api_op_DecodeAuthorizationMessage.go (7264B)
1 // Code generated by smithy-go-codegen DO NOT EDIT. 2 3 package sts 4 5 import ( 6 "context" 7 "fmt" 8 awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware" 9 "github.com/aws/smithy-go/middleware" 10 smithyhttp "github.com/aws/smithy-go/transport/http" 11 ) 12 13 // Decodes additional information about the authorization status of a request from 14 // an encoded message returned in response to an Amazon Web Services request. 15 // 16 // For example, if a user is not authorized to perform an operation that he or she 17 // has requested, the request returns a Client.UnauthorizedOperation response (an 18 // HTTP 403 response). Some Amazon Web Services operations additionally return an 19 // encoded message that can provide details about this authorization failure. 20 // 21 // Only certain Amazon Web Services operations return an encoded authorization 22 // message. The documentation for an individual operation indicates whether that 23 // operation returns an encoded message in addition to returning an HTTP code. 24 // 25 // The message is encoded because the details of the authorization status can 26 // contain privileged information that the user who requested the operation should 27 // not see. To decode an authorization status message, a user must be granted 28 // permissions through an IAM [policy]to request the DecodeAuthorizationMessage ( 29 // sts:DecodeAuthorizationMessage ) action. 30 // 31 // The decoded message includes the following type of information: 32 // 33 // - Whether the request was denied due to an explicit deny or due to the 34 // absence of an explicit allow. For more information, see [Determining Whether a Request is Allowed or Denied]in the IAM User 35 // Guide. 36 // 37 // - The principal who made the request. 38 // 39 // - The requested action. 40 // 41 // - The requested resource. 42 // 43 // - The values of condition keys in the context of the user's request. 44 // 45 // [Determining Whether a Request is Allowed or Denied]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html#policy-eval-denyallow 46 // [policy]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html 47 func (c *Client) DecodeAuthorizationMessage(ctx context.Context, params *DecodeAuthorizationMessageInput, optFns ...func(*Options)) (*DecodeAuthorizationMessageOutput, error) { 48 if params == nil { 49 params = &DecodeAuthorizationMessageInput{} 50 } 51 52 result, metadata, err := c.invokeOperation(ctx, "DecodeAuthorizationMessage", params, optFns, c.addOperationDecodeAuthorizationMessageMiddlewares) 53 if err != nil { 54 return nil, err 55 } 56 57 out := result.(*DecodeAuthorizationMessageOutput) 58 out.ResultMetadata = metadata 59 return out, nil 60 } 61 62 type DecodeAuthorizationMessageInput struct { 63 64 // The encoded message that was returned with the response. 65 // 66 // This member is required. 67 EncodedMessage *string 68 69 noSmithyDocumentSerde 70 } 71 72 // A document that contains additional information about the authorization status 73 // of a request from an encoded message that is returned in response to an Amazon 74 // Web Services request. 75 type DecodeAuthorizationMessageOutput struct { 76 77 // The API returns a response with the decoded message. 78 DecodedMessage *string 79 80 // Metadata pertaining to the operation's result. 