package awsverifiedpermissions import ( _init_ "github.com/aws/aws-cdk-go/awscdk/v2/jsii" _jsii_ "github.com/aws/jsii-runtime-go/runtime" "github.com/aws/aws-cdk-go/awscdk/v2" "github.com/aws/aws-cdk-go/awscdk/v2/awsverifiedpermissions/internal" "github.com/aws/constructs-go/constructs/v10" ) // Creates or updates a reference to Amazon Cognito as an external identity provider. // // If you are creating a new identity source, then you must specify a `Configuration` . If you are updating an existing identity source, then you must specify an `UpdateConfiguration` . // // After you create an identity source, you can use the identities provided by the IdP as proxies for the principal in authorization queries that use the [IsAuthorizedWithToken](https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_IsAuthorizedWithToken.html) operation. These identities take the form of tokens that contain claims about the user, such as IDs, attributes and group memberships. Amazon Cognito provides both identity tokens and access tokens, and Verified Permissions can use either or both. Any combination of identity and access tokens results in the same Cedar principal. Verified Permissions automatically translates the information about the identities into the standard Cedar attributes that can be evaluated by your policies. Because the Amazon Cognito identity and access tokens can contain different information, the tokens you choose to use determine the attributes that are available to access in the Cedar principal from your policies. // // Amazon Cognito Identity is not available in all of the same AWS Regions as Amazon Verified Permissions . Because of this, the `AWS::VerifiedPermissions::IdentitySource` type is not available to create from AWS CloudFormation in Regions where Amazon Cognito Identity is not currently available. Users can still create `AWS::VerifiedPermissions::IdentitySource` in those Regions, but only from the AWS CLI , Amazon Verified Permissions SDK, or from the AWS console. // // > To reference a user from this identity source in your Cedar policies, use the following syntax. // > // > *IdentityType::"|* // > // > Where `IdentityType` is the string that you provide to the `PrincipalEntityType` parameter for this operation. The `CognitoUserPoolId` and `CognitoClientId` are defined by the Amazon Cognito user pool. // // Example: // // The code below shows an example of how to instantiate this type. // // The values are placeholders you should change. // import "github.com/aws/aws-cdk-go/awscdk" // // cfnIdentitySource := awscdk.Aws_verifiedpermissions.NewCfnIdentitySource(this, jsii.String("MyCfnIdentitySource"), &CfnIdentitySourceProps{ // Configuration: &IdentitySourceConfigurationProperty{ // CognitoUserPoolConfiguration: &CognitoUserPoolConfigurationProperty{ // UserPoolArn: jsii.String("userPoolArn"), // // // the properties below are optional // ClientIds: []*string{ // jsii.String("clientIds"), // }, // }, // }, // // // the properties below are optional // PolicyStoreId: jsii.String("policyStoreId"), // PrincipalEntityType: jsii.String("principalEntityType"), // }) // // See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-verifiedpermissions-identitysource.html // type CfnIdentitySource interface { awscdk.CfnResource awscdk.IInspectable // A structure that contains information about the configuration of the identity source. AttrDetails() awscdk.IResolvable // The application client IDs associated with the specified Amazon Cognito user pool that are enabled for this identity source. AttrDetailsClientIds() *[]*string // The well-known URL that points to this user pool's OIDC discovery endpoint. // // This is a URL string in the following format. This URL replaces the placeholders for both the AWS Region and the user pool identifier with those appropriate for this user pool. // // `https://cognito-idp..amazonaws.com//.well-known/openid-configuration` AttrDetailsDiscoveryUrl() *string // A string that identifies the type of OIDC