1// Code generated by smithy-go-codegen DO NOT EDIT. 2 3package transfer 4 5import ( 6 "context" 7 awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware" 8 "github.com/aws/aws-sdk-go-v2/aws/signer/v4" 9 "github.com/aws/aws-sdk-go-v2/service/transfer/types" 10 "github.com/aws/smithy-go/middleware" 11 smithyhttp "github.com/aws/smithy-go/transport/http" 12) 13 14// Creates a user and associates them with an existing file transfer 15// protocol-enabled server. You can only create and associate users with servers 16// that have the IdentityProviderType set to SERVICE_MANAGED. Using parameters for 17// CreateUser, you can specify the user name, set the home directory, store the 18// user's public key, and assign the user's Amazon Web Services Identity and Access 19// Management (IAM) role. You can also optionally add a session policy, and assign 20// metadata with tags that can be used to group and search for users. 21func (c *Client) CreateUser(ctx context.Context, params *CreateUserInput, optFns ...func(*Options)) (*CreateUserOutput, error) { 22 if params == nil { 23 params = &CreateUserInput{} 24 } 25 26 result, metadata, err := c.invokeOperation(ctx, "CreateUser", params, optFns, c.addOperationCreateUserMiddlewares) 27 if err != nil { 28 return nil, err 29 } 30 31 out := result.(*CreateUserOutput) 32 out.ResultMetadata = metadata 33 return out, nil 34} 35 36type CreateUserInput struct { 37 38 // Specifies the Amazon Resource Name (ARN) of the IAM role that controls your 39 // users' access to your Amazon S3 bucket or EFS file system. The policies attached 40 // to this role determine the level of access that you want to provide your users 41 // when transferring files into and out of your Amazon S3 bucket or EFS file 42 // system. The IAM role should also contain a trust relationship that allows the 43 // server to access your resources when servicing your users' transfer requests. 44 // 45 // This member is required. 46 Role *string 47 48 // A system-assigned unique identifier for a server instance. This is the specific 49 // server that you added your user to. 50 // 51 // This member is required. 52 ServerId *string 53 54 // A unique string that identifies a user and is associated with a ServerId. This 55 // user name must be a minimum of 3 and a maximum of 100 characters long. The 56 // following are valid characters: a-z, A-Z, 0-9, underscore '_', hyphen '-', 57 // period '.', and at sign '@'. The user name can't start with a hyphen, period, or 58 // at sign. 59 // 60 // This member is required. 61 UserName *string 62 63 // The landing directory (folder) for a user when they log in to the server using 64 // the client. A HomeDirectory example is /bucket_name/home/mydirectory. 65 HomeDirectory *string 66 67 // Logical directory mappings that specify what Amazon S3 or Amazon EFS paths and 68 // keys should be visible to your user and how you want to make them visible. You 69 // must specify the Entry and Target pair, where Entry shows how the path is made 70 // visible and Target is the actual Amazon S3 or Amazon EFS path. If you only 71 // specify a target, it is displayed as is. You also must ensure that your Amazon 72 // Web Services Identity and Access Management (IAM) role provides access to paths 73 // in Target. This value can only be set when HomeDirectoryType is set to LOGICAL. 74 // The following is an Entry and Target pair example. [ { "Entry": 75 // "your-personal-report.pdf", "Target": 76 // "/bucket3/customized-reports/${transfer:UserName}.pdf" } ] In most cases, you 77 // can use this value instead of the session policy to lock your user down to the 78 // designated home directory ("chroot"). To do this, you can set Entry to / and set 79 // Target to the HomeDirectory parameter value. The following is an Entry and 80 // Target pair example for chroot. [ { "Entry:": "/", "Target": 81 // "/bucket_name/home/mydirectory" } ] If the target of a logical directory entry 82 // does not exist in Amazon S3 or EFS, the entry is ignored. As a workaround, you 83 // can use the Amazon S3 API or EFS API to create 0 byte objects as place holders 84 // for your directory. If using the CLI, use the s3api or efsapi call instead of s3 85 // or efs so you can use the put-object operation. For example, you use the 86 // following: aws s3api put-object --bucket bucketname --key path/to/folder/. Make 87 // sure that the end of the key name ends in a / for it to be considered a folder. 88 HomeDirectoryMappings []types.HomeDirectoryMapEntry 89 90 // The type of landing directory (folder) you want your users' home directory to be 91 // when they log into the server. If you set it to PATH, the user will see the 92 // absolute Amazon S3 bucket or EFS paths as is in their file transfer protocol 93 // clients. If you set it LOGICAL, you need to provide mappings in the 94 // HomeDirectoryMappings for how you want to make Amazon S3 or EFS paths visible to 95 // your users. 