-
Notifications
You must be signed in to change notification settings - Fork 596
/
api_op_PutResourcePolicy.go
192 lines (173 loc) · 6.74 KB
/
api_op_PutResourcePolicy.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
// Code generated by smithy-go-codegen DO NOT EDIT.
package ssm
import (
"context"
"fmt"
awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
"github.com/aws/smithy-go/middleware"
smithyhttp "github.com/aws/smithy-go/transport/http"
)
// Creates or updates a Systems Manager resource policy. A resource policy helps
// you to define the IAM entity (for example, an Amazon Web Services account) that
// can manage your Systems Manager resources. The following resources support
// Systems Manager resource policies.
//
// - OpsItemGroup - The resource policy for OpsItemGroup enables Amazon Web
// Services accounts to view and interact with OpsCenter operational work items
// (OpsItems).
//
// - Parameter - The resource policy is used to share a parameter with other
// accounts using Resource Access Manager (RAM).
//
// To share a parameter, it must be in the advanced parameter tier. For
//
// information about parameter tiers, see [Managing parameter tiers]. For information about changing an
// existing standard parameter to an advanced parameter, see [Changing a standard parameter to an advanced parameter].
//
// To share a SecureString parameter, it must be encrypted with a customer managed
//
// key, and you must share the key separately through Key Management Service.
// Amazon Web Services managed keys cannot be shared. Parameters encrypted with the
// default Amazon Web Services managed key can be updated to use a customer managed
// key instead. For KMS key definitions, see [KMS concepts]in the Key Management Service
// Developer Guide.
//
// While you can share a parameter using the Systems Manager PutResourcePolicy
//
// operation, we recommend using Resource Access Manager (RAM) instead. This is
// because using PutResourcePolicy requires the extra step of promoting the
// parameter to a standard RAM Resource Share using the RAM [PromoteResourceShareCreatedFromPolicy]API operation.
// Otherwise, the parameter won't be returned by the Systems Manager [DescribeParameters]API
// operation using the --shared option.
//
// For more information, see [Sharing a parameter]in the Amazon Web Services Systems Manager User Guide
//
// [Sharing a parameter]: https://docs.aws.amazon.com/systems-manager/latest/userguide/parameter-store-shared-parameters.html#share
//
// [Managing parameter tiers]: https://docs.aws.amazon.com/systems-manager/latest/userguide/parameter-store-advanced-parameters.html
// [Changing a standard parameter to an advanced parameter]: https://docs.aws.amazon.com/systems-manager/latest/userguide/parameter-store-advanced-parameters.html#parameter-store-advanced-parameters-enabling
// [PromoteResourceShareCreatedFromPolicy]: https://docs.aws.amazon.com/ram/latest/APIReference/API_PromoteResourceShareCreatedFromPolicy.html
// [KMS concepts]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html
// [DescribeParameters]: https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_DescribeParameters.html
func (c *Client) PutResourcePolicy(ctx context.Context, params *PutResourcePolicyInput, optFns ...func(*Options)) (*PutResourcePolicyOutput, error) {
if params == nil {
params = &PutResourcePolicyInput{}
}
result, metadata, err := c.invokeOperation(ctx, "PutResourcePolicy", params, optFns, c.addOperationPutResourcePolicyMiddlewares)
if err != nil {
return nil, err
}
out := result.(*PutResourcePolicyOutput)
out.ResultMetadata = metadata
return out, nil
}
type PutResourcePolicyInput struct {
// A policy you want to associate with a resource.
//
// This member is required.
Policy *string
// Amazon Resource Name (ARN) of the resource to which you want to attach a policy.
//
// This member is required.
ResourceArn *string
// ID of the current policy version. The hash helps to prevent a situation where
// multiple users attempt to overwrite a policy. You must provide this hash when
// updating or deleting a policy.
PolicyHash *string
// The policy ID.
PolicyId *string
noSmithyDocumentSerde
}
type PutResourcePolicyOutput struct {
// ID of the current policy version.
PolicyHash *string
// The policy ID. To update a policy, you must specify PolicyId and PolicyHash .
PolicyId *string
// Metadata pertaining to the operation's result.
ResultMetadata middleware.Metadata
noSmithyDocumentSerde
}
func (c *Client) addOperationPutResourcePolicyMiddlewares(stack *middleware.Stack, options Options) (err error) {
if err := stack.Serialize.Add(&setOperationInputMiddleware{}, middleware.After); err != nil {
return err
}
err = stack.Serialize.Add(&awsAwsjson11_serializeOpPutResourcePolicy{}, middleware.After)
if err != nil {
return err
}
err = stack.Deserialize.Add(&awsAwsjson11_deserializeOpPutResourcePolicy{}, middleware.After)
if err != nil {
return err
}
if err := addProtocolFinalizerMiddlewares(stack, options, "PutResourcePolicy"); err != nil {
return fmt.Errorf("add protocol finalizers: %v", err)
}
if err = addlegacyEndpointContextSetter(stack, options); err != nil {
return err
}
if err = addSetLoggerMiddleware(stack, options); err != nil {
return err
}
if err = addClientRequestID(stack); err != nil {
return err
}
if err = addComputeContentLength(stack); err != nil {
return err
}
if err = addResolveEndpointMiddleware(stack, options); err != nil {
return err
}
if err = addComputePayloadSHA256(stack); err != nil {
return err
}
if err = addRetry(stack, options); err != nil {
return err
}
if err = addRawResponseToMetadata(stack); err != nil {
return err
}
if err = addRecordResponseTiming(stack); err != nil {
return err
}
if err = addClientUserAgent(stack, options); err != nil {
return err
}
if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
return err
}
if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil {
return err
}
if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil {
return err
}
if err = addOpPutResourcePolicyValidationMiddleware(stack); err != nil {
return err
}
if err = stack.Initialize.Add(newServiceMetadataMiddleware_opPutResourcePolicy(options.Region), middleware.Before); err != nil {
return err
}
if err = addRecursionDetection(stack); err != nil {
return err
}
if err = addRequestIDRetrieverMiddleware(stack); err != nil {
return err
}
if err = addResponseErrorMiddleware(stack); err != nil {
return err
}
if err = addRequestResponseLogging(stack, options); err != nil {
return err
}
if err = addDisableHTTPSMiddleware(stack, options); err != nil {
return err
}
return nil
}
func newServiceMetadataMiddleware_opPutResourcePolicy(region string) *awsmiddleware.RegisterServiceMetadata {
return &awsmiddleware.RegisterServiceMetadata{
Region: region,
ServiceID: ServiceID,
OperationName: "PutResourcePolicy",
}
}