feat(client-connect): This release adds Hierarchy based Access Control fields to Security Profile public APIs and adds support for UserAttributeFilter to SearchUsers API.

Author: awstools

clients/client-connect/src/commands/CreateSecurityProfileCommand.ts

@@ -58,6 +58,10 @@ export interface CreateSecurityProfileCommandOutput extends CreateSecurityProfil
  *       ],
  *     },
  *   ],
+ *   HierarchyRestrictedResources: [ // HierarchyRestrictedResourceList
+ *     "STRING_VALUE",
+ *   ],
+ *   AllowedAccessControlHierarchyGroupId: "STRING_VALUE",
  * };
  * const command = new CreateSecurityProfileCommand(input);
  * const response = await client.send(command);

clients/client-connect/src/commands/DescribeSecurityProfileCommand.ts

@@ -58,6 +58,10 @@ export interface DescribeSecurityProfileCommandOutput extends DescribeSecurityPr
  * //     ],
  * //     LastModifiedTime: new Date("TIMESTAMP"),
  * //     LastModifiedRegion: "STRING_VALUE",
+ * //     HierarchyRestrictedResources: [ // HierarchyRestrictedResourceList
+ * //       "STRING_VALUE",
+ * //     ],
+ * //     AllowedAccessControlHierarchyGroupId: "STRING_VALUE",
  * //   },
  * // };
  *

clients/client-connect/src/commands/SearchUsersCommand.ts

@@ -60,6 +60,26 @@ export interface SearchUsersCommandOutput extends SearchUsersResponse, __Metadat
  *       ],
  *       TagCondition: "<TagCondition>",
  *     },
+ *     UserAttributeFilter: { // ControlPlaneUserAttributeFilter
+ *       OrConditions: [ // AttributeOrConditionList
+ *         { // AttributeAndCondition
+ *           TagConditions: "<TagAndConditionList>",
+ *           HierarchyGroupCondition: { // HierarchyGroupCondition
+ *             Value: "STRING_VALUE",
+ *             HierarchyGroupMatchType: "EXACT" || "WITH_CHILD_GROUPS",
+ *           },
+ *         },
+ *       ],
+ *       AndCondition: {
+ *         TagConditions: "<TagAndConditionList>",
+ *         HierarchyGroupCondition: {
+ *           Value: "STRING_VALUE",
+ *           HierarchyGroupMatchType: "EXACT" || "WITH_CHILD_GROUPS",
+ *         },
+ *       },
+ *       TagCondition: "<TagCondition>",
+ *       HierarchyGroupCondition: "<HierarchyGroupCondition>",
+ *     },
  *   },
  *   SearchCriteria: { // UserSearchCriteria
  *     OrConditions: [ // UserSearchConditionList
@@ -75,10 +95,7 @@ export interface SearchUsersCommandOutput extends SearchUsersResponse, __Metadat
  *           Value: "STRING_VALUE",
  *           ComparisonType: "STARTS_WITH" || "CONTAINS" || "EXACT",
  *         },
- *         HierarchyGroupCondition: { // HierarchyGroupCondition
- *           Value: "STRING_VALUE",
- *           HierarchyGroupMatchType: "EXACT" || "WITH_CHILD_GROUPS",
- *         },
+ *         HierarchyGroupCondition: "<HierarchyGroupCondition>",
  *       },
  *     ],
  *     AndConditions: [
@@ -89,10 +106,7 @@ export interface SearchUsersCommandOutput extends SearchUsersResponse, __Metadat
  *       Value: "STRING_VALUE",
  *       ComparisonType: "STARTS_WITH" || "CONTAINS" || "EXACT",
  *     },
- *     HierarchyGroupCondition: {
- *       Value: "STRING_VALUE",
- *       HierarchyGroupMatchType: "EXACT" || "WITH_CHILD_GROUPS",
- *     },
+ *     HierarchyGroupCondition: "<HierarchyGroupCondition>",
  *   },
  * };
  * const command = new SearchUsersCommand(input);

clients/client-connect/src/commands/UpdateSecurityProfileCommand.ts

@@ -55,6 +55,10 @@ export interface UpdateSecurityProfileCommandOutput extends __MetadataBearer {}
  *       ],
  *     },
  *   ],
+ *   HierarchyRestrictedResources: [ // HierarchyRestrictedResourceList
+ *     "STRING_VALUE",
+ *   ],
+ *   AllowedAccessControlHierarchyGroupId: "STRING_VALUE",
  * };
  * const command = new UpdateSecurityProfileCommand(input);
  * const response = await client.send(command);

