aws-sdk-ssoadmin 1.3.0 → 1.4.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/aws-sdk-ssoadmin.rb +1 -1
- data/lib/aws-sdk-ssoadmin/client.rb +165 -1
- data/lib/aws-sdk-ssoadmin/client_api.rb +111 -0
- data/lib/aws-sdk-ssoadmin/types.rb +242 -0
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: a56b8060e2752f1405659c2a46ea57e6bf1105f8207c8c8d8cddd465f285fae5
|
|
4
|
+
data.tar.gz: 2a5ec75edc5d7952bc0869d6cfd0e445907fc3008783e751d07c4a45cc70a5d0
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 3ebed9d032fba6585873405017bea16188c6bd01c4a5e38cb7a0984daf3146b8ca8a4258fdfdee9024d3e15832ccf43388556f249499ef06195c1c1e9cd4ce0b
|
|
7
|
+
data.tar.gz: ab9e5ec722a5274a14031c0326300d2ef9b09f5a21c67e8723d9d745ab4527b6c5e27a9b15319acf09aad0e672903a086fc95bdf5a8ad08482dd1a2f0406684a
|
data/lib/aws-sdk-ssoadmin.rb
CHANGED
|
@@ -461,6 +461,53 @@ module Aws::SSOAdmin
|
|
|
461
461
|
req.send_request(options)
|
|
462
462
|
end
|
|
463
463
|
|
|
464
|
+
# Enables the attributes-based access control (ABAC) feature for the
|
|
465
|
+
# specified AWS SSO instance. You can also specify new attributes to add
|
|
466
|
+
# to your ABAC configuration during the enabling process. For more
|
|
467
|
+
# information about ABAC, see [Attribute-Based Access
|
|
468
|
+
# Control](/singlesignon/latest/userguide/abac.html) in the *AWS SSO
|
|
469
|
+
# User Guide*.
|
|
470
|
+
#
|
|
471
|
+
# @option params [required, String] :instance_arn
|
|
472
|
+
# The ARN of the SSO instance under which the operation will be
|
|
473
|
+
# executed.
|
|
474
|
+
#
|
|
475
|
+
# @option params [required, Types::InstanceAccessControlAttributeConfiguration] :instance_access_control_attribute_configuration
|
|
476
|
+
# Specifies the AWS SSO identity store attributes to add to your ABAC
|
|
477
|
+
# configuration. When using an external identity provider as an identity
|
|
478
|
+
# source, you can pass attributes through the SAML assertion as an
|
|
479
|
+
# alternative to configuring attributes from the AWS SSO identity store.
|
|
480
|
+
# If a SAML assertion passes any of these attributes, AWS SSO will
|
|
481
|
+
# replace the attribute value with the value from the AWS SSO identity
|
|
482
|
+
# store.
|
|
483
|
+
#
|
|
484
|
+
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
|
485
|
+
#
|
|
486
|
+
# @example Request syntax with placeholder values
|
|
487
|
+
#
|
|
488
|
+
# resp = client.create_instance_access_control_attribute_configuration({
|
|
489
|
+
# instance_arn: "InstanceArn", # required
|
|
490
|
+
# instance_access_control_attribute_configuration: { # required
|
|
491
|
+
# access_control_attributes: [ # required
|
|
492
|
+
# {
|
|
493
|
+
# key: "AccessControlAttributeKey", # required
|
|
494
|
+
# value: { # required
|
|
495
|
+
# source: ["AccessControlAttributeValueSource"], # required
|
|
496
|
+
# },
|
|
497
|
+
# },
|
|
498
|
+
# ],
|
|
499
|
+
# },
|
|
500
|
+
# })
|
|
501
|
+
#
|
|
502
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/CreateInstanceAccessControlAttributeConfiguration AWS API Documentation
|
|
503
|
+
#
|
|
504
|
+
# @overload create_instance_access_control_attribute_configuration(params = {})
|
|
505
|
+
# @param [Hash] params ({})
|
|
506
|
+
def create_instance_access_control_attribute_configuration(params = {}, options = {})
|
|
507
|
+
req = build_request(:create_instance_access_control_attribute_configuration, params)
|
|
508
|
+
req.send_request(options)
|
|
509
|
+
end
|
|
510
|
+
|
|
464
511
|
# Creates a permission set within a specified SSO instance.
|
|
465
512
|
#
|
|
466
513
|
# <note markdown="1"> To grant users and groups access to AWS account resources, use `
|
|
@@ -626,6 +673,36 @@ module Aws::SSOAdmin
|
|
|
626
673
|
req.send_request(options)
|
|
627
674
|
end
|
|
628
675
|
|
|
676
|
+
# Disables the attributes-based access control (ABAC) feature for the
|
|
677
|
+
# specified AWS SSO instance and deletes all of the attribute mappings
|
|
678
|
+
# that have been configured. Once deleted, any attributes that are
|
|
679
|
+
# received from an identity source and any custom attributes you have
|
|
680
|
+
# previously configured will not be passed. For more information about
|
|
681
|
+
# ABAC, see [Attribute-Based Access
|
|
682
|
+
# Control](/singlesignon/latest/userguide/abac.html) in the *AWS SSO
|
|
683
|
+
# User Guide*.
|
|
684
|
+
#
|
|
685
|
+
# @option params [required, String] :instance_arn
|
|
686
|
+
# The ARN of the SSO instance under which the operation will be
|
|
687
|
+
# executed.
|
|
688
|
+
#
|
|
689
|
+
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
|
690
|
+
#
|
|
691
|
+
# @example Request syntax with placeholder values
|
|
692
|
+
#
|
|
693
|
+
# resp = client.delete_instance_access_control_attribute_configuration({
|
|
694
|
+
# instance_arn: "InstanceArn", # required
|
|
695
|
+
# })
|
|
696
|
+
#
|
|
697
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/DeleteInstanceAccessControlAttributeConfiguration AWS API Documentation
|
|
698
|
+
#
|
|
699
|
+
# @overload delete_instance_access_control_attribute_configuration(params = {})
|
|
700
|
+
# @param [Hash] params ({})
|
|
701
|
+
def delete_instance_access_control_attribute_configuration(params = {}, options = {})
|
|
702
|
+
req = build_request(:delete_instance_access_control_attribute_configuration, params)
|
|
703
|
+
req.send_request(options)
