...
AWS SDK for Go API Reference
We announced the upcoming end-of-support for AWS SDK for Go (v1). We recommend that you migrate to AWS SDK for Go v2. For dates, additional details, and information on how to migrate, please refer to the linked announcement.
import "github.com/aws/aws-sdk-go/service/sso"
Overview
Constants

Overview ▾

Package sso provides the client and types for making API requests to AWS Single Sign-On.

AWS IAM Identity Center (successor to AWS Single Sign-On) Portal is a web service that makes it easy for you to assign user access to IAM Identity Center resources such as the AWS access portal. Users can get AWS account applications and roles assigned to them and get federated into the application.

Although AWS Single Sign-On was renamed, the sso and identitystore API namespaces will continue to retain their original name for backward compatibility purposes. For more information, see IAM Identity Center rename (https://docs.aws.amazon.com/singlesignon/latest/userguide/what-is.html#renamed).

This reference guide describes the IAM Identity Center Portal operations that you can call programatically and includes detailed information on data types and errors.

AWS provides SDKs that consist of libraries and sample code for various programming languages and platforms, such as Java, Ruby, .Net, iOS, or Android. The SDKs provide a convenient way to create programmatic access to IAM Identity Center and other AWS services. For more information about the AWS SDKs, including how to download and install them, see Tools for Amazon Web Services (http://aws.amazon.com/tools/).

See https://docs.aws.amazon.com/goto/WebAPI/sso-2019-06-10 for more information on this service.

See sso package documentation for more information. https://docs.aws.amazon.com/sdk-for-go/api/service/sso/

Using the Client

To contact AWS Single Sign-On with the SDK use the New function to create a new service client. With that client you can make API requests to the service. These clients are safe to use concurrently.

See the SDK's documentation for more information on how to use the SDK. https://docs.aws.amazon.com/sdk-for-go/api/

See aws.Config documentation for more information on configuring SDK clients. https://docs.aws.amazon.com/sdk-for-go/api/aws/#Config

See the AWS Single Sign-On client SSO for more information on creating client for this service. https://docs.aws.amazon.com/sdk-for-go/api/service/sso/#New

The stub package, ssoiface, can be used to provide alternative implementations of service clients, such as mocking the client for testing.

Types ▾

type SSO
func New(p client.ConfigProvider, cfgs ...*aws.Config) *SSO
func (c *SSO) GetRoleCredentials(input *GetRoleCredentialsInput) (*GetRoleCredentialsOutput, error)
func (c *SSO) GetRoleCredentialsRequest(input *GetRoleCredentialsInput) (req *request.Request, output *GetRoleCredentialsOutput)
func (c *SSO) GetRoleCredentialsWithContext(ctx aws.Context, input *GetRoleCredentialsInput, opts ...request.Option) (*GetRoleCredentialsOutput, error)
func (c *SSO) ListAccountRoles(input *ListAccountRolesInput) (*ListAccountRolesOutput, error)
func (c *SSO) ListAccountRolesPages(input *ListAccountRolesInput, fn func(*ListAccountRolesOutput, bool) bool) error
func (c *SSO) ListAccountRolesPagesWithContext(ctx aws.Context, input *ListAccountRolesInput, fn func(*ListAccountRolesOutput, bool) bool, opts ...request.Option) error
func (c *SSO) ListAccountRolesRequest(input *ListAccountRolesInput) (req *request.Request, output *ListAccountRolesOutput)
func (c *SSO) ListAccountRolesWithContext(ctx aws.Context, input *ListAccountRolesInput, opts ...request.Option) (*ListAccountRolesOutput, error)
func (c *SSO) ListAccounts(input *ListAccountsInput) (*ListAccountsOutput, error)
func (c *SSO) ListAccountsPages(input *ListAccountsInput, fn func(*ListAccountsOutput, bool) bool) error
func (c *SSO) ListAccountsPagesWithContext(ctx aws.Context, input *ListAccountsInput, fn func(*ListAccountsOutput, bool) bool, opts ...request.Option) error
func (c *SSO) ListAccountsRequest(input *ListAccountsInput) (req *request.Request, output *ListAccountsOutput)
func (c *SSO) ListAccountsWithContext(ctx aws.Context, input *ListAccountsInput, opts ...request.Option) (*ListAccountsOutput, error)
func (c *SSO) Logout(input *LogoutInput) (*LogoutOutput, error)
func (c *SSO) LogoutRequest(input *LogoutInput) (req *request.Request, output *LogoutOutput)
func (c *SSO) LogoutWithContext(ctx aws.Context, input *LogoutInput, opts ...request.Option) (*LogoutOutput, error)
type AccountInfo
type GetRoleCredentialsInput
type GetRoleCredentialsOutput
type InvalidRequestException
type ListAccountRolesInput
type ListAccountRolesOutput
type ListAccountsInput
type ListAccountsOutput
type LogoutInput
type LogoutOutput
type ResourceNotFoundException
type RoleCredentials
type RoleInfo
type TooManyRequestsException
type UnauthorizedException

