@aws-sdk/client-service-catalog 3.342.0 → 3.344.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/dist-types/commands/DisassociatePrincipalFromPortfolioCommand.d.ts +9 -0
  2. package/dist-types/models/models_0.d.ts +75 -10
  3. package/package.json +6 -6
package/dist-types/commands/DisassociatePrincipalFromPortfolioCommand.d.ts CHANGED
@@ -32,6 +32,15 @@ export interface DisassociatePrincipalFromPortfolioCommandOutput extends Disasso
32
32
  * <p>For portfolios that have been shared with principal name sharing enabled: after disassociating a principal,
33
33
  * share recipient accounts will no longer be able to provision products in this portfolio using a role matching the name
34
34
  * of the associated principal. </p>
35
+ * <p>For more information, review <a href="https://docs.aws.amazon.com/cli/latest/reference/servicecatalog/associate-principal-with-portfolio.html#options">associate-principal-with-portfolio</a>
36
+ * in the Amazon Web Services CLI Command Reference. </p>
37
+ * <note>
38
+ * <p>If you disassociate a principal from a portfolio, with PrincipalType as <code>IAM</code>, the same principal will
39
+ * still have access to the portfolio if it matches one of the associated principals of type <code>IAM_PATTERN</code>.
40
+ * To fully remove access for a principal, verify all the associated Principals of type <code>IAM_PATTERN</code>,
41
+ * and then ensure you disassociate any <code>IAM_PATTERN</code> principals that match the principal
42
+ * whose access you are removing.</p>
43
+ * </note>
35
44
  * @example
36
45
  * Use a bare-bones client and the command you need to make an API call.
37
46
  * ```javascript
package/dist-types/models/models_0.d.ts CHANGED
@@ -237,16 +237,79 @@ export interface AssociatePrincipalWithPortfolioInput {
237
237
  */
238
238
  PortfolioId: string | undefined;
239
239
  /**
240
- * <p>The ARN of the principal (user, role, or group). This field allows an ARN with no <code>accountID</code> if
241
- * <code>PrincipalType</code> is <code>IAM_PATTERN</code>. </p>
242
- * <p>You can associate multiple <code>IAM</code> patterns even if the account has no principal with that name.
243
- * This is useful in Principal Name Sharing if you want to share a principal without creating it in the
244
- * account that owns the portfolio. </p>
240
+ * <p>The ARN of the principal (user, role, or group). The supported value is a fully defined <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html#identifiers-arns">
241
+ * <code>IAM</code> ARN</a>
242
+ * if the
243
+ * <code>PrincipalType</code> is <code>IAM</code>. If the <code>PrincipalType</code> is <code>IAM_PATTERN</code>,
244
+ * the supported value is an <code>IAM</code> ARN without an AccountID in the following format:</p>
245
+ * <p>
246
+ * <i>arn:partition:iam:::resource-type/resource-id</i>
247
+ * </p>
248
+ * <p>The resource-id can be either of the following:</p>
249
+ * <ul>
250
+ * <li>
251
+ * <p>Fully formed, for example <i>arn:aws:iam:::role/resource-name</i> or
252
+ * <i>arn:aws:iam:::role/resource-path/resource-name</i>
253
+ * </p>
254
+ * </li>
255
+ * <li>
256
+ * <p>A wildcard ARN. The wildcard ARN accepts <code>IAM_PATTERN</code> values with a
257
+ * "*" or "?" in the resource-id segment of the ARN, for example <i>arn:partition:service:::resource-type/resource-path/resource-name</i>.
258
+ * The new symbols are exclusive to the <b>resource-path</b> and <b>resource-name</b>
259
+ * and cannot be used to replace the <b>resource-type</b> or other
260
+ * ARN values. </p>
261
+ * </li>
262
+ * </ul>
263
+ * <p>Examples of an <b>acceptable</b> wildcard ARN:</p>
264
+ * <ul>
265
+ * <li>
266
+ * <p>arn:aws:iam:::role/ResourceName_*</p>
267
+ * </li>
268
+ * <li>
269
+ * <p>arn:aws:iam:::role/*\/ResourceName_?</p>
270
+ * </li>
271
+ * </ul>
272
+ * <p>Examples of an <b>unacceptable</b> wildcard ARN:</p>
273
+ * <ul>
274
+ * <li>
275
+ * <p>arn:aws:iam:::*\/ResourceName</p>
276
+ * </li>
277
+ * </ul>
278
+ * <p>You can associate multiple <code>IAM_PATTERN</code>s even if the account has no principal
279
+ * with that name. </p>
280
+ * <note>
281
+ * <ul>
282
+ * <li>
283
+ * <p>The ARN path and principal name allow unlimited wildcard characters. </p>
284
+ * </li>
285
+ * <li>
286
+ * <p>The "?" wildcard character matches zero or one of any character. This is similar to ".?" in regular
287
+ * regex context.</p>
288
+ * </li>
289
+ * <li>
290
+ * <p>The "*" wildcard character matches any number of any characters. This is similar ".*" in regular
291
+ * regex context.</p>
292
+ * </li>
293
+ * <li>
294
+ * <p>In the IAM Principal ARNs format (arn:partition:iam:::resource-type/resource-path/resource-name),
295
+ * valid <b>resource-type</b> values include user/, group/, or role/. The "?" and "*"
296
+ * are allowed only after the <b>resource-type</b>, in the resource-id segment.
297
+ * You can use special characters anywhere within the <b>resource-id</b>.</p>
298
+ * </li>
299
+ * <li>
300
+ * <p>The "*" also matches the "/" character, allowing paths to be formed within the
301
+ * <b>resource-id</b>.