|
|
704
|
+
end
|
|
705
|
+
|
|
629
706
|
# Deletes the specified permission set.
|
|
630
707
|
#
|
|
631
708
|
# @option params [required, String] :instance_arn
|
|
@@ -744,6 +821,48 @@ module Aws::SSOAdmin
|
|
|
744
821
|
req.send_request(options)
|
|
745
822
|
end
|
|
746
823
|
|
|
824
|
+
# Returns the list of AWS SSO identity store attributes that have been
|
|
825
|
+
# configured to work with attributes-based access control (ABAC) for the
|
|
826
|
+
# specified AWS SSO instance. This will not return attributes configured
|
|
827
|
+
# and sent by an external identity provider. For more information about
|
|
828
|
+
# ABAC, see [Attribute-Based Access
|
|
829
|
+
# Control](/singlesignon/latest/userguide/abac.html) in the *AWS SSO
|
|
830
|
+
# User Guide*.
|
|
831
|
+
#
|
|
832
|
+
# @option params [required, String] :instance_arn
|
|
833
|
+
# The ARN of the SSO instance under which the operation will be
|
|
834
|
+
# executed.
|
|
835
|
+
#
|
|
836
|
+
# @return [Types::DescribeInstanceAccessControlAttributeConfigurationResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
|
837
|
+
#
|
|
838
|
+
# * {Types::DescribeInstanceAccessControlAttributeConfigurationResponse#status #status} => String
|
|
839
|
+
# * {Types::DescribeInstanceAccessControlAttributeConfigurationResponse#status_reason #status_reason} => String
|
|
840
|
+
# * {Types::DescribeInstanceAccessControlAttributeConfigurationResponse#instance_access_control_attribute_configuration #instance_access_control_attribute_configuration} => Types::InstanceAccessControlAttributeConfiguration
|
|
841
|
+
#
|
|
842
|
+
# @example Request syntax with placeholder values
|
|
843
|
+
#
|
|
844
|
+
# resp = client.describe_instance_access_control_attribute_configuration({
|
|
845
|
+
# instance_arn: "InstanceArn", # required
|
|
846
|
+
# })
|
|
847
|
+
#
|
|
848
|
+
# @example Response structure
|
|
849
|
+
#
|
|
850
|
+
# resp.status #=> String, one of "ENABLED", "CREATION_IN_PROGRESS", "CREATION_FAILED"
|
|
851
|
+
# resp.status_reason #=> String
|
|
852
|
+
# resp.instance_access_control_attribute_configuration.access_control_attributes #=> Array
|
|
853
|
+
# resp.instance_access_control_attribute_configuration.access_control_attributes[0].key #=> String
|
|
854
|
+
# resp.instance_access_control_attribute_configuration.access_control_attributes[0].value.source #=> Array
|
|
855
|
+
# resp.instance_access_control_attribute_configuration.access_control_attributes[0].value.source[0] #=> String
|
|
856
|
+
#
|
|
857
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/DescribeInstanceAccessControlAttributeConfiguration AWS API Documentation
|
|
858
|
+
#
|
|
859
|
+
# @overload describe_instance_access_control_attribute_configuration(params = {})
|
|
860
|
+
# @param [Hash] params ({})
|
|
861
|
+
def describe_instance_access_control_attribute_configuration(params = {}, options = {})
|
|
862
|
+
req = build_request(:describe_instance_access_control_attribute_configuration, params)
|
|
863
|
+
req.send_request(options)
|
|
864
|
+
end
|
|
865
|
+
|
|
747
866
|
# Gets the details of the permission set.
|
|
748
867
|
#
|
|
749
868
|
# @option params [required, String] :instance_arn
|
|
@@ -1582,6 +1701,51 @@ module Aws::SSOAdmin
|
|
|
1582
1701
|
req.send_request(options)
|
|
1583
1702
|
end
|
|
1584
1703
|
|
|
1704
|
+
# Updates the AWS SSO identity store attributes to use with the AWS SSO
|
|
1705
|
+
# instance for attributes-based access control (ABAC). When using an
|
|
1706
|
+
# external identity provider as an identity source, you can pass
|
|
1707
|
+
# attributes through the SAML assertion as an alternative to configuring
|
|
1708
|
+
# attributes from the AWS SSO identity store. If a SAML assertion passes
|
|
1709
|
+
# any of these attributes, AWS SSO will replace the attribute value with
|
|
1710
|
+
# the value from the AWS SSO identity store. For more information about
|
|
1711
|
+
# ABAC, see [Attribute-Based Access
|
|
1712
|
+
# Control](/singlesignon/latest/userguide/abac.html) in the *AWS SSO
|
|
1713
|
+
# User Guide*.
|
|
1714
|
+
#
|
|
1715
|
+
# @option params [required, String] :instance_arn
|
|
1716
|
+
# The ARN of the SSO instance under which the operation will be
|
|
1717
|
+
# executed.
|
|
1718
|
+
#
|
|
1719
|
+
# @option params [required, Types::InstanceAccessControlAttributeConfiguration] :instance_access_control_attribute_configuration
|
|
1720
|
+
# Updates the attributes for your ABAC configuration.
|
|
1721
|
+
#
|
|
1722
|
+
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
|
1723
|
+
#
|
|
1724
|
+
# @example Request syntax with placeholder values
|
|
1725
|
+
#
|
|
1726
|
+
# resp = client.update_instance_access_control_attribute_configuration({
|
|
1727
|
+
# instance_arn: "InstanceArn", # required
|
|
1728
|
+
# instance_access_control_attribute_configuration: { # required
|
|
1729
|
+
# access_control_attributes: [ # required
|
|
1730
|
+
# {
|
|
1731
|
+
# key: "AccessControlAttributeKey", # required
|
|
1732
|
+
# value: { # required
|
|
1733
|
+
# source: ["AccessControlAttributeValueSource"], # required
|
|
1734
|
+
# },
|
|
1735
|
+
# },
|
|
1736
|
+
# ],
|
|
1737
|
+
# },
|
|
1738
|
+
# })
|
|
1739
|
+
#
|
|
1740
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/UpdateInstanceAccessControlAttributeConfiguration AWS API Documentation
|
|
1741
|
+
#
|
|
1742
|
+
# @overload update_instance_access_control_attribute_configuration(params = {})
|
|
1743
|
+
# @param [Hash] params ({})
|
|
1744
|
+
def update_instance_access_control_attribute_configuration(params = {}, options = {})
|
|
1745
|
+
req = build_request(:update_instance_access_control_attribute_configuration, params)
|
|
1746
|
+
req.send_request(options)
|
|
1747
|
+
end
|
|
1748
|
+
|
|
1585
1749
|
# Updates an existing permission set.
|
|
1586
1750
|
#
|
|
1587
1751
|
# @option params [required, String] :instance_arn
|
|
@@ -1639,7 +1803,7 @@ module Aws::SSOAdmin
|
|
|
1639
1803
|
params: params,
|
|
1640
1804
|
config: config)
|
|
1641
1805
|
context[:gem_name] = 'aws-sdk-ssoadmin'
|
|
1642
|
-
context[:gem_version] = '1.
