1// Code generated by smithy-go-codegen DO NOT EDIT. 2 3package acmpca 4 5import ( 6 "context" 7 "fmt" 8 awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware" 9 "github.com/aws/aws-sdk-go-v2/aws/signer/v4" 10 "github.com/aws/aws-sdk-go-v2/service/acmpca/types" 11 "github.com/aws/smithy-go/middleware" 12 smithyhttp "github.com/aws/smithy-go/transport/http" 13) 14 15// List all permissions on a private CA, if any, granted to the AWS Certificate 16// Manager (ACM) service principal (acm.amazonaws.com). These permissions allow ACM 17// to issue and renew ACM certificates that reside in the same AWS account as the 18// CA. Permissions can be granted with the CreatePermission 19// (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreatePermission.html) 20// action and revoked with the DeletePermission 21// (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_DeletePermission.html) 22// action. About Permissions 23// 24// * If the private CA and the certificates it issues 25// reside in the same account, you can use CreatePermission to grant permissions 26// for ACM to carry out automatic certificate renewals. 27// 28// * For automatic 29// certificate renewal to succeed, the ACM service principal needs permissions to 30// create, retrieve, and list certificates. 31// 32// * If the private CA and the ACM 33// certificates reside in different accounts, then permissions cannot be used to 34// enable automatic renewals. Instead, the ACM certificate owner must set up a 35// resource-based policy to enable cross-account issuance and renewals. For more 36// information, see Using a Resource Based Policy with ACM Private CA 37// (https://docs.aws.amazon.com/acm-pca/latest/userguide/pca-rbp.html). 38func (c *Client) ListPermissions(ctx context.Context, params *ListPermissionsInput, optFns ...func(*Options)) (*ListPermissionsOutput, error) { 39 if params == nil { 40 params = &ListPermissionsInput{} 41 } 42 43 result, metadata, err := c.invokeOperation(ctx, "ListPermissions", params, optFns, c.addOperationListPermissionsMiddlewares) 44 if err != nil { 45 return nil, err 46 } 47 48 out := result.(*ListPermissionsOutput) 49 out.ResultMetadata = metadata 50 return out, nil 51} 52 53type ListPermissionsInput struct { 54 55 // The Amazon Resource Number (ARN) of the private CA to inspect. You can find the 56 // ARN by calling the ListCertificateAuthorities 57 // (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_ListCertificateAuthorities.html) 58 // action. This must be of the form: 59 // arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012 60 // You can get a private CA's ARN by running the ListCertificateAuthorities 61 // (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_ListCertificateAuthorities.html) 62 // action. 63 // 64 // This member is required. 65 CertificateAuthorityArn *string 66 67 // When paginating results, use this parameter to specify the maximum number of 68 // items to return in the response. If additional items exist beyond the number you 69 // specify, the NextToken element is sent in the response. Use this NextToken value 70 // in a subsequent request to retrieve additional items. 71 MaxResults *int32 72 73 // When paginating results, use this parameter in a subsequent request after you 74 // receive a response with truncated results. Set it to the value of NextToken from 75 // the response you just received. 76 NextToken *string 77 78 noSmithyDocumentSerde 79} 80 81type ListPermissionsOutput struct { 82 83 // When the list is truncated, this value is present and should be used for the 84 // NextToken parameter in a subsequent pagination request. 85 NextToken *string 86 87 // Summary information about each permission assigned by the specified private CA, 88 // including the action enabled, the policy provided, and the time of creation. 89 Permissions []types.Permission 90 91 // Metadata pertaining to the operation's result. 