1// Code generated by smithy-go-codegen DO NOT EDIT. 2 3package acmpca 4 5import ( 6 "context" 7 "fmt" 8 awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware" 9 "github.com/aws/aws-sdk-go-v2/aws/signer/v4" 10 "github.com/aws/aws-sdk-go-v2/service/acmpca/types" 11 "github.com/aws/smithy-go/middleware" 12 smithyhttp "github.com/aws/smithy-go/transport/http" 13) 14 15// List all permissions on a private CA, if any, granted to the AWS Certificate 16// Manager (ACM) service principal (acm.amazonaws.com). These permissions allow ACM 17// to issue and renew ACM certificates that reside in the same AWS account as the 18// CA. Permissions can be granted with the CreatePermission 19// (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreatePermission.html) 20// action and revoked with the DeletePermission 21// (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_DeletePermission.html) 22// action. About Permissions 23// 24// * If the private CA and the certificates it issues 25// reside in the same account, you can use CreatePermission to grant permissions 26// for ACM to carry out automatic certificate renewals. 27// 28// * For automatic 29// certificate renewal to succeed, the ACM service principal needs permissions to 30// create, retrieve, and list certificates. 31// 32// * If the private CA and the ACM 33// certificates reside in different accounts, then permissions cannot be used to 34// enable automatic renewals. Instead, the ACM certificate owner must set up a 35// resource-based policy to enable cross-account issuance and renewals. For more 36// information, see Using a Resource Based Policy with ACM Private CA 37// (https://docs.aws.amazon.com/acm-pca/latest/userguide/pca-rbp.html). 38func (c *Client) ListPermissions(ctx context.Context, params *ListPermissionsInput, optFns ...func(*Options)) (*ListPermissionsOutput, error) { 39 if params == nil { 40 params = &ListPermissionsInput{} 41 } 42 43 result, metadata, err := c.invokeOperation(ctx, "ListPermissions", params, optFns, addOperationListPermissionsMiddlewares) 44 if err != nil { 45 return nil, err 46 } 47 48 out := result.(*ListPermissionsOutput) 49 out.ResultMetadata = metadata 50 return out, nil 51} 52 53type ListPermissionsInput struct { 54 55 // The Amazon Resource Number (ARN) of the private CA to inspect. You can find the 56 // ARN by calling the ListCertificateAuthorities 57 // (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_ListCertificateAuthorities.html) 58 // action. This must be of the form: 59 // arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012 60 // You can get a private CA's ARN by running the ListCertificateAuthorities 61 // (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_ListCertificateAuthorities.html) 62 // action. 63 // 64 // This member is required. 65 CertificateAuthorityArn *string 66 67 // When paginating results, use this parameter to specify the maximum number of 68 // items to return in the response. If additional items exist beyond the number you 69 // specify, the NextToken element is sent in the response. Use this NextToken value 70 // in a subsequent request to retrieve additional items. 71 MaxResults *int32 72 73 // When paginating results, use this parameter in a subsequent request after you 74 // receive a response with truncated results. Set it to the value of NextToken from 75 // the response you just received. 76 NextToken *string 77} 78 79type ListPermissionsOutput struct { 80 81 // When the list is truncated, this value is present and should be used for the 82 // NextToken parameter in a subsequent pagination request. 83 NextToken *string 84 85 // Summary information about each permission assigned by the specified private CA, 86 // including the action enabled, the policy provided, and the time of creation. 87 Permissions []types.Permission 88 89 // Metadata pertaining to the operation's result. 