1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100
// Code generated by software.amazon.smithy.rust.codegen.smithy-rs. DO NOT EDIT.
pub use crate::operation::validate_resource_policy::_validate_resource_policy_output::ValidateResourcePolicyOutputBuilder;
pub use crate::operation::validate_resource_policy::_validate_resource_policy_input::ValidateResourcePolicyInputBuilder;
/// Fluent builder constructing a request to `ValidateResourcePolicy`.
///
/// <p>Validates that a resource policy does not grant a wide range of principals access to your secret. A resource-based policy is optional for secrets.</p>
/// <p>The API performs three checks when validating the policy:</p>
/// <ul>
/// <li> <p>Sends a call to <a href="https://aws.amazon.com/blogs/security/protect-sensitive-data-in-the-cloud-with-automated-reasoning-zelkova/">Zelkova</a>, an automated reasoning engine, to ensure your resource policy does not allow broad access to your secret, for example policies that use a wildcard for the principal.</p> </li>
/// <li> <p>Checks for correct syntax in a policy.</p> </li>
/// <li> <p>Verifies the policy does not lock out a caller.</p> </li>
/// </ul>
/// <p>Secrets Manager generates a CloudTrail log entry when you call this action. Do not include sensitive information in request parameters because it might be logged. For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html">Logging Secrets Manager events with CloudTrail</a>.</p>
/// <p> <b>Required permissions: </b> <code>secretsmanager:ValidateResourcePolicy</code>. For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions"> IAM policy actions for Secrets Manager</a> and <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html">Authentication and access control in Secrets Manager</a>. </p>
#[derive(std::clone::Clone, std::fmt::Debug)]
pub struct ValidateResourcePolicyFluentBuilder {
handle: std::sync::Arc<crate::client::Handle>,
inner: crate::operation::validate_resource_policy::builders::ValidateResourcePolicyInputBuilder,
}
impl ValidateResourcePolicyFluentBuilder {
/// Creates a new `ValidateResourcePolicy`.
pub(crate) fn new(handle: std::sync::Arc<crate::client::Handle>) -> Self {
Self {
handle,
inner: Default::default(),
}
}
/// Consume this builder, creating a customizable operation that can be modified before being
/// sent. The operation's inner [http::Request] can be modified as well.
pub async fn customize(
self,
) -> std::result::Result<
crate::client::customize::CustomizableOperation<
crate::operation::validate_resource_policy::ValidateResourcePolicy,
aws_http::retry::AwsResponseRetryClassifier,
>,
aws_smithy_http::result::SdkError<
crate::operation::validate_resource_policy::ValidateResourcePolicyError,
>,
> {
let handle = self.handle.clone();
let operation = self
.inner
.build()
.map_err(aws_smithy_http::result::SdkError::construction_failure)?
.make_operation(&handle.conf)
.await
.map_err(aws_smithy_http::result::SdkError::construction_failure)?;
Ok(crate::client::customize::CustomizableOperation { handle, operation })
}
/// Sends the request and returns the response.
///
/// If an error occurs, an `SdkError` will be returned with additional details that
/// can be matched against.
///
/// By default, any retryable failures will be retried twice. Retry behavior
/// is configurable with the [RetryConfig](aws_smithy_types::retry::RetryConfig), which can be
/// set when configuring the client.
pub async fn send(
self,
) -> std::result::Result<
crate::operation::validate_resource_policy::ValidateResourcePolicyOutput,
aws_smithy_http::result::SdkError<
crate::operation::validate_resource_policy::ValidateResourcePolicyError,
>,
> {
let op = self
.inner
.build()
.map_err(aws_smithy_http::result::SdkError::construction_failure)?
.make_operation(&self.handle.conf)
.await
.map_err(aws_smithy_http::result::SdkError::construction_failure)?;
self.handle.client.call(op).await
}
/// <p>This field is reserved for internal use.</p>
pub fn secret_id(mut self, input: impl Into<std::string::String>) -> Self {
self.inner = self.inner.secret_id(input.into());
self
}
/// <p>This field is reserved for internal use.</p>
pub fn set_secret_id(mut self, input: std::option::Option<std::string::String>) -> Self {
self.inner = self.inner.set_secret_id(input);
self
}
/// <p>A JSON-formatted string that contains an Amazon Web Services resource-based policy. The policy in the string identifies who can access or manage this secret and its versions. For example policies, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access_examples.html">Permissions policy examples</a>.</p>
pub fn resource_policy(mut self, input: impl Into<std::string::String>) -> Self {
self.inner = self.inner.resource_policy(input.into());
self
}
/// <p>A JSON-formatted string that contains an Amazon Web Services resource-based policy. The policy in the string identifies who can access or manage this secret and its versions. For example policies, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access_examples.html">Permissions policy examples</a>.</p>
pub fn set_resource_policy(mut self, input: std::option::Option<std::string::String>) -> Self {
self.inner = self.inner.set_resource_policy(input);
self
}
}