1// Code generated by smithy-go-codegen DO NOT EDIT. 2 3package s3control 4 5import ( 6 "context" 7 "fmt" 8 awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware" 9 "github.com/aws/aws-sdk-go-v2/aws/signer/v4" 10 s3controlcust "github.com/aws/aws-sdk-go-v2/service/s3control/internal/customizations" 11 smithy "github.com/aws/smithy-go" 12 "github.com/aws/smithy-go/middleware" 13 smithyhttp "github.com/aws/smithy-go/transport/http" 14 "strings" 15) 16 17// This action gets a bucket policy for an Amazon S3 on Outposts bucket. To get a 18// policy for an S3 bucket, see GetBucketPolicy 19// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketPolicy.html) in 20// the Amazon Simple Storage Service API. Returns the policy of a specified 21// Outposts bucket. For more information, see Using Amazon S3 on Outposts 22// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) in the 23// Amazon Simple Storage Service User Guide. If you are using an identity other 24// than the root user of the AWS account that owns the bucket, the calling identity 25// must have the GetBucketPolicy permissions on the specified bucket and belong to 26// the bucket owner's account in order to use this action. Only users from Outposts 27// bucket owner account with the right permissions can perform actions on an 28// Outposts bucket. If you don't have s3-outposts:GetBucketPolicy permissions or 29// you're not using an identity that belongs to the bucket owner's account, Amazon 30// S3 returns a 403 Access Denied error. As a security precaution, the root user of 31// the AWS account that owns a bucket can always use this action, even if the 32// policy explicitly denies the root user the ability to perform this action. For 33// more information about bucket policies, see Using Bucket Policies and User 34// Policies 35// (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-iam-policies.html). All 36// Amazon S3 on Outposts REST API requests for this action require an additional 37// parameter of x-amz-outpost-id to be passed with the request and an S3 on 38// Outposts endpoint hostname prefix instead of s3-control. For an example of the 39// request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint 40// hostname prefix and the x-amz-outpost-id derived using the access point ARN, see 41// the Examples 42// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_GetBucketPolicy.html#API_control_GetBucketPolicy_Examples) 43// section. The following actions are related to GetBucketPolicy: 44// 45// * GetObject 46// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html) 47// 48// * 49// PutBucketPolicy 50// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_PutBucketPolicy.html) 51// 52// * 53// DeleteBucketPolicy 54// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_DeleteBucketPolicy.html) 55func (c *Client) GetBucketPolicy(ctx context.Context, params *GetBucketPolicyInput, optFns ...func(*Options)) (*GetBucketPolicyOutput, error) { 56 if params == nil { 57 params = &GetBucketPolicyInput{} 58 } 59 60 result, metadata, err := c.invokeOperation(ctx, "GetBucketPolicy", params, optFns, addOperationGetBucketPolicyMiddlewares) 61 if err != nil { 62 return nil, err 63 } 64 65 out := result.(*GetBucketPolicyOutput) 66 out.ResultMetadata = metadata 67 return out, nil 68} 69 70type GetBucketPolicyInput struct { 71 72 // The AWS account ID of the Outposts bucket. 73 // 74 // This member is required. 75 AccountId *string 76 77 // Specifies the bucket. For using this parameter with Amazon S3 on Outposts with 78 // the REST API, you must specify the name and the x-amz-outpost-id as well. For 79 // using this parameter with S3 on Outposts with the AWS SDK and CLI, you must 80 // specify the ARN of the bucket accessed in the format 81 // arn:aws:s3-outposts:::outpost//bucket/. For example, to access the bucket 82 // reports through outpost my-outpost owned by account 123456789012 in Region 83 // us-west-2, use the URL encoding of 84 // arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/bucket/reports. 85 // The value must be URL encoded. 86 // 87 // This member is required. 88 Bucket *string 89} 90 91type GetBucketPolicyOutput struct { 92 93 // The policy of the Outposts bucket. 94 Policy *string 95 96 // Metadata pertaining to the operation's result. 97 ResultMetadata middleware.Metadata 98} 99 100func addOperationGetBucketPolicyMiddlewares(stack *middleware.Stack, options Options) (err error) { 101 err = stack.Serialize.Add(&awsRestxml_serializeOpGetBucketPolicy{}, middleware.After) 102 if err != nil { 103 return err 104 } 105 err = stack.Deserialize.Add(&awsRestxml_deserializeOpGetBucketPolicy{}, middleware.After) 106 if err != nil { 107 return err 108 } 109 if err = addSetLoggerMiddleware(stack, options); err != nil { 110 return err 111 } 112 if err = awsmiddleware.AddClientRequestIDMiddleware(stack); err != nil { 113 return err 114 } 115 if err = smithyhttp.AddComputeContentLengthMiddleware(stack); err != nil { 116 return err 117 } 118 if err = addResolveEndpointMiddleware(stack, options); err != nil { 119 return err 120 } 121 