feat(client-connect): This release adds Hierarchy based Access Control fields to Security Profile public APIs and adds support for UserAttributeFilter to SearchUsers API.

Author: awstools

clients/client-connect/src/commands/CreateSecurityProfileCommand.ts

@@ -58,6 +58,10 @@ export interface CreateSecurityProfileCommandOutput extends CreateSecurityProfil
  *       ],
  *     },
  *   ],
+ *   HierarchyRestrictedResources: [ // HierarchyRestrictedResourceList
+ *     "STRING_VALUE",
+ *   ],
+ *   AllowedAccessControlHierarchyGroupId: "STRING_VALUE",
  * };
  * const command = new CreateSecurityProfileCommand(input);
  * const response = await client.send(command);

clients/client-connect/src/commands/DescribeSecurityProfileCommand.ts

@@ -58,6 +58,10 @@ export interface DescribeSecurityProfileCommandOutput extends DescribeSecurityPr
  * //     ],
  * //     LastModifiedTime: new Date("TIMESTAMP"),
  * //     LastModifiedRegion: "STRING_VALUE",
+ * //     HierarchyRestrictedResources: [ // HierarchyRestrictedResourceList
+ * //       "STRING_VALUE",
+ * //     ],
+ * //     AllowedAccessControlHierarchyGroupId: "STRING_VALUE",
  * //   },
  * // };
  *

clients/client-connect/src/commands/SearchUsersCommand.ts

@@ -60,6 +60,26 @@ export interface SearchUsersCommandOutput extends SearchUsersResponse, __Metadat
  *       ],
  *       TagCondition: "<TagCondition>",
  *     },
+ *     UserAttributeFilter: { // ControlPlaneUserAttributeFilter
+ *       OrConditions: [ // AttributeOrConditionList
+ *         { // AttributeAndCondition
+ *           TagConditions: "<TagAndConditionList>",
+ *           HierarchyGroupCondition: { // HierarchyGroupCondition
+ *             Value: "STRING_VALUE",
+ *             HierarchyGroupMatchType: "EXACT" || "WITH_CHILD_GROUPS",
+ *           },
+ *         },
+ *       ],
+ *       AndCondition: {
+ *         TagConditions: "<TagAndConditionList>",
+ *         HierarchyGroupCondition: {
+ *           Value: "STRING_VALUE",
+ *           HierarchyGroupMatchType: "EXACT" || "WITH_CHILD_GROUPS",
+ *         },
+ *       },
+ *       TagCondition: "<TagCondition>",
+ *       HierarchyGroupCondition: "<HierarchyGroupCondition>",
+ *     },
  *   },
  *   SearchCriteria: { // UserSearchCriteria
  *     OrConditions: [ // UserSearchConditionList
@@ -75,10 +95,7 @@ export interface SearchUsersCommandOutput extends SearchUsersResponse, __Metadat
  *           Value: "STRING_VALUE",
  *           ComparisonType: "STARTS_WITH" || "CONTAINS" || "EXACT",
  *         },
- *         HierarchyGroupCondition: { // HierarchyGroupCondition
- *           Value: "STRING_VALUE",
- *           HierarchyGroupMatchType: "EXACT" || "WITH_CHILD_GROUPS",
- *         },
+ *         HierarchyGroupCondition: "<HierarchyGroupCondition>",
  *       },
  *     ],
  *     AndConditions: [
@@ -89,10 +106,7 @@ export interface SearchUsersCommandOutput extends SearchUsersResponse, __Metadat
  *       Value: "STRING_VALUE",
  *       ComparisonType: "STARTS_WITH" || "CONTAINS" || "EXACT",
  *     },
- *     HierarchyGroupCondition: {
- *       Value: "STRING_VALUE",
- *       HierarchyGroupMatchType: "EXACT" || "WITH_CHILD_GROUPS",
- *     },
+ *     HierarchyGroupCondition: "<HierarchyGroupCondition>",
  *   },
  * };
  * const command = new SearchUsersCommand(input);

clients/client-connect/src/commands/UpdateSecurityProfileCommand.ts

@@ -55,6 +55,10 @@ export interface UpdateSecurityProfileCommandOutput extends __MetadataBearer {}
  *       ],
  *     },
  *   ],
+ *   HierarchyRestrictedResources: [ // HierarchyRestrictedResourceList
+ *     "STRING_VALUE",
+ *   ],
+ *   AllowedAccessControlHierarchyGroupId: "STRING_VALUE",
  * };
  * const command = new UpdateSecurityProfileCommand(input);
  * const response = await client.send(command);

clients/client-connect/src/models/models_0.ts

@@ -4388,6 +4388,18 @@ export interface CreateSecurityProfileRequest {
    * @public
    */
   Applications?: Application[];
+
+  /**
+   * <p>The list of resources that a security profile applies hierarchy restrictions to in Amazon Connect. Following are acceptable ResourceNames: <code>User</code>.</p>
+   * @public
+   */
+  HierarchyRestrictedResources?: string[];
+
+  /**
+   * <p>The identifier of the hierarchy group that a security profile uses to restrict access to resources in Amazon Connect.</p>
+   * @public
+   */
+  AllowedAccessControlHierarchyGroupId?: string;
 }
 
