aws-sdk-ssoadmin 1.0.0 → 1.5.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/aws-sdk-ssoadmin.rb +2 -1
- data/lib/aws-sdk-ssoadmin/client.rb +210 -6
- data/lib/aws-sdk-ssoadmin/client_api.rb +111 -0
- data/lib/aws-sdk-ssoadmin/types.rb +270 -8
- metadata +4 -4
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: e07a29693cb8e03889e5dce716990d04b7ac038dad09bebcb8c902be40d36631
|
4
|
+
data.tar.gz: 8c567ab0105278b17b9ac847e6160d9c3d5d62fdbeb716eeacb0db4a091da315
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 7fa248ad13c651f9b1aa6fe378462b39147fc539006fc918fa3b1b31dd666029bcebdc42ae19cdf3c4ba59b326b49b0597ca40758425b066cb66e99f5afeedb7
|
7
|
+
data.tar.gz: 632241cbb2d94cc4011b7311123dcf9b18c98ee380acd6dc3e5ecef42215f77b4a8da24895598a261a8cc390546576d1ce6264f2d1e8173a330a0b22a39a87ea
|
data/lib/aws-sdk-ssoadmin.rb
CHANGED
@@ -7,6 +7,7 @@
|
|
7
7
|
#
|
8
8
|
# WARNING ABOUT GENERATED CODE
|
9
9
|
|
10
|
+
|
10
11
|
require 'aws-sdk-core'
|
11
12
|
require 'aws-sigv4'
|
12
13
|
|
@@ -47,6 +48,6 @@ require_relative 'aws-sdk-ssoadmin/customizations'
|
|
47
48
|
# @!group service
|
48
49
|
module Aws::SSOAdmin
|
49
50
|
|
50
|
-
GEM_VERSION = '1.
|
51
|
+
GEM_VERSION = '1.5.0'
|
51
52
|
|
52
53
|
end
|
@@ -339,6 +339,13 @@ module Aws::SSOAdmin
|
|
339
339
|
|
340
340
|
# Attaches an IAM managed policy ARN to a permission set.
|
341
341
|
#
|
342
|
+
# <note markdown="1"> If the permission set is already referenced by one or more account
|
343
|
+
# assignments, you will need to call ` ProvisionPermissionSet ` after
|
344
|
+
# this action to apply the corresponding IAM policy updates to all
|
345
|
+
# assigned accounts.
|
346
|
+
#
|
347
|
+
# </note>
|
348
|
+
#
|
342
349
|
# @option params [required, String] :instance_arn
|
343
350
|
# The ARN of the SSO instance under which the operation will be
|
344
351
|
# executed. For more information about ARNs, see [Amazon Resource Names
|
@@ -380,6 +387,16 @@ module Aws::SSOAdmin
|
|
380
387
|
#
|
381
388
|
# </note>
|
382
389
|
#
|
390
|
+
# <note markdown="1"> As part of a successful `CreateAccountAssignment` call, the specified
|
391
|
+
# permission set will automatically be provisioned to the account in the
|
392
|
+
# form of an IAM policy attached to the SSO-created IAM role. If the
|
393
|
+
# permission set is subsequently updated, the corresponding IAM policies
|
394
|
+
# attached to roles in your accounts will not be updated automatically.
|
395
|
+
# In this case, you will need to call ` ProvisionPermissionSet ` to make
|
396
|
+
# these updates.
|
397
|
+
#
|
398
|
+
# </note>
|
399
|
+
#
|
383
400
|
# @option params [required, String] :instance_arn
|
384
401
|
# The ARN of the SSO instance under which the operation will be
|
385
402
|
# executed. For more information about ARNs, see [Amazon Resource Names
|
@@ -388,7 +405,8 @@ module Aws::SSOAdmin
|
|
388
405
|
# *AWS General Reference*.
|
389
406
|
#
|
390
407
|
# @option params [required, String] :target_id
|
391
|
-
#
|
408
|
+
# TargetID is an AWS account identifier, typically a 10-12 digit string
|
409
|
+
# (For example, 123456789012).
|
392
410
|
#
|
393
411
|
# @option params [required, String] :target_type
|
394
412
|
# The entity type for which the assignment will be created.
|
@@ -401,7 +419,11 @@ module Aws::SSOAdmin
|
|
401
419
|
# The entity type for which the assignment will be created.
|
402
420
|
#
|
403
421
|
# @option params [required, String] :principal_id
|
404
|
-
#
|
422
|
+
# An identifier for an object in AWS SSO, such as a user or group.
|
423
|
+
# PrincipalIds are GUIDs (For example,
|
424
|
+
# f81d4fae-7dec-11d0-a765-00a0c91e6bf6). For more information about
|
425
|
+
# PrincipalIds in AWS SSO, see the [AWS SSO Identity Store API
|
426
|
+
# Reference](/singlesignon/latest/IdentityStoreAPIReference/welcome.html).
|
405
427
|
#
|
406
428
|
# @return [Types::CreateAccountAssignmentResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
407
429
|
#
|
@@ -439,8 +461,60 @@ module Aws::SSOAdmin
|
|
439
461
|
req.send_request(options)
|
440
462
|
end
|
441
463
|
|
464
|
+
# Enables the attributes-based access control (ABAC) feature for the
|
465
|
+
# specified AWS SSO instance. You can also specify new attributes to add
|
466
|
+
# to your ABAC configuration during the enabling process. For more
|
467
|
+
# information about ABAC, see [Attribute-Based Access
|
468
|
+
# Control](/singlesignon/latest/userguide/abac.html) in the *AWS SSO
|
469
|
+
# User Guide*.
|
470
|
+
#
|
471
|
+
# @option params [required, String] :instance_arn
|
472
|
+
# The ARN of the SSO instance under which the operation will be
|
473
|
+
# executed.
|
474
|
+
#
|
475
|
+
# @option params [required, Types::InstanceAccessControlAttributeConfiguration] :instance_access_control_attribute_configuration
|
476
|
+
# Specifies the AWS SSO identity store attributes to add to your ABAC
|
477
|
+
# configuration. When using an external identity provider as an identity
|
478
|
+
# source, you can pass attributes through the SAML assertion as an
|
479
|
+
# alternative to configuring attributes from the AWS SSO identity store.
|
480
|
+
# If a SAML assertion passes any of these attributes, AWS SSO will
|
481
|
+
# replace the attribute value with the value from the AWS SSO identity
|
482
|
+
# store.
|
483
|
+
#
|
484
|
+
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
485
|
+
#
|
486
|
+
# @example Request syntax with placeholder values
|
487
|
+
#
|
488
|
+
# resp = client.create_instance_access_control_attribute_configuration({
|
489
|
+
# instance_arn: "InstanceArn", # required
|
490
|
+
# instance_access_control_attribute_configuration: { # required
|
491
|
+
# access_control_attributes: [ # required
|
492
|
+
# {
|
493
|
+
# key: "AccessControlAttributeKey", # required
|
494
|
+
# value: { # required
|
495
|
+
# source: ["AccessControlAttributeValueSource"], # required
|
496
|
+
# },
|
497
|
+
# },
|
498
|
+
# ],
|
499
|
+
# },
|
500
|
+
# })
|
501
|
+
#
|
502
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/CreateInstanceAccessControlAttributeConfiguration AWS API Documentation
|
503
|
+
#
|
504
|
+
# @overload create_instance_access_control_attribute_configuration(params = {})
|
505
|
+
# @param [Hash] params ({})
|
506
|
+
def create_instance_access_control_attribute_configuration(params = {}, options = {})
|
507
|
+
req = build_request(:create_instance_access_control_attribute_configuration, params)
|
508
|
+
req.send_request(options)
