io.cloudshiftdev.awscdk.services.iam.UserProps.kt Maven / Gradle / Ivy
The newest version!
@file:Suppress("RedundantVisibilityModifier","RedundantUnitReturnType","RemoveRedundantQualifierName","unused","UnusedImport","ClassName","REDUNDANT_PROJECTION","DEPRECATION")
package io.cloudshiftdev.awscdk.services.iam
import io.cloudshiftdev.awscdk.SecretValue
import io.cloudshiftdev.awscdk.common.CdkDslMarker
import io.cloudshiftdev.awscdk.common.CdkObject
import io.cloudshiftdev.awscdk.common.CdkObjectWrappers
import kotlin.Boolean
import kotlin.String
import kotlin.Unit
import kotlin.collections.List
/**
* Properties for defining an IAM user.
*
* Example:
*
* ```
* User user = User.Builder.create(this, "MyUser").password(SecretValue.plainText("1234")).build();
* Group group = new Group(this, "MyGroup");
* Policy policy = new Policy(this, "MyPolicy");
* policy.attachToUser(user);
* group.attachInlinePolicy(policy);
* ```
*/
public interface UserProps {
/**
* Groups to add this user to.
*
* You can also use `addToGroup` to add this
* user to a group.
*
* Default: - No groups.
*/
public fun groups(): List = unwrap(this).getGroups()?.map(IGroup::wrap) ?: emptyList()
/**
* A list of managed policies associated with this role.
*
* You can add managed policies later using
* `addManagedPolicy(ManagedPolicy.fromAwsManagedPolicyName(policyName))`.
*
* Default: - No managed policies.
*/
public fun managedPolicies(): List =
unwrap(this).getManagedPolicies()?.map(IManagedPolicy::wrap) ?: emptyList()
/**
* The password for the user. This is required so the user can access the AWS Management Console.
*
* You can use `SecretValue.unsafePlainText` to specify a password in plain text or
* use `secretsmanager.Secret.fromSecretAttributes` to reference a secret in
* Secrets Manager.
*
* Default: - User won't be able to access the management console without a password.
*/
public fun password(): SecretValue? = unwrap(this).getPassword()?.let(SecretValue::wrap)
/**
* Specifies whether the user is required to set a new password the next time the user logs in to
* the AWS Management Console.
*
* If this is set to 'true', you must also specify "initialPassword".
*
* Default: false
*/
public fun passwordResetRequired(): Boolean? = unwrap(this).getPasswordResetRequired()
/**
* The path for the user name.
*
* For more information about paths, see IAM
* Identifiers in the IAM User Guide.
*
* Default: /
*/
public fun path(): String? = unwrap(this).getPath()
/**
* AWS supports permissions boundaries for IAM entities (users or roles).
*
* A permissions boundary is an advanced feature for using a managed policy
* to set the maximum permissions that an identity-based policy can grant to
* an IAM entity. An entity's permissions boundary allows it to perform only
* the actions that are allowed by both its identity-based policies and its
* permissions boundaries.
*
* Default: - No permissions boundary.
*/
public fun permissionsBoundary(): IManagedPolicy? =
unwrap(this).getPermissionsBoundary()?.let(IManagedPolicy::wrap)
/**
* A name for the IAM user.
*
* For valid values, see the UserName parameter for
* the CreateUser action in the IAM API Reference. If you don't specify a
* name, AWS CloudFormation generates a unique physical ID and uses that ID
* for the user name.
*
* If you specify a name, you cannot perform updates that require
* replacement of this resource. You can perform updates that require no or
* some interruption. If you must replace the resource, specify a new name.
*
* If you specify a name, you must specify the CAPABILITY_NAMED_IAM value to
* acknowledge your template's capabilities. For more information, see
* Acknowledging IAM Resources in AWS CloudFormation Templates.
*
* Default: - Generated by CloudFormation (recommended)
*/
public fun userName(): String? = unwrap(this).getUserName()
/**
* A builder for [UserProps]
*/
@CdkDslMarker
public interface Builder {
/**
* @param groups Groups to add this user to.
* You can also use `addToGroup` to add this
* user to a group.
*/
public fun groups(groups: List)
/**
* @param groups Groups to add this user to.
* You can also use `addToGroup` to add this
* user to a group.
*/
public fun groups(vararg groups: IGroup)
/**
* @param managedPolicies A list of managed policies associated with this role.
* You can add managed policies later using
* `addManagedPolicy(ManagedPolicy.fromAwsManagedPolicyName(policyName))`.
*/
public fun managedPolicies(managedPolicies: List)
/**
* @param managedPolicies A list of managed policies associated with this role.