|
|
1806
|
+
context[:gem_version] = '1.4.0'
|
|
1643
1807
|
Seahorse::Client::Request.new(handlers, context)
|
|
1644
1808
|
end
|
|
1645
1809
|
|
|
@@ -13,6 +13,12 @@ module Aws::SSOAdmin
|
|
|
13
13
|
|
|
14
14
|
include Seahorse::Model
|
|
15
15
|
|
|
16
|
+
AccessControlAttribute = Shapes::StructureShape.new(name: 'AccessControlAttribute')
|
|
17
|
+
AccessControlAttributeKey = Shapes::StringShape.new(name: 'AccessControlAttributeKey')
|
|
18
|
+
AccessControlAttributeList = Shapes::ListShape.new(name: 'AccessControlAttributeList')
|
|
19
|
+
AccessControlAttributeValue = Shapes::StructureShape.new(name: 'AccessControlAttributeValue')
|
|
20
|
+
AccessControlAttributeValueSource = Shapes::StringShape.new(name: 'AccessControlAttributeValueSource')
|
|
21
|
+
AccessControlAttributeValueSourceList = Shapes::ListShape.new(name: 'AccessControlAttributeValueSourceList')
|
|
16
22
|
AccessDeniedException = Shapes::StructureShape.new(name: 'AccessDeniedException')
|
|
17
23
|
AccessDeniedExceptionMessage = Shapes::StringShape.new(name: 'AccessDeniedExceptionMessage')
|
|
18
24
|
AccountAssignment = Shapes::StructureShape.new(name: 'AccountAssignment')
|
|
@@ -30,6 +36,8 @@ module Aws::SSOAdmin
|
|
|
30
36
|
ConflictExceptionMessage = Shapes::StringShape.new(name: 'ConflictExceptionMessage')
|
|
31
37
|
CreateAccountAssignmentRequest = Shapes::StructureShape.new(name: 'CreateAccountAssignmentRequest')
|
|
32
38
|
CreateAccountAssignmentResponse = Shapes::StructureShape.new(name: 'CreateAccountAssignmentResponse')
|
|
39
|
+
CreateInstanceAccessControlAttributeConfigurationRequest = Shapes::StructureShape.new(name: 'CreateInstanceAccessControlAttributeConfigurationRequest')
|
|
40
|
+
CreateInstanceAccessControlAttributeConfigurationResponse = Shapes::StructureShape.new(name: 'CreateInstanceAccessControlAttributeConfigurationResponse')
|
|
33
41
|
CreatePermissionSetRequest = Shapes::StructureShape.new(name: 'CreatePermissionSetRequest')
|
|
34
42
|
CreatePermissionSetResponse = Shapes::StructureShape.new(name: 'CreatePermissionSetResponse')
|
|
35
43
|
Date = Shapes::TimestampShape.new(name: 'Date')
|
|
@@ -37,12 +45,16 @@ module Aws::SSOAdmin
|
|
|
37
45
|
DeleteAccountAssignmentResponse = Shapes::StructureShape.new(name: 'DeleteAccountAssignmentResponse')
|
|
38
46
|
DeleteInlinePolicyFromPermissionSetRequest = Shapes::StructureShape.new(name: 'DeleteInlinePolicyFromPermissionSetRequest')
|
|
39
47
|
DeleteInlinePolicyFromPermissionSetResponse = Shapes::StructureShape.new(name: 'DeleteInlinePolicyFromPermissionSetResponse')
|
|
48
|
+
DeleteInstanceAccessControlAttributeConfigurationRequest = Shapes::StructureShape.new(name: 'DeleteInstanceAccessControlAttributeConfigurationRequest')
|
|
49
|
+
DeleteInstanceAccessControlAttributeConfigurationResponse = Shapes::StructureShape.new(name: 'DeleteInstanceAccessControlAttributeConfigurationResponse')
|
|
40
50
|
DeletePermissionSetRequest = Shapes::StructureShape.new(name: 'DeletePermissionSetRequest')
|
|
41
51
|
DeletePermissionSetResponse = Shapes::StructureShape.new(name: 'DeletePermissionSetResponse')
|
|
42
52
|
DescribeAccountAssignmentCreationStatusRequest = Shapes::StructureShape.new(name: 'DescribeAccountAssignmentCreationStatusRequest')
|
|
43
53
|
DescribeAccountAssignmentCreationStatusResponse = Shapes::StructureShape.new(name: 'DescribeAccountAssignmentCreationStatusResponse')
|
|
44
54
|
DescribeAccountAssignmentDeletionStatusRequest = Shapes::StructureShape.new(name: 'DescribeAccountAssignmentDeletionStatusRequest')
|
|
45
55
|
DescribeAccountAssignmentDeletionStatusResponse = Shapes::StructureShape.new(name: 'DescribeAccountAssignmentDeletionStatusResponse')
|
|
56
|
+
DescribeInstanceAccessControlAttributeConfigurationRequest = Shapes::StructureShape.new(name: 'DescribeInstanceAccessControlAttributeConfigurationRequest')
|
|
57
|
+
DescribeInstanceAccessControlAttributeConfigurationResponse = Shapes::StructureShape.new(name: 'DescribeInstanceAccessControlAttributeConfigurationResponse')
|
|
46
58
|
DescribePermissionSetProvisioningStatusRequest = Shapes::StructureShape.new(name: 'DescribePermissionSetProvisioningStatusRequest')
|
|
47
59
|
DescribePermissionSetProvisioningStatusResponse = Shapes::StructureShape.new(name: 'DescribePermissionSetProvisioningStatusResponse')
|
|
48
60
|
DescribePermissionSetRequest = Shapes::StructureShape.new(name: 'DescribePermissionSetRequest')
|
|
@@ -54,6 +66,9 @@ module Aws::SSOAdmin
|
|
|
54
66
|
GetInlinePolicyForPermissionSetRequest = Shapes::StructureShape.new(name: 'GetInlinePolicyForPermissionSetRequest')
|
|
55
67
|
GetInlinePolicyForPermissionSetResponse = Shapes::StructureShape.new(name: 'GetInlinePolicyForPermissionSetResponse')
|
|
56
68
|
Id = Shapes::StringShape.new(name: 'Id')
|
|
69
|
+
InstanceAccessControlAttributeConfiguration = Shapes::StructureShape.new(name: 'InstanceAccessControlAttributeConfiguration')
|
|
70
|
+
InstanceAccessControlAttributeConfigurationStatus = Shapes::StringShape.new(name: 'InstanceAccessControlAttributeConfigurationStatus')
|
|
71
|
+
InstanceAccessControlAttributeConfigurationStatusReason = Shapes::StringShape.new(name: 'InstanceAccessControlAttributeConfigurationStatusReason')
|
|
57
72
|
InstanceArn = Shapes::StringShape.new(name: 'InstanceArn')
|
|
58
73
|
InstanceList = Shapes::ListShape.new(name: 'InstanceList')
|
|
59
74
|