|
509
|
+
end
|
510
|
+
|
442
511
|
# Creates a permission set within a specified SSO instance.
|
443
512
|
#
|
513
|
+
# <note markdown="1"> To grant users and groups access to AWS account resources, use `
|
514
|
+
# CreateAccountAssignment `.
|
515
|
+
#
|
516
|
+
# </note>
|
517
|
+
#
|
444
518
|
# @option params [required, String] :name
|
445
519
|
# The name of the PermissionSet.
|
446
520
|
#
|
@@ -514,7 +588,8 @@ module Aws::SSOAdmin
|
|
514
588
|
# *AWS General Reference*.
|
515
589
|
#
|
516
590
|
# @option params [required, String] :target_id
|
517
|
-
#
|
591
|
+
# TargetID is an AWS account identifier, typically a 10-12 digit string
|
592
|
+
# (For example, 123456789012).
|
518
593
|
#
|
519
594
|
# @option params [required, String] :target_type
|
520
595
|
# The entity type for which the assignment will be deleted.
|
@@ -526,7 +601,11 @@ module Aws::SSOAdmin
|
|
526
601
|
# The entity type for which the assignment will be deleted.
|
527
602
|
#
|
528
603
|
# @option params [required, String] :principal_id
|
529
|
-
#
|
604
|
+
# An identifier for an object in AWS SSO, such as a user or group.
|
605
|
+
# PrincipalIds are GUIDs (For example,
|
606
|
+
# f81d4fae-7dec-11d0-a765-00a0c91e6bf6). For more information about
|
607
|
+
# PrincipalIds in AWS SSO, see the [AWS SSO Identity Store API
|
608
|
+
# Reference](/singlesignon/latest/IdentityStoreAPIReference/welcome.html).
|
530
609
|
#
|
531
610
|
# @return [Types::DeleteAccountAssignmentResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
532
611
|
#
|
@@ -594,6 +673,36 @@ module Aws::SSOAdmin
|
|
594
673
|
req.send_request(options)
|
595
674
|
end
|
596
675
|
|
676
|
+
# Disables the attributes-based access control (ABAC) feature for the
|
677
|
+
# specified AWS SSO instance and deletes all of the attribute mappings
|
678
|
+
# that have been configured. Once deleted, any attributes that are
|
679
|
+
# received from an identity source and any custom attributes you have
|
680
|
+
# previously configured will not be passed. For more information about
|
681
|
+
# ABAC, see [Attribute-Based Access
|
682
|
+
# Control](/singlesignon/latest/userguide/abac.html) in the *AWS SSO
|
683
|
+
# User Guide*.
|
684
|
+
#
|
685
|
+
# @option params [required, String] :instance_arn
|
686
|
+
# The ARN of the SSO instance under which the operation will be
|
687
|
+
# executed.
|
688
|
+
#
|
689
|
+
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
690
|
+
#
|
691
|
+
# @example Request syntax with placeholder values
|
692
|
+
#
|
693
|
+
# resp = client.delete_instance_access_control_attribute_configuration({
|
694
|
+
# instance_arn: "InstanceArn", # required
|
695
|
+
# })
|
696
|
+
#
|
697
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/DeleteInstanceAccessControlAttributeConfiguration AWS API Documentation
|
698
|
+
#
|
699
|
+
# @overload delete_instance_access_control_attribute_configuration(params = {})
|
700
|
+
# @param [Hash] params ({})
|
701
|
+
def delete_instance_access_control_attribute_configuration(params = {}, options = {})
|
702
|
+
req = build_request(:delete_instance_access_control_attribute_configuration, params)
|
703
|
+
req.send_request(options)
|
704
|
+
end
|
705
|
+
|
597
706
|
# Deletes the specified permission set.
|
598
707
|
#
|
599
708
|
# @option params [required, String] :instance_arn
|
@@ -712,6 +821,48 @@ module Aws::SSOAdmin
|
|
712
821
|
req.send_request(options)
|
713
822
|
end
|
714
823
|
|
824
|
+
# Returns the list of AWS SSO identity store attributes that have been
|
825
|
+
# configured to work with attributes-based access control (ABAC) for the
|
826
|
+
# specified AWS SSO instance. This will not return attributes configured
|
827
|
+
# and sent by an external identity provider. For more information about
|
828
|
+
# ABAC, see [Attribute-Based Access
|
829
|
+
# Control](/singlesignon/latest/userguide/abac.html) in the *AWS SSO
|
830
|
+
# User Guide*.
|
831
|
+
#
|
832
|
+
# @option params [required, String] :instance_arn
|
833
|
+
# The ARN of the SSO instance under which the operation will be
|
834
|
+
# executed.
|
835
|
+
#
|
836
|
+
# @return [Types::DescribeInstanceAccessControlAttributeConfigurationResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
837
|
+
#
|
838
|
+
# * {Types::DescribeInstanceAccessControlAttributeConfigurationResponse#status #status} => String
|
839
|
+
# * {Types::DescribeInstanceAccessControlAttributeConfigurationResponse#status_reason #status_reason} => String
|
840
|
+
# * {Types::DescribeInstanceAccessControlAttributeConfigurationResponse#instance_access_control_attribute_configuration #instance_access_control_attribute_configuration} => Types::InstanceAccessControlAttributeConfiguration
|
841
|
+
#
|
842
|
+
# @example Request syntax with placeholder values
|
843
|
+
#
|
844
|
+
# resp = client.describe_instance_access_control_attribute_configuration({
|
845
|
+
# instance_arn: "InstanceArn", # required
|
846
|
+
# })
|
847
|
+
#
|
848
|
+
# @example Response structure
|
849
|
+
#
|
850
|
+
# resp.status #=> String, one of "ENABLED", "CREATION_IN_PROGRESS", "CREATION_FAILED"
|
851
|
+
# resp.status_reason #=> String
|
852
|
+
# resp.instance_access_control_attribute_configuration.access_control_attributes #=> Array
|
853
|
+
# resp.instance_access_control_attribute_configuration.access_control_attributes[0].key #=> String
|
854
|
+
# resp.instance_access_control_attribute_configuration.access_control_attributes[0].value.source #=> Array
|
855
|
+
# resp.instance_access_control_attribute_configuration.access_control_attributes[0].value.source[0] #=> String
|
856
|
+
#
|
857
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/DescribeInstanceAccessControlAttributeConfiguration AWS API Documentation
|
858
|
+
#
|
859
|
+
# @overload describe_instance_access_control_attribute_configuration(params = {})
|
860
|
+
# @param [Hash] params ({})
|
861
|
+
def describe_instance_access_control_attribute_configuration(params = {}, options = {})
|
862
|
+
req = build_request(:describe_instance_access_control_attribute_configuration, params)
|
863
|
+
req.send_request(options)
