// Code generated by smithy-go-codegen DO NOT EDIT.
package s3
import (
"context"
awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
internalChecksum "github.com/aws/aws-sdk-go-v2/service/internal/checksum"
s3cust "github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations"
"github.com/aws/aws-sdk-go-v2/service/s3/types"
"github.com/aws/smithy-go/middleware"
smithyhttp "github.com/aws/smithy-go/transport/http"
)
// This action uses the encryption subresource to configure default encryption and
// Amazon S3 Bucket Keys for an existing bucket. By default, all buckets have a
// default encryption configuration that uses server-side encryption with Amazon S3
// managed keys (SSE-S3). You can optionally configure default encryption for a
// bucket by using server-side encryption with Key Management Service (KMS) keys
// (SSE-KMS), dual-layer server-side encryption with Amazon Web Services KMS keys
// (DSSE-KMS), or server-side encryption with customer-provided keys (SSE-C). If
// you specify default encryption by using SSE-KMS, you can also configure Amazon
// S3 Bucket Keys. For information about bucket default encryption, see Amazon S3
// bucket default encryption (https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html)
// in the Amazon S3 User Guide. For more information about S3 Bucket Keys, see
// Amazon S3 Bucket Keys (https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-key.html)
// in the Amazon S3 User Guide. This action requires Amazon Web Services Signature
// Version 4. For more information, see Authenticating Requests (Amazon Web
// Services Signature Version 4) (https://docs.aws.amazon.com/AmazonS3/latest/API/sig-v4-authenticating-requests.html)
// . To use this operation, you must have permission to perform the
// s3:PutEncryptionConfiguration action. The bucket owner has this permission by
// default. The bucket owner can grant this permission to others. For more
// information about permissions, see Permissions Related to Bucket Subresource
// Operations (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources)
// and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html)
// in the Amazon S3 User Guide. The following operations are related to
// PutBucketEncryption :
// - GetBucketEncryption (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketEncryption.html)
// - DeleteBucketEncryption (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketEncryption.html)
func (c *Client) PutBucketEncryption(ctx context.Context, params *PutBucketEncryptionInput, optFns ...func(*Options)) (*PutBucketEncryptionOutput, error) {
if params == nil {
params = &PutBucketEncryptionInput{}
}
result, metadata, err := c.invokeOperation(ctx, "PutBucketEncryption", params, optFns, c.addOperationPutBucketEncryptionMiddlewares)
if err != nil {
return nil, err
}
out := result.(*PutBucketEncryptionOutput)
out.ResultMetadata = metadata
return out, nil
}
type PutBucketEncryptionInput struct {
// Specifies default encryption for a bucket using server-side encryption with
// different key options. By default, all buckets have a default encryption
// configuration that uses server-side encryption with Amazon S3 managed keys
// (SSE-S3). You can optionally configure default encryption for a bucket by using
// server-side encryption with an Amazon Web Services KMS key (SSE-KMS) or a
// customer-provided key (SSE-C). For information about the bucket default
// encryption feature, see Amazon S3 Bucket Default Encryption (https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html)
// in the Amazon S3 User Guide.
//
// This member is required.
Bucket *string
// Specifies the default server-side-encryption configuration.
//
// This member is required.
ServerSideEncryptionConfiguration *types.ServerSideEncryptionConfiguration
// Indicates the algorithm used to create the checksum for the object when using
// the SDK. This header will not provide any additional functionality if not using
// the SDK. When sending this header, there must be a corresponding x-amz-checksum
// or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with the
// HTTP status code 400 Bad Request . For more information, see Checking object
// integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html)
// in the Amazon S3 User Guide. If you provide an individual checksum, Amazon S3
// ignores any provided ChecksumAlgorithm parameter.
ChecksumAlgorithm types.ChecksumAlgorithm
// The base64-encoded 128-bit MD5 digest of the server-side encryption
// configuration. For requests made using the Amazon Web Services Command Line
// Interface (CLI) or Amazon Web Services SDKs, this field is calculated
// automatically.
ContentMD5 *string
// The account ID of the expected bucket owner. If the bucket is owned by a
// different account, the request fails with the HTTP status code 403 Forbidden
// (access denied).
ExpectedBucketOwner *string
noSmithyDocumentSerde
}
type PutBucketEncryptionOutput struct {
// Metadata pertaining to the operation's result.
