All Downloads are FREE. Search and download functionalities are using the official Maven repository.

software.amazon.awssdk.services.sts.model.AssumeRoleWithSamlRequest Maven / Gradle / Ivy

Go to download

The AWS Java SDK for AWS STS module holds the client classes that are used for communicating with AWS Security Token Service

There is a newer version: 2.29.39
Show newest version
/*
 * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
 * 
 * Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance with
 * the License. A copy of the License is located at
 * 
 * http://aws.amazon.com/apache2.0
 * 
 * or in the "license" file accompanying this file. This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
 * CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions
 * and limitations under the License.
 */

package software.amazon.awssdk.services.sts.model;

import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.List;
import java.util.Objects;
import java.util.Optional;
import java.util.function.BiConsumer;
import java.util.function.Consumer;
import java.util.function.Function;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import software.amazon.awssdk.annotations.Generated;
import software.amazon.awssdk.awscore.AwsRequestOverrideConfiguration;
import software.amazon.awssdk.core.SdkField;
import software.amazon.awssdk.core.SdkPojo;
import software.amazon.awssdk.core.protocol.MarshallLocation;
import software.amazon.awssdk.core.protocol.MarshallingType;
import software.amazon.awssdk.core.traits.ListTrait;
import software.amazon.awssdk.core.traits.LocationTrait;
import software.amazon.awssdk.core.util.DefaultSdkAutoConstructList;
import software.amazon.awssdk.core.util.SdkAutoConstructList;
import software.amazon.awssdk.utils.ToString;
import software.amazon.awssdk.utils.builder.CopyableBuilder;
import software.amazon.awssdk.utils.builder.ToCopyableBuilder;

/**
 */
@Generated("software.amazon.awssdk:codegen")
public final class AssumeRoleWithSamlRequest extends StsRequest implements
        ToCopyableBuilder {
    private static final SdkField ROLE_ARN_FIELD = SdkField. builder(MarshallingType.STRING)
            .memberName("RoleArn").getter(getter(AssumeRoleWithSamlRequest::roleArn)).setter(setter(Builder::roleArn))
            .traits(LocationTrait.builder().location(MarshallLocation.PAYLOAD).locationName("RoleArn").build()).build();

    private static final SdkField PRINCIPAL_ARN_FIELD = SdkField. builder(MarshallingType.STRING)
            .memberName("PrincipalArn").getter(getter(AssumeRoleWithSamlRequest::principalArn))
            .setter(setter(Builder::principalArn))
            .traits(LocationTrait.builder().location(MarshallLocation.PAYLOAD).locationName("PrincipalArn").build()).build();

    private static final SdkField SAML_ASSERTION_FIELD = SdkField. builder(MarshallingType.STRING)
            .memberName("SAMLAssertion").getter(getter(AssumeRoleWithSamlRequest::samlAssertion))
            .setter(setter(Builder::samlAssertion))
            .traits(LocationTrait.builder().location(MarshallLocation.PAYLOAD).locationName("SAMLAssertion").build()).build();

    private static final SdkField> POLICY_ARNS_FIELD = SdkField
            .> builder(MarshallingType.LIST)
            .memberName("PolicyArns")
            .getter(getter(AssumeRoleWithSamlRequest::policyArns))
            .setter(setter(Builder::policyArns))
            .traits(LocationTrait.builder().location(MarshallLocation.PAYLOAD).locationName("PolicyArns").build(),
                    ListTrait
                            .builder()
                            .memberLocationName(null)
                            .memberFieldInfo(
                                    SdkField. builder(MarshallingType.SDK_POJO)
                                            .constructor(PolicyDescriptorType::builder)
                                            .traits(LocationTrait.builder().location(MarshallLocation.PAYLOAD)
                                                    .locationName("member").build()).build()).build()).build();

    private static final SdkField POLICY_FIELD = SdkField. builder(MarshallingType.STRING).memberName("Policy")
            .getter(getter(AssumeRoleWithSamlRequest::policy)).setter(setter(Builder::policy))
            .traits(LocationTrait.builder().location(MarshallLocation.PAYLOAD).locationName("Policy").build()).build();

