1// Code generated by smithy-go-codegen DO NOT EDIT.
2
3package acmpca
4
5import (
6	"context"
7	"fmt"
8	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
9	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
10	"github.com/aws/aws-sdk-go-v2/service/acmpca/types"
11	"github.com/aws/smithy-go/middleware"
12	smithyhttp "github.com/aws/smithy-go/transport/http"
13)
14
15// List all permissions on a private CA, if any, granted to the AWS Certificate
16// Manager (ACM) service principal (acm.amazonaws.com). These permissions allow ACM
17// to issue and renew ACM certificates that reside in the same AWS account as the
18// CA. Permissions can be granted with the CreatePermission
19// (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreatePermission.html)
20// action and revoked with the DeletePermission
21// (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_DeletePermission.html)
22// action. About Permissions
23//
24// * If the private CA and the certificates it issues
25// reside in the same account, you can use CreatePermission to grant permissions
26// for ACM to carry out automatic certificate renewals.
27//
28// * For automatic
29// certificate renewal to succeed, the ACM service principal needs permissions to
30// create, retrieve, and list certificates.
31//
32// * If the private CA and the ACM
33// certificates reside in different accounts, then permissions cannot be used to
34// enable automatic renewals. Instead, the ACM certificate owner must set up a
35// resource-based policy to enable cross-account issuance and renewals. For more
36// information, see Using a Resource Based Policy with ACM Private CA
37// (https://docs.aws.amazon.com/acm-pca/latest/userguide/pca-rbp.html).
38func (c *Client) ListPermissions(ctx context.Context, params *ListPermissionsInput, optFns ...func(*Options)) (*ListPermissionsOutput, error) {
39	if params == nil {
40		params = &ListPermissionsInput{}
41	}
42
43	result, metadata, err := c.invokeOperation(ctx, "ListPermissions", params, optFns, addOperationListPermissionsMiddlewares)
44	if err != nil {
45		return nil, err
46	}
47
48	out := result.(*ListPermissionsOutput)
49	out.ResultMetadata = metadata
50	return out, nil
51}
52
53type ListPermissionsInput struct {
54
55	// The Amazon Resource Number (ARN) of the private CA to inspect. You can find the
56	// ARN by calling the ListCertificateAuthorities
57	// (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_ListCertificateAuthorities.html)
58	// action. This must be of the form:
59	// arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
60	// You can get a private CA's ARN by running the ListCertificateAuthorities
61	// (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_ListCertificateAuthorities.html)
62	// action.
63	//
64	// This member is required.
65	CertificateAuthorityArn *string
66
67	// When paginating results, use this parameter to specify the maximum number of
68	// items to return in the response. If additional items exist beyond the number you
69	// specify, the NextToken element is sent in the response. Use this NextToken value
70	// in a subsequent request to retrieve additional items.
71	MaxResults *int32
72
73	// When paginating results, use this parameter in a subsequent request after you
74	// receive a response with truncated results. Set it to the value of NextToken from
75	// the response you just received.
76	NextToken *string
77}
78
79type ListPermissionsOutput struct {
80
81	// When the list is truncated, this value is present and should be used for the
82	// NextToken parameter in a subsequent pagination request.
83	NextToken *string
84
85	// Summary information about each permission assigned by the specified private CA,
86	// including the action enabled, the policy provided, and the time of creation.
87	Permissions []types.Permission
88
89	// Metadata pertaining to the operation's result.