 /**

clients/client-connect/src/models/models_1.ts

@@ -888,6 +888,19 @@ export interface SecurityProfile {
    * @public
    */
   LastModifiedRegion?: string;
+
+  /**
+   * <p>The list of resources that a security profile applies hierarchy restrictions to in Amazon Connect. Following are acceptable ResourceNames: <code>User</code>.</p>
+   * @public
+   */
+  HierarchyRestrictedResources?: string[];
+
+  /**
+   * <p>The identifier of the hierarchy group that a security profile uses to restrict access to
+   *    resources in Amazon Connect.</p>
+   * @public
+   */
+  AllowedAccessControlHierarchyGroupId?: string;
 }
 
 /**

clients/client-connect/src/models/models_2.ts

@@ -911,6 +911,74 @@ export interface HierarchyGroupCondition {
   HierarchyGroupMatchType?: HierarchyGroupMatchType;
 }
 
+/**
+ * <p>A list of conditions which would be applied together with an <code>AND</code>
+ *    condition.</p>
+ * @public
+ */
+export interface AttributeAndCondition {
+  /**
+   * <p>A leaf node condition which can be used to specify a tag condition.</p>
+   * @public
+   */
+  TagConditions?: TagCondition[];
+
+  /**
+   * <p>A leaf node condition which can be used to specify a hierarchy group condition.</p>
+   * @public
+   */
+  HierarchyGroupCondition?: HierarchyGroupCondition;
+}
+
+/**
+ * <p>An object that can be used to specify Tag conditions or Hierarchy Group conditions inside
+ *    the <code>SearchFilter</code>.</p>
+ *          <p>This accepts an <code>OR</code> of <code>AND</code> (List of List) input where:</p>
+ *          <ul>
+ *             <li>
+ *                <p>The top level list specifies conditions that need to be applied with <code>OR</code>
+ *      operator</p>
+ *             </li>
+ *             <li>
+ *                <p>The inner list specifies conditions that need to be applied with <code>AND</code>
+ *      operator.</p>
+ *             </li>
+ *          </ul>
+ *          <note>
+ *             <p>Only one field can be populated. Maximum number of allowed Tag conditions is 25. Maximum
+ *     number of allowed Hierarchy Group conditions is 20. </p>
+ *          </note>
+ * @public
+ */
+export interface ControlPlaneUserAttributeFilter {
+  /**
+   * <p>A list of conditions which would be applied together with an <code>OR</code>
+   *    condition.</p>
+   * @public
+   */
+  OrConditions?: AttributeAndCondition[];
+
+  /**
+   * <p>A list of conditions which would be applied together with an <code>AND</code>
+   *    condition.</p>
+   * @public
+   */
+  AndCondition?: AttributeAndCondition;
+
+  /**
+   * <p>A leaf node condition which can be used to specify a tag condition, for example, <code>HAVE
+   *     BPO = 123</code>. </p>
+   * @public
+   */
+  TagCondition?: TagCondition;
+
+  /**
+   * <p>A leaf node condition which can be used to specify a hierarchy group condition.</p>
+   * @public
+   */
+  HierarchyGroupCondition?: HierarchyGroupCondition;
+}
+
 /**
  * <p>Filters to be applied to search results.</p>
  * @public
@@ -932,6 +1000,29 @@ export interface UserSearchFilter {
    * @public
    */
   TagFilter?: ControlPlaneTagFilter;
+
+  /**
+   * <p>An object that can be used to specify Tag conditions or Hierarchy Group conditions inside
+   *    the SearchFilter.</p>
+   *          <p>This accepts an <code>OR</code> of <code>AND</code> (List of List) input where:</p>
+   *          <ul>
+   *             <li>
+   *                <p>The top level list specifies conditions that need to be applied with <code>OR</code>
+   *      operator.</p>
+   *             </li>
+   *             <li>
+   *                <p>The inner list specifies conditions that need to be applied with <code>AND</code>
+   *      operator.</p>
+   *             </li>
+   *          </ul>
+   *          <note>
+   *             <p>Only one field can be populated. This object can’t be used along with TagFilter. Request
+   *     can either contain TagFilter or UserAttributeFilter if SearchFilter is specified, combination of
+   *     both is not supported and such request will throw AccessDeniedException.</p>
+   *          </note>
+   * @public
+   */
+  UserAttributeFilter?: ControlPlaneUserAttributeFilter;
 }
 
 /**
@@ -3968,6 +4059,18 @@ export interface UpdateSecurityProfileRequest {
    * @public
    */
   Applications?: Application[];
+
+  /**
+   * <p>The list of resources that a security profile applies hierarchy restrictions to in Amazon Connect. Following are acceptable ResourceNames: <code>User</code>.</p>
+   * @public
+   */
+  HierarchyRestrictedResources?: string[];
+
+  /**
+   * <p>The identifier of the hierarchy group that a security profile uses to restrict access to resources in Amazon Connect.</p>
+   * @public
+   */
+  AllowedAccessControlHierarchyGroupId?: string;
 }
 
 /**

clients/client-connect/src/protocols/Aws_restJson1.ts

@@ -897,6 +897,7 @@ import {
 } from "../models/models_1";
 import {
   AnswerMachineDetectionConfig,
+  AttributeAndCondition,
   ChatEvent,
   ChatMessage,
   ChatParticipantRoleConfig,
@@ -906,6 +907,7 @@ import {
   ContactSearchSummaryAgentInfo,
   ContactSearchSummaryQueueInfo,
   ControlPlaneTagFilter,
+  ControlPlaneUserAttributeFilter,
   DestinationNotAllowedException,
   DisconnectReason,
   EvaluationAnswerInput,
@@ -1849,9 +1851,11 @@ export const se_CreateSecurityProfileCommand = async (
   let body: any;
   body = JSON.stringify(
     take(input, {
+      AllowedAccessControlHierarchyGroupId: [],
       AllowedAccessControlTags: (_) => _json(_),
       Applications: (_) => _json(_),
       Description: [],
+      HierarchyRestrictedResources: (_) => _json(_),
       Permissions: (_) => _json(_),
       SecurityProfileName: [],
       TagRestrictedResources: (_) => _json(_),
@@ -6151,9 +6155,11 @@ export const se_UpdateSecurityProfileCommand = async (
   let body: any;
   body = JSON.stringify(
     take(input, {
+      AllowedAccessControlHierarchyGroupId: [],
       AllowedAccessControlTags: (_) => _json(_),
       Applications: (_) => _json(_),
       Description: [],
+      HierarchyRestrictedResources: (_) => _json(_),
       Permissions: (_) => _json(_),
       TagRestrictedResources: (_) => _json(_),
     })
@@ -11944,6 +11950,10 @@ const de_UserNotFoundExceptionRes = async (
 
 // se_AssignContactCategoryActionDefinition omitted.
 
+// se_AttributeAndCondition omitted.
+
+// se_AttributeOrConditionList omitted.
+
 // se_Attributes omitted.
 
 // se_Campaign omitted.
@@ -11976,6 +11986,8 @@ const de_UserNotFoundExceptionRes = async (
 
 // se_ControlPlaneTagFilter omitted.
 
+// se_ControlPlaneUserAttributeFilter omitted.
+
 /**
  * serializeAws_restJson1CreateCaseActionDefinition
  */
@@ -12177,6 +12189,8 @@ const se_FieldValueUnion = (input: FieldValueUnion, context: __SerdeContext): an
 
 // se_HierarchyLevelUpdate omitted.
 
+// se_HierarchyRestrictedResourceList omitted.
+
 // se_HierarchyStructureUpdate omitted.
 
 /**
@@ -13495,6 +13509,8 @@ const de_HierarchyPath = (output: any, context: __SerdeContext): HierarchyPath =
 
 // de_HierarchyPathReference omitted.
 
+// de_HierarchyRestrictedResourceList omitted.
+
 /**
  * deserializeAws_restJson1HierarchyStructure
  */
@@ -14381,9 +14397,11 @@ const de_SecurityKeysList = (output: any, context: __SerdeContext): SecurityKey[
  */
 const de_SecurityProfile = (output: any, context: __SerdeContext): SecurityProfile => {
   return take(output, {
+    AllowedAccessControlHierarchyGroupId: __expectString,
     AllowedAccessControlTags: _json,
     Arn: __expectString,
     Description: __expectString,
+    HierarchyRestrictedResources: _json,
     Id: __expectString,
     LastModifiedRegion: __expectString,
     LastModifiedTime: (_: any) => __expectNonNull(__parseEpochTimestamp(__expectNumber(_))),