service represented by this identity source. // // At this time, the only valid value is `cognito` . AttrDetailsOpenIdIssuer() *string // The [Amazon Resource Name (ARN)](https://docs.aws.amazon.com//general/latest/gr/aws-arns-and-namespaces.html) of the Amazon Cognito user pool whose identities are accessible to this Verified Permissions policy store. AttrDetailsUserPoolArn() *string // The unique ID of the new or updated identity store. AttrIdentitySourceId() *string // Options for this resource, such as condition, update policy etc. CfnOptions() awscdk.ICfnResourceOptions CfnProperties() *map[string]interface{} // AWS resource type. CfnResourceType() *string // Contains configuration information used when creating or updating an identity source. Configuration() interface{} SetConfiguration(val interface{}) // Returns: the stack trace of the point where this Resource was created from, sourced // from the +metadata+ entry typed +aws:cdk:logicalId+, and with the bottom-most // node +internal+ entries filtered. CreationStack() *[]*string // The logical ID for this CloudFormation stack element. // // The logical ID of the element // is calculated from the path of the resource node in the construct tree. // // To override this value, use `overrideLogicalId(newLogicalId)`. // // Returns: the logical ID as a stringified token. This value will only get // resolved during synthesis. LogicalId() *string // The tree node. Node() constructs.Node // Specifies the ID of the policy store in which you want to store this identity source. PolicyStoreId() *string SetPolicyStoreId(val *string) // Specifies the namespace and data type of the principals generated for identities authenticated by the new identity source. PrincipalEntityType() *string SetPrincipalEntityType(val *string) // Return a string that will be resolved to a CloudFormation `{ Ref }` for this element. // // If, by any chance, the intrinsic reference of a resource is not a string, you could // coerce it to an IResolvable through `Lazy.any({ produce: resource.ref })`. Ref() *string // The stack in which this element is defined. // // CfnElements must be defined within a stack scope (directly or indirectly). Stack() awscdk.Stack // Deprecated. // Deprecated: use `updatedProperties` // // Return properties modified after initiation // // Resources that expose mutable properties should override this function to // collect and return the properties object for this resource. UpdatedProperites() *map[string]interface{} // Return properties modified after initiation. // // Resources that expose mutable properties should override this function to // collect and return the properties object for this resource. UpdatedProperties() *map[string]interface{} // Syntactic sugar for `addOverride(path, undefined)`. AddDeletionOverride(path *string) // Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned. // // This can be used for resources across stacks (or nested stack) boundaries // and the dependency will automatically be transferred to the relevant scope. AddDependency(target awscdk.CfnResource) // Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned. // Deprecated: use addDependency. AddDependsOn(target awscdk.CfnResource) // Add a value to the CloudFormation Resource Metadata. // See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html // // Note that this is a different set of metadata from CDK node metadata; this // metadata ends up in the stack template under the resource, whereas CDK // node metadata ends up in the Cloud Assembly. // AddMetadata(key *string, value interface{}) // Adds an override to the synthesized CloudFormation resource. // // To add a // property override, either use `addPropertyOverride` or prefix `path` with // "Properties." (i.e. `Properties.TopicName`). // // If the override is nested, separate each nested level using a dot (.) in the path parameter. // If there is an array as part of the nesting, specify the index in the path. // // To include a literal `.