Constants ▾

const (

    // ErrCodeInvalidRequestException for service response error code
    // "InvalidRequestException".
    //
    // Indicates that a problem occurred with the input to the request. For example,
    // a required parameter might be missing or out of range.
    ErrCodeInvalidRequestException = "InvalidRequestException"

    // ErrCodeResourceNotFoundException for service response error code
    // "ResourceNotFoundException".
    //
    // The specified resource doesn't exist.
    ErrCodeResourceNotFoundException = "ResourceNotFoundException"

    // ErrCodeTooManyRequestsException for service response error code
    // "TooManyRequestsException".
    //
    // Indicates that the request is being made too frequently and is more than
    // what the server can handle.
    ErrCodeTooManyRequestsException = "TooManyRequestsException"

    // ErrCodeUnauthorizedException for service response error code
    // "UnauthorizedException".
    //
    // Indicates that the request is not authorized. This can happen due to an invalid
    // access token in the request.
    ErrCodeUnauthorizedException = "UnauthorizedException"
)
const (
    ServiceName = "SSO"        // Name of service.
    EndpointsID = "portal.sso" // ID to lookup a service endpoint with.
    ServiceID   = "SSO"        // ServiceID is a unique identifier of a specific service.
)

Service information constants

type AccountInfo

type AccountInfo struct {

    // The identifier of the AWS account that is assigned to the user.
    AccountId *string `locationName:"accountId" type:"string"`

    // The display name of the AWS account that is assigned to the user.
    AccountName *string `locationName:"accountName" type:"string"`

    // The email address of the AWS account that is assigned to the user.
    EmailAddress *string `locationName:"emailAddress" min:"1" type:"string"`
    // contains filtered or unexported fields
}

Provides information about your AWS account.

func (AccountInfo) GoString

func (s AccountInfo) GoString() string

GoString returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

func (*AccountInfo) SetAccountId

func (s *AccountInfo) SetAccountId(v string) *AccountInfo

SetAccountId sets the AccountId field's value.

func (*AccountInfo) SetAccountName

func (s *AccountInfo) SetAccountName(v string) *AccountInfo

SetAccountName sets the AccountName field's value.

func (*AccountInfo) SetEmailAddress

func (s *AccountInfo) SetEmailAddress(v string) *AccountInfo

SetEmailAddress sets the EmailAddress field's value.

func (AccountInfo) String

func (s AccountInfo) String() string

String returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

type GetRoleCredentialsInput

type GetRoleCredentialsInput struct {

    // The token issued by the CreateToken API call. For more information, see CreateToken
    // (https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/API_CreateToken.html)
    // in the IAM Identity Center OIDC API Reference Guide.
    //
    // AccessToken is a sensitive parameter and its value will be
    // replaced with "sensitive" in string returned by GetRoleCredentialsInput's
    // String and GoString methods.
    //
    // AccessToken is a required field
    AccessToken *string `location:"header" locationName:"x-amz-sso_bearer_token" type:"string" required:"true" sensitive:"true"`

    // The identifier for the AWS account that is assigned to the user.
    //
    // AccountId is a required field
    AccountId *string `location:"querystring" locationName:"account_id" type:"string" required:"true"`

    // The friendly name of the role that is assigned to the user.
    //
    // RoleName is a required field
    RoleName *string `location:"querystring" locationName:"role_name" type:"string" required:"true"`
    // contains filtered or unexported fields
}

func (GetRoleCredentialsInput) GoString

func (s GetRoleCredentialsInput) GoString() string

GoString returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

func (*GetRoleCredentialsInput) SetAccessToken

func (s *GetRoleCredentialsInput) SetAccessToken(v string) *GetRoleCredentialsInput

SetAccessToken sets the AccessToken field's value.

func (*GetRoleCredentialsInput) SetAccountId

func (s *GetRoleCredentialsInput) SetAccountId(v string) *GetRoleCredentialsInput

SetAccountId sets the AccountId field's value.

func (*GetRoleCredentialsInput) SetRoleName

func (s *GetRoleCredentialsInput) SetRoleName(v string) *GetRoleCredentialsInput

SetRoleName sets the RoleName field's value.

func (GetRoleCredentialsInput) String

func (s GetRoleCredentialsInput) String() string

String returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

func (*GetRoleCredentialsInput) Validate

func (s *GetRoleCredentialsInput) Validate() error

Validate inspects the fields of the type to determine if they are valid.

type GetRoleCredentialsOutput

type GetRoleCredentialsOutput struct {

    // The credentials for the role that is assigned to the user.
    RoleCredentials *RoleCredentials `locationName:"roleCredentials" type:"structure"`
    // contains filtered or unexported fields
}

func (GetRoleCredentialsOutput) GoString

func (s GetRoleCredentialsOutput) GoString() string

GoString returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

func (*GetRoleCredentialsOutput) SetRoleCredentials

func (s *GetRoleCredentialsOutput) SetRoleCredentials(v *RoleCredentials) *GetRoleCredentialsOutput

