feat(client-workspaces): This release introduces ModifySamlProperties…

…, a new API that allows control of SAML properties associated with a WorkSpaces directory. The DescribeWorkspaceDirectories API will now additionally return SAML properties in its responses.
aws · Aug 1, 2022 · 5d254af · 5d254af
1 parent 8630419
commit 5d254af
Show file tree

Hide file tree

Showing 8 changed files with 529 additions and 1 deletion.
diff --git a/clients/client-workspaces/README.md b/clients/client-workspaces/README.md
@@ -182,7 +182,7 @@ try {
   const data = await client.send(command);
   // process data.
 } catch (error) {
-  const { requestId, cfId, extendedRequestId } = error.$metadata;
+  const { requestId, cfId, extendedRequestId } = error.$$metadata;
   console.log({ requestId, cfId, extendedRequestId });
   /**
    * The keys within exceptions are also parsed.

diff --git a/clients/client-workspaces/src/WorkSpaces.ts b/clients/client-workspaces/src/WorkSpaces.ts
@@ -213,6 +213,11 @@ import {
   ModifyClientPropertiesCommandInput,
   ModifyClientPropertiesCommandOutput,
 } from "./commands/ModifyClientPropertiesCommand";
+import {
+  ModifySamlPropertiesCommand,
+  ModifySamlPropertiesCommandInput,
+  ModifySamlPropertiesCommandOutput,
+} from "./commands/ModifySamlPropertiesCommand";
 import {
   ModifySelfservicePermissionsCommand,
   ModifySelfservicePermissionsCommandInput,
@@ -1885,6 +1890,40 @@ export class WorkSpaces extends WorkSpacesClient {
     }
   }
 
+  /**
+   * <p>Modifies multiple properties related to SAML 2.0 authentication, including the enablement status,
+   *          user access URL, and relay state parameter name that are used for configuring federation with an
+   *          SAML 2.0 identity provider.</p>
+   */
+  public modifySamlProperties(
+    args: ModifySamlPropertiesCommandInput,
+    options?: __HttpHandlerOptions
+  ): Promise<ModifySamlPropertiesCommandOutput>;
+  public modifySamlProperties(
+    args: ModifySamlPropertiesCommandInput,
+    cb: (err: any, data?: ModifySamlPropertiesCommandOutput) => void
+  ): void;
+  public modifySamlProperties(
+    args: ModifySamlPropertiesCommandInput,
+    options: __HttpHandlerOptions,
+    cb: (err: any, data?: ModifySamlPropertiesCommandOutput) => void
+  ): void;
+  public modifySamlProperties(
+    args: ModifySamlPropertiesCommandInput,
+    optionsOrCb?: __HttpHandlerOptions | ((err: any, data?: ModifySamlPropertiesCommandOutput) => void),
+    cb?: (err: any, data?: ModifySamlPropertiesCommandOutput) => void
+  ): Promise<ModifySamlPropertiesCommandOutput> | void {
+    const command = new ModifySamlPropertiesCommand(args);
+    if (typeof optionsOrCb === "function") {
+      this.send(command, optionsOrCb);
+    } else if (typeof cb === "function") {
+      if (typeof optionsOrCb !== "object") throw new Error(`Expect http options but get ${typeof optionsOrCb}`);
+      this.send(command, optionsOrCb || {}, cb);
+    } else {
+      return this.send(command, optionsOrCb);
+    }
+  }
+
   /**
    * <p>Modifies the self-service WorkSpace management capabilities for your users. For more
    *          information, see <a href="https://docs.aws.amazon.com/workspaces/latest/adminguide/enable-user-self-service-workspace-management.html">Enable Self-Service WorkSpace Management Capabilities for Your Users</a>.</p>

