// Code generated by smithy-go-codegen DO NOT EDIT.
package types
import (
smithydocument "github.com/aws/smithy-go/document"
"time"
)
// A structure that defines which attributes in the IdP assertion are to be used
// to define information about the users authenticated by the IdP to use the
// workspace.
type AssertionAttributes struct {
// The name of the attribute within the SAML assertion to use as the email names
// for SAML users.
Email *string
// The name of the attribute within the SAML assertion to use as the user full
// "friendly" names for user groups.
Groups *string
// The name of the attribute within the SAML assertion to use as the login names
// for SAML users.
Login *string
// The name of the attribute within the SAML assertion to use as the user full
// "friendly" names for SAML users.
Name *string
// The name of the attribute within the SAML assertion to use as the user full
// "friendly" names for the users' organizations.
Org *string
// The name of the attribute within the SAML assertion to use as the user roles.
Role *string
noSmithyDocumentSerde
}
// A structure containing information about the user authentication methods used
// by the workspace.
type AuthenticationDescription struct {
// Specifies whether this workspace uses IAM Identity Center, SAML, or both
// methods to authenticate users to use the Grafana console in the Amazon Managed
// Grafana workspace.
//
// This member is required.
Providers []AuthenticationProviderTypes
// A structure containing information about how this workspace works with IAM
// Identity Center.
AwsSso *AwsSsoAuthentication
// A structure containing information about how this workspace works with SAML,
// including what attributes within the assertion are to be mapped to user
// information in the workspace.
Saml *SamlAuthentication
noSmithyDocumentSerde
}
// A structure that describes whether the workspace uses SAML, IAM Identity
// Center, or both methods for user authentication, and whether that authentication
// is fully configured.
type AuthenticationSummary struct {
// Specifies whether the workspace uses SAML, IAM Identity Center, or both methods
// for user authentication.
//
// This member is required.
Providers []AuthenticationProviderTypes
// Specifies whether the workplace's user authentication method is fully
// configured.
SamlConfigurationStatus SamlConfigurationStatus
noSmithyDocumentSerde
}
// A structure containing information about how this workspace works with IAM
// Identity Center.
type AwsSsoAuthentication struct {
// The ID of the IAM Identity Center-managed application that is created by Amazon
// Managed Grafana.
SsoClientId *string
noSmithyDocumentSerde
}
// A structure containing the identity provider (IdP) metadata used to integrate
// the identity provider with this workspace. You can specify the metadata either
// by providing a URL to its location in the url parameter, or by specifying the
// full metadata in XML format in the xml parameter. Specifying both will cause an
// error.
//
// The following types satisfy this interface:
//
// IdpMetadataMemberUrl
// IdpMetadataMemberXml
type IdpMetadata interface {
isIdpMetadata()
}
// The URL of the location containing the IdP metadata.
type IdpMetadataMemberUrl struct {
Value string
noSmithyDocumentSerde
}
func (*IdpMetadataMemberUrl) isIdpMetadata() {}
// The full IdP metadata, in XML format.
type IdpMetadataMemberXml struct {
Value string
noSmithyDocumentSerde
}
func (*IdpMetadataMemberXml) isIdpMetadata() {}
// The configuration settings for in-bound network access to your workspace. When
// this is configured, only listed IP addresses and VPC endpoints will be able to
// access your workspace. Standard Grafana authentication and authorization are
// still required. Access is granted to a caller that is in either the IP address
// list or the VPC endpoint list - they do not need to be in both. If this is not
// configured, or is removed, then all IP addresses and VPC endpoints are allowed.
// Standard Grafana authentication and authorization are still required. While both
// prefixListIds and vpceIds are required, you can pass in an empty array of
// strings for either parameter if you do not want to allow any of that type. If
// both are passed as empty arrays, no traffic is allowed to the workspace, because
// only explicitly allowed connections are accepted.
type NetworkAccessConfiguration struct {
// An array of prefix list IDs. A prefix list is a list of CIDR ranges of IP
// addresses. The IP addresses specified are allowed to access your workspace. If
// the list is not included in the configuration (passed an empty array) then no IP
// addresses are allowed to access the workspace. You create a prefix list using
// the Amazon VPC console. Prefix list IDs have the format pl-1a2b3c4d . For more
// information about prefix lists, see Group CIDR blocks using managed prefix lists (https://docs.aws.amazon.com/vpc/latest/userguide/managed-prefix-lists.html)
// in the Amazon Virtual Private Cloud User Guide.
//
// This member is required.
PrefixListIds []string
// An array of Amazon VPC endpoint IDs for the workspace. You can create VPC
// endpoints to your Amazon Managed Grafana workspace for access from within a VPC.
// If a NetworkAccessConfiguration is specified then only VPC endpoints specified
// here are allowed to access the workspace. If you pass in an empty array of
// strings, then no VPCs are allowed to access the workspace. VPC endpoint IDs have
// the format vpce-1a2b3c4d . For more information about creating an interface VPC
// endpoint, see Interface VPC endpoints (https://docs.aws.amazon.com/grafana/latest/userguide/VPC-endpoints)
// in the Amazon Managed Grafana User Guide. The only VPC endpoints that can be
// specified here are interface VPC endpoints for Grafana workspaces (using the
// com.amazonaws.[region].grafana-workspace service endpoint). Other VPC endpoints
// are ignored.