SetRoleCredentials sets the RoleCredentials field's value.

func (GetRoleCredentialsOutput) String

func (s GetRoleCredentialsOutput) String() string

String returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

type InvalidRequestException

type InvalidRequestException struct {
    RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`

    Message_ *string `locationName:"message" type:"string"`
    // contains filtered or unexported fields
}

Indicates that a problem occurred with the input to the request. For example, a required parameter might be missing or out of range.

func (*InvalidRequestException) Code

func (s *InvalidRequestException) Code() string

Code returns the exception type name.

func (*InvalidRequestException) Error

func (s *InvalidRequestException) Error() string

func (InvalidRequestException) GoString

func (s InvalidRequestException) GoString() string

GoString returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

func (*InvalidRequestException) Message

func (s *InvalidRequestException) Message() string

Message returns the exception's message.

func (*InvalidRequestException) OrigErr

func (s *InvalidRequestException) OrigErr() error

OrigErr always returns nil, satisfies awserr.Error interface.

func (*InvalidRequestException) RequestID

func (s *InvalidRequestException) RequestID() string

RequestID returns the service's response RequestID for request.

func (*InvalidRequestException) StatusCode

func (s *InvalidRequestException) StatusCode() int

Status code returns the HTTP status code for the request's response error.

func (InvalidRequestException) String

func (s InvalidRequestException) String() string

String returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

type ListAccountRolesInput

type ListAccountRolesInput struct {

    // The token issued by the CreateToken API call. For more information, see CreateToken
    // (https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/API_CreateToken.html)
    // in the IAM Identity Center OIDC API Reference Guide.
    //
    // AccessToken is a sensitive parameter and its value will be
    // replaced with "sensitive" in string returned by ListAccountRolesInput's
    // String and GoString methods.
    //
    // AccessToken is a required field
    AccessToken *string `location:"header" locationName:"x-amz-sso_bearer_token" type:"string" required:"true" sensitive:"true"`

    // The identifier for the AWS account that is assigned to the user.
    //
    // AccountId is a required field
    AccountId *string `location:"querystring" locationName:"account_id" type:"string" required:"true"`

    // The number of items that clients can request per page.
    MaxResults *int64 `location:"querystring" locationName:"max_result" min:"1" type:"integer"`

    // The page token from the previous response output when you request subsequent
    // pages.
    NextToken *string `location:"querystring" locationName:"next_token" type:"string"`
    // contains filtered or unexported fields
}

func (ListAccountRolesInput) GoString

func (s ListAccountRolesInput) GoString() string

GoString returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

func (*ListAccountRolesInput) SetAccessToken

func (s *ListAccountRolesInput) SetAccessToken(v string) *ListAccountRolesInput

SetAccessToken sets the AccessToken field's value.

func (*ListAccountRolesInput) SetAccountId

func (s *ListAccountRolesInput) SetAccountId(v string) *ListAccountRolesInput

SetAccountId sets the AccountId field's value.

func (*ListAccountRolesInput) SetMaxResults

func (s *ListAccountRolesInput) SetMaxResults(v int64) *ListAccountRolesInput

SetMaxResults sets the MaxResults field's value.

func (*ListAccountRolesInput) SetNextToken

func (s *ListAccountRolesInput) SetNextToken(v string) *ListAccountRolesInput

SetNextToken sets the NextToken field's value.

func (ListAccountRolesInput) String

func (s ListAccountRolesInput) String() string

String returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

func (*ListAccountRolesInput) Validate

func (s *ListAccountRolesInput) Validate() error

Validate inspects the fields of the type to determine if they are valid.

type ListAccountRolesOutput

type ListAccountRolesOutput struct {

    // The page token client that is used to retrieve the list of accounts.
    NextToken *string `locationName:"nextToken" type:"string"`

    // A paginated response with the list of roles and the next token if more results
    // are available.
    RoleList []*RoleInfo `locationName:"roleList" type:"list"`
    // contains filtered or unexported fields
}

func (ListAccountRolesOutput) GoString

func (s ListAccountRolesOutput) GoString() string

GoString returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

func (*ListAccountRolesOutput) SetNextToken

func (s *ListAccountRolesOutput) SetNextToken(v string) *ListAccountRolesOutput

SetNextToken sets the NextToken field's value.

func (*ListAccountRolesOutput) SetRoleList

func (s *ListAccountRolesOutput) SetRoleList(v []*RoleInfo) *ListAccountRolesOutput

SetRoleList sets the RoleList field's value.

func (ListAccountRolesOutput) String

func (s ListAccountRolesOutput) String() string

String returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

type ListAccountsInput

type ListAccountsInput struct {

    // The token issued by the CreateToken API call. For more information, see CreateToken
    // (https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/API_CreateToken.html)
    // in the IAM Identity Center OIDC API Reference Guide.
    //
    // AccessToken is a sensitive parameter and its value will be
    // replaced with "sensitive" in string returned by ListAccountsInput's
    // String and GoString methods.
    //
    // AccessToken is a required field
    AccessToken *string `location:"header" locationName:"x-amz-sso_bearer_token" type:"string" required:"true" sensitive:"true"`

