software.amazon.awssdk.services.sts.model.AssumeRoleWithSamlRequest Maven / Gradle / Ivy
Show all versions of sts Show documentation
/*
* Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance with
* the License. A copy of the License is located at
*
* http://aws.amazon.com/apache2.0
*
* or in the "license" file accompanying this file. This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
* CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions
* and limitations under the License.
*/
package software.amazon.awssdk.services.sts.model;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.List;
import java.util.Objects;
import java.util.Optional;
import java.util.function.BiConsumer;
import java.util.function.Consumer;
import java.util.function.Function;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import software.amazon.awssdk.annotations.Generated;
import software.amazon.awssdk.awscore.AwsRequestOverrideConfiguration;
import software.amazon.awssdk.core.SdkField;
import software.amazon.awssdk.core.SdkPojo;
import software.amazon.awssdk.core.protocol.MarshallLocation;
import software.amazon.awssdk.core.protocol.MarshallingType;
import software.amazon.awssdk.core.traits.ListTrait;
import software.amazon.awssdk.core.traits.LocationTrait;
import software.amazon.awssdk.core.util.DefaultSdkAutoConstructList;
import software.amazon.awssdk.core.util.SdkAutoConstructList;
import software.amazon.awssdk.utils.ToString;
import software.amazon.awssdk.utils.builder.CopyableBuilder;
import software.amazon.awssdk.utils.builder.ToCopyableBuilder;
/**
*/
@Generated("software.amazon.awssdk:codegen")
public final class AssumeRoleWithSamlRequest extends StsRequest implements
ToCopyableBuilder {
private static final SdkField ROLE_ARN_FIELD = SdkField. builder(MarshallingType.STRING)
.memberName("RoleArn").getter(getter(AssumeRoleWithSamlRequest::roleArn)).setter(setter(Builder::roleArn))
.traits(LocationTrait.builder().location(MarshallLocation.PAYLOAD).locationName("RoleArn").build()).build();
private static final SdkField PRINCIPAL_ARN_FIELD = SdkField. builder(MarshallingType.STRING)
.memberName("PrincipalArn").getter(getter(AssumeRoleWithSamlRequest::principalArn))
.setter(setter(Builder::principalArn))
.traits(LocationTrait.builder().location(MarshallLocation.PAYLOAD).locationName("PrincipalArn").build()).build();
private static final SdkField SAML_ASSERTION_FIELD = SdkField. builder(MarshallingType.STRING)
.memberName("SAMLAssertion").getter(getter(AssumeRoleWithSamlRequest::samlAssertion))
.setter(setter(Builder::samlAssertion))
.traits(LocationTrait.builder().location(MarshallLocation.PAYLOAD).locationName("SAMLAssertion").build()).build();
private static final SdkField> POLICY_ARNS_FIELD = SdkField
.> builder(MarshallingType.LIST)
.memberName("PolicyArns")
.getter(getter(AssumeRoleWithSamlRequest::policyArns))
.setter(setter(Builder::policyArns))
.traits(LocationTrait.builder().location(MarshallLocation.PAYLOAD).locationName("PolicyArns").build(),
ListTrait
.builder()
.memberLocationName(null)
.memberFieldInfo(
SdkField. builder(MarshallingType.SDK_POJO)
.constructor(PolicyDescriptorType::builder)
.traits(LocationTrait.builder().location(MarshallLocation.PAYLOAD)
.locationName("member").build()).build()).build()).build();
private static final SdkField POLICY_FIELD = SdkField. builder(MarshallingType.STRING).memberName("Policy")
.getter(getter(AssumeRoleWithSamlRequest::policy)).setter(setter(Builder::policy))
.traits(LocationTrait.builder().location(MarshallLocation.PAYLOAD).locationName("Policy").build()).build();
private static final SdkField DURATION_SECONDS_FIELD = SdkField. builder(MarshallingType.INTEGER)
.memberName("DurationSeconds").getter(getter(AssumeRoleWithSamlRequest::durationSeconds))
.setter(setter(Builder::durationSeconds))
.traits(LocationTrait.builder().location(MarshallLocation.PAYLOAD).locationName("DurationSeconds").build()).build();
private static final List> SDK_FIELDS = Collections.unmodifiableList(Arrays.asList(ROLE_ARN_FIELD,
PRINCIPAL_ARN_FIELD, SAML_ASSERTION_FIELD, POLICY_ARNS_FIELD, POLICY_FIELD, DURATION_SECONDS_FIELD));
private final String roleArn;
private final String principalArn;
private final String samlAssertion;
private final List policyArns;
private final String policy;
private final Integer durationSeconds;
private AssumeRoleWithSamlRequest(BuilderImpl builder) {
super(builder);
this.roleArn = builder.roleArn;
this.principalArn = builder.principalArn;
this.samlAssertion = builder.samlAssertion;
this.policyArns = builder.policyArns;
this.policy = builder.policy;
this.durationSeconds = builder.durationSeconds;
}
/**
*
* The Amazon Resource Name (ARN) of the role that the caller is assuming.
