Merge pull request #709 from udondan/iam-updates

CHANGELOG/v0.642.0.md

@@ -0,0 +1,16 @@
+**New actions:**
+
+- grafana:CreateWorkspaceServiceAccount
+- grafana:CreateWorkspaceServiceAccountToken
+- grafana:DeleteWorkspaceServiceAccount
+- grafana:DeleteWorkspaceServiceAccountToken
+- grafana:ListWorkspaceServiceAccountTokens
+- grafana:ListWorkspaceServiceAccounts
+- wisdom:CreateContentAssociation
+- wisdom:DeleteContentAssociation
+- wisdom:GetContentAssociation
+- wisdom:ListContentAssociations
+
+**New resource types:**
+
+- wisdom:ContentAssociation

README.md

@@ -17,8 +17,8 @@
 Support for:
 
 - 393 Services
-- 16657 Actions
-- 1787 Resource Types
+- 16667 Actions
+- 1788 Resource Types
 - 1738 Condition keys
 <!-- /stats -->
 

VERSION

@@ -1 +1 @@
-0.641.0
+0.642.0

docs/source/conf.py

@@ -24,7 +24,7 @@
 author = 'Daniel Schroeder'
 
 # The full version, including alpha/beta/rc tags
-release = '0.641.0'
+release = '0.642.0'
 
 # -- General configuration ---------------------------------------------------
 

docs/source/index.rst

@@ -31,8 +31,8 @@ AWS IAM policy statement generator with fluent interface.
 Support for:
 
 - 393 Services
-- 16657 Actions
-- 1787 Resource Types
+- 16667 Actions
+- 1788 Resource Types
 - 1738 Condition keys
 
 ..

lib/generated/policy-statements/managedgrafana.ts

@@ -68,6 +68,28 @@ export class Grafana extends PolicyStatement {
     return this.to('CreateWorkspaceApiKey');
   }
 
+  /**
+   * Grants permission to create service accounts for a workspace
+   *
+   * Access Level: Write
+   *
+   * https://docs.aws.amazon.com/grafana/latest/userguide/AMG-and-IAM.html
+   */
+  public toCreateWorkspaceServiceAccount() {
+    return this.to('CreateWorkspaceServiceAccount');
+  }
+
+  /**
+   * Grants permission to create service account tokens for a workspace
+   *
+   * Access Level: Write
+   *
+   * https://docs.aws.amazon.com/grafana/latest/userguide/AMG-and-IAM.html
+   */
+  public toCreateWorkspaceServiceAccountToken() {
+    return this.to('CreateWorkspaceServiceAccountToken');
+  }
+
   /**
    * Grants permission to delete a workspace
    *
@@ -93,6 +115,28 @@ export class Grafana extends PolicyStatement {
     return this.to('DeleteWorkspaceApiKey');
   }
 
+  /**
+   * Grants permission to delete service accounts for a workspace
+   *
+   * Access Level: Write
+   *
+   * https://docs.aws.amazon.com/grafana/latest/userguide/AMG-and-IAM.html
+   */
+  public toDeleteWorkspaceServiceAccount() {
+    return this.to('DeleteWorkspaceServiceAccount');
+  }
+
+  /**
+   * Grants permission to delete service account tokens for a workspace
+   *
+   * Access Level: Write
+   *
+   * https://docs.aws.amazon.com/grafana/latest/userguide/AMG-and-IAM.html
+   */
+  public toDeleteWorkspaceServiceAccountToken() {
+    return this.to('DeleteWorkspaceServiceAccountToken');
+  }
+
   /**
    * Grants permission to describe a workspace
    *
@@ -170,6 +214,28 @@ export class Grafana extends PolicyStatement {
     return this.to('ListVersions');
   }
 