diff --git a/clients/client-workspaces/src/WorkSpacesClient.ts b/clients/client-workspaces/src/WorkSpacesClient.ts
@@ -187,6 +187,10 @@ import {
   ModifyClientPropertiesCommandInput,
   ModifyClientPropertiesCommandOutput,
 } from "./commands/ModifyClientPropertiesCommand";
+import {
+  ModifySamlPropertiesCommandInput,
+  ModifySamlPropertiesCommandOutput,
+} from "./commands/ModifySamlPropertiesCommand";
 import {
   ModifySelfservicePermissionsCommandInput,
   ModifySelfservicePermissionsCommandOutput,
@@ -288,6 +292,7 @@ export type ServiceInputTypes =
   | MigrateWorkspaceCommandInput
   | ModifyAccountCommandInput
   | ModifyClientPropertiesCommandInput
+  | ModifySamlPropertiesCommandInput
   | ModifySelfservicePermissionsCommandInput
   | ModifyWorkspaceAccessPropertiesCommandInput
   | ModifyWorkspaceCreationPropertiesCommandInput
@@ -352,6 +357,7 @@ export type ServiceOutputTypes =
   | MigrateWorkspaceCommandOutput
   | ModifyAccountCommandOutput
   | ModifyClientPropertiesCommandOutput
+  | ModifySamlPropertiesCommandOutput
   | ModifySelfservicePermissionsCommandOutput
   | ModifyWorkspaceAccessPropertiesCommandOutput
   | ModifyWorkspaceCreationPropertiesCommandOutput

diff --git a/clients/client-workspaces/src/commands/ModifySamlPropertiesCommand.ts b/clients/client-workspaces/src/commands/ModifySamlPropertiesCommand.ts
@@ -0,0 +1,103 @@
+// smithy-typescript generated code
+import { getSerdePlugin } from "@aws-sdk/middleware-serde";
+import { HttpRequest as __HttpRequest, HttpResponse as __HttpResponse } from "@aws-sdk/protocol-http";
+import { Command as $Command } from "@aws-sdk/smithy-client";
+import {
+  FinalizeHandlerArguments,
+  Handler,
+  HandlerExecutionContext,
+  HttpHandlerOptions as __HttpHandlerOptions,
+  MetadataBearer as __MetadataBearer,
+  MiddlewareStack,
+  SerdeContext as __SerdeContext,
+} from "@aws-sdk/types";
+
+import {
+  ModifySamlPropertiesRequest,
+  ModifySamlPropertiesRequestFilterSensitiveLog,
+  ModifySamlPropertiesResult,
+  ModifySamlPropertiesResultFilterSensitiveLog,
+} from "../models/models_0";
+import {
+  deserializeAws_json1_1ModifySamlPropertiesCommand,
+  serializeAws_json1_1ModifySamlPropertiesCommand,
+} from "../protocols/Aws_json1_1";
+import { ServiceInputTypes, ServiceOutputTypes, WorkSpacesClientResolvedConfig } from "../WorkSpacesClient";
+
+export interface ModifySamlPropertiesCommandInput extends ModifySamlPropertiesRequest {}
+export interface ModifySamlPropertiesCommandOutput extends ModifySamlPropertiesResult, __MetadataBearer {}
+
+/**
+ * <p>Modifies multiple properties related to SAML 2.0 authentication, including the enablement status,
+ *          user access URL, and relay state parameter name that are used for configuring federation with an
+ *          SAML 2.0 identity provider.</p>
+ * @example
+ * Use a bare-bones client and the command you need to make an API call.
+ * ```javascript
+ * import { WorkSpacesClient, ModifySamlPropertiesCommand } from "@aws-sdk/client-workspaces"; // ES Modules import