ResultMetadata middleware.Metadata
noSmithyDocumentSerde
}
func (c *Client) addOperationPutBucketEncryptionMiddlewares(stack *middleware.Stack, options Options) (err error) {
err = stack.Serialize.Add(&awsRestxml_serializeOpPutBucketEncryption{}, middleware.After)
if err != nil {
return err
}
err = stack.Deserialize.Add(&awsRestxml_deserializeOpPutBucketEncryption{}, middleware.After)
if err != nil {
return err
}
if err = addSetLoggerMiddleware(stack, options); err != nil {
return err
}
if err = awsmiddleware.AddClientRequestIDMiddleware(stack); err != nil {
return err
}
if err = smithyhttp.AddComputeContentLengthMiddleware(stack); err != nil {
return err
}
if err = addResolveEndpointMiddleware(stack, options); err != nil {
return err
}
if err = v4.AddComputePayloadSHA256Middleware(stack); err != nil {
return err
}
if err = addRetryMiddlewares(stack, options); err != nil {
return err
}
if err = addHTTPSignerV4Middleware(stack, options); err != nil {
return err
}
if err = awsmiddleware.AddRawResponseToMetadata(stack); err != nil {
return err
}
if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
return err
}
if err = addClientUserAgent(stack, options); err != nil {
return err
}
if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
return err
}
if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil {
return err
}
if err = swapWithCustomHTTPSignerMiddleware(stack, options); err != nil {
return err
}
if err = addOpPutBucketEncryptionValidationMiddleware(stack); err != nil {
return err
}
if err = stack.Initialize.Add(newServiceMetadataMiddleware_opPutBucketEncryption(options.Region), middleware.Before); err != nil {
return err
}
if err = addMetadataRetrieverMiddleware(stack); err != nil {
return err
}
if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
return err
}
if err = addPutBucketEncryptionInputChecksumMiddlewares(stack, options); err != nil {
return err
}
if err = addPutBucketEncryptionUpdateEndpoint(stack, options); err != nil {
return err
}
if err = addResponseErrorMiddleware(stack); err != nil {
return err
}
if err = v4.AddContentSHA256HeaderMiddleware(stack); err != nil {
return err
}
if err = disableAcceptEncodingGzip(stack); err != nil {
return err
}
if err = addRequestResponseLogging(stack, options); err != nil {
return err
}
return nil
}
func newServiceMetadataMiddleware_opPutBucketEncryption(region string) *awsmiddleware.RegisterServiceMetadata {
return &awsmiddleware.RegisterServiceMetadata{
Region: region,
ServiceID: ServiceID,
SigningName: "s3",
OperationName: "PutBucketEncryption",
}
}
// getPutBucketEncryptionRequestAlgorithmMember gets the request checksum
// algorithm value provided as input.
func getPutBucketEncryptionRequestAlgorithmMember(input interface{}) (string, bool) {
in := input.(*PutBucketEncryptionInput)
if len(in.ChecksumAlgorithm) == 0 {
return "", false
}
return string(in.ChecksumAlgorithm), true
}
func addPutBucketEncryptionInputChecksumMiddlewares(stack *middleware.Stack, options Options) error {
return internalChecksum.AddInputMiddleware(stack, internalChecksum.InputMiddlewareOptions{
GetAlgorithm: getPutBucketEncryptionRequestAlgorithmMember,
RequireChecksum: true,
EnableTrailingChecksum: false,
EnableComputeSHA256PayloadHash: true,
EnableDecodedContentLengthHeader: true,
})
}
// getPutBucketEncryptionBucketMember returns a pointer to string denoting a
// provided bucket member valueand a boolean indicating if the input has a modeled
// bucket name,
func getPutBucketEncryptionBucketMember(input interface{}) (*string, bool) {
in := input.(*PutBucketEncryptionInput)
if in.Bucket == nil {
return nil, false
}
return in.Bucket, true
}
func addPutBucketEncryptionUpdateEndpoint(stack *middleware.Stack, options Options) error {
return s3cust.UpdateEndpoint(stack, s3cust.UpdateEndpointOptions{
Accessor: s3cust.UpdateEndpointParameterAccessor{
GetBucketFromInput: getPutBucketEncryptionBucketMember,
},
UsePathStyle: options.UsePathStyle,
UseAccelerate: options.UseAccelerate,
SupportsAccelerate: true,
TargetS3ObjectLambda: false,
EndpointResolver: options.EndpointResolver,
EndpointResolverOptions: options.EndpointOptions,
UseARNRegion: options.UseARNRegion,
DisableMultiRegionAccessPoints: options.DisableMultiRegionAccessPoints,
})
}