UNPKG

6.27 kBPlain TextView Raw
1import { STSClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes } from "../STSClient";
2import { DecodeAuthorizationMessageRequest, DecodeAuthorizationMessageResponse } from "../models/models_0";
3import {
4 deserializeAws_queryDecodeAuthorizationMessageCommand,
5 serializeAws_queryDecodeAuthorizationMessageCommand,
6} from "../protocols/Aws_query";
7import { getSerdePlugin } from "@aws-sdk/middleware-serde";
8import { getAwsAuthPlugin } from "@aws-sdk/middleware-signing";
9import { HttpRequest as __HttpRequest, HttpResponse as __HttpResponse } from "@aws-sdk/protocol-http";
10import { Command as $Command } from "@aws-sdk/smithy-client";
11import {
12 FinalizeHandlerArguments,
13 Handler,
14 HandlerExecutionContext,
15 MiddlewareStack,
16 HttpHandlerOptions as __HttpHandlerOptions,
17 MetadataBearer as __MetadataBearer,
18 SerdeContext as __SerdeContext,
19} from "@aws-sdk/types";
20
21export interface DecodeAuthorizationMessageCommandInput extends DecodeAuthorizationMessageRequest {}
22export interface DecodeAuthorizationMessageCommandOutput extends DecodeAuthorizationMessageResponse, __MetadataBearer {}
23
24/**
25 * <p>Decodes additional information about the authorization status of a request from an
26 * encoded message returned in response to an Amazon Web Services request.</p>
27 * <p>For example, if a user is not authorized to perform an operation that he or she has
28 * requested, the request returns a <code>Client.UnauthorizedOperation</code> response (an
29 * HTTP 403 response). Some Amazon Web Services operations additionally return an encoded message that can
30 * provide details about this authorization failure. </p>
31 * <note>
32 * <p>Only certain Amazon Web Services operations return an encoded authorization message. The
33 * documentation for an individual operation indicates whether that operation returns an
34 * encoded message in addition to returning an HTTP code.</p>
35 * </note>
36 * <p>The message is encoded because the details of the authorization status can constitute
37 * privileged information that the user who requested the operation should not see. To decode
38 * an authorization status message, a user must be granted permissions via an IAM policy to
39 * request the <code>DecodeAuthorizationMessage</code>
40 * (<code>sts:DecodeAuthorizationMessage</code>) action. </p>
41 * <p>The decoded message includes the following type of information:</p>
42 * <ul>
43 * <li>
44 * <p>Whether the request was denied due to an explicit deny or due to the absence of an
45 * explicit allow. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html#policy-eval-denyallow">Determining Whether a Request is Allowed or Denied</a> in the
46 * <i>IAM User Guide</i>. </p>
47 * </li>
48 * <li>
49 * <p>The principal who made the request.</p>
50 * </li>
51 * <li>
52 * <p>The requested action.</p>
53 * </li>
54 * <li>
55 * <p>The requested resource.</p>
56 * </li>
57 * <li>
58 * <p>The values of condition keys in the context of the user's request.</p>
59 * </li>
60 * </ul>
61 * @example
62 * Use a bare-bones client and the command you need to make an API call.
63 * ```javascript
64 * import { STSClient, DecodeAuthorizationMessageCommand } from "@aws-sdk/client-sts"; // ES Modules import
65 * // const { STSClient, DecodeAuthorizationMessageCommand } = require("@aws-sdk/client-sts"); // CommonJS import
66 * const client = new STSClient(config);
67 * const command = new DecodeAuthorizationMessageCommand(input);
68 * const response = await client.send(command);
69 * ```
70 *
71 * @see {@link DecodeAuthorizationMessageCommandInput} for command's `input` shape.
72 * @see {@link DecodeAuthorizationMessageCommandOutput} for command's `response` shape.
73 * @see {@link STSClientResolvedConfig | config} for command's `input` shape.
74 *
75 */
76export class DecodeAuthorizationMessageCommand extends $Command<
77 DecodeAuthorizationMessageCommandInput,
78 DecodeAuthorizationMessageCommandOutput,
79 STSClientResolvedConfig
80> {
81 // Start section: command_properties
82 // End section: command_properties
83
84 constructor(readonly input: DecodeAuthorizationMessageCommandInput) {
85 // Start section: command_constructor
86 super();
87 // End section: command_constructor
88 }
89
90 /**
91 * @internal
92 */
93 resolveMiddleware(
94 clientStack: MiddlewareStack<ServiceInputTypes, ServiceOutputTypes>,
95 configuration: STSClientResolvedConfig,
96 options?: __HttpHandlerOptions
97 ): Handler<DecodeAuthorizationMessageCommandInput, DecodeAuthorizationMessageCommandOutput> {
98 this.middlewareStack.use(getSerdePlugin(configuration, this.serialize, this.deserialize));
99 this.middlewareStack.use(getAwsAuthPlugin(configuration));
100
101 const stack = clientStack.concat(this.middlewareStack);
102
103 const { logger } = configuration;
104 const clientName = "STSClient";
105 const commandName = "DecodeAuthorizationMessageCommand";
106 const handlerExecutionContext: HandlerExecutionContext = {
107 logger,
108 clientName,
109 commandName,
110 inputFilterSensitiveLog: DecodeAuthorizationMessageRequest.filterSensitiveLog,
111 outputFilterSensitiveLog: DecodeAuthorizationMessageResponse.filterSensitiveLog,
112 };
113 const { requestHandler } = configuration;
114 return stack.resolve(
115 (request: FinalizeHandlerArguments<any>) =>
116 requestHandler.handle(request.request as __HttpRequest, options || {}),
117 handlerExecutionContext
118 );
119 }
120
121 private serialize(input: DecodeAuthorizationMessageCommandInput, context: __SerdeContext): Promise<__HttpRequest> {
122 return serializeAws_queryDecodeAuthorizationMessageCommand(input, context);
123 }
124
125 private deserialize(
126 output: __HttpResponse,
127 context: __SerdeContext
128 ): Promise<DecodeAuthorizationMessageCommandOutput> {
129 return deserializeAws_queryDecodeAuthorizationMessageCommand(output, context);
130 }
131
132 // Start section: command_body_extra
133 // End section: command_body_extra
134}