    private static final SdkField DURATION_SECONDS_FIELD = SdkField. builder(MarshallingType.INTEGER)
            .memberName("DurationSeconds").getter(getter(AssumeRoleWithSamlRequest::durationSeconds))
            .setter(setter(Builder::durationSeconds))
            .traits(LocationTrait.builder().location(MarshallLocation.PAYLOAD).locationName("DurationSeconds").build()).build();

    private static final List> SDK_FIELDS = Collections.unmodifiableList(Arrays.asList(ROLE_ARN_FIELD,
            PRINCIPAL_ARN_FIELD, SAML_ASSERTION_FIELD, POLICY_ARNS_FIELD, POLICY_FIELD, DURATION_SECONDS_FIELD));

    private final String roleArn;

    private final String principalArn;

    private final String samlAssertion;

    private final List policyArns;

    private final String policy;

    private final Integer durationSeconds;

    private AssumeRoleWithSamlRequest(BuilderImpl builder) {
        super(builder);
        this.roleArn = builder.roleArn;
        this.principalArn = builder.principalArn;
        this.samlAssertion = builder.samlAssertion;
        this.policyArns = builder.policyArns;
        this.policy = builder.policy;
        this.durationSeconds = builder.durationSeconds;
    }

    /**
     * 

* The Amazon Resource Name (ARN) of the role that the caller is assuming. *

* * @return The Amazon Resource Name (ARN) of the role that the caller is assuming. */ public final String roleArn() { return roleArn; } /** *

* The Amazon Resource Name (ARN) of the SAML provider in IAM that describes the IdP. *

* * @return The Amazon Resource Name (ARN) of the SAML provider in IAM that describes the IdP. */ public final String principalArn() { return principalArn; } /** *

* The base64 encoded SAML authentication response provided by the IdP. *

*

* For more information, see Configuring a Relying * Party and Adding Claims in the IAM User Guide. *

* * @return The base64 encoded SAML authentication response provided by the IdP.

*

* For more information, see Configuring a * Relying Party and Adding Claims in the IAM User Guide. */ public final String samlAssertion() { return samlAssertion; } /** * For responses, this returns true if the service returned a value for the PolicyArns property. This DOES NOT check * that the value is non-empty (for which, you should check the {@code isEmpty()} method on the property). This is * useful because the SDK will never return a null collection or map, but you may need to differentiate between the * service returning nothing (or null) and the service returning an empty collection or map. For requests, this * returns true if a value for the property was specified in the request builder, and false if a value was not * specified. */ public final boolean hasPolicyArns() { return policyArns != null && !(policyArns instanceof SdkAutoConstructList); } /** *

* The Amazon Resource Names (ARNs) of the IAM managed policies that you want to use as managed session policies. * The policies must exist in the same account as the role. *

*

* This parameter is optional. You can provide up to 10 managed policy ARNs. However, the plaintext that you use for * both inline and managed session policies can't exceed 2,048 characters. For more information about ARNs, see Amazon Resource Names (ARNs) * and Amazon Web Services Service Namespaces in the Amazon Web Services General Reference. *

* *

* An Amazon Web Services conversion compresses the passed session policies and session tags into a packed binary * format that has a separate limit. Your request can fail for this limit even if your plaintext meets the other * requirements. The PackedPolicySize response element indicates by percentage how close the policies * and tags for your request are to the upper size limit. *

*
*

* Passing policies to this operation returns new temporary credentials. The resulting session's permissions are the * intersection of the role's identity-based policy and the session policies. You can use the role's temporary * credentials in subsequent Amazon Web Services API calls to access resources in the account that owns the role. * You cannot use session policies to grant more permissions than those allowed by the identity-based policy of the * role that is being assumed. For more information, see Session * Policies in the IAM User Guide. *

*

* Attempts to modify the collection returned by this method will result in an UnsupportedOperationException. *

*

* This method will never return null. If you would like to know whether the service returned this field (so that * you can differentiate between null and empty), you can use the {@link #hasPolicyArns} method. *

* * @return The Amazon Resource Names (ARNs) of the IAM managed policies that you want to use as managed session * policies. The policies must exist in the same account as the role.