+  /**
+   * Grants permission to list service account tokens for a workspace
+   *
+   * Access Level: Read
+   *
+   * https://docs.aws.amazon.com/grafana/latest/userguide/AMG-and-IAM.html
+   */
+  public toListWorkspaceServiceAccountTokens() {
+    return this.to('ListWorkspaceServiceAccountTokens');
+  }
+
+  /**
+   * Grants permission to list service accounts for a workspace
+   *
+   * Access Level: Read
+   *
+   * https://docs.aws.amazon.com/grafana/latest/userguide/AMG-and-IAM.html
+   */
+  public toListWorkspaceServiceAccounts() {
+    return this.to('ListWorkspaceServiceAccounts');
+  }
+
   /**
    * Grants permission to list workspaces
    *
@@ -203,7 +269,6 @@ export class Grafana extends PolicyStatement {
    *
    * Possible conditions:
    * - .ifAwsTagKeys()
-   * - .ifAwsRequestTag()
    *
    * https://docs.aws.amazon.com/grafana/latest/APIReference/API_UntagResource.html
    */
@@ -266,8 +331,12 @@ export class Grafana extends PolicyStatement {
       'AssociateLicense',
       'CreateWorkspace',
       'CreateWorkspaceApiKey',
+      'CreateWorkspaceServiceAccount',
+      'CreateWorkspaceServiceAccountToken',
       'DeleteWorkspace',
       'DeleteWorkspaceApiKey',
+      'DeleteWorkspaceServiceAccount',
+      'DeleteWorkspaceServiceAccountToken',
       'DisassociateLicense',
       'UpdateWorkspace',
       'UpdateWorkspaceAuthentication',
@@ -278,6 +347,8 @@ export class Grafana extends PolicyStatement {
       'DescribeWorkspaceAuthentication',
       'DescribeWorkspaceConfiguration',
       'ListTagsForResource',
+      'ListWorkspaceServiceAccountTokens',
+      'ListWorkspaceServiceAccounts',
       'ListWorkspaces'
     ],
     List: [
@@ -318,7 +389,6 @@ export class Grafana extends PolicyStatement {
    * Applies to actions:
    * - .toCreateWorkspace()
    * - .toTagResource()
-   * - .toUntagResource()
    *
    * @param tagKey The tag key to check
    * @param value The value(s) to check

lib/generated/policy-statements/qinconnect.ts

@@ -63,6 +63,21 @@ export class Wisdom extends PolicyStatement {
     return this.to('CreateContent');
   }
 
+  /**
+   * Grants permission to create a content association
+   *
+   * Access Level: Write
+   *
+   * Possible conditions:
+   * - .ifAwsTagKeys()
+   * - .ifAwsRequestTag()
+   *
+   * https://docs.aws.amazon.com/wisdom/latest/APIReference/API_CreateContentAssociation.html
+   */
+  public toCreateContentAssociation() {
+    return this.to('CreateContentAssociation');
+  }
+
   /**
    * Grants permission to create a knowledge base
    *
@@ -141,6 +156,17 @@ export class Wisdom extends PolicyStatement {
     return this.to('DeleteContent');
   }
 
+  /**
+   * Grants permission to delete a content association
+   *
+   * Access Level: Write
+   *
+   * https://docs.aws.amazon.com/wisdom/latest/APIReference/API_DeleteContentAssociation.html
+   */
+  public toDeleteContentAssociation() {
+    return this.to('DeleteContentAssociation');
+  }
+
   /**
    * Grants permission to delete a import job of a knowledge base
    *
@@ -207,6 +233,17 @@ export class Wisdom extends PolicyStatement {
     return this.to('GetContent');
   }
 
+  /**
+   * Grants permission to retrieve information about a content association
+   *
+   * Access Level: Read
+   *
+   * https://docs.aws.amazon.com/wisdom/latest/APIReference/API_GetContentAssociation.html
+   */
+  public toGetContentAssociation() {
+    return this.to('GetContentAssociation');
+  }
+
   /**
    * Grants permission to retrieve summary information about the content
    *
@@ -295,6 +332,17 @@ export class Wisdom extends PolicyStatement {
     return this.to('ListAssistants');
   }
 
+  /**
+   * Grants permission to list information about content associations
+   *
+   * Access Level: List
+   *
+   * https://docs.aws.amazon.com/wisdom/latest/APIReference/API_ListContentAssociations.html
+   */
+  public toListContentAssociations() {
+    return this.to('ListContentAssociations');
+  }
+
   /**
    * Grants permission to list the content with a knowledge base
    *
@@ -539,12 +587,14 @@ export class Wisdom extends PolicyStatement {
       'CreateAssistant',
       'CreateAssistantAssociation',
       'CreateContent',
+      'CreateContentAssociation',
       'CreateKnowledgeBase',
       'CreateQuickResponse',
       'CreateSession',
       'DeleteAssistant',
       'DeleteAssistantAssociation',
       'DeleteContent',
+      'DeleteContentAssociation',
       'DeleteImportJob',
       'DeleteKnowledgeBase',
       'DeleteQuickResponse',
@@ -562,6 +612,7 @@ export class Wisdom extends PolicyStatement {
       'GetAssistant',
       'GetAssistantAssociation',
       'GetContent',
+      'GetContentAssociation',
       'GetContentSummary',
       'GetImportJob',
       'GetKnowledgeBase',
@@ -577,6 +628,7 @@ export class Wisdom extends PolicyStatement {
     List: [
       'ListAssistantAssociations',
       'ListAssistants',
+      'ListContentAssociations',
       'ListContents',
       'ListImportJobs',
       'ListKnowledgeBases',
@@ -641,6 +693,25 @@ export class Wisdom extends PolicyStatement {
     return this.on(`arn:${ partition ?? this.defaultPartition }:wisdom:${ region ?? this.defaultRegion }:${ account ?? this.defaultAccount }:content/${ knowledgeBaseId }/${ contentId }`);
   }
 