if err = v4.AddComputePayloadSHA256Middleware(stack); err != nil { 122 return err 123 } 124 if err = addRetryMiddlewares(stack, options); err != nil { 125 return err 126 } 127 if err = addHTTPSignerV4Middleware(stack, options); err != nil { 128 return err 129 } 130 if err = awsmiddleware.AddRawResponseToMetadata(stack); err != nil { 131 return err 132 } 133 if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil { 134 return err 135 } 136 if err = addClientUserAgent(stack); err != nil { 137 return err 138 } 139 if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil { 140 return err 141 } 142 if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil { 143 return err 144 } 145 if err = addEndpointPrefix_opGetBucketPolicyMiddleware(stack); err != nil { 146 return err 147 } 148 if err = addOpGetBucketPolicyValidationMiddleware(stack); err != nil { 149 return err 150 } 151 if err = stack.Initialize.Add(newServiceMetadataMiddleware_opGetBucketPolicy(options.Region), middleware.Before); err != nil { 152 return err 153 } 154 if err = addMetadataRetrieverMiddleware(stack); err != nil { 155 return err 156 } 157 if err = addGetBucketPolicyUpdateEndpoint(stack, options); err != nil { 158 return err 159 } 160 if err = addResponseErrorMiddleware(stack); err != nil { 161 return err 162 } 163 if err = v4.AddContentSHA256HeaderMiddleware(stack); err != nil { 164 return err 165 } 166 if err = addRequestResponseLogging(stack, options); err != nil { 167 return err 168 } 169 return nil 170} 171 172type endpointPrefix_opGetBucketPolicyMiddleware struct { 173} 174 175func (*endpointPrefix_opGetBucketPolicyMiddleware) ID() string { 176 return "EndpointHostPrefix" 177} 178 179func (m *endpointPrefix_opGetBucketPolicyMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) ( 180 out middleware.SerializeOutput, metadata middleware.Metadata, err error, 181) { 182 if smithyhttp.GetHostnameImmutable(ctx) || smithyhttp.IsEndpointHostPrefixDisabled(ctx) { 183 return next.HandleSerialize(ctx, in) 184 } 185 186 req, ok := in.Request.(*smithyhttp.Request) 187 if !ok { 188 return out, metadata, fmt.Errorf("unknown transport type %T", in.Request) 189 } 190 191 input, ok := in.Parameters.(*GetBucketPolicyInput) 192 if !ok { 193 return out, metadata, fmt.Errorf("unknown input type %T", in.Parameters) 194 } 195 196 var prefix strings.Builder 197 if input.AccountId == nil { 198 return out, metadata, &smithy.SerializationError{Err: fmt.Errorf("AccountId forms part of the endpoint host and so may not be nil")} 199 } else if !smithyhttp.ValidHostLabel(*input.AccountId) { 200 return out, metadata, &smithy.SerializationError{Err: fmt.Errorf("AccountId forms part of the endpoint host and so must match \"[a-zA-Z0-9-]{1,63}\", but was \"%s\"", *input.AccountId)} 201 } else { 202 prefix.WriteString(*input.AccountId) 203 } 204 prefix.WriteString(".") 205 req.URL.Host = prefix.String() + req.URL.Host 206 207 return next.HandleSerialize(ctx, in) 208} 209func addEndpointPrefix_opGetBucketPolicyMiddleware(stack *middleware.Stack) error { 210 return stack.Serialize.Insert(&endpointPrefix_opGetBucketPolicyMiddleware{}, `OperationSerializer`, middleware.After) 211} 212 213func newServiceMetadataMiddleware_opGetBucketPolicy(region string) *awsmiddleware.RegisterServiceMetadata { 214 return &awsmiddleware.RegisterServiceMetadata{ 215 Region: region, 216 ServiceID: ServiceID, 217 SigningName: "s3", 218 OperationName: "GetBucketPolicy", 219 } 220} 221 222func copyGetBucketPolicyInputForUpdateEndpoint(params interface{}) (interface{}, error) { 223 input, ok := params.(*GetBucketPolicyInput) 224 if !ok { 225 return nil, fmt.Errorf("expect *GetBucketPolicyInput type, got %T", params) 226 } 227 cpy := *input 228 return &cpy, nil 229} 230func getGetBucketPolicyARNMember(input interface{}) (*string, bool) { 231 in := input.(*GetBucketPolicyInput) 232 if in.Bucket == nil { 233 return nil, false 234 } 235 return in.Bucket, true 236} 237func setGetBucketPolicyARNMember(input interface{}, v string) error { 238 in := input.(*GetBucketPolicyInput) 239 in.Bucket = &v 240 return nil 241} 242func backFillGetBucketPolicyAccountID(input interface{}, v string) error { 243 in := input.(*GetBucketPolicyInput) 244 if in.AccountId != nil { 245 if !strings.EqualFold(*in.AccountId, v) { 246 return fmt.Errorf("error backfilling account id") 247 } 248 return nil 249 } 250 in.AccountId = &v 251 return nil 252} 253func addGetBucketPolicyUpdateEndpoint(stack *middleware.Stack, options Options) error { 254 return s3controlcust.UpdateEndpoint(stack, s3controlcust.UpdateEndpointOptions{ 255 Accessor: s3controlcust.UpdateEndpointParameterAccessor{GetARNInput: getGetBucketPolicyARNMember, 256 BackfillAccountID: backFillGetBucketPolicyAccountID, 257 GetOutpostIDInput: nopGetOutpostIDFromInput, 258 UpdateARNField: setGetBucketPolicyARNMember, 259 CopyInput: copyGetBucketPolicyInputForUpdateEndpoint, 260 }, 261 EndpointResolver: options.EndpointResolver, 262 EndpointResolverOptions: options.EndpointOptions, 263 UseDualstack: options.UseDualstack, 264 UseARNRegion: options.UseARNRegion, 265 }) 266} 267