clients/client-connect/src/models/models_0.ts

@@ -4388,6 +4388,18 @@ export interface CreateSecurityProfileRequest {
    * @public
    */
   Applications?: Application[];
+
+  /**
+   * <p>The list of resources that a security profile applies hierarchy restrictions to in Amazon Connect. Following are acceptable ResourceNames: <code>User</code>.</p>
+   * @public
+   */
+  HierarchyRestrictedResources?: string[];
+
+  /**
+   * <p>The identifier of the hierarchy group that a security profile uses to restrict access to resources in Amazon Connect.</p>
+   * @public
+   */
+  AllowedAccessControlHierarchyGroupId?: string;
 }
 
 /**

clients/client-connect/src/models/models_1.ts

@@ -888,6 +888,19 @@ export interface SecurityProfile {
    * @public
    */
   LastModifiedRegion?: string;
+
+  /**
+   * <p>The list of resources that a security profile applies hierarchy restrictions to in Amazon Connect. Following are acceptable ResourceNames: <code>User</code>.</p>
+   * @public
+   */
+  HierarchyRestrictedResources?: string[];
+
+  /**
+   * <p>The identifier of the hierarchy group that a security profile uses to restrict access to
+   *    resources in Amazon Connect.</p>
+   * @public
+   */
+  AllowedAccessControlHierarchyGroupId?: string;
 }
 
 /**

clients/client-connect/src/models/models_2.ts

@@ -911,6 +911,74 @@ export interface HierarchyGroupCondition {
   HierarchyGroupMatchType?: HierarchyGroupMatchType;
 }
 
+/**
+ * <p>A list of conditions which would be applied together with an <code>AND</code>
+ *    condition.</p>
+ * @public
+ */
+export interface AttributeAndCondition {
+  /**
+   * <p>A leaf node condition which can be used to specify a tag condition.</p>
+   * @public
+   */
+  TagConditions?: TagCondition[];
+
+  /**
+   * <p>A leaf node condition which can be used to specify a hierarchy group condition.</p>
+   * @public
+   */
+  HierarchyGroupCondition?: HierarchyGroupCondition;
+}
+
+/**
+ * <p>An object that can be used to specify Tag conditions or Hierarchy Group conditions inside
+ *    the <code>SearchFilter</code>.</p>
+ *          <p>This accepts an <code>OR</code> of <code>AND</code> (List of List) input where:</p>
+ *          <ul>
+ *             <li>
+ *                <p>The top level list specifies conditions that need to be applied with <code>OR</code>
+ *      operator</p>
+ *             </li>
+ *             <li>
+ *                <p>The inner list specifies conditions that need to be applied with <code>AND</code>
+ *      operator.</p>
+ *             </li>
+ *          </ul>
+ *          <note>
+ *             <p>Only one field can be populated. Maximum number of allowed Tag conditions is 25. Maximum
+ *     number of allowed Hierarchy Group conditions is 20. </p>
+ *          </note>
+ * @public
+ */
+export interface ControlPlaneUserAttributeFilter {
+  /**
+   * <p>A list of conditions which would be applied together with an <code>OR</code>
+   *    condition.</p>
+   * @public
+   */
+  OrConditions?: AttributeAndCondition[];
+
+  /**
+   * <p>A list of conditions which would be applied together with an <code>AND</code>
+   *    condition.</p>
+   * @public
+   */
+  AndCondition?: AttributeAndCondition;
+
+  /**
+   * <p>A leaf node condition which can be used to specify a tag condition, for example, <code>HAVE
+   *     BPO = 123</code>. </p>
+   * @public
+   */
+  TagCondition?: TagCondition;
+
+  /**
+   * <p>A leaf node condition which can be used to specify a hierarchy group condition.</p>
+   * @public
+   */
+  HierarchyGroupCondition?: HierarchyGroupCondition;
+}
+
 /**
  * <p>Filters to be applied to search results.</p>
  * @public
@@ -932,6 +1000,29 @@ export interface UserSearchFilter {
    * @public
    */
   TagFilter?: ControlPlaneTagFilter;
+
+  /**
+   * <p>An object that can be used to specify Tag conditions or Hierarchy Group conditions inside
+   *    the SearchFilter.</p>
+   *          <p>This accepts an <code>OR</code> of <code>AND</code> (List of List) input where:</p>
+   *          <ul>
+   *             <li>
+   *                <p>The top level list specifies conditions that need to be applied with <code>OR</code>
+   *      operator.</p>
+   *             </li>
+   *             <li>
+   *                <p>The inner list specifies conditions that need to be applied with <code>AND</code>
+   *      operator.</p>
+   *             </li>
+   *          </ul>
+   *          <note>
+   *             <p>Only one field can be populated. This object can’t be used along with TagFilter. Request
+   *     can either contain TagFilter or UserAttributeFilter if SearchFilter is specified, combination of
+   *     both is not supported and such request will throw AccessDeniedException.</p>
+   *          </note>
+   * @public
+   */
+  UserAttributeFilter?: ControlPlaneUserAttributeFilter;
 }
 