*
*
* @return The Amazon Resource Name (ARN) of the role that the caller is assuming.
*/
public final String roleArn() {
return roleArn;
}
/**
*
* The Amazon Resource Name (ARN) of the SAML provider in IAM that describes the IdP.
*
*
* @return The Amazon Resource Name (ARN) of the SAML provider in IAM that describes the IdP.
*/
public final String principalArn() {
return principalArn;
}
/**
*
* The base64 encoded SAML authentication response provided by the IdP.
*
*
* For more information, see Configuring a Relying
* Party and Adding Claims in the IAM User Guide.
*
*
* @return The base64 encoded SAML authentication response provided by the IdP.
*
* For more information, see Configuring a
* Relying Party and Adding Claims in the IAM User Guide.
*/
public final String samlAssertion() {
return samlAssertion;
}
/**
* For responses, this returns true if the service returned a value for the PolicyArns property. This DOES NOT check
* that the value is non-empty (for which, you should check the {@code isEmpty()} method on the property). This is
* useful because the SDK will never return a null collection or map, but you may need to differentiate between the
* service returning nothing (or null) and the service returning an empty collection or map. For requests, this
* returns true if a value for the property was specified in the request builder, and false if a value was not
* specified.
*/
public final boolean hasPolicyArns() {
return policyArns != null && !(policyArns instanceof SdkAutoConstructList);
}
/**
*
* The Amazon Resource Names (ARNs) of the IAM managed policies that you want to use as managed session policies.
* The policies must exist in the same account as the role.
*
*
* This parameter is optional. You can provide up to 10 managed policy ARNs. However, the plaintext that you use for
* both inline and managed session policies can't exceed 2,048 characters. For more information about ARNs, see Amazon Resource Names (ARNs)
* and Amazon Web Services Service Namespaces in the Amazon Web Services General Reference.
*
*
*
* An Amazon Web Services conversion compresses the passed inline session policy, managed policy ARNs, and session
* tags into a packed binary format that has a separate limit. Your request can fail for this limit even if your
* plaintext meets the other requirements. The PackedPolicySize response element indicates by
* percentage how close the policies and tags for your request are to the upper size limit.
*
*
*
* Passing policies to this operation returns new temporary credentials. The resulting session's permissions are the
* intersection of the role's identity-based policy and the session policies. You can use the role's temporary
* credentials in subsequent Amazon Web Services API calls to access resources in the account that owns the role.
* You cannot use session policies to grant more permissions than those allowed by the identity-based policy of the
* role that is being assumed. For more information, see Session
* Policies in the IAM User Guide.
*
*
* Attempts to modify the collection returned by this method will result in an UnsupportedOperationException.
*
*
* This method will never return null. If you would like to know whether the service returned this field (so that
* you can differentiate between null and empty), you can use the {@link #hasPolicyArns} method.
*
*
* @return The Amazon Resource Names (ARNs) of the IAM managed policies that you want to use as managed session
* policies. The policies must exist in the same account as the role.
*
* This parameter is optional. You can provide up to 10 managed policy ARNs. However, the plaintext that you
* use for both inline and managed session policies can't exceed 2,048 characters. For more information
* about ARNs, see Amazon Resource Names
* (ARNs) and Amazon Web Services Service Namespaces in the Amazon Web Services General Reference.
