1// Code generated by smithy-go-codegen DO NOT EDIT. 2 3package transfer 4 5import ( 6 "context" 7 awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware" 8 "github.com/aws/aws-sdk-go-v2/aws/signer/v4" 9 "github.com/aws/aws-sdk-go-v2/service/transfer/types" 10 "github.com/aws/smithy-go/middleware" 11 smithyhttp "github.com/aws/smithy-go/transport/http" 12) 13 14// Allows you to update parameters for the access specified in the ServerID and 15// ExternalID parameters. 16func (c *Client) UpdateAccess(ctx context.Context, params *UpdateAccessInput, optFns ...func(*Options)) (*UpdateAccessOutput, error) { 17 if params == nil { 18 params = &UpdateAccessInput{} 19 } 20 21 result, metadata, err := c.invokeOperation(ctx, "UpdateAccess", params, optFns, c.addOperationUpdateAccessMiddlewares) 22 if err != nil { 23 return nil, err 24 } 25 26 out := result.(*UpdateAccessOutput) 27 out.ResultMetadata = metadata 28 return out, nil 29} 30 31type UpdateAccessInput struct { 32 33 // A unique identifier that is required to identify specific groups within your 34 // directory. The users of the group that you associate have access to your Amazon 35 // S3 or Amazon EFS resources over the enabled protocols using Amazon Web Services 36 // Transfer Family. If you know the group name, you can view the SID values by 37 // running the following command using Windows PowerShell. Get-ADGroup -Filter 38 // {samAccountName -like "YourGroupName*"} -Properties * | Select 39 // SamAccountName,ObjectSid In that command, replace YourGroupName with the name of 40 // your Active Directory group. The regex used to validate this parameter is a 41 // string of characters consisting of uppercase and lowercase alphanumeric 42 // characters with no spaces. You can also include underscores or any of the 43 // following characters: =,.@:/- 44 // 45 // This member is required. 46 ExternalId *string 47 48 // A system-assigned unique identifier for a server instance. This is the specific 49 // server that you added your user to. 50 // 51 // This member is required. 52 ServerId *string 53 54 // The landing directory (folder) for a user when they log in to the server using 55 // the client. A HomeDirectory example is /bucket_name/home/mydirectory. 56 HomeDirectory *string 57 58 // Logical directory mappings that specify what Amazon S3 or Amazon EFS paths and 59 // keys should be visible to your user and how you want to make them visible. You 60 // must specify the Entry and Target pair, where Entry shows how the path is made 61 // visible and Target is the actual Amazon S3 or Amazon EFS path. If you only 62 // specify a target, it is displayed as is. You also must ensure that your Amazon 63 // Web Services Identity and Access Management (IAM) role provides access to paths 64 // in Target. This value can only be set when HomeDirectoryType is set to LOGICAL. 65 // The following is an Entry and Target pair example. [ { "Entry": 66 // "your-personal-report.pdf", "Target": 67 // "/bucket3/customized-reports/${transfer:UserName}.pdf" } ] In most cases, you 68 // can use this value instead of the session policy to lock down your user to the 69 // designated home directory ("chroot"). To do this, you can set Entry to / and set 70 // Target to the HomeDirectory parameter value. The following is an Entry and 71 // Target pair example for chroot. [ { "Entry:": "/", "Target": 72 // "/bucket_name/home/mydirectory" } ] If the target of a logical directory entry 73 // does not exist in Amazon S3 or EFS, the entry is ignored. As a workaround, you 74 // can use the Amazon S3 API or EFS API to create 0 byte objects as place holders 75 // for your directory. If using the CLI, use the s3api or efsapi call instead of s3 76 // or efs so you can use the put-object operation. For example, you use the 77 // following: aws s3api put-object --bucket bucketname --key path/to/folder/. Make 78 // sure that the end of the key name ends in a / for it to be considered a folder. 79 HomeDirectoryMappings []types.HomeDirectoryMapEntry 80 81 // The type of landing directory (folder) you want your users' home directory to be 82 // when they log into the server. If you set it to PATH, the user will see the 83 // absolute Amazon S3 bucket or EFS paths as is in their file transfer protocol 84 // clients. If you set it LOGICAL, you need to provide mappings in the 85 // HomeDirectoryMappings for how you want to make Amazon S3 or EFS paths visible to 86 // your users. 87 HomeDirectoryType types.HomeDirectoryType 88 89 // A session policy for your user so that you can use the same IAM role across 90 // multiple users. This policy scopes down user access to portions of their Amazon 91 // S3 bucket. Variables that you can use inside this policy include 92 // ${Transfer:UserName}, ${Transfer:HomeDirectory}, and ${Transfer:HomeBucket}. 