// Code generated by smithy-go-codegen DO NOT EDIT. package s3 import ( "context" awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware" "github.com/aws/aws-sdk-go-v2/aws/signer/v4" internalChecksum "github.com/aws/aws-sdk-go-v2/service/internal/checksum" s3cust "github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations" "github.com/aws/aws-sdk-go-v2/service/s3/types" "github.com/aws/smithy-go/middleware" smithyhttp "github.com/aws/smithy-go/transport/http" ) // Applies an Amazon S3 bucket policy to an Amazon S3 bucket. If you are using an // identity other than the root user of the Amazon Web Services account that owns // the bucket, the calling identity must have the PutBucketPolicy permissions on // the specified bucket and belong to the bucket owner's account in order to use // this operation. If you don't have PutBucketPolicy permissions, Amazon S3 // returns a 403 Access Denied error. If you have the correct permissions, but // you're not using an identity that belongs to the bucket owner's account, Amazon // S3 returns a 405 Method Not Allowed error. To ensure that bucket owners don't // inadvertently lock themselves out of their own buckets, the root principal in a // bucket owner's Amazon Web Services account can perform the GetBucketPolicy , // PutBucketPolicy , and DeleteBucketPolicy API actions, even if their bucket // policy explicitly denies the root principal's access. Bucket owner root // principals can only be blocked from performing these API actions by VPC endpoint // policies and Amazon Web Services Organizations policies. For more information, // see Bucket policy examples (https://docs.aws.amazon.com/AmazonS3/latest/userguide/example-bucket-policies.html) // . The following operations are related to PutBucketPolicy : // - CreateBucket (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucket.html) // - DeleteBucket (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucket.html) func (c *Client) PutBucketPolicy(ctx context.Context, params *PutBucketPolicyInput, optFns ...func(*Options)) (*PutBucketPolicyOutput, error) { if params == nil { params = &PutBucketPolicyInput{} } result, metadata, err := c.invokeOperation(ctx, "PutBucketPolicy", params, optFns, c.addOperationPutBucketPolicyMiddlewares) if err != nil { return nil, err } out := result.(*PutBucketPolicyOutput) out.ResultMetadata = metadata return out, nil } type PutBucketPolicyInput struct { // The name of the bucket. // // This member is required. Bucket *string // The bucket policy as a JSON document. // // This member is required. Policy *string // Indicates the algorithm used to create the checksum for the object when using // the SDK. This header will not provide any additional functionality if not using // the SDK. When sending this header, there must be a corresponding x-amz-checksum // or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with the // HTTP status code 400 Bad Request . For more information, see Checking object // integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) // in the Amazon S3 User Guide. If you provide an individual checksum, Amazon S3 // ignores any provided ChecksumAlgorithm parameter. ChecksumAlgorithm types.ChecksumAlgorithm // Set this parameter to true to confirm that you want to remove your permissions // to change this bucket policy in the future. ConfirmRemoveSelfBucketAccess bool // The MD5 hash of the request body. For requests made using the Amazon Web // Services Command Line Interface (CLI) or Amazon Web Services SDKs, this field is // calculated automatically. ContentMD5 *string // The account ID of the expected bucket owner. If the bucket is owned by a // different account, the request fails with the HTTP status code 403 Forbidden // (access denied). ExpectedBucketOwner *string noSmithyDocumentSerde } type PutBucketPolicyOutput struct { // Metadata pertaining to the operation's result. ResultMetadata middleware.Metadata noSmithyDocumentSerde } func (c *Client) addOperationPutBucketPolicyMiddlewares(stack *middleware.Stack, options