90	ResultMetadata middleware.Metadata
91}
92
93func addOperationListPermissionsMiddlewares(stack *middleware.Stack, options Options) (err error) {
94	err = stack.Serialize.Add(&awsAwsjson11_serializeOpListPermissions{}, middleware.After)
95	if err != nil {
96		return err
97	}
98	err = stack.Deserialize.Add(&awsAwsjson11_deserializeOpListPermissions{}, middleware.After)
99	if err != nil {
100		return err
101	}
102	if err = addSetLoggerMiddleware(stack, options); err != nil {
103		return err
104	}
105	if err = awsmiddleware.AddClientRequestIDMiddleware(stack); err != nil {
106		return err
107	}
108	if err = smithyhttp.AddComputeContentLengthMiddleware(stack); err != nil {
109		return err
110	}
111	if err = addResolveEndpointMiddleware(stack, options); err != nil {
112		return err
113	}
114	if err = v4.AddComputePayloadSHA256Middleware(stack); err != nil {
115		return err
116	}
117	if err = addRetryMiddlewares(stack, options); err != nil {
118		return err
119	}
120	if err = addHTTPSignerV4Middleware(stack, options); err != nil {
121		return err
122	}
123	if err = awsmiddleware.AddRawResponseToMetadata(stack); err != nil {
124		return err
125	}
126	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
127		return err
128	}
129	if err = addClientUserAgent(stack); err != nil {
130		return err
131	}
132	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
133		return err
134	}
135	if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil {
136		return err
137	}
138	if err = addOpListPermissionsValidationMiddleware(stack); err != nil {
139		return err
140	}
141	if err = stack.Initialize.Add(newServiceMetadataMiddleware_opListPermissions(options.Region), middleware.Before); err != nil {
142		return err
143	}
144	if err = addRequestIDRetrieverMiddleware(stack); err != nil {
145		return err
146	}
147	if err = addResponseErrorMiddleware(stack); err != nil {
148		return err
149	}
150	if err = addRequestResponseLogging(stack, options); err != nil {
151		return err
152	}
153	return nil
154}
155
156// ListPermissionsAPIClient is a client that implements the ListPermissions
157// operation.
158type ListPermissionsAPIClient interface {
159	ListPermissions(context.Context, *ListPermissionsInput, ...func(*Options)) (*ListPermissionsOutput, error)
160}
161
162var _ ListPermissionsAPIClient = (*Client)(nil)
163
164// ListPermissionsPaginatorOptions is the paginator options for ListPermissions
165type ListPermissionsPaginatorOptions struct {
166	// When paginating results, use this parameter to specify the maximum number of
167	// items to return in the response. If additional items exist beyond the number you
168	// specify, the NextToken element is sent in the response. Use this NextToken value
169	// in a subsequent request to retrieve additional items.
170	Limit int32
171
172	// Set to true if pagination should stop if the service returns a pagination token
173	// that matches the most recent token provided to the service.
174	StopOnDuplicateToken bool
175}
176
177// ListPermissionsPaginator is a paginator for ListPermissions
178type ListPermissionsPaginator struct {
179	options   ListPermissionsPaginatorOptions
180	client    ListPermissionsAPIClient
181	params    *ListPermissionsInput
182	nextToken *string
183	firstPage bool
184}
185
186// NewListPermissionsPaginator returns a new ListPermissionsPaginator
187func NewListPermissionsPaginator(client ListPermissionsAPIClient, params *ListPermissionsInput, optFns ...func(*ListPermissionsPaginatorOptions)) *ListPermissionsPaginator {
188	if params == nil {
189		params = &ListPermissionsInput{}
190	}
191
192	options := ListPermissionsPaginatorOptions{}
193	if params.MaxResults != nil {
194		options.Limit = *params.MaxResults
195	}
196
197	for _, fn := range optFns {
198		fn(&options)
199	}
200
201	return &ListPermissionsPaginator{
202		options:   options,
203		client:    client,
204		params:    params,
205		firstPage: true,
206	}
207}
208
209// HasMorePages returns a boolean indicating whether more pages are available
210func (p *ListPermissionsPaginator) HasMorePages() bool {
211	return p.firstPage || p.nextToken != nil
212}
213
214// NextPage retrieves the next ListPermissions page.
215func (p *ListPermissionsPaginator) NextPage(ctx context.Context, optFns ...func(*Options)) (*ListPermissionsOutput, error) {
216	if !p.HasMorePages() {
217		return nil, fmt.Errorf("no more pages available")
218	}
219
220	params := *p.params
221	params.NextToken = p.nextToken
222
223	var limit *int32
224	if p.options.Limit > 0 {
225		limit = &p.options.Limit
226	}
227	params.MaxResults = limit
228
229	result, err := p.client.ListPermissions(ctx, &params, optFns...)
230	if err != nil {
231		return nil, err
232	}
233	p.firstPage = false
234
235	prevToken := p.nextToken
236	p.nextToken = result.NextToken
237
238	if p.options.StopOnDuplicateToken && prevToken != nil && p.nextToken != nil && *prevToken == *p.nextToken {
239		p.nextToken = nil
240	}
241
242	return result, nil
243}
244
245func newServiceMetadataMiddleware_opListPermissions(region string) *awsmiddleware.RegisterServiceMetadata {
246	return &awsmiddleware.RegisterServiceMetadata{
247		Region:        region,
248		ServiceID:     ServiceID,
249		SigningName:   "acm-pca",
250		OperationName: "ListPermissions",
251	}
252}
253