*
*
*
* An Amazon Web Services conversion compresses the passed inline session policy, managed policy ARNs, and
* session tags into a packed binary format that has a separate limit. Your request can fail for this limit
* even if your plaintext meets the other requirements. The PackedPolicySize response element
* indicates by percentage how close the policies and tags for your request are to the upper size limit.
*
*
*
* Passing policies to this operation returns new temporary credentials. The resulting session's permissions
* are the intersection of the role's identity-based policy and the session policies. You can use the role's
* temporary credentials in subsequent Amazon Web Services API calls to access resources in the account that
* owns the role. You cannot use session policies to grant more permissions than those allowed by the
* identity-based policy of the role that is being assumed. For more information, see Session
* Policies in the IAM User Guide.
*/
public final List policyArns() {
return policyArns;
}
/**
*
* An IAM policy in JSON format that you want to use as an inline session policy.
*
*
* This parameter is optional. Passing policies to this operation returns new temporary credentials. The resulting
* session's permissions are the intersection of the role's identity-based policy and the session policies. You can
* use the role's temporary credentials in subsequent Amazon Web Services API calls to access resources in the
* account that owns the role. You cannot use session policies to grant more permissions than those allowed by the
* identity-based policy of the role that is being assumed. For more information, see Session
* Policies in the IAM User Guide.
*
*
* The plaintext that you use for both inline and managed session policies can't exceed 2,048 characters. The JSON
* policy characters can be any ASCII character from the space character to the end of the valid character list (
* through \u00FF). It can also include the tab ( ), linefeed ( ), and carriage return ( ) characters.
*
*
*
* An Amazon Web Services conversion compresses the passed inline session policy, managed policy ARNs, and session
* tags into a packed binary format that has a separate limit. Your request can fail for this limit even if your
* plaintext meets the other requirements. The PackedPolicySize response element indicates by
* percentage how close the policies and tags for your request are to the upper size limit.
*
*
*
* @return An IAM policy in JSON format that you want to use as an inline session policy.
*
* This parameter is optional. Passing policies to this operation returns new temporary credentials. The
* resulting session's permissions are the intersection of the role's identity-based policy and the session
* policies. You can use the role's temporary credentials in subsequent Amazon Web Services API calls to
* access resources in the account that owns the role. You cannot use session policies to grant more
* permissions than those allowed by the identity-based policy of the role that is being assumed. For more
* information, see Session
* Policies in the IAM User Guide.
*
*
* The plaintext that you use for both inline and managed session policies can't exceed 2,048 characters.
* The JSON policy characters can be any ASCII character from the space character to the end of the valid
* character list ( through \u00FF). It can also include the tab ( ), linefeed ( ), and carriage return ( )
* characters.
*
*
*
* An Amazon Web Services conversion compresses the passed inline session policy, managed policy ARNs, and
* session tags into a packed binary format that has a separate limit. Your request can fail for this limit
* even if your plaintext meets the other requirements. The PackedPolicySize response element
* indicates by percentage how close the policies and tags for your request are to the upper size limit.
*
*/
public final String policy() {
return policy;
}
/**
*
* The duration, in seconds, of the role session. Your role session lasts for the duration that you specify for the
* DurationSeconds parameter, or until the time specified in the SAML authentication response's
* SessionNotOnOrAfter value, whichever is shorter. You can provide a DurationSeconds
* value from 900 seconds (15 minutes) up to the maximum session duration setting for the role. This setting can
* have a value from 1 hour to 12 hours. If you specify a value higher than this setting, the operation fails. For
* example, if you specify a session duration of 12 hours, but your administrator set the maximum session duration
* to 6 hours, your operation fails. To learn how to view the maximum value for your role, see View
* the Maximum Session Duration Setting for a Role in the IAM User Guide.
*
*
* By default, the value is set to 3600 seconds.
*
*
*
* The DurationSeconds parameter is separate from the duration of a console session that you might
* request using the returned credentials. The request to the federation endpoint for a console sign-in token takes
* a SessionDuration parameter that specifies the maximum length of the console session. For more
* information, see Creating a URL that Enables Federated Users to Access the Amazon Web Services Management Console in the
* IAM User Guide.
