1// Code generated by smithy-go-codegen DO NOT EDIT.
2
3package s3control
4
5import (
6	"context"
7	"fmt"
8	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
9	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
10	s3controlcust "github.com/aws/aws-sdk-go-v2/service/s3control/internal/customizations"
11	smithy "github.com/aws/smithy-go"
12	"github.com/aws/smithy-go/middleware"
13	smithyhttp "github.com/aws/smithy-go/transport/http"
14	"strings"
15)
16
17// This action puts a bucket policy to an Amazon S3 on Outposts bucket. To put a
18// policy on an S3 bucket, see PutBucketPolicy
19// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketPolicy.html) in
20// the Amazon S3 API Reference. Applies an Amazon S3 bucket policy to an Outposts
21// bucket. For more information, see Using Amazon S3 on Outposts
22// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) in the
23// Amazon S3 User Guide. If you are using an identity other than the root user of
24// the Amazon Web Services account that owns the Outposts bucket, the calling
25// identity must have the PutBucketPolicy permissions on the specified Outposts
26// bucket and belong to the bucket owner's account in order to use this action. If
27// you don't have PutBucketPolicy permissions, Amazon S3 returns a 403 Access
28// Denied error. If you have the correct permissions, but you're not using an
29// identity that belongs to the bucket owner's account, Amazon S3 returns a 405
30// Method Not Allowed error. As a security precaution, the root user of the Amazon
31// Web Services account that owns a bucket can always use this action, even if the
32// policy explicitly denies the root user the ability to perform this action. For
33// more information about bucket policies, see Using Bucket Policies and User
34// Policies
35// (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-iam-policies.html). All
36// Amazon S3 on Outposts REST API requests for this action require an additional
37// parameter of x-amz-outpost-id to be passed with the request and an S3 on
38// Outposts endpoint hostname prefix instead of s3-control. For an example of the
39// request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint
40// hostname prefix and the x-amz-outpost-id derived using the access point ARN, see
41// the Examples
42// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_PutBucketPolicy.html#API_control_PutBucketPolicy_Examples)
43// section. The following actions are related to PutBucketPolicy:
44//
45// *
46// GetBucketPolicy
47// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_GetBucketPolicy.html)
48//
49// *
50// DeleteBucketPolicy
51// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_DeleteBucketPolicy.html)
52func (c *Client) PutBucketPolicy(ctx context.Context, params *PutBucketPolicyInput, optFns ...func(*Options)) (*PutBucketPolicyOutput, error) {
53	if params == nil {
54		params = &PutBucketPolicyInput{}
55	}
56
57	result, metadata, err := c.invokeOperation(ctx, "PutBucketPolicy", params, optFns, c.addOperationPutBucketPolicyMiddlewares)
58	if err != nil {
59		return nil, err
60	}
61
62	out := result.(*PutBucketPolicyOutput)
63	out.ResultMetadata = metadata
64	return out, nil
65}
66
67type PutBucketPolicyInput struct {
68
69	// The Amazon Web Services account ID of the Outposts bucket.
70	//
71	// This member is required.
72	AccountId *string
73
74	// Specifies the bucket. For using this parameter with Amazon S3 on Outposts with
75	// the REST API, you must specify the name and the x-amz-outpost-id as well. For
76	// using this parameter with S3 on Outposts with the Amazon Web Services SDK and
77	// CLI, you must specify the ARN of the bucket accessed in the format
78	// arn:aws:s3-outposts:::outpost//bucket/. For example, to access the bucket
79	// reports through outpost my-outpost owned by account 123456789012 in Region
80	// us-west-2, use the URL encoding of
81	// arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/bucket/reports.
82	// The value must be URL encoded.
83	//
84	// This member is required.
85	Bucket *string
86
87	// The bucket policy as a JSON document.
88	//
89	// This member is required.
90	Policy *string
91
92	// Set this parameter to true to confirm that you want to remove your permissions
93	// to change this bucket policy in the future. This is not supported by Amazon S3
94	// on Outposts buckets.
95	ConfirmRemoveSelfBucketAccess bool
96
97	noSmithyDocumentSerde
98}
99
100type PutBucketPolicyOutput struct {
101	// Metadata pertaining to the operation's result.