InstanceMetadata = Shapes::StructureShape.new(name: 'InstanceMetadata')
|
|
@@ -122,11 +137,24 @@ module Aws::SSOAdmin
|
|
|
122
137
|
UUId = Shapes::StringShape.new(name: 'UUId')
|
|
123
138
|
UntagResourceRequest = Shapes::StructureShape.new(name: 'UntagResourceRequest')
|
|
124
139
|
UntagResourceResponse = Shapes::StructureShape.new(name: 'UntagResourceResponse')
|
|
140
|
+
UpdateInstanceAccessControlAttributeConfigurationRequest = Shapes::StructureShape.new(name: 'UpdateInstanceAccessControlAttributeConfigurationRequest')
|
|
141
|
+
UpdateInstanceAccessControlAttributeConfigurationResponse = Shapes::StructureShape.new(name: 'UpdateInstanceAccessControlAttributeConfigurationResponse')
|
|
125
142
|
UpdatePermissionSetRequest = Shapes::StructureShape.new(name: 'UpdatePermissionSetRequest')
|
|
126
143
|
UpdatePermissionSetResponse = Shapes::StructureShape.new(name: 'UpdatePermissionSetResponse')
|
|
127
144
|
ValidationException = Shapes::StructureShape.new(name: 'ValidationException')
|
|
128
145
|
ValidationExceptionMessage = Shapes::StringShape.new(name: 'ValidationExceptionMessage')
|
|
129
146
|
|
|
147
|
+
AccessControlAttribute.add_member(:key, Shapes::ShapeRef.new(shape: AccessControlAttributeKey, required: true, location_name: "Key"))
|
|
148
|
+
AccessControlAttribute.add_member(:value, Shapes::ShapeRef.new(shape: AccessControlAttributeValue, required: true, location_name: "Value"))
|
|
149
|
+
AccessControlAttribute.struct_class = Types::AccessControlAttribute
|
|
150
|
+
|
|
151
|
+
AccessControlAttributeList.member = Shapes::ShapeRef.new(shape: AccessControlAttribute)
|
|
152
|
+
|
|
153
|
+
AccessControlAttributeValue.add_member(:source, Shapes::ShapeRef.new(shape: AccessControlAttributeValueSourceList, required: true, location_name: "Source"))
|
|
154
|
+
AccessControlAttributeValue.struct_class = Types::AccessControlAttributeValue
|
|
155
|
+
|
|
156
|
+
AccessControlAttributeValueSourceList.member = Shapes::ShapeRef.new(shape: AccessControlAttributeValueSource)
|
|
157
|
+
|
|
130
158
|
AccessDeniedException.add_member(:message, Shapes::ShapeRef.new(shape: AccessDeniedExceptionMessage, location_name: "Message"))
|
|
131
159
|
AccessDeniedException.struct_class = Types::AccessDeniedException
|
|
132
160
|
|
|
@@ -185,6 +213,12 @@ module Aws::SSOAdmin
|
|
|
185
213
|
CreateAccountAssignmentResponse.add_member(:account_assignment_creation_status, Shapes::ShapeRef.new(shape: AccountAssignmentOperationStatus, location_name: "AccountAssignmentCreationStatus"))
|
|
186
214
|
CreateAccountAssignmentResponse.struct_class = Types::CreateAccountAssignmentResponse
|
|
187
215
|
|
|
216
|
+
CreateInstanceAccessControlAttributeConfigurationRequest.add_member(:instance_arn, Shapes::ShapeRef.new(shape: InstanceArn, required: true, location_name: "InstanceArn"))
|
|
217
|
+
CreateInstanceAccessControlAttributeConfigurationRequest.add_member(:instance_access_control_attribute_configuration, Shapes::ShapeRef.new(shape: InstanceAccessControlAttributeConfiguration, required: true, location_name: "InstanceAccessControlAttributeConfiguration"))
|
|
218
|
+
CreateInstanceAccessControlAttributeConfigurationRequest.struct_class = Types::CreateInstanceAccessControlAttributeConfigurationRequest
|
|
219
|
+
|
|
220
|
+
CreateInstanceAccessControlAttributeConfigurationResponse.struct_class = Types::CreateInstanceAccessControlAttributeConfigurationResponse
|
|
221
|
+
|
|
188
222
|
CreatePermissionSetRequest.add_member(:name, Shapes::ShapeRef.new(shape: PermissionSetName, required: true, location_name: "Name"))
|
|
189
223
|
CreatePermissionSetRequest.add_member(:description, Shapes::ShapeRef.new(shape: PermissionSetDescription, location_name: "Description"))
|
|
190
224
|
CreatePermissionSetRequest.add_member(:instance_arn, Shapes::ShapeRef.new(shape: InstanceArn, required: true, location_name: "InstanceArn"))
|
|
@@ -213,6 +247,11 @@ module Aws::SSOAdmin
|
|
|
213
247
|
|
|
214
248
|
DeleteInlinePolicyFromPermissionSetResponse.struct_class = Types::DeleteInlinePolicyFromPermissionSetResponse
|
|
215
249
|
|
|
250
|
+
DeleteInstanceAccessControlAttributeConfigurationRequest.add_member(:instance_arn, Shapes::ShapeRef.new(shape: InstanceArn, required: true, location_name: "InstanceArn"))
|
|
251
|
+
DeleteInstanceAccessControlAttributeConfigurationRequest.struct_class = Types::DeleteInstanceAccessControlAttributeConfigurationRequest
|
|
252
|
+
|
|
253
|
+
DeleteInstanceAccessControlAttributeConfigurationResponse.struct_class = Types::DeleteInstanceAccessControlAttributeConfigurationResponse
|
|
254
|
+
|
|
216
255
|
DeletePermissionSetRequest.add_member(:instance_arn, Shapes::ShapeRef.new(shape: InstanceArn, required: true, location_name: "InstanceArn"))
|
|
217
256
|
DeletePermissionSetRequest.add_member(:permission_set_arn, Shapes::ShapeRef.new(shape: PermissionSetArn, required: true, location_name: "PermissionSetArn"))
|
|
218
257
|
DeletePermissionSetRequest.struct_class = Types::DeletePermissionSetRequest
|
|
@@ -233,6 +272,14 @@ module Aws::SSOAdmin
|
|
|
233
272
|
DescribeAccountAssignmentDeletionStatusResponse.add_member(:account_assignment_deletion_status, Shapes::ShapeRef.new(shape: AccountAssignmentOperationStatus, location_name: "AccountAssignmentDeletionStatus"))
|
|
234
273
|
DescribeAccountAssignmentDeletionStatusResponse.struct_class = Types::DescribeAccountAssignmentDeletionStatusResponse
|
|
235
274
|
|
|
275
|
+
