1// Code generated by smithy-go-codegen DO NOT EDIT.
2
3package acmpca
4
5import (
6	"context"
7	"fmt"
8	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
9	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
10	"github.com/aws/aws-sdk-go-v2/service/acmpca/types"
11	"github.com/aws/smithy-go/middleware"
12	smithyhttp "github.com/aws/smithy-go/transport/http"
13)
14
15// List all permissions on a private CA, if any, granted to the AWS Certificate
16// Manager (ACM) service principal (acm.amazonaws.com). These permissions allow ACM
17// to issue and renew ACM certificates that reside in the same AWS account as the
18// CA. Permissions can be granted with the CreatePermission
19// (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreatePermission.html)
20// action and revoked with the DeletePermission
21// (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_DeletePermission.html)
22// action. About Permissions
23//
24// * If the private CA and the certificates it issues
25// reside in the same account, you can use CreatePermission to grant permissions
26// for ACM to carry out automatic certificate renewals.
27//
28// * For automatic
29// certificate renewal to succeed, the ACM service principal needs permissions to
30// create, retrieve, and list certificates.
31//
32// * If the private CA and the ACM
33// certificates reside in different accounts, then permissions cannot be used to
34// enable automatic renewals. Instead, the ACM certificate owner must set up a
35// resource-based policy to enable cross-account issuance and renewals. For more
36// information, see Using a Resource Based Policy with ACM Private CA
37// (https://docs.aws.amazon.com/acm-pca/latest/userguide/pca-rbp.html).
38func (c *Client) ListPermissions(ctx context.Context, params *ListPermissionsInput, optFns ...func(*Options)) (*ListPermissionsOutput, error) {
39	if params == nil {
40		params = &ListPermissionsInput{}
41	}
42
43	result, metadata, err := c.invokeOperation(ctx, "ListPermissions", params, optFns, c.addOperationListPermissionsMiddlewares)
44	if err != nil {
45		return nil, err
46	}
47
48	out := result.(*ListPermissionsOutput)
49	out.ResultMetadata = metadata
50	return out, nil
51}
52
53type ListPermissionsInput struct {
54
55	// The Amazon Resource Number (ARN) of the private CA to inspect. You can find the
56	// ARN by calling the ListCertificateAuthorities
57	// (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_ListCertificateAuthorities.html)
58	// action. This must be of the form:
59	// arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
60	// You can get a private CA's ARN by running the ListCertificateAuthorities
61	// (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_ListCertificateAuthorities.html)
62	// action.
63	//
64	// This member is required.
65	CertificateAuthorityArn *string
66
67	// When paginating results, use this parameter to specify the maximum number of
68	// items to return in the response. If additional items exist beyond the number you
69	// specify, the NextToken element is sent in the response. Use this NextToken value
70	// in a subsequent request to retrieve additional items.
71	MaxResults *int32
72
73	// When paginating results, use this parameter in a subsequent request after you
74	// receive a response with truncated results. Set it to the value of NextToken from
75	// the response you just received.
76	NextToken *string
77
78	noSmithyDocumentSerde
79}
80
81type ListPermissionsOutput struct {
82
83	// When the list is truncated, this value is present and should be used for the
84	// NextToken parameter in a subsequent pagination request.
85	NextToken *string
86
87	// Summary information about each permission assigned by the specified private CA,
88	// including the action enabled, the policy provided, and the time of creation.
89	Permissions []types.Permission
90
91	// Metadata pertaining to the operation's result.
