AWS cli documentation change
Summary
Restructured authentication parameters, added SAML configuration status field, reordered fields, updated constraints, and adjusted CLI version reference.
Security assessment
The changes primarily reorganize parameters and add a 'status' field to indicate SAML configuration completeness, which improves security visibility but doesn't fix a specific vulnerability. The pattern constraint update for workspace-ID (removing anchors) appears to be a documentation refinement without security impact. No CVE or security advisory is referenced.
Diff
diff --git a/cli/latest/reference/grafana/update-workspace-authentication.md b/cli/latest/reference/grafana/update-workspace-authentication.md index 4a362dc83..c318f08c2 100644 --- a//cli/latest/reference/grafana/update-workspace-authentication.md +++ b//cli/latest/reference/grafana/update-workspace-authentication.md @@ -15 +15 @@ - * [AWS CLI 2.33.22 Command Reference](../../index.html) » + * [AWS CLI 2.33.25 Command Reference](../../index.html) » @@ -70,0 +71 @@ See also: [AWS API Documentation](https://docs.aws.amazon.com/goto/WebAPI/grafan + --workspace-id <value> @@ -73 +73,0 @@ See also: [AWS API Documentation](https://docs.aws.amazon.com/goto/WebAPI/grafan - --workspace-id <value> @@ -97,0 +98,10 @@ See also: [AWS API Documentation](https://docs.aws.amazon.com/goto/WebAPI/grafan +`--workspace-id` (string) [required] + +> The ID of the workspace to update the authentication for. +> +> Constraints: +> +> * pattern: `g-[0-9a-f]{10}` +> + + @@ -121 +131 @@ Syntax: -> allowedOrganizations -> (list) +> idpMetadata -> (tagged union structure) [required] @@ -123 +133 @@ Syntax: ->> Lists which organizations defined in the SAML assertion are allowed to use the Amazon Managed Grafana workspace. If this is empty, all organizations in the assertion attribute have access. +>> A structure containing the identity provider (IdP) metadata used to integrate the identity provider with this workspace. @@ -125 +135,5 @@ Syntax: ->> (string) +>> ### Note +>> +>> This is a Tagged Union structure. Only one of the following top level keys can be set: `url`, `xml`. +>> +>> url -> (string) @@ -126,0 +141,2 @@ Syntax: +>>> The URL of the location containing the IdP metadata. +>>> @@ -130 +146 @@ Syntax: ->>> * max: `256` +>>> * max: `2048` @@ -132,0 +149,4 @@ Syntax: +>> +>> xml -> (string) +>> +>>> The full IdP metadata, in XML format. @@ -138,12 +158 @@ Syntax: ->> email -> (string) ->> ->>> The name of the attribute within the SAML assertion to use as the email names for SAML users. ->>> ->>> Constraints: ->>> ->>> * min: `1` ->>> * max: `256` ->>> - ->> ->> groups -> (string) +>> name -> (string) @@ -151 +160 @@ Syntax: ->>> The name of the attribute within the SAML assertion to use as the user full “friendly” names for user groups. +>>> The name of the attribute within the SAML assertion to use as the user full “friendly” names for SAML users. @@ -171 +180 @@ Syntax: ->> name -> (string) +>> email -> (string) @@ -173 +182 @@ Syntax: ->>> The name of the attribute within the SAML assertion to use as the user full “friendly” names for SAML users. +>>> The name of the attribute within the SAML assertion to use as the email names for SAML users. @@ -182 +191 @@ Syntax: ->> org -> (string) +>> groups -> (string) @@ -184 +193 @@ Syntax: ->>> The name of the attribute within the SAML assertion to use as the user full “friendly” names for the users’ organizations. +>>> The name of the attribute within the SAML assertion to use as the user full “friendly” names for user groups. @@ -203,6 +211,0 @@ Syntax: -> -> idpMetadata -> (tagged union structure) [required] -> ->> A structure containing the identity provider (IdP) metadata used to integrate the identity provider with this workspace. ->> ->> ### Note @@ -210,3 +213 @@ Syntax: ->> This is a Tagged Union structure. Only one of the following top level keys can be set: `url`, `xml`. ->> ->> url -> (string) +>> org -> (string) @@ -214 +215 @@ Syntax: ->>> The URL of the location containing the IdP metadata. +>>> The name of the attribute within the SAML assertion to use as the user full “friendly” names for the users’ organizations. @@ -219 +220 @@ Syntax: ->>> * max: `2048` +>>> * max: `256` @@ -222,8 +222,0 @@ Syntax: ->> ->> xml -> (string) ->> ->>> The full IdP metadata, in XML format. -> -> loginValidityDuration -> (integer) -> ->> How long a sign-on session by a SAML user is valid, before the user has to sign on again. @@ -235 +228 @@ Syntax: ->> admin -> (list) +>> editor -> (list) @@ -237 +230 @@ Syntax: ->>> A list of groups from the SAML assertion attribute to grant the Grafana `Admin` role to. +>>> A list of groups from the SAML assertion attribute to grant the Grafana `Editor` role to. @@ -248 +241 @@ Syntax: ->> editor -> (list) +>> admin -> (list) @@ -250 +243 @@ Syntax: ->>> A list of groups from the SAML assertion attribute to grant the Grafana `Editor` role to. +>>> A list of groups from the SAML assertion attribute to grant the Grafana `Admin` role to. @@ -259,0 +253,17 @@ Syntax: +> +> allowedOrganizations -> (list) +> +>> Lists which organizations defined in the SAML assertion are allowed to use the Amazon Managed Grafana workspace. If this is empty, all organizations in the assertion attribute have access. +>> +>> (string) +>> +>>> Constraints: +>>> +>>> * min: `1` +>>> * max: `256` +>>> + +> +> loginValidityDuration -> (integer) +> +>> How long a sign-on session by a SAML user is valid, before the user has to sign on again. @@ -264 +274 @@ Shorthand Syntax: - allowedOrganizations=string,string,assertionAttributes={email=string,groups=string,login=string,name=string,org=string,role=string},idpMetadata={url=string,xml=string},loginValidityDuration=integer,roleValues={admin=[string,string],editor=[string,string]} + idpMetadata={url=string,xml=string},assertionAttributes={name=string,login=string,email=string,groups=string,role=string,org=string},roleValues={editor=[string,string],admin=[string,string]},allowedOrganizations=string,string,loginValidityDuration=integer @@ -271,9 +280,0 @@ JSON Syntax: - "allowedOrganizations": ["string", ...], - "assertionAttributes": { - "email": "string", - "groups": "string", - "login": "string", - "name": "string", - "org": "string", - "role": "string" - }, @@ -284 +285,8 @@ JSON Syntax: - "loginValidityDuration": integer, + "assertionAttributes": { + "name": "string", + "login": "string", + "email": "string", + "groups": "string", + "role": "string", + "org": "string" + }, @@ -286,3 +294,5 @@ JSON Syntax: - "admin": ["string", ...], - "editor": ["string", ...] - } + "editor": ["string", ...], + "admin": ["string", ...] + }, + "allowedOrganizations": ["string", ...], + "loginValidityDuration": integer @@ -292,10 +301,0 @@ JSON Syntax: -`--workspace-id` (string) [required] - -> The ID of the workspace to update the authentication for. -> -> Constraints: -> -> * pattern: `^g-[0-9a-f]{10}$` -> - - @@ -405,8 +404,0 @@ authentication -> (structure) -> awsSso -> (structure) -> ->> A structure containing information about how this workspace works with IAM Identity Center. ->> ->> ssoClientId -> (string) ->> ->>> The ID of the IAM Identity Center-managed application that is created by Amazon Managed Grafana. -> @@ -428,0 +421,11 @@ authentication -> (structure) +>> +>> status -> (string) [required] +>> +>>> Specifies whether the workspace’s SAML configuration is complete. +>>> +>>> Possible values: +>>> +>>> * `CONFIGURED` +>>> * `NOT_CONFIGURED` +>>> + @@ -434 +437 @@ authentication -> (structure) ->>> allowedOrganizations -> (list) +>>> idpMetadata -> (tagged union structure) [required] @@ -436 +439 @@ authentication -> (structure)