Granular access control support for NEO-SAML with IAMFederation for AOS data source

Author: aws-sdk-dotnet-automation

generator/ServiceModels/opensearch/opensearch-2021-01-01.api.json

@@ -1417,6 +1417,7 @@
         "InternalUserDatabaseEnabled":{"shape":"Boolean"},
         "SAMLOptions":{"shape":"SAMLOptionsOutput"},
         "JWTOptions":{"shape":"JWTOptionsOutput"},
+        "IAMFederationOptions":{"shape":"IAMFederationOptionsOutput"},
         "AnonymousAuthDisableDate":{"shape":"DisableTimestamp"},
         "AnonymousAuthEnabled":{"shape":"Boolean"}
       }
@@ -1429,6 +1430,7 @@
         "MasterUserOptions":{"shape":"MasterUserOptions"},
         "SAMLOptions":{"shape":"SAMLOptionsInput"},
         "JWTOptions":{"shape":"JWTOptionsInput"},
+        "IAMFederationOptions":{"shape":"IAMFederationOptionsInput"},
         "AnonymousAuthEnabled":{"shape":"Boolean"}
       }
     },
@@ -3307,6 +3309,34 @@
       }
     },
     "HostedZoneId":{"type":"string"},
+    "IAMFederationOptionsInput":{
+      "type":"structure",
+      "members":{
+        "Enabled":{"shape":"Boolean"},
+        "SubjectKey":{"shape":"IAMFederationSubjectKey"},
+        "RolesKey":{"shape":"IAMFederationRolesKey"}
+      }
+    },
+    "IAMFederationOptionsOutput":{
+      "type":"structure",
+      "members":{
+        "Enabled":{"shape":"Boolean"},
+        "SubjectKey":{"shape":"IAMFederationSubjectKey"},
+        "RolesKey":{"shape":"IAMFederationRolesKey"}
+      }
+    },
+    "IAMFederationRolesKey":{
+      "type":"string",
+      "max":64,
+      "min":1,
+      "pattern":"^(null|[A-Za-z][A-Za-z0-9_.:/=+\\-@]*)$"
+    },
+    "IAMFederationSubjectKey":{
+      "type":"string",
+      "max":64,
+      "min":1,
+      "pattern":"^(null|[A-Za-z][A-Za-z0-9_.:/=+\\-@]*)$"
+    },
     "IPAddressType":{
       "type":"string",
       "enum":[

generator/ServiceModels/opensearch/opensearch-2021-01-01.docs.json

@@ -501,6 +501,8 @@
         "DomainStatus$UpgradeProcessing": "<p>The status of a domain version upgrade to a new version of OpenSearch or Elasticsearch. True if OpenSearch Service is in the process of a version upgrade. False if the configuration is active.</p>",
         "EBSOptions$EBSEnabled": "<p>Indicates whether EBS volumes are attached to data nodes in an OpenSearch Service domain.</p>",
         "EncryptionAtRestOptions$Enabled": "<p>True to enable encryption at rest.</p>",
+        "IAMFederationOptionsInput$Enabled": "<p>True to enable IAM federation authentication for a domain.</p>",
+        "IAMFederationOptionsOutput$Enabled": "<p>True if IAM federation is enabled.</p>",
         "IamIdentityCenterOptions$enabled": "<p>Indicates whether IAM Identity Center is enabled for the OpenSearch application.</p>",
         "IamIdentityCenterOptionsInput$enabled": "<p>Specifies whether IAM Identity Center is enabled or disabled.</p>",
         "IdentityCenterOptions$EnabledAPIAccess": "<p>Indicates whether IAM Identity Center is enabled for the application.</p>",
@@ -1620,6 +1622,32 @@
         "DomainStatus$DomainEndpointV2HostedZoneId": "<p>The dual stack hosted zone ID for the domain. </p>"
       }
     },
+    "IAMFederationOptionsInput": {
+      "base": "<p>The IAM federation authentication configuration for an Amazon OpenSearch Service domain.</p>",
+      "refs": {
+        "AdvancedSecurityOptionsInput$IAMFederationOptions": "<p>Container for information about the IAM federation configuration for an OpenSearch UI application.</p>"
+      }
+    },
+    "IAMFederationOptionsOutput": {
+      "base": "<p>Describes the IAM federation options configured for the domain.</p>",
+      "refs": {
+        "AdvancedSecurityOptions$IAMFederationOptions": "<p>Container for information about the IAM federation configuration for an OpenSearch UI application.</p>"
+      }
+    },
+    "IAMFederationRolesKey": {
+      "base": null,
+      "refs": {
+        "IAMFederationOptionsInput$RolesKey": "<p>Element of the IAM federation assertion to use for backend roles. Default is <code>roles</code>.</p>",
+        "IAMFederationOptionsOutput$RolesKey": "<p>The key used for matching the IAM federation roles attribute.</p>"
+      }
+    },
+    "IAMFederationSubjectKey": {
+      "base": null,
+      "refs": {
+        "IAMFederationOptionsInput$SubjectKey": "<p>Element of the IAM federation assertion to use for the user name. Default is <code>sub</code>.</p>",
+        "IAMFederationOptionsOutput$SubjectKey": "<p>The key used for matching the IAM federation subject attribute.</p>"
+      }
+    },
     "IPAddressType": {
       "base": null,
       "refs": {