DescribeInstanceAccessControlAttributeConfigurationRequest.add_member(:instance_arn, Shapes::ShapeRef.new(shape: InstanceArn, required: true, location_name: "InstanceArn"))
|
|
276
|
+
DescribeInstanceAccessControlAttributeConfigurationRequest.struct_class = Types::DescribeInstanceAccessControlAttributeConfigurationRequest
|
|
277
|
+
|
|
278
|
+
DescribeInstanceAccessControlAttributeConfigurationResponse.add_member(:status, Shapes::ShapeRef.new(shape: InstanceAccessControlAttributeConfigurationStatus, location_name: "Status"))
|
|
279
|
+
DescribeInstanceAccessControlAttributeConfigurationResponse.add_member(:status_reason, Shapes::ShapeRef.new(shape: InstanceAccessControlAttributeConfigurationStatusReason, location_name: "StatusReason"))
|
|
280
|
+
DescribeInstanceAccessControlAttributeConfigurationResponse.add_member(:instance_access_control_attribute_configuration, Shapes::ShapeRef.new(shape: InstanceAccessControlAttributeConfiguration, location_name: "InstanceAccessControlAttributeConfiguration"))
|
|
281
|
+
DescribeInstanceAccessControlAttributeConfigurationResponse.struct_class = Types::DescribeInstanceAccessControlAttributeConfigurationResponse
|
|
282
|
+
|
|
236
283
|
DescribePermissionSetProvisioningStatusRequest.add_member(:instance_arn, Shapes::ShapeRef.new(shape: InstanceArn, required: true, location_name: "InstanceArn"))
|
|
237
284
|
DescribePermissionSetProvisioningStatusRequest.add_member(:provision_permission_set_request_id, Shapes::ShapeRef.new(shape: UUId, required: true, location_name: "ProvisionPermissionSetRequestId"))
|
|
238
285
|
DescribePermissionSetProvisioningStatusRequest.struct_class = Types::DescribePermissionSetProvisioningStatusRequest
|
|
@@ -261,6 +308,9 @@ module Aws::SSOAdmin
|
|
|
261
308
|
GetInlinePolicyForPermissionSetResponse.add_member(:inline_policy, Shapes::ShapeRef.new(shape: PermissionSetPolicyDocument, location_name: "InlinePolicy"))
|
|
262
309
|
GetInlinePolicyForPermissionSetResponse.struct_class = Types::GetInlinePolicyForPermissionSetResponse
|
|
263
310
|
|
|
311
|
+
InstanceAccessControlAttributeConfiguration.add_member(:access_control_attributes, Shapes::ShapeRef.new(shape: AccessControlAttributeList, required: true, location_name: "AccessControlAttributes"))
|
|
312
|
+
InstanceAccessControlAttributeConfiguration.struct_class = Types::InstanceAccessControlAttributeConfiguration
|
|
313
|
+
|
|
264
314
|
InstanceList.member = Shapes::ShapeRef.new(shape: InstanceMetadata)
|
|
265
315
|
|
|
266
316
|
InstanceMetadata.add_member(:instance_arn, Shapes::ShapeRef.new(shape: InstanceArn, location_name: "InstanceArn"))
|
|
@@ -444,6 +494,12 @@ module Aws::SSOAdmin
|
|
|
444
494
|
|
|
445
495
|
UntagResourceResponse.struct_class = Types::UntagResourceResponse
|
|
446
496
|
|
|
497
|
+
UpdateInstanceAccessControlAttributeConfigurationRequest.add_member(:instance_arn, Shapes::ShapeRef.new(shape: InstanceArn, required: true, location_name: "InstanceArn"))
|
|
498
|
+
UpdateInstanceAccessControlAttributeConfigurationRequest.add_member(:instance_access_control_attribute_configuration, Shapes::ShapeRef.new(shape: InstanceAccessControlAttributeConfiguration, required: true, location_name: "InstanceAccessControlAttributeConfiguration"))
|
|
499
|
+
UpdateInstanceAccessControlAttributeConfigurationRequest.struct_class = Types::UpdateInstanceAccessControlAttributeConfigurationRequest
|
|
500
|
+
|
|
501
|
+
UpdateInstanceAccessControlAttributeConfigurationResponse.struct_class = Types::UpdateInstanceAccessControlAttributeConfigurationResponse
|
|
502
|
+
|
|
447
503
|
UpdatePermissionSetRequest.add_member(:instance_arn, Shapes::ShapeRef.new(shape: InstanceArn, required: true, location_name: "InstanceArn"))
|
|
448
504
|
UpdatePermissionSetRequest.add_member(:permission_set_arn, Shapes::ShapeRef.new(shape: PermissionSetArn, required: true, location_name: "PermissionSetArn"))
|
|
449
505
|
UpdatePermissionSetRequest.add_member(:description, Shapes::ShapeRef.new(shape: PermissionSetDescription, location_name: "Description"))
|
|
@@ -506,6 +562,20 @@ module Aws::SSOAdmin
|
|
|
506
562
|
o.errors << Shapes::ShapeRef.new(shape: ConflictException)
|
|
507
563
|
end)
|
|
508
564
|
|
|
565
|
+
api.add_operation(:create_instance_access_control_attribute_configuration, Seahorse::Model::Operation.new.tap do |o|
|
|
566
|
+
o.name = "CreateInstanceAccessControlAttributeConfiguration"
|
|
567
|
+
o.http_method = "POST"
|
|
568
|
+
o.http_request_uri = "/"
|
|
569
|
+
o.input = Shapes::ShapeRef.new(shape: CreateInstanceAccessControlAttributeConfigurationRequest)
|
|
570
|
+
o.output = Shapes::ShapeRef.new(shape: CreateInstanceAccessControlAttributeConfigurationResponse)
|
|
571
|
+
o.errors << Shapes::ShapeRef.new(shape: InternalServerException)
|
|
572
|
+
o.errors << Shapes::ShapeRef.new(shape: AccessDeniedException)
|
|
573
|
+
o.errors << Shapes::ShapeRef.new(shape: ThrottlingException)
|
|
574
|
+
o.errors << Shapes::ShapeRef.new(shape: ValidationException)
|
|
575
|
+
o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
|
|
576
|
+
o.errors << Shapes::ShapeRef.new(shape: ConflictException)
|
|
577
|
+
end)
|
|
578
|
+
|
|
509
579
|
api.add_operation(:create_permission_set, Seahorse::Model::Operation.new.tap do |o|
|
|
510
580
|
o.name = "CreatePermissionSet"
|
|
511
581
|
o.http_method = "POST"
|
|
@@ -549,6 +619,20 @@ module Aws::SSOAdmin
|
|
|
549
619
|