* You can add managed policies later using
* `addManagedPolicy(ManagedPolicy.fromAwsManagedPolicyName(policyName))`.
*/
public fun managedPolicies(vararg managedPolicies: IManagedPolicy)
/**
* @param password The password for the user. This is required so the user can access the AWS
* Management Console.
* You can use `SecretValue.unsafePlainText` to specify a password in plain text or
* use `secretsmanager.Secret.fromSecretAttributes` to reference a secret in
* Secrets Manager.
*/
public fun password(password: SecretValue)
/**
* @param passwordResetRequired Specifies whether the user is required to set a new password the
* next time the user logs in to the AWS Management Console.
* If this is set to 'true', you must also specify "initialPassword".
*/
public fun passwordResetRequired(passwordResetRequired: Boolean)
/**
* @param path The path for the user name.
* For more information about paths, see IAM
* Identifiers in the IAM User Guide.
*/
public fun path(path: String)
/**
* @param permissionsBoundary AWS supports permissions boundaries for IAM entities (users or
* roles).
* A permissions boundary is an advanced feature for using a managed policy
* to set the maximum permissions that an identity-based policy can grant to
* an IAM entity. An entity's permissions boundary allows it to perform only
* the actions that are allowed by both its identity-based policies and its
* permissions boundaries.
*/
public fun permissionsBoundary(permissionsBoundary: IManagedPolicy)
/**
* @param userName A name for the IAM user.
* For valid values, see the UserName parameter for
* the CreateUser action in the IAM API Reference. If you don't specify a
* name, AWS CloudFormation generates a unique physical ID and uses that ID
* for the user name.
*
* If you specify a name, you cannot perform updates that require
* replacement of this resource. You can perform updates that require no or
* some interruption. If you must replace the resource, specify a new name.
*
* If you specify a name, you must specify the CAPABILITY_NAMED_IAM value to
* acknowledge your template's capabilities. For more information, see
* Acknowledging IAM Resources in AWS CloudFormation Templates.
*/
public fun userName(userName: String)
}
private class BuilderImpl : Builder {
private val cdkBuilder: software.amazon.awscdk.services.iam.UserProps.Builder =
software.amazon.awscdk.services.iam.UserProps.builder()
/**
* @param groups Groups to add this user to.
* You can also use `addToGroup` to add this
* user to a group.
*/
override fun groups(groups: List) {
cdkBuilder.groups(groups.map(IGroup.Companion::unwrap))
}
/**
* @param groups Groups to add this user to.
* You can also use `addToGroup` to add this
* user to a group.
*/
override fun groups(vararg groups: IGroup): Unit = groups(groups.toList())
/**
* @param managedPolicies A list of managed policies associated with this role.
* You can add managed policies later using
* `addManagedPolicy(ManagedPolicy.fromAwsManagedPolicyName(policyName))`.
*/
override fun managedPolicies(managedPolicies: List) {
cdkBuilder.managedPolicies(managedPolicies.map(IManagedPolicy.Companion::unwrap))
}
/**
* @param managedPolicies A list of managed policies associated with this role.
* You can add managed policies later using
* `addManagedPolicy(ManagedPolicy.fromAwsManagedPolicyName(policyName))`.
*/
override fun managedPolicies(vararg managedPolicies: IManagedPolicy): Unit =
managedPolicies(managedPolicies.toList())
/**
* @param password The password for the user. This is required so the user can access the AWS
* Management Console.
* You can use `SecretValue.unsafePlainText` to specify a password in plain text or
* use `secretsmanager.Secret.fromSecretAttributes` to reference a secret in
* Secrets Manager.
*/
override fun password(password: SecretValue) {
cdkBuilder.password(password.let(SecretValue.Companion::unwrap))
}
/**
* @param passwordResetRequired Specifies whether the user is required to set a new password the
* next time the user logs in to the AWS Management Console.
* If this is set to 'true', you must also specify "initialPassword".
*/
override fun passwordResetRequired(passwordResetRequired: Boolean) {
cdkBuilder.passwordResetRequired(passwordResetRequired)
}
/**
* @param path The path for the user name.
* For more information about paths, see IAM
* Identifiers in the IAM User Guide.
*/
override fun path(path: String) {
cdkBuilder.path(path)
}
/**
* @param permissionsBoundary AWS supports permissions boundaries for IAM entities (users or
* roles).
* A permissions boundary is an advanced feature for using a managed policy
* to set the maximum permissions that an identity-based policy can grant to
* an IAM entity. An entity's permissions boundary allows it to perform only
* the actions that are allowed by both its identity-based policies and its
* permissions boundaries.