generator/ServiceModels/opensearch/opensearch-2021-01-01.normal.json

@@ -1600,6 +1600,10 @@
           "shape":"JWTOptionsOutput",
           "documentation":"<p>Container for information about the JWT configuration of the Amazon OpenSearch Service.</p>"
         },
+        "IAMFederationOptions":{
+          "shape":"IAMFederationOptionsOutput",
+          "documentation":"<p>Container for information about the IAM federation configuration for an OpenSearch UI application.</p>"
+        },
         "AnonymousAuthDisableDate":{
           "shape":"DisableTimestamp",
           "documentation":"<p>Date and time when the migration period will be disabled. Only necessary when <a href=\"https://docs.aws.amazon.com/opensearch-service/latest/developerguide/fgac.html#fgac-enabling-existing\">enabling fine-grained access control on an existing domain</a>.</p>"
@@ -1634,6 +1638,10 @@
           "shape":"JWTOptionsInput",
           "documentation":"<p>Container for information about the JWT configuration of the Amazon OpenSearch Service. </p>"
         },
+        "IAMFederationOptions":{
+          "shape":"IAMFederationOptionsInput",
+          "documentation":"<p>Container for information about the IAM federation configuration for an OpenSearch UI application.</p>"
+        },
         "AnonymousAuthEnabled":{
           "shape":"Boolean",
           "documentation":"<p>True to enable a 30-day migration period during which administrators can create role mappings. Only necessary when <a href=\"https://docs.aws.amazon.com/opensearch-service/latest/developerguide/fgac.html#fgac-enabling-existing\">enabling fine-grained access control on an existing domain</a>.</p>"
@@ -4862,6 +4870,54 @@
       "documentation":"<p>Container for the response returned by the <code>GetUpgradeStatus</code> operation.</p>"
     },
     "HostedZoneId":{"type":"string"},
+    "IAMFederationOptionsInput":{
+      "type":"structure",
+      "members":{
+        "Enabled":{
+          "shape":"Boolean",
+          "documentation":"<p>True to enable IAM federation authentication for a domain.</p>"
+        },
+        "SubjectKey":{
+          "shape":"IAMFederationSubjectKey",
+          "documentation":"<p>Element of the IAM federation assertion to use for the user name. Default is <code>sub</code>.</p>"
+        },
+        "RolesKey":{
+          "shape":"IAMFederationRolesKey",
+          "documentation":"<p>Element of the IAM federation assertion to use for backend roles. Default is <code>roles</code>.</p>"
+        }
+      },
+      "documentation":"<p>The IAM federation authentication configuration for an Amazon OpenSearch Service domain.</p>"
+    },
+    "IAMFederationOptionsOutput":{
+      "type":"structure",
+      "members":{
+        "Enabled":{
+          "shape":"Boolean",
+          "documentation":"<p>True if IAM federation is enabled.</p>"
+        },
+        "SubjectKey":{
+          "shape":"IAMFederationSubjectKey",
+          "documentation":"<p>The key used for matching the IAM federation subject attribute.</p>"
+        },
+        "RolesKey":{
+          "shape":"IAMFederationRolesKey",
+          "documentation":"<p>The key used for matching the IAM federation roles attribute.</p>"
+        }
+      },
+      "documentation":"<p>Describes the IAM federation options configured for the domain.</p>"
+    },
+    "IAMFederationRolesKey":{
+      "type":"string",
+      "max":64,
+      "min":1,
+      "pattern":"^(null|[A-Za-z][A-Za-z0-9_.:/=+\\-@]*)$"
+    },
+    "IAMFederationSubjectKey":{
+      "type":"string",
+      "max":64,
+      "min":1,
+      "pattern":"^(null|[A-Za-z][A-Za-z0-9_.:/=+\\-@]*)$"
+    },
     "IPAddressType":{
       "type":"string",
       "enum":[