    // This is the number of items clients can request per page.
    MaxResults *int64 `location:"querystring" locationName:"max_result" min:"1" type:"integer"`

    // (Optional) When requesting subsequent pages, this is the page token from
    // the previous response output.
    NextToken *string `location:"querystring" locationName:"next_token" type:"string"`
    // contains filtered or unexported fields
}

func (ListAccountsInput) GoString

func (s ListAccountsInput) GoString() string

GoString returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

func (*ListAccountsInput) SetAccessToken

func (s *ListAccountsInput) SetAccessToken(v string) *ListAccountsInput

SetAccessToken sets the AccessToken field's value.

func (*ListAccountsInput) SetMaxResults

func (s *ListAccountsInput) SetMaxResults(v int64) *ListAccountsInput

SetMaxResults sets the MaxResults field's value.

func (*ListAccountsInput) SetNextToken

func (s *ListAccountsInput) SetNextToken(v string) *ListAccountsInput

SetNextToken sets the NextToken field's value.

func (ListAccountsInput) String

func (s ListAccountsInput) String() string

String returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

func (*ListAccountsInput) Validate

func (s *ListAccountsInput) Validate() error

Validate inspects the fields of the type to determine if they are valid.

type ListAccountsOutput

type ListAccountsOutput struct {

    // A paginated response with the list of account information and the next token
    // if more results are available.
    AccountList []*AccountInfo `locationName:"accountList" type:"list"`

    // The page token client that is used to retrieve the list of accounts.
    NextToken *string `locationName:"nextToken" type:"string"`
    // contains filtered or unexported fields
}

func (ListAccountsOutput) GoString

func (s ListAccountsOutput) GoString() string

GoString returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

func (*ListAccountsOutput) SetAccountList

func (s *ListAccountsOutput) SetAccountList(v []*AccountInfo) *ListAccountsOutput

SetAccountList sets the AccountList field's value.

func (*ListAccountsOutput) SetNextToken

func (s *ListAccountsOutput) SetNextToken(v string) *ListAccountsOutput

SetNextToken sets the NextToken field's value.

func (ListAccountsOutput) String

func (s ListAccountsOutput) String() string

String returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

type LogoutInput

type LogoutInput struct {

    // The token issued by the CreateToken API call. For more information, see CreateToken
    // (https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/API_CreateToken.html)
    // in the IAM Identity Center OIDC API Reference Guide.
    //
    // AccessToken is a sensitive parameter and its value will be
    // replaced with "sensitive" in string returned by LogoutInput's
    // String and GoString methods.
    //
    // AccessToken is a required field
    AccessToken *string `location:"header" locationName:"x-amz-sso_bearer_token" type:"string" required:"true" sensitive:"true"`
    // contains filtered or unexported fields
}

func (LogoutInput) GoString

func (s LogoutInput) GoString() string

GoString returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

func (*LogoutInput) SetAccessToken

func (s *LogoutInput) SetAccessToken(v string) *LogoutInput

SetAccessToken sets the AccessToken field's value.

func (LogoutInput) String

func (s LogoutInput) String() string

String returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

func (*LogoutInput) Validate

func (s *LogoutInput) Validate() error

Validate inspects the fields of the type to determine if they are valid.

type LogoutOutput

type LogoutOutput struct {
    // contains filtered or unexported fields
}

func (LogoutOutput) GoString

func (s LogoutOutput) GoString() string

GoString returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

func (LogoutOutput) String

func (s LogoutOutput) String() string

String returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

type ResourceNotFoundException

type ResourceNotFoundException struct {
    RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`

    Message_ *string `locationName:"message" type:"string"`
    // contains filtered or unexported fields
}

The specified resource doesn't exist.

func (*ResourceNotFoundException) Code

func (s *ResourceNotFoundException) Code() string

Code returns the exception type name.

func (*ResourceNotFoundException) Error

func (s *ResourceNotFoundException) Error() string

func (ResourceNotFoundException) GoString

func (s ResourceNotFoundException) GoString() string

GoString returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

func (*ResourceNotFoundException) Message

func (s *ResourceNotFoundException) Message() string

Message returns the exception's message.

func (*ResourceNotFoundException) OrigErr

func (s *ResourceNotFoundException) OrigErr() error

OrigErr always returns nil, satisfies awserr.Error interface.

func (*ResourceNotFoundException) RequestID

func (s *ResourceNotFoundException) RequestID() string

RequestID returns the service's response RequestID for request.

func (*ResourceNotFoundException) StatusCode

func (s *ResourceNotFoundException) StatusCode() int

Status code returns the HTTP status code for the request's response error.