*
*
*
* @return The duration, in seconds, of the role session. Your role session lasts for the duration that you specify
* for the DurationSeconds parameter, or until the time specified in the SAML authentication
* response's SessionNotOnOrAfter value, whichever is shorter. You can provide a
* DurationSeconds value from 900 seconds (15 minutes) up to the maximum session duration
* setting for the role. This setting can have a value from 1 hour to 12 hours. If you specify a value
* higher than this setting, the operation fails. For example, if you specify a session duration of 12
* hours, but your administrator set the maximum session duration to 6 hours, your operation fails. To learn
* how to view the maximum value for your role, see View the Maximum Session Duration Setting for a Role in the IAM User Guide.
*
* By default, the value is set to 3600 seconds.
*
*
*
* The DurationSeconds parameter is separate from the duration of a console session that you
* might request using the returned credentials. The request to the federation endpoint for a console
* sign-in token takes a SessionDuration parameter that specifies the maximum length of the
* console session. For more information, see Creating a URL that Enables Federated Users to Access the Amazon Web Services Management Console in
* the IAM User Guide.
*
*/
public final Integer durationSeconds() {
return durationSeconds;
}
@Override
public Builder toBuilder() {
return new BuilderImpl(this);
}
public static Builder builder() {
return new BuilderImpl();
}
public static Class serializableBuilderClass() {
return BuilderImpl.class;
}
@Override
public final int hashCode() {
int hashCode = 1;
hashCode = 31 * hashCode + super.hashCode();
hashCode = 31 * hashCode + Objects.hashCode(roleArn());
hashCode = 31 * hashCode + Objects.hashCode(principalArn());
hashCode = 31 * hashCode + Objects.hashCode(samlAssertion());
hashCode = 31 * hashCode + Objects.hashCode(hasPolicyArns() ? policyArns() : null);
hashCode = 31 * hashCode + Objects.hashCode(policy());
hashCode = 31 * hashCode + Objects.hashCode(durationSeconds());
return hashCode;
}
@Override
public final boolean equals(Object obj) {
return super.equals(obj) && equalsBySdkFields(obj);
}
@Override
public final boolean equalsBySdkFields(Object obj) {
if (this == obj) {
return true;
}
if (obj == null) {
return false;
}
if (!(obj instanceof AssumeRoleWithSamlRequest)) {
return false;
}
AssumeRoleWithSamlRequest other = (AssumeRoleWithSamlRequest) obj;
return Objects.equals(roleArn(), other.roleArn()) && Objects.equals(principalArn(), other.principalArn())
&& Objects.equals(samlAssertion(), other.samlAssertion()) && hasPolicyArns() == other.hasPolicyArns()
&& Objects.equals(policyArns(), other.policyArns()) && Objects.equals(policy(), other.policy())
&& Objects.equals(durationSeconds(), other.durationSeconds());
}
/**
* Returns a string representation of this object. This is useful for testing and debugging. Sensitive data will be
* redacted from this string using a placeholder value.
*/
@Override
public final String toString() {
return ToString.builder("AssumeRoleWithSamlRequest").add("RoleArn", roleArn()).add("PrincipalArn", principalArn())
.add("SAMLAssertion", samlAssertion() == null ? null : "*** Sensitive Data Redacted ***")
.add("PolicyArns", hasPolicyArns() ? policyArns() : null).add("Policy", policy())
.add("DurationSeconds", durationSeconds()).build();
}
public final Optional getValueForField(String fieldName, Class clazz) {
switch (fieldName) {
case "RoleArn":
return Optional.ofNullable(clazz.cast(roleArn()));
case "PrincipalArn":
return Optional.ofNullable(clazz.cast(principalArn()));
case "SAMLAssertion":
return Optional.ofNullable(clazz.cast(samlAssertion()));
case "PolicyArns":
return Optional.ofNullable(clazz.cast(policyArns()));
case "Policy":
return Optional.ofNullable(clazz.cast(policy()));
case "DurationSeconds":
return Optional.ofNullable(clazz.cast(durationSeconds()));
default:
return Optional.empty();
}
}
@Override
public final List> sdkFields() {
return SDK_FIELDS;
}
private static Function getter(Function g) {
return obj -> g.apply((AssumeRoleWithSamlRequest) obj);
}
private static BiConsumer setter(BiConsumer s) {
return (obj, val) -> s.accept((Builder) obj, val);
}
public interface Builder extends StsRequest.Builder, SdkPojo, CopyableBuilder {
/**
*
* The Amazon Resource Name (ARN) of the role that the caller is assuming.