|
864
|
+
end
|
865
|
+
|
715
866
|
# Gets the details of the permission set.
|
716
867
|
#
|
717
868
|
# @option params [required, String] :instance_arn
|
@@ -1399,7 +1550,8 @@ module Aws::SSOAdmin
|
|
1399
1550
|
# The ARN of the permission set.
|
1400
1551
|
#
|
1401
1552
|
# @option params [String] :target_id
|
1402
|
-
#
|
1553
|
+
# TargetID is an AWS account identifier, typically a 10-12 digit string
|
1554
|
+
# (For example, 123456789012).
|
1403
1555
|
#
|
1404
1556
|
# @option params [required, String] :target_type
|
1405
1557
|
# The entity type for which the assignment will be created.
|
@@ -1437,6 +1589,13 @@ module Aws::SSOAdmin
|
|
1437
1589
|
|
1438
1590
|
# Attaches an IAM inline policy to a permission set.
|
1439
1591
|
#
|
1592
|
+
# <note markdown="1"> If the permission set is already referenced by one or more account
|
1593
|
+
# assignments, you will need to call ` ProvisionPermissionSet ` after
|
1594
|
+
# this action to apply the corresponding IAM policy updates to all
|
1595
|
+
# assigned accounts.
|
1596
|
+
#
|
1597
|
+
# </note>
|
1598
|
+
#
|
1440
1599
|
# @option params [required, String] :instance_arn
|
1441
1600
|
# The ARN of the SSO instance under which the operation will be
|
1442
1601
|
# executed. For more information about ARNs, see [Amazon Resource Names
|
@@ -1542,6 +1701,51 @@ module Aws::SSOAdmin
|
|
1542
1701
|
req.send_request(options)
|
1543
1702
|
end
|
1544
1703
|
|
1704
|
+
# Updates the AWS SSO identity store attributes to use with the AWS SSO
|
1705
|
+
# instance for attributes-based access control (ABAC). When using an
|
1706
|
+
# external identity provider as an identity source, you can pass
|
1707
|
+
# attributes through the SAML assertion as an alternative to configuring
|
1708
|
+
# attributes from the AWS SSO identity store. If a SAML assertion passes
|
1709
|
+
# any of these attributes, AWS SSO will replace the attribute value with
|
1710
|
+
# the value from the AWS SSO identity store. For more information about
|
1711
|
+
# ABAC, see [Attribute-Based Access
|
1712
|
+
# Control](/singlesignon/latest/userguide/abac.html) in the *AWS SSO
|
1713
|
+
# User Guide*.
|
1714
|
+
#
|
1715
|
+
# @option params [required, String] :instance_arn
|
1716
|
+
# The ARN of the SSO instance under which the operation will be
|
1717
|
+
# executed.
|
1718
|
+
#
|
1719
|
+
# @option params [required, Types::InstanceAccessControlAttributeConfiguration] :instance_access_control_attribute_configuration
|
1720
|
+
# Updates the attributes for your ABAC configuration.
|
1721
|
+
#
|
1722
|
+
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
1723
|
+
#
|
1724
|
+
# @example Request syntax with placeholder values
|
1725
|
+
#
|
1726
|
+
# resp = client.update_instance_access_control_attribute_configuration({
|
1727
|
+
# instance_arn: "InstanceArn", # required
|
1728
|
+
# instance_access_control_attribute_configuration: { # required
|
1729
|
+
# access_control_attributes: [ # required
|
1730
|
+
# {
|
1731
|
+
# key: "AccessControlAttributeKey", # required
|
1732
|
+
# value: { # required
|
1733
|
+
# source: ["AccessControlAttributeValueSource"], # required
|
1734
|
+
# },
|
1735
|
+
# },
|
1736
|
+
# ],
|
1737
|
+
# },
|
1738
|
+
# })
|
1739
|
+
#
|
1740
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/UpdateInstanceAccessControlAttributeConfiguration AWS API Documentation
|
1741
|
+
#
|
1742
|
+
# @overload update_instance_access_control_attribute_configuration(params = {})
|
1743
|
+
# @param [Hash] params ({})
|
1744
|
+
def update_instance_access_control_attribute_configuration(params = {}, options = {})
|
1745
|
+
req = build_request(:update_instance_access_control_attribute_configuration, params)
|
1746
|
+
req.send_request(options)
|
1747
|
+
end
|
1748
|
+
|
1545
1749
|
# Updates an existing permission set.
|
1546
1750
|
#
|
1547
1751
|
# @option params [required, String] :instance_arn
|
@@ -1599,7 +1803,7 @@ module Aws::SSOAdmin
|
|
1599
1803
|
params: params,
|
1600
1804
|
config: config)
|
1601
1805
|
context[:gem_name] = 'aws-sdk-ssoadmin'
|
1602
|
-
context[:gem_version] = '1.
|
1806
|
+
context[:gem_version] = '1.5.0'
|
1603
1807
|
Seahorse::Client::Request.new(handlers, context)
|
1604
1808
|
end
|
1605
1809
|
|
@@ -13,6 +13,12 @@ module Aws::SSOAdmin
|
|
13
13
|
|
14
14
|
include Seahorse::Model
|
15
15
|
|
16
|
+
AccessControlAttribute = Shapes::StructureShape.new(name: 'AccessControlAttribute')
|
17
|
+
AccessControlAttributeKey = Shapes::StringShape.new(name: 'AccessControlAttributeKey')
|
18
|
+
AccessControlAttributeList = Shapes::ListShape.new(name: 'AccessControlAttributeList')
|
19
|
+
AccessControlAttributeValue = Shapes::StructureShape.new(name: 'AccessControlAttributeValue')
|
20
|
+
AccessControlAttributeValueSource = Shapes::StringShape.new(name: 'AccessControlAttributeValueSource')
|
21
|
+
AccessControlAttributeValueSourceList = Shapes::ListShape.new(name: 'AccessControlAttributeValueSourceList')
|
16
22
|
AccessDeniedException = Shapes::StructureShape.new(name: 'AccessDeniedException')
|
17
23
|
AccessDeniedExceptionMessage = Shapes::StringShape.new(name: 'AccessDeniedExceptionMessage')
|
18
24
|
AccountAssignment = Shapes::StructureShape.new(name: 'AccountAssignment')
|
@@ -30,6 +36,8 @@ module Aws::SSOAdmin
|
|
30
36
|
ConflictExceptionMessage = Shapes::StringShape.new(name: 'ConflictExceptionMessage')
|
31
37
|
CreateAccountAssignmentRequest = Shapes::StructureShape.new(name: 'CreateAccountAssignmentRequest')
|
32
38
|
CreateAccountAssignmentResponse = Shapes::StructureShape.new(name: 'CreateAccountAssignmentResponse')
|
39
|
+
CreateInstanceAccessControlAttributeConfigurationRequest = Shapes::StructureShape.new(name: 'CreateInstanceAccessControlAttributeConfigurationRequest')
|
40
|
+
CreateInstanceAccessControlAttributeConfigurationResponse = Shapes::StructureShape.new(name: 'CreateInstanceAccessControlAttributeConfigurationResponse')
|
33
41
|
CreatePermissionSetRequest = Shapes::StructureShape.new(name: 'CreatePermissionSetRequest')
|
34
42
|
CreatePermissionSetResponse = Shapes::StructureShape.new(name: 'CreatePermissionSetResponse')
|
35
43
|
Date = Shapes::TimestampShape.new(name: 'Date')
|
@@ -37,12 +45,16 @@ module Aws::SSOAdmin
|
|
37
45
|
DeleteAccountAssignmentResponse = Shapes::StructureShape.new(name: 'DeleteAccountAssignmentResponse')
|
38
46
|
DeleteInlinePolicyFromPermissionSetRequest = Shapes::StructureShape.new(name: 'DeleteInlinePolicyFromPermissionSetRequest')
|
39
47
|
