Gets an empty Access Policy for Cloud Search Domain
doron276 opened this issue · comments
Describe the bug
Hi,
I have two problems:
- I'm trying to fetch an Access Policy of Cloud Search Domain using AWS-SDK-for-Go.
See below code:
accessPolicy, err := client.DescribeServiceAccessPoliciesWithContext(ctx, &cloudsearch.DescribeServiceAccessPoliciesInput{DomainName: domainName})
I get a response without errors but the access policy is empty. For example (see empty value of "Options"):
{
"AccessPolicies": {
"Options": "",
"Status": {
"CreationDate": "2023-11-30T13:08:23.785000+00:00",
"UpdateDate": "2023-11-30T13:21:29.655000+00:00",
"UpdateVersion": 14,
"State": "Active",
"PendingDeletion": false
}
}
}
When I tried to use the same command in the AWS CLI, I got a response with a correct access policy. For Example:
{
"AccessPolicies": {
"Options": "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"*\"},\"Action\":\"cloudsearch:*\"}]}",
"Status": {
"CreationDate": "2023-11-30T13:08:23.785000+00:00",
"UpdateDate": "2023-11-30T13:21:29.655000+00:00",
"UpdateVersion": 14,
"State": "Active",
"PendingDeletion": false
}
}
}
- Is it possible to get the Cloud Search domain tags? Please let me know if there is any way.
Please advise!
Thanks
Expected Behavior
Receive a response that contains the Cloud Search domain's access policy (like the response of CLI).
Current Behavior
I get a response without errors but the access policy is empty. For example (see empty value of "Options"):
{
"AccessPolicies": {
"Options": "",
"Status": {
"CreationDate": "2023-11-30T13:08:23.785000+00:00",
"UpdateDate": "2023-11-30T13:21:29.655000+00:00",
"UpdateVersion": 14,
"State": "Active",
"PendingDeletion": false
}
}
}
Reproduction Steps
Please use the "cloudsearchiface" function: "DescribeServiceAccessPoliciesWithContext" and see if you got a valid response with the access policy domain.
Possible Solution
No response
Additional Information/Context
No response
SDK version used
v1.47.9
Environment details (Version of Go (go version
)? OS name and version, etc.)
go version go1.21.3
Hi @doron276 ,
Is it possible to get the Cloud Search domain tags? Please let me know if there is any way.
I answered this on the second issue you opened here.
I get a response without errors but the access policy is empty. For example (see empty value of "Options"):
{ "AccessPolicies": { "Options": "", "Status": { "CreationDate": "2023-11-30T13:08:23.785000+00:00", "UpdateDate": "2023-11-30T13:21:29.655000+00:00", "UpdateVersion": 14, "State": "Active", "PendingDeletion": false } } }
It's not clear to me how you are seeing this JSON structure using the Go SDK, as the service responds in XML, not JSON:
<DescribeServiceAccessPoliciesResult>
<AccessPolicies>
<Options>{"Version":"2012-10-17","Statement":[{"Effect":"Allow","Principal":{"AWS":"*"},"Action":"cloudsearch:*"}]}</Options>
<Status>
<UpdateDate>2023-12-04T23:29:00.601Z</UpdateDate>
<UpdateVersion>5</UpdateVersion>
<State>Processing</State>
<CreationDate>2023-12-04T23:29:00.601Z</CreationDate>
<PendingDeletion>false</PendingDeletion>
</Status>
</AccessPolicies>
</DescribeServiceAccessPoliciesResult>
<ResponseMetadata>
<RequestId>56240b10-731d-47a7-9887-REDACTED</RequestId>
</ResponseMetadata>
</DescribeServiceAccessPoliciesResponse>
So my code:
package main
import (
"context"
"fmt"
"github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/aws/session"
"github.com/aws/aws-sdk-go/service/cloudsearch"
)
func main() {
sess, err := session.NewSession(&aws.Config{
Region: aws.String("us-east-1"),
LogLevel: aws.LogLevel(aws.LogDebugWithHTTPBody),
})
if err != nil {
panic(err)
}
client := cloudsearch.New(sess)
out, err := client.DescribeServiceAccessPoliciesWithContext(context.Background(), &cloudsearch.DescribeServiceAccessPoliciesInput{
DomainName: aws.String("foo-domain"),
})
if err != nil {
panic(err)
}
fmt.Println(*out.AccessPolicies.Options)
}
results in a correct policy being printed from Options
:
{"Version":"2012-10-17","Statement":[{"Effect":"Allow","Principal":{"AWS":"*"},"Action":"cloudsearch:*"}]}
Thanks,
Ran~
This issue has not received a response in 1 week. If you want to keep this issue open, please just leave a comment below and auto-close will be canceled.
Thanks for the answer @RanVaknin - My mistake.
Thanks for the quick help!
⚠️ COMMENT VISIBILITY WARNING⚠️
Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.