1// Code generated by smithy-go-codegen DO NOT EDIT.
2
3package s3control
4
5import (
6	"context"
7	"fmt"
8	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
9	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
10	s3controlcust "github.com/aws/aws-sdk-go-v2/service/s3control/internal/customizations"
11	smithy "github.com/aws/smithy-go"
12	"github.com/aws/smithy-go/middleware"
13	smithyhttp "github.com/aws/smithy-go/transport/http"
14	"strings"
15)
16
17// This action puts a bucket policy to an Amazon S3 on Outposts bucket. To put a
18// policy on an S3 bucket, see PutBucketPolicy
19// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketPolicy.html) in
20// the Amazon Simple Storage Service API. Applies an Amazon S3 bucket policy to an
21// Outposts bucket. For more information, see Using Amazon S3 on Outposts
22// (https://docs.aws.amazon.com/AmazonS3/latest/dev/S3onOutposts.html) in the
23// Amazon Simple Storage Service Developer Guide. If you are using an identity
24// other than the root user of the AWS account that owns the Outposts bucket, the
25// calling identity must have the PutBucketPolicy permissions on the specified
26// Outposts bucket and belong to the bucket owner's account in order to use this
27// operation. If you don't have PutBucketPolicy permissions, Amazon S3 returns a
28// 403 Access Denied error. If you have the correct permissions, but you're not
29// using an identity that belongs to the bucket owner's account, Amazon S3 returns
30// a 405 Method Not Allowed error. As a security precaution, the root user of the
31// AWS account that owns a bucket can always use this operation, even if the policy
32// explicitly denies the root user the ability to perform this action. For more
33// information about bucket policies, see Using Bucket Policies and User Policies
34// (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-iam-policies.html). All
35// Amazon S3 on Outposts REST API requests for this action require an additional
36// parameter of x-amz-outpost-id to be passed with the request and an S3 on
37// Outposts endpoint hostname prefix instead of s3-control. For an example of the
38// request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint
39// hostname prefix and the x-amz-outpost-id derived using the access point ARN, see
40// the Examples
41// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_PutBucketPolicy.html#API_control_PutBucketPolicy_Examples)
42// section. The following actions are related to PutBucketPolicy:
43//
44// *
45// GetBucketPolicy
46// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_GetBucketPolicy.html)
47//
48// *
49// DeleteBucketPolicy
50// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_DeleteBucketPolicy.html)
51func (c *Client) PutBucketPolicy(ctx context.Context, params *PutBucketPolicyInput, optFns ...func(*Options)) (*PutBucketPolicyOutput, error) {
52	if params == nil {
53		params = &PutBucketPolicyInput{}
54	}
55
56	result, metadata, err := c.invokeOperation(ctx, "PutBucketPolicy", params, optFns, addOperationPutBucketPolicyMiddlewares)
57	if err != nil {
58		return nil, err
59	}
60
61	out := result.(*PutBucketPolicyOutput)
62	out.ResultMetadata = metadata
63	return out, nil
64}
65
66type PutBucketPolicyInput struct {
67
68	// The AWS account ID of the Outposts bucket.
69	//
70	// This member is required.
71	AccountId *string
72
73	// Specifies the bucket. For using this parameter with Amazon S3 on Outposts with
74	// the REST API, you must specify the name and the x-amz-outpost-id as well. For
75	// using this parameter with S3 on Outposts with the AWS SDK and CLI, you must
76	// specify the ARN of the bucket accessed in the format
77	// arn:aws:s3-outposts:::outpost//bucket/. For example, to access the bucket
78	// reports through outpost my-outpost owned by account 123456789012 in Region
79	// us-west-2, use the URL encoding of
80	// arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/bucket/reports.
81	// The value must be URL encoded.
82	//
83	// This member is required.
84	Bucket *string
85
86	// The bucket policy as a JSON document.
87	//
88	// This member is required.
89	Policy *string
90
91	// Set this parameter to true to confirm that you want to remove your permissions
92	// to change this bucket policy in the future. This is not supported by Amazon S3
93	// on Outposts buckets.
94	ConfirmRemoveSelfBucketAccess bool
95}
96
97type PutBucketPolicyOutput struct {
98	// Metadata pertaining to the operation's result.