sdk/code-analysis/ServiceAnalysis/OpenSearchService/Generated/PropertyValueRules.xml

@@ -1045,6 +1045,30 @@
     <min>1</min>
     <max>100</max>
   </property-value-rule>
+  <property-value-rule>
+    <property>Amazon.OpenSearchService.Model.IAMFederationOptionsInput.RolesKey</property>
+    <min>1</min>
+    <max>64</max>
+    <pattern>^(null|[A-Za-z][A-Za-z0-9_.:/=+\-@]*)$</pattern>
+  </property-value-rule>
+  <property-value-rule>
+    <property>Amazon.OpenSearchService.Model.IAMFederationOptionsInput.SubjectKey</property>
+    <min>1</min>
+    <max>64</max>
+    <pattern>^(null|[A-Za-z][A-Za-z0-9_.:/=+\-@]*)$</pattern>
+  </property-value-rule>
+  <property-value-rule>
+    <property>Amazon.OpenSearchService.Model.IAMFederationOptionsOutput.RolesKey</property>
+    <min>1</min>
+    <max>64</max>
+    <pattern>^(null|[A-Za-z][A-Za-z0-9_.:/=+\-@]*)$</pattern>
+  </property-value-rule>
+  <property-value-rule>
+    <property>Amazon.OpenSearchService.Model.IAMFederationOptionsOutput.SubjectKey</property>
+    <min>1</min>
+    <max>64</max>
+    <pattern>^(null|[A-Za-z][A-Za-z0-9_.:/=+\-@]*)$</pattern>
+  </property-value-rule>
   <property-value-rule>
     <property>Amazon.OpenSearchService.Model.IamIdentityCenterOptions.IamIdentityCenterApplicationArn</property>
     <min>20</min>

sdk/src/Services/OpenSearchService/Generated/Model/AdvancedSecurityOptions.cs

@@ -37,6 +37,7 @@ public partial class AdvancedSecurityOptions
         private DateTime? _anonymousAuthDisableDate;
         private bool? _anonymousAuthEnabled;
         private bool? _enabled;
+        private IAMFederationOptionsOutput _iamFederationOptions;
         private bool? _internalUserDatabaseEnabled;
         private JWTOptionsOutput _jwtOptions;
         private SAMLOptionsOutput _samlOptions;
@@ -98,6 +99,25 @@ internal bool IsSetEnabled()
             return this._enabled.HasValue; 
         }
 
+        /// <summary>
+        /// Gets and sets the property IAMFederationOptions. 
+        /// <para>
+        /// Container for information about the IAM federation configuration for an OpenSearch
+        /// UI application.
+        /// </para>
+        /// </summary>
+        public IAMFederationOptionsOutput IAMFederationOptions
+        {
+            get { return this._iamFederationOptions; }
+            set { this._iamFederationOptions = value; }
+        }
+
+        // Check to see if IAMFederationOptions property is set
+        internal bool IsSetIAMFederationOptions()
+        {
+            return this._iamFederationOptions != null;
+        }
+
         /// <summary>
         /// Gets and sets the property InternalUserDatabaseEnabled. 
         /// <para>

sdk/src/Services/OpenSearchService/Generated/Model/AdvancedSecurityOptionsInput.cs

