api_op_DecodeAuthorizationMessage.go (5401B)
1 // Code generated by smithy-go-codegen DO NOT EDIT. 2 3 package sts 4 5 import ( 6 "context" 7 awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware" 8 "github.com/aws/aws-sdk-go-v2/aws/signer/v4" 9 "github.com/aws/smithy-go/middleware" 10 smithyhttp "github.com/aws/smithy-go/transport/http" 11 ) 12 13 // Decodes additional information about the authorization status of a request from 14 // an encoded message returned in response to an Amazon Web Services request. For 15 // example, if a user is not authorized to perform an operation that he or she has 16 // requested, the request returns a Client.UnauthorizedOperation response (an HTTP 17 // 403 response). Some Amazon Web Services operations additionally return an 18 // encoded message that can provide details about this authorization failure. Only 19 // certain Amazon Web Services operations return an encoded authorization message. 20 // The documentation for an individual operation indicates whether that operation 21 // returns an encoded message in addition to returning an HTTP code. The message is 22 // encoded because the details of the authorization status can contain privileged 23 // information that the user who requested the operation should not see. To decode 24 // an authorization status message, a user must be granted permissions through an 25 // IAM policy 26 // (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html) to 27 // request the DecodeAuthorizationMessage (sts:DecodeAuthorizationMessage) action. 28 // The decoded message includes the following type of information: 29 // 30 // * Whether the 31 // request was denied due to an explicit deny or due to the absence of an explicit 32 // allow. For more information, see Determining Whether a Request is Allowed or 33 // Denied 34 // (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html#policy-eval-denyallow) 35 // in the IAM User Guide. 36 // 37 // * The principal who made the request. 38 // 39 // * The requested 40 // action. 41 // 42 // * The requested resource. 43 // 44 // * The values of condition keys in the 45 // context of the user's request. 46 func (c *Client) DecodeAuthorizationMessage(ctx context.Context, params *DecodeAuthorizationMessageInput, optFns ...func(*Options)) (*DecodeAuthorizationMessageOutput, error) { 47 if params == nil { 48 params = &DecodeAuthorizationMessageInput{} 49 } 50 51 result, metadata, err := c.invokeOperation(ctx, "DecodeAuthorizationMessage", params, optFns, c.addOperationDecodeAuthorizationMessageMiddlewares) 52 if err != nil { 53 return nil, err 54 } 55 56 out := result.(*DecodeAuthorizationMessageOutput) 57 out.ResultMetadata = metadata 58 return out, nil 59 } 60 61 type DecodeAuthorizationMessageInput struct { 62 63 // The encoded message that was returned with the response. 64 // 65 // This member is required. 66 EncodedMessage *string 67 68 noSmithyDocumentSerde 69 } 70 71 // A document that contains additional information about the authorization status 72 // of a request from an encoded message that is returned in response to an Amazon 73 // Web Services request. 74 type DecodeAuthorizationMessageOutput struct { 75 76 // The API returns a response with the decoded message. 77 DecodedMessage *string 78 79 // Metadata pertaining to the operation's result. 80 ResultMetadata middleware.Metadata 81 82 noSmithyDocumentSerde 83 } 84 85 func (c *Client) addOperationDecodeAuthorizationMessageMiddlewares(stack *middleware.Stack, options Options) (err error) { 86 err = stack.Serialize.Add(&awsAwsquery_serializeOpDecodeAuthorizationMessage{}, middleware.After) 87 if err != nil { 88 return err 89 } 90 err = stack.Deserialize.Add(&awsAwsquery_deserializeOpDecodeAuthorizationMessage{}, middleware.After) 91 if err != nil { 92 return err 93 } 94 if err = addSetLoggerMiddleware(stack, options); err != nil { 95 return err 96 } 97 if err = awsmiddleware.AddClientRequestIDMiddleware(stack); err != nil { 98 return err 99 } 100 if err = smithyhttp.AddComputeContentLengthMiddleware(stack); err != nil { 101 return err 102 } 103 if err = addResolveEndpointMiddleware(stack, options); err != nil { 104 return err 105 } 106 if err = v4.AddComputePayloadSHA256Middleware(stack); err != nil { 107 return err 108 } 109 if err = addRetryMiddlewares(stack, options); err != nil { 110 return err 111 } 112 if err = addHTTPSignerV4Middleware(stack, options); err != nil { 113 return err 114 } 115 if err = awsmiddleware.AddRawResponseToMetadata(stack); err != nil { 116 return err 117 } 118 if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil { 119 return err 120 } 121 if err = addClientUserAgent(stack); err != nil { 122 return err 123 } 124 if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil { 125 return err 126 } 127 if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil { 128 return err 129 } 130 if err = addOpDecodeAuthorizationMessageValidationMiddleware(stack); err != nil { 131 return err 132 } 133 if err = stack.Initialize.Add(newServiceMetadataMiddleware_opDecodeAuthorizationMessage(options.Region), middleware.Before); err != nil { 134 return err 135 } 136 if err = addRequestIDRetrieverMiddleware(stack); err != nil { 137 return err 138 } 139 if err = addResponseErrorMiddleware(stack); err != nil { 140 return err 141 } 142 if err = addRequestResponseLogging(stack, options); err != nil { 143 return err 144 } 145 return nil 146 } 147 148 func newServiceMetadataMiddleware_opDecodeAuthorizationMessage(region string) *awsmiddleware.RegisterServiceMetadata { 149 return &awsmiddleware.RegisterServiceMetadata{ 150 Region: region, 151 ServiceID: ServiceID, 152 SigningName: "sts", 153 OperationName: "DecodeAuthorizationMessage", 154 } 155 }