*
*
* @param roleArn
* The Amazon Resource Name (ARN) of the role that the caller is assuming.
* @return Returns a reference to this object so that method calls can be chained together.
*/
Builder roleArn(String roleArn);
/**
*
* The Amazon Resource Name (ARN) of the SAML provider in IAM that describes the IdP.
*
*
* @param principalArn
* The Amazon Resource Name (ARN) of the SAML provider in IAM that describes the IdP.
* @return Returns a reference to this object so that method calls can be chained together.
*/
Builder principalArn(String principalArn);
/**
*
* The base64 encoded SAML authentication response provided by the IdP.
*
*
* For more information, see Configuring a Relying
* Party and Adding Claims in the IAM User Guide.
*
*
* @param samlAssertion
* The base64 encoded SAML authentication response provided by the IdP.
*
* For more information, see Configuring a
* Relying Party and Adding Claims in the IAM User Guide.
* @return Returns a reference to this object so that method calls can be chained together.
*/
Builder samlAssertion(String samlAssertion);
/**
*
* The Amazon Resource Names (ARNs) of the IAM managed policies that you want to use as managed session
* policies. The policies must exist in the same account as the role.
*
*
* This parameter is optional. You can provide up to 10 managed policy ARNs. However, the plaintext that you use
* for both inline and managed session policies can't exceed 2,048 characters. For more information about ARNs,
* see Amazon Resource
* Names (ARNs) and Amazon Web Services Service Namespaces in the Amazon Web Services General Reference.
*
*
*
* An Amazon Web Services conversion compresses the passed inline session policy, managed policy ARNs, and
* session tags into a packed binary format that has a separate limit. Your request can fail for this limit even
* if your plaintext meets the other requirements. The PackedPolicySize response element indicates
* by percentage how close the policies and tags for your request are to the upper size limit.
*
*
*
* Passing policies to this operation returns new temporary credentials. The resulting session's permissions are
* the intersection of the role's identity-based policy and the session policies. You can use the role's
* temporary credentials in subsequent Amazon Web Services API calls to access resources in the account that
* owns the role. You cannot use session policies to grant more permissions than those allowed by the
* identity-based policy of the role that is being assumed. For more information, see Session
* Policies in the IAM User Guide.
*
*
* @param policyArns
* The Amazon Resource Names (ARNs) of the IAM managed policies that you want to use as managed session
* policies. The policies must exist in the same account as the role.
*
* This parameter is optional. You can provide up to 10 managed policy ARNs. However, the plaintext that
* you use for both inline and managed session policies can't exceed 2,048 characters. For more
* information about ARNs, see Amazon Resource
* Names (ARNs) and Amazon Web Services Service Namespaces in the Amazon Web Services General
* Reference.
*
*
*
* An Amazon Web Services conversion compresses the passed inline session policy, managed policy ARNs,
* and session tags into a packed binary format that has a separate limit. Your request can fail for this
* limit even if your plaintext meets the other requirements. The PackedPolicySize response
* element indicates by percentage how close the policies and tags for your request are to the upper size
* limit.
*
*
*
* Passing policies to this operation returns new temporary credentials. The resulting session's
* permissions are the intersection of the role's identity-based policy and the session policies. You can
* use the role's temporary credentials in subsequent Amazon Web Services API calls to access resources
* in the account that owns the role. You cannot use session policies to grant more permissions than
* those allowed by the identity-based policy of the role that is being assumed. For more information,
* see
* Session Policies in the IAM User Guide.
* @return Returns a reference to this object so that method calls can be chained together.
*/
Builder policyArns(Collection policyArns);
/**
*
* The Amazon Resource Names (ARNs) of the IAM managed policies that you want to use as managed session
* policies. The policies must exist in the same account as the role.
