1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
|
// Code generated by smithy-go-codegen DO NOT EDIT.
package ram
import (
"context"
"fmt"
awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
"github.com/aws/aws-sdk-go-v2/service/ram/types"
"github.com/aws/smithy-go/middleware"
smithyhttp "github.com/aws/smithy-go/transport/http"
)
// When you attach a resource-based policy to a resource, RAM automatically
// creates a resource share of featureSet = CREATED_FROM_POLICY with a managed
// permission that has the same IAM permissions as the original resource-based
// policy. However, this type of managed permission is visible to only the resource
// share owner, and the associated resource share can't be modified by using RAM.
// This operation creates a separate, fully manageable customer managed permission
// that has the same IAM permissions as the original resource-based policy. You can
// associate this customer managed permission to any resource shares. Before you
// use PromoteResourceShareCreatedFromPolicy , you should first run this operation
// to ensure that you have an appropriate customer managed permission that can be
// associated with the promoted resource share.
// - The original CREATED_FROM_POLICY policy isn't deleted, and resource shares
// using that original policy aren't automatically updated.
// - You can't modify a CREATED_FROM_POLICY resource share so you can't associate
// the new customer managed permission by using ReplacePermsissionAssociations .
// However, if you use PromoteResourceShareCreatedFromPolicy , that operation
// automatically associates the fully manageable customer managed permission to the
// newly promoted STANDARD resource share.
// - After you promote a resource share, if the original CREATED_FROM_POLICY
// managed permission has no other associations to A resource share, then RAM
// automatically deletes it.
func (c *Client) PromotePermissionCreatedFromPolicy(ctx context.Context, params *PromotePermissionCreatedFromPolicyInput, optFns ...func(*Options)) (*PromotePermissionCreatedFromPolicyOutput, error) {
if params == nil {
params = &PromotePermissionCreatedFromPolicyInput{}
}
result, metadata, err := c.invokeOperation(ctx, "PromotePermissionCreatedFromPolicy", params, optFns, c.addOperationPromotePermissionCreatedFromPolicyMiddlewares)
if err != nil {
return nil, err
}
out := result.(*PromotePermissionCreatedFromPolicyOutput)
out.ResultMetadata = metadata
return out, nil
}
type PromotePermissionCreatedFromPolicyInput struct {
// Specifies a name for the promoted customer managed permission.
//
// This member is required.
Name *string
// Specifies the Amazon Resource Name (ARN) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
// of the CREATED_FROM_POLICY permission that you want to promote. You can get
// this Amazon Resource Name (ARN) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
// by calling the ListResourceSharePermissions operation.
//
// This member is required.
PermissionArn *string
// Specifies a unique, case-sensitive identifier that you provide to ensure the
// idempotency of the request. This lets you safely retry the request without
// accidentally performing the same operation a second time. Passing the same value
// to a later call to an operation requires that you also pass the same value for
// all other parameters. We recommend that you use a UUID type of value. (https://wikipedia.org/wiki/Universally_unique_identifier)
// . If you don't provide this value, then Amazon Web Services generates a random
// one for you. If you retry the operation with the same ClientToken , but with
// different parameters, the retry fails with an IdempotentParameterMismatch error.
ClientToken *string
noSmithyDocumentSerde
}
type PromotePermissionCreatedFromPolicyOutput struct {
// The idempotency identifier associated with this request. If you want to repeat
// the same operation in an idempotent manner then you must include this value in
// the clientToken request parameter of that later call. All other parameters must
// also have the same values that you used in the first call.
ClientToken *string
// Information about an RAM permission.
Permission *types.ResourceSharePermissionSummary
// Metadata pertaining to the operation's result.
ResultMetadata middleware.Metadata
noSmithyDocumentSerde
}
func (c *Client) addOperationPromotePermissionCreatedFromPolicyMiddlewares(stack *middleware.Stack, options Options) (err error) {
if err := stack.Serialize.Add(&setOperationInputMiddleware{}, middleware.After); err != nil {
return err
}
err = stack.Serialize.Add(&awsRestjson1_serializeOpPromotePermissionCreatedFromPolicy{}, middleware.After)
if err != nil {
return err
}
err = stack.Deserialize.Add(&awsRestjson1_deserializeOpPromotePermissionCreatedFromPolicy{}, middleware.After)
if err != nil {
return err
}
if err := addProtocolFinalizerMiddlewares(stack, options, "PromotePermissionCreatedFromPolicy"); err != nil {
return fmt.Errorf("add protocol finalizers: %v", err)
}
if err = addlegacyEndpointContextSetter(stack, options); err != nil {
return err
}
if err = addSetLoggerMiddleware(stack, options); err != nil {
return err
}
if err = awsmiddleware.AddClientRequestIDMiddleware(stack); err != nil {
return err
}
if err = smithyhttp.AddComputeContentLengthMiddleware(stack); err != nil {
return err
}
if err = addResolveEndpointMiddleware(stack, options); err != nil {
return err
}
if err = v4.AddComputePayloadSHA256Middleware(stack); err != nil {
return err
}
if err = addRetryMiddlewares(stack, options); err != nil {
return err
}
if err = awsmiddleware.AddRawResponseToMetadata(stack); err != nil {
return err
}
if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
return err
}
if err = addClientUserAgent(stack, options); err != nil {
return err
}
if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
return err
}
if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil {
return err
}
if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil {
return err
}
if err = addOpPromotePermissionCreatedFromPolicyValidationMiddleware(stack); err != nil {
return err
}
if err = stack.Initialize.Add(newServiceMetadataMiddleware_opPromotePermissionCreatedFromPolicy(options.Region), middleware.Before); err != nil {
return err
}
if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
return err
}
if err = addRequestIDRetrieverMiddleware(stack); err != nil {
return err
}
if err = addResponseErrorMiddleware(stack); err != nil {
return err
}
if err = addRequestResponseLogging(stack, options); err != nil {
return err
}
if err = addDisableHTTPSMiddleware(stack, options); err != nil {
return err
}
return nil
}
func newServiceMetadataMiddleware_opPromotePermissionCreatedFromPolicy(region string) *awsmiddleware.RegisterServiceMetadata {
return &awsmiddleware.RegisterServiceMetadata{
Region: region,
ServiceID: ServiceID,
OperationName: "PromotePermissionCreatedFromPolicy",
}
}
|
