1// Code generated by smithy-go-codegen DO NOT EDIT. 2 3package acmpca 4 5import ( 6 "context" 7 awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware" 8 "github.com/aws/aws-sdk-go-v2/aws/signer/v4" 9 "github.com/aws/smithy-go/middleware" 10 smithyhttp "github.com/aws/smithy-go/transport/http" 11) 12 13// Attaches a resource-based policy to a private CA. A policy can also be applied 14// by sharing a private CA through AWS Resource Access Manager (RAM). For more 15// information, see Attach a Policy for Cross-Account Access 16// (https://docs.aws.amazon.com/acm-pca/latest/userguide/pca-ram.html). The policy 17// can be displayed with GetPolicy 18// (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_GetPolicy.html) and 19// removed with DeletePolicy 20// (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_DeletePolicy.html). 21// About Policies 22// 23// * A policy grants access on a private CA to an AWS customer 24// account, to AWS Organizations, or to an AWS Organizations unit. Policies are 25// under the control of a CA administrator. For more information, see Using a 26// Resource Based Policy with ACM Private CA 27// (https://docs.aws.amazon.com/acm-pca/latest/userguide/pca-rbp.html). 28// 29// * A policy 30// permits a user of AWS Certificate Manager (ACM) to issue ACM certificates signed 31// by a CA in another account. 32// 33// * For ACM to manage automatic renewal of these 34// certificates, the ACM user must configure a Service Linked Role (SLR). The SLR 35// allows the ACM service to assume the identity of the user, subject to 36// confirmation against the ACM Private CA policy. For more information, see Using 37// a Service Linked Role with ACM 38// (https://docs.aws.amazon.com/acm/latest/userguide/acm-slr.html). 39// 40// * Updates made 41// in AWS Resource Manager (RAM) are reflected in policies. For more information, 42// see Attach a Policy for Cross-Account Access 43// (https://docs.aws.amazon.com/acm-pca/latest/userguide/pca-ram.html). 44func (c *Client) PutPolicy(ctx context.Context, params *PutPolicyInput, optFns ...func(*Options)) (*PutPolicyOutput, error) { 45 if params == nil { 46 params = &PutPolicyInput{} 47 } 48 49 result, metadata, err := c.invokeOperation(ctx, "PutPolicy", params, optFns, addOperationPutPolicyMiddlewares) 50 if err != nil { 51 return nil, err 52 } 53 54 out := result.(*PutPolicyOutput) 55 out.ResultMetadata = metadata 56 return out, nil 57} 58 59type PutPolicyInput struct { 60 61 // The path and file name of a JSON-formatted IAM policy to attach to the specified 62 // private CA resource. If this policy does not contain all required statements or 63 // if it includes any statement that is not allowed, the PutPolicy action returns 64 // an InvalidPolicyException. For information about IAM policy and statement 65 // structure, see Overview of JSON Policies 66 // (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#access_policies-json). 67 // 68 // This member is required. 69 Policy *string 70 71 // The Amazon Resource Number (ARN) of the private CA to associate with the policy. 72 // The ARN of the CA can be found by calling the ListCertificateAuthorities 73 // (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_ListCertificateAuthorities.html) 74 // action. 75 // 76 // This member is required. 77 ResourceArn *string 78} 79 80type PutPolicyOutput struct { 81 // Metadata pertaining to the operation's result. 82 ResultMetadata middleware.Metadata 83} 84 85func addOperationPutPolicyMiddlewares(stack *middleware.Stack, options Options) (err error) { 86 err = stack.Serialize.Add(&awsAwsjson11_serializeOpPutPolicy{}, middleware.After) 87 if err != nil { 88 return err 89 } 90 err = stack.Deserialize.Add(&awsAwsjson11_deserializeOpPutPolicy{}, middleware.After) 91 if err != nil { 92 return err 93 } 94 if err = addSetLoggerMiddleware(stack, options); err != nil { 95 return err 96 } 97 if err = awsmiddleware.AddClientRequestIDMiddleware(stack); err != nil { 98 return err 99 } 100 if err = smithyhttp.AddComputeContentLengthMiddleware(stack); err != nil { 101 return err 102 } 103 if err = addResolveEndpointMiddleware(stack, options); err != nil { 104 return err 105 } 106 if err = v4.AddComputePayloadSHA256Middleware(stack); err != nil { 107 return err 108 } 109 if err = addRetryMiddlewares(stack, options); err != nil { 110 return err 111 } 112 if err = addHTTPSignerV4Middleware(stack, options); err != nil { 113 return err 114 } 115 if err = awsmiddleware.AddRawResponseToMetadata(stack); err != nil { 116 return err 117 } 118 if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil { 119 return err 120 } 121 if err = addClientUserAgent(stack); err != nil { 122 return err 123 } 124 if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil { 125 return err 126 } 127 if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil { 128 return err 129 } 130 if err = addOpPutPolicyValidationMiddleware(stack); err != nil { 131 return err 132 } 133 if err = stack.Initialize.Add(newServiceMetadataMiddleware_opPutPolicy(options.Region), middleware.Before); err != nil { 134 return err 135 } 136 if err = addRequestIDRetrieverMiddleware(stack); err != nil { 137 return err 138 } 139 if err = addResponseErrorMiddleware(stack); err != nil { 140 return err 141 } 142 if err = addRequestResponseLogging(stack, options); err != nil { 143 return err 144 } 145 return nil 146} 147 148func newServiceMetadataMiddleware_opPutPolicy(region string) *awsmiddleware.RegisterServiceMetadata { 149 return &awsmiddleware.RegisterServiceMetadata{ 150 Region: region, 151 ServiceID: ServiceID, 152 SigningName: "acm-pca", 153 OperationName: "PutPolicy", 154 } 155} 156