Options) (err error) { err = stack.Serialize.Add(&awsRestxml_serializeOpPutBucketPolicy{}, middleware.After) if err != nil { return err } err = stack.Deserialize.Add(&awsRestxml_deserializeOpPutBucketPolicy{}, middleware.After) if err != nil { return err } if err = addSetLoggerMiddleware(stack, options); err != nil { return err } if err = awsmiddleware.AddClientRequestIDMiddleware(stack); err != nil { return err } if err = smithyhttp.AddComputeContentLengthMiddleware(stack); err != nil { return err } if err = addResolveEndpointMiddleware(stack, options); err != nil { return err } if err = v4.AddComputePayloadSHA256Middleware(stack); err != nil { return err } if err = addRetryMiddlewares(stack, options); err != nil { return err } if err = addHTTPSignerV4Middleware(stack, options); err != nil { return err } if err = awsmiddleware.AddRawResponseToMetadata(stack); err != nil { return err } if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil { return err } if err = addClientUserAgent(stack, options); err != nil { return err } if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil { return err } if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil { return err } if err = swapWithCustomHTTPSignerMiddleware(stack, options); err != nil { return err } if err = addOpPutBucketPolicyValidationMiddleware(stack); err != nil { return err } if err = stack.Initialize.Add(newServiceMetadataMiddleware_opPutBucketPolicy(options.Region), middleware.Before); err != nil { return err } if err = addMetadataRetrieverMiddleware(stack); err != nil { return err } if err = awsmiddleware.AddRecursionDetection(stack); err != nil { return err } if err = addPutBucketPolicyInputChecksumMiddlewares(stack, options); err != nil { return err } if err = addPutBucketPolicyUpdateEndpoint(stack, options); err != nil { return err } if err = addResponseErrorMiddleware(stack); err != nil { return err } if err = v4.AddContentSHA256HeaderMiddleware(stack); err != nil { return err } if err = disableAcceptEncodingGzip(stack); err != nil { return err } if err = addRequestResponseLogging(stack, options); err != nil { return err } return nil } func newServiceMetadataMiddleware_opPutBucketPolicy(region string) *awsmiddleware.RegisterServiceMetadata { return &awsmiddleware.RegisterServiceMetadata{ Region: region, ServiceID: ServiceID, SigningName: "s3", OperationName: "PutBucketPolicy", } } // getPutBucketPolicyRequestAlgorithmMember gets the request checksum algorithm // value provided as input. func getPutBucketPolicyRequestAlgorithmMember(input interface{}) (string, bool) { in := input.(*PutBucketPolicyInput) if len(in.ChecksumAlgorithm) == 0 { return "", false } return string(in.ChecksumAlgorithm), true } func addPutBucketPolicyInputChecksumMiddlewares(stack *middleware.Stack, options Options) error { return internalChecksum.AddInputMiddleware(stack, internalChecksum.InputMiddlewareOptions{ GetAlgorithm: getPutBucketPolicyRequestAlgorithmMember, RequireChecksum: true, EnableTrailingChecksum: false, EnableComputeSHA256PayloadHash: true, EnableDecodedContentLengthHeader: true, }) } // getPutBucketPolicyBucketMember returns a pointer to string denoting a provided // bucket member valueand a boolean indicating if the input has a modeled bucket // name, func getPutBucketPolicyBucketMember(input interface{}) (*string, bool) { in := input.(*PutBucketPolicyInput) if in.Bucket == nil { return nil, false } return in.Bucket, true } func addPutBucketPolicyUpdateEndpoint(stack *middleware.Stack, options Options) error { return s3cust.UpdateEndpoint(stack, s3cust.UpdateEndpointOptions{ Accessor: s3cust.UpdateEndpointParameterAccessor{ GetBucketFromInput: getPutBucketPolicyBucketMember, }, UsePathStyle: options.UsePathStyle, UseAccelerate: options.UseAccelerate, SupportsAccelerate: true, TargetS3ObjectLambda: false, EndpointResolver: options.EndpointResolver, EndpointResolverOptions: options.EndpointOptions, UseARNRegion: options.UseARNRegion, DisableMultiRegionAccessPoints: options.DisableMultiRegionAccessPoints, }) }