*
*
* This parameter is optional. You can provide up to 10 managed policy ARNs. However, the plaintext that you use
* for both inline and managed session policies can't exceed 2,048 characters. For more information about ARNs,
* see Amazon Resource
* Names (ARNs) and Amazon Web Services Service Namespaces in the Amazon Web Services General Reference.
*
*
*
* An Amazon Web Services conversion compresses the passed inline session policy, managed policy ARNs, and
* session tags into a packed binary format that has a separate limit. Your request can fail for this limit even
* if your plaintext meets the other requirements. The PackedPolicySize response element indicates
* by percentage how close the policies and tags for your request are to the upper size limit.
*
*
*
* Passing policies to this operation returns new temporary credentials. The resulting session's permissions are
* the intersection of the role's identity-based policy and the session policies. You can use the role's
* temporary credentials in subsequent Amazon Web Services API calls to access resources in the account that
* owns the role. You cannot use session policies to grant more permissions than those allowed by the
* identity-based policy of the role that is being assumed. For more information, see Session
* Policies in the IAM User Guide.
*
*
* @param policyArns
* The Amazon Resource Names (ARNs) of the IAM managed policies that you want to use as managed session
* policies. The policies must exist in the same account as the role.
*
* This parameter is optional. You can provide up to 10 managed policy ARNs. However, the plaintext that
* you use for both inline and managed session policies can't exceed 2,048 characters. For more
* information about ARNs, see Amazon Resource
* Names (ARNs) and Amazon Web Services Service Namespaces in the Amazon Web Services General
* Reference.
*
*
*
* An Amazon Web Services conversion compresses the passed inline session policy, managed policy ARNs,
* and session tags into a packed binary format that has a separate limit. Your request can fail for this
* limit even if your plaintext meets the other requirements. The PackedPolicySize response
* element indicates by percentage how close the policies and tags for your request are to the upper size
* limit.
*
*
*
* Passing policies to this operation returns new temporary credentials. The resulting session's
* permissions are the intersection of the role's identity-based policy and the session policies. You can
* use the role's temporary credentials in subsequent Amazon Web Services API calls to access resources
* in the account that owns the role. You cannot use session policies to grant more permissions than
* those allowed by the identity-based policy of the role that is being assumed. For more information,
* see
* Session Policies in the IAM User Guide.
* @return Returns a reference to this object so that method calls can be chained together.
*/
Builder policyArns(PolicyDescriptorType... policyArns);
/**
*
* The Amazon Resource Names (ARNs) of the IAM managed policies that you want to use as managed session
* policies. The policies must exist in the same account as the role.
*
*
* This parameter is optional. You can provide up to 10 managed policy ARNs. However, the plaintext that you use
* for both inline and managed session policies can't exceed 2,048 characters. For more information about ARNs,
* see Amazon Resource
* Names (ARNs) and Amazon Web Services Service Namespaces in the Amazon Web Services General Reference.
*
*
*
* An Amazon Web Services conversion compresses the passed inline session policy, managed policy ARNs, and
* session tags into a packed binary format that has a separate limit. Your request can fail for this limit even
* if your plaintext meets the other requirements. The PackedPolicySize response element indicates
* by percentage how close the policies and tags for your request are to the upper size limit.
*
*
*
* Passing policies to this operation returns new temporary credentials. The resulting session's permissions are
* the intersection of the role's identity-based policy and the session policies. You can use the role's
* temporary credentials in subsequent Amazon Web Services API calls to access resources in the account that
* owns the role. You cannot use session policies to grant more permissions than those allowed by the
* identity-based policy of the role that is being assumed. For more information, see Session
* Policies in the IAM User Guide.
*
* This is a convenience method that creates an instance of the
* {@link software.amazon.awssdk.services.sts.model.PolicyDescriptorType.Builder} avoiding the need to create
* one manually via {@link software.amazon.awssdk.services.sts.model.PolicyDescriptorType#builder()}.
*
*
* When the {@link Consumer} completes,
* {@link software.amazon.awssdk.services.sts.model.PolicyDescriptorType.Builder#build()} is called immediately
* and its result is passed to {@link #policyArns(List)}.
*
* @param policyArns
* a consumer that will call methods on
* {@link software.amazon.awssdk.services.sts.model.PolicyDescriptorType.Builder}
* @return Returns a reference to this object so that method calls can be chained together.
