File: types.go

package info (click to toggle)
golang-github-aws-aws-sdk-go-v2 1.17.1-3
  • links: PTS, VCS
  • area: main
  • in suites: bookworm
  • size: 384,244 kB
  • sloc: java: 13,538; makefile: 400; sh: 137
file content (316 lines) | stat: -rw-r--r-- 10,489 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
 
// Code generated by smithy-go-codegen DO NOT EDIT.

package types

import (
	smithydocument "github.com/aws/smithy-go/document"
	"time"
)

// These are IAM Identity Center identity store attributes that you can configure
// for use in attributes-based access control (ABAC). You can create permissions
// policies that determine who can access your AWS resources based upon the
// configured attribute values. When you enable ABAC and specify
// AccessControlAttributes, IAM Identity Center passes the attribute values of the
// authenticated user into IAM for use in policy evaluation.
type AccessControlAttribute struct {

	// The name of the attribute associated with your identities in your identity
	// source. This is used to map a specified attribute in your identity source with
	// an attribute in IAM Identity Center.
	//
	// This member is required.
	Key *string

	// The value used for mapping a specified attribute to an identity source.
	//
	// This member is required.
	Value *AccessControlAttributeValue

	noSmithyDocumentSerde
}

// The value used for mapping a specified attribute to an identity source. For more
// information, see Attribute mappings
// (https://docs.aws.amazon.com/singlesignon/latest/userguide/attributemappingsconcept.html)
// in the IAM Identity Center User Guide.
type AccessControlAttributeValue struct {

	// The identity source to use when mapping a specified attribute to IAM Identity
	// Center.
	//
	// This member is required.
	Source []string

	noSmithyDocumentSerde
}

// The assignment that indicates a principal's limited access to a specified AWS
// account with a specified permission set. The term principal here refers to a
// user or group that is defined in IAM Identity Center.
type AccountAssignment struct {

	// The identifier of the AWS account.
	AccountId *string

	// The ARN of the permission set. For more information about ARNs, see Amazon
	// Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference.
	PermissionSetArn *string

	// An identifier for an object in IAM Identity Center, such as a user or group.
	// PrincipalIds are GUIDs (For example, f81d4fae-7dec-11d0-a765-00a0c91e6bf6). For
	// more information about PrincipalIds in IAM Identity Center, see the IAM Identity
	// Center Identity Store API Reference.
	PrincipalId *string

	// The entity type for which the assignment will be created.
	PrincipalType PrincipalType

	noSmithyDocumentSerde
}

// The status of the creation or deletion operation of an assignment that a
// principal needs to access an account.
type AccountAssignmentOperationStatus struct {

	// The date that the permission set was created.
	CreatedDate *time.Time

	// The message that contains an error or exception in case of an operation failure.
	FailureReason *string

	// The ARN of the permission set. For more information about ARNs, see Amazon
	// Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference.
	PermissionSetArn *string

	// An identifier for an object in IAM Identity Center, such as a user or group.
	// PrincipalIds are GUIDs (For example, f81d4fae-7dec-11d0-a765-00a0c91e6bf6). For
	// more information about PrincipalIds in IAM Identity Center, see the IAM Identity
	// Center Identity Store API Reference.
	PrincipalId *string

	// The entity type for which the assignment will be created.
	PrincipalType PrincipalType

	// The identifier for tracking the request operation that is generated by the
	// universally unique identifier (UUID) workflow.
	RequestId *string

	// The status of the permission set provisioning process.
	Status StatusValues

	// TargetID is an AWS account identifier, typically a 10-12 digit string (For
	// example, 123456789012).
	TargetId *string

	// The entity type for which the assignment will be created.
	TargetType TargetType

	noSmithyDocumentSerde
}

// Provides information about the AccountAssignment creation request.
type AccountAssignmentOperationStatusMetadata struct {

	// The date that the permission set was created.
	CreatedDate *time.Time

	// The identifier for tracking the request operation that is generated by the
	// universally unique identifier (UUID) workflow.
	RequestId *string

	// The status of the permission set provisioning process.
	Status StatusValues

	noSmithyDocumentSerde
}

// A structure that stores the details of the AWS managed policy.
type AttachedManagedPolicy struct {

	// The ARN of the AWS managed policy. For more information about ARNs, see Amazon
	// Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference.
	Arn *string

	// The name of the AWS managed policy.
	Name *string

	noSmithyDocumentSerde
}

// Specifies the name and path of a customer managed policy. You must have an IAM
// policy that matches the name and path in each AWS account where you want to
// deploy your permission set.
type CustomerManagedPolicyReference struct {