func (ResourceNotFoundException) String

func (s ResourceNotFoundException) String() string

String returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

type RoleCredentials

type RoleCredentials struct {

    // The identifier used for the temporary security credentials. For more information,
    // see Using Temporary Security Credentials to Request Access to AWS Resources
    // (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html)
    // in the AWS IAM User Guide.
    AccessKeyId *string `locationName:"accessKeyId" type:"string"`

    // The date on which temporary security credentials expire.
    Expiration *int64 `locationName:"expiration" type:"long"`

    // The key that is used to sign the request. For more information, see Using
    // Temporary Security Credentials to Request Access to AWS Resources (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html)
    // in the AWS IAM User Guide.
    //
    // SecretAccessKey is a sensitive parameter and its value will be
    // replaced with "sensitive" in string returned by RoleCredentials's
    // String and GoString methods.
    SecretAccessKey *string `locationName:"secretAccessKey" type:"string" sensitive:"true"`

    // The token used for temporary credentials. For more information, see Using
    // Temporary Security Credentials to Request Access to AWS Resources (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html)
    // in the AWS IAM User Guide.
    //
    // SessionToken is a sensitive parameter and its value will be
    // replaced with "sensitive" in string returned by RoleCredentials's
    // String and GoString methods.
    SessionToken *string `locationName:"sessionToken" type:"string" sensitive:"true"`
    // contains filtered or unexported fields
}

Provides information about the role credentials that are assigned to the user.

func (RoleCredentials) GoString

func (s RoleCredentials) GoString() string

GoString returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

func (*RoleCredentials) SetAccessKeyId

func (s *RoleCredentials) SetAccessKeyId(v string) *RoleCredentials

SetAccessKeyId sets the AccessKeyId field's value.

func (*RoleCredentials) SetExpiration

func (s *RoleCredentials) SetExpiration(v int64) *RoleCredentials

SetExpiration sets the Expiration field's value.

func (*RoleCredentials) SetSecretAccessKey

func (s *RoleCredentials) SetSecretAccessKey(v string) *RoleCredentials

SetSecretAccessKey sets the SecretAccessKey field's value.

func (*RoleCredentials) SetSessionToken

func (s *RoleCredentials) SetSessionToken(v string) *RoleCredentials

SetSessionToken sets the SessionToken field's value.

func (RoleCredentials) String

func (s RoleCredentials) String() string

String returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

type RoleInfo

type RoleInfo struct {

    // The identifier of the AWS account assigned to the user.
    AccountId *string `locationName:"accountId" type:"string"`

    // The friendly name of the role that is assigned to the user.
    RoleName *string `locationName:"roleName" type:"string"`
    // contains filtered or unexported fields
}

Provides information about the role that is assigned to the user.

func (RoleInfo) GoString

func (s RoleInfo) GoString() string

GoString returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

func (*RoleInfo) SetAccountId

func (s *RoleInfo) SetAccountId(v string) *RoleInfo

SetAccountId sets the AccountId field's value.

func (*RoleInfo) SetRoleName

func (s *RoleInfo) SetRoleName(v string) *RoleInfo

SetRoleName sets the RoleName field's value.

func (RoleInfo) String

func (s RoleInfo) String() string

String returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

type SSO

type SSO struct {
    *client.Client
}

SSO provides the API operation methods for making requests to AWS Single Sign-On. See this package's package overview docs for details on the service.

SSO methods are safe to use concurrently. It is not safe to modify mutate any of the struct's properties though.

func New

func New(p client.ConfigProvider, cfgs ...*aws.Config) *SSO

New creates a new instance of the SSO client with a session. If additional configuration is needed for the client instance use the optional aws.Config parameter to add your extra config.

Example:

mySession := session.Must(session.NewSession())

// Create a SSO client from just a session.
svc := sso.New(mySession)

// Create a SSO client with additional configuration
svc := sso.New(mySession, aws.NewConfig().WithRegion("us-west-2"))

func (*SSO) GetRoleCredentials

func (c *SSO) GetRoleCredentials(input *GetRoleCredentialsInput) (*GetRoleCredentialsOutput, error)

GetRoleCredentials API operation for AWS Single Sign-On.

Returns the STS short-term credentials for a given role name that is assigned to the user.

Returns awserr.Error for service API and SDK errors. Use runtime type assertions with awserr.Error's Code and Message methods to get detailed information about the error.

See the AWS API reference guide for AWS Single Sign-On's API operation GetRoleCredentials for usage and error information.

Returned Error Types:

  • InvalidRequestException Indicates that a problem occurred with the input to the request. For example, a required parameter might be missing or out of range.

  • UnauthorizedException Indicates that the request is not authorized. This can happen due to an invalid access token in the request.

  • TooManyRequestsException Indicates that the request is being made too frequently and is more than what the server can handle.

  • ResourceNotFoundException The specified resource doesn't exist.