*

* This parameter is optional. You can provide up to 10 managed policy ARNs. However, the plaintext that you * use for both inline and managed session policies can't exceed 2,048 characters. For more information * about ARNs, see Amazon Resource Names * (ARNs) and Amazon Web Services Service Namespaces in the Amazon Web Services General Reference. *

* *

* An Amazon Web Services conversion compresses the passed session policies and session tags into a packed * binary format that has a separate limit. Your request can fail for this limit even if your plaintext * meets the other requirements. The PackedPolicySize response element indicates by percentage * how close the policies and tags for your request are to the upper size limit. *

*
*

* Passing policies to this operation returns new temporary credentials. The resulting session's permissions * are the intersection of the role's identity-based policy and the session policies. You can use the role's * temporary credentials in subsequent Amazon Web Services API calls to access resources in the account that * owns the role. You cannot use session policies to grant more permissions than those allowed by the * identity-based policy of the role that is being assumed. For more information, see Session * Policies in the IAM User Guide. */ public final List policyArns() { return policyArns; } /** *

* An IAM policy in JSON format that you want to use as an inline session policy. *

*

* This parameter is optional. Passing policies to this operation returns new temporary credentials. The resulting * session's permissions are the intersection of the role's identity-based policy and the session policies. You can * use the role's temporary credentials in subsequent Amazon Web Services API calls to access resources in the * account that owns the role. You cannot use session policies to grant more permissions than those allowed by the * identity-based policy of the role that is being assumed. For more information, see Session * Policies in the IAM User Guide. *

*

* The plaintext that you use for both inline and managed session policies can't exceed 2,048 characters. The JSON * policy characters can be any ASCII character from the space character to the end of the valid character list ( * through \u00FF). It can also include the tab ( ), linefeed ( ), and carriage return ( ) characters. *

* *

* An Amazon Web Services conversion compresses the passed session policies and session tags into a packed binary * format that has a separate limit. Your request can fail for this limit even if your plaintext meets the other * requirements. The PackedPolicySize response element indicates by percentage how close the policies * and tags for your request are to the upper size limit. *

*
* * @return An IAM policy in JSON format that you want to use as an inline session policy.

*

* This parameter is optional. Passing policies to this operation returns new temporary credentials. The * resulting session's permissions are the intersection of the role's identity-based policy and the session * policies. You can use the role's temporary credentials in subsequent Amazon Web Services API calls to * access resources in the account that owns the role. You cannot use session policies to grant more * permissions than those allowed by the identity-based policy of the role that is being assumed. For more * information, see Session * Policies in the IAM User Guide. *

*

* The plaintext that you use for both inline and managed session policies can't exceed 2,048 characters. * The JSON policy characters can be any ASCII character from the space character to the end of the valid * character list ( through \u00FF). It can also include the tab ( ), linefeed ( ), and carriage return ( ) * characters. *

* *

* An Amazon Web Services conversion compresses the passed session policies and session tags into a packed * binary format that has a separate limit. Your request can fail for this limit even if your plaintext * meets the other requirements. The PackedPolicySize response element indicates by percentage * how close the policies and tags for your request are to the upper size limit. *

*/ public final String policy() { return policy; } /** *

* The duration, in seconds, of the role session. Your role session lasts for the duration that you specify for the * DurationSeconds parameter, or until the time specified in the SAML authentication response's * SessionNotOnOrAfter value, whichever is shorter. You can provide a DurationSeconds * value from 900 seconds (15 minutes) up to the maximum session duration setting for the role. This setting can * have a value from 1 hour to 12 hours. If you specify a value higher than this setting, the operation fails. For * example, if you specify a session duration of 12 hours, but your administrator set the maximum session duration * to 6 hours, your operation fails. To learn how to view the maximum value for your role, see View * the Maximum Session Duration Setting for a Role in the IAM User Guide. *

