api_op_DecodeAuthorizationMessage.go raw

   1  // Code generated by smithy-go-codegen DO NOT EDIT.
   2  
   3  package sts
   4  
   5  import (
   6  	"context"
   7  	"fmt"
   8  	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
   9  	"github.com/aws/smithy-go/middleware"
  10  	smithyhttp "github.com/aws/smithy-go/transport/http"
  11  )
  12  
  13  // Decodes additional information about the authorization status of a request from
  14  // an encoded message returned in response to an Amazon Web Services request.
  15  //
  16  // For example, if a user is not authorized to perform an operation that he or she
  17  // has requested, the request returns a Client.UnauthorizedOperation response (an
  18  // HTTP 403 response). Some Amazon Web Services operations additionally return an
  19  // encoded message that can provide details about this authorization failure.
  20  //
  21  // Only certain Amazon Web Services operations return an encoded authorization
  22  // message. The documentation for an individual operation indicates whether that
  23  // operation returns an encoded message in addition to returning an HTTP code.
  24  //
  25  // The message is encoded because the details of the authorization status can
  26  // contain privileged information that the user who requested the operation should
  27  // not see. To decode an authorization status message, a user must be granted
  28  // permissions through an IAM [policy]to request the DecodeAuthorizationMessage (
  29  // sts:DecodeAuthorizationMessage ) action.
  30  //
  31  // The decoded message includes the following type of information:
  32  //
  33  //   - Whether the request was denied due to an explicit deny or due to the
  34  //     absence of an explicit allow. For more information, see [Determining Whether a Request is Allowed or Denied]in the IAM User
  35  //     Guide.
  36  //
  37  //   - The principal who made the request.
  38  //
  39  //   - The requested action.
  40  //
  41  //   - The requested resource.
  42  //
  43  //   - The values of condition keys in the context of the user's request.
  44  //
  45  // [Determining Whether a Request is Allowed or Denied]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html#policy-eval-denyallow
  46  // [policy]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html
  47  func (c *Client) DecodeAuthorizationMessage(ctx context.Context, params *DecodeAuthorizationMessageInput, optFns ...func(*Options)) (*DecodeAuthorizationMessageOutput, error) {
  48  	if params == nil {
  49  		params = &DecodeAuthorizationMessageInput{}
  50  	}
  51  
  52  	result, metadata, err := c.invokeOperation(ctx, "DecodeAuthorizationMessage", params, optFns, c.addOperationDecodeAuthorizationMessageMiddlewares)
  53  	if err != nil {
  54  		return nil, err
  55  	}
  56  
  57  	out := result.(*DecodeAuthorizationMessageOutput)
  58  	out.ResultMetadata = metadata
  59  	return out, nil
  60  }
  61  
  62  type DecodeAuthorizationMessageInput struct {
  63  
  64  	// The encoded message that was returned with the response.
  65  	//
  66  	// This member is required.
  67  	EncodedMessage *string
  68  
  69  	noSmithyDocumentSerde
  70  }
  71  
  72  // A document that contains additional information about the authorization status
  73  // of a request from an encoded message that is returned in response to an Amazon
  74  // Web Services request.
  75  type DecodeAuthorizationMessageOutput struct {
  76  
  77  	// The API returns a response with the decoded message.
  78  	DecodedMessage *string
  79  
  80  	// Metadata pertaining to the operation's result.
  81  	ResultMetadata middleware.Metadata
  82  
  83  	noSmithyDocumentSerde
  84  }
  85  
  86  func (c *Client) addOperationDecodeAuthorizationMessageMiddlewares(stack *middleware.Stack, options Options) (err error) {
  87  	if err := stack.Serialize.Add(&setOperationInputMiddleware{}, middleware.After); err != nil {
  88  		return err
  89  	}
  90  	err = stack.Serialize.Add(&awsAwsquery_serializeOpDecodeAuthorizationMessage{}, middleware.After)
  91  	if err != nil {
  92  		return err
  93  	}
  94  	err = stack.Deserialize.Add(&awsAwsquery_deserializeOpDecodeAuthorizationMessage{}, middleware.After)
  95  	if err != nil {
  96  		return err
  97  	}
  98  	if err := addProtocolFinalizerMiddlewares(stack, options, "DecodeAuthorizationMessage"); err != nil {
  99  		return fmt.Errorf("add protocol finalizers: %v", err)
 100  	}
 101  
 102  	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
 103  		return err
 104  	}
 105  	if err = addSetLoggerMiddleware(stack, options); err != nil {
 106  		return err
 107  	}
 108  	if err = addClientRequestID(stack); err != nil {
 109  		return err
 110  	}
 111  	if err = addComputeContentLength(stack); err != nil {
 112  		return err
 113  	}
 114  	if err = addResolveEndpointMiddleware(stack, options); err != nil {
 115  		return err
 116  	}
 117  	if err = addComputePayloadSHA256(stack); err != nil {
 118  		return err
 119  	}
 120  	if err = addRetry(stack, options); err != nil {
 121  		return err
 122  	}
 123  	if err = addRawResponseToMetadata(stack); err != nil {
 124  		return err
 125  	}
 126  	if err = addRecordResponseTiming(stack); err != nil {
 127  		return err
 128  	}
 129  	if err = addSpanRetryLoop(stack, options); err != nil {
 130  		return err
 131  	}
 132  	if err = addClientUserAgent(stack, options); err != nil {
 133  		return err
 134  	}
 135  	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
 136  		return err
 137  	}
 138  	if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil {
 139  		return err
 140  	}
 141  	if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil {
 142  		return err
 143  	}
 144  	if err = addTimeOffsetBuild(stack, c); err != nil {
 145  		return err
 146  	}
 147  	if err = addUserAgentRetryMode(stack, options); err != nil {
 148  		return err
 149  	}
 150  	if err = addCredentialSource(stack, options); err != nil {
 151  		return err
 152  	}
 153  	if err = addOpDecodeAuthorizationMessageValidationMiddleware(stack); err != nil {
 154  		return err
 155  	}
 156  	if err = stack.Initialize.Add(newServiceMetadataMiddleware_opDecodeAuthorizationMessage(options.Region), middleware.Before); err != nil {
 157  		return err
 158  	}
 159  	if err = addRecursionDetection(stack); err != nil {
 160  		return err
 161  	}
 162  	if err = addRequestIDRetrieverMiddleware(stack); err != nil {
 163  		return err
 164  	}
 165  	if err = addResponseErrorMiddleware(stack); err != nil {
 166  		return err
 167  	}
 168  	if err = addRequestResponseLogging(stack, options); err != nil {
 169  		return err
 170  	}
 171  	if err = addDisableHTTPSMiddleware(stack, options); err != nil {
 172  		return err
 173  	}
 174  	if err = addInterceptBeforeRetryLoop(stack, options); err != nil {
 175  		return err
 176  	}
 177  	if err = addInterceptAttempt(stack, options); err != nil {
 178  		return err
 179  	}
 180  	if err = addInterceptors(stack, options); err != nil {
 181  		return err
 182  	}
 183  	return nil
 184  }
 185  
 186  func newServiceMetadataMiddleware_opDecodeAuthorizationMessage(region string) *awsmiddleware.RegisterServiceMetadata {
 187  	return &awsmiddleware.RegisterServiceMetadata{
 188  		Region:        region,
 189  		ServiceID:     ServiceID,
 190  		OperationName: "DecodeAuthorizationMessage",
 191  	}
 192  }
 193