//
// This member is required.
VpceIds []string
noSmithyDocumentSerde
}
// A structure containing the identity of one user or group and the Admin , Editor
// , or Viewer role that they have.
type PermissionEntry struct {
// Specifies whether the user or group has the Admin , Editor , or Viewer role.
//
// This member is required.
Role Role
// A structure with the ID of the user or group with this role.
//
// This member is required.
User *User
noSmithyDocumentSerde
}
// This structure defines which groups defined in the SAML assertion attribute are
// to be mapped to the Grafana Admin and Editor roles in the workspace. SAML
// authenticated users not part of Admin or Editor role groups have Viewer
// permission over the workspace.
type RoleValues struct {
// A list of groups from the SAML assertion attribute to grant the Grafana Admin
// role to.
Admin []string
// A list of groups from the SAML assertion attribute to grant the Grafana Editor
// role to.
Editor []string
noSmithyDocumentSerde
}
// A structure containing information about how this workspace works with SAML.
type SamlAuthentication struct {
// Specifies whether the workspace's SAML configuration is complete.
//
// This member is required.
Status SamlConfigurationStatus
// A structure containing details about how this workspace works with SAML.
Configuration *SamlConfiguration
noSmithyDocumentSerde
}
// A structure containing information about how this workspace works with SAML.
type SamlConfiguration struct {
// A structure containing the identity provider (IdP) metadata used to integrate
// the identity provider with this workspace.
//
// This member is required.
IdpMetadata IdpMetadata
// Lists which organizations defined in the SAML assertion are allowed to use the
// Amazon Managed Grafana workspace. If this is empty, all organizations in the
// assertion attribute have access.
AllowedOrganizations []string
// A structure that defines which attributes in the SAML assertion are to be used
// to define information about the users authenticated by that IdP to use the
// workspace.
AssertionAttributes *AssertionAttributes
// How long a sign-on session by a SAML user is valid, before the user has to sign
// on again.
LoginValidityDuration int32
// A structure containing arrays that map group names in the SAML assertion to the
// Grafana Admin and Editor roles in the workspace.
RoleValues *RoleValues
noSmithyDocumentSerde
}
// A structure containing information about one error encountered while performing
// an UpdatePermissions (https://docs.aws.amazon.com/grafana/latest/APIReference/API_UpdatePermissions.html)
// operation.
type UpdateError struct {
// Specifies which permission update caused the error.
//
// This member is required.
CausedBy *UpdateInstruction
// The error code.
//
// This member is required.
Code *int32
// The message for this error.
//
// This member is required.
Message *string
noSmithyDocumentSerde
}
// Contains the instructions for one Grafana role permission update in a
// UpdatePermissions (https://docs.aws.amazon.com/grafana/latest/APIReference/API_UpdatePermissions.html)
// operation.
type UpdateInstruction struct {
// Specifies whether this update is to add or revoke role permissions.
//
// This member is required.
Action UpdateAction
// The role to add or revoke for the user or the group specified in users .
//
// This member is required.
Role Role
// A structure that specifies the user or group to add or revoke the role for.
//
// This member is required.
Users []User
noSmithyDocumentSerde
}
// A structure that specifies one user or group in the workspace.
type User struct {
// The ID of the user or group. Pattern:
// ^([0-9a-fA-F]{10}-|)[A-Fa-f0-9]{8}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{12}$
//
// This member is required.
Id *string
// Specifies whether this is a single user or a group.
//
// This member is required.
Type UserType
noSmithyDocumentSerde
}
// A structure that contains information about a request parameter that caused an
// error.
type ValidationExceptionField struct {
// A message describing why this field couldn't be validated.
//
// This member is required.
Message *string
// The name of the field that caused the validation error.
//
// This member is required.
Name *string
noSmithyDocumentSerde
}
// The configuration settings for an Amazon VPC that contains data sources for
// your Grafana workspace to connect to. Provided securityGroupIds and subnetIds
// must be part of the same VPC. Connecting to a private VPC is not yet available
// in the Asia Pacific (Seoul) Region (ap-northeast-2).
type VpcConfiguration struct {
// The list of Amazon EC2 security group IDs attached to the Amazon VPC for your
// Grafana workspace to connect. Duplicates not allowed.
//
// This member is required.
SecurityGroupIds []string
// The list of Amazon EC2 subnet IDs created in the Amazon VPC for your Grafana
// workspace to connect. Duplicates not allowed.
//
// This member is required.
SubnetIds []string
noSmithyDocumentSerde
}
// A structure containing information about an Amazon Managed Grafana workspace in
// your account.
type WorkspaceDescription struct {
// A structure that describes whether the workspace uses SAML, IAM Identity
// Center, or both methods for user authentication.
//
// This member is required.
Authentication *AuthenticationSummary
// The date that the workspace was created.
//
// This member is required.