*

* By default, the value is set to 3600 seconds. *

* *

* The DurationSeconds parameter is separate from the duration of a console session that you might * request using the returned credentials. The request to the federation endpoint for a console sign-in token takes * a SessionDuration parameter that specifies the maximum length of the console session. For more * information, see Creating a URL that Enables Federated Users to Access the Amazon Web Services Management Console in the * IAM User Guide. *

*
* * @return The duration, in seconds, of the role session. Your role session lasts for the duration that you specify * for the DurationSeconds parameter, or until the time specified in the SAML authentication * response's SessionNotOnOrAfter value, whichever is shorter. You can provide a * DurationSeconds value from 900 seconds (15 minutes) up to the maximum session duration * setting for the role. This setting can have a value from 1 hour to 12 hours. If you specify a value * higher than this setting, the operation fails. For example, if you specify a session duration of 12 * hours, but your administrator set the maximum session duration to 6 hours, your operation fails. To learn * how to view the maximum value for your role, see View the Maximum Session Duration Setting for a Role in the IAM User Guide.

*

* By default, the value is set to 3600 seconds. *

* *

* The DurationSeconds parameter is separate from the duration of a console session that you * might request using the returned credentials. The request to the federation endpoint for a console * sign-in token takes a SessionDuration parameter that specifies the maximum length of the * console session. For more information, see Creating a URL that Enables Federated Users to Access the Amazon Web Services Management Console in * the IAM User Guide. *

*/ public final Integer durationSeconds() { return durationSeconds; } @Override public Builder toBuilder() { return new BuilderImpl(this); } public static Builder builder() { return new BuilderImpl(); } public static Class serializableBuilderClass() { return BuilderImpl.class; } @Override public final int hashCode() { int hashCode = 1; hashCode = 31 * hashCode + super.hashCode(); hashCode = 31 * hashCode + Objects.hashCode(roleArn()); hashCode = 31 * hashCode + Objects.hashCode(principalArn()); hashCode = 31 * hashCode + Objects.hashCode(samlAssertion()); hashCode = 31 * hashCode + Objects.hashCode(hasPolicyArns() ? policyArns() : null); hashCode = 31 * hashCode + Objects.hashCode(policy()); hashCode = 31 * hashCode + Objects.hashCode(durationSeconds()); return hashCode; } @Override public final boolean equals(Object obj) { return super.equals(obj) && equalsBySdkFields(obj); } @Override public final boolean equalsBySdkFields(Object obj) { if (this == obj) { return true; } if (obj == null) { return false; } if (!(obj instanceof AssumeRoleWithSamlRequest)) { return false; } AssumeRoleWithSamlRequest other = (AssumeRoleWithSamlRequest) obj; return Objects.equals(roleArn(), other.roleArn()) && Objects.equals(principalArn(), other.principalArn()) && Objects.equals(samlAssertion(), other.samlAssertion()) && hasPolicyArns() == other.hasPolicyArns() && Objects.equals(policyArns(), other.policyArns()) && Objects.equals(policy(), other.policy()) && Objects.equals(durationSeconds(), other.durationSeconds()); } /** * Returns a string representation of this object. This is useful for testing and debugging. Sensitive data will be * redacted from this string using a placeholder value. */ @Override public final String toString() { return ToString.builder("AssumeRoleWithSamlRequest").add("RoleArn", roleArn()).add("PrincipalArn", principalArn()) .add("SAMLAssertion", samlAssertion()).add("PolicyArns", hasPolicyArns() ? policyArns() : null) .add("Policy", policy()).add("DurationSeconds", durationSeconds()).build(); } public final Optional getValueForField(String fieldName, Class clazz) { switch (fieldName) { case "RoleArn": return Optional.ofNullable(clazz.cast(roleArn())); case "PrincipalArn": return Optional.ofNullable(clazz.cast(principalArn())); case "SAMLAssertion": return Optional.ofNullable(clazz.cast(samlAssertion())); case "PolicyArns": return Optional.ofNullable(clazz.cast(policyArns())); case "Policy": return Optional.ofNullable(clazz.cast(policy())); case "DurationSeconds": return Optional.ofNullable(clazz.cast(durationSeconds())); default: return Optional.empty(); } } @Override public final List> sdkFields() { return SDK_FIELDS; } private static Function getter(Function g) { return obj -> g.apply((AssumeRoleWithSamlRequest) obj); } private static BiConsumer setter(BiConsumer s) { return (obj, val) -> s.accept((Builder) obj, val); } public interface Builder extends StsRequest.Builder, SdkPojo, CopyableBuilder { /** *

