1// Code generated by smithy-go-codegen DO NOT EDIT. 2 3package s3control 4 5import ( 6 "context" 7 "fmt" 8 awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware" 9 "github.com/aws/aws-sdk-go-v2/aws/signer/v4" 10 s3controlcust "github.com/aws/aws-sdk-go-v2/service/s3control/internal/customizations" 11 smithy "github.com/aws/smithy-go" 12 "github.com/aws/smithy-go/middleware" 13 smithyhttp "github.com/aws/smithy-go/transport/http" 14 "strings" 15) 16 17// This action puts a bucket policy to an Amazon S3 on Outposts bucket. To put a 18// policy on an S3 bucket, see PutBucketPolicy 19// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketPolicy.html) in 20// the Amazon S3 API Reference. Applies an Amazon S3 bucket policy to an Outposts 21// bucket. For more information, see Using Amazon S3 on Outposts 22// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) in the 23// Amazon S3 User Guide. If you are using an identity other than the root user of 24// the Amazon Web Services account that owns the Outposts bucket, the calling 25// identity must have the PutBucketPolicy permissions on the specified Outposts 26// bucket and belong to the bucket owner's account in order to use this action. If 27// you don't have PutBucketPolicy permissions, Amazon S3 returns a 403 Access 28// Denied error. If you have the correct permissions, but you're not using an 29// identity that belongs to the bucket owner's account, Amazon S3 returns a 405 30// Method Not Allowed error. As a security precaution, the root user of the Amazon 31// Web Services account that owns a bucket can always use this action, even if the 32// policy explicitly denies the root user the ability to perform this action. For 33// more information about bucket policies, see Using Bucket Policies and User 34// Policies 35// (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-iam-policies.html). All 36// Amazon S3 on Outposts REST API requests for this action require an additional 37// parameter of x-amz-outpost-id to be passed with the request and an S3 on 38// Outposts endpoint hostname prefix instead of s3-control. For an example of the 39// request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint 40// hostname prefix and the x-amz-outpost-id derived using the access point ARN, see 41// the Examples 42// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_PutBucketPolicy.html#API_control_PutBucketPolicy_Examples) 43// section. The following actions are related to PutBucketPolicy: 44// 45// * 46// GetBucketPolicy 47// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_GetBucketPolicy.html) 48// 49// * 50// DeleteBucketPolicy 51// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_DeleteBucketPolicy.html) 52func (c *Client) PutBucketPolicy(ctx context.Context, params *PutBucketPolicyInput, optFns ...func(*Options)) (*PutBucketPolicyOutput, error) { 53 if params == nil { 54 params = &PutBucketPolicyInput{} 55 } 56 57 result, metadata, err := c.invokeOperation(ctx, "PutBucketPolicy", params, optFns, c.addOperationPutBucketPolicyMiddlewares) 58 if err != nil { 59 return nil, err 60 } 61 62 out := result.(*PutBucketPolicyOutput) 63 out.ResultMetadata = metadata 64 return out, nil 65} 66 67type PutBucketPolicyInput struct { 68 69 // The Amazon Web Services account ID of the Outposts bucket. 70 // 71 // This member is required. 72 AccountId *string 73 74 // Specifies the bucket. For using this parameter with Amazon S3 on Outposts with 75 // the REST API, you must specify the name and the x-amz-outpost-id as well. For 76 // using this parameter with S3 on Outposts with the Amazon Web Services SDK and 77 // CLI, you must specify the ARN of the bucket accessed in the format 78 // arn:aws:s3-outposts:::outpost//bucket/. For example, to access the bucket 79 // reports through outpost my-outpost owned by account 123456789012 in Region 80 // us-west-2, use the URL encoding of 81 // arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/bucket/reports. 82 // The value must be URL encoded. 83 // 84 // This member is required. 85 Bucket *string 86 87 // The bucket policy as a JSON document. 88 // 89 // This member is required. 90 Policy *string 91 92 // Set this parameter to true to confirm that you want to remove your permissions 93 // to change this bucket policy in the future. This is not supported by Amazon S3 94 // on Outposts buckets. 95 ConfirmRemoveSelfBucketAccess bool 96 97 noSmithyDocumentSerde 98} 99 100type PutBucketPolicyOutput struct { 101 // Metadata pertaining to the operation's result. 