81 ResultMetadata middleware.Metadata 82 83 noSmithyDocumentSerde 84 } 85 86 func (c *Client) addOperationDecodeAuthorizationMessageMiddlewares(stack *middleware.Stack, options Options) (err error) { 87 if err := stack.Serialize.Add(&setOperationInputMiddleware{}, middleware.After); err != nil { 88 return err 89 } 90 err = stack.Serialize.Add(&awsAwsquery_serializeOpDecodeAuthorizationMessage{}, middleware.After) 91 if err != nil { 92 return err 93 } 94 err = stack.Deserialize.Add(&awsAwsquery_deserializeOpDecodeAuthorizationMessage{}, middleware.After) 95 if err != nil { 96 return err 97 } 98 if err := addProtocolFinalizerMiddlewares(stack, options, "DecodeAuthorizationMessage"); err != nil { 99 return fmt.Errorf("add protocol finalizers: %v", err) 100 } 101 102 if err = addlegacyEndpointContextSetter(stack, options); err != nil { 103 return err 104 } 105 if err = addSetLoggerMiddleware(stack, options); err != nil { 106 return err 107 } 108 if err = addClientRequestID(stack); err != nil { 109 return err 110 } 111 if err = addComputeContentLength(stack); err != nil { 112 return err 113 } 114 if err = addResolveEndpointMiddleware(stack, options); err != nil { 115 return err 116 } 117 if err = addComputePayloadSHA256(stack); err != nil { 118 return err 119 } 120 if err = addRetry(stack, options); err != nil { 121 return err 122 } 123 if err = addRawResponseToMetadata(stack); err != nil { 124 return err 125 } 126 if err = addRecordResponseTiming(stack); err != nil { 127 return err 128 } 129 if err = addSpanRetryLoop(stack, options); err != nil { 130 return err 131 } 132 if err = addClientUserAgent(stack, options); err != nil { 133 return err 134 } 135 if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil { 136 return err 137 } 138 if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil { 139 return err 140 } 141 if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { 142 return err 143 } 144 if err = addTimeOffsetBuild(stack, c); err != nil { 145 return err 146 } 147 if err = addUserAgentRetryMode(stack, options); err != nil { 148 return err 149 } 150 if err = addCredentialSource(stack, options); err != nil { 151 return err 152 } 153 if err = addOpDecodeAuthorizationMessageValidationMiddleware(stack); err != nil { 154 return err 155 } 156 if err = stack.Initialize.Add(newServiceMetadataMiddleware_opDecodeAuthorizationMessage(options.Region), middleware.Before); err != nil { 157 return err 158 } 159 if err = addRecursionDetection(stack); err != nil { 160 return err 161 } 162 if err = addRequestIDRetrieverMiddleware(stack); err != nil { 163 return err 164 } 165 if err = addResponseErrorMiddleware(stack); err != nil { 166 return err 167 } 168 if err = addRequestResponseLogging(stack, options); err != nil { 169 return err 170 } 171 if err = addDisableHTTPSMiddleware(stack, options); err != nil { 172 return err 173 } 174 if err = addInterceptBeforeRetryLoop(stack, options); err != nil { 175 return err 176 } 177 if err = addInterceptAttempt(stack, options); err != nil { 178 return err 179 } 180 if err = addInterceptExecution(stack, options); err != nil { 181 return err 182 } 183 if err = addInterceptBeforeSerialization(stack, options); err != nil { 184 return err 185 } 186 if err = addInterceptAfterSerialization(stack, options); err != nil { 187 return err 188 } 189 if err = addInterceptBeforeSigning(stack, options); err != nil { 190 return err 191 } 192 if err = addInterceptAfterSigning(stack, options); err != nil { 193 return err 194 } 195 if err = addInterceptTransmit(stack, options); err != nil { 196 return err 197 } 198 if err = addInterceptBeforeDeserialization(stack, options); err != nil { 199 return err 200 } 201 if err = addInterceptAfterDeserialization(stack, options); err != nil { 202 return err 203 } 204 if err = addSpanInitializeStart(stack); err != nil { 205 return err 206 } 207 if err = addSpanInitializeEnd(stack); err != nil { 208 return err 209 } 210 if err = addSpanBuildRequestStart(stack); err != nil { 211 return err 212 } 213 if err = addSpanBuildRequestEnd(stack); err != nil { 214 return err 215 } 216 return nil 217 } 218 219 func newServiceMetadataMiddleware_opDecodeAuthorizationMessage(region string) *awsmiddleware.RegisterServiceMetadata { 220 return &awsmiddleware.RegisterServiceMetadata{ 221 Region: region, 222 ServiceID: ServiceID, 223 OperationName: "DecodeAuthorizationMessage", 224 } 225 }