aws_sdk_secretsmanager/operation/validate_resource_policy/
builders.rs

1// Code generated by software.amazon.smithy.rust.codegen.smithy-rs. DO NOT EDIT.
2pub use crate::operation::validate_resource_policy::_validate_resource_policy_output::ValidateResourcePolicyOutputBuilder;
3
4pub use crate::operation::validate_resource_policy::_validate_resource_policy_input::ValidateResourcePolicyInputBuilder;
5
6impl crate::operation::validate_resource_policy::builders::ValidateResourcePolicyInputBuilder {
7    /// Sends a request with this input using the given client.
8    pub async fn send_with(
9        self,
10        client: &crate::Client,
11    ) -> ::std::result::Result<
12        crate::operation::validate_resource_policy::ValidateResourcePolicyOutput,
13        ::aws_smithy_runtime_api::client::result::SdkError<
14            crate::operation::validate_resource_policy::ValidateResourcePolicyError,
15            ::aws_smithy_runtime_api::client::orchestrator::HttpResponse,
16        >,
17    > {
18        let mut fluent_builder = client.validate_resource_policy();
19        fluent_builder.inner = self;
20        fluent_builder.send().await
21    }
22}
23/// Fluent builder constructing a request to `ValidateResourcePolicy`.
24///
25/// <p>Validates that a resource policy does not grant a wide range of principals access to your secret. A resource-based policy is optional for secrets.</p>
26/// <p>The API performs three checks when validating the policy:</p>
27/// <ul>
28/// <li>
29/// <p>Sends a call to <a href="https://aws.amazon.com/blogs/security/protect-sensitive-data-in-the-cloud-with-automated-reasoning-zelkova/">Zelkova</a>, an automated reasoning engine, to ensure your resource policy does not allow broad access to your secret, for example policies that use a wildcard for the principal.</p></li>
30/// <li>
31/// <p>Checks for correct syntax in a policy.</p></li>
32/// <li>
33/// <p>Verifies the policy does not lock out a caller.</p></li>
34/// </ul>
35/// <p>Secrets Manager generates a CloudTrail log entry when you call this action. Do not include sensitive information in request parameters because it might be logged. For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html">Logging Secrets Manager events with CloudTrail</a>.</p>
36/// <p><b>Required permissions: </b> <code>secretsmanager:ValidateResourcePolicy</code> and <code>secretsmanager:PutResourcePolicy</code>. For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions"> IAM policy actions for Secrets Manager</a> and <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html">Authentication and access control in Secrets Manager</a>.</p>
37#[derive(::std::clone::Clone, ::std::fmt::Debug)]
38pub struct ValidateResourcePolicyFluentBuilder {
39    handle: ::std::sync::Arc<crate::client::Handle>,
40    inner: crate::operation::validate_resource_policy::builders::ValidateResourcePolicyInputBuilder,
41    config_override: ::std::option::Option<crate::config::Builder>,
42}
43impl
44    crate::client::customize::internal::CustomizableSend<
45        crate::operation::validate_resource_policy::ValidateResourcePolicyOutput,
46        crate::operation::validate_resource_policy::ValidateResourcePolicyError,
47    > for ValidateResourcePolicyFluentBuilder
48{
49    fn send(
50        self,
51        config_override: crate::config::Builder,
52    ) -> crate::client::customize::internal::BoxFuture<
53        crate::client::customize::internal::SendResult<
54            crate::operation::validate_resource_policy::ValidateResourcePolicyOutput,
55            crate::operation::validate_resource_policy::ValidateResourcePolicyError,
56        >,
57    > {
58        ::std::boxed::Box::pin(async move { self.config_override(config_override).send().await })
59    }
60}
61impl ValidateResourcePolicyFluentBuilder {
62    /// Creates a new `ValidateResourcePolicyFluentBuilder`.
63    pub(crate) fn new(handle: ::std::sync::Arc<crate::client::Handle>) -> Self {
64        Self {
65            handle,
66            inner: ::std::default::Default::default(),
67            config_override: ::std::option::Option::None,
68        }
69    }
70    /// Access the ValidateResourcePolicy as a reference.
