1// Code generated by smithy-go-codegen DO NOT EDIT.
2
3package acmpca
4
5import (
6	"context"
7	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
8	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
9	"github.com/aws/smithy-go/middleware"
10	smithyhttp "github.com/aws/smithy-go/transport/http"
11)
12
13// Attaches a resource-based policy to a private CA. A policy can also be applied
14// by sharing a private CA through AWS Resource Access Manager (RAM). For more
15// information, see Attach a Policy for Cross-Account Access
16// (https://docs.aws.amazon.com/acm-pca/latest/userguide/pca-ram.html). The policy
17// can be displayed with GetPolicy
18// (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_GetPolicy.html) and
19// removed with DeletePolicy
20// (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_DeletePolicy.html).
21// About Policies
22//
23// * A policy grants access on a private CA to an AWS customer
24// account, to AWS Organizations, or to an AWS Organizations unit. Policies are
25// under the control of a CA administrator. For more information, see Using a
26// Resource Based Policy with ACM Private CA
27// (https://docs.aws.amazon.com/acm-pca/latest/userguide/pca-rbp.html).
28//
29// * A policy
30// permits a user of AWS Certificate Manager (ACM) to issue ACM certificates signed
31// by a CA in another account.
32//
33// * For ACM to manage automatic renewal of these
34// certificates, the ACM user must configure a Service Linked Role (SLR). The SLR
35// allows the ACM service to assume the identity of the user, subject to
36// confirmation against the ACM Private CA policy. For more information, see Using
37// a Service Linked Role with ACM
38// (https://docs.aws.amazon.com/acm/latest/userguide/acm-slr.html).
39//
40// * Updates made
41// in AWS Resource Manager (RAM) are reflected in policies. For more information,
42// see Attach a Policy for Cross-Account Access
43// (https://docs.aws.amazon.com/acm-pca/latest/userguide/pca-ram.html).
44func (c *Client) PutPolicy(ctx context.Context, params *PutPolicyInput, optFns ...func(*Options)) (*PutPolicyOutput, error) {
45	if params == nil {
46		params = &PutPolicyInput{}
47	}
48
49	result, metadata, err := c.invokeOperation(ctx, "PutPolicy", params, optFns, addOperationPutPolicyMiddlewares)
50	if err != nil {
51		return nil, err
52	}
53
54	out := result.(*PutPolicyOutput)
55	out.ResultMetadata = metadata
56	return out, nil
57}
58
59type PutPolicyInput struct {
60
61	// The path and file name of a JSON-formatted IAM policy to attach to the specified
62	// private CA resource. If this policy does not contain all required statements or
63	// if it includes any statement that is not allowed, the PutPolicy action returns
64	// an InvalidPolicyException. For information about IAM policy and statement
65	// structure, see Overview of JSON Policies
66	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#access_policies-json).
67	//
68	// This member is required.
69	Policy *string
70
71	// The Amazon Resource Number (ARN) of the private CA to associate with the policy.
72	// The ARN of the CA can be found by calling the ListCertificateAuthorities
73	// (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_ListCertificateAuthorities.html)
74	// action.
75	//
76	// This member is required.
77	ResourceArn *string
78}
79
80type PutPolicyOutput struct {
81	// Metadata pertaining to the operation's result.
82	ResultMetadata middleware.Metadata
83}
84
85func addOperationPutPolicyMiddlewares(stack *middleware.Stack, options Options) (err error) {
86	err = stack.Serialize.Add(&awsAwsjson11_serializeOpPutPolicy{}, middleware.After)
87	if err != nil {
88		return err
89	}
90	err = stack.Deserialize.Add(&awsAwsjson11_deserializeOpPutPolicy{}, middleware.After)
91	if err != nil {
92		return err
93	}
94	if err = addSetLoggerMiddleware(stack, options); err != nil {
95		return err
96	}
97	if err = awsmiddleware.AddClientRequestIDMiddleware(stack); err != nil {
98		return err
99	}
100	if err = smithyhttp.AddComputeContentLengthMiddleware(stack); err != nil {
101		return err
102	}
103	if err = addResolveEndpointMiddleware(stack, options); err != nil {
104		return err
105	}
106	if err = v4.AddComputePayloadSHA256Middleware(stack); err != nil {
107		return err
108	}
109	if err = addRetryMiddlewares(stack, options); err != nil {
110		return err
111	}
112	if err = addHTTPSignerV4Middleware(stack, options); err != nil {
113		return err
114	}
115	if err = awsmiddleware.AddRawResponseToMetadata(stack); err != nil {
116		return err
117	}
118	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
119		return err
120	}
121	if err = addClientUserAgent(stack); err != nil {
122		return err
123	}
124	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
125		return err
126	}
127	if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil {
128		return err
129	}
130	if err = addOpPutPolicyValidationMiddleware(stack); err != nil {
131		return err
132	}
133	if err = stack.Initialize.Add(newServiceMetadataMiddleware_opPutPolicy(options.Region), middleware.Before); err != nil {
134		return err
135	}
136	if err = addRequestIDRetrieverMiddleware(stack); err != nil {
137		return err
138	}
139	if err = addResponseErrorMiddleware(stack); err != nil {
140		return err
141	}
142	if err = addRequestResponseLogging(stack, options); err != nil {
143		return err
144	}
145	return nil
146}
147
148func newServiceMetadataMiddleware_opPutPolicy(region string) *awsmiddleware.RegisterServiceMetadata {
149	return &awsmiddleware.RegisterServiceMetadata{
150		Region:        region,
151		ServiceID:     ServiceID,
152		SigningName:   "acm-pca",
153		OperationName: "PutPolicy",
154	}
155}
156