api_op_DecodeAuthorizationMessage.go

  1// Code generated by smithy-go-codegen DO NOT EDIT.
  2
  3package sts
  4
  5import (
  6	"context"
  7	"fmt"
  8	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
  9	"github.com/aws/smithy-go/middleware"
 10	smithyhttp "github.com/aws/smithy-go/transport/http"
 11)
 12
 13// Decodes additional information about the authorization status of a request from
 14// an encoded message returned in response to an Amazon Web Services request.
 15//
 16// For example, if a user is not authorized to perform an operation that he or she
 17// has requested, the request returns a Client.UnauthorizedOperation response (an
 18// HTTP 403 response). Some Amazon Web Services operations additionally return an
 19// encoded message that can provide details about this authorization failure.
 20//
 21// Only certain Amazon Web Services operations return an encoded authorization
 22// message. The documentation for an individual operation indicates whether that
 23// operation returns an encoded message in addition to returning an HTTP code.
 24//
 25// The message is encoded because the details of the authorization status can
 26// contain privileged information that the user who requested the operation should
 27// not see. To decode an authorization status message, a user must be granted
 28// permissions through an IAM [policy]to request the DecodeAuthorizationMessage (
 29// sts:DecodeAuthorizationMessage ) action.
 30//
 31// The decoded message includes the following type of information:
 32//
 33//   - Whether the request was denied due to an explicit deny or due to the
 34//     absence of an explicit allow. For more information, see [Determining Whether a Request is Allowed or Denied]in the IAM User
 35//     Guide.
 36//
 37//   - The principal who made the request.
 38//
 39//   - The requested action.
 40//
 41//   - The requested resource.
 42//
 43//   - The values of condition keys in the context of the user's request.
 44//
 45// [Determining Whether a Request is Allowed or Denied]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html#policy-eval-denyallow
 46// [policy]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html
 47func (c *Client) DecodeAuthorizationMessage(ctx context.Context, params *DecodeAuthorizationMessageInput, optFns ...func(*Options)) (*DecodeAuthorizationMessageOutput, error) {
 48	if params == nil {
 49		params = &DecodeAuthorizationMessageInput{}
 50	}
 51
 52	result, metadata, err := c.invokeOperation(ctx, "DecodeAuthorizationMessage", params, optFns, c.addOperationDecodeAuthorizationMessageMiddlewares)
 53	if err != nil {
 54		return nil, err
 55	}
 56
 57	out := result.(*DecodeAuthorizationMessageOutput)
 58	out.ResultMetadata = metadata
 59	return out, nil
 60}
 61
 62type DecodeAuthorizationMessageInput struct {
 63
 64	// The encoded message that was returned with the response.
 65	//
 66	// This member is required.
 67	EncodedMessage *string
 68
 69	noSmithyDocumentSerde
 70}
 71
 72// A document that contains additional information about the authorization status
 73// of a request from an encoded message that is returned in response to an Amazon
 74// Web Services request.
 75type DecodeAuthorizationMessageOutput struct {
 76
 77	// The API returns a response with the decoded message.
 78	DecodedMessage *string
 79
 80	// Metadata pertaining to the operation's result.
 81	ResultMetadata middleware.Metadata
 82
 83	noSmithyDocumentSerde
 84}
 85
 86func (c *Client) addOperationDecodeAuthorizationMessageMiddlewares(stack *middleware.Stack, options Options) (err error) {
 87	if err := stack.Serialize.Add(&setOperationInputMiddleware{}, middleware.After); err != nil {
 88		return err
 89	}
 90	err = stack.Serialize.Add(&awsAwsquery_serializeOpDecodeAuthorizationMessage{}, middleware.After)
 91	if err != nil {
 92		return err
 93	}
 94	err = stack.Deserialize.Add(&awsAwsquery_deserializeOpDecodeAuthorizationMessage{}, middleware.After)
 95	if err != nil {
 96		return err
 97	}
 98	if err := addProtocolFinalizerMiddlewares(stack, options, "DecodeAuthorizationMessage"); err != nil {
 99		return fmt.Errorf("add protocol finalizers: %v", err)
100	}
101
102	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
103		return err
104	}
105	if err = addSetLoggerMiddleware(stack, options); err != nil {
106		return err
107	}
108	if err = addClientRequestID(stack); err != nil {
109		return err
110	}
111	if err = addComputeContentLength(stack); err != nil {
112		return err
113	}
114	if err = addResolveEndpointMiddleware(stack, options); err != nil {
115		return err
116	}
117	if err = addComputePayloadSHA256(stack); err != nil {
118		return err
119	}
120	if err = addRetry(stack, options); err != nil {
121		return err
122	}
123	if err = addRawResponseToMetadata(stack); err != nil {
124		return err
125	}
126	if err = addRecordResponseTiming(stack); err != nil {
127		return err
128	}
129	if err = addClientUserAgent(stack, options); err != nil {
130		return err
131	}
132	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
133		return err
134	}
135	if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil {
136		return err
137	}
138	if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil {
139		return err
140	}
141	if err = addTimeOffsetBuild(stack, c); err != nil {
142		return err
143	}
144	if err = addUserAgentRetryMode(stack, options); err != nil {
145		return err
146	}
147	if err = addOpDecodeAuthorizationMessageValidationMiddleware(stack); err != nil {
148		return err
149	}
150	if err = stack.Initialize.Add(newServiceMetadataMiddleware_opDecodeAuthorizationMessage(options.Region), middleware.Before); err != nil {
151		return err
152	}
153	if err = addRecursionDetection(stack); err != nil {
154		return err
155	}
156	if err = addRequestIDRetrieverMiddleware(stack); err != nil {
157		return err
158	}
159	if err = addResponseErrorMiddleware(stack); err != nil {
160		return err
161	}
162	if err = addRequestResponseLogging(stack, options); err != nil {
163		return err
164	}
165	if err = addDisableHTTPSMiddleware(stack, options); err != nil {
166		return err
167	}
168	return nil
169}
170
171func newServiceMetadataMiddleware_opDecodeAuthorizationMessage(region string) *awsmiddleware.RegisterServiceMetadata {
172	return &awsmiddleware.RegisterServiceMetadata{
173		Region:        region,
174		ServiceID:     ServiceID,
175		OperationName: "DecodeAuthorizationMessage",
176	}
177}