Created *time.Time
// Specifies the Amazon Web Services data sources that have been configured to
// have IAM roles and permissions created to allow Amazon Managed Grafana to read
// data from these sources. This list is only used when the workspace was created
// through the Amazon Web Services console, and the permissionType is
// SERVICE_MANAGED .
//
// This member is required.
DataSources []DataSourceType
// The URL that users can use to access the Grafana console in the workspace.
//
// This member is required.
Endpoint *string
// The version of Grafana supported in this workspace.
//
// This member is required.
GrafanaVersion *string
// The unique ID of this workspace.
//
// This member is required.
Id *string
// The most recent date that the workspace was modified.
//
// This member is required.
Modified *time.Time
// The current status of the workspace.
//
// This member is required.
Status WorkspaceStatus
// Specifies whether the workspace can access Amazon Web Services resources in
// this Amazon Web Services account only, or whether it can also access Amazon Web
// Services resources in other accounts in the same organization. If this is
// ORGANIZATION , the workspaceOrganizationalUnits parameter specifies which
// organizational units the workspace can access.
AccountAccessType AccountAccessType
// The user-defined description of the workspace.
Description *string
// Specifies whether this workspace has already fully used its free trial for
// Grafana Enterprise.
FreeTrialConsumed *bool
// If this workspace is currently in the free trial period for Grafana Enterprise,
// this value specifies when that free trial ends.
FreeTrialExpiration *time.Time
// If this workspace has a full Grafana Enterprise license, this specifies when
// the license ends and will need to be renewed.
LicenseExpiration *time.Time
// Specifies whether this workspace has a full Grafana Enterprise license or a
// free trial license.
LicenseType LicenseType
// The name of the workspace.
Name *string
// The configuration settings for network access to your workspace.
NetworkAccessControl *NetworkAccessConfiguration
// The Amazon Web Services notification channels that Amazon Managed Grafana can
// automatically create IAM roles and permissions for, to allow Amazon Managed
// Grafana to use these channels.
NotificationDestinations []NotificationDestinationType
// The name of the IAM role that is used to access resources through Organizations.
OrganizationRoleName *string
// Specifies the organizational units that this workspace is allowed to use data
// sources from, if this workspace is in an account that is part of an
// organization.
OrganizationalUnits []string
// If this is SERVICE_MANAGED , and the workplace was created through the Amazon
// Managed Grafana console, then Amazon Managed Grafana automatically creates the
// IAM roles and provisions the permissions that the workspace needs to use Amazon
// Web Services data sources and notification channels. If this is CUSTOMER_MANAGED
// , you must manage those roles and permissions yourself. If you are working with
// a workspace in a member account of an organization and that account is not a
// delegated administrator account, and you want the workspace to access data
// sources in other Amazon Web Services accounts in the organization, this
// parameter must be set to CUSTOMER_MANAGED . For more information about
// converting between customer and service managed, see Managing permissions for
// data sources and notification channels (https://docs.aws.amazon.com/grafana/latest/userguide/AMG-datasource-and-notification.html)
// . For more information about the roles and permissions that must be managed for
// customer managed workspaces, see Amazon Managed Grafana permissions and
// policies for Amazon Web Services data sources and notification channels (https://docs.aws.amazon.com/grafana/latest/userguide/AMG-manage-permissions.html)
PermissionType PermissionType
// The name of the CloudFormation stack set that is used to generate IAM roles to
// be used for this workspace.
StackSetName *string
// The list of tags associated with the workspace.
Tags map[string]string
// The configuration for connecting to data sources in a private VPC (Amazon
// Virtual Private Cloud).
VpcConfiguration *VpcConfiguration
// The IAM role that grants permissions to the Amazon Web Services resources that
// the workspace will view data from. This role must already exist.
WorkspaceRoleArn *string
noSmithyDocumentSerde
}
// A structure that contains some information about one workspace in the account.
type WorkspaceSummary struct {
// A structure containing information about the authentication methods used in the
// workspace.
//
// This member is required.
Authentication *AuthenticationSummary
// The date that the workspace was created.
//
// This member is required.
Created *time.Time
// The URL endpoint to use to access the Grafana console in the workspace.
//
// This member is required.
Endpoint *string
// The Grafana version that the workspace is running.
//
// This member is required.
GrafanaVersion *string
// The unique ID of the workspace.
//
// This member is required.
Id *string
// The most recent date that the workspace was modified.
//
// This member is required.
Modified *time.Time
// The current status of the workspace.
//
// This member is required.
Status WorkspaceStatus
// The customer-entered description of the workspace.
Description *string
// The name of the workspace.
Name *string
// The Amazon Web Services notification channels that Amazon Managed Grafana can
// automatically create IAM roles and permissions for, which allows Amazon Managed
// Grafana to use these channels.
NotificationDestinations []NotificationDestinationType
// The list of tags associated with the workspace.
Tags map[string]string
noSmithyDocumentSerde
}
type noSmithyDocumentSerde = smithydocument.NoSerde
// UnknownUnionMember is returned when a union member is returned over the wire,
// but has an unknown tag.
type UnknownUnionMember struct {
Tag string
Value []byte
noSmithyDocumentSerde
}
func (*UnknownUnionMember) isIdpMetadata() {}