Class: AWSCDK::IAM::FederatedPrincipal
- Inherits:
-
PrincipalBase
- Object
- PrincipalBase
- AWSCDK::IAM::FederatedPrincipal
- Defined in:
- iam/federated_principal.rb
Overview
Principal entity that represents a federated identity provider such as Amazon Cognito, that can be used to provide temporary security credentials to users who have been authenticated.
Additional condition keys are available when the temporary security credentials are used to make a request. You can use these keys to write policies that limit the access of federated users.
Direct Known Subclasses
Class Method Summary collapse
Instance Method Summary collapse
-
#add_to_assume_role_policy(document) ⇒ void
Add the principal to the AssumeRolePolicyDocument.
-
#add_to_policy(statement) ⇒ Boolean
Add to the policy of this principal.
-
#add_to_principal_policy(_statement) ⇒ AWSCDK::IAM::AddToPrincipalPolicyResult
Add to the policy of this principal.
-
#assume_role_action ⇒ String
When this Principal is used in an AssumeRole policy, the action to use.
-
#conditions ⇒ Hash{String => Object}
The conditions under which the policy is in effect.
-
#dedupe_string ⇒ String?
Return whether or not this principal is equal to the given principal.
-
#federated ⇒ String
federated identity provider (i.e. 'cognito-identity.amazonaws.com' for users authenticated through Cognito).
-
#grant_principal ⇒ AWSCDK::IAM::IPrincipal
The principal to grant permissions to.
-
#initialize(federated, conditions = nil, assume_role_action = nil) ⇒ FederatedPrincipal
constructor
A new instance of FederatedPrincipal.
-
#policy_fragment ⇒ AWSCDK::IAM::PrincipalPolicyFragment
Return the policy fragment that identifies this principal in a Policy.
-
#principal_account ⇒ String?
The AWS account ID of this principal.
-
#to_json ⇒ Hash{String => Array<String>}
JSON-ify the principal.
-
#to_string ⇒ String
Returns a string representation of an object.
-
#with_conditions(conditions) ⇒ AWSCDK::IAM::PrincipalBase
Returns a new PrincipalWithConditions using this principal as the base, with the passed conditions added.
-
#with_session_tags ⇒ AWSCDK::IAM::PrincipalBase
Returns a new principal using this principal as the base, with session tags enabled.
Constructor Details
#initialize(federated, conditions = nil, assume_role_action = nil) ⇒ FederatedPrincipal
Returns a new instance of FederatedPrincipal.
16 17 18 19 20 21 |
# File 'iam/federated_principal.rb', line 16 def initialize(federated, conditions = nil, assume_role_action = nil) Jsii::Type.check_type(federated, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "federated") Jsii::Type.check_type(conditions, JSON.parse(Base64.strict_decode64("eyJjb2xsZWN0aW9uIjp7ImVsZW1lbnR0eXBlIjp7InByaW1pdGl2ZSI6ImFueSJ9LCJraW5kIjoibWFwIn19")), "conditions") unless conditions.nil? Jsii::Type.check_type(assume_role_action, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "assumeRoleAction") unless assume_role_action.nil? Jsii::Object.instance_method(:initialize).bind(self).call(federated, conditions, assume_role_action) end |
Class Method Details
.jsii_overridable_methods ⇒ Object
23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 |
# File 'iam/federated_principal.rb', line 23 def self.jsii_overridable_methods { :assume_role_action => { kind: :property, name: "assumeRoleAction", is_optional: false }, :grant_principal => { kind: :property, name: "grantPrincipal", is_optional: false }, :policy_fragment => { kind: :property, name: "policyFragment", is_optional: false }, :principal_account => { kind: :property, name: "principalAccount", is_optional: true }, :conditions => { kind: :property, name: "conditions", is_optional: false }, :federated => { kind: :property, name: "federated", is_optional: false }, :add_to_assume_role_policy => { kind: :method, name: "addToAssumeRolePolicy", is_optional: false }, :add_to_policy => { kind: :method, name: "addToPolicy", is_optional: false }, :add_to_principal_policy => { kind: :method, name: "addToPrincipalPolicy", is_optional: false }, :dedupe_string => { kind: :method, name: "dedupeString", is_optional: false }, :to_json => { kind: :method, name: "toJSON", is_optional: false }, :to_string => { kind: :method, name: "toString", is_optional: false }, :with_conditions => { kind: :method, name: "withConditions", is_optional: false }, :with_session_tags => { kind: :method, name: "withSessionTags", is_optional: false }, } end |
Instance Method Details
#add_to_assume_role_policy(document) ⇒ void
This method returns an undefined value.