+ * // const { WorkSpacesClient, ModifySamlPropertiesCommand } = require("@aws-sdk/client-workspaces"); // CommonJS import
+ * const client = new WorkSpacesClient(config);
+ * const command = new ModifySamlPropertiesCommand(input);
+ * const response = await client.send(command);
+ * ```
+ *
+ * @see {@link ModifySamlPropertiesCommandInput} for command's `input` shape.
+ * @see {@link ModifySamlPropertiesCommandOutput} for command's `response` shape.
+ * @see {@link WorkSpacesClientResolvedConfig | config} for WorkSpacesClient's `config` shape.
+ *
+ */
+export class ModifySamlPropertiesCommand extends $Command<
+  ModifySamlPropertiesCommandInput,
+  ModifySamlPropertiesCommandOutput,
+  WorkSpacesClientResolvedConfig
+> {
+  // Start section: command_properties
+  // End section: command_properties
+
+  constructor(readonly input: ModifySamlPropertiesCommandInput) {
+    // Start section: command_constructor
+    super();
+    // End section: command_constructor
+  }
+
+  /**
+   * @internal
+   */
+  resolveMiddleware(
+    clientStack: MiddlewareStack<ServiceInputTypes, ServiceOutputTypes>,
+    configuration: WorkSpacesClientResolvedConfig,
+    options?: __HttpHandlerOptions
+  ): Handler<ModifySamlPropertiesCommandInput, ModifySamlPropertiesCommandOutput> {
+    this.middlewareStack.use(getSerdePlugin(configuration, this.serialize, this.deserialize));
+
+    const stack = clientStack.concat(this.middlewareStack);
+
+    const { logger } = configuration;
+    const clientName = "WorkSpacesClient";
+    const commandName = "ModifySamlPropertiesCommand";
+    const handlerExecutionContext: HandlerExecutionContext = {
+      logger,
+      clientName,
+      commandName,
+      inputFilterSensitiveLog: ModifySamlPropertiesRequestFilterSensitiveLog,
+      outputFilterSensitiveLog: ModifySamlPropertiesResultFilterSensitiveLog,
+    };
+    const { requestHandler } = configuration;
+    return stack.resolve(
+      (request: FinalizeHandlerArguments<any>) =>
+        requestHandler.handle(request.request as __HttpRequest, options || {}),
+      handlerExecutionContext
+    );
+  }
+
+  private serialize(input: ModifySamlPropertiesCommandInput, context: __SerdeContext): Promise<__HttpRequest> {
+    return serializeAws_json1_1ModifySamlPropertiesCommand(input, context);
+  }
+
+  private deserialize(output: __HttpResponse, context: __SerdeContext): Promise<ModifySamlPropertiesCommandOutput> {
+    return deserializeAws_json1_1ModifySamlPropertiesCommand(output, context);
+  }
+
+  // Start section: command_body_extra
+  // End section: command_body_extra
+}
diff --git a/clients/client-workspaces/src/commands/index.ts b/clients/client-workspaces/src/commands/index.ts
@@ -43,6 +43,7 @@ export * from "./ListAvailableManagementCidrRangesCommand";
 export * from "./MigrateWorkspaceCommand";
 export * from "./ModifyAccountCommand";
 export * from "./ModifyClientPropertiesCommand";
+export * from "./ModifySamlPropertiesCommand";
 export * from "./ModifySelfservicePermissionsCommand";
 export * from "./ModifyWorkspaceAccessPropertiesCommand";
 export * from "./ModifyWorkspaceCreationPropertiesCommand";