99	ResultMetadata middleware.Metadata
100}
101
102func addOperationPutBucketPolicyMiddlewares(stack *middleware.Stack, options Options) (err error) {
103	err = stack.Serialize.Add(&awsRestxml_serializeOpPutBucketPolicy{}, middleware.After)
104	if err != nil {
105		return err
106	}
107	err = stack.Deserialize.Add(&awsRestxml_deserializeOpPutBucketPolicy{}, middleware.After)
108	if err != nil {
109		return err
110	}
111	if err = addSetLoggerMiddleware(stack, options); err != nil {
112		return err
113	}
114	if err = awsmiddleware.AddClientRequestIDMiddleware(stack); err != nil {
115		return err
116	}
117	if err = smithyhttp.AddComputeContentLengthMiddleware(stack); err != nil {
118		return err
119	}
120	if err = addResolveEndpointMiddleware(stack, options); err != nil {
121		return err
122	}
123	if err = v4.AddComputePayloadSHA256Middleware(stack); err != nil {
124		return err
125	}
126	if err = addRetryMiddlewares(stack, options); err != nil {
127		return err
128	}
129	if err = addHTTPSignerV4Middleware(stack, options); err != nil {
130		return err
131	}
132	if err = awsmiddleware.AddRawResponseToMetadata(stack); err != nil {
133		return err
134	}
135	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
136		return err
137	}
138	if err = addClientUserAgent(stack); err != nil {
139		return err
140	}
141	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
142		return err
143	}
144	if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil {
145		return err
146	}
147	if err = addEndpointPrefix_opPutBucketPolicyMiddleware(stack); err != nil {
148		return err
149	}
150	if err = addOpPutBucketPolicyValidationMiddleware(stack); err != nil {
151		return err
152	}
153	if err = stack.Initialize.Add(newServiceMetadataMiddleware_opPutBucketPolicy(options.Region), middleware.Before); err != nil {
154		return err
155	}
156	if err = addMetadataRetrieverMiddleware(stack); err != nil {
157		return err
158	}
159	if err = addPutBucketPolicyUpdateEndpoint(stack, options); err != nil {
160		return err
161	}
162	if err = addResponseErrorMiddleware(stack); err != nil {
163		return err
164	}
165	if err = v4.AddContentSHA256HeaderMiddleware(stack); err != nil {
166		return err
167	}
168	if err = addRequestResponseLogging(stack, options); err != nil {
169		return err
170	}
171	if err = smithyhttp.AddContentChecksumMiddleware(stack); err != nil {
172		return err
173	}
174	return nil
175}
176
177type endpointPrefix_opPutBucketPolicyMiddleware struct {
178}
179
180func (*endpointPrefix_opPutBucketPolicyMiddleware) ID() string {
181	return "EndpointHostPrefix"
182}
183
184func (m *endpointPrefix_opPutBucketPolicyMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
185	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
186) {
187	if smithyhttp.GetHostnameImmutable(ctx) || smithyhttp.IsEndpointHostPrefixDisabled(ctx) {
188		return next.HandleSerialize(ctx, in)
189	}
190
191	req, ok := in.Request.(*smithyhttp.Request)
192	if !ok {
193		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
194	}
195
196	input, ok := in.Parameters.(*PutBucketPolicyInput)
197	if !ok {
198		return out, metadata, fmt.Errorf("unknown input type %T", in.Parameters)
199	}
200
201	var prefix strings.Builder
202	if input.AccountId == nil {
203		return out, metadata, &smithy.SerializationError{Err: fmt.Errorf("AccountId forms part of the endpoint host and so may not be nil")}
204	} else if !smithyhttp.ValidHostLabel(*input.AccountId) {
205		return out, metadata, &smithy.SerializationError{Err: fmt.Errorf("AccountId forms part of the endpoint host and so must match \"[a-zA-Z0-9-]{1,63}\", but was \"%s\"", *input.AccountId)}
206	} else {
207		prefix.WriteString(*input.AccountId)
208	}
209	prefix.WriteString(".")
210	req.URL.Host = prefix.String() + req.URL.Host
211
212	return next.HandleSerialize(ctx, in)
213}
214func addEndpointPrefix_opPutBucketPolicyMiddleware(stack *middleware.Stack) error {
215	return stack.Serialize.Insert(&endpointPrefix_opPutBucketPolicyMiddleware{}, `OperationSerializer`, middleware.After)
216}
217
218func newServiceMetadataMiddleware_opPutBucketPolicy(region string) *awsmiddleware.RegisterServiceMetadata {
219	return &awsmiddleware.RegisterServiceMetadata{
220		Region:        region,
221		ServiceID:     ServiceID,
222		SigningName:   "s3",
223		OperationName: "PutBucketPolicy",
224	}
225}
226
227func copyPutBucketPolicyInputForUpdateEndpoint(params interface{}) (interface{}, error) {
228	input, ok := params.(*PutBucketPolicyInput)
229	if !ok {
230		return nil, fmt.Errorf("expect *PutBucketPolicyInput type, got %T", params)
231	}
232	cpy := *input
233	return &cpy, nil
234}
235func getPutBucketPolicyARNMember(input interface{}) (*string, bool) {
236	in := input.(*PutBucketPolicyInput)
237	if in.Bucket == nil {
238		return nil, false
239	}
240	return in.Bucket, true
241}
242func setPutBucketPolicyARNMember(input interface{}, v string) error {
243	in := input.(*PutBucketPolicyInput)
244	in.Bucket = &v
245	return nil
246}
247func backFillPutBucketPolicyAccountID(input interface{}, v string) error {
248	in := input.(*PutBucketPolicyInput)
249	if in.AccountId != nil {
250		if !strings.EqualFold(*in.AccountId, v) {
251			return fmt.Errorf("error backfilling account id")
252		}
253		return nil
254	}
255	in.AccountId = &v
256	return nil
257}
258func addPutBucketPolicyUpdateEndpoint(stack *middleware.Stack, options Options) error {
259	return s3controlcust.UpdateEndpoint(stack, s3controlcust.UpdateEndpointOptions{
260		Accessor: s3controlcust.UpdateEndpointParameterAccessor{GetARNInput: getPutBucketPolicyARNMember,
261			BackfillAccountID: backFillPutBucketPolicyAccountID,
262			GetOutpostIDInput: nopGetOutpostIDFromInput,
263			UpdateARNField:    setPutBucketPolicyARNMember,
264			CopyInput:         copyPutBucketPolicyInputForUpdateEndpoint,
265		},
266		EndpointResolver:        options.EndpointResolver,
267		EndpointResolverOptions: options.EndpointOptions,
268		UseDualstack:            options.UseDualstack,
269		UseARNRegion:            options.UseARNRegion,
270	})
271}
272