Add the principal to the AssumeRolePolicyDocument.
Add the statements to the AssumeRolePolicyDocument necessary to give this principal permissions to assume the given role.
97 98 99 100 |
# File 'iam/federated_principal.rb', line 97 def add_to_assume_role_policy(document) Jsii::Type.check_type(document, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfaWFtLlBvbGljeURvY3VtZW50In0=")), "document") jsii_call_method("addToAssumeRolePolicy", [document]) end |
#add_to_policy(statement) ⇒ Boolean
Add to the policy of this principal.
106 107 108 109 |
# File 'iam/federated_principal.rb', line 106 def add_to_policy(statement) Jsii::Type.check_type(statement, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfaWFtLlBvbGljeVN0YXRlbWVudCJ9")), "statement") jsii_call_method("addToPolicy", [statement]) end |
#add_to_principal_policy(_statement) ⇒ AWSCDK::IAM::AddToPrincipalPolicyResult
Add to the policy of this principal.
115 116 117 118 |
# File 'iam/federated_principal.rb', line 115 def add_to_principal_policy(_statement) Jsii::Type.check_type(_statement, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfaWFtLlBvbGljeVN0YXRlbWVudCJ9")), "_statement") jsii_call_method("addToPrincipalPolicy", [_statement]) end |
#assume_role_action ⇒ String
When this Principal is used in an AssumeRole policy, the action to use.
45 46 47 |
# File 'iam/federated_principal.rb', line 45 def assume_role_action() jsii_get_property("assumeRoleAction") end |
#conditions ⇒ Hash{String => Object}
The conditions under which the policy is in effect.
79 80 81 |
# File 'iam/federated_principal.rb', line 79 def conditions() jsii_get_property("conditions") end |
#dedupe_string ⇒ String?
Return whether or not this principal is equal to the given principal.
123 124 125 |
# File 'iam/federated_principal.rb', line 123 def dedupe_string() jsii_call_method("dedupeString", []) end |
#federated ⇒ String
federated identity provider (i.e. 'cognito-identity.amazonaws.com' for users authenticated through Cognito).
86 87 88 |
# File 'iam/federated_principal.rb', line 86 def federated() jsii_get_property("federated") end |
#grant_principal ⇒ AWSCDK::IAM::IPrincipal
The principal to grant permissions to.
52 53 54 |
# File 'iam/federated_principal.rb', line 52 def grant_principal() jsii_get_property("grantPrincipal") end |
#policy_fragment ⇒ AWSCDK::IAM::PrincipalPolicyFragment
Return the policy fragment that identifies this principal in a Policy.
59 60 61 |
# File 'iam/federated_principal.rb', line 59 def policy_fragment() jsii_get_property("policyFragment") end |
#principal_account ⇒ String?
The AWS account ID of this principal.
Can be undefined when the account is not known (for example, for service principals). Can be a Token - in that case, it's assumed to be AWS::AccountId.
71 72 73 |
# File 'iam/federated_principal.rb', line 71 def principal_account() jsii_get_property("principalAccount") end |
#to_json ⇒ Hash{String => Array<String>}
JSON-ify the principal.
Used when JSON.stringify() is called
132 133 134 |
# File 'iam/federated_principal.rb', line 132 def to_json() jsii_call_method("toJSON", []) end |
#to_string ⇒ String
Returns a string representation of an object.
139 140 141 |
# File 'iam/federated_principal.rb', line 139 def to_string() jsii_call_method("toString", []) end |
#with_conditions(conditions) ⇒ AWSCDK::IAM::PrincipalBase
Returns a new PrincipalWithConditions using this principal as the base, with the passed conditions added.
When there is a value for the same operator and key in both the principal and the conditions parameter, the value from the conditions parameter will be used.
150 151 152 153 |
# File 'iam/federated_principal.rb', line 150 def with_conditions(conditions) Jsii::Type.check_type(conditions, JSON.parse(Base64.strict_decode64("eyJjb2xsZWN0aW9uIjp7ImVsZW1lbnR0eXBlIjp7InByaW1pdGl2ZSI6ImFueSJ9LCJraW5kIjoibWFwIn19")), "conditions") jsii_call_method("withConditions", [conditions]) end |
#with_session_tags ⇒ AWSCDK::IAM::PrincipalBase
Returns a new principal using this principal as the base, with session tags enabled.
158 159 160 |
# File 'iam/federated_principal.rb', line 158 def () jsii_call_method("withSessionTags", []) end |