302
+ * For example, arn:aws:iam:::role/*\/ResourceName_? matches both arn:aws:iam:::role/pathA/pathB/ResourceName_1
303
+ * and
304
+ * arn:aws:iam:::role/pathA/ResourceName_1.</p>
305
+ * </li>
306
+ * </ul>
307
+ * </note>
245
308
  */
246
309
  PrincipalARN: string | undefined;
247
310
  /**
248
311
  * <p>The principal type. The supported value is <code>IAM</code> if you use a fully defined ARN,
249
- * or <code>IAM_PATTERN</code> if you use an ARN with no <code>accountID</code>. </p>
312
+ * or <code>IAM_PATTERN</code> if you use an ARN with no <code>accountID</code>, with or without wildcard characters. </p>
250
313
  */
251
314
  PrincipalType: PrincipalType | string | undefined;
252
315
  }
@@ -3768,13 +3831,13 @@ export interface DisassociatePrincipalFromPortfolioInput {
3768
3831
  */
3769
3832
  PortfolioId: string | undefined;
3770
3833
  /**
3771
- * <p>The ARN of the principal (user, role, or group). This field allows an ARN with no <code>accountID</code> if
3834
+ * <p>The ARN of the principal (user, role, or group). This field allows an ARN with no <code>accountID</code> with or without wildcard characters if
3772
3835
  * <code>PrincipalType</code> is <code>IAM_PATTERN</code>.</p>
3773
3836
  */
3774
3837
  PrincipalARN: string | undefined;
3775
3838
  /**
3776
3839
  * <p>The supported value is <code>IAM</code> if you use a fully defined ARN, or <code>IAM_PATTERN</code>
3777
- * if you use no <code>accountID</code>. </p>
3840
+ * if you specify an <code>IAM</code> ARN with no AccountId, with or without wildcard characters. </p>
3778
3841
  */
3779
3842
  PrincipalType?: PrincipalType | string;
3780
3843
  }
@@ -4527,13 +4590,15 @@ export interface ListPrincipalsForPortfolioInput {
4527
4590
  */
4528
4591
  export interface Principal {
4529
4592
  /**
4530
- * <p>The ARN of the principal (user, role, or group). This field allows for an ARN with no <code>accountID</code> if the
4593
+ * <p>The ARN of the principal (user, role, or group). This field allows for an ARN with no <code>accountID</code>, with or without wildcard characters if the
4531
4594
  * <code>PrincipalType</code> is an <code>IAM_PATTERN</code>. </p>
4595
+ * <p>For more information, review <a href="https://docs.aws.amazon.com/cli/latest/reference/servicecatalog/associate-principal-with-portfolio.html#options">associate-principal-with-portfolio</a>
4596
+ * in the Amazon Web Services CLI Command Reference. </p>
4532
4597
  */
4533
4598
  PrincipalARN?: string;
4534
4599
  /**
4535
4600
  * <p>The principal type. The supported value is <code>IAM</code> if you use a fully defined ARN, or
4536
- * <code>IAM_PATTERN</code> if you use an ARN with no <code>accountID</code>. </p>
4601
+ * <code>IAM_PATTERN</code> if you use an ARN with no <code>accountID</code>, with or without wildcard characters. </p>
4537
4602
  */
4538
4603
  PrincipalType?: PrincipalType | string;
4539
4604
  }
package/package.json CHANGED
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "name": "@aws-sdk/client-service-catalog",
3
3
  "description": "AWS SDK for JavaScript Service Catalog Client for Node.js, Browser and React Native",
4
- "version": "3.342.0",
4
+ "version": "3.344.0",
5
5
  "scripts": {
6
6
  "build": "concurrently 'yarn:build:cjs' 'yarn:build:es' 'yarn:build:types'",
7
7
  "build:cjs": "tsc -p tsconfig.cjs.json",
@@ -21,14 +21,14 @@
21
21
  "dependencies": {
22
22
  "@aws-crypto/sha256-browser": "3.0.0",
23
23
  "@aws-crypto/sha256-js": "3.0.0",
24
- "@aws-sdk/client-sts": "3.342.0",
24
+ "@aws-sdk/client-sts": "3.344.0",
25
25
  "@aws-sdk/config-resolver": "3.342.0",
26
- "@aws-sdk/credential-provider-node": "3.342.0",
26
+ "@aws-sdk/credential-provider-node": "3.344.0",
27
27
  "@aws-sdk/fetch-http-handler": "3.342.0",
28
- "@aws-sdk/hash-node": "3.342.0",
28
+ "@aws-sdk/hash-node": "3.344.0",
29
29
  "@aws-sdk/invalid-dependency": "3.342.0",
30
30
  "@aws-sdk/middleware-content-length": "3.342.0",
31
- "@aws-sdk/middleware-endpoint": "3.342.0",
31
+ "@aws-sdk/middleware-endpoint": "3.344.0",
32
32
  "@aws-sdk/middleware-host-header": "3.342.0",
33
33
  "@aws-sdk/middleware-logger": "3.342.0",
34
34
  "@aws-sdk/middleware-recursion-detection": "3.342.0",
@@ -38,7 +38,7 @@
38
38
  "@aws-sdk/middleware-stack": "3.342.0",
39
39
  "@aws-sdk/middleware-user-agent": "3.342.0",
40
40
  "@aws-sdk/node-config-provider": "3.342.0",
41
- "@aws-sdk/node-http-handler": "3.342.0",
41
+ "@aws-sdk/node-http-handler": "3.344.0",
42
42
  "@aws-sdk/smithy-client": "3.342.0",
43
43
  "@aws-sdk/types": "3.342.0",
44
44
  "@aws-sdk/url-parser": "3.342.0",