o.errors << Shapes::ShapeRef.new(shape: ConflictException)
|
|
550
620
|
end)
|
|
551
621
|
|
|
622
|
+
api.add_operation(:delete_instance_access_control_attribute_configuration, Seahorse::Model::Operation.new.tap do |o|
|
|
623
|
+
o.name = "DeleteInstanceAccessControlAttributeConfiguration"
|
|
624
|
+
o.http_method = "POST"
|
|
625
|
+
o.http_request_uri = "/"
|
|
626
|
+
o.input = Shapes::ShapeRef.new(shape: DeleteInstanceAccessControlAttributeConfigurationRequest)
|
|
627
|
+
o.output = Shapes::ShapeRef.new(shape: DeleteInstanceAccessControlAttributeConfigurationResponse)
|
|
628
|
+
o.errors << Shapes::ShapeRef.new(shape: InternalServerException)
|
|
629
|
+
o.errors << Shapes::ShapeRef.new(shape: AccessDeniedException)
|
|
630
|
+
o.errors << Shapes::ShapeRef.new(shape: ThrottlingException)
|
|
631
|
+
o.errors << Shapes::ShapeRef.new(shape: ValidationException)
|
|
632
|
+
o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
|
|
633
|
+
o.errors << Shapes::ShapeRef.new(shape: ConflictException)
|
|
634
|
+
end)
|
|
635
|
+
|
|
552
636
|
api.add_operation(:delete_permission_set, Seahorse::Model::Operation.new.tap do |o|
|
|
553
637
|
o.name = "DeletePermissionSet"
|
|
554
638
|
o.http_method = "POST"
|
|
@@ -589,6 +673,19 @@ module Aws::SSOAdmin
|
|
|
589
673
|
o.errors << Shapes::ShapeRef.new(shape: AccessDeniedException)
|
|
590
674
|
end)
|
|
591
675
|
|
|
676
|
+
api.add_operation(:describe_instance_access_control_attribute_configuration, Seahorse::Model::Operation.new.tap do |o|
|
|
677
|
+
o.name = "DescribeInstanceAccessControlAttributeConfiguration"
|
|
678
|
+
o.http_method = "POST"
|
|
679
|
+
o.http_request_uri = "/"
|
|
680
|
+
o.input = Shapes::ShapeRef.new(shape: DescribeInstanceAccessControlAttributeConfigurationRequest)
|
|
681
|
+
o.output = Shapes::ShapeRef.new(shape: DescribeInstanceAccessControlAttributeConfigurationResponse)
|
|
682
|
+
o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
|
|
683
|
+
o.errors << Shapes::ShapeRef.new(shape: InternalServerException)
|
|
684
|
+
o.errors << Shapes::ShapeRef.new(shape: AccessDeniedException)
|
|
685
|
+
o.errors << Shapes::ShapeRef.new(shape: ThrottlingException)
|
|
686
|
+
o.errors << Shapes::ShapeRef.new(shape: ValidationException)
|
|
687
|
+
end)
|
|
688
|
+
|
|
592
689
|
api.add_operation(:describe_permission_set, Seahorse::Model::Operation.new.tap do |o|
|
|
593
690
|
o.name = "DescribePermissionSet"
|
|
594
691
|
o.http_method = "POST"
|
|
@@ -888,6 +985,20 @@ module Aws::SSOAdmin
|
|
|
888
985
|
o.errors << Shapes::ShapeRef.new(shape: ConflictException)
|
|
889
986
|
end)
|
|
890
987
|
|
|
988
|
+
api.add_operation(:update_instance_access_control_attribute_configuration, Seahorse::Model::Operation.new.tap do |o|
|
|
989
|
+
o.name = "UpdateInstanceAccessControlAttributeConfiguration"
|
|
990
|
+
o.http_method = "POST"
|
|
991
|
+
o.http_request_uri = "/"
|
|
992
|
+
o.input = Shapes::ShapeRef.new(shape: UpdateInstanceAccessControlAttributeConfigurationRequest)
|
|
993
|
+
o.output = Shapes::ShapeRef.new(shape: UpdateInstanceAccessControlAttributeConfigurationResponse)
|
|
994
|
+
o.errors << Shapes::ShapeRef.new(shape: InternalServerException)
|
|
995
|
+
o.errors << Shapes::ShapeRef.new(shape: AccessDeniedException)
|
|
996
|
+
o.errors << Shapes::ShapeRef.new(shape: ThrottlingException)
|
|
997
|
+
o.errors << Shapes::ShapeRef.new(shape: ValidationException)
|
|
998
|
+
o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
|
|
999
|
+
o.errors << Shapes::ShapeRef.new(shape: ConflictException)
|
|
1000
|
+
end)
|
|
1001
|
+
|
|
891
1002
|
api.add_operation(:update_permission_set, Seahorse::Model::Operation.new.tap do |o|
|
|
892
1003
|
o.name = "UpdatePermissionSet"
|
|
893
1004
|
o.http_method = "POST"
|
|
@@ -10,6 +10,66 @@
|
|
|
10
10
|
module Aws::SSOAdmin
|
|
11
11
|
module Types
|
|
12
12
|
|
|
13
|
+
# These are AWS SSO identity store attributes that you can configure for
|
|
14
|
+
# use in attributes-based access control (ABAC). You can create
|
|
15
|
+
# permission policies that determine who can access your AWS resources
|
|
16
|
+
# based upon the configured attribute value(s). When you enable ABAC and
|
|
17
|
+
# specify AccessControlAttributes, AWS SSO passes the attribute(s) value
|
|
18
|
+
# of the authenticated user into IAM for use in policy evaluation.
|
|
19
|
+
#
|
|
20
|
+
# @note When making an API call, you may pass AccessControlAttribute
|
|
21
|
+
# data as a hash:
|
|
22
|
+
#
|
|
23
|
+
# {
|
|
24
|
+
# key: "AccessControlAttributeKey", # required
|
|
25
|
+
# value: { # required
|
|
26
|
+
# source: ["AccessControlAttributeValueSource"], # required
|
|
27
|
+
# },
|
|
28
|
+
# }
|
|
29
|
+
#
|
|
30
|
+
# @!attribute [rw] key
|
|
31
|
+
# The name of the attribute associated with your identities in your
|
|
32
|
+
# identity source. This is used to map a specified attribute in your
|
|
33
|
+
# identity source with an attribute in AWS SSO.
|
|
34
|
+
# @return [String]
|
|
35
|
+
#
|
|
36
|
+
# @!attribute [rw] value
|
|
37
|
+
# The value used for mapping a specified attribute to an identity
|
|
38
|
+
# source.
|
|
39
|
+
# @return [Types::AccessControlAttributeValue]
|
|
40
|
+
#
|
|
41
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/AccessControlAttribute AWS API Documentation
|
|
42
|
+
#
|
|
43
|
+
class AccessControlAttribute < Struct.new(
|
|
44
|
+
:key,
|
|
45
|
+
:value)
|
|
46
|
+
SENSITIVE = []