DeleteInlinePolicyFromPermissionSetResponse = Shapes::StructureShape.new(name: 'DeleteInlinePolicyFromPermissionSetResponse')
|
48
|
+
DeleteInstanceAccessControlAttributeConfigurationRequest = Shapes::StructureShape.new(name: 'DeleteInstanceAccessControlAttributeConfigurationRequest')
|
49
|
+
DeleteInstanceAccessControlAttributeConfigurationResponse = Shapes::StructureShape.new(name: 'DeleteInstanceAccessControlAttributeConfigurationResponse')
|
40
50
|
DeletePermissionSetRequest = Shapes::StructureShape.new(name: 'DeletePermissionSetRequest')
|
41
51
|
DeletePermissionSetResponse = Shapes::StructureShape.new(name: 'DeletePermissionSetResponse')
|
42
52
|
DescribeAccountAssignmentCreationStatusRequest = Shapes::StructureShape.new(name: 'DescribeAccountAssignmentCreationStatusRequest')
|
43
53
|
DescribeAccountAssignmentCreationStatusResponse = Shapes::StructureShape.new(name: 'DescribeAccountAssignmentCreationStatusResponse')
|
44
54
|
DescribeAccountAssignmentDeletionStatusRequest = Shapes::StructureShape.new(name: 'DescribeAccountAssignmentDeletionStatusRequest')
|
45
55
|
DescribeAccountAssignmentDeletionStatusResponse = Shapes::StructureShape.new(name: 'DescribeAccountAssignmentDeletionStatusResponse')
|
56
|
+
DescribeInstanceAccessControlAttributeConfigurationRequest = Shapes::StructureShape.new(name: 'DescribeInstanceAccessControlAttributeConfigurationRequest')
|
57
|
+
DescribeInstanceAccessControlAttributeConfigurationResponse = Shapes::StructureShape.new(name: 'DescribeInstanceAccessControlAttributeConfigurationResponse')
|
46
58
|
DescribePermissionSetProvisioningStatusRequest = Shapes::StructureShape.new(name: 'DescribePermissionSetProvisioningStatusRequest')
|
47
59
|
DescribePermissionSetProvisioningStatusResponse = Shapes::StructureShape.new(name: 'DescribePermissionSetProvisioningStatusResponse')
|
48
60
|
DescribePermissionSetRequest = Shapes::StructureShape.new(name: 'DescribePermissionSetRequest')
|
@@ -54,6 +66,9 @@ module Aws::SSOAdmin
|
|
54
66
|
GetInlinePolicyForPermissionSetRequest = Shapes::StructureShape.new(name: 'GetInlinePolicyForPermissionSetRequest')
|
55
67
|
GetInlinePolicyForPermissionSetResponse = Shapes::StructureShape.new(name: 'GetInlinePolicyForPermissionSetResponse')
|
56
68
|
Id = Shapes::StringShape.new(name: 'Id')
|
69
|
+
InstanceAccessControlAttributeConfiguration = Shapes::StructureShape.new(name: 'InstanceAccessControlAttributeConfiguration')
|
70
|
+
InstanceAccessControlAttributeConfigurationStatus = Shapes::StringShape.new(name: 'InstanceAccessControlAttributeConfigurationStatus')
|
71
|
+
InstanceAccessControlAttributeConfigurationStatusReason = Shapes::StringShape.new(name: 'InstanceAccessControlAttributeConfigurationStatusReason')
|
57
72
|
InstanceArn = Shapes::StringShape.new(name: 'InstanceArn')
|
58
73
|
InstanceList = Shapes::ListShape.new(name: 'InstanceList')
|
59
74
|
InstanceMetadata = Shapes::StructureShape.new(name: 'InstanceMetadata')
|
@@ -122,11 +137,24 @@ module Aws::SSOAdmin
|
|
122
137
|
UUId = Shapes::StringShape.new(name: 'UUId')
|
123
138
|
UntagResourceRequest = Shapes::StructureShape.new(name: 'UntagResourceRequest')
|
124
139
|
UntagResourceResponse = Shapes::StructureShape.new(name: 'UntagResourceResponse')
|
140
|
+
UpdateInstanceAccessControlAttributeConfigurationRequest = Shapes::StructureShape.new(name: 'UpdateInstanceAccessControlAttributeConfigurationRequest')
|
141
|
+
UpdateInstanceAccessControlAttributeConfigurationResponse = Shapes::StructureShape.new(name: 'UpdateInstanceAccessControlAttributeConfigurationResponse')
|
125
142
|
UpdatePermissionSetRequest = Shapes::StructureShape.new(name: 'UpdatePermissionSetRequest')
|
126
143
|
UpdatePermissionSetResponse = Shapes::StructureShape.new(name: 'UpdatePermissionSetResponse')
|
127
144
|
ValidationException = Shapes::StructureShape.new(name: 'ValidationException')
|
128
145
|
ValidationExceptionMessage = Shapes::StringShape.new(name: 'ValidationExceptionMessage')
|
129
146
|
|
147
|
+
AccessControlAttribute.add_member(:key, Shapes::ShapeRef.new(shape: AccessControlAttributeKey, required: true, location_name: "Key"))
|
148
|
+
AccessControlAttribute.add_member(:value, Shapes::ShapeRef.new(shape: AccessControlAttributeValue, required: true, location_name: "Value"))
|
149
|
+
AccessControlAttribute.struct_class = Types::AccessControlAttribute
|
150
|
+
|
151
|
+
AccessControlAttributeList.member = Shapes::ShapeRef.new(shape: AccessControlAttribute)
|
152
|
+
|
153
|
+
AccessControlAttributeValue.add_member(:source, Shapes::ShapeRef.new(shape: AccessControlAttributeValueSourceList, required: true, location_name: "Source"))
|
154
|
+
AccessControlAttributeValue.struct_class = Types::AccessControlAttributeValue
|
155
|
+
|
156
|
+
AccessControlAttributeValueSourceList.member = Shapes::ShapeRef.new(shape: AccessControlAttributeValueSource)
|
157
|
+
|
130
158
|
AccessDeniedException.add_member(:message, Shapes::ShapeRef.new(shape: AccessDeniedExceptionMessage, location_name: "Message"))
|
131
159
|
AccessDeniedException.struct_class = Types::AccessDeniedException
|
132
160
|
|
@@ -185,6 +213,12 @@ module Aws::SSOAdmin
|
|
185
213
|
CreateAccountAssignmentResponse.add_member(:account_assignment_creation_status, Shapes::ShapeRef.new(shape: AccountAssignmentOperationStatus, location_name: "AccountAssignmentCreationStatus"))
|
186
214
|
CreateAccountAssignmentResponse.struct_class = Types::CreateAccountAssignmentResponse
|
187
215
|
|
216
|
+
CreateInstanceAccessControlAttributeConfigurationRequest.add_member(:instance_arn, Shapes::ShapeRef.new(shape: InstanceArn, required: true, location_name: "InstanceArn"))
|
217
|
+
CreateInstanceAccessControlAttributeConfigurationRequest.add_member(:instance_access_control_attribute_configuration, Shapes::ShapeRef.new(shape: InstanceAccessControlAttributeConfiguration, required: true, location_name: "InstanceAccessControlAttributeConfiguration"))
|
218
|
+
CreateInstanceAccessControlAttributeConfigurationRequest.struct_class = Types::CreateInstanceAccessControlAttributeConfigurationRequest
|
219
|
+
|
220
|
+
CreateInstanceAccessControlAttributeConfigurationResponse.struct_class = Types::CreateInstanceAccessControlAttributeConfigurationResponse
|
221
|
+
|
188
222
|
CreatePermissionSetRequest.add_member(:name, Shapes::ShapeRef.new(shape: PermissionSetName, required: true, location_name: "Name"))
|
189
223
|
CreatePermissionSetRequest.add_member(:description, Shapes::ShapeRef.new(shape: PermissionSetDescription, location_name: "Description"))