* @see #policyArns(java.util.Collection)
*/
Builder policyArns(Consumer... policyArns);
/**
*
* An IAM policy in JSON format that you want to use as an inline session policy.
*
*
* This parameter is optional. Passing policies to this operation returns new temporary credentials. The
* resulting session's permissions are the intersection of the role's identity-based policy and the session
* policies. You can use the role's temporary credentials in subsequent Amazon Web Services API calls to access
* resources in the account that owns the role. You cannot use session policies to grant more permissions than
* those allowed by the identity-based policy of the role that is being assumed. For more information, see Session
* Policies in the IAM User Guide.
*
*
* The plaintext that you use for both inline and managed session policies can't exceed 2,048 characters. The
* JSON policy characters can be any ASCII character from the space character to the end of the valid character
* list ( through \u00FF). It can also include the tab ( ), linefeed ( ), and carriage return ( ) characters.
*
*
*
* An Amazon Web Services conversion compresses the passed inline session policy, managed policy ARNs, and
* session tags into a packed binary format that has a separate limit. Your request can fail for this limit even
* if your plaintext meets the other requirements. The PackedPolicySize response element indicates
* by percentage how close the policies and tags for your request are to the upper size limit.
*
*
*
* @param policy
* An IAM policy in JSON format that you want to use as an inline session policy.
*
* This parameter is optional. Passing policies to this operation returns new temporary credentials. The
* resulting session's permissions are the intersection of the role's identity-based policy and the
* session policies. You can use the role's temporary credentials in subsequent Amazon Web Services API
* calls to access resources in the account that owns the role. You cannot use session policies to grant
* more permissions than those allowed by the identity-based policy of the role that is being assumed.
* For more information, see Session
* Policies in the IAM User Guide.
*
*
* The plaintext that you use for both inline and managed session policies can't exceed 2,048 characters.
* The JSON policy characters can be any ASCII character from the space character to the end of the valid
* character list ( through \u00FF). It can also include the tab ( ), linefeed ( ), and carriage return (
* ) characters.
*
*
*
* An Amazon Web Services conversion compresses the passed inline session policy, managed policy ARNs,
* and session tags into a packed binary format that has a separate limit. Your request can fail for this
* limit even if your plaintext meets the other requirements. The PackedPolicySize response
* element indicates by percentage how close the policies and tags for your request are to the upper size
* limit.
*
* @return Returns a reference to this object so that method calls can be chained together.
*/
Builder policy(String policy);
/**
*
* The duration, in seconds, of the role session. Your role session lasts for the duration that you specify for
* the DurationSeconds parameter, or until the time specified in the SAML authentication response's
* SessionNotOnOrAfter value, whichever is shorter. You can provide a DurationSeconds
* value from 900 seconds (15 minutes) up to the maximum session duration setting for the role. This setting can
* have a value from 1 hour to 12 hours. If you specify a value higher than this setting, the operation fails.
* For example, if you specify a session duration of 12 hours, but your administrator set the maximum session
* duration to 6 hours, your operation fails. To learn how to view the maximum value for your role, see View
* the Maximum Session Duration Setting for a Role in the IAM User Guide.
*
*
* By default, the value is set to 3600 seconds.
*
*
*
* The DurationSeconds parameter is separate from the duration of a console session that you might
* request using the returned credentials. The request to the federation endpoint for a console sign-in token
* takes a SessionDuration parameter that specifies the maximum length of the console session. For
* more information, see Creating a URL that Enables Federated Users to Access the Amazon Web Services Management Console in the
* IAM User Guide.
*
*
*
* @param durationSeconds
* The duration, in seconds, of the role session. Your role session lasts for the duration that you
* specify for the DurationSeconds parameter, or until the time specified in the SAML
* authentication response's SessionNotOnOrAfter value, whichever is shorter. You can
* provide a DurationSeconds value from 900 seconds (15 minutes) up to the maximum session
* duration setting for the role. This setting can have a value from 1 hour to 12 hours. If you specify a
* value higher than this setting, the operation fails. For example, if you specify a session duration of
* 12 hours, but your administrator set the maximum session duration to 6 hours, your operation fails. To
* learn how to view the maximum value for your role, see View the Maximum Session Duration Setting for a Role in the IAM User Guide.