90 ResultMetadata middleware.Metadata 91} 92 93func addOperationListPermissionsMiddlewares(stack *middleware.Stack, options Options) (err error) { 94 err = stack.Serialize.Add(&awsAwsjson11_serializeOpListPermissions{}, middleware.After) 95 if err != nil { 96 return err 97 } 98 err = stack.Deserialize.Add(&awsAwsjson11_deserializeOpListPermissions{}, middleware.After) 99 if err != nil { 100 return err 101 } 102 if err = addSetLoggerMiddleware(stack, options); err != nil { 103 return err 104 } 105 if err = awsmiddleware.AddClientRequestIDMiddleware(stack); err != nil { 106 return err 107 } 108 if err = smithyhttp.AddComputeContentLengthMiddleware(stack); err != nil { 109 return err 110 } 111 if err = addResolveEndpointMiddleware(stack, options); err != nil { 112 return err 113 } 114 if err = v4.AddComputePayloadSHA256Middleware(stack); err != nil { 115 return err 116 } 117 if err = addRetryMiddlewares(stack, options); err != nil { 118 return err 119 } 120 if err = addHTTPSignerV4Middleware(stack, options); err != nil { 121 return err 122 } 123 if err = awsmiddleware.AddRawResponseToMetadata(stack); err != nil { 124 return err 125 } 126 if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil { 127 return err 128 } 129 if err = addClientUserAgent(stack); err != nil { 130 return err 131 } 132 if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil { 133 return err 134 } 135 if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil { 136 return err 137 } 138 if err = addOpListPermissionsValidationMiddleware(stack); err != nil { 139 return err 140 } 141 if err = stack.Initialize.Add(newServiceMetadataMiddleware_opListPermissions(options.Region), middleware.Before); err != nil { 142 return err 143 } 144 if err = addRequestIDRetrieverMiddleware(stack); err != nil { 145 return err 146 } 147 if err = addResponseErrorMiddleware(stack); err != nil { 148 return err 149 } 150 if err = addRequestResponseLogging(stack, options); err != nil { 151 return err 152 } 153 return nil 154} 155 156// ListPermissionsAPIClient is a client that implements the ListPermissions 157// operation. 158type ListPermissionsAPIClient interface { 159 ListPermissions(context.Context, *ListPermissionsInput, ...func(*Options)) (*ListPermissionsOutput, error) 160} 161 162var _ ListPermissionsAPIClient = (*Client)(nil) 163 164// ListPermissionsPaginatorOptions is the paginator options for ListPermissions 165type ListPermissionsPaginatorOptions struct { 166 // When paginating results, use this parameter to specify the maximum number of 167 // items to return in the response. If additional items exist beyond the number you 168 // specify, the NextToken element is sent in the response. Use this NextToken value 169 // in a subsequent request to retrieve additional items. 170 Limit int32 171 172 // Set to true if pagination should stop if the service returns a pagination token 173 // that matches the most recent token provided to the service. 174 StopOnDuplicateToken bool 175} 176 177// ListPermissionsPaginator is a paginator for ListPermissions 178type ListPermissionsPaginator struct { 179 options ListPermissionsPaginatorOptions 180 client ListPermissionsAPIClient 181 params *ListPermissionsInput 182 nextToken *string 183 firstPage bool 184} 185 186// NewListPermissionsPaginator returns a new ListPermissionsPaginator 187func NewListPermissionsPaginator(client ListPermissionsAPIClient, params *ListPermissionsInput, optFns ...func(*ListPermissionsPaginatorOptions)) *ListPermissionsPaginator { 188 if params == nil { 189 params = &ListPermissionsInput{} 190 } 191 192 options := ListPermissionsPaginatorOptions{} 193 if params.MaxResults != nil { 194 options.Limit = *params.MaxResults 195 } 196 197 for _, fn := range optFns { 198 fn(&options) 199 } 200 201 return &ListPermissionsPaginator{ 202 options: options, 203 client: client, 204 params: params, 205 firstPage: true, 206 } 207} 208 209// HasMorePages returns a boolean indicating whether more pages are available 210func (p *ListPermissionsPaginator) HasMorePages() bool { 211 return p.firstPage || p.nextToken != nil 212} 213 214// NextPage retrieves the next ListPermissions page. 215func (p *ListPermissionsPaginator) NextPage(ctx context.Context, optFns ...func(*Options)) (*ListPermissionsOutput, error) { 216 if !p.HasMorePages() { 217 return nil, fmt.Errorf("no more pages available") 218 } 219 220 params := *p.params 221 params.NextToken = p.nextToken 222 223 var limit *int32 224 if p.options.Limit > 0 { 225 limit = &p.options.Limit 226 } 227 params.MaxResults = limit 228 229 result, err := p.client.ListPermissions(ctx, ¶ms, optFns...) 230 if err != nil { 231 return nil, err 232 } 233 p.firstPage = false 234 235 prevToken := p.nextToken 236 p.nextToken = result.NextToken 237 238 if p.options.StopOnDuplicateToken && prevToken != nil && p.nextToken != nil && *prevToken == *p.nextToken { 239 p.nextToken = nil 240 } 241 242 return result, nil 243} 244 245func newServiceMetadataMiddleware_opListPermissions(region string) *awsmiddleware.RegisterServiceMetadata { 246 return &awsmiddleware.RegisterServiceMetadata{ 247 Region: region, 248 ServiceID: ServiceID, 249 SigningName: "acm-pca", 250 OperationName: "ListPermissions", 251 } 252} 253