* The Amazon Resource Name (ARN) of the role that the caller is assuming. *

* * @param roleArn * The Amazon Resource Name (ARN) of the role that the caller is assuming. * @return Returns a reference to this object so that method calls can be chained together. */ Builder roleArn(String roleArn); /** *

* The Amazon Resource Name (ARN) of the SAML provider in IAM that describes the IdP. *

* * @param principalArn * The Amazon Resource Name (ARN) of the SAML provider in IAM that describes the IdP. * @return Returns a reference to this object so that method calls can be chained together. */ Builder principalArn(String principalArn); /** *

* The base64 encoded SAML authentication response provided by the IdP. *

*

* For more information, see Configuring a Relying * Party and Adding Claims in the IAM User Guide. *

* * @param samlAssertion * The base64 encoded SAML authentication response provided by the IdP.

*

* For more information, see Configuring a * Relying Party and Adding Claims in the IAM User Guide. * @return Returns a reference to this object so that method calls can be chained together. */ Builder samlAssertion(String samlAssertion); /** *

* The Amazon Resource Names (ARNs) of the IAM managed policies that you want to use as managed session * policies. The policies must exist in the same account as the role. *

*

* This parameter is optional. You can provide up to 10 managed policy ARNs. However, the plaintext that you use * for both inline and managed session policies can't exceed 2,048 characters. For more information about ARNs, * see Amazon Resource * Names (ARNs) and Amazon Web Services Service Namespaces in the Amazon Web Services General Reference. *

* *

* An Amazon Web Services conversion compresses the passed session policies and session tags into a packed * binary format that has a separate limit. Your request can fail for this limit even if your plaintext meets * the other requirements. The PackedPolicySize response element indicates by percentage how close * the policies and tags for your request are to the upper size limit. *

*
*

* Passing policies to this operation returns new temporary credentials. The resulting session's permissions are * the intersection of the role's identity-based policy and the session policies. You can use the role's * temporary credentials in subsequent Amazon Web Services API calls to access resources in the account that * owns the role. You cannot use session policies to grant more permissions than those allowed by the * identity-based policy of the role that is being assumed. For more information, see Session * Policies in the IAM User Guide. *

* * @param policyArns * The Amazon Resource Names (ARNs) of the IAM managed policies that you want to use as managed session * policies. The policies must exist in the same account as the role.

*

* This parameter is optional. You can provide up to 10 managed policy ARNs. However, the plaintext that * you use for both inline and managed session policies can't exceed 2,048 characters. For more * information about ARNs, see Amazon Resource * Names (ARNs) and Amazon Web Services Service Namespaces in the Amazon Web Services General * Reference. *

* *

* An Amazon Web Services conversion compresses the passed session policies and session tags into a * packed binary format that has a separate limit. Your request can fail for this limit even if your * plaintext meets the other requirements. The PackedPolicySize response element indicates * by percentage how close the policies and tags for your request are to the upper size limit. *

*
*

* Passing policies to this operation returns new temporary credentials. The resulting session's * permissions are the intersection of the role's identity-based policy and the session policies. You can * use the role's temporary credentials in subsequent Amazon Web Services API calls to access resources * in the account that owns the role. You cannot use session policies to grant more permissions than * those allowed by the identity-based policy of the role that is being assumed. For more information, * see * Session Policies in the IAM User Guide. * @return Returns a reference to this object so that method calls can be chained together. */ Builder policyArns(Collection policyArns); /** *