96 HomeDirectoryType types.HomeDirectoryType 97 98 // A session policy for your user so that you can use the same IAM role across 99 // multiple users. This policy scopes down user access to portions of their Amazon 100 // S3 bucket. Variables that you can use inside this policy include 101 // ${Transfer:UserName}, ${Transfer:HomeDirectory}, and ${Transfer:HomeBucket}. 102 // This only applies when the domain of ServerId is S3. EFS does not use session 103 // policies. For session policies, Amazon Web Services Transfer Family stores the 104 // policy as a JSON blob, instead of the Amazon Resource Name (ARN) of the policy. 105 // You save the policy as a JSON blob and pass it in the Policy argument. For an 106 // example of a session policy, see Example session policy 107 // (https://docs.aws.amazon.com/transfer/latest/userguide/session-policy.html). For 108 // more information, see AssumeRole 109 // (https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRole.html) in the 110 // Amazon Web Services Security Token Service API Reference. 111 Policy *string 112 113 // Specifies the full POSIX identity, including user ID (Uid), group ID (Gid), and 114 // any secondary groups IDs (SecondaryGids), that controls your users' access to 115 // your Amazon EFS file systems. The POSIX permissions that are set on files and 116 // directories in Amazon EFS determine the level of access your users get when 117 // transferring files into and out of your Amazon EFS file systems. 118 PosixProfile *types.PosixProfile 119 120 // The public portion of the Secure Shell (SSH) key used to authenticate the user 121 // to the server. 122 SshPublicKeyBody *string 123 124 // Key-value pairs that can be used to group and search for users. Tags are 125 // metadata attached to users for any purpose. 126 Tags []types.Tag 127 128 noSmithyDocumentSerde 129} 130 131type CreateUserOutput struct { 132 133 // The ID of the server that the user is attached to. 134 // 135 // This member is required. 136 ServerId *string 137 138 // A unique string that identifies a user account associated with a server. 139 // 140 // This member is required. 141 UserName *string 142 143 // Metadata pertaining to the operation's result. 144 ResultMetadata middleware.Metadata 145 146 noSmithyDocumentSerde 147} 148 149func (c *Client) addOperationCreateUserMiddlewares(stack *middleware.Stack, options Options) (err error) { 150 err = stack.Serialize.Add(&awsAwsjson11_serializeOpCreateUser{}, middleware.After) 151 if err != nil { 152 return err 153 } 154 err = stack.Deserialize.Add(&awsAwsjson11_deserializeOpCreateUser{}, middleware.After) 155 if err != nil { 156 return err 157 } 158 if err = addSetLoggerMiddleware(stack, options); err != nil { 159 return err 160 } 161 if err = awsmiddleware.AddClientRequestIDMiddleware(stack); err != nil { 162 return err 163 } 164 if err = smithyhttp.AddComputeContentLengthMiddleware(stack); err != nil { 165 return err 166 } 167 if err = addResolveEndpointMiddleware(stack, options); err != nil { 168 return err 169 } 170 if err = v4.AddComputePayloadSHA256Middleware(stack); err != nil { 171 return err 172 } 173 if err = addRetryMiddlewares(stack, options); err != nil { 174 return err 175 } 176 if err = addHTTPSignerV4Middleware(stack, options); err != nil { 177 return err 178 } 179 if err = awsmiddleware.AddRawResponseToMetadata(stack); err != nil { 180 return err 181 } 182 if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil { 183 return err 184 } 185 if err = addClientUserAgent(stack); err != nil { 186 return err 187 } 188 if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil { 189 return err 190 } 191 if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil { 192 return err 193 } 194 if err = addOpCreateUserValidationMiddleware(stack); err != nil { 195 return err 196 } 197 if err = stack.Initialize.Add(newServiceMetadataMiddleware_opCreateUser(options.Region), middleware.Before); err != nil { 198 return err 199 } 200 if err = addRequestIDRetrieverMiddleware(stack); err != nil { 201 return err 202 } 203 if err = addResponseErrorMiddleware(stack); err != nil { 204 return err 205 } 206 if err = addRequestResponseLogging(stack, options); err != nil { 207 return err 208 } 209 return nil 210} 211 212func newServiceMetadataMiddleware_opCreateUser(region string) *awsmiddleware.RegisterServiceMetadata { 213 return &awsmiddleware.RegisterServiceMetadata{ 214 Region: region, 215 ServiceID: ServiceID, 216 SigningName: "transfer", 217 OperationName: "CreateUser", 218 } 219} 220