Giters

aws / aws-sdk-go

AWS SDK for the Go programming language.

Home Page:http://aws.amazon.com/sdk-for-go/

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Gets an empty Access Policy for Cloud Search Domain

doron276 opened this issue · comments

commented

Describe the bug

Hi,
I have two problems:

  1. I'm trying to fetch an Access Policy of Cloud Search Domain using AWS-SDK-for-Go.

See below code:

accessPolicy, err := client.DescribeServiceAccessPoliciesWithContext(ctx, &cloudsearch.DescribeServiceAccessPoliciesInput{DomainName: domainName})

I get a response without errors but the access policy is empty. For example (see empty value of "Options"):

{
    "AccessPolicies": {
        "Options": "",
        "Status": {
            "CreationDate": "2023-11-30T13:08:23.785000+00:00",
            "UpdateDate": "2023-11-30T13:21:29.655000+00:00",
            "UpdateVersion": 14,
            "State": "Active",
            "PendingDeletion": false
        }
    }
}

When I tried to use the same command in the AWS CLI, I got a response with a correct access policy. For Example:

{
    "AccessPolicies": {
        "Options": "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"*\"},\"Action\":\"cloudsearch:*\"}]}",
        "Status": {
            "CreationDate": "2023-11-30T13:08:23.785000+00:00",
            "UpdateDate": "2023-11-30T13:21:29.655000+00:00",
            "UpdateVersion": 14,
            "State": "Active",
            "PendingDeletion": false
        }
    }
}
  1. Is it possible to get the Cloud Search domain tags? Please let me know if there is any way.

Please advise!
Thanks

Expected Behavior

Receive a response that contains the Cloud Search domain's access policy (like the response of CLI).

Current Behavior

I get a response without errors but the access policy is empty. For example (see empty value of "Options"):

{
    "AccessPolicies": {
        "Options": "",
        "Status": {
            "CreationDate": "2023-11-30T13:08:23.785000+00:00",
            "UpdateDate": "2023-11-30T13:21:29.655000+00:00",
            "UpdateVersion": 14,
            "State": "Active",
            "PendingDeletion": false
        }
    }
}

Reproduction Steps

Please use the "cloudsearchiface" function: "DescribeServiceAccessPoliciesWithContext" and see if you got a valid response with the access policy domain.

Possible Solution

No response

Additional Information/Context

No response

SDK version used

v1.47.9

Environment details (Version of Go (go version)? OS name and version, etc.)

go version go1.21.3

commented

Hi @doron276 ,

Is it possible to get the Cloud Search domain tags? Please let me know if there is any way.

I answered this on the second issue you opened here.

I get a response without errors but the access policy is empty. For example (see empty value of "Options"):

{
    "AccessPolicies": {
        "Options": "",
        "Status": {
            "CreationDate": "2023-11-30T13:08:23.785000+00:00",
            "UpdateDate": "2023-11-30T13:21:29.655000+00:00",
            "UpdateVersion": 14,
            "State": "Active",
            "PendingDeletion": false
        }
    }
}

It's not clear to me how you are seeing this JSON structure using the Go SDK, as the service responds in XML, not JSON:

  <DescribeServiceAccessPoliciesResult>
    <AccessPolicies>
      <Options>{&quot;Version&quot;:&quot;2012-10-17&quot;,&quot;Statement&quot;:[{&quot;Effect&quot;:&quot;Allow&quot;,&quot;Principal&quot;:{&quot;AWS&quot;:&quot;*&quot;},&quot;Action&quot;:&quot;cloudsearch:*&quot;}]}</Options>
      <Status>
        <UpdateDate>2023-12-04T23:29:00.601Z</UpdateDate>
        <UpdateVersion>5</UpdateVersion>
        <State>Processing</State>
        <CreationDate>2023-12-04T23:29:00.601Z</CreationDate>
        <PendingDeletion>false</PendingDeletion>
      </Status>
    </AccessPolicies>
  </DescribeServiceAccessPoliciesResult>
  <ResponseMetadata>
    <RequestId>56240b10-731d-47a7-9887-REDACTED</RequestId>
  </ResponseMetadata>
</DescribeServiceAccessPoliciesResponse>

So my code:

package main

import (
	"context"
	"fmt"
	"github.com/aws/aws-sdk-go/aws"
	"github.com/aws/aws-sdk-go/aws/session"
	"github.com/aws/aws-sdk-go/service/cloudsearch"
)

func main() {
	sess, err := session.NewSession(&aws.Config{
		Region:   aws.String("us-east-1"),
		LogLevel: aws.LogLevel(aws.LogDebugWithHTTPBody),
	})
	if err != nil {
		panic(err)
	}

	client := cloudsearch.New(sess)

	out, err := client.DescribeServiceAccessPoliciesWithContext(context.Background(), &cloudsearch.DescribeServiceAccessPoliciesInput{
		DomainName: aws.String("foo-domain"),
	})
	if err != nil {
		panic(err)
	}

	fmt.Println(*out.AccessPolicies.Options)

}

results in a correct policy being printed from Options:

{"Version":"2012-10-17","Statement":[{"Effect":"Allow","Principal":{"AWS":"*"},"Action":"cloudsearch:*"}]}

Thanks,
Ran~

commented

This issue has not received a response in 1 week. If you want to keep this issue open, please just leave a comment below and auto-close will be canceled.

commented

Thanks for the answer @RanVaknin - My mistake.
Thanks for the quick help!

commented

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.