|
190
224
|
CreatePermissionSetRequest.add_member(:instance_arn, Shapes::ShapeRef.new(shape: InstanceArn, required: true, location_name: "InstanceArn"))
|
@@ -213,6 +247,11 @@ module Aws::SSOAdmin
|
|
213
247
|
|
214
248
|
DeleteInlinePolicyFromPermissionSetResponse.struct_class = Types::DeleteInlinePolicyFromPermissionSetResponse
|
215
249
|
|
250
|
+
DeleteInstanceAccessControlAttributeConfigurationRequest.add_member(:instance_arn, Shapes::ShapeRef.new(shape: InstanceArn, required: true, location_name: "InstanceArn"))
|
251
|
+
DeleteInstanceAccessControlAttributeConfigurationRequest.struct_class = Types::DeleteInstanceAccessControlAttributeConfigurationRequest
|
252
|
+
|
253
|
+
DeleteInstanceAccessControlAttributeConfigurationResponse.struct_class = Types::DeleteInstanceAccessControlAttributeConfigurationResponse
|
254
|
+
|
216
255
|
DeletePermissionSetRequest.add_member(:instance_arn, Shapes::ShapeRef.new(shape: InstanceArn, required: true, location_name: "InstanceArn"))
|
217
256
|
DeletePermissionSetRequest.add_member(:permission_set_arn, Shapes::ShapeRef.new(shape: PermissionSetArn, required: true, location_name: "PermissionSetArn"))
|
218
257
|
DeletePermissionSetRequest.struct_class = Types::DeletePermissionSetRequest
|
@@ -233,6 +272,14 @@ module Aws::SSOAdmin
|
|
233
272
|
DescribeAccountAssignmentDeletionStatusResponse.add_member(:account_assignment_deletion_status, Shapes::ShapeRef.new(shape: AccountAssignmentOperationStatus, location_name: "AccountAssignmentDeletionStatus"))
|
234
273
|
DescribeAccountAssignmentDeletionStatusResponse.struct_class = Types::DescribeAccountAssignmentDeletionStatusResponse
|
235
274
|
|
275
|
+
DescribeInstanceAccessControlAttributeConfigurationRequest.add_member(:instance_arn, Shapes::ShapeRef.new(shape: InstanceArn, required: true, location_name: "InstanceArn"))
|
276
|
+
DescribeInstanceAccessControlAttributeConfigurationRequest.struct_class = Types::DescribeInstanceAccessControlAttributeConfigurationRequest
|
277
|
+
|
278
|
+
DescribeInstanceAccessControlAttributeConfigurationResponse.add_member(:status, Shapes::ShapeRef.new(shape: InstanceAccessControlAttributeConfigurationStatus, location_name: "Status"))
|
279
|
+
DescribeInstanceAccessControlAttributeConfigurationResponse.add_member(:status_reason, Shapes::ShapeRef.new(shape: InstanceAccessControlAttributeConfigurationStatusReason, location_name: "StatusReason"))
|
280
|
+
DescribeInstanceAccessControlAttributeConfigurationResponse.add_member(:instance_access_control_attribute_configuration, Shapes::ShapeRef.new(shape: InstanceAccessControlAttributeConfiguration, location_name: "InstanceAccessControlAttributeConfiguration"))
|
281
|
+
DescribeInstanceAccessControlAttributeConfigurationResponse.struct_class = Types::DescribeInstanceAccessControlAttributeConfigurationResponse
|
282
|
+
|
236
283
|
DescribePermissionSetProvisioningStatusRequest.add_member(:instance_arn, Shapes::ShapeRef.new(shape: InstanceArn, required: true, location_name: "InstanceArn"))
|
237
284
|
DescribePermissionSetProvisioningStatusRequest.add_member(:provision_permission_set_request_id, Shapes::ShapeRef.new(shape: UUId, required: true, location_name: "ProvisionPermissionSetRequestId"))
|
238
285
|
DescribePermissionSetProvisioningStatusRequest.struct_class = Types::DescribePermissionSetProvisioningStatusRequest
|
@@ -261,6 +308,9 @@ module Aws::SSOAdmin
|
|
261
308
|
GetInlinePolicyForPermissionSetResponse.add_member(:inline_policy, Shapes::ShapeRef.new(shape: PermissionSetPolicyDocument, location_name: "InlinePolicy"))
|
262
309
|
GetInlinePolicyForPermissionSetResponse.struct_class = Types::GetInlinePolicyForPermissionSetResponse
|
263
310
|
|
311
|
+
InstanceAccessControlAttributeConfiguration.add_member(:access_control_attributes, Shapes::ShapeRef.new(shape: AccessControlAttributeList, required: true, location_name: "AccessControlAttributes"))
|
312
|
+
InstanceAccessControlAttributeConfiguration.struct_class = Types::InstanceAccessControlAttributeConfiguration
|
313
|
+
|
264
314
|
InstanceList.member = Shapes::ShapeRef.new(shape: InstanceMetadata)
|
265
315
|
|
266
316
|
InstanceMetadata.add_member(:instance_arn, Shapes::ShapeRef.new(shape: InstanceArn, location_name: "InstanceArn"))
|
@@ -444,6 +494,12 @@ module Aws::SSOAdmin
|
|
444
494
|
|
445
495
|
UntagResourceResponse.struct_class = Types::UntagResourceResponse
|
446
496
|
|
497
|
+
UpdateInstanceAccessControlAttributeConfigurationRequest.add_member(:instance_arn, Shapes::ShapeRef.new(shape: InstanceArn, required: true, location_name: "InstanceArn"))
|
498
|
+
UpdateInstanceAccessControlAttributeConfigurationRequest.add_member(:instance_access_control_attribute_configuration, Shapes::ShapeRef.new(shape: InstanceAccessControlAttributeConfiguration, required: true, location_name: "InstanceAccessControlAttributeConfiguration"))
|
499
|
+
UpdateInstanceAccessControlAttributeConfigurationRequest.struct_class = Types::UpdateInstanceAccessControlAttributeConfigurationRequest
|
500
|
+
|
501
|
+
UpdateInstanceAccessControlAttributeConfigurationResponse.struct_class = Types::UpdateInstanceAccessControlAttributeConfigurationResponse
|
502
|
+
|
447
503
|
UpdatePermissionSetRequest.add_member(:instance_arn, Shapes::ShapeRef.new(shape: InstanceArn, required: true, location_name: "InstanceArn"))
|
448
504
|
UpdatePermissionSetRequest.add_member(:permission_set_arn, Shapes::ShapeRef.new(shape: PermissionSetArn, required: true, location_name: "PermissionSetArn"))
|
449
505
|
UpdatePermissionSetRequest.add_member(:description, Shapes::ShapeRef.new(shape: PermissionSetDescription, location_name: "Description"))
|
@@ -506,6 +562,20 @@ module Aws::SSOAdmin
|
|
506
562
|
o.errors << Shapes::ShapeRef.new(shape: ConflictException)
|
507
563
|
end)
|
508
564
|
|
565
|
+
api.add_operation(:create_instance_access_control_attribute_configuration, Seahorse::Model::Operation.new.tap do |o|
|
566
|
+
o.name = "CreateInstanceAccessControlAttributeConfiguration"
|
567
|
+
o.http_method = "POST"
|
568
|
+
o.http_request_uri = "/"
|
569
|
+
o.input = Shapes::ShapeRef.new(shape: CreateInstanceAccessControlAttributeConfigurationRequest)
|
570
|
+
o.output = Shapes::ShapeRef.new(shape: CreateInstanceAccessControlAttributeConfigurationResponse)
|
571
|
+
o.errors << Shapes::ShapeRef.new(shape: InternalServerException)
|
572
|
+
o.errors << Shapes::ShapeRef.new(shape: AccessDeniedException)
|
573
|
+
o.errors << Shapes::ShapeRef.new(shape: ThrottlingException)