92 ResultMetadata middleware.Metadata 93 94 noSmithyDocumentSerde 95} 96 97func (c *Client) addOperationListPermissionsMiddlewares(stack *middleware.Stack, options Options) (err error) { 98 err = stack.Serialize.Add(&awsAwsjson11_serializeOpListPermissions{}, middleware.After) 99 if err != nil { 100 return err 101 } 102 err = stack.Deserialize.Add(&awsAwsjson11_deserializeOpListPermissions{}, middleware.After) 103 if err != nil { 104 return err 105 } 106 if err = addSetLoggerMiddleware(stack, options); err != nil { 107 return err 108 } 109 if err = awsmiddleware.AddClientRequestIDMiddleware(stack); err != nil { 110 return err 111 } 112 if err = smithyhttp.AddComputeContentLengthMiddleware(stack); err != nil { 113 return err 114 } 115 if err = addResolveEndpointMiddleware(stack, options); err != nil { 116 return err 117 } 118 if err = v4.AddComputePayloadSHA256Middleware(stack); err != nil { 119 return err 120 } 121 if err = addRetryMiddlewares(stack, options); err != nil { 122 return err 123 } 124 if err = addHTTPSignerV4Middleware(stack, options); err != nil { 125 return err 126 } 127 if err = awsmiddleware.AddRawResponseToMetadata(stack); err != nil { 128 return err 129 } 130 if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil { 131 return err 132 } 133 if err = addClientUserAgent(stack); err != nil { 134 return err 135 } 136 if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil { 137 return err 138 } 139 if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil { 140 return err 141 } 142 if err = addOpListPermissionsValidationMiddleware(stack); err != nil { 143 return err 144 } 145 if err = stack.Initialize.Add(newServiceMetadataMiddleware_opListPermissions(options.Region), middleware.Before); err != nil { 146 return err 147 } 148 if err = addRequestIDRetrieverMiddleware(stack); err != nil { 149 return err 150 } 151 if err = addResponseErrorMiddleware(stack); err != nil { 152 return err 153 } 154 if err = addRequestResponseLogging(stack, options); err != nil { 155 return err 156 } 157 return nil 158} 159 160// ListPermissionsAPIClient is a client that implements the ListPermissions 161// operation. 162type ListPermissionsAPIClient interface { 163 ListPermissions(context.Context, *ListPermissionsInput, ...func(*Options)) (*ListPermissionsOutput, error) 164} 165 166var _ ListPermissionsAPIClient = (*Client)(nil) 167 168// ListPermissionsPaginatorOptions is the paginator options for ListPermissions 169type ListPermissionsPaginatorOptions struct { 170 // When paginating results, use this parameter to specify the maximum number of 171 // items to return in the response. If additional items exist beyond the number you 172 // specify, the NextToken element is sent in the response. Use this NextToken value 173 // in a subsequent request to retrieve additional items. 174 Limit int32 175 176 // Set to true if pagination should stop if the service returns a pagination token 177 // that matches the most recent token provided to the service. 178 StopOnDuplicateToken bool 179} 180 181// ListPermissionsPaginator is a paginator for ListPermissions 182type ListPermissionsPaginator struct { 183 options ListPermissionsPaginatorOptions 184 client ListPermissionsAPIClient 185 params *ListPermissionsInput 186 nextToken *string 187 firstPage bool 188} 189 190// NewListPermissionsPaginator returns a new ListPermissionsPaginator 191func NewListPermissionsPaginator(client ListPermissionsAPIClient, params *ListPermissionsInput, optFns ...func(*ListPermissionsPaginatorOptions)) *ListPermissionsPaginator { 192 if params == nil { 193 params = &ListPermissionsInput{} 194 } 195 196 options := ListPermissionsPaginatorOptions{} 197 if params.MaxResults != nil { 198 options.Limit = *params.MaxResults 199 } 200 201 for _, fn := range optFns { 202 fn(&options) 203 } 204 205 return &ListPermissionsPaginator{ 206 options: options, 207 client: client, 208 params: params, 209 firstPage: true, 210 } 211} 212 213// HasMorePages returns a boolean indicating whether more pages are available 214func (p *ListPermissionsPaginator) HasMorePages() bool { 215 return p.firstPage || p.nextToken != nil 216} 217 218// NextPage retrieves the next ListPermissions page. 219func (p *ListPermissionsPaginator) NextPage(ctx context.Context, optFns ...func(*Options)) (*ListPermissionsOutput, error) { 220 if !p.HasMorePages() { 221 return nil, fmt.Errorf("no more pages available") 222 } 223 224 params := *p.params 225 params.NextToken = p.nextToken 226 227 var limit *int32 228 if p.options.Limit > 0 { 229 limit = &p.options.Limit 230 } 231 params.MaxResults = limit 232 233 result, err := p.client.ListPermissions(ctx, ¶ms, optFns...) 234 if err != nil { 235 return nil, err 236 } 237 p.firstPage = false 238 239 prevToken := p.nextToken 240 p.nextToken = result.NextToken 241 242 if p.options.StopOnDuplicateToken && prevToken != nil && p.nextToken != nil && *prevToken == *p.nextToken { 243 p.nextToken = nil 244 } 245 246 return result, nil 247} 248 249func newServiceMetadataMiddleware_opListPermissions(region string) *awsmiddleware.RegisterServiceMetadata { 250 return &awsmiddleware.RegisterServiceMetadata{ 251 Region: region, 252 ServiceID: ServiceID, 253 SigningName: "acm-pca", 254 OperationName: "ListPermissions", 255 } 256} 257