102	ResultMetadata middleware.Metadata
103
104	noSmithyDocumentSerde
105}
106
107func (c *Client) addOperationPutBucketPolicyMiddlewares(stack *middleware.Stack, options Options) (err error) {
108	err = stack.Serialize.Add(&awsRestxml_serializeOpPutBucketPolicy{}, middleware.After)
109	if err != nil {
110		return err
111	}
112	err = stack.Deserialize.Add(&awsRestxml_deserializeOpPutBucketPolicy{}, middleware.After)
113	if err != nil {
114		return err
115	}
116	if err = addSetLoggerMiddleware(stack, options); err != nil {
117		return err
118	}
119	if err = awsmiddleware.AddClientRequestIDMiddleware(stack); err != nil {
120		return err
121	}
122	if err = smithyhttp.AddComputeContentLengthMiddleware(stack); err != nil {
123		return err
124	}
125	if err = addResolveEndpointMiddleware(stack, options); err != nil {
126		return err
127	}
128	if err = v4.AddComputePayloadSHA256Middleware(stack); err != nil {
129		return err
130	}
131	if err = addRetryMiddlewares(stack, options); err != nil {
132		return err
133	}
134	if err = addHTTPSignerV4Middleware(stack, options); err != nil {
135		return err
136	}
137	if err = awsmiddleware.AddRawResponseToMetadata(stack); err != nil {
138		return err
139	}
140	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
141		return err
142	}
143	if err = addClientUserAgent(stack); err != nil {
144		return err
145	}
146	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
147		return err
148	}
149	if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil {
150		return err
151	}
152	if err = addEndpointPrefix_opPutBucketPolicyMiddleware(stack); err != nil {
153		return err
154	}
155	if err = addOpPutBucketPolicyValidationMiddleware(stack); err != nil {
156		return err
157	}
158	if err = stack.Initialize.Add(newServiceMetadataMiddleware_opPutBucketPolicy(options.Region), middleware.Before); err != nil {
159		return err
160	}
161	if err = addMetadataRetrieverMiddleware(stack); err != nil {
162		return err
163	}
164	if err = addPutBucketPolicyUpdateEndpoint(stack, options); err != nil {
165		return err
166	}
167	if err = addResponseErrorMiddleware(stack); err != nil {
168		return err
169	}
170	if err = v4.AddContentSHA256HeaderMiddleware(stack); err != nil {
171		return err
172	}
173	if err = addRequestResponseLogging(stack, options); err != nil {
174		return err
175	}
176	if err = smithyhttp.AddContentChecksumMiddleware(stack); err != nil {
177		return err
178	}
179	return nil
180}
181
182type endpointPrefix_opPutBucketPolicyMiddleware struct {
183}
184
185func (*endpointPrefix_opPutBucketPolicyMiddleware) ID() string {
186	return "EndpointHostPrefix"
187}
188
189func (m *endpointPrefix_opPutBucketPolicyMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
190	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
191) {
192	if smithyhttp.GetHostnameImmutable(ctx) || smithyhttp.IsEndpointHostPrefixDisabled(ctx) {
193		return next.HandleSerialize(ctx, in)
194	}
195
196	req, ok := in.Request.(*smithyhttp.Request)
197	if !ok {
198		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
199	}
200
201	input, ok := in.Parameters.(*PutBucketPolicyInput)
202	if !ok {
203		return out, metadata, fmt.Errorf("unknown input type %T", in.Parameters)
204	}
205
206	var prefix strings.Builder
207	if input.AccountId == nil {
208		return out, metadata, &smithy.SerializationError{Err: fmt.Errorf("AccountId forms part of the endpoint host and so may not be nil")}
209	} else if !smithyhttp.ValidHostLabel(*input.AccountId) {
210		return out, metadata, &smithy.SerializationError{Err: fmt.Errorf("AccountId forms part of the endpoint host and so must match \"[a-zA-Z0-9-]{1,63}\", but was \"%s\"", *input.AccountId)}
211	} else {
212		prefix.WriteString(*input.AccountId)
213	}
214	prefix.WriteString(".")
215	req.URL.Host = prefix.String() + req.URL.Host
216
217	return next.HandleSerialize(ctx, in)
218}
219func addEndpointPrefix_opPutBucketPolicyMiddleware(stack *middleware.Stack) error {
220	return stack.Serialize.Insert(&endpointPrefix_opPutBucketPolicyMiddleware{}, `OperationSerializer`, middleware.After)
221}
222
223func newServiceMetadataMiddleware_opPutBucketPolicy(region string) *awsmiddleware.RegisterServiceMetadata {
224	return &awsmiddleware.RegisterServiceMetadata{
225		Region:        region,
226		ServiceID:     ServiceID,
227		SigningName:   "s3",
228		OperationName: "PutBucketPolicy",
229	}
230}
231
232func copyPutBucketPolicyInputForUpdateEndpoint(params interface{}) (interface{}, error) {
233	input, ok := params.(*PutBucketPolicyInput)
234	if !ok {
235		return nil, fmt.Errorf("expect *PutBucketPolicyInput type, got %T", params)
236	}
237	cpy := *input
238	return &cpy, nil
239}
240func getPutBucketPolicyARNMember(input interface{}) (*string, bool) {
241	in := input.(*PutBucketPolicyInput)
242	if in.Bucket == nil {
243		return nil, false
244	}
245	return in.Bucket, true
246}
247func setPutBucketPolicyARNMember(input interface{}, v string) error {
248	in := input.(*PutBucketPolicyInput)
249	in.Bucket = &v
250	return nil
251}
252func backFillPutBucketPolicyAccountID(input interface{}, v string) error {
253	in := input.(*PutBucketPolicyInput)
254	if in.AccountId != nil {
255		if !strings.EqualFold(*in.AccountId, v) {
256			return fmt.Errorf("error backfilling account id")
257		}
258		return nil
259	}
260	in.AccountId = &v
261	return nil
262}
263func addPutBucketPolicyUpdateEndpoint(stack *middleware.Stack, options Options) error {
264	return s3controlcust.UpdateEndpoint(stack, s3controlcust.UpdateEndpointOptions{
265		Accessor: s3controlcust.UpdateEndpointParameterAccessor{GetARNInput: getPutBucketPolicyARNMember,
266			BackfillAccountID: backFillPutBucketPolicyAccountID,
267			GetOutpostIDInput: nopGetOutpostIDFromInput,
268			UpdateARNField:    setPutBucketPolicyARNMember,
269			CopyInput:         copyPutBucketPolicyInputForUpdateEndpoint,
270		},
271		EndpointResolver:        options.EndpointResolver,
272		EndpointResolverOptions: options.EndpointOptions,
273		UseDualstack:            options.UseDualstack,
274		UseARNRegion:            options.UseARNRegion,
275	})
276}
277