1// Code generated by smithy-go-codegen DO NOT EDIT. 2 3package s3control 4 5import ( 6 "context" 7 "fmt" 8 awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware" 9 "github.com/aws/aws-sdk-go-v2/aws/signer/v4" 10 s3controlcust "github.com/aws/aws-sdk-go-v2/service/s3control/internal/customizations" 11 smithy "github.com/aws/smithy-go" 12 "github.com/aws/smithy-go/middleware" 13 smithyhttp "github.com/aws/smithy-go/transport/http" 14 "strings" 15) 16 17// This action puts a bucket policy to an Amazon S3 on Outposts bucket. To put a 18// policy on an S3 bucket, see PutBucketPolicy 19// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketPolicy.html) in 20// the Amazon Simple Storage Service API. Applies an Amazon S3 bucket policy to an 21// Outposts bucket. For more information, see Using Amazon S3 on Outposts 22// (https://docs.aws.amazon.com/AmazonS3/latest/dev/S3onOutposts.html) in the 23// Amazon Simple Storage Service Developer Guide. If you are using an identity 24// other than the root user of the AWS account that owns the Outposts bucket, the 25// calling identity must have the PutBucketPolicy permissions on the specified 26// Outposts bucket and belong to the bucket owner's account in order to use this 27// operation. If you don't have PutBucketPolicy permissions, Amazon S3 returns a 28// 403 Access Denied error. If you have the correct permissions, but you're not 29// using an identity that belongs to the bucket owner's account, Amazon S3 returns 30// a 405 Method Not Allowed error. As a security precaution, the root user of the 31// AWS account that owns a bucket can always use this operation, even if the policy 32// explicitly denies the root user the ability to perform this action. For more 33// information about bucket policies, see Using Bucket Policies and User Policies 34// (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-iam-policies.html). All 35// Amazon S3 on Outposts REST API requests for this action require an additional 36// parameter of x-amz-outpost-id to be passed with the request and an S3 on 37// Outposts endpoint hostname prefix instead of s3-control. For an example of the 38// request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint 39// hostname prefix and the x-amz-outpost-id derived using the access point ARN, see 40// the Examples 41// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_PutBucketPolicy.html#API_control_PutBucketPolicy_Examples) 42// section. The following actions are related to PutBucketPolicy: 43// 44// * 45// GetBucketPolicy 46// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_GetBucketPolicy.html) 47// 48// * 49// DeleteBucketPolicy 50// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_DeleteBucketPolicy.html) 51func (c *Client) PutBucketPolicy(ctx context.Context, params *PutBucketPolicyInput, optFns ...func(*Options)) (*PutBucketPolicyOutput, error) { 52 if params == nil { 53 params = &PutBucketPolicyInput{} 54 } 55 56 result, metadata, err := c.invokeOperation(ctx, "PutBucketPolicy", params, optFns, addOperationPutBucketPolicyMiddlewares) 57 if err != nil { 58 return nil, err 59 } 60 61 out := result.(*PutBucketPolicyOutput) 62 out.ResultMetadata = metadata 63 return out, nil 64} 65 66type PutBucketPolicyInput struct { 67 68 // The AWS account ID of the Outposts bucket. 69 // 70 // This member is required. 71 AccountId *string 72 73 // Specifies the bucket. For using this parameter with Amazon S3 on Outposts with 74 // the REST API, you must specify the name and the x-amz-outpost-id as well. For 75 // using this parameter with S3 on Outposts with the AWS SDK and CLI, you must 76 // specify the ARN of the bucket accessed in the format 77 // arn:aws:s3-outposts:::outpost//bucket/. For example, to access the bucket 78 // reports through outpost my-outpost owned by account 123456789012 in Region 79 // us-west-2, use the URL encoding of 80 // arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/bucket/reports. 81 // The value must be URL encoded. 82 // 83 // This member is required. 84 Bucket *string 85 86 // The bucket policy as a JSON document. 87 // 88 // This member is required. 89 Policy *string 90 91 // Set this parameter to true to confirm that you want to remove your permissions 92 // to change this bucket policy in the future. This is not supported by Amazon S3 93 // on Outposts buckets. 94 ConfirmRemoveSelfBucketAccess bool 95} 96 97type PutBucketPolicyOutput struct { 98 // Metadata pertaining to the operation's result. 