// Code generated by smithy-go-codegen DO NOT EDIT. package s3control import ( "context" "fmt" awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware" "github.com/aws/aws-sdk-go-v2/aws/signer/v4" s3controlcust "github.com/aws/aws-sdk-go-v2/service/s3control/internal/customizations" smithy "github.com/aws/smithy-go" "github.com/aws/smithy-go/middleware" smithyhttp "github.com/aws/smithy-go/transport/http" "strings" ) // This action gets a bucket policy for an Amazon S3 on Outposts bucket. To get a // policy for an S3 bucket, see GetBucketPolicy (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketPolicy.html) // in the Amazon S3 API Reference. Returns the policy of a specified Outposts // bucket. For more information, see Using Amazon S3 on Outposts (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) // in the Amazon S3 User Guide. If you are using an identity other than the root // user of the Amazon Web Services account that owns the bucket, the calling // identity must have the GetBucketPolicy permissions on the specified bucket and // belong to the bucket owner's account in order to use this action. Only users // from Outposts bucket owner account with the right permissions can perform // actions on an Outposts bucket. If you don't have s3-outposts:GetBucketPolicy // permissions or you're not using an identity that belongs to the bucket owner's // account, Amazon S3 returns a 403 Access Denied error. As a security precaution, // the root user of the Amazon Web Services account that owns a bucket can always // use this action, even if the policy explicitly denies the root user the ability // to perform this action. For more information about bucket policies, see Using // Bucket Policies and User Policies (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-iam-policies.html) // . All Amazon S3 on Outposts REST API requests for this action require an // additional parameter of x-amz-outpost-id to be passed with the request. In // addition, you must use an S3 on Outposts endpoint hostname prefix instead of // s3-control . For an example of the request syntax for Amazon S3 on Outposts that // uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id // derived by using the access point ARN, see the Examples (https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_GetBucketPolicy.html#API_control_GetBucketPolicy_Examples) // section. The following actions are related to GetBucketPolicy : // - GetObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html) // - PutBucketPolicy (https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_PutBucketPolicy.html) // - DeleteBucketPolicy (https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_DeleteBucketPolicy.html) func (c *Client) GetBucketPolicy(ctx context.Context, params *GetBucketPolicyInput, optFns ...func(*Options)) (*GetBucketPolicyOutput, error) { if params == nil { params = &GetBucketPolicyInput{} } result, metadata, err := c.invokeOperation(ctx, "GetBucketPolicy", params, optFns, c.addOperationGetBucketPolicyMiddlewares) if err != nil { return nil, err } out := result.(*GetBucketPolicyOutput) out.ResultMetadata = metadata return out, nil } type GetBucketPolicyInput struct { // The Amazon Web Services account ID of the Outposts bucket. // // This member is required. AccountId *string // Specifies the bucket. For using this parameter with Amazon S3 on Outposts with // the REST API, you must specify the name and the x-amz-outpost-id as well. For // using this parameter with S3 on Outposts with the Amazon Web Services SDK and // CLI, you must specify the ARN of the bucket accessed in the format // arn:aws:s3-outposts:::outpost//bucket/ . For example, to access the bucket // reports through Outpost my-outpost owned by account 123456789012 in Region // us-west-2 , use the URL encoding of // arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/bucket/reports . // The value must be URL encoded. // // This member is required. Bucket *string noSmithyDocumentSerde } type GetBucketPolicyOutput struct { // The policy of the Outposts bucket. Policy *string // Metadata pertaining to the operation's result. ResultMetadata middleware.Metadata noSmithyDocumentSerde } func (c *Client) addOperationGetBucketPolicyMiddlewares(stack *middleware.Stack, options Options) (err error) { err = stack.Serialize.Add(&awsRestxml_serializeOpGetBucketPolicy{}, middleware.After) if err != nil { return err } err = stack.Deserialize.Add(&awsRestxml_deserializeOpGetBucketPolicy{}, middleware.After) if err != nil { return err } if err = addSetLoggerMiddleware(stack, options); err != nil { return err } if err = awsmiddleware.AddClientRequestIDMiddleware(stack); err != nil { return err } if err = smithyhttp.AddComputeContentLengthMiddleware(stack); err != nil { return err } if err = addResolveEndpointMiddleware(stack, options); err != nil { return err } if err = v4.AddComputePayloadSHA256Middleware(stack); err != nil { return err } if err = addRetryMiddlewares(stack, options); err != nil { return err } if err = addHTTPSignerV4Middleware(stack, options); err != nil { return err } if err = awsmiddleware.AddRawResponseToMetadata(stack); err != nil { return err } if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil { return err } if err = addClientUserAgent(stack, options); err != nil { return err } if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil { return err } if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil { return err } if err = addEndpointPrefix_opGetBucketPolicyMiddleware(stack); err != nil { return err } if err = addOpGetBucketPolicyValidationMiddleware(stack); err != nil { return err } if err = stack.Initialize.Add(newServiceMetadataMiddleware_opGetBucketPolicy(options.Region), middleware.Before); err != nil { return err } if err = addMetadataRetrieverMiddleware(stack); err != nil { return err } if err = awsmiddleware.AddRecursionDetection(stack); err != nil { return err } if err = addGetBucketPolicyUpdateEndpoint(stack, options); err != nil { return err } if err = addResponseErrorMiddleware(stack); err != nil { return err } if err = v4.AddContentSHA256HeaderMiddleware(stack); err != nil { return err } if err = addRequestResponseLogging(stack, options); err != nil { return err } return nil } type endpointPrefix_opGetBucketPolicyMiddleware struct { } func (*endpointPrefix_opGetBucketPolicyMiddleware) ID() string { return "EndpointHostPrefix" } func (m *endpointPrefix_opGetBucketPolicyMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) ( out middleware.SerializeOutput, metadata middleware.Metadata, err error, ) { if smithyhttp.GetHostnameImmutable(ctx) || smithyhttp.IsEndpointHostPrefixDisabled(ctx) { return next.HandleSerialize(ctx, in) } req, ok := in.Request.(*smithyhttp.Request) if !ok { return out, metadata, fmt.Errorf("unknown transport type %T", in.Request) } input, ok := in.Parameters.(*GetBucketPolicyInput) if !ok { return out, metadata, fmt.Errorf("unknown input type %T", in.Parameters) } var prefix strings.Builder if input.AccountId == nil { return out, metadata, &smithy.SerializationError{Err: fmt.Errorf("AccountId forms part of the endpoint host and so may not be nil")} } else if !smithyhttp.ValidHostLabel(*input.AccountId) { return out, metadata, &smithy.SerializationError{Err: fmt.Errorf("AccountId forms part of the endpoint host and so must match \"[a-zA-Z0-9-]{1,63}\", but was \"%s\"", *input.AccountId)} } else { prefix.WriteString(*input.AccountId) } prefix.WriteString(".") req.URL.Host = prefix.String() + req.URL.Host return next.HandleSerialize(ctx, in) } func addEndpointPrefix_opGetBucketPolicyMiddleware(stack *middleware.Stack) error { return stack.Serialize.Insert(&endpointPrefix_opGetBucketPolicyMiddleware{}, `OperationSerializer`, middleware.After) } func newServiceMetadataMiddleware_opGetBucketPolicy(region string) *awsmiddleware.RegisterServiceMetadata { return &awsmiddleware.RegisterServiceMetadata{ Region: region, ServiceID: ServiceID, SigningName: "s3", OperationName: "GetBucketPolicy", } } func copyGetBucketPolicyInputForUpdateEndpoint(params interface{}) (interface{}, error) { input, ok := params.(*GetBucketPolicyInput) if !ok { return nil, fmt.Errorf("expect *GetBucketPolicyInput type, got %T", params) } cpy := *input return &cpy, nil } func getGetBucketPolicyARNMember(input interface{}) (*string, bool) { in := input.(*GetBucketPolicyInput) if in.Bucket == nil { return nil, false } return in.Bucket, true } func setGetBucketPolicyARNMember(input interface{}, v string) error { in := input.(*GetBucketPolicyInput) in.Bucket = &v return nil } func backFillGetBucketPolicyAccountID(input interface{}, v string) error { in := input.(*GetBucketPolicyInput) if in.AccountId != nil { if !strings.EqualFold(*in.AccountId, v) { return fmt.Errorf("error backfilling account id") } return nil } in.AccountId = &v return nil } func addGetBucketPolicyUpdateEndpoint(stack *middleware.Stack, options Options) error { return s3controlcust.UpdateEndpoint(stack, s3controlcust.UpdateEndpointOptions{ Accessor: s3controlcust.UpdateEndpointParameterAccessor{GetARNInput: getGetBucketPolicyARNMember, BackfillAccountID: backFillGetBucketPolicyAccountID, GetOutpostIDInput: nopGetOutpostIDFromInput, UpdateARNField: setGetBucketPolicyARNMember, CopyInput: copyGetBucketPolicyInputForUpdateEndpoint, }, EndpointResolver: options.EndpointResolver, EndpointResolverOptions: options.EndpointOptions, UseARNRegion: options.UseARNRegion, }) }