBucketPolicy_Examples) 43// section. The following actions are related to GetBucketPolicy: 44// 45// * GetObject 46// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html) 47// 48// * 49// PutBucketPolicy 50// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_PutBucketPolicy.html) 51// 52// * 53// DeleteBucketPolicy 54// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_DeleteBucketPolicy.html) 55func (c *Client) GetBucketPolicy(ctx context.Context, params *GetBucketPolicyInput, optFns ...func(*Options)) (*GetBucketPolicyOutput, error) { 56 if params == nil { 57 params = &GetBucketPolicyInput{} 58 } 59 60 result, metadata, err := c.invokeOperation(ctx, "GetBucketPolicy", params, optFns, c.addOperationGetBucketPolicyMiddlewares) 61 if err != nil { 62 return nil, err 63 } 64 65 out := result.(*GetBucketPolicyOutput) 66 out.ResultMetadata = metadata 67 return out, nil 68} 69 70type GetBucketPolicyInput struct { 71 72 // The Amazon Web Services account ID of the Outposts bucket. 73 // 74 // This member is required. 75 AccountId *string 76 77 // Specifies the bucket. For using this parameter with Amazon S3 on Outposts with 78 // the REST API, you must specify the name and the x-amz-outpost-id as well. For 79 // using this parameter with S3 on Outposts with the Amazon Web Services SDK and 80 // CLI, you must specify the ARN of the bucket accessed in the format 81 // arn:aws:s3-outposts:::outpost//bucket/. For example, to access the bucket 82 // reports through outpost my-outpost owned by account 123456789012 in Region 83 // us-west-2, use the URL encoding of 84 // arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/bucket/reports. 85 // The value must be URL encoded. 86 // 87 // This member is required. 88 Bucket *string 89 90 noSmithyDocumentSerde 91} 92 93type GetBucketPolicyOutput struct { 94 95 // The policy of the Outposts bucket. 96 Policy *string 97 98 // Metadata pertaining to the operation's result. 99 ResultMetadata middleware.Metadata 100 101 noSmithyDocumentSerde 102} 103 104func (c *Client) addOperationGetBucketPolicyMiddlewares(stack *middleware.Stack, options Options) (err error) { 105 err = stack.Serialize.Add(&awsRestxml_serializeOpGetBucketPolicy{}, middleware.After) 106 if err != nil { 107 return err 108 } 109 err = stack.Deserialize.Add(&awsRestxml_deserializeOpGetBucketPolicy{}, middleware.After) 110 if err != nil { 111 return err 112 } 113 if err = addSetLoggerMiddleware(stack, options); err != nil { 114 return err 115 } 116 if err = awsmiddleware.AddClientRequestIDMiddleware(stack); err != nil { 117 return err 118 } 119 if err = smithyhttp.AddComputeContentLengthMiddleware(stack); err != nil { 120 return err 121 } 122 if err = addResolveEndpointMiddleware(stack, options); err != nil { 123 return err 124 } 125 if err = v4.AddComputePayloadSHA256Middleware(stack); err != nil { 126 return err 127 } 128 if err = addRetryMiddlewares(stack, options); err != nil { 129 return err 130 } 131 if err = addHTTPSignerV4Middleware(stack, options); err != nil { 132 return err 133 } 134 if err = awsmiddleware.AddRawResponseToMetadata(stack); err != nil { 135 return err 136 } 137 if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil { 138 return err 139 } 140 if err = addClientUserAgent(stack); err != nil { 141 return err 142 } 143 if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil { 144 return err 145 } 146 if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil { 147 return err 148 } 149 if err = addEndpointPrefix_opGetBucketPolicyMiddleware(stack); err != nil { 150 return err 151 } 152 if err = addOpGetBucketPolicyValidationMiddleware(stack); err != nil { 153 return err 154 } 155 if err = stack.Initialize.Add(newServiceMetadataMiddleware_opGetBucketPolicy(options.Region), middleware.Before); err != nil { 156 return err 157 } 158 if err = addMetadataRetrieverMiddleware(stack); err != nil { 159 return err 160 } 161 if err = addGetBucketPolicyUpdateEndpoint(stack, options); err != nil { 162 return err 163 } 164 if err = addResponseErrorMiddleware(stack); err != nil { 165 return err 166 } 167 if err = v4.AddContentSHA256HeaderMiddleware(stack); err != nil { 168 return err 169 } 170 if err = addRequestResponseLogging(stack, options); err != nil { 171 return err 172 } 173 return nil 174} 175 176type endpointPrefix_opGetBucketPolicyMiddleware struct { 177} 178 179func (*endpointPrefix_opGetBucketPolicyMiddleware) ID() string { 180 return "EndpointHostPrefix" 181} 182 183func (m *endpointPrefix_opGetBucketPolicyMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) ( 184 out middleware.SerializeOutput, metadata middleware.Metadata, err error, 185) { 186 if smithyhttp.GetHostnameImmutable(ctx) || smithyhttp.IsEndpointHostPrefixDisabled(ctx) { 187 return next.HandleSerialize(ctx, in) 188 } 189 190 req, ok := in.Request.(*smithyhttp.Request) 191 if !ok { 192 return out, metadata, fmt.Errorf("unknown transport type %T", in.Request) 193 } 194 195 input, ok := in.Parameters.(*GetBucketPolicyInput) 196 if !ok { 197 return out, metadata, fmt.Errorf("unknown input type %T", in.Parameters) 198 } 199 200 var prefix strings.Builder 201 if input.AccountId == nil { 202 return out, metadata, &smithy.SerializationError{Err: fmt.Errorf("AccountId forms part of the endpoint host and so may not be nil")} 203 } else if !smithyhttp.ValidHostLabel(*input.AccountId) { 204 return out, metadata, &smithy.SerializationError{Err: fmt.Errorf("AccountId forms part of the endpoint host and so must match \"[a-zA-Z0-9-]{1,63}\", but was \"%s\"", *input.AccountId)} 205 } else { 206 prefix.WriteString(*input.AccountId) 207 } 208 prefix.WriteString(".") 209 req.URL.Host = prefix.String() + req.URL.Host 210 211 return next.HandleSerialize(ctx, in) 212} 213func addEndpointPrefix_opGetBucketPolicyMiddleware(stack *middleware.Stack) error { 214 return stack.Serialize.Insert(&endpointPrefix_opGetBucketPolicyMiddleware{}, `OperationSerializer`, middleware.After) 215} 216 217func newServiceMetadataMiddleware_opGetBucketPolicy(region string) *awsmiddleware.RegisterServiceMetadata { 218 return &awsmiddleware.RegisterServiceMetadata{ 219 Region: region, 220 ServiceID: ServiceID, 221 SigningName: "s3", 222 OperationName: "GetBucketPolicy", 223 } 224} 225 226func copyGetBucketPolicyInputForUpdateEndpoint(params interface{}) (interface{}, error) { 227 input, ok := params.(*GetBucketPolicyInput) 228 if !ok { 229 return nil, fmt.Errorf("expect *GetBucketPolicyInput type, got %T", params) 230 } 231 cpy := *input 232 return &cpy, nil 233} 234func getGetBucketPolicyARNMember(input interface{}) (*string, bool) { 235 in := input.(*GetBucketPolicyInput) 236 if in.Bucket == nil { 237 return nil, false 238 } 239 return in.Bucket, true 240} 241func setGetBucketPolicyARNMember(input interface{}, v string) error { 242 in := input.(*GetBucketPolicyInput) 243 in.Bucket = &v 244 return nil 245} 246func backFillGetBucketPolicyAccountID(input interface{}, v string) error { 247 in := input.(*GetBucketPolicyInput) 248 if in.AccountId != nil { 249 if !strings.EqualFold(*in.AccountId, v) { 250 return fmt.Errorf("error backfilling account id") 251 } 252 return nil 253 } 254 in.AccountId = &v 255 return nil 256} 257func addGetBucketPolicyUpdateEndpoint(stack *middleware.Stack, options Options) error { 258 return s3controlcust.UpdateEndpoint(stack, s3controlcust.UpdateEndpointOptions{ 259 Accessor: s3controlcust.UpdateEndpointParameterAccessor{GetARNInput: getGetBucketPolicyARNMember, 260 BackfillAccountID: backFillGetBucketPolicyAccountID, 261 GetOutpostIDInput: nopGetOutpostIDFromInput, 262 UpdateARNField: setGetBucketPolicyARNMember, 263 CopyInput: copyGetBucketPolicyInputForUpdateEndpoint, 264 }, 265 EndpointResolver: options.EndpointResolver, 266 EndpointResolverOptions: options.EndpointOptions, 267 UseDualstack: options.UseDualstack, 268 UseARNRegion: options.UseARNRegion, 269 }) 270} 271