92	ResultMetadata middleware.Metadata
93
94	noSmithyDocumentSerde
95}
96
97func (c *Client) addOperationListPermissionsMiddlewares(stack *middleware.Stack, options Options) (err error) {
98	err = stack.Serialize.Add(&awsAwsjson11_serializeOpListPermissions{}, middleware.After)
99	if err != nil {
100		return err
101	}
102	err = stack.Deserialize.Add(&awsAwsjson11_deserializeOpListPermissions{}, middleware.After)
103	if err != nil {
104		return err
105	}
106	if err = addSetLoggerMiddleware(stack, options); err != nil {
107		return err
108	}
109	if err = awsmiddleware.AddClientRequestIDMiddleware(stack); err != nil {
110		return err
111	}
112	if err = smithyhttp.AddComputeContentLengthMiddleware(stack); err != nil {
113		return err
114	}
115	if err = addResolveEndpointMiddleware(stack, options); err != nil {
116		return err
117	}
118	if err = v4.AddComputePayloadSHA256Middleware(stack); err != nil {
119		return err
120	}
121	if err = addRetryMiddlewares(stack, options); err != nil {
122		return err
123	}
124	if err = addHTTPSignerV4Middleware(stack, options); err != nil {
125		return err
126	}
127	if err = awsmiddleware.AddRawResponseToMetadata(stack); err != nil {
128		return err
129	}
130	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
131		return err
132	}
133	if err = addClientUserAgent(stack); err != nil {
134		return err
135	}
136	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
137		return err
138	}
139	if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil {
140		return err
141	}
142	if err = addOpListPermissionsValidationMiddleware(stack); err != nil {
143		return err
144	}
145	if err = stack.Initialize.Add(newServiceMetadataMiddleware_opListPermissions(options.Region), middleware.Before); err != nil {
146		return err
147	}
148	if err = addRequestIDRetrieverMiddleware(stack); err != nil {
149		return err
150	}
151	if err = addResponseErrorMiddleware(stack); err != nil {
152		return err
153	}
154	if err = addRequestResponseLogging(stack, options); err != nil {
155		return err
156	}
157	return nil
158}
159
160// ListPermissionsAPIClient is a client that implements the ListPermissions
161// operation.
162type ListPermissionsAPIClient interface {
163	ListPermissions(context.Context, *ListPermissionsInput, ...func(*Options)) (*ListPermissionsOutput, error)
164}
165
166var _ ListPermissionsAPIClient = (*Client)(nil)
167
168// ListPermissionsPaginatorOptions is the paginator options for ListPermissions
169type ListPermissionsPaginatorOptions struct {
170	// When paginating results, use this parameter to specify the maximum number of
171	// items to return in the response. If additional items exist beyond the number you
172	// specify, the NextToken element is sent in the response. Use this NextToken value
173	// in a subsequent request to retrieve additional items.
174	Limit int32
175
176	// Set to true if pagination should stop if the service returns a pagination token
177	// that matches the most recent token provided to the service.
178	StopOnDuplicateToken bool
179}
180
181// ListPermissionsPaginator is a paginator for ListPermissions
182type ListPermissionsPaginator struct {
183	options   ListPermissionsPaginatorOptions
184	client    ListPermissionsAPIClient
185	params    *ListPermissionsInput
186	nextToken *string
187	firstPage bool
188}
189
190// NewListPermissionsPaginator returns a new ListPermissionsPaginator
191func NewListPermissionsPaginator(client ListPermissionsAPIClient, params *ListPermissionsInput, optFns ...func(*ListPermissionsPaginatorOptions)) *ListPermissionsPaginator {
192	if params == nil {
193		params = &ListPermissionsInput{}
194	}
195
196	options := ListPermissionsPaginatorOptions{}
197	if params.MaxResults != nil {
198		options.Limit = *params.MaxResults
199	}
200
201	for _, fn := range optFns {
202		fn(&options)
203	}
204
205	return &ListPermissionsPaginator{
206		options:   options,
207		client:    client,
208		params:    params,
209		firstPage: true,
210	}
211}
212
213// HasMorePages returns a boolean indicating whether more pages are available
214func (p *ListPermissionsPaginator) HasMorePages() bool {
215	return p.firstPage || p.nextToken != nil
216}
217
218// NextPage retrieves the next ListPermissions page.
219func (p *ListPermissionsPaginator) NextPage(ctx context.Context, optFns ...func(*Options)) (*ListPermissionsOutput, error) {
220	if !p.HasMorePages() {
221		return nil, fmt.Errorf("no more pages available")
222	}
223
224	params := *p.params
225	params.NextToken = p.nextToken
226
227	var limit *int32
228	if p.options.Limit > 0 {
229		limit = &p.options.Limit
230	}
231	params.MaxResults = limit
232
233	result, err := p.client.ListPermissions(ctx, &params, optFns...)
234	if err != nil {
235		return nil, err
236	}
237	p.firstPage = false
238
239	prevToken := p.nextToken
240	p.nextToken = result.NextToken
241
242	if p.options.StopOnDuplicateToken && prevToken != nil && p.nextToken != nil && *prevToken == *p.nextToken {
243		p.nextToken = nil
244	}
245
246	return result, nil
247}
248
249func newServiceMetadataMiddleware_opListPermissions(region string) *awsmiddleware.RegisterServiceMetadata {
250	return &awsmiddleware.RegisterServiceMetadata{
251		Region:        region,
252		ServiceID:     ServiceID,
253		SigningName:   "acm-pca",
254		OperationName: "ListPermissions",
255	}
256}
257