|
574
|
+
o.errors << Shapes::ShapeRef.new(shape: ValidationException)
|
575
|
+
o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
|
576
|
+
o.errors << Shapes::ShapeRef.new(shape: ConflictException)
|
577
|
+
end)
|
578
|
+
|
509
579
|
api.add_operation(:create_permission_set, Seahorse::Model::Operation.new.tap do |o|
|
510
580
|
o.name = "CreatePermissionSet"
|
511
581
|
o.http_method = "POST"
|
@@ -549,6 +619,20 @@ module Aws::SSOAdmin
|
|
549
619
|
o.errors << Shapes::ShapeRef.new(shape: ConflictException)
|
550
620
|
end)
|
551
621
|
|
622
|
+
api.add_operation(:delete_instance_access_control_attribute_configuration, Seahorse::Model::Operation.new.tap do |o|
|
623
|
+
o.name = "DeleteInstanceAccessControlAttributeConfiguration"
|
624
|
+
o.http_method = "POST"
|
625
|
+
o.http_request_uri = "/"
|
626
|
+
o.input = Shapes::ShapeRef.new(shape: DeleteInstanceAccessControlAttributeConfigurationRequest)
|
627
|
+
o.output = Shapes::ShapeRef.new(shape: DeleteInstanceAccessControlAttributeConfigurationResponse)
|
628
|
+
o.errors << Shapes::ShapeRef.new(shape: InternalServerException)
|
629
|
+
o.errors << Shapes::ShapeRef.new(shape: AccessDeniedException)
|
630
|
+
o.errors << Shapes::ShapeRef.new(shape: ThrottlingException)
|
631
|
+
o.errors << Shapes::ShapeRef.new(shape: ValidationException)
|
632
|
+
o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
|
633
|
+
o.errors << Shapes::ShapeRef.new(shape: ConflictException)
|
634
|
+
end)
|
635
|
+
|
552
636
|
api.add_operation(:delete_permission_set, Seahorse::Model::Operation.new.tap do |o|
|
553
637
|
o.name = "DeletePermissionSet"
|
554
638
|
o.http_method = "POST"
|
@@ -589,6 +673,19 @@ module Aws::SSOAdmin
|
|
589
673
|
o.errors << Shapes::ShapeRef.new(shape: AccessDeniedException)
|
590
674
|
end)
|
591
675
|
|
676
|
+
api.add_operation(:describe_instance_access_control_attribute_configuration, Seahorse::Model::Operation.new.tap do |o|
|
677
|
+
o.name = "DescribeInstanceAccessControlAttributeConfiguration"
|
678
|
+
o.http_method = "POST"
|
679
|
+
o.http_request_uri = "/"
|
680
|
+
o.input = Shapes::ShapeRef.new(shape: DescribeInstanceAccessControlAttributeConfigurationRequest)
|
681
|
+
o.output = Shapes::ShapeRef.new(shape: DescribeInstanceAccessControlAttributeConfigurationResponse)
|
682
|
+
o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
|
683
|
+
o.errors << Shapes::ShapeRef.new(shape: InternalServerException)
|
684
|
+
o.errors << Shapes::ShapeRef.new(shape: AccessDeniedException)
|
685
|
+
o.errors << Shapes::ShapeRef.new(shape: ThrottlingException)
|
686
|
+
o.errors << Shapes::ShapeRef.new(shape: ValidationException)
|
687
|
+
end)
|
688
|
+
|
592
689
|
api.add_operation(:describe_permission_set, Seahorse::Model::Operation.new.tap do |o|
|
593
690
|
o.name = "DescribePermissionSet"
|
594
691
|
o.http_method = "POST"
|
@@ -888,6 +985,20 @@ module Aws::SSOAdmin
|
|
888
985
|
o.errors << Shapes::ShapeRef.new(shape: ConflictException)
|
889
986
|
end)
|
890
987
|
|
988
|
+
api.add_operation(:update_instance_access_control_attribute_configuration, Seahorse::Model::Operation.new.tap do |o|
|
989
|
+
o.name = "UpdateInstanceAccessControlAttributeConfiguration"
|
990
|
+
o.http_method = "POST"
|
991
|
+
o.http_request_uri = "/"
|
992
|
+
o.input = Shapes::ShapeRef.new(shape: UpdateInstanceAccessControlAttributeConfigurationRequest)
|
993
|
+
o.output = Shapes::ShapeRef.new(shape: UpdateInstanceAccessControlAttributeConfigurationResponse)
|
994
|
+
o.errors << Shapes::ShapeRef.new(shape: InternalServerException)
|
995
|
+
o.errors << Shapes::ShapeRef.new(shape: AccessDeniedException)
|
996
|
+
o.errors << Shapes::ShapeRef.new(shape: ThrottlingException)
|
997
|
+
o.errors << Shapes::ShapeRef.new(shape: ValidationException)
|
998
|
+
o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
|
999
|
+
o.errors << Shapes::ShapeRef.new(shape: ConflictException)
|
1000
|
+
end)
|
1001
|
+
|
891
1002
|
api.add_operation(:update_permission_set, Seahorse::Model::Operation.new.tap do |o|
|
892
1003
|
o.name = "UpdatePermissionSet"
|
893
1004
|
o.http_method = "POST"
|
@@ -10,6 +10,66 @@
|
|
10
10
|
module Aws::SSOAdmin
|
11
11
|
module Types
|
12
12
|
|
13
|
+
# These are AWS SSO identity store attributes that you can configure for
|
14
|
+
# use in attributes-based access control (ABAC). You can create
|
15
|
+
# permission policies that determine who can access your AWS resources
|
16
|
+
# based upon the configured attribute value(s). When you enable ABAC and
|
17
|
+
# specify AccessControlAttributes, AWS SSO passes the attribute(s) value
|
18
|
+
# of the authenticated user into IAM for use in policy evaluation.
|
19
|
+
#
|
20
|
+
# @note When making an API call, you may pass AccessControlAttribute
|
21
|
+
# data as a hash:
|
22
|
+
#
|
23
|
+
# {
|
24
|
+
# key: "AccessControlAttributeKey", # required
|
25
|
+
# value: { # required
|
26
|
+
# source: ["AccessControlAttributeValueSource"], # required
|
27
|
+
# },
|
28
|
+
# }
|
29
|
+
#
|
30
|
+
# @!attribute [rw] key
|
31
|
+
# The name of the attribute associated with your identities in your
|
32
|
+
# identity source. This is used to map a specified attribute in your
|
33
|
+
# identity source with an attribute in AWS SSO.
|
34
|
+
# @return [String]
|
35
|
+
#
|
36
|
+
# @!attribute [rw] value
|
37
|
+
# The value used for mapping a specified attribute to an identity
|
38
|
+
# source.
|
39
|
+
# @return [Types::AccessControlAttributeValue]
|
40
|
+
#
|
41
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/AccessControlAttribute AWS API Documentation
|
42
|
+
#
|
43
|
+
class AccessControlAttribute < Struct.new(
|
44
|
+
:key,
|
45
|
+
:value)
|
46
|
+
SENSITIVE = []
|
47
|
+
include Aws::Structure
|
48
|
+
end
|
49
|
+
|
50
|
+
# The value used for mapping a specified attribute to an identity
|
51
|
+
# source.
|
52
|
+
#
|
53
|
+
# @note When making an API call, you may pass AccessControlAttributeValue
|
54
|
+
# data as a hash:
|
55
|
+
#
|
56
|
+
# {
|
57
|
+
# source: ["AccessControlAttributeValueSource"], # required
|
58
|
+
# }
|
59
|
+
#
|
60
|
+
# @!attribute [rw] source
|
61
|
+
# The identity source to use when mapping a specified attribute to AWS
|
62
|
+
# SSO.
|
63
|
+
# @return [Array<String>]
|
64
|
+
#
|
65
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/AccessControlAttributeValue AWS API Documentation
|
66
|
+
#
|
67
|
+
class AccessControlAttributeValue < Struct.new(
|
68
|
+
:source)
|
69
|
+
SENSITIVE = []
