import { Command as $Command } from "@smithy/smithy-client"; import type { MetadataBearer as __MetadataBearer } from "@smithy/types"; import type { EKSClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes } from "../EKSClient"; import type { AssociateIdentityProviderConfigRequest, AssociateIdentityProviderConfigResponse } from "../models/models_0"; /** * @public */ export type { __MetadataBearer }; export { $Command }; /** * @public * * The input for {@link AssociateIdentityProviderConfigCommand}. */ export interface AssociateIdentityProviderConfigCommandInput extends AssociateIdentityProviderConfigRequest { } /** * @public * * The output of {@link AssociateIdentityProviderConfigCommand}. */ export interface AssociateIdentityProviderConfigCommandOutput extends AssociateIdentityProviderConfigResponse, __MetadataBearer { } declare const AssociateIdentityProviderConfigCommand_base: { new (input: AssociateIdentityProviderConfigCommandInput): import("@smithy/smithy-client").CommandImpl; new (input: AssociateIdentityProviderConfigCommandInput): import("@smithy/smithy-client").CommandImpl; getEndpointParameterInstructions(): import("@smithy/middleware-endpoint").EndpointParameterInstructions; }; /** *

Associates an identity provider configuration to a cluster.

*

If you want to authenticate identities using an identity provider, you can create an * identity provider configuration and associate it to your cluster. After configuring * authentication to your cluster you can create Kubernetes Role and * ClusterRole objects, assign permissions to them, and then bind them to * the identities using Kubernetes RoleBinding and ClusterRoleBinding * objects. For more information see Using RBAC * Authorization in the Kubernetes documentation.

* @example * Use a bare-bones client and the command you need to make an API call. * ```javascript * import { EKSClient, AssociateIdentityProviderConfigCommand } from "@aws-sdk/client-eks"; // ES Modules import * // const { EKSClient, AssociateIdentityProviderConfigCommand } = require("@aws-sdk/client-eks"); // CommonJS import * // import type { EKSClientConfig } from "@aws-sdk/client-eks"; * const config = {}; // type is EKSClientConfig * const client = new EKSClient(config); * const input = { // AssociateIdentityProviderConfigRequest * clusterName: "STRING_VALUE", // required * oidc: { // OidcIdentityProviderConfigRequest * identityProviderConfigName: "STRING_VALUE", // required * issuerUrl: "STRING_VALUE", // required * clientId: "STRING_VALUE", // required * usernameClaim: "STRING_VALUE", * usernamePrefix: "STRING_VALUE", * groupsClaim: "STRING_VALUE", * groupsPrefix: "STRING_VALUE", * requiredClaims: { // requiredClaimsMap * "": "STRING_VALUE", * }, * }, * tags: { // TagMap * "": "STRING_VALUE", * }, * clientRequestToken: "STRING_VALUE", * }; * const command = new AssociateIdentityProviderConfigCommand(input); * const response = await client.send(command); * // { // AssociateIdentityProviderConfigResponse * // update: { // Update * // id: "STRING_VALUE", * // status: "InProgress" || "Failed" || "Cancelled" || "Successful", * // type: "VersionUpdate" || "EndpointAccessUpdate" || "LoggingUpdate" || "ConfigUpdate" || "AssociateIdentityProviderConfig" || "DisassociateIdentityProviderConfig" || "AssociateEncryptionConfig" || "AddonUpdate" || "VpcConfigUpdate" || "AccessConfigUpdate" || "UpgradePolicyUpdate" || "ZonalShiftConfigUpdate" || "AutoModeUpdate" || "RemoteNetworkConfigUpdate" || "DeletionProtectionUpdate" || "ControlPlaneScalingConfigUpdate" || "VendedLogsUpdate", * // params: [ // UpdateParams * // { // UpdateParam * // type: "Version" || "PlatformVersion" || "EndpointPrivateAccess" || "EndpointPublicAccess" || "ClusterLogging" || "DesiredSize" || "LabelsToAdd" || "LabelsToRemove" || "TaintsToAdd" || "TaintsToRemove" || "MaxSize" || "MinSize" || "ReleaseVersion" || "PublicAccessCidrs" || "LaunchTemplateName" || "LaunchTemplateVersion" || "IdentityProviderConfig" || "EncryptionConfig" || "AddonVersion" || "ServiceAccountRoleArn" || "ResolveConflicts" || "MaxUnavailable" || "MaxUnavailablePercentage" || "NodeRepairEnabled" || "UpdateStrategy" || "ConfigurationValues" || "SecurityGroups" || "Subnets" || "AuthenticationMode" || "PodIdentityAssociations" || "UpgradePolicy" || "ZonalShiftConfig" || "ComputeConfig" || "StorageConfig" || "KubernetesNetworkConfig" || "RemoteNetworkConfig" || "DeletionProtection" || "NodeRepairConfig" || "UpdatedTier" || "PreviousTier" || "WarmPoolEnabled" || "WarmPoolMaxGroupPreparedCapacity" || "WarmPoolMinSize" || "WarmPoolState" || "WarmPoolReuseOnScaleIn", * // value: "STRING_VALUE", * // }, * // ], * // createdAt: new Date("TIMESTAMP"), * // errors: [ // ErrorDetails * // { // ErrorDetail * // errorCode: "SubnetNotFound" || "SecurityGroupNotFound" || "EniLimitReached" || "IpNotAvailable" || "AccessDenied" || "OperationNotPermitted" || "VpcIdNotFound" || "Unknown" || "NodeCreationFailure" || "PodEvictionFailure" || "InsufficientFreeAddresses" || "ClusterUnreachable" || "InsufficientNumberOfReplicas" || "ConfigurationConflict" || "AdmissionRequestDenied" || "UnsupportedAddonModification" || "K8sResourceNotFound", * // errorMessage: "STRING_VALUE", * // resourceIds: [ // StringList * // "STRING_VALUE", * // ], * // }, * // ], * // }, * // tags: { // TagMap * // "": "STRING_VALUE", * // }, * // }; * * ``` * * @param AssociateIdentityProviderConfigCommandInput - {@link AssociateIdentityProviderConfigCommandInput} * @returns {@link AssociateIdentityProviderConfigCommandOutput} * @see {@link AssociateIdentityProviderConfigCommandInput} for command's `input` shape. * @see {@link AssociateIdentityProviderConfigCommandOutput} for command's `response` shape. * @see {@link EKSClientResolvedConfig | config} for EKSClient's `config` shape. * * @throws {@link ClientException} (client fault) *

These errors are usually caused by a client action. Actions can include using an * action or resource on behalf of an IAM principal that doesn't have permissions to use * the action or resource or specifying an identifier that is not valid.

* * @throws {@link InvalidParameterException} (client fault) *

The specified parameter is invalid. Review the available parameters for the API * request.

* * @throws {@link InvalidRequestException} (client fault) *

The request is invalid given the state of the cluster. Check the state of the cluster * and the associated operations.

* * @throws {@link ResourceInUseException} (client fault) *

The specified resource is in use.

* * @throws {@link ResourceNotFoundException} (client fault) *

The specified resource could not be found. You can view your available clusters with * ListClusters. You can view your available managed node groups with * ListNodegroups. Amazon EKS clusters and node groups are Amazon Web Services Region * specific.

* * @throws {@link ServerException} (server fault) *

These errors are usually caused by a server-side issue.

* * @throws {@link ThrottlingException} (client fault) *

The request or operation couldn't be performed because a service is throttling * requests.

* * @throws {@link EKSServiceException} *

Base exception class for all service exceptions from EKS service.

* * * @public */ export declare class AssociateIdentityProviderConfigCommand extends AssociateIdentityProviderConfigCommand_base { /** @internal type navigation helper, not in runtime. */ protected static __types: { api: { input: AssociateIdentityProviderConfigRequest; output: AssociateIdentityProviderConfigResponse; }; sdk: { input: AssociateIdentityProviderConfigCommandInput; output: AssociateIdentityProviderConfigCommandOutput; }; }; }