|
|
47
|
+
include Aws::Structure
|
|
48
|
+
end
|
|
49
|
+
|
|
50
|
+
# The value used for mapping a specified attribute to an identity
|
|
51
|
+
# source.
|
|
52
|
+
#
|
|
53
|
+
# @note When making an API call, you may pass AccessControlAttributeValue
|
|
54
|
+
# data as a hash:
|
|
55
|
+
#
|
|
56
|
+
# {
|
|
57
|
+
# source: ["AccessControlAttributeValueSource"], # required
|
|
58
|
+
# }
|
|
59
|
+
#
|
|
60
|
+
# @!attribute [rw] source
|
|
61
|
+
# The identity source to use when mapping a specified attribute to AWS
|
|
62
|
+
# SSO.
|
|
63
|
+
# @return [Array<String>]
|
|
64
|
+
#
|
|
65
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/AccessControlAttributeValue AWS API Documentation
|
|
66
|
+
#
|
|
67
|
+
class AccessControlAttributeValue < Struct.new(
|
|
68
|
+
:source)
|
|
69
|
+
SENSITIVE = []
|
|
70
|
+
include Aws::Structure
|
|
71
|
+
end
|
|
72
|
+
|
|
13
73
|
# You do not have sufficient access to perform this action.
|
|
14
74
|
#
|
|
15
75
|
# @!attribute [rw] message
|
|
@@ -305,6 +365,51 @@ module Aws::SSOAdmin
|
|
|
305
365
|
include Aws::Structure
|
|
306
366
|
end
|
|
307
367
|
|
|
368
|
+
# @note When making an API call, you may pass CreateInstanceAccessControlAttributeConfigurationRequest
|
|
369
|
+
# data as a hash:
|
|
370
|
+
#
|
|
371
|
+
# {
|
|
372
|
+
# instance_arn: "InstanceArn", # required
|
|
373
|
+
# instance_access_control_attribute_configuration: { # required
|
|
374
|
+
# access_control_attributes: [ # required
|
|
375
|
+
# {
|
|
376
|
+
# key: "AccessControlAttributeKey", # required
|
|
377
|
+
# value: { # required
|
|
378
|
+
# source: ["AccessControlAttributeValueSource"], # required
|
|
379
|
+
# },
|
|
380
|
+
# },
|
|
381
|
+
# ],
|
|
382
|
+
# },
|
|
383
|
+
# }
|
|
384
|
+
#
|
|
385
|
+
# @!attribute [rw] instance_arn
|
|
386
|
+
# The ARN of the SSO instance under which the operation will be
|
|
387
|
+
# executed.
|
|
388
|
+
# @return [String]
|
|
389
|
+
#
|
|
390
|
+
# @!attribute [rw] instance_access_control_attribute_configuration
|
|
391
|
+
# Specifies the AWS SSO identity store attributes to add to your ABAC
|
|
392
|
+
# configuration. When using an external identity provider as an
|
|
393
|
+
# identity source, you can pass attributes through the SAML assertion
|
|
394
|
+
# as an alternative to configuring attributes from the AWS SSO
|
|
395
|
+
# identity store. If a SAML assertion passes any of these attributes,
|
|
396
|
+
# AWS SSO will replace the attribute value with the value from the AWS
|
|
397
|
+
# SSO identity store.
|
|
398
|
+
# @return [Types::InstanceAccessControlAttributeConfiguration]
|
|
399
|
+
#
|
|
400
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/CreateInstanceAccessControlAttributeConfigurationRequest AWS API Documentation
|
|
401
|
+
#
|
|
402
|
+
class CreateInstanceAccessControlAttributeConfigurationRequest < Struct.new(
|
|
403
|
+
:instance_arn,
|
|
404
|
+
:instance_access_control_attribute_configuration)
|
|
405
|
+
SENSITIVE = []
|
|
406
|
+
include Aws::Structure
|
|
407
|
+
end
|
|
408
|
+
|
|
409
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/CreateInstanceAccessControlAttributeConfigurationResponse AWS API Documentation
|
|
410
|
+
#
|
|
411
|
+
class CreateInstanceAccessControlAttributeConfigurationResponse < Aws::EmptyStructure; end
|
|
412
|
+
|
|
308
413
|
# @note When making an API call, you may pass CreatePermissionSetRequest
|
|
309
414
|
# data as a hash:
|
|
310
415
|
#
|
|
@@ -480,6 +585,30 @@ module Aws::SSOAdmin
|
|
|
480
585
|
#
|
|
481
586
|
class DeleteInlinePolicyFromPermissionSetResponse < Aws::EmptyStructure; end
|
|
482
587
|
|
|
588
|
+
# @note When making an API call, you may pass DeleteInstanceAccessControlAttributeConfigurationRequest
|
|
589
|
+
# data as a hash:
|
|
590
|
+
#
|
|
591
|
+
# {
|
|
592
|
+
# instance_arn: "InstanceArn", # required
|
|
593
|
+
# }
|
|
594
|
+
#
|
|
595
|
+
# @!attribute [rw] instance_arn
|
|
596
|
+
# The ARN of the SSO instance under which the operation will be
|
|
597
|
+
# executed.
|
|
598
|
+
# @return [String]
|
|
599
|
+
#
|
|
600
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/DeleteInstanceAccessControlAttributeConfigurationRequest AWS API Documentation
|
|
601
|
+
#
|
|
602
|
+
class DeleteInstanceAccessControlAttributeConfigurationRequest < Struct.new(
|
|
603
|
+
:instance_arn)
|
|
604
|
+
SENSITIVE = []
|
|
605
|
+
include Aws::Structure
|
|
606
|
+
end
|
|
607
|
+
|
|
608
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/DeleteInstanceAccessControlAttributeConfigurationResponse AWS API Documentation
|
|
609
|
+
#
|
|
610
|
+
class DeleteInstanceAccessControlAttributeConfigurationResponse < Aws::EmptyStructure; end