99 ResultMetadata middleware.Metadata 100} 101 102func addOperationPutBucketPolicyMiddlewares(stack *middleware.Stack, options Options) (err error) { 103 err = stack.Serialize.Add(&awsRestxml_serializeOpPutBucketPolicy{}, middleware.After) 104 if err != nil { 105 return err 106 } 107 err = stack.Deserialize.Add(&awsRestxml_deserializeOpPutBucketPolicy{}, middleware.After) 108 if err != nil { 109 return err 110 } 111 if err = addSetLoggerMiddleware(stack, options); err != nil { 112 return err 113 } 114 if err = awsmiddleware.AddClientRequestIDMiddleware(stack); err != nil { 115 return err 116 } 117 if err = smithyhttp.AddComputeContentLengthMiddleware(stack); err != nil { 118 return err 119 } 120 if err = addResolveEndpointMiddleware(stack, options); err != nil { 121 return err 122 } 123 if err = v4.AddComputePayloadSHA256Middleware(stack); err != nil { 124 return err 125 } 126 if err = addRetryMiddlewares(stack, options); err != nil { 127 return err 128 } 129 if err = addHTTPSignerV4Middleware(stack, options); err != nil { 130 return err 131 } 132 if err = awsmiddleware.AddRawResponseToMetadata(stack); err != nil { 133 return err 134 } 135 if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil { 136 return err 137 } 138 if err = addClientUserAgent(stack); err != nil { 139 return err 140 } 141 if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil { 142 return err 143 } 144 if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil { 145 return err 146 } 147 if err = addEndpointPrefix_opPutBucketPolicyMiddleware(stack); err != nil { 148 return err 149 } 150 if err = addOpPutBucketPolicyValidationMiddleware(stack); err != nil { 151 return err 152 } 153 if err = stack.Initialize.Add(newServiceMetadataMiddleware_opPutBucketPolicy(options.Region), middleware.Before); err != nil { 154 return err 155 } 156 if err = addMetadataRetrieverMiddleware(stack); err != nil { 157 return err 158 } 159 if err = addPutBucketPolicyUpdateEndpoint(stack, options); err != nil { 160 return err 161 } 162 if err = addResponseErrorMiddleware(stack); err != nil { 163 return err 164 } 165 if err = v4.AddContentSHA256HeaderMiddleware(stack); err != nil { 166 return err 167 } 168 if err = addRequestResponseLogging(stack, options); err != nil { 169 return err 170 } 171 if err = smithyhttp.AddContentChecksumMiddleware(stack); err != nil { 172 return err 173 } 174 return nil 175} 176 177type endpointPrefix_opPutBucketPolicyMiddleware struct { 178} 179 180func (*endpointPrefix_opPutBucketPolicyMiddleware) ID() string { 181 return "EndpointHostPrefix" 182} 183 184func (m *endpointPrefix_opPutBucketPolicyMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) ( 185 out middleware.SerializeOutput, metadata middleware.Metadata, err error, 186) { 187 if smithyhttp.GetHostnameImmutable(ctx) || smithyhttp.IsEndpointHostPrefixDisabled(ctx) { 188 return next.HandleSerialize(ctx, in) 189 } 190 191 req, ok := in.Request.(*smithyhttp.Request) 192 if !ok { 193 return out, metadata, fmt.Errorf("unknown transport type %T", in.Request) 194 } 195 196 input, ok := in.Parameters.(*PutBucketPolicyInput) 197 if !ok { 198 return out, metadata, fmt.Errorf("unknown input type %T", in.Parameters) 199 } 200 201 var prefix strings.Builder 202 if input.AccountId == nil { 203 return out, metadata, &smithy.SerializationError{Err: fmt.Errorf("AccountId forms part of the endpoint host and so may not be nil")} 204 } else if !smithyhttp.ValidHostLabel(*input.AccountId) { 205 return out, metadata, &smithy.SerializationError{Err: fmt.Errorf("AccountId forms part of the endpoint host and so must match \"[a-zA-Z0-9-]{1,63}\", but was \"%s\"", *input.AccountId)} 206 } else { 207 prefix.WriteString(*input.AccountId) 208 } 209 prefix.WriteString(".") 210 req.URL.Host = prefix.String() + req.URL.Host 211 212 return next.HandleSerialize(ctx, in) 213} 214func addEndpointPrefix_opPutBucketPolicyMiddleware(stack *middleware.Stack) error { 215 return stack.Serialize.Insert(&endpointPrefix_opPutBucketPolicyMiddleware{}, `OperationSerializer`, middleware.After) 216} 217 218func newServiceMetadataMiddleware_opPutBucketPolicy(region string) *awsmiddleware.RegisterServiceMetadata { 219 return &awsmiddleware.RegisterServiceMetadata{ 220 Region: region, 221 ServiceID: ServiceID, 222 SigningName: "s3", 223 OperationName: "PutBucketPolicy", 224 } 225} 226 227func copyPutBucketPolicyInputForUpdateEndpoint(params interface{}) (interface{}, error) { 228 input, ok := params.(*PutBucketPolicyInput) 229 if !ok { 230 return nil, fmt.Errorf("expect *PutBucketPolicyInput type, got %T", params) 231 } 232 cpy := *input 233 return &cpy, nil 234} 235func getPutBucketPolicyARNMember(input interface{}) (*string, bool) { 236 in := input.(*PutBucketPolicyInput) 237 if in.Bucket == nil { 238 return nil, false 239 } 240 return in.Bucket, true 241} 242func setPutBucketPolicyARNMember(input interface{}, v string) error { 243 in := input.(*PutBucketPolicyInput) 244 in.Bucket = &v 245 return nil 246} 247func backFillPutBucketPolicyAccountID(input interface{}, v string) error { 248 in := input.(*PutBucketPolicyInput) 249 if in.AccountId != nil { 250 if !strings.EqualFold(*in.AccountId, v) { 251 return fmt.Errorf("error backfilling account id") 252 } 253 return nil 254 } 255 in.AccountId = &v 256 return nil 257} 258func addPutBucketPolicyUpdateEndpoint(stack *middleware.Stack, options Options) error { 259 return s3controlcust.UpdateEndpoint(stack, s3controlcust.UpdateEndpointOptions{ 260 Accessor: s3controlcust.UpdateEndpointParameterAccessor{GetARNInput: getPutBucketPolicyARNMember, 261 BackfillAccountID: backFillPutBucketPolicyAccountID, 262 GetOutpostIDInput: nopGetOutpostIDFromInput, 263 UpdateARNField: setPutBucketPolicyARNMember, 264 CopyInput: copyPutBucketPolicyInputForUpdateEndpoint, 265 }, 266 EndpointResolver: options.EndpointResolver, 267 EndpointResolverOptions: options.EndpointOptions, 268 UseDualstack: options.UseDualstack, 269 UseARNRegion: options.UseARNRegion, 270 }) 271} 272