102 ResultMetadata middleware.Metadata 103 104 noSmithyDocumentSerde 105} 106 107func (c *Client) addOperationPutBucketPolicyMiddlewares(stack *middleware.Stack, options Options) (err error) { 108 err = stack.Serialize.Add(&awsRestxml_serializeOpPutBucketPolicy{}, middleware.After) 109 if err != nil { 110 return err 111 } 112 err = stack.Deserialize.Add(&awsRestxml_deserializeOpPutBucketPolicy{}, middleware.After) 113 if err != nil { 114 return err 115 } 116 if err = addSetLoggerMiddleware(stack, options); err != nil { 117 return err 118 } 119 if err = awsmiddleware.AddClientRequestIDMiddleware(stack); err != nil { 120 return err 121 } 122 if err = smithyhttp.AddComputeContentLengthMiddleware(stack); err != nil { 123 return err 124 } 125 if err = addResolveEndpointMiddleware(stack, options); err != nil { 126 return err 127 } 128 if err = v4.AddComputePayloadSHA256Middleware(stack); err != nil { 129 return err 130 } 131 if err = addRetryMiddlewares(stack, options); err != nil { 132 return err 133 } 134 if err = addHTTPSignerV4Middleware(stack, options); err != nil { 135 return err 136 } 137 if err = awsmiddleware.AddRawResponseToMetadata(stack); err != nil { 138 return err 139 } 140 if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil { 141 return err 142 } 143 if err = addClientUserAgent(stack); err != nil { 144 return err 145 } 146 if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil { 147 return err 148 } 149 if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil { 150 return err 151 } 152 if err = addEndpointPrefix_opPutBucketPolicyMiddleware(stack); err != nil { 153 return err 154 } 155 if err = addOpPutBucketPolicyValidationMiddleware(stack); err != nil { 156 return err 157 } 158 if err = stack.Initialize.Add(newServiceMetadataMiddleware_opPutBucketPolicy(options.Region), middleware.Before); err != nil { 159 return err 160 } 161 if err = addMetadataRetrieverMiddleware(stack); err != nil { 162 return err 163 } 164 if err = addPutBucketPolicyUpdateEndpoint(stack, options); err != nil { 165 return err 166 } 167 if err = addResponseErrorMiddleware(stack); err != nil { 168 return err 169 } 170 if err = v4.AddContentSHA256HeaderMiddleware(stack); err != nil { 171 return err 172 } 173 if err = addRequestResponseLogging(stack, options); err != nil { 174 return err 175 } 176 if err = smithyhttp.AddContentChecksumMiddleware(stack); err != nil { 177 return err 178 } 179 return nil 180} 181 182type endpointPrefix_opPutBucketPolicyMiddleware struct { 183} 184 185func (*endpointPrefix_opPutBucketPolicyMiddleware) ID() string { 186 return "EndpointHostPrefix" 187} 188 189func (m *endpointPrefix_opPutBucketPolicyMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) ( 190 out middleware.SerializeOutput, metadata middleware.Metadata, err error, 191) { 192 if smithyhttp.GetHostnameImmutable(ctx) || smithyhttp.IsEndpointHostPrefixDisabled(ctx) { 193 return next.HandleSerialize(ctx, in) 194 } 195 196 req, ok := in.Request.(*smithyhttp.Request) 197 if !ok { 198 return out, metadata, fmt.Errorf("unknown transport type %T", in.Request) 199 } 200 201 input, ok := in.Parameters.(*PutBucketPolicyInput) 202 if !ok { 203 return out, metadata, fmt.Errorf("unknown input type %T", in.Parameters) 204 } 205 206 var prefix strings.Builder 207 if input.AccountId == nil { 208 return out, metadata, &smithy.SerializationError{Err: fmt.Errorf("AccountId forms part of the endpoint host and so may not be nil")} 209 } else if !smithyhttp.ValidHostLabel(*input.AccountId) { 210 return out, metadata, &smithy.SerializationError{Err: fmt.Errorf("AccountId forms part of the endpoint host and so must match \"[a-zA-Z0-9-]{1,63}\", but was \"%s\"", *input.AccountId)} 211 } else { 212 prefix.WriteString(*input.AccountId) 213 } 214 prefix.WriteString(".") 215 req.URL.Host = prefix.String() + req.URL.Host 216 217 return next.HandleSerialize(ctx, in) 218} 219func addEndpointPrefix_opPutBucketPolicyMiddleware(stack *middleware.Stack) error { 220 return stack.Serialize.Insert(&endpointPrefix_opPutBucketPolicyMiddleware{}, `OperationSerializer`, middleware.After) 221} 222 223func newServiceMetadataMiddleware_opPutBucketPolicy(region string) *awsmiddleware.RegisterServiceMetadata { 224 return &awsmiddleware.RegisterServiceMetadata{ 225 Region: region, 226 ServiceID: ServiceID, 227 SigningName: "s3", 228 OperationName: "PutBucketPolicy", 229 } 230} 231 232func copyPutBucketPolicyInputForUpdateEndpoint(params interface{}) (interface{}, error) { 233 input, ok := params.(*PutBucketPolicyInput) 234 if !ok { 235 return nil, fmt.Errorf("expect *PutBucketPolicyInput type, got %T", params) 236 } 237 cpy := *input 238 return &cpy, nil 239} 240func getPutBucketPolicyARNMember(input interface{}) (*string, bool) { 241 in := input.(*PutBucketPolicyInput) 242 if in.Bucket == nil { 243 return nil, false 244 } 245 return in.Bucket, true 246} 247func setPutBucketPolicyARNMember(input interface{}, v string) error { 248 in := input.(*PutBucketPolicyInput) 249 in.Bucket = &v 250 return nil 251} 252func backFillPutBucketPolicyAccountID(input interface{}, v string) error { 253 in := input.(*PutBucketPolicyInput) 254 if in.AccountId != nil { 255 if !strings.EqualFold(*in.AccountId, v) { 256 return fmt.Errorf("error backfilling account id") 257 } 258 return nil 259 } 260 in.AccountId = &v 261 return nil 262} 263func addPutBucketPolicyUpdateEndpoint(stack *middleware.Stack, options Options) error { 264 return s3controlcust.UpdateEndpoint(stack, s3controlcust.UpdateEndpointOptions{ 265 Accessor: s3controlcust.UpdateEndpointParameterAccessor{GetARNInput: getPutBucketPolicyARNMember, 266 BackfillAccountID: backFillPutBucketPolicyAccountID, 267 GetOutpostIDInput: nopGetOutpostIDFromInput, 268 UpdateARNField: setPutBucketPolicyARNMember, 269 CopyInput: copyPutBucketPolicyInputForUpdateEndpoint, 270 }, 271 EndpointResolver: options.EndpointResolver, 272 EndpointResolverOptions: options.EndpointOptions, 273 UseDualstack: options.UseDualstack, 274 UseARNRegion: options.UseARNRegion, 275 }) 276} 277