1 | import { STSClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes } from "../STSClient";
|
2 | import { DecodeAuthorizationMessageRequest, DecodeAuthorizationMessageResponse } from "../models/models_0";
|
3 | import {
|
4 | deserializeAws_queryDecodeAuthorizationMessageCommand,
|
5 | serializeAws_queryDecodeAuthorizationMessageCommand,
|
6 | } from "../protocols/Aws_query";
|
7 | import { getSerdePlugin } from "@aws-sdk/middleware-serde";
|
8 | import { getAwsAuthPlugin } from "@aws-sdk/middleware-signing";
|
9 | import { HttpRequest as __HttpRequest, HttpResponse as __HttpResponse } from "@aws-sdk/protocol-http";
|
10 | import { Command as $Command } from "@aws-sdk/smithy-client";
|
11 | import {
|
12 | FinalizeHandlerArguments,
|
13 | Handler,
|
14 | HandlerExecutionContext,
|
15 | MiddlewareStack,
|
16 | HttpHandlerOptions as __HttpHandlerOptions,
|
17 | MetadataBearer as __MetadataBearer,
|
18 | SerdeContext as __SerdeContext,
|
19 | } from "@aws-sdk/types";
|
20 |
|
21 | export interface DecodeAuthorizationMessageCommandInput extends DecodeAuthorizationMessageRequest {}
|
22 | export interface DecodeAuthorizationMessageCommandOutput extends DecodeAuthorizationMessageResponse, __MetadataBearer {}
|
23 |
|
24 | /**
|
25 | * <p>Decodes additional information about the authorization status of a request from an
|
26 | * encoded message returned in response to an Amazon Web Services request.</p>
|
27 | * <p>For example, if a user is not authorized to perform an operation that he or she has
|
28 | * requested, the request returns a <code>Client.UnauthorizedOperation</code> response (an
|
29 | * HTTP 403 response). Some Amazon Web Services operations additionally return an encoded message that can
|
30 | * provide details about this authorization failure. </p>
|
31 | * <note>
|
32 | * <p>Only certain Amazon Web Services operations return an encoded authorization message. The
|
33 | * documentation for an individual operation indicates whether that operation returns an
|
34 | * encoded message in addition to returning an HTTP code.</p>
|
35 | * </note>
|
36 | * <p>The message is encoded because the details of the authorization status can constitute
|
37 | * privileged information that the user who requested the operation should not see. To decode
|
38 | * an authorization status message, a user must be granted permissions via an IAM policy to
|
39 | * request the <code>DecodeAuthorizationMessage</code>
|
40 | * (<code>sts:DecodeAuthorizationMessage</code>) action. </p>
|
41 | * <p>The decoded message includes the following type of information:</p>
|
42 | * <ul>
|
43 | * <li>
|
44 | * <p>Whether the request was denied due to an explicit deny or due to the absence of an
|
45 | * explicit allow. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html#policy-eval-denyallow">Determining Whether a Request is Allowed or Denied</a> in the
|
46 | * <i>IAM User Guide</i>. </p>
|
47 | * </li>
|
48 | * <li>
|
49 | * <p>The principal who made the request.</p>
|
50 | * </li>
|
51 | * <li>
|
52 | * <p>The requested action.</p>
|
53 | * </li>
|
54 | * <li>
|
55 | * <p>The requested resource.</p>
|
56 | * </li>
|
57 | * <li>
|
58 | * <p>The values of condition keys in the context of the user's request.</p>
|
59 | * </li>
|
60 | * </ul>
|
61 | * @example
|
62 | * Use a bare-bones client and the command you need to make an API call.
|
63 | * ```javascript
|
64 | * import { STSClient, DecodeAuthorizationMessageCommand } from "@aws-sdk/client-sts"; // ES Modules import
|
65 | * // const { STSClient, DecodeAuthorizationMessageCommand } = require("@aws-sdk/client-sts"); // CommonJS import
|
66 | * const client = new STSClient(config);
|
67 | * const command = new DecodeAuthorizationMessageCommand(input);
|
68 | * const response = await client.send(command);
|
69 | * ```
|
70 | *
|
71 | * @see {@link DecodeAuthorizationMessageCommandInput} for command's `input` shape.
|
72 | * @see {@link DecodeAuthorizationMessageCommandOutput} for command's `response` shape.
|
73 | * @see {@link STSClientResolvedConfig | config} for command's `input` shape.
|
74 | *
|
75 | */
|
76 | export class DecodeAuthorizationMessageCommand extends $Command<
|
77 | DecodeAuthorizationMessageCommandInput,
|
78 | DecodeAuthorizationMessageCommandOutput,
|
79 | STSClientResolvedConfig
|
80 | > {
|
81 | // Start section: command_properties
|
82 | // End section: command_properties
|
83 |
|
84 | constructor(readonly input: DecodeAuthorizationMessageCommandInput) {
|
85 | // Start section: command_constructor
|
86 | super();
|
87 | // End section: command_constructor
|
88 | }
|
89 |
|
90 | /**
|
91 | * @internal
|
92 | */
|
93 | resolveMiddleware(
|
94 | clientStack: MiddlewareStack<ServiceInputTypes, ServiceOutputTypes>,
|
95 | configuration: STSClientResolvedConfig,
|
96 | options?: __HttpHandlerOptions
|
97 | ): Handler<DecodeAuthorizationMessageCommandInput, DecodeAuthorizationMessageCommandOutput> {
|
98 | this.middlewareStack.use(getSerdePlugin(configuration, this.serialize, this.deserialize));
|
99 | this.middlewareStack.use(getAwsAuthPlugin(configuration));
|
100 |
|
101 | const stack = clientStack.concat(this.middlewareStack);
|
102 |
|
103 | const { logger } = configuration;
|
104 | const clientName = "STSClient";
|
105 | const commandName = "DecodeAuthorizationMessageCommand";
|
106 | const handlerExecutionContext: HandlerExecutionContext = {
|
107 | logger,
|
108 | clientName,
|
109 | commandName,
|
110 | inputFilterSensitiveLog: DecodeAuthorizationMessageRequest.filterSensitiveLog,
|
111 | outputFilterSensitiveLog: DecodeAuthorizationMessageResponse.filterSensitiveLog,
|
112 | };
|
113 | const { requestHandler } = configuration;
|
114 | return stack.resolve(
|
115 | (request: FinalizeHandlerArguments<any>) =>
|
116 | requestHandler.handle(request.request as __HttpRequest, options || {}),
|
117 | handlerExecutionContext
|
118 | );
|
119 | }
|
120 |
|
121 | private serialize(input: DecodeAuthorizationMessageCommandInput, context: __SerdeContext): Promise<__HttpRequest> {
|
122 | return serializeAws_queryDecodeAuthorizationMessageCommand(input, context);
|
123 | }
|
124 |
|
125 | private deserialize(
|
126 | output: __HttpResponse,
|
127 | context: __SerdeContext
|
128 | ): Promise<DecodeAuthorizationMessageCommandOutput> {
|
129 | return deserializeAws_queryDecodeAuthorizationMessageCommand(output, context);
|
130 | }
|
131 |
|
132 | // Start section: command_body_extra
|
133 | // End section: command_body_extra
|
134 | }
|