|
70
|
+
include Aws::Structure
|
71
|
+
end
|
72
|
+
|
13
73
|
# You do not have sufficient access to perform this action.
|
14
74
|
#
|
15
75
|
# @!attribute [rw] message
|
@@ -47,7 +107,11 @@ module Aws::SSOAdmin
|
|
47
107
|
# @return [String]
|
48
108
|
#
|
49
109
|
# @!attribute [rw] principal_id
|
50
|
-
#
|
110
|
+
# An identifier for an object in AWS SSO, such as a user or group.
|
111
|
+
# PrincipalIds are GUIDs (For example,
|
112
|
+
# f81d4fae-7dec-11d0-a765-00a0c91e6bf6). For more information about
|
113
|
+
# PrincipalIds in AWS SSO, see the [AWS SSO Identity Store API
|
114
|
+
# Reference](/singlesignon/latest/IdentityStoreAPIReference/welcome.html).
|
51
115
|
# @return [String]
|
52
116
|
#
|
53
117
|
# @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/AccountAssignment AWS API Documentation
|
@@ -79,7 +143,8 @@ module Aws::SSOAdmin
|
|
79
143
|
# @return [String]
|
80
144
|
#
|
81
145
|
# @!attribute [rw] target_id
|
82
|
-
#
|
146
|
+
# TargetID is an AWS account identifier, typically a 10-12 digit
|
147
|
+
# string (For example, 123456789012).
|
83
148
|
# @return [String]
|
84
149
|
#
|
85
150
|
# @!attribute [rw] target_type
|
@@ -98,7 +163,11 @@ module Aws::SSOAdmin
|
|
98
163
|
# @return [String]
|
99
164
|
#
|
100
165
|
# @!attribute [rw] principal_id
|
101
|
-
#
|
166
|
+
# An identifier for an object in AWS SSO, such as a user or group.
|
167
|
+
# PrincipalIds are GUIDs (For example,
|
168
|
+
# f81d4fae-7dec-11d0-a765-00a0c91e6bf6). For more information about
|
169
|
+
# PrincipalIds in AWS SSO, see the [AWS SSO Identity Store API
|
170
|
+
# Reference](/singlesignon/latest/IdentityStoreAPIReference/welcome.html).
|
102
171
|
# @return [String]
|
103
172
|
#
|
104
173
|
# @!attribute [rw] created_date
|
@@ -246,7 +315,8 @@ module Aws::SSOAdmin
|
|
246
315
|
# @return [String]
|
247
316
|
#
|
248
317
|
# @!attribute [rw] target_id
|
249
|
-
#
|
318
|
+
# TargetID is an AWS account identifier, typically a 10-12 digit
|
319
|
+
# string (For example, 123456789012).
|
250
320
|
# @return [String]
|
251
321
|
#
|
252
322
|
# @!attribute [rw] target_type
|
@@ -263,7 +333,11 @@ module Aws::SSOAdmin
|
|
263
333
|
# @return [String]
|
264
334
|
#
|
265
335
|
# @!attribute [rw] principal_id
|
266
|
-
#
|
336
|
+
# An identifier for an object in AWS SSO, such as a user or group.
|
337
|
+
# PrincipalIds are GUIDs (For example,
|
338
|
+
# f81d4fae-7dec-11d0-a765-00a0c91e6bf6). For more information about
|
339
|
+
# PrincipalIds in AWS SSO, see the [AWS SSO Identity Store API
|
340
|
+
# Reference](/singlesignon/latest/IdentityStoreAPIReference/welcome.html).
|
267
341
|
# @return [String]
|
268
342
|
#
|
269
343
|
# @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/CreateAccountAssignmentRequest AWS API Documentation
|
@@ -291,6 +365,51 @@ module Aws::SSOAdmin
|
|
291
365
|
include Aws::Structure
|
292
366
|
end
|
293
367
|
|
368
|
+
# @note When making an API call, you may pass CreateInstanceAccessControlAttributeConfigurationRequest
|
369
|
+
# data as a hash:
|
370
|
+
#
|
371
|
+
# {
|
372
|
+
# instance_arn: "InstanceArn", # required
|
373
|
+
# instance_access_control_attribute_configuration: { # required
|
374
|
+
# access_control_attributes: [ # required
|
375
|
+
# {
|
376
|
+
# key: "AccessControlAttributeKey", # required
|
377
|
+
# value: { # required
|
378
|
+
# source: ["AccessControlAttributeValueSource"], # required
|
379
|
+
# },
|
380
|
+
# },
|
381
|
+
# ],
|
382
|
+
# },
|
383
|
+
# }
|
384
|
+
#
|
385
|
+
# @!attribute [rw] instance_arn
|
386
|
+
# The ARN of the SSO instance under which the operation will be
|
387
|
+
# executed.
|
388
|
+
# @return [String]
|
389
|
+
#
|
390
|
+
# @!attribute [rw] instance_access_control_attribute_configuration
|
391
|
+
# Specifies the AWS SSO identity store attributes to add to your ABAC
|
392
|
+
# configuration. When using an external identity provider as an
|
393
|
+
# identity source, you can pass attributes through the SAML assertion
|
394
|
+
# as an alternative to configuring attributes from the AWS SSO
|
395
|
+
# identity store. If a SAML assertion passes any of these attributes,
|
396
|
+
# AWS SSO will replace the attribute value with the value from the AWS
|
397
|
+
# SSO identity store.
|
398
|
+
# @return [Types::InstanceAccessControlAttributeConfiguration]
|
399
|
+
#
|
400
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/CreateInstanceAccessControlAttributeConfigurationRequest AWS API Documentation
|
401
|
+
#
|
402
|
+
class CreateInstanceAccessControlAttributeConfigurationRequest < Struct.new(
|
403
|
+
:instance_arn,
|
404
|
+
:instance_access_control_attribute_configuration)
|
405
|
+
SENSITIVE = []
|
406
|
+
include Aws::Structure
|
407
|
+
end
|
408
|
+
|
409
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/CreateInstanceAccessControlAttributeConfigurationResponse AWS API Documentation
|
410
|
+
#
|
411
|
+
class CreateInstanceAccessControlAttributeConfigurationResponse < Aws::EmptyStructure; end
|
412
|
+
|
294
413
|
# @note When making an API call, you may pass CreatePermissionSetRequest
|
295
414
|
# data as a hash:
|
296
415
|
#
|
@@ -384,7 +503,8 @@ module Aws::SSOAdmin
|
|
384
503
|
# @return [String]
|
385
504
|
#
|
386
505
|
# @!attribute [rw] target_id
|
387
|
-
#
|
506
|
+
# TargetID is an AWS account identifier, typically a 10-12 digit
|
507
|
+
# string (For example, 123456789012).
|
388
508
|
# @return [String]
|
389
509
|
#
|
390
510
|
# @!attribute [rw] target_type
|
@@ -400,7 +520,11 @@ module Aws::SSOAdmin
|
|
400
520
|
# @return [String]
|
401
521
|
#
|
402
522
|
# @!attribute [rw] principal_id
|
403
|
-
#
|
523
|
+
# An identifier for an object in AWS SSO, such as a user or group.
|
524
|
+
# PrincipalIds are GUIDs (For example,
|
525
|
+
# f81d4fae-7dec-11d0-a765-00a0c91e6bf6). For more information about
|
526
|
+
# PrincipalIds in AWS SSO, see the [AWS SSO Identity Store API
|
527
|
+
# Reference](/singlesignon/latest/IdentityStoreAPIReference/welcome.html).
|
404
528
|
# @return [String]
|
405
529
|
#
|
406
530
|
# @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/DeleteAccountAssignmentRequest AWS API Documentation
|
@@ -461,6 +585,30 @@ module Aws::SSOAdmin
|
|
461
585
|
#
|
462
586
|
class DeleteInlinePolicyFromPermissionSetResponse < Aws::EmptyStructure; end
|
463
587
|
|
588
|
+
# @note When making an API call, you may pass DeleteInstanceAccessControlAttributeConfigurationRequest
|
589
|
+
# data as a hash:
|
590
|
+
#
|
591
|
+
# {
|
592
|
+
# instance_arn: "InstanceArn", # required
|
593
|
+
# }
|
594
|
+
#
|
595
|
+
# @!attribute [rw] instance_arn
|
596
|
+
# The ARN of the SSO instance under which the operation will be
|
597
|
+
# executed.
|
598
|
+
# @return [String]
|
599
|
+
#
|
600
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/DeleteInstanceAccessControlAttributeConfigurationRequest AWS API Documentation
|
601
|
+
#
|
602
|
+
class DeleteInstanceAccessControlAttributeConfigurationRequest < Struct.new(
|
603
|
+
:instance_arn)
|
604
|
+
SENSITIVE = []
|
605
|
+
include Aws::Structure
|
606
|
+
end
|
607
|
+
|
608
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/DeleteInstanceAccessControlAttributeConfigurationResponse AWS API Documentation
|
609
|
+
#
|
610
|
+
class DeleteInstanceAccessControlAttributeConfigurationResponse < Aws::EmptyStructure; end