|
|
611
|
+
|
|
483
612
|
# @note When making an API call, you may pass DeletePermissionSetRequest
|
|
484
613
|
# data as a hash:
|
|
485
614
|
#
|
|
@@ -595,6 +724,50 @@ module Aws::SSOAdmin
|
|
|
595
724
|
include Aws::Structure
|
|
596
725
|
end
|
|
597
726
|
|
|
727
|
+
# @note When making an API call, you may pass DescribeInstanceAccessControlAttributeConfigurationRequest
|
|
728
|
+
# data as a hash:
|
|
729
|
+
#
|
|
730
|
+
# {
|
|
731
|
+
# instance_arn: "InstanceArn", # required
|
|
732
|
+
# }
|
|
733
|
+
#
|
|
734
|
+
# @!attribute [rw] instance_arn
|
|
735
|
+
# The ARN of the SSO instance under which the operation will be
|
|
736
|
+
# executed.
|
|
737
|
+
# @return [String]
|
|
738
|
+
#
|
|
739
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/DescribeInstanceAccessControlAttributeConfigurationRequest AWS API Documentation
|
|
740
|
+
#
|
|
741
|
+
class DescribeInstanceAccessControlAttributeConfigurationRequest < Struct.new(
|
|
742
|
+
:instance_arn)
|
|
743
|
+
SENSITIVE = []
|
|
744
|
+
include Aws::Structure
|
|
745
|
+
end
|
|
746
|
+
|
|
747
|
+
# @!attribute [rw] status
|
|
748
|
+
# The status of the attribute configuration process.
|
|
749
|
+
# @return [String]
|
|
750
|
+
#
|
|
751
|
+
# @!attribute [rw] status_reason
|
|
752
|
+
# Provides more details about the current status of the specified
|
|
753
|
+
# attribute.
|
|
754
|
+
# @return [String]
|
|
755
|
+
#
|
|
756
|
+
# @!attribute [rw] instance_access_control_attribute_configuration
|
|
757
|
+
# Gets the list of AWS SSO identity store attributes added to your
|
|
758
|
+
# ABAC configuration.
|
|
759
|
+
# @return [Types::InstanceAccessControlAttributeConfiguration]
|
|
760
|
+
#
|
|
761
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/DescribeInstanceAccessControlAttributeConfigurationResponse AWS API Documentation
|
|
762
|
+
#
|
|
763
|
+
class DescribeInstanceAccessControlAttributeConfigurationResponse < Struct.new(
|
|
764
|
+
:status,
|
|
765
|
+
:status_reason,
|
|
766
|
+
:instance_access_control_attribute_configuration)
|
|
767
|
+
SENSITIVE = []
|
|
768
|
+
include Aws::Structure
|
|
769
|
+
end
|
|
770
|
+
|
|
598
771
|
# @note When making an API call, you may pass DescribePermissionSetProvisioningStatusRequest
|
|
599
772
|
# data as a hash:
|
|
600
773
|
#
|
|
@@ -759,6 +932,36 @@ module Aws::SSOAdmin
|
|
|
759
932
|
include Aws::Structure
|
|
760
933
|
end
|
|
761
934
|
|
|
935
|
+
# Specifies the attributes to add to your attribute-based access control
|
|
936
|
+
# (ABAC) configuration.
|
|
937
|
+
#
|
|
938
|
+
# @note When making an API call, you may pass InstanceAccessControlAttributeConfiguration
|
|
939
|
+
# data as a hash:
|
|
940
|
+
#
|
|
941
|
+
# {
|
|
942
|
+
# access_control_attributes: [ # required
|
|
943
|
+
# {
|
|
944
|
+
# key: "AccessControlAttributeKey", # required
|
|
945
|
+
# value: { # required
|
|
946
|
+
# source: ["AccessControlAttributeValueSource"], # required
|
|
947
|
+
# },
|
|
948
|
+
# },
|
|
949
|
+
# ],
|
|
950
|
+
# }
|
|
951
|
+
#
|
|
952
|
+
# @!attribute [rw] access_control_attributes
|
|
953
|
+
# Lists the attributes that are configured for ABAC in the specified
|
|
954
|
+
# AWS SSO instance.
|
|
955
|
+
# @return [Array<Types::AccessControlAttribute>]
|
|
956
|
+
#
|
|
957
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/InstanceAccessControlAttributeConfiguration AWS API Documentation
|
|
958
|
+
#
|
|
959
|
+
class InstanceAccessControlAttributeConfiguration < Struct.new(
|
|
960
|
+
:access_control_attributes)
|
|
961
|
+
SENSITIVE = []
|
|
962
|
+
include Aws::Structure
|
|
963
|
+
end
|
|
964
|
+
|
|
762
965
|
# Provides information about the SSO instance.
|
|
763
966
|
#
|
|
764
967
|
# @!attribute [rw] instance_arn
|
|
@@ -1779,6 +1982,45 @@ module Aws::SSOAdmin
|
|
|
1779
1982
|
#
|
|
1780
1983
|
class UntagResourceResponse < Aws::EmptyStructure; end
|
|
1781
1984
|
|
|
1985
|
+
# @note When making an API call, you may pass UpdateInstanceAccessControlAttributeConfigurationRequest
|
|
1986
|
+
# data as a hash:
|
|
1987
|
+
#
|
|
1988
|
+
# {
|
|
1989
|
+
# instance_arn: "InstanceArn", # required
|
|
1990
|
+
# instance_access_control_attribute_configuration: { # required
|
|
1991
|
+
# access_control_attributes: [ # required
|
|
1992
|
+
# {
|
|
1993
|
+
# key: "AccessControlAttributeKey", # required
|
|
1994
|
+
# value: { # required
|
|
1995
|
+
# source: ["AccessControlAttributeValueSource"], # required
|
|
1996
|
+
# },
|
|
1997
|
+
# },
|
|
1998
|
+
# ],
|
|
1999
|
+
# },
|
|
2000
|
+
# }
|
|
2001
|
+
#
|
|
2002
|
+
# @!attribute [rw] instance_arn
|
|
2003
|
+
# The ARN of the SSO instance under which the operation will be
|
|
2004
|
+
# executed.
|
|
2005
|
+
# @return [String]
|
|
2006
|
+
#
|
|
2007
|
+
# @!attribute [rw] instance_access_control_attribute_configuration
|
|
2008
|
+
# Updates the attributes for your ABAC configuration.
|
|
2009
|
+
# @return [Types::InstanceAccessControlAttributeConfiguration]
|
|
2010
|
+
#
|
|
2011
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/UpdateInstanceAccessControlAttributeConfigurationRequest AWS API Documentation
|
|
2012
|
+
#
|
|
2013
|
+
class UpdateInstanceAccessControlAttributeConfigurationRequest < Struct.new(
|
|
2014
|
+
:instance_arn,
|
|
2015
|
+
:instance_access_control_attribute_configuration)
|
|
2016
|
+
SENSITIVE = []
|
|
2017
|
+
include Aws::Structure
|
|
2018
|
+
end
|
|
2019
|
+
|
|
2020
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/UpdateInstanceAccessControlAttributeConfigurationResponse AWS API Documentation
|
|
2021
|
+
#
|
|
2022
|
+
class UpdateInstanceAccessControlAttributeConfigurationResponse < Aws::EmptyStructure; end
|
|
2023
|
+
|
|
1782
2024
|
# @note When making an API call, you may pass UpdatePermissionSetRequest
|
|
1783
2025
|
# data as a hash:
|
|
1784
2026
|
#
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: aws-sdk-ssoadmin
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.
|
|
4
|
+
version: 1.4.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Amazon Web Services
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2020-
|
|
11
|
+
date: 2020-11-23 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: aws-sdk-core
|