93 // This only applies when the domain of ServerId is S3. EFS does not use session 94 // policies. For session policies, Amazon Web Services Transfer Family stores the 95 // policy as a JSON blob, instead of the Amazon Resource Name (ARN) of the policy. 96 // You save the policy as a JSON blob and pass it in the Policy argument. For an 97 // example of a session policy, see Example session policy 98 // (https://docs.aws.amazon.com/transfer/latest/userguide/session-policy.html). For 99 // more information, see AssumeRole 100 // (https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRole.html) in the 101 // Amazon Web ServicesSecurity Token Service API Reference. 102 Policy *string 103 104 // The full POSIX identity, including user ID (Uid), group ID (Gid), and any 105 // secondary groups IDs (SecondaryGids), that controls your users' access to your 106 // Amazon EFS file systems. The POSIX permissions that are set on files and 107 // directories in your file system determine the level of access your users get 108 // when transferring files into and out of your Amazon EFS file systems. 109 PosixProfile *types.PosixProfile 110 111 // Specifies the Amazon Resource Name (ARN) of the IAM role that controls your 112 // users' access to your Amazon S3 bucket or EFS file system. The policies attached 113 // to this role determine the level of access that you want to provide your users 114 // when transferring files into and out of your Amazon S3 bucket or EFS file 115 // system. The IAM role should also contain a trust relationship that allows the 116 // server to access your resources when servicing your users' transfer requests. 117 Role *string 118 119 noSmithyDocumentSerde 120} 121 122type UpdateAccessOutput struct { 123 124 // The external ID of the group whose users have access to your Amazon S3 or Amazon 125 // EFS resources over the enabled protocols using Amazon Web ServicesTransfer 126 // Family. 127 // 128 // This member is required. 129 ExternalId *string 130 131 // The ID of the server that the user is attached to. 132 // 133 // This member is required. 134 ServerId *string 135 136 // Metadata pertaining to the operation's result. 137 ResultMetadata middleware.Metadata 138 139 noSmithyDocumentSerde 140} 141 142func (c *Client) addOperationUpdateAccessMiddlewares(stack *middleware.Stack, options Options) (err error) { 143 err = stack.Serialize.Add(&awsAwsjson11_serializeOpUpdateAccess{}, middleware.After) 144 if err != nil { 145 return err 146 } 147 err = stack.Deserialize.Add(&awsAwsjson11_deserializeOpUpdateAccess{}, middleware.After) 148 if err != nil { 149 return err 150 } 151 if err = addSetLoggerMiddleware(stack, options); err != nil { 152 return err 153 } 154 if err = awsmiddleware.AddClientRequestIDMiddleware(stack); err != nil { 155 return err 156 } 157 if err = smithyhttp.AddComputeContentLengthMiddleware(stack); err != nil { 158 return err 159 } 160 if err = addResolveEndpointMiddleware(stack, options); err != nil { 161 return err 162 } 163 if err = v4.AddComputePayloadSHA256Middleware(stack); err != nil { 164 return err 165 } 166 if err = addRetryMiddlewares(stack, options); err != nil { 167 return err 168 } 169 if err = addHTTPSignerV4Middleware(stack, options); err != nil { 170 return err 171 } 172 if err = awsmiddleware.AddRawResponseToMetadata(stack); err != nil { 173 return err 174 } 175 if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil { 176 return err 177 } 178 if err = addClientUserAgent(stack); err != nil { 179 return err 180 } 181 if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil { 182 return err 183 } 184 if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil { 185 return err 186 } 187 if err = addOpUpdateAccessValidationMiddleware(stack); err != nil { 188 return err 189 } 190 if err = stack.Initialize.Add(newServiceMetadataMiddleware_opUpdateAccess(options.Region), middleware.Before); err != nil { 191 return err 192 } 193 if err = addRequestIDRetrieverMiddleware(stack); err != nil { 194 return err 195 } 196 if err = addResponseErrorMiddleware(stack); err != nil { 197 return err 198 } 199 if err = addRequestResponseLogging(stack, options); err != nil { 200 return err 201 } 202 return nil 203} 204 205func newServiceMetadataMiddleware_opUpdateAccess(region string) *awsmiddleware.RegisterServiceMetadata { 206 return &awsmiddleware.RegisterServiceMetadata{ 207 Region: region, 208 ServiceID: ServiceID, 209 SigningName: "transfer", 210 OperationName: "UpdateAccess", 211 } 212} 213