* The Amazon Resource Names (ARNs) of the IAM managed policies that you want to use as managed session * policies. The policies must exist in the same account as the role. *

*

* This parameter is optional. You can provide up to 10 managed policy ARNs. However, the plaintext that you use * for both inline and managed session policies can't exceed 2,048 characters. For more information about ARNs, * see Amazon Resource * Names (ARNs) and Amazon Web Services Service Namespaces in the Amazon Web Services General Reference. *

* *

* An Amazon Web Services conversion compresses the passed session policies and session tags into a packed * binary format that has a separate limit. Your request can fail for this limit even if your plaintext meets * the other requirements. The PackedPolicySize response element indicates by percentage how close * the policies and tags for your request are to the upper size limit. *

*
*

* Passing policies to this operation returns new temporary credentials. The resulting session's permissions are * the intersection of the role's identity-based policy and the session policies. You can use the role's * temporary credentials in subsequent Amazon Web Services API calls to access resources in the account that * owns the role. You cannot use session policies to grant more permissions than those allowed by the * identity-based policy of the role that is being assumed. For more information, see Session * Policies in the IAM User Guide. *

* * @param policyArns * The Amazon Resource Names (ARNs) of the IAM managed policies that you want to use as managed session * policies. The policies must exist in the same account as the role.

*

* This parameter is optional. You can provide up to 10 managed policy ARNs. However, the plaintext that * you use for both inline and managed session policies can't exceed 2,048 characters. For more * information about ARNs, see Amazon Resource * Names (ARNs) and Amazon Web Services Service Namespaces in the Amazon Web Services General * Reference. *

* *

* An Amazon Web Services conversion compresses the passed session policies and session tags into a * packed binary format that has a separate limit. Your request can fail for this limit even if your * plaintext meets the other requirements. The PackedPolicySize response element indicates * by percentage how close the policies and tags for your request are to the upper size limit. *

*
*

* Passing policies to this operation returns new temporary credentials. The resulting session's * permissions are the intersection of the role's identity-based policy and the session policies. You can * use the role's temporary credentials in subsequent Amazon Web Services API calls to access resources * in the account that owns the role. You cannot use session policies to grant more permissions than * those allowed by the identity-based policy of the role that is being assumed. For more information, * see * Session Policies in the IAM User Guide. * @return Returns a reference to this object so that method calls can be chained together. */ Builder policyArns(PolicyDescriptorType... policyArns); /** *

* The Amazon Resource Names (ARNs) of the IAM managed policies that you want to use as managed session * policies. The policies must exist in the same account as the role. *

*

* This parameter is optional. You can provide up to 10 managed policy ARNs. However, the plaintext that you use * for both inline and managed session policies can't exceed 2,048 characters. For more information about ARNs, * see Amazon Resource * Names (ARNs) and Amazon Web Services Service Namespaces in the Amazon Web Services General Reference. *

* *

* An Amazon Web Services conversion compresses the passed session policies and session tags into a packed * binary format that has a separate limit. Your request can fail for this limit even if your plaintext meets * the other requirements. The PackedPolicySize response element indicates by percentage how close * the policies and tags for your request are to the upper size limit. *

*
*

* Passing policies to this operation returns new temporary credentials. The resulting session's permissions are * the intersection of the role's identity-based policy and the session policies. You can use the role's * temporary credentials in subsequent Amazon Web Services API calls to access resources in the account that * owns the role. You cannot use session policies to grant more permissions than those allowed by the * identity-based policy of the role that is being assumed. For more information, see Session * Policies in the IAM User Guide. *