 /**
@@ -3968,6 +4059,18 @@ export interface UpdateSecurityProfileRequest {
    * @public
    */
   Applications?: Application[];
+
+  /**
+   * <p>The list of resources that a security profile applies hierarchy restrictions to in Amazon Connect. Following are acceptable ResourceNames: <code>User</code>.</p>
+   * @public
+   */
+  HierarchyRestrictedResources?: string[];
+
+  /**
+   * <p>The identifier of the hierarchy group that a security profile uses to restrict access to resources in Amazon Connect.</p>
+   * @public
+   */
+  AllowedAccessControlHierarchyGroupId?: string;
 }
 
 /**

clients/client-connect/src/protocols/Aws_restJson1.ts

@@ -897,6 +897,7 @@ import {
 } from "../models/models_1";
 import {
   AnswerMachineDetectionConfig,
+  AttributeAndCondition,
   ChatEvent,
   ChatMessage,
   ChatParticipantRoleConfig,
@@ -906,6 +907,7 @@ import {
   ContactSearchSummaryAgentInfo,
   ContactSearchSummaryQueueInfo,
   ControlPlaneTagFilter,
+  ControlPlaneUserAttributeFilter,
   DestinationNotAllowedException,
   DisconnectReason,
   EvaluationAnswerInput,
@@ -1849,9 +1851,11 @@ export const se_CreateSecurityProfileCommand = async (
   let body: any;
   body = JSON.stringify(
     take(input, {
+      AllowedAccessControlHierarchyGroupId: [],
       AllowedAccessControlTags: (_) => _json(_),
       Applications: (_) => _json(_),
       Description: [],
+      HierarchyRestrictedResources: (_) => _json(_),
       Permissions: (_) => _json(_),
       SecurityProfileName: [],
       TagRestrictedResources: (_) => _json(_),
@@ -6151,9 +6155,11 @@ export const se_UpdateSecurityProfileCommand = async (
   let body: any;
   body = JSON.stringify(
     take(input, {
+      AllowedAccessControlHierarchyGroupId: [],
       AllowedAccessControlTags: (_) => _json(_),
       Applications: (_) => _json(_),
       Description: [],
+      HierarchyRestrictedResources: (_) => _json(_),
       Permissions: (_) => _json(_),
       TagRestrictedResources: (_) => _json(_),
     })
@@ -11944,6 +11950,10 @@ const de_UserNotFoundExceptionRes = async (
 
 // se_AssignContactCategoryActionDefinition omitted.
 
+// se_AttributeAndCondition omitted.
+
+// se_AttributeOrConditionList omitted.
+
 // se_Attributes omitted.
 
 // se_Campaign omitted.
@@ -11976,6 +11986,8 @@ const de_UserNotFoundExceptionRes = async (
 
 // se_ControlPlaneTagFilter omitted.
 
+// se_ControlPlaneUserAttributeFilter omitted.
+
 /**
  * serializeAws_restJson1CreateCaseActionDefinition
  */
@@ -12177,6 +12189,8 @@ const se_FieldValueUnion = (input: FieldValueUnion, context: __SerdeContext): an
 
 // se_HierarchyLevelUpdate omitted.
 
+// se_HierarchyRestrictedResourceList omitted.
+
 // se_HierarchyStructureUpdate omitted.
 
 /**
@@ -13495,6 +13509,8 @@ const de_HierarchyPath = (output: any, context: __SerdeContext): HierarchyPath =
 
 // de_HierarchyPathReference omitted.
 