*/
override fun permissionsBoundary(permissionsBoundary: IManagedPolicy) {
cdkBuilder.permissionsBoundary(permissionsBoundary.let(IManagedPolicy.Companion::unwrap))
}
/**
* @param userName A name for the IAM user.
* For valid values, see the UserName parameter for
* the CreateUser action in the IAM API Reference. If you don't specify a
* name, AWS CloudFormation generates a unique physical ID and uses that ID
* for the user name.
*
* If you specify a name, you cannot perform updates that require
* replacement of this resource. You can perform updates that require no or
* some interruption. If you must replace the resource, specify a new name.
*
* If you specify a name, you must specify the CAPABILITY_NAMED_IAM value to
* acknowledge your template's capabilities. For more information, see
* Acknowledging IAM Resources in AWS CloudFormation Templates.
*/
override fun userName(userName: String) {
cdkBuilder.userName(userName)
}
public fun build(): software.amazon.awscdk.services.iam.UserProps = cdkBuilder.build()
}
private class Wrapper(
cdkObject: software.amazon.awscdk.services.iam.UserProps,
) : CdkObject(cdkObject),
UserProps {
/**
* Groups to add this user to.
*
* You can also use `addToGroup` to add this
* user to a group.
*
* Default: - No groups.
*/
override fun groups(): List = unwrap(this).getGroups()?.map(IGroup::wrap) ?: emptyList()
/**
* A list of managed policies associated with this role.
*
* You can add managed policies later using
* `addManagedPolicy(ManagedPolicy.fromAwsManagedPolicyName(policyName))`.
*
* Default: - No managed policies.
*/
override fun managedPolicies(): List =
unwrap(this).getManagedPolicies()?.map(IManagedPolicy::wrap) ?: emptyList()
/**
* The password for the user. This is required so the user can access the AWS Management
* Console.
*
* You can use `SecretValue.unsafePlainText` to specify a password in plain text or
* use `secretsmanager.Secret.fromSecretAttributes` to reference a secret in
* Secrets Manager.
*
* Default: - User won't be able to access the management console without a password.
*/
override fun password(): SecretValue? = unwrap(this).getPassword()?.let(SecretValue::wrap)
/**
* Specifies whether the user is required to set a new password the next time the user logs in
* to the AWS Management Console.
*
* If this is set to 'true', you must also specify "initialPassword".
*
* Default: false
*/
override fun passwordResetRequired(): Boolean? = unwrap(this).getPasswordResetRequired()
/**
* The path for the user name.
*
* For more information about paths, see IAM
* Identifiers in the IAM User Guide.
*
* Default: /
*/
override fun path(): String? = unwrap(this).getPath()
/**
* AWS supports permissions boundaries for IAM entities (users or roles).
*
* A permissions boundary is an advanced feature for using a managed policy
* to set the maximum permissions that an identity-based policy can grant to
* an IAM entity. An entity's permissions boundary allows it to perform only
* the actions that are allowed by both its identity-based policies and its
* permissions boundaries.
*
* Default: - No permissions boundary.
*/
override fun permissionsBoundary(): IManagedPolicy? =
unwrap(this).getPermissionsBoundary()?.let(IManagedPolicy::wrap)
/**
* A name for the IAM user.
*
* For valid values, see the UserName parameter for
* the CreateUser action in the IAM API Reference. If you don't specify a
* name, AWS CloudFormation generates a unique physical ID and uses that ID
* for the user name.
*
* If you specify a name, you cannot perform updates that require
* replacement of this resource. You can perform updates that require no or
* some interruption. If you must replace the resource, specify a new name.
*
* If you specify a name, you must specify the CAPABILITY_NAMED_IAM value to
* acknowledge your template's capabilities. For more information, see
* Acknowledging IAM Resources in AWS CloudFormation Templates.
*
* Default: - Generated by CloudFormation (recommended)
*/
override fun userName(): String? = unwrap(this).getUserName()
}
public companion object {
public operator fun invoke(block: Builder.() -> Unit = {}): UserProps {
val builderImpl = BuilderImpl()
return Wrapper(builderImpl.apply(block).build())
}
internal fun wrap(cdkObject: software.amazon.awscdk.services.iam.UserProps): UserProps =
CdkObjectWrappers.wrap(cdkObject) as? UserProps ?: Wrapper(cdkObject)
internal fun unwrap(wrapped: UserProps): software.amazon.awscdk.services.iam.UserProps =
(wrapped as CdkObject).cdkObject as software.amazon.awscdk.services.iam.UserProps
}
}