71    pub fn as_input(&self) -> &crate::operation::validate_resource_policy::builders::ValidateResourcePolicyInputBuilder {
72        &self.inner
73    }
74    /// Sends the request and returns the response.
75    ///
76    /// If an error occurs, an `SdkError` will be returned with additional details that
77    /// can be matched against.
78    ///
79    /// By default, any retryable failures will be retried twice. Retry behavior
80    /// is configurable with the [RetryConfig](aws_smithy_types::retry::RetryConfig), which can be
81    /// set when configuring the client.
82    pub async fn send(
83        self,
84    ) -> ::std::result::Result<
85        crate::operation::validate_resource_policy::ValidateResourcePolicyOutput,
86        ::aws_smithy_runtime_api::client::result::SdkError<
87            crate::operation::validate_resource_policy::ValidateResourcePolicyError,
88            ::aws_smithy_runtime_api::client::orchestrator::HttpResponse,
89        >,
90    > {
91        let input = self
92            .inner
93            .build()
94            .map_err(::aws_smithy_runtime_api::client::result::SdkError::construction_failure)?;
95        let runtime_plugins = crate::operation::validate_resource_policy::ValidateResourcePolicy::operation_runtime_plugins(
96            self.handle.runtime_plugins.clone(),
97            &self.handle.conf,
98            self.config_override,
99        );
100        crate::operation::validate_resource_policy::ValidateResourcePolicy::orchestrate(&runtime_plugins, input).await
101    }
102
103    /// Consumes this builder, creating a customizable operation that can be modified before being sent.
104    pub fn customize(
105        self,
106    ) -> crate::client::customize::CustomizableOperation<
107        crate::operation::validate_resource_policy::ValidateResourcePolicyOutput,
108        crate::operation::validate_resource_policy::ValidateResourcePolicyError,
109        Self,
110    > {
111        crate::client::customize::CustomizableOperation::new(self)
112    }
113    pub(crate) fn config_override(mut self, config_override: impl ::std::convert::Into<crate::config::Builder>) -> Self {
114        self.set_config_override(::std::option::Option::Some(config_override.into()));
115        self
116    }
117
118    pub(crate) fn set_config_override(&mut self, config_override: ::std::option::Option<crate::config::Builder>) -> &mut Self {
119        self.config_override = config_override;
120        self
121    }
122    /// <p>The ARN or name of the secret with the resource-based policy you want to validate.</p>
123    pub fn secret_id(mut self, input: impl ::std::convert::Into<::std::string::String>) -> Self {
124        self.inner = self.inner.secret_id(input.into());
125        self
126    }
127    /// <p>The ARN or name of the secret with the resource-based policy you want to validate.</p>
128    pub fn set_secret_id(mut self, input: ::std::option::Option<::std::string::String>) -> Self {
129        self.inner = self.inner.set_secret_id(input);
130        self
131    }
132    /// <p>The ARN or name of the secret with the resource-based policy you want to validate.</p>
133    pub fn get_secret_id(&self) -> &::std::option::Option<::std::string::String> {
134        self.inner.get_secret_id()
135    }
136    /// <p>A JSON-formatted string that contains an Amazon Web Services resource-based policy. The policy in the string identifies who can access or manage this secret and its versions. For example policies, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access_examples.html">Permissions policy examples</a>.</p>
137    pub fn resource_policy(mut self, input: impl ::std::convert::Into<::std::string::String>) -> Self {
138        self.inner = self.inner.resource_policy(input.into());
139        self
140    }
141    /// <p>A JSON-formatted string that contains an Amazon Web Services resource-based policy. The policy in the string identifies who can access or manage this secret and its versions. For example policies, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access_examples.html">Permissions policy examples</a>.</p>
142    pub fn set_resource_policy(mut self, input: ::std::option::Option<::std::string::String>) -> Self {
143        self.inner = self.inner.set_resource_policy(input);
144        self
145    }
146    /// <p>A JSON-formatted string that contains an Amazon Web Services resource-based policy. The policy in the string identifies who can access or manage this secret and its versions. For example policies, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access_examples.html">Permissions policy examples</a>.</p>
147    pub fn get_resource_policy(&self) -> &::std::option::Option<::std::string::String> {
148        self.inner.get_resource_policy()
149    }
150}