@@ -38,6 +38,7 @@ public partial class AdvancedSecurityOptionsInput
     {
         private bool? _anonymousAuthEnabled;
         private bool? _enabled;
+        private IAMFederationOptionsInput _iamFederationOptions;
         private bool? _internalUserDatabaseEnabled;
         private JWTOptionsInput _jwtOptions;
         private MasterUserOptions _masterUserOptions;
@@ -81,6 +82,25 @@ internal bool IsSetEnabled()
             return this._enabled.HasValue; 
         }
 
+        /// <summary>
+        /// Gets and sets the property IAMFederationOptions. 
+        /// <para>
+        /// Container for information about the IAM federation configuration for an OpenSearch
+        /// UI application.
+        /// </para>
+        /// </summary>
+        public IAMFederationOptionsInput IAMFederationOptions
+        {
+            get { return this._iamFederationOptions; }
+            set { this._iamFederationOptions = value; }
+        }
+
+        // Check to see if IAMFederationOptions property is set
+        internal bool IsSetIAMFederationOptions()
+        {
+            return this._iamFederationOptions != null;
+        }
+
         /// <summary>
         /// Gets and sets the property InternalUserDatabaseEnabled. 
         /// <para>

sdk/src/Services/OpenSearchService/Generated/Model/IAMFederationOptionsInput.cs

@@ -0,0 +1,98 @@
+/*
+ * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ * 
+ * Licensed under the Apache License, Version 2.0 (the "License").
+ * You may not use this file except in compliance with the License.
+ * A copy of the License is located at
+ * 
+ *  http://aws.amazon.com/apache2.0
+ * 
+ * or in the "license" file accompanying this file. This file is distributed
+ * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
+ * express or implied. See the License for the specific language governing
+ * permissions and limitations under the License.
+ */
+
+/*
+ * Do not modify this file. This file is generated from the opensearch-2021-01-01.normal.json service model.
+ */
+using System;
+using System.Collections.Generic;
+using System.Xml.Serialization;
+using System.Text;
+using System.IO;
+using System.Net;
+
+using Amazon.Runtime;
+using Amazon.Runtime.Internal;
+
+#pragma warning disable CS0612,CS0618,CS1570
+namespace Amazon.OpenSearchService.Model
+{
+    /// <summary>
+    /// The IAM federation authentication configuration for an Amazon OpenSearch Service domain.
+    /// </summary>
+    public partial class IAMFederationOptionsInput
+    {
+        private bool? _enabled;
+        private string _rolesKey;
+        private string _subjectKey;
+
+        /// <summary>
+        /// Gets and sets the property Enabled. 
+        /// <para>
+        /// True to enable IAM federation authentication for a domain.
+        /// </para>
+        /// </summary>
+        public bool Enabled
+        {
+            get { return this._enabled.GetValueOrDefault(); }
+            set { this._enabled = value; }
+        }
+
+        // Check to see if Enabled property is set
+        internal bool IsSetEnabled()
+        {
+            return this._enabled.HasValue; 
+        }
+
+        /// <summary>
+        /// Gets and sets the property RolesKey. 
+        /// <para>
+        /// Element of the IAM federation assertion to use for backend roles. Default is <c>roles</c>.
+        /// </para>
+        /// </summary>
+        [AWSProperty(Min=1, Max=64)]
+        public string RolesKey
+        {
+            get { return this._rolesKey; }
+            set { this._rolesKey = value; }
+        }
+
+        // Check to see if RolesKey property is set
+        internal bool IsSetRolesKey()
+        {
+            return this._rolesKey != null;
+        }
+
+        /// <summary>
+        /// Gets and sets the property SubjectKey. 
+        /// <para>
+        /// Element of the IAM federation assertion to use for the user name. Default is <c>sub</c>.
+        /// </para>
+        /// </summary>
+        [AWSProperty(Min=1, Max=64)]
+        public string SubjectKey
+        {
+            get { return this._subjectKey; }
+            set { this._subjectKey = value; }
+        }
+
+        // Check to see if SubjectKey property is set
+        internal bool IsSetSubjectKey()
+        {
+            return this._subjectKey != null;
+        }
+
+    }
+}