Merge pull request #691 from udondan/iam-updates

udondan · May 11, 2024 · d4493a3 · d4493a3
2 parents 57090b0 + 3a9de78
commit d4493a3
Show file tree

Hide file tree

Showing 9 changed files with 82 additions and 10 deletions.
diff --git a/CHANGELOG/v0.640.0.md b/CHANGELOG/v0.640.0.md
@@ -0,0 +1,7 @@
+**New actions:**
+
+- q:CreateAssignment
+- q:DeleteAssignment
+- ssm-sap:ListOperationEvents
+- ssm-sap:StartApplication
+- ssm-sap:StopApplication
diff --git a/README.md b/README.md
@@ -17,7 +17,7 @@
 Support for:
 
 - 393 Services
-- 16645 Actions
+- 16650 Actions
 - 1786 Resource Types
 - 1737 Condition keys
 <!-- /stats -->

diff --git a/VERSION b/VERSION
@@ -1 +1 @@
-0.639.0
+0.640.0
diff --git a/docs/source/conf.py b/docs/source/conf.py
@@ -24,7 +24,7 @@
 author = 'Daniel Schroeder'
 
 # The full version, including alpha/beta/rc tags
-release = '0.639.0'
+release = '0.640.0'
 
 # -- General configuration ---------------------------------------------------
 

diff --git a/docs/source/index.rst b/docs/source/index.rst
@@ -31,7 +31,7 @@ AWS IAM policy statement generator with fluent interface.
 Support for:
 
 - 393 Services
-- 16645 Actions
+- 16650 Actions
 - 1786 Resource Types
 - 1737 Condition keys
 

diff --git a/lib/generated/policy-statements/q.ts b/lib/generated/policy-statements/q.ts
@@ -18,6 +18,28 @@ export class Q extends PolicyStatement {
     super(sid);
   }
 
+  /**
+   * Grants permission to create a user or group assignment for an Amazon Q Developer Profile
+   *
+   * Access Level: Write
+   *
+   * https://docs.aws.amazon.com/amazonq/latest/aws-builder-use-ug/security_iam_manage-access-with-policies.html
+   */
+  public toCreateAssignment() {
+    return this.to('CreateAssignment');
+  }
+
+  /**
+   * Grants permission to delete a user or group assignment for an Amazon Q Developer Profile
+   *
+   * Access Level: Write
+   *
+   * https://docs.aws.amazon.com/amazonq/latest/aws-builder-use-ug/security_iam_manage-access-with-policies.html
+   */
+  public toDeleteAssignment() {
+    return this.to('DeleteAssignment');
+  }
+
   /**
    * Grants permission to get individual messages associated with a specific conversation with Amazon Q
    *
@@ -129,19 +151,21 @@ export class Q extends PolicyStatement {
   }
 
   protected accessLevelList: AccessLevelList = {
-    Read: [
-      'GetConversation',
-      'GetIdentityMetadata',
-      'GetTroubleshootingResults',
-      'ListConversations'
-    ],
     Write: [
+      'CreateAssignment',
+      'DeleteAssignment',
       'PassRequest',
       'SendMessage',
       'StartConversation',
       'StartTroubleshootingAnalysis',
       'StartTroubleshootingResolutionExplanation',
       'UpdateTroubleshootingCommandResult'
+    ],
+    Read: [
+      'GetConversation',
+      'GetIdentityMetadata',
+      'GetTroubleshootingResults',
+      'ListConversations'
     ]
   };
 }
diff --git a/lib/generated/policy-statements/systemsmanagerforsap.ts b/lib/generated/policy-statements/systemsmanagerforsap.ts
@@ -139,6 +139,17 @@ export class SsmSap extends PolicyStatement {
     return this.to('ListDatabases');
   }
 
+  /**
+   * Grants permission to retrieve a list of all operation events in a specified operation
+   *
+   * Access Level: List
+   *
+   * https://docs.aws.amazon.com/systems-manager/index.html
+   */
+  public toListOperationEvents() {
+    return this.to('ListOperationEvents');
+  }
+
   /**
    * Grants permission to retrieve a list of all operations in the account of customer, additional filters can be applied
    *
@@ -198,6 +209,17 @@ export class SsmSap extends PolicyStatement {
     return this.to('RestoreDatabase');
   }
 
+  /**
+   * Grants permission to start a registered SSM for SAP application
+   *
+   * Access Level: Write
+   *
+   * https://docs.aws.amazon.com/systems-manager/index.html
+   */
+  public toStartApplication() {
+    return this.to('StartApplication');
+  }
+
   /**
    * Grants permission to start an on-demand discovery of a registered SSM for SAP application
    *
@@ -209,6 +231,17 @@ export class SsmSap extends PolicyStatement {
     return this.to('StartApplicationRefresh');
   }
 
+  /**
+   * Grants permission to stop a registered SSM for SAP application
+   *
+   * Access Level: Write
+   *
+   * https://docs.aws.amazon.com/systems-manager/index.html
+   */
+  public toStopApplication() {
+    return this.to('StopApplication');
+  }
+
   /**
    * Grants permission to tag a specified resource ARN
    *
@@ -268,7 +301,9 @@ export class SsmSap extends PolicyStatement {
       'PutResourcePermission',
       'RegisterApplication',
       'RestoreDatabase',
+      'StartApplication',
       'StartApplicationRefresh',
+      'StopApplication',
       'UpdateApplicationSettings',
       'UpdateHANABackupSettings'
     ],
@@ -284,6 +319,7 @@ export class SsmSap extends PolicyStatement {
       'ListApplications',
       'ListComponents',
       'ListDatabases',
+      'ListOperationEvents',
       'ListOperations'
     ],
     Tagging: [

diff --git a/stats/actions/q b/stats/actions/q
@@ -1,3 +1,5 @@
+q:CreateAssignment;Write
+q:DeleteAssignment;Write
 q:GetConversation;Read
 q:GetIdentityMetadata;Read
 q:GetTroubleshootingResults;Read

diff --git a/stats/actions/ssm-sap b/stats/actions/ssm-sap
@@ -9,12 +9,15 @@ ssm-sap:GetResourcePermission;Read
 ssm-sap:ListApplications;List
 ssm-sap:ListComponents;List
 ssm-sap:ListDatabases;List
+ssm-sap:ListOperationEvents;List
 ssm-sap:ListOperations;List
 ssm-sap:ListTagsForResource;Read
 ssm-sap:PutResourcePermission;Write
 ssm-sap:RegisterApplication;Write
 ssm-sap:RestoreDatabase;Write
+ssm-sap:StartApplication;Write
 ssm-sap:StartApplicationRefresh;Write
+ssm-sap:StopApplication;Write
 ssm-sap:TagResource;Tagging
 ssm-sap:UntagResource;Tagging
 ssm-sap:UpdateApplicationSettings;Write