+  /**
+   * Adds a resource of type ContentAssociation to the statement
+   *
+   * https://docs.aws.amazon.com/wisdom/latest/APIReference/API_ContentAssociationData.html
+   *
+   * @param knowledgeBaseId - Identifier for the knowledgeBaseId.
+   * @param contentId - Identifier for the contentId.
+   * @param contentAssociationId - Identifier for the contentAssociationId.
+   * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
+   * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
+   * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
+   *
+   * Possible conditions:
+   * - .ifAwsResourceTag()
+   */
+  public onContentAssociation(knowledgeBaseId: string, contentId: string, contentAssociationId: string, account?: string, region?: string, partition?: string) {
+    return this.on(`arn:${ partition ?? this.defaultPartition }:wisdom:${ region ?? this.defaultRegion }:${ account ?? this.defaultAccount }:content-association/${ knowledgeBaseId }/${ contentId }/${ contentAssociationId }`);
+  }
+
   /**
    * Adds a resource of type KnowledgeBase to the statement
    *
@@ -703,6 +774,7 @@ export class Wisdom extends PolicyStatement {
    * - .toCreateAssistant()
    * - .toCreateAssistantAssociation()
    * - .toCreateContent()
+   * - .toCreateContentAssociation()
    * - .toCreateKnowledgeBase()
    * - .toCreateQuickResponse()
    * - .toCreateSession()
@@ -730,6 +802,7 @@ export class Wisdom extends PolicyStatement {
    * - Assistant
    * - AssistantAssociation
    * - Content
+   * - ContentAssociation
    * - KnowledgeBase
    * - Session
    * - QuickResponse
@@ -751,6 +824,7 @@ export class Wisdom extends PolicyStatement {
    * - .toCreateAssistant()
    * - .toCreateAssistantAssociation()
    * - .toCreateContent()
+   * - .toCreateContentAssociation()
    * - .toCreateKnowledgeBase()
    * - .toCreateQuickResponse()
    * - .toCreateSession()

stats/actions/grafana

@@ -1,15 +1,21 @@
 grafana:AssociateLicense;Write
 grafana:CreateWorkspace;Write
 grafana:CreateWorkspaceApiKey;Write
+grafana:CreateWorkspaceServiceAccount;Write
+grafana:CreateWorkspaceServiceAccountToken;Write
 grafana:DeleteWorkspace;Write
 grafana:DeleteWorkspaceApiKey;Write
+grafana:DeleteWorkspaceServiceAccount;Write
+grafana:DeleteWorkspaceServiceAccountToken;Write
 grafana:DescribeWorkspace;Read
 grafana:DescribeWorkspaceAuthentication;Read
 grafana:DescribeWorkspaceConfiguration;Read
 grafana:DisassociateLicense;Write
 grafana:ListPermissions;List
 grafana:ListTagsForResource;Read
 grafana:ListVersions;List
+grafana:ListWorkspaceServiceAccountTokens;Read
+grafana:ListWorkspaceServiceAccounts;Read
 grafana:ListWorkspaces;Read
 grafana:TagResource;Tagging
 grafana:UntagResource;Tagging

stats/actions/wisdom

@@ -1,18 +1,21 @@
 wisdom:CreateAssistant;Write
 wisdom:CreateAssistantAssociation;Write
 wisdom:CreateContent;Write
+wisdom:CreateContentAssociation;Write
 wisdom:CreateKnowledgeBase;Write
 wisdom:CreateQuickResponse;Write
 wisdom:CreateSession;Write
 wisdom:DeleteAssistant;Write
 wisdom:DeleteAssistantAssociation;Write
 wisdom:DeleteContent;Write
+wisdom:DeleteContentAssociation;Write
 wisdom:DeleteImportJob;Write
 wisdom:DeleteKnowledgeBase;Write
 wisdom:DeleteQuickResponse;Write
 wisdom:GetAssistant;Read
 wisdom:GetAssistantAssociation;Read
 wisdom:GetContent;Read
+wisdom:GetContentAssociation;Read
 wisdom:GetContentSummary;Read
 wisdom:GetImportJob;Read
 wisdom:GetKnowledgeBase;Read
@@ -21,6 +24,7 @@ wisdom:GetRecommendations;Read
 wisdom:GetSession;Read
 wisdom:ListAssistantAssociations;List
 wisdom:ListAssistants;List
+wisdom:ListContentAssociations;List
 wisdom:ListContents;List
 wisdom:ListImportJobs;List
 wisdom:ListKnowledgeBases;List

stats/resources/wisdom

@@ -1,6 +1,7 @@
 wisdom:Assistant
 wisdom:AssistantAssociation
 wisdom:Content
+wisdom:ContentAssociation
 wisdom:KnowledgeBase
 wisdom:QuickResponse
 wisdom:Session