|
611
|
+
|
464
612
|
# @note When making an API call, you may pass DeletePermissionSetRequest
|
465
613
|
# data as a hash:
|
466
614
|
#
|
@@ -576,6 +724,50 @@ module Aws::SSOAdmin
|
|
576
724
|
include Aws::Structure
|
577
725
|
end
|
578
726
|
|
727
|
+
# @note When making an API call, you may pass DescribeInstanceAccessControlAttributeConfigurationRequest
|
728
|
+
# data as a hash:
|
729
|
+
#
|
730
|
+
# {
|
731
|
+
# instance_arn: "InstanceArn", # required
|
732
|
+
# }
|
733
|
+
#
|
734
|
+
# @!attribute [rw] instance_arn
|
735
|
+
# The ARN of the SSO instance under which the operation will be
|
736
|
+
# executed.
|
737
|
+
# @return [String]
|
738
|
+
#
|
739
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/DescribeInstanceAccessControlAttributeConfigurationRequest AWS API Documentation
|
740
|
+
#
|
741
|
+
class DescribeInstanceAccessControlAttributeConfigurationRequest < Struct.new(
|
742
|
+
:instance_arn)
|
743
|
+
SENSITIVE = []
|
744
|
+
include Aws::Structure
|
745
|
+
end
|
746
|
+
|
747
|
+
# @!attribute [rw] status
|
748
|
+
# The status of the attribute configuration process.
|
749
|
+
# @return [String]
|
750
|
+
#
|
751
|
+
# @!attribute [rw] status_reason
|
752
|
+
# Provides more details about the current status of the specified
|
753
|
+
# attribute.
|
754
|
+
# @return [String]
|
755
|
+
#
|
756
|
+
# @!attribute [rw] instance_access_control_attribute_configuration
|
757
|
+
# Gets the list of AWS SSO identity store attributes added to your
|
758
|
+
# ABAC configuration.
|
759
|
+
# @return [Types::InstanceAccessControlAttributeConfiguration]
|
760
|
+
#
|
761
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/DescribeInstanceAccessControlAttributeConfigurationResponse AWS API Documentation
|
762
|
+
#
|
763
|
+
class DescribeInstanceAccessControlAttributeConfigurationResponse < Struct.new(
|
764
|
+
:status,
|
765
|
+
:status_reason,
|
766
|
+
:instance_access_control_attribute_configuration)
|
767
|
+
SENSITIVE = []
|
768
|
+
include Aws::Structure
|
769
|
+
end
|
770
|
+
|
579
771
|
# @note When making an API call, you may pass DescribePermissionSetProvisioningStatusRequest
|
580
772
|
# data as a hash:
|
581
773
|
#
|
@@ -740,6 +932,36 @@ module Aws::SSOAdmin
|
|
740
932
|
include Aws::Structure
|
741
933
|
end
|
742
934
|
|
935
|
+
# Specifies the attributes to add to your attribute-based access control
|
936
|
+
# (ABAC) configuration.
|
937
|
+
#
|
938
|
+
# @note When making an API call, you may pass InstanceAccessControlAttributeConfiguration
|
939
|
+
# data as a hash:
|
940
|
+
#
|
941
|
+
# {
|
942
|
+
# access_control_attributes: [ # required
|
943
|
+
# {
|
944
|
+
# key: "AccessControlAttributeKey", # required
|
945
|
+
# value: { # required
|
946
|
+
# source: ["AccessControlAttributeValueSource"], # required
|
947
|
+
# },
|
948
|
+
# },
|
949
|
+
# ],
|
950
|
+
# }
|
951
|
+
#
|
952
|
+
# @!attribute [rw] access_control_attributes
|
953
|
+
# Lists the attributes that are configured for ABAC in the specified
|
954
|
+
# AWS SSO instance.
|
955
|
+
# @return [Array<Types::AccessControlAttribute>]
|
956
|
+
#
|
957
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/InstanceAccessControlAttributeConfiguration AWS API Documentation
|
958
|
+
#
|
959
|
+
class InstanceAccessControlAttributeConfiguration < Struct.new(
|
960
|
+
:access_control_attributes)
|
961
|
+
SENSITIVE = []
|
962
|
+
include Aws::Structure
|
963
|
+
end
|
964
|
+
|
743
965
|
# Provides information about the SSO instance.
|
744
966
|
#
|
745
967
|
# @!attribute [rw] instance_arn
|
@@ -1537,7 +1759,8 @@ module Aws::SSOAdmin
|
|
1537
1759
|
# @return [String]
|
1538
1760
|
#
|
1539
1761
|
# @!attribute [rw] target_id
|
1540
|
-
#
|
1762
|
+
# TargetID is an AWS account identifier, typically a 10-12 digit
|
1763
|
+
# string (For example, 123456789012).
|
1541
1764
|
# @return [String]
|
1542
1765
|
#
|
1543
1766
|
# @!attribute [rw] target_type
|
@@ -1759,6 +1982,45 @@ module Aws::SSOAdmin
|
|
1759
1982
|
#
|
1760
1983
|
class UntagResourceResponse < Aws::EmptyStructure; end
|
1761
1984
|
|
1985
|
+
# @note When making an API call, you may pass UpdateInstanceAccessControlAttributeConfigurationRequest
|
1986
|
+
# data as a hash:
|
1987
|
+
#
|
1988
|
+
# {
|
1989
|
+
# instance_arn: "InstanceArn", # required
|
1990
|
+
# instance_access_control_attribute_configuration: { # required
|
1991
|
+
# access_control_attributes: [ # required
|
1992
|
+
# {
|
1993
|
+
# key: "AccessControlAttributeKey", # required
|
1994
|
+
# value: { # required
|
1995
|
+
# source: ["AccessControlAttributeValueSource"], # required
|
1996
|
+
# },
|
1997
|
+
# },
|
1998
|
+
# ],
|
1999
|
+
# },
|
2000
|
+
# }
|
2001
|
+
#
|
2002
|
+
# @!attribute [rw] instance_arn
|
2003
|
+
# The ARN of the SSO instance under which the operation will be
|
2004
|
+
# executed.
|
2005
|
+
# @return [String]
|
2006
|
+
#
|
2007
|
+
# @!attribute [rw] instance_access_control_attribute_configuration
|
2008
|
+
# Updates the attributes for your ABAC configuration.
|
2009
|
+
# @return [Types::InstanceAccessControlAttributeConfiguration]
|
2010
|
+
#
|
2011
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/UpdateInstanceAccessControlAttributeConfigurationRequest AWS API Documentation
|
2012
|
+
#
|
2013
|
+
class UpdateInstanceAccessControlAttributeConfigurationRequest < Struct.new(
|
2014
|
+
:instance_arn,
|
2015
|
+
:instance_access_control_attribute_configuration)
|
2016
|
+
SENSITIVE = []
|
2017
|
+
include Aws::Structure
|
2018
|
+
end
|
2019
|
+
|
2020
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/UpdateInstanceAccessControlAttributeConfigurationResponse AWS API Documentation
|
2021
|
+
#
|
2022
|
+
class UpdateInstanceAccessControlAttributeConfigurationResponse < Aws::EmptyStructure; end
|
2023
|
+
|
1762
2024
|
# @note When making an API call, you may pass UpdatePermissionSetRequest
|
1763
2025
|
# data as a hash:
|
1764
2026
|
#
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: aws-sdk-ssoadmin
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.
|
4
|
+
version: 1.5.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Amazon Web Services
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2021-02-02 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: aws-sdk-core
|
@@ -19,7 +19,7 @@ dependencies:
|
|
19
19
|
version: '3'
|
20
20
|
- - ">="
|
21
21
|
- !ruby/object:Gem::Version
|
22
|
-
version: 3.
|
22
|
+
version: 3.112.0
|
23
23
|
type: :runtime
|
24
24
|
prerelease: false
|
25
25
|
version_requirements: !ruby/object:Gem::Requirement
|
@@ -29,7 +29,7 @@ dependencies:
|
|
29
29
|
version: '3'
|
30
30
|
- - ">="
|
31
31
|
- !ruby/object:Gem::Version
|
32
|
-
version: 3.
|
32
|
+
version: 3.112.0
|
33
33
|
- !ruby/object:Gem::Dependency
|
34
34
|
name: aws-sigv4
|
35
35
|
requirement: !ruby/object:Gem::Requirement
|