	// The name of the IAM policy that you have configured in each account where you
	// want to deploy your permission set.
	//
	// This member is required.
	Name *string

	// The path to the IAM policy that you have configured in each account where you
	// want to deploy your permission set. The default is /. For more information, see
	// Friendly names and paths
	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html#identifiers-friendly-names)
	// in the IAM User Guide.
	Path *string

	noSmithyDocumentSerde
}

// Specifies the attributes to add to your attribute-based access control (ABAC)
// configuration.
type InstanceAccessControlAttributeConfiguration struct {

	// Lists the attributes that are configured for ABAC in the specified IAM Identity
	// Center instance.
	//
	// This member is required.
	AccessControlAttributes []AccessControlAttribute

	noSmithyDocumentSerde
}

// Provides information about the IAM Identity Center instance.
type InstanceMetadata struct {

	// The identifier of the identity store that is connected to the IAM Identity
	// Center instance.
	IdentityStoreId *string

	// The ARN of the IAM Identity Center instance under which the operation will be
	// executed. For more information about ARNs, see Amazon Resource Names (ARNs) and
	// AWS Service Namespaces in the AWS General Reference.
	InstanceArn *string

	noSmithyDocumentSerde
}

// Filters he operation status list based on the passed attribute value.
type OperationStatusFilter struct {

	// Filters the list operations result based on the status attribute.
	Status StatusValues

	noSmithyDocumentSerde
}

// Specifies the configuration of the AWS managed or customer managed policy that
// you want to set as a permissions boundary. Specify either
// CustomerManagedPolicyReference to use the name and path of a customer managed
// policy, or ManagedPolicyArn to use the ARN of an AWS managed policy. A
// permissions boundary represents the maximum permissions that any policy can
// grant your role. For more information, see Permissions boundaries for IAM
// entities
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html)
// in the IAM User Guide. Policies used as permissions boundaries don't provide
// permissions. You must also attach an IAM policy to the role. To learn how the
// effective permissions for a role are evaluated, see IAM JSON policy evaluation
// logic
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html)
// in the IAM User Guide.
type PermissionsBoundary struct {

	// Specifies the name and path of a customer managed policy. You must have an IAM
	// policy that matches the name and path in each AWS account where you want to
	// deploy your permission set.
	CustomerManagedPolicyReference *CustomerManagedPolicyReference

	// The AWS managed policy ARN that you want to attach to a permission set as a
	// permissions boundary.
	ManagedPolicyArn *string

	noSmithyDocumentSerde
}

// An entity that contains IAM policies.
type PermissionSet struct {

	// The date that the permission set was created.
	CreatedDate *time.Time

	// The description of the PermissionSet.
	Description *string

	// The name of the permission set.
	Name *string

	// The ARN of the permission set. For more information about ARNs, see Amazon
	// Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference.
	PermissionSetArn *string

	// Used to redirect users within the application during the federation
	// authentication process.
	RelayState *string

	// The length of time that the application user sessions are valid for in the
	// ISO-8601 standard.
	SessionDuration *string

	noSmithyDocumentSerde
}

// A structure that is used to provide the status of the provisioning operation for
// a specified permission set.
type PermissionSetProvisioningStatus struct {

	// The identifier of the AWS account from which to list the assignments.
	AccountId *string

	// The date that the permission set was created.
	CreatedDate *time.Time

	// The message that contains an error or exception in case of an operation failure.
	FailureReason *string

	// The ARN of the permission set that is being provisioned. For more information
	// about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the
	// AWS General Reference.
	PermissionSetArn *string

	// The identifier for tracking the request operation that is generated by the
	// universally unique identifier (UUID) workflow.
	RequestId *string

	// The status of the permission set provisioning process.
	Status StatusValues

	noSmithyDocumentSerde
}

// Provides information about the permission set provisioning status.
type PermissionSetProvisioningStatusMetadata struct {

	// The date that the permission set was created.
	CreatedDate *time.Time

	// The identifier for tracking the request operation that is generated by the
	// universally unique identifier (UUID) workflow.
	RequestId *string

	// The status of the permission set provisioning process.
	Status StatusValues

	noSmithyDocumentSerde
}

// A set of key-value pairs that are used to manage the resource. Tags can only be
// applied to permission sets and cannot be applied to corresponding roles that IAM
// Identity Center creates in AWS accounts.
type Tag struct {

	// The key for the tag.
	//
	// This member is required.
	Key *string

	// The value of the tag.
	//
	// This member is required.
	Value *string

	noSmithyDocumentSerde
}

type noSmithyDocumentSerde = smithydocument.NoSerde