` in the property name, prefix with a `\`. In most // programming languages you will need to write this as `"\\."` because the // `\` itself will need to be escaped. // // For example, // ```typescript // cfnResource.addOverride('Properties.GlobalSecondaryIndexes.0.Projection.NonKeyAttributes', ['myattribute']); // cfnResource.addOverride('Properties.GlobalSecondaryIndexes.1.ProjectionType', 'INCLUDE'); // ``` // would add the overrides // ```json // "Properties": { // "GlobalSecondaryIndexes": [ // { // "Projection": { // "NonKeyAttributes": [ "myattribute" ] // ... // } // ... // }, // { // "ProjectionType": "INCLUDE" // ... // }, // ] // ... // } // ``` // // The `value` argument to `addOverride` will not be processed or translated // in any way. Pass raw JSON values in here with the correct capitalization // for CloudFormation. If you pass CDK classes or structs, they will be // rendered with lowercased key names, and CloudFormation will reject the // template. AddOverride(path *string, value interface{}) // Adds an override that deletes the value of a property from the resource definition. AddPropertyDeletionOverride(propertyPath *string) // Adds an override to a resource property. // // Syntactic sugar for `addOverride("Properties.<...>", value)`. AddPropertyOverride(propertyPath *string, value interface{}) // Sets the deletion policy of the resource based on the removal policy specified. // // The Removal Policy controls what happens to this resource when it stops // being managed by CloudFormation, either because you've removed it from the // CDK application or because you've made a change that requires the resource // to be replaced. // // The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS // account for data recovery and cleanup later (`RemovalPolicy.RETAIN`). In some // cases, a snapshot can be taken of the resource prior to deletion // (`RemovalPolicy.SNAPSHOT`). A list of resources that support this policy // can be found in the following link:. // See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-deletionpolicy.html#aws-attribute-deletionpolicy-options // ApplyRemovalPolicy(policy awscdk.RemovalPolicy, options *awscdk.RemovalPolicyOptions) // Returns a token for an runtime attribute of this resource. // // Ideally, use generated attribute accessors (e.g. `resource.arn`), but this can be used for future compatibility // in case there is no generated attribute. GetAtt(attributeName *string, typeHint awscdk.ResolutionTypeHint) awscdk.Reference // Retrieve a value value from the CloudFormation Resource Metadata. // See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html // // Note that this is a different set of metadata from CDK node metadata; this // metadata ends up in the stack template under the resource, whereas CDK // node metadata ends up in the Cloud Assembly. // GetMetadata(key *string) interface{} // Examines the CloudFormation resource and discloses attributes. Inspect(inspector awscdk.TreeInspector) // Retrieves an array of resources this resource depends on. // // This assembles dependencies on resources across stacks (including nested stacks) // automatically. ObtainDependencies() *[]interface{} // Get a shallow copy of dependencies between this resource and other resources in the same stack. ObtainResourceDependencies() *[]awscdk.CfnResource // Overrides the auto-generated logical ID with a specific ID. OverrideLogicalId(newLogicalId *string) // Indicates that this resource no longer depends on another resource. // // This can be used for resources across stacks (including nested stacks) // and the dependency will automatically be removed from the relevant scope. RemoveDependency(target awscdk.CfnResource) RenderProperties(props *map[string]interface{}) *map[string]interface{} // Replaces one dependency with another. ReplaceDependency(target awscdk.CfnResource, newTarget awscdk.CfnResource) // Can be overridden by subclasses to determine if this resource will be rendered into the cloudformation template. // // Returns: `true` if the resource should be included or `false` is the resource // should be omitted. ShouldSynthesize() *bool // Returns a string representation of this construct. // // Returns: a string representation of this resource. ToString() *string ValidateProperties(_properties interface{}) } // The jsii proxy struct for CfnIdentitySource type jsiiProxy_CfnIdentitySource struct { internal.Type__awscdkCfnResource internal.Type__awscdkIInspectable } func (j *jsiiProxy_CfnIdentitySource) AttrDetails() awscdk.IResolvable { var returns awscdk.IResolvable _jsii_.Get( j, "attrDetails", &returns, ) return returns } func (j *jsiiProxy_CfnIdentitySource) AttrDetailsClientIds() *[]*string { var returns *[]*string _jsii_.Get( j, "attrDetailsClientIds", &returns, ) return returns } func (j *jsiiProxy_CfnIdentitySource) AttrDetailsDiscoveryUrl() *string { var returns *string _jsii_.Get( j, "attrDetailsDiscoveryUrl", &returns, ) return returns } func (j *jsiiProxy_CfnIdentitySource) AttrDetailsOpenIdIssuer() *string { var returns *string _jsii_.Get( j, "attrDetailsOpenIdIssuer", &returns, ) return returns } func (j *jsiiProxy_CfnIdentitySource) AttrDetailsUserPoolArn() *string { var returns *string _jsii_.Get( j, "attrDetailsUserPoolArn", &returns, ) return returns } func (j *jsiiProxy_CfnIdentitySource) AttrIdentitySourceId() *string { var returns *string _jsii_.Get( j, "attrIdentitySourceId", &returns, ) return returns } func (j *jsiiProxy_CfnIdentitySource) CfnOptions() awscdk.ICfnResourceOptions { var returns awscdk.ICfnResourceOptions _jsii_.Get( j, "cfnOptions", &returns, ) return returns } func (j *jsiiProxy_CfnIdentitySource) CfnProperties() *map[string]interface{} { var returns *map[string]interface{} _jsii_.Get( j, "cfnProperties", &returns, ) return returns } func (j *jsiiProxy_CfnIdentitySource) CfnResourceType() *string { var returns *string _jsii_.Get( j, "cfnResourceType", &returns, ) return returns } func (j *jsiiProxy_CfnIdentitySource) Configuration() interface{} { var returns interface{} _jsii_.Get( j, "configuration", &returns, ) return returns } func (j *jsiiProxy_CfnIdentitySource) CreationStack() *[]*string { var returns *[]*string _jsii_.Get( j, "creationStack", &returns, ) return returns } func (j *jsiiProxy_CfnIdentitySource) LogicalId() *string { var returns *string _jsii_.Get( j, "logicalId", &returns, ) return returns } func (j *jsiiProxy_CfnIdentitySource) Node() constructs.Node { var returns constructs.Node _jsii_.Get( j, "node", &returns, ) return returns } func (j *jsiiProxy_CfnIdentitySource) PolicyStoreId() *string { var returns *string _jsii_.Get( j, "policyStoreId", &returns, ) return returns } func (j *jsiiProxy_CfnIdentitySource) PrincipalEntityType() *string { var returns *string _jsii_.Get( j, "principalEntityType", &returns, ) return returns } func (j *jsiiProxy_CfnIdentitySource) Ref() *string { var returns *string _jsii_.Get( j, "ref", &returns, ) return returns } func (j *jsiiProxy_CfnIdentitySource) Stack() awscdk.Stack { var returns awscdk.Stack _jsii_.Get( j, "stack", &returns, ) return returns } func (j *jsiiProxy_CfnIdentitySource) UpdatedProperites() *map[string]interface{} { var returns *map[string]interface{} _jsii_.Get( j, "updatedProperites", &returns, ) return returns } func (j *jsiiProxy_CfnIdentitySource) UpdatedProperties() *map[string]interface{} { var returns *map[string]interface{} _jsii_.Get( j, "updatedProperties", &returns, ) return returns } func NewCfnIdentitySource(scope constructs.Construct, id *string, props *CfnIdentitySourceProps) CfnIdentitySource { _init_.Initialize() if err := validateNewCfnIdentitySourceParameters(scope, id, props); err != nil { panic(err) } j := jsiiProxy_CfnIdentitySource{} _jsii_.Create( "aws-cdk-lib.aws_verifiedpermissions.CfnIdentitySource", []interface{}{scope, id, props}, &j, ) return &j } func NewCfnIdentitySource_Override(c CfnIdentitySource, scope constructs.Construct, id *string, props *CfnIdentitySourceProps) { _init_.Initialize() _jsii_.Create( "aws-cdk-lib.aws_verifiedpermissions.CfnIdentitySource", []interface{}{scope, id, props}, c, ) } func (j *jsiiProxy_CfnIdentitySource)SetConfiguration(val interface{}) { if err := j.validateSetConfigurationParameters(val); err != nil { panic(err) } _jsii_.Set( j, "configuration", val, ) } func (j *jsiiProxy_CfnIdentitySource)SetPolicyStoreId(val *string) { _jsii_.Set( j, "policyStoreId", val, ) } func (j *jsiiProxy_CfnIdentitySource)SetPrincipalEntityType(val *string) { _jsii_.Set( j, "principalEntityType", val, ) } // Returns `true` if a construct is a stack element (i.e. part of the synthesized cloudformation template). // // Uses duck-typing instead of `instanceof` to allow stack elements from different // versions of this library to be included in the same stack. // // Returns: The construct as a stack element or undefined if it is not a stack element. func CfnIdentitySource_IsCfnElement(x interface{}) *bool { _init_.Initialize() if err := validateCfnIdentitySource_IsCfnElementParameters(x); err != nil { panic(err) } var returns *bool _jsii_.StaticInvoke( "aws-cdk-lib.aws_verifiedpermissions.CfnIdentitySource", "isCfnElement", []interface{}{x}, &returns, ) return returns } // Check whether the given construct is a CfnResource. func CfnIdentitySource_IsCfnResource(construct constructs.IConstruct) *bool { _init_.Initialize() if err := validateCfnIdentitySource_IsCfnResourceParameters(construct); err != nil { panic(err) } var returns *bool _jsii_.StaticInvoke( "aws-cdk-lib.aws_verifiedpermissions.CfnIdentitySource", "isCfnResource", []interface{}{construct}, &returns, ) return returns } // Checks if `x` is a construct. // // Use this method instead of `instanceof` to properly detect `Construct` // instances, even when the construct library is symlinked. // // Explanation: in JavaScript, multiple copies of the `constructs` library on // disk are seen as independent, completely different libraries. As a // consequence, the class `Construct` in each copy of the `constructs` library // is seen as a different class, and an instance of one class will not test as // `instanceof` the other class. `npm install` will not create installations // like this, but users may manually symlink construct libraries together or // use a monorepo tool: in those cases, multiple copies of the `constructs` // library can be accidentally installed, and `instanceof` will behave // unpredictably. It is safest to avoid using `instanceof`, and using // this type-testing method instead. // // Returns: true if `x` is an object created from a class which extends `Construct`. func CfnIdentitySource_IsConstruct(x interface{}) *bool { _init_.Initialize() if err := validateCfnIdentitySource_IsConstructParameters(x); err != nil { panic(err) } var returns *bool _jsii_.StaticInvoke( "aws-cdk-lib.aws_verifiedpermissions.CfnIdentitySource", "isConstruct", []interface{}{x}, &returns, ) return returns } func CfnIdentitySource_CFN_RESOURCE_TYPE_NAME() *string { _init_.Initialize() var returns *string _jsii_.StaticGet( "aws-cdk-lib.aws_verifiedpermissions.CfnIdentitySource", "CFN_RESOURCE_TYPE_NAME", &returns, ) return returns } func (c *jsiiProxy_CfnIdentitySource) AddDeletionOverride(path *string) { if err := c.validateAddDeletionOverrideParameters(path); err != nil { panic(err) } _jsii_.InvokeVoid( c, "addDeletionOverride", []interface{}{path}, ) } func (c *jsiiProxy_CfnIdentitySource) AddDependency(target awscdk.CfnResource) { if err := c.validateAddDependencyParameters(target); err != nil { panic(err) } _jsii_.InvokeVoid( c, "addDependency", []interface{}{target}, ) } func (c *jsiiProxy_CfnIdentitySource) AddDependsOn(target awscdk.CfnResource) { if err := c.validateAddDependsOnParameters(target); err != nil { panic(err) } _jsii_.InvokeVoid( c, "addDependsOn", []interface{}{target}, ) } func (c *jsiiProxy_CfnIdentitySource) AddMetadata(key *string, value interface{}) { if err := c.validateAddMetadataParameters(key, value); err != nil { panic(err) } _jsii_.InvokeVoid( c, "addMetadata", []interface{}{key, value}, ) } func (c *jsiiProxy_CfnIdentitySource) AddOverride(path *string, value interface{}) { if err := c.validateAddOverrideParameters(path, value); err != nil { panic(err) } _jsii_.InvokeVoid( c, "addOverride", []interface{}{path, value}, ) } func (c *jsiiProxy_CfnIdentitySource) AddPropertyDeletionOverride(propertyPath *string) { if err := c.validateAddPropertyDeletionOverrideParameters(propertyPath); err != nil { panic(err) } _jsii_.InvokeVoid( c, "addPropertyDeletionOverride", []interface{}{propertyPath}, ) } func (c *jsiiProxy_CfnIdentitySource) AddPropertyOverride(propertyPath *string, value interface{}) { if err := c.validateAddPropertyOverrideParameters(propertyPath, value); err != nil { panic(err) } _jsii_.InvokeVoid( c, "addPropertyOverride", []interface{}{propertyPath, value}, ) } func (c *jsiiProxy_CfnIdentitySource) ApplyRemovalPolicy(policy awscdk.RemovalPolicy, options *awscdk.RemovalPolicyOptions) { if err := c.validateApplyRemovalPolicyParameters(options); err != nil { panic(err) } _jsii_.InvokeVoid( c, "applyRemovalPolicy", []interface{}{policy, options}, ) } func (c *jsiiProxy_CfnIdentitySource) GetAtt(attributeName *string, typeHint awscdk.ResolutionTypeHint) awscdk.Reference { if err := c.validateGetAttParameters(attributeName); err != nil { panic(err) } var returns awscdk.Reference _jsii_.Invoke( c, "getAtt", []interface{}{attributeName, typeHint}, &returns, ) return returns } func (c *jsiiProxy_CfnIdentitySource) GetMetadata(key *string) interface{} { if err := c.validateGetMetadataParameters(key); err != nil { panic(err) } var returns interface{} _jsii_.Invoke( c, "getMetadata", []interface{}{key}, &returns, ) return returns } func (c *jsiiProxy_CfnIdentitySource) Inspect(inspector awscdk.TreeInspector) { if err := c.validateInspectParameters(inspector); err != nil { panic(err) } _jsii_.InvokeVoid( c, "inspect", []interface{}{inspector}, ) } func (c *jsiiProxy_CfnIdentitySource) ObtainDependencies() *[]interface{} { var returns *[]interface{} _jsii_.Invoke( c, "obtainDependencies", nil, // no parameters &returns, ) return returns } func (c *jsiiProxy_CfnIdentitySource) ObtainResourceDependencies() *[]awscdk.CfnResource { var returns *[]awscdk.CfnResource _jsii_.Invoke( c, "obtainResourceDependencies", nil, // no parameters &returns, ) return returns } func (c *jsiiProxy_CfnIdentitySource) OverrideLogicalId(newLogicalId *string) { if err := c.validateOverrideLogicalIdParameters(newLogicalId); err != nil { panic(err) } _jsii_.InvokeVoid( c, "overrideLogicalId", []interface{}{newLogicalId}, ) } func (c *jsiiProxy_CfnIdentitySource) RemoveDependency(target awscdk.CfnResource) { if err := c.validateRemoveDependencyParameters(target); err != nil { panic(err) } _jsii_.InvokeVoid( c, "removeDependency", []interface{}{target}, ) } func (c *jsiiProxy_CfnIdentitySource) RenderProperties(props *map[string]interface{}) *map[string]interface{} { if err := c.validateRenderPropertiesParameters(props); err != nil { panic(err) } var returns *map[string]interface{} _jsii_.Invoke( c, "renderProperties", []interface{}{props}, &returns, ) return returns } func (c *jsiiProxy_CfnIdentitySource) ReplaceDependency(target awscdk.CfnResource, newTarget awscdk.CfnResource) { if err := c.validateReplaceDependencyParameters(target, newTarget); err != nil { panic(err) } _jsii_.InvokeVoid( c, "replaceDependency", []interface{}{target, newTarget}, ) } func (c *jsiiProxy_CfnIdentitySource) ShouldSynthesize() *bool { var returns *bool _jsii_.Invoke( c, "shouldSynthesize", nil, // no parameters &returns, ) return returns } func (c *jsiiProxy_CfnIdentitySource) ToString() *string { var returns *string _jsii_.Invoke( c, "toString", nil, // no parameters &returns, ) return returns } func (c *jsiiProxy_CfnIdentitySource) ValidateProperties(_properties interface{}) { if err := c.validateValidatePropertiesParameters(_properties); err != nil { panic(err) } _jsii_.InvokeVoid( c, "validateProperties", []interface{}{_properties}, ) }