See also, https://docs.aws.amazon.com/goto/WebAPI/sso-2019-06-10/GetRoleCredentials

func (*SSO) GetRoleCredentialsRequest

func (c *SSO) GetRoleCredentialsRequest(input *GetRoleCredentialsInput) (req *request.Request, output *GetRoleCredentialsOutput)

GetRoleCredentialsRequest generates a "aws/request.Request" representing the client's request for the GetRoleCredentials operation. The "output" return value will be populated with the request's response once the request completes successfully.

Use "Send" method on the returned Request to send the API call to the service. the "output" return value is not valid until after Send returns without error.

See GetRoleCredentials for more information on using the GetRoleCredentials API call, and error handling.

This method is useful when you want to inject custom logic or configuration into the SDK's request lifecycle. Such as custom headers, or retry logic.

// Example sending a request using the GetRoleCredentialsRequest method.
req, resp := client.GetRoleCredentialsRequest(params)

err := req.Send()
if err == nil { // resp is now filled
    fmt.Println(resp)
}

See also, https://docs.aws.amazon.com/goto/WebAPI/sso-2019-06-10/GetRoleCredentials

func (*SSO) GetRoleCredentialsWithContext

func (c *SSO) GetRoleCredentialsWithContext(ctx aws.Context, input *GetRoleCredentialsInput, opts ...request.Option) (*GetRoleCredentialsOutput, error)

GetRoleCredentialsWithContext is the same as GetRoleCredentials with the addition of the ability to pass a context and additional request options.

See GetRoleCredentials for details on how to use this API operation.

The context must be non-nil and will be used for request cancellation. If the context is nil a panic will occur. In the future the SDK may create sub-contexts for http.Requests. See https://golang.org/pkg/context/ for more information on using Contexts.

func (*SSO) ListAccountRoles

func (c *SSO) ListAccountRoles(input *ListAccountRolesInput) (*ListAccountRolesOutput, error)

ListAccountRoles API operation for AWS Single Sign-On.

Lists all roles that are assigned to the user for a given AWS account.

Returns awserr.Error for service API and SDK errors. Use runtime type assertions with awserr.Error's Code and Message methods to get detailed information about the error.

See the AWS API reference guide for AWS Single Sign-On's API operation ListAccountRoles for usage and error information.

Returned Error Types:

  • InvalidRequestException Indicates that a problem occurred with the input to the request. For example, a required parameter might be missing or out of range.

  • UnauthorizedException Indicates that the request is not authorized. This can happen due to an invalid access token in the request.

  • TooManyRequestsException Indicates that the request is being made too frequently and is more than what the server can handle.

  • ResourceNotFoundException The specified resource doesn't exist.

See also, https://docs.aws.amazon.com/goto/WebAPI/sso-2019-06-10/ListAccountRoles

func (*SSO) ListAccountRolesPages

func (c *SSO) ListAccountRolesPages(input *ListAccountRolesInput, fn func(*ListAccountRolesOutput, bool) bool) error

ListAccountRolesPages iterates over the pages of a ListAccountRoles operation, calling the "fn" function with the response data for each page. To stop iterating, return false from the fn function.

See ListAccountRoles method for more information on how to use this operation.

Note: This operation can generate multiple requests to a service.

// Example iterating over at most 3 pages of a ListAccountRoles operation.
pageNum := 0
err := client.ListAccountRolesPages(params,
    func(page *sso.ListAccountRolesOutput, lastPage bool) bool {
        pageNum++
        fmt.Println(page)
        return pageNum <= 3
    })

func (*SSO) ListAccountRolesPagesWithContext

func (c *SSO) ListAccountRolesPagesWithContext(ctx aws.Context, input *ListAccountRolesInput, fn func(*ListAccountRolesOutput, bool) bool, opts ...request.Option) error

ListAccountRolesPagesWithContext same as ListAccountRolesPages except it takes a Context and allows setting request options on the pages.

The context must be non-nil and will be used for request cancellation. If the context is nil a panic will occur. In the future the SDK may create sub-contexts for http.Requests. See https://golang.org/pkg/context/ for more information on using Contexts.

func (*SSO) ListAccountRolesRequest

func (c *SSO) ListAccountRolesRequest(input *ListAccountRolesInput) (req *request.Request, output *ListAccountRolesOutput)

ListAccountRolesRequest generates a "aws/request.Request" representing the client's request for the ListAccountRoles operation. The "output" return value will be populated with the request's response once the request completes successfully.

Use "Send" method on the returned Request to send the API call to the service. the "output" return value is not valid until after Send returns without error.

See ListAccountRoles for more information on using the ListAccountRoles API call, and error handling.

This method is useful when you want to inject custom logic or configuration into the SDK's request lifecycle. Such as custom headers, or retry logic.