diff --git a/clients/client-workspaces/src/models/models_0.ts b/clients/client-workspaces/src/models/models_0.ts
@@ -1373,6 +1373,11 @@ export interface DefaultWorkspaceCreationProperties {
   EnableMaintenanceMode?: boolean;
 }
 
+export enum DeletableSamlProperty {
+  SAML_PROPERTIES_RELAY_STATE_PARAMETER_NAME = "SAML_PROPERTIES_RELAY_STATE_PARAMETER_NAME",
+  SAML_PROPERTIES_USER_ACCESS_URL = "SAML_PROPERTIES_USER_ACCESS_URL",
+}
+
 export interface DeleteClientBrandingRequest {
   /**
    * <p>The directory identifier of the WorkSpace for which you want to delete client
@@ -1879,6 +1884,55 @@ export enum WorkspaceDirectoryType {
   SIMPLE_AD = "SIMPLE_AD",
 }
 
+export enum SamlStatusEnum {
+  DISABLED = "DISABLED",
+  ENABLED = "ENABLED",
+  ENABLED_WITH_DIRECTORY_LOGIN_FALLBACK = "ENABLED_WITH_DIRECTORY_LOGIN_FALLBACK",
+}
+
+/**
+ * <p>Describes the enablement status, user access URL, and relay state parameter name that
+ *          are used for configuring federation with an SAML 2.0 identity provider.</p>
+ */
+export interface SamlProperties {
+  /**
+   * <p>Indicates the status of SAML 2.0 authentication. These statuses include the following.</p>
+   *          <ul>
+   *             <li>
+   *                <p>If the setting is <code>DISABLED</code>, end users will be directed to login with their directory credentials.</p>
+   *             </li>
+   *             <li>
+   *                <p>If the setting is <code>ENABLED</code>, end users will be directed to login via the user access URL. Users attempting
+   *                to connect to WorkSpaces from a client application that does not support SAML 2.0 authentication will not be able to
+   *                connect.</p>
+   *             </li>
+   *             <li>
+   *                <p>If the setting is <code>ENABLED_WITH_DIRECTORY_LOGIN_FALLBACK</code>, end users will be directed to login via the user
+   *                access URL on supported client applications, but will not prevent clients that do not support SAML 2.0 authentication
+   *                from connecting as if SAML 2.0 authentication was disabled.</p>
+   *             </li>
+   *          </ul>
+   */
+  Status?: SamlStatusEnum | string;
+
+  /**
+   * <p>The SAML 2.0 identity provider (IdP) user access URL is the URL a user would navigate to in their web browser in
+   *          order to federate from the IdP and directly access the application, without any SAML 2.0 service provider (SP)
+   *          bindings.</p>
+   */
+  UserAccessUrl?: string;
+
+  /**
+   * <p>The relay state parameter name supported by the SAML 2.0 identity provider (IdP). When the end user is redirected to
+   *          the user access URL from the WorkSpaces client application, this relay state parameter name is appended as a query
+   *          parameter to the URL along with the relay state endpoint to return the user to the client application session.</p>
+   *
+   *          <p>To use SAML 2.0 authentication with WorkSpaces, the IdP must support IdP-initiated deep linking for the relay state
+   *          URL. Consult your IdP documentation for more information.</p>
+   */
+  RelayStateParameterName?: string;
+}
+
 /**
  * <p>Describes the self-service permissions for a directory. For more information, see <a href="https://docs.aws.amazon.com/workspaces/latest/adminguide/enable-user-self-service-workspace-management.html">Enable Self-Service WorkSpace Management Capabilities for Your Users</a>.</p>
  */
@@ -2064,6 +2118,12 @@ export interface WorkspaceDirectory {
    * <p>The default self-service permissions for WorkSpaces in the directory.</p>
    */
   SelfservicePermissions?: SelfservicePermissions;
+
+  /**
+   * <p>Describes the enablement status, user access URL, and relay state parameter name that are used for configuring
+   *          federation with an SAML 2.0 identity provider.</p>
+   */
+  SamlProperties?: SamlProperties;
 }
 
 export interface DescribeWorkspaceDirectoriesResult {
@@ -2764,6 +2824,37 @@ export interface ModifyClientPropertiesRequest {
 
 export interface ModifyClientPropertiesResult {}
 
+export interface ModifySamlPropertiesRequest {
+  /**
+   * <p>The directory identifier for which you want to configure SAML properties.</p>
+   */
+  ResourceId: string | undefined;
+
+  /**
+   * <p>The properties for configuring SAML 2.0 authentication.</p>
+   */
+  SamlProperties?: SamlProperties;
+
+  /**
+   * <p>The SAML properties to delete as part of your request.</p>
+   *          <p>Specify one of the following options:</p>
+   *          <ul>
+   *             <li>
+   *                <p>
+   *                   <code>SAML_PROPERTIES_USER_ACCESS_URL</code> to delete the user access URL.</p>
+   *             </li>
+   *             <li>
+   *                <p>
+   *                   <code>SAML_PROPERTIES_RELAY_STATE_PARAMETER_NAME</code> to delete the
+   *                relay state parameter name.</p>
+   *             </li>
+   *          </ul>
+   */
+  PropertiesToDelete?: (DeletableSamlProperty | string)[];
+}
+
+export interface ModifySamlPropertiesResult {}
+
 export interface ModifySelfservicePermissionsRequest {
   /**
    * <p>The identifier of the directory.</p>
@@ -3859,6 +3950,13 @@ export const DescribeWorkspaceDirectoriesRequestFilterSensitiveLog = (
   ...obj,
 });
 
+/**
+ * @internal
+ */
+export const SamlPropertiesFilterSensitiveLog = (obj: SamlProperties): any => ({
+  ...obj,
+});
+
 /**
  * @internal
  */
@@ -4130,6 +4228,20 @@ export const ModifyClientPropertiesResultFilterSensitiveLog = (obj: ModifyClient
   ...obj,
 });
 
+/**
+ * @internal
+ */
+export const ModifySamlPropertiesRequestFilterSensitiveLog = (obj: ModifySamlPropertiesRequest): any => ({
+  ...obj,
+});
+
+/**
+ * @internal
+ */
+export const ModifySamlPropertiesResultFilterSensitiveLog = (obj: ModifySamlPropertiesResult): any => ({
+  ...obj,
+});
+
 /**
  * @internal
  */