+// de_HierarchyRestrictedResourceList omitted.
+
 /**
  * deserializeAws_restJson1HierarchyStructure
  */
@@ -14381,9 +14397,11 @@ const de_SecurityKeysList = (output: any, context: __SerdeContext): SecurityKey[
  */
 const de_SecurityProfile = (output: any, context: __SerdeContext): SecurityProfile => {
   return take(output, {
+    AllowedAccessControlHierarchyGroupId: __expectString,
     AllowedAccessControlTags: _json,
     Arn: __expectString,
     Description: __expectString,
+    HierarchyRestrictedResources: _json,
     Id: __expectString,
     LastModifiedRegion: __expectString,
     LastModifiedTime: (_: any) => __expectNonNull(__parseEpochTimestamp(__expectNumber(_))),

codegen/sdk-codegen/aws-models/connect.json

@@ -3501,6 +3501,23 @@
         "smithy.api#documentation": "<p>A toggle for an individual feature at the instance level.</p>"
       }
     },
+    "com.amazonaws.connect#AttributeAndCondition": {
+      "type": "structure",
+      "members": {
+        "TagConditions": {
+          "target": "com.amazonaws.connect#TagAndConditionList",
+          "traits": {
+            "smithy.api#documentation": "<p>A leaf node condition which can be used to specify a tag condition.</p>"
+          }
+        },
+        "HierarchyGroupCondition": {
+          "target": "com.amazonaws.connect#HierarchyGroupCondition"
+        }
+      },
+      "traits": {
+        "smithy.api#documentation": "<p>A list of conditions which would be applied together with an <code>AND</code>\n   condition.</p>"
+      }
+    },
     "com.amazonaws.connect#AttributeName": {
       "type": "string",
       "traits": {
@@ -3510,6 +3527,12 @@
         }
       }
     },
+    "com.amazonaws.connect#AttributeOrConditionList": {
+      "type": "list",
+      "member": {
+        "target": "com.amazonaws.connect#AttributeAndCondition"
+      }
+    },
     "com.amazonaws.connect#AttributeValue": {
       "type": "string",
       "traits": {
@@ -5434,6 +5457,32 @@
         "smithy.api#documentation": "<p>An object that can be used to specify Tag conditions inside the <code>SearchFilter</code>.\n   This accepts an <code>OR</code> of <code>AND</code> (List of List) input where: </p>\n         <ul>\n            <li>\n               <p>Top level list specifies conditions that need to be applied with <code>OR</code>\n     operator</p>\n            </li>\n            <li>\n               <p>Inner list specifies conditions that need to be applied with <code>AND</code>\n     operator.</p>\n            </li>\n         </ul>"
       }
     },
+    "com.amazonaws.connect#ControlPlaneUserAttributeFilter": {
+      "type": "structure",
+      "members": {
+        "OrConditions": {
+          "target": "com.amazonaws.connect#AttributeOrConditionList",
+          "traits": {
+            "smithy.api#documentation": "<p>A list of conditions which would be applied together with an <code>OR</code>\n   condition.</p>"
+          }
+        },
+        "AndCondition": {
+          "target": "com.amazonaws.connect#AttributeAndCondition",
+          "traits": {
+            "smithy.api#documentation": "<p>A list of conditions which would be applied together with an <code>AND</code>\n   condition.</p>"
+          }
+        },
+        "TagCondition": {
+          "target": "com.amazonaws.connect#TagCondition"
+        },
+        "HierarchyGroupCondition": {
+          "target": "com.amazonaws.connect#HierarchyGroupCondition"
+        }
+      },
+      "traits": {
+        "smithy.api#documentation": "<p>An object that can be used to specify Tag conditions or Hierarchy Group conditions inside\n   the <code>SearchFilter</code>.</p>\n         <p>This accepts an <code>OR</code> of <code>AND</code> (List of List) input where:</p>\n         <ul>\n            <li>\n               <p>The top level list specifies conditions that need to be applied with <code>OR</code>\n     operator</p>\n            </li>\n            <li>\n               <p>The inner list specifies conditions that need to be applied with <code>AND</code>\n     operator.</p>\n            </li>\n         </ul>\n         <note>\n            <p>Only one field can be populated. Maximum number of allowed Tag conditions is 25. Maximum\n    number of allowed Hierarchy Group conditions is 20. </p>\n         </note>"
+      }
+    },
     "com.amazonaws.connect#CreateAgentStatus": {
       "type": "operation",
       "input": {
@@ -7149,6 +7198,18 @@
           "traits": {
             "smithy.api#documentation": "<p>This API is in preview release for Amazon Connect and is subject to change.</p>\n         <p>A list of third-party applications that the security profile will give access to.</p>"