* This is a convenience method that creates an instance of the {@link List.Builder} * avoiding the need to create one manually via {@link List#builder()}. * * When the {@link Consumer} completes, {@link List.Builder#build()} is called immediately * and its result is passed to {@link #policyArns(List)}. * * @param policyArns * a consumer that will call methods on {@link List.Builder} * @return Returns a reference to this object so that method calls can be chained together. * @see #policyArns(List) */ Builder policyArns(Consumer... policyArns); /** *

* An IAM policy in JSON format that you want to use as an inline session policy. *

*

* This parameter is optional. Passing policies to this operation returns new temporary credentials. The * resulting session's permissions are the intersection of the role's identity-based policy and the session * policies. You can use the role's temporary credentials in subsequent Amazon Web Services API calls to access * resources in the account that owns the role. You cannot use session policies to grant more permissions than * those allowed by the identity-based policy of the role that is being assumed. For more information, see Session * Policies in the IAM User Guide. *

*

* The plaintext that you use for both inline and managed session policies can't exceed 2,048 characters. The * JSON policy characters can be any ASCII character from the space character to the end of the valid character * list ( through \u00FF). It can also include the tab ( ), linefeed ( ), and carriage return ( ) characters. *

* *

* An Amazon Web Services conversion compresses the passed session policies and session tags into a packed * binary format that has a separate limit. Your request can fail for this limit even if your plaintext meets * the other requirements. The PackedPolicySize response element indicates by percentage how close * the policies and tags for your request are to the upper size limit. *

*
* * @param policy * An IAM policy in JSON format that you want to use as an inline session policy.

*

* This parameter is optional. Passing policies to this operation returns new temporary credentials. The * resulting session's permissions are the intersection of the role's identity-based policy and the * session policies. You can use the role's temporary credentials in subsequent Amazon Web Services API * calls to access resources in the account that owns the role. You cannot use session policies to grant * more permissions than those allowed by the identity-based policy of the role that is being assumed. * For more information, see Session * Policies in the IAM User Guide. *

*

* The plaintext that you use for both inline and managed session policies can't exceed 2,048 characters. * The JSON policy characters can be any ASCII character from the space character to the end of the valid * character list ( through \u00FF). It can also include the tab ( ), linefeed ( ), and carriage return ( * ) characters. *

* *

* An Amazon Web Services conversion compresses the passed session policies and session tags into a * packed binary format that has a separate limit. Your request can fail for this limit even if your * plaintext meets the other requirements. The PackedPolicySize response element indicates * by percentage how close the policies and tags for your request are to the upper size limit. *

* @return Returns a reference to this object so that method calls can be chained together. */ Builder policy(String policy); /** *

* The duration, in seconds, of the role session. Your role session lasts for the duration that you specify for * the DurationSeconds parameter, or until the time specified in the SAML authentication response's * SessionNotOnOrAfter value, whichever is shorter. You can provide a DurationSeconds * value from 900 seconds (15 minutes) up to the maximum session duration setting for the role. This setting can * have a value from 1 hour to 12 hours. If you specify a value higher than this setting, the operation fails. * For example, if you specify a session duration of 12 hours, but your administrator set the maximum session * duration to 6 hours, your operation fails. To learn how to view the maximum value for your role, see View * the Maximum Session Duration Setting for a Role in the IAM User Guide. *

*

* By default, the value is set to 3600 seconds. *

* *

* The DurationSeconds parameter is separate from the duration of a console session that you might * request using the returned credentials. The request to the federation endpoint for a console sign-in token * takes a SessionDuration parameter that specifies the maximum length of the console session. For * more information, see Creating a URL that Enables Federated Users to Access the Amazon Web Services Management Console in the * IAM User Guide. *

*
* * @param durationSeconds * The duration, in seconds, of the role session. Your role session lasts for the duration that you * specify for the DurationSeconds parameter, or until the time specified in the SAML * authentication response's SessionNotOnOrAfter value, whichever is shorter. You can * provide a DurationSeconds value from 900 seconds (15 minutes) up to the maximum session * duration setting for the role. This setting can have a value from 1 hour to 12 hours. If you specify a * value higher than this setting, the operation fails. For example, if you specify a session duration of * 12 hours, but your administrator set the maximum session duration to 6 hours, your operation fails. To * learn how to view the maximum value for your role, see View the Maximum Session Duration Setting for a Role in the IAM User Guide.