*
* By default, the value is set to 3600 seconds.
*
*
*
* The DurationSeconds parameter is separate from the duration of a console session that you
* might request using the returned credentials. The request to the federation endpoint for a console
* sign-in token takes a SessionDuration parameter that specifies the maximum length of the
* console session. For more information, see Creating a URL that Enables Federated Users to Access the Amazon Web Services Management Console
* in the IAM User Guide.
*
* @return Returns a reference to this object so that method calls can be chained together.
*/
Builder durationSeconds(Integer durationSeconds);
@Override
Builder overrideConfiguration(AwsRequestOverrideConfiguration overrideConfiguration);
@Override
Builder overrideConfiguration(Consumer builderConsumer);
}
static final class BuilderImpl extends StsRequest.BuilderImpl implements Builder {
private String roleArn;
private String principalArn;
private String samlAssertion;
private List policyArns = DefaultSdkAutoConstructList.getInstance();
private String policy;
private Integer durationSeconds;
private BuilderImpl() {
}
private BuilderImpl(AssumeRoleWithSamlRequest model) {
super(model);
roleArn(model.roleArn);
principalArn(model.principalArn);
samlAssertion(model.samlAssertion);
policyArns(model.policyArns);
policy(model.policy);
durationSeconds(model.durationSeconds);
}
public final String getRoleArn() {
return roleArn;
}
public final void setRoleArn(String roleArn) {
this.roleArn = roleArn;
}
@Override
public final Builder roleArn(String roleArn) {
this.roleArn = roleArn;
return this;
}
public final String getPrincipalArn() {
return principalArn;
}
public final void setPrincipalArn(String principalArn) {
this.principalArn = principalArn;
}
@Override
public final Builder principalArn(String principalArn) {
this.principalArn = principalArn;
return this;
}
public final String getSamlAssertion() {
return samlAssertion;
}
public final void setSamlAssertion(String samlAssertion) {
this.samlAssertion = samlAssertion;
}
@Override
public final Builder samlAssertion(String samlAssertion) {
this.samlAssertion = samlAssertion;
return this;
}
public final List getPolicyArns() {
List result = _policyDescriptorListTypeCopier.copyToBuilder(this.policyArns);
if (result instanceof SdkAutoConstructList) {
return null;
}
return result;
}
public final void setPolicyArns(Collection policyArns) {
this.policyArns = _policyDescriptorListTypeCopier.copyFromBuilder(policyArns);
}
@Override
public final Builder policyArns(Collection policyArns) {
this.policyArns = _policyDescriptorListTypeCopier.copy(policyArns);
return this;
}
@Override
@SafeVarargs
public final Builder policyArns(PolicyDescriptorType... policyArns) {
policyArns(Arrays.asList(policyArns));
return this;
}
@Override
@SafeVarargs
public final Builder policyArns(Consumer... policyArns) {
policyArns(Stream.of(policyArns).map(c -> PolicyDescriptorType.builder().applyMutation(c).build())
.collect(Collectors.toList()));
return this;
}
public final String getPolicy() {
return policy;
}
public final void setPolicy(String policy) {
this.policy = policy;
}
@Override
public final Builder policy(String policy) {
this.policy = policy;
return this;
}
public final Integer getDurationSeconds() {
return durationSeconds;
}
public final void setDurationSeconds(Integer durationSeconds) {
this.durationSeconds = durationSeconds;
}
@Override
public final Builder durationSeconds(Integer durationSeconds) {
this.durationSeconds = durationSeconds;
return this;
}
@Override
public Builder overrideConfiguration(AwsRequestOverrideConfiguration overrideConfiguration) {
super.overrideConfiguration(overrideConfiguration);
return this;
}
@Override
public Builder overrideConfiguration(Consumer builderConsumer) {
super.overrideConfiguration(builderConsumer);
return this;
}
@Override
public AssumeRoleWithSamlRequest build() {
return new AssumeRoleWithSamlRequest(this);
}
@Override
public List> sdkFields() {
return SDK_FIELDS;
}
}
}