           }
+        },
+        "HierarchyRestrictedResources": {
+          "target": "com.amazonaws.connect#HierarchyRestrictedResourceList",
+          "traits": {
+            "smithy.api#documentation": "<p>The list of resources that a security profile applies hierarchy restrictions to in Amazon Connect. Following are acceptable ResourceNames: <code>User</code>.</p>"
+          }
+        },
+        "AllowedAccessControlHierarchyGroupId": {
+          "target": "com.amazonaws.connect#HierarchyGroupId",
+          "traits": {
+            "smithy.api#documentation": "<p>The identifier of the hierarchy group that a security profile uses to restrict access to resources in Amazon Connect.</p>"
+          }
         }
       },
       "traits": {
@@ -15961,6 +16022,21 @@
         "smithy.api#documentation": "<p>Information about the levels in the hierarchy group.</p>"
       }
     },
+    "com.amazonaws.connect#HierarchyRestrictedResourceList": {
+      "type": "list",
+      "member": {
+        "target": "com.amazonaws.connect#HierarchyRestrictedResourceName"
+      }
+    },
+    "com.amazonaws.connect#HierarchyRestrictedResourceName": {
+      "type": "string",
+      "traits": {
+        "smithy.api#length": {
+          "min": 1,
+          "max": 128
+        }
+      }
+    },
     "com.amazonaws.connect#HierarchyStructure": {
       "type": "structure",
       "members": {
@@ -29590,6 +29666,18 @@
           "traits": {
             "smithy.api#documentation": "<p>The Amazon Web Services Region where this resource was last modified.</p>"
           }
+        },
+        "HierarchyRestrictedResources": {
+          "target": "com.amazonaws.connect#HierarchyRestrictedResourceList",
+          "traits": {
+            "smithy.api#documentation": "<p>The list of resources that a security profile applies hierarchy restrictions to in Amazon Connect. Following are acceptable ResourceNames: <code>User</code>.</p>"
+          }
+        },
+        "AllowedAccessControlHierarchyGroupId": {
+          "target": "com.amazonaws.connect#HierarchyGroupId",
+          "traits": {
+            "smithy.api#documentation": "<p>The identifier of the hierarchy group that a security profile uses to restrict access to\n   resources in Amazon Connect.</p>"
+          }
         }
       },
       "traits": {
@@ -35660,6 +35748,18 @@
           "traits": {
             "smithy.api#documentation": "<p>This API is in preview release for Amazon Connect and is subject to change.</p>\n         <p>A list of the third-party application's metadata.</p>"
           }
+        },
+        "HierarchyRestrictedResources": {
+          "target": "com.amazonaws.connect#HierarchyRestrictedResourceList",
+          "traits": {
+            "smithy.api#documentation": "<p>The list of resources that a security profile applies hierarchy restrictions to in Amazon Connect. Following are acceptable ResourceNames: <code>User</code>.</p>"
+          }
+        },
+        "AllowedAccessControlHierarchyGroupId": {
+          "target": "com.amazonaws.connect#HierarchyGroupId",
+          "traits": {
+            "smithy.api#documentation": "<p>The identifier of the hierarchy group that a security profile uses to restrict access to resources in Amazon Connect.</p>"
+          }
         }
       },
       "traits": {
@@ -37165,6 +37265,12 @@
       "members": {
         "TagFilter": {
           "target": "com.amazonaws.connect#ControlPlaneTagFilter"
+        },
+        "UserAttributeFilter": {
+          "target": "com.amazonaws.connect#ControlPlaneUserAttributeFilter",
+          "traits": {
+            "smithy.api#documentation": "<p>An object that can be used to specify Tag conditions or Hierarchy Group conditions inside\n   the SearchFilter.</p>\n         <p>This accepts an <code>OR</code> of <code>AND</code> (List of List) input where:</p>\n         <ul>\n            <li>\n               <p>The top level list specifies conditions that need to be applied with <code>OR</code>\n     operator.</p>\n            </li>\n            <li>\n               <p>The inner list specifies conditions that need to be applied with <code>AND</code>\n     operator.</p>\n            </li>\n         </ul>\n         <note>\n            <p>Only one field can be populated. This object can’t be used along with TagFilter. Request\n    can either contain TagFilter or UserAttributeFilter if SearchFilter is specified, combination of\n    both is not supported and such request will throw AccessDeniedException.</p>\n         </note>"
+          }
         }
       },
       "traits": {