*

* By default, the value is set to 3600 seconds. *

* *

* The DurationSeconds parameter is separate from the duration of a console session that you * might request using the returned credentials. The request to the federation endpoint for a console * sign-in token takes a SessionDuration parameter that specifies the maximum length of the * console session. For more information, see Creating a URL that Enables Federated Users to Access the Amazon Web Services Management Console * in the IAM User Guide. *

* @return Returns a reference to this object so that method calls can be chained together. */ Builder durationSeconds(Integer durationSeconds); @Override Builder overrideConfiguration(AwsRequestOverrideConfiguration overrideConfiguration); @Override Builder overrideConfiguration(Consumer builderConsumer); } static final class BuilderImpl extends StsRequest.BuilderImpl implements Builder { private String roleArn; private String principalArn; private String samlAssertion; private List policyArns = DefaultSdkAutoConstructList.getInstance(); private String policy; private Integer durationSeconds; private BuilderImpl() { } private BuilderImpl(AssumeRoleWithSamlRequest model) { super(model); roleArn(model.roleArn); principalArn(model.principalArn); samlAssertion(model.samlAssertion); policyArns(model.policyArns); policy(model.policy); durationSeconds(model.durationSeconds); } public final String getRoleArn() { return roleArn; } public final void setRoleArn(String roleArn) { this.roleArn = roleArn; } @Override public final Builder roleArn(String roleArn) { this.roleArn = roleArn; return this; } public final String getPrincipalArn() { return principalArn; } public final void setPrincipalArn(String principalArn) { this.principalArn = principalArn; } @Override public final Builder principalArn(String principalArn) { this.principalArn = principalArn; return this; } public final String getSamlAssertion() { return samlAssertion; } public final void setSamlAssertion(String samlAssertion) { this.samlAssertion = samlAssertion; } @Override public final Builder samlAssertion(String samlAssertion) { this.samlAssertion = samlAssertion; return this; } public final List getPolicyArns() { List result = _policyDescriptorListTypeCopier.copyToBuilder(this.policyArns); if (result instanceof SdkAutoConstructList) { return null; } return result; } public final void setPolicyArns(Collection policyArns) { this.policyArns = _policyDescriptorListTypeCopier.copyFromBuilder(policyArns); } @Override public final Builder policyArns(Collection policyArns) { this.policyArns = _policyDescriptorListTypeCopier.copy(policyArns); return this; } @Override @SafeVarargs public final Builder policyArns(PolicyDescriptorType... policyArns) { policyArns(Arrays.asList(policyArns)); return this; } @Override @SafeVarargs public final Builder policyArns(Consumer... policyArns) { policyArns(Stream.of(policyArns).map(c -> PolicyDescriptorType.builder().applyMutation(c).build()) .collect(Collectors.toList())); return this; } public final String getPolicy() { return policy; } public final void setPolicy(String policy) { this.policy = policy; } @Override public final Builder policy(String policy) { this.policy = policy; return this; } public final Integer getDurationSeconds() { return durationSeconds; } public final void setDurationSeconds(Integer durationSeconds) { this.durationSeconds = durationSeconds; } @Override public final Builder durationSeconds(Integer durationSeconds) { this.durationSeconds = durationSeconds; return this; } @Override public Builder overrideConfiguration(AwsRequestOverrideConfiguration overrideConfiguration) { super.overrideConfiguration(overrideConfiguration); return this; } @Override public Builder overrideConfiguration(Consumer builderConsumer) { super.overrideConfiguration(builderConsumer); return this; } @Override public AssumeRoleWithSamlRequest build() { return new AssumeRoleWithSamlRequest(this); } @Override public List> sdkFields() { return SDK_FIELDS; } } }




© 2015 - 2025 Weber Informatics LLC | Privacy Policy