// Example sending a request using the ListAccountRolesRequest method.
req, resp := client.ListAccountRolesRequest(params)

err := req.Send()
if err == nil { // resp is now filled
    fmt.Println(resp)
}

See also, https://docs.aws.amazon.com/goto/WebAPI/sso-2019-06-10/ListAccountRoles

func (*SSO) ListAccountRolesWithContext

func (c *SSO) ListAccountRolesWithContext(ctx aws.Context, input *ListAccountRolesInput, opts ...request.Option) (*ListAccountRolesOutput, error)

ListAccountRolesWithContext is the same as ListAccountRoles with the addition of the ability to pass a context and additional request options.

See ListAccountRoles for details on how to use this API operation.

The context must be non-nil and will be used for request cancellation. If the context is nil a panic will occur. In the future the SDK may create sub-contexts for http.Requests. See https://golang.org/pkg/context/ for more information on using Contexts.

func (*SSO) ListAccounts

func (c *SSO) ListAccounts(input *ListAccountsInput) (*ListAccountsOutput, error)

ListAccounts API operation for AWS Single Sign-On.

Lists all AWS accounts assigned to the user. These AWS accounts are assigned by the administrator of the account. For more information, see Assign User Access (https://docs.aws.amazon.com/singlesignon/latest/userguide/useraccess.html#assignusers) in the IAM Identity Center User Guide. This operation returns a paginated response.

Returns awserr.Error for service API and SDK errors. Use runtime type assertions with awserr.Error's Code and Message methods to get detailed information about the error.

See the AWS API reference guide for AWS Single Sign-On's API operation ListAccounts for usage and error information.

Returned Error Types:

  • InvalidRequestException Indicates that a problem occurred with the input to the request. For example, a required parameter might be missing or out of range.

  • UnauthorizedException Indicates that the request is not authorized. This can happen due to an invalid access token in the request.

  • TooManyRequestsException Indicates that the request is being made too frequently and is more than what the server can handle.

  • ResourceNotFoundException The specified resource doesn't exist.

See also, https://docs.aws.amazon.com/goto/WebAPI/sso-2019-06-10/ListAccounts

func (*SSO) ListAccountsPages

func (c *SSO) ListAccountsPages(input *ListAccountsInput, fn func(*ListAccountsOutput, bool) bool) error

ListAccountsPages iterates over the pages of a ListAccounts operation, calling the "fn" function with the response data for each page. To stop iterating, return false from the fn function.

See ListAccounts method for more information on how to use this operation.

Note: This operation can generate multiple requests to a service.

// Example iterating over at most 3 pages of a ListAccounts operation.
pageNum := 0
err := client.ListAccountsPages(params,
    func(page *sso.ListAccountsOutput, lastPage bool) bool {
        pageNum++
        fmt.Println(page)
        return pageNum <= 3
    })

func (*SSO) ListAccountsPagesWithContext

func (c *SSO) ListAccountsPagesWithContext(ctx aws.Context, input *ListAccountsInput, fn func(*ListAccountsOutput, bool) bool, opts ...request.Option) error

ListAccountsPagesWithContext same as ListAccountsPages except it takes a Context and allows setting request options on the pages.

The context must be non-nil and will be used for request cancellation. If the context is nil a panic will occur. In the future the SDK may create sub-contexts for http.Requests. See https://golang.org/pkg/context/ for more information on using Contexts.

func (*SSO) ListAccountsRequest

func (c *SSO) ListAccountsRequest(input *ListAccountsInput) (req *request.Request, output *ListAccountsOutput)

ListAccountsRequest generates a "aws/request.Request" representing the client's request for the ListAccounts operation. The "output" return value will be populated with the request's response once the request completes successfully.

Use "Send" method on the returned Request to send the API call to the service. the "output" return value is not valid until after Send returns without error.

See ListAccounts for more information on using the ListAccounts API call, and error handling.

This method is useful when you want to inject custom logic or configuration into the SDK's request lifecycle. Such as custom headers, or retry logic.

// Example sending a request using the ListAccountsRequest method.
req, resp := client.ListAccountsRequest(params)

err := req.Send()
if err == nil { // resp is now filled
    fmt.Println(resp)
}

See also, https://docs.aws.amazon.com/goto/WebAPI/sso-2019-06-10/ListAccounts

func (*SSO) ListAccountsWithContext

func (c *SSO) ListAccountsWithContext(ctx aws.Context, input *ListAccountsInput, opts ...request.Option) (*ListAccountsOutput, error)

ListAccountsWithContext is the same as ListAccounts with the addition of the ability to pass a context and additional request options.

See ListAccounts for details on how to use this API operation.

The context must be non-nil and will be used for request cancellation. If the context is nil a panic will occur. In the future the SDK may create sub-contexts for http.Requests. See https://golang.org/pkg/context/ for more information on using Contexts.

func (*SSO) Logout

func (c *SSO) Logout(input *LogoutInput) (*LogoutOutput, error)

Logout API operation for AWS Single Sign-On.

Removes the locally stored SSO tokens from the client-side cache and sends an API call to the IAM Identity Center service to invalidate the corresponding server-side IAM Identity Center sign in session.

If a user uses IAM Identity Center to access the AWS CLI, the user’s IAM Identity Center sign in session is used to obtain an IAM session, as specified in the corresponding IAM Identity Center permission set. More specifically, IAM Identity Center assumes an IAM role in the target account on behalf of the user, and the corresponding temporary AWS credentials are returned to the client.

After user logout, any existing IAM role sessions that were created by using IAM Identity Center permission sets continue based on the duration configured in the permission set. For more information, see User authentications (https://docs.aws.amazon.com/singlesignon/latest/userguide/authconcept.html) in the IAM Identity Center User Guide.

Returns awserr.Error for service API and SDK errors. Use runtime type assertions with awserr.Error's Code and Message methods to get detailed information about the error.

See the AWS API reference guide for AWS Single Sign-On's API operation Logout for usage and error information.

Returned Error Types:

  • InvalidRequestException Indicates that a problem occurred with the input to the request. For example, a required parameter might be missing or out of range.

  • UnauthorizedException Indicates that the request is not authorized. This can happen due to an invalid access token in the request.

  • TooManyRequestsException Indicates that the request is being made too frequently and is more than what the server can handle.

See also, https://docs.aws.amazon.com/goto/WebAPI/sso-2019-06-10/Logout

func (*SSO) LogoutRequest

func (c *SSO) LogoutRequest(input *LogoutInput) (req *request.Request, output *LogoutOutput)

LogoutRequest generates a "aws/request.Request" representing the client's request for the Logout operation. The "output" return value will be populated with the request's response once the request completes successfully.

Use "Send" method on the returned Request to send the API call to the service. the "output" return value is not valid until after Send returns without error.

See Logout for more information on using the Logout API call, and error handling.

This method is useful when you want to inject custom logic or configuration into the SDK's request lifecycle. Such as custom headers, or retry logic.

// Example sending a request using the LogoutRequest method.
req, resp := client.LogoutRequest(params)

err := req.Send()
if err == nil { // resp is now filled
    fmt.Println(resp)
}

See also, https://docs.aws.amazon.com/goto/WebAPI/sso-2019-06-10/Logout

func (*SSO) LogoutWithContext

func (c *SSO) LogoutWithContext(ctx aws.Context, input *LogoutInput, opts ...request.Option) (*LogoutOutput, error)

LogoutWithContext is the same as Logout with the addition of the ability to pass a context and additional request options.

See Logout for details on how to use this API operation.

The context must be non-nil and will be used for request cancellation. If the context is nil a panic will occur. In the future the SDK may create sub-contexts for http.Requests. See https://golang.org/pkg/context/ for more information on using Contexts.

type TooManyRequestsException

type TooManyRequestsException struct {
    RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`

    Message_ *string `locationName:"message" type:"string"`
    // contains filtered or unexported fields
}

Indicates that the request is being made too frequently and is more than what the server can handle.

func (*TooManyRequestsException) Code

func (s *TooManyRequestsException) Code() string

Code returns the exception type name.

func (*TooManyRequestsException) Error

func (s *TooManyRequestsException) Error() string

func (TooManyRequestsException) GoString

func (s TooManyRequestsException) GoString() string

GoString returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

func (*TooManyRequestsException) Message

func (s *TooManyRequestsException) Message() string

Message returns the exception's message.

func (*TooManyRequestsException) OrigErr

func (s *TooManyRequestsException) OrigErr() error

OrigErr always returns nil, satisfies awserr.Error interface.

func (*TooManyRequestsException) RequestID

func (s *TooManyRequestsException) RequestID() string

RequestID returns the service's response RequestID for request.

func (*TooManyRequestsException) StatusCode

func (s *TooManyRequestsException) StatusCode() int

Status code returns the HTTP status code for the request's response error.

func (TooManyRequestsException) String

func (s TooManyRequestsException) String() string

String returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

type UnauthorizedException

type UnauthorizedException struct {
    RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`

    Message_ *string `locationName:"message" type:"string"`
    // contains filtered or unexported fields
}

Indicates that the request is not authorized. This can happen due to an invalid access token in the request.

func (*UnauthorizedException) Code

func (s *UnauthorizedException) Code() string

Code returns the exception type name.

func (*UnauthorizedException) Error

func (s *UnauthorizedException) Error() string

func (UnauthorizedException) GoString

func (s UnauthorizedException) GoString() string

GoString returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

func (*UnauthorizedException) Message

func (s *UnauthorizedException) Message() string

Message returns the exception's message.

func (*UnauthorizedException) OrigErr

func (s *UnauthorizedException) OrigErr() error

OrigErr always returns nil, satisfies awserr.Error interface.

func (*UnauthorizedException) RequestID

func (s *UnauthorizedException) RequestID() string

RequestID returns the service's response RequestID for request.

func (*UnauthorizedException) StatusCode

func (s *UnauthorizedException) StatusCode() int

Status code returns the HTTP status code for the request's response error.

func (UnauthorizedException) String

func (s UnauthorizedException) String() string

String returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".