Class: AWSCDK::CognitoIdentitypool::IdentityPoolRoleMapping

Inherits:
Jsii::Struct
  • Object
show all
Defined in:
cognito_identitypool/identity_pool_role_mapping.rb

Overview

Map roles to users in the Identity Pool based on claims from the Identity Provider.

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(provider_url:, mapping_key: nil, resolve_ambiguous_roles: nil, rules: nil, use_token: nil) ⇒ IdentityPoolRoleMapping

Returns a new instance of IdentityPoolRoleMapping.

Parameters:

  • provider_url (AWSCDK::CognitoIdentitypool::IdentityPoolProviderURL)

    The url of the Provider for which the role is mapped.

  • mapping_key (String, nil) (defaults to: nil)

    The key used for the role mapping in the role mapping hash.

  • resolve_ambiguous_roles (Boolean, nil) (defaults to: nil)

    Allow for role assumption when results of role mapping are ambiguous.

  • rules (Array<AWSCDK::CognitoIdentitypool::RoleMappingRule>, nil) (defaults to: nil)

    The claim and value that must be matched in order to assume the role.

  • use_token (Boolean, nil) (defaults to: nil)

    If true then mapped roles must be passed through the cognito:roles or cognito:preferred_role claims from Identity Provider.



14
15
16
17
18
19
20
21
22
23
24
25
# File 'cognito_identitypool/identity_pool_role_mapping.rb', line 14

def initialize(provider_url:, mapping_key: nil, resolve_ambiguous_roles: nil, rules: nil, use_token: nil)
  @provider_url = provider_url
  Jsii::Type.check_type(@provider_url, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfY29nbml0b19pZGVudGl0eXBvb2wuSWRlbnRpdHlQb29sUHJvdmlkZXJVcmwifQ==")), "providerUrl")
  @mapping_key = mapping_key
  Jsii::Type.check_type(@mapping_key, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "mappingKey") unless @mapping_key.nil?
  @resolve_ambiguous_roles = resolve_ambiguous_roles
  Jsii::Type.check_type(@resolve_ambiguous_roles, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJib29sZWFuIn0=")), "resolveAmbiguousRoles") unless @resolve_ambiguous_roles.nil?
  @rules = rules.is_a?(Array) ? rules.map { |jsii_v0| jsii_v0.is_a?(Hash) ? ::AWSCDK::CognitoIdentitypool::RoleMappingRule.new(**jsii_v0.transform_keys(&:to_sym)) : jsii_v0 } : rules
  Jsii::Type.check_type(@rules, JSON.parse(Base64.strict_decode64("eyJjb2xsZWN0aW9uIjp7ImVsZW1lbnR0eXBlIjp7ImZxbiI6ImF3cy1jZGstbGliLmF3c19jb2duaXRvX2lkZW50aXR5cG9vbC5Sb2xlTWFwcGluZ1J1bGUifSwia2luZCI6ImFycmF5In19")), "rules") unless @rules.nil?
  @use_token = use_token
  Jsii::Type.check_type(@use_token, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJib29sZWFuIn0=")), "useToken") unless @use_token.nil?
end

Instance Attribute Details

#mapping_keyString? (readonly)

Note:

Default: - The provided providerUrl

The key used for the role mapping in the role mapping hash.

Required if the providerUrl is a token.

Returns:

  • (String, nil)


37
38
39
# File 'cognito_identitypool/identity_pool_role_mapping.rb', line 37

def mapping_key
  @mapping_key
end

#provider_urlAWSCDK::CognitoIdentitypool::IdentityPoolProviderURL (readonly)

The url of the Provider for which the role is mapped.



30
31
32
# File 'cognito_identitypool/identity_pool_role_mapping.rb', line 30

def provider_url
  @provider_url
end

#resolve_ambiguous_rolesBoolean? (readonly)

Note:

Default: false - Ambiguous role resolutions will lead to requester being denied

Allow for role assumption when results of role mapping are ambiguous.

Returns:

  • (Boolean, nil)


42
43
44
# File 'cognito_identitypool/identity_pool_role_mapping.rb', line 42

def resolve_ambiguous_roles
  @resolve_ambiguous_roles
end

#rulesArray<AWSCDK::CognitoIdentitypool::RoleMappingRule>? (readonly)

Note:

Default: - No role mapping rule

The claim and value that must be matched in order to assume the role.

Required if useToken is false



49
50
51
# File 'cognito_identitypool/identity_pool_role_mapping.rb', line 49

def rules
  @rules
end

#use_tokenBoolean? (readonly)

Note:

Default: false

If true then mapped roles must be passed through the cognito:roles or cognito:preferred_role claims from Identity Provider.



55
56
57
# File 'cognito_identitypool/identity_pool_role_mapping.rb', line 55

def use_token
  @use_token
end

Class Method Details

.jsii_propertiesObject



57
58
59
60
61
62
63
64
65
# File 'cognito_identitypool/identity_pool_role_mapping.rb', line 57

def self.jsii_properties
  {
    :provider_url => "providerUrl",
    :mapping_key => "mappingKey",
    :resolve_ambiguous_roles => "resolveAmbiguousRoles",
    :rules => "rules",
    :use_token => "useToken",
  }
end

Instance Method Details

#to_jsiiObject



67
68
69
70
71
72
73
74
75
76
77
# File 'cognito_identitypool/identity_pool_role_mapping.rb', line 67

def to_jsii
  result = {}
  result.merge!({
    "providerUrl" => @provider_url,
    "mappingKey" => @mapping_key,
    "resolveAmbiguousRoles" => @resolve_ambiguous_roles,
    "rules" => @rules,
    "useToken" => @use_token,
  })
  result.compact
end