/* eslint-disable */
/**
 * This file was automatically generated by json-schema-to-typescript.
 * DO NOT MODIFY IT BY HAND. Instead, modify the source JSONSchema file,
 * and run json-schema-to-typescript to regenerate this file.
 */

/**
 * Valid workspace authentication providers.
 */
export type AuthenticationProviderTypes = "AWS_SSO" | "SAML";
/**
 * Valid SAML configuration statuses.
 */
export type SamlConfigurationStatus = "CONFIGURED" | "NOT_CONFIGURED";
/**
 * These enums represent the status of a workspace.
 */
export type WorkspaceStatus =
  | "ACTIVE"
  | "CREATING"
  | "DELETING"
  | "FAILED"
  | "UPDATING"
  | "UPGRADING"
  | "DELETION_FAILED"
  | "CREATION_FAILED"
  | "UPDATE_FAILED"
  | "UPGRADE_FAILED"
  | "LICENSE_REMOVAL_FAILED";
/**
 * These enums represent valid account access types. Specifically these enums determine whether the workspace can access AWS resources in the AWS account only, or whether it can also access resources in other accounts in the same organization. If the value CURRENT_ACCOUNT is used, a workspace role ARN must be provided. If the value is ORGANIZATION, a list of organizational units must be provided.
 */
export type AccountAccessType = "CURRENT_ACCOUNT" | "ORGANIZATION";
/**
 * These enums represent valid permission types to use when creating or configuring a Grafana workspace. The SERVICE_MANAGED permission type means the Managed Grafana service will create a workspace IAM role on your behalf. The CUSTOMER_MANAGED permission type means that the customer is expected to provide an IAM role that the Grafana workspace can use to query data sources.
 */
export type PermissionType = "CUSTOMER_MANAGED" | "SERVICE_MANAGED";
/**
 * These enums represent valid AWS data sources that can be queried via the Grafana workspace. These data sources are primarily used to help customers visualize which data sources have been added to a service managed workspace IAM role.
 */
export type DataSourceType =
  | "AMAZON_OPENSEARCH_SERVICE"
  | "CLOUDWATCH"
  | "PROMETHEUS"
  | "XRAY"
  | "TIMESTREAM"
  | "SITEWISE"
  | "ATHENA"
  | "REDSHIFT";
/**
 * These enums represent valid AWS notification destinations that the Grafana workspace has permission to use. These notification destinations are primarily used to help customers visualize which destinations have been added to a service managed IAM role.
 */
export type NotificationDestinationType = "SNS";

/**
 * Definition of AWS::Grafana::Workspace Resource Type
 */
export interface AwsGrafanaWorkspace {
  /**
   * List of authentication providers to enable.
   *
   * @minItems 1
   */
  AuthenticationProviders?: [AuthenticationProviderTypes, ...AuthenticationProviderTypes[]];
  /**
   * The client ID of the AWS SSO Managed Application.
   */
  SsoClientId?: string;
  SamlConfiguration?: SamlConfiguration;
  VpcConfiguration?: VpcConfiguration;
  SamlConfigurationStatus?: SamlConfigurationStatus;
  /**
   * A unique, case-sensitive, user-provided identifier to ensure the idempotency of the request.
   */
  ClientToken?: string;
  Status?: WorkspaceStatus;
  /**
   * Timestamp when the workspace was created.
   */
  CreationTimestamp?: string;
  /**
   * Timestamp when the workspace was last modified
   */
  ModificationTimestamp?: string;
  /**
   * Version of Grafana the workspace is currently using.
   */
  GrafanaVersion?: string;
  /**
   * Endpoint for the Grafana workspace.
   */
  Endpoint?: string;
  AccountAccessType?: AccountAccessType;
  /**
   * The name of an IAM role that already exists to use with AWS Organizations to access AWS data sources and notification channels in other accounts in an organization.
   */
  OrganizationRoleName?: string;
  PermissionType?: PermissionType;
  /**
   * The name of the AWS CloudFormation stack set to use to generate IAM roles to be used for this workspace.
   */
  StackSetName?: string;
  /**
   * List of data sources on the service managed IAM role.
   */
  DataSources?: DataSourceType[];
  /**
   * Description of a workspace.
   */
  Description?: string;
  /**
   * The id that uniquely identifies a Grafana workspace.
   */
  Id?: string;
  /**
   * The user friendly name of a workspace.
   */
  Name?: string;
  /**
   * List of notification destinations on the customers service managed IAM role that the Grafana workspace can query.
   */
  NotificationDestinations?: NotificationDestinationType[];
  /**
   * List of Organizational Units containing AWS accounts the Grafana workspace can pull data from.
   */
  OrganizationalUnits?: string[];
  /**
   * IAM Role that will be used to grant the Grafana workspace access to a customers AWS resources.
   */
  RoleArn?: string;
}
/**
 * SAML configuration data associated with an AMG workspace.
 */
export interface SamlConfiguration {
  IdpMetadata: IdpMetadata;
  AssertionAttributes?: AssertionAttributes;
  RoleValues?: RoleValues;
  /**
   * List of SAML organizations allowed to access Grafana.
   */
  AllowedOrganizations?: string[];
  /**
   * The maximum lifetime an authenticated user can be logged in (in minutes) before being required to re-authenticate.
   */
  LoginValidityDuration?: number;
}
/**
 * IdP Metadata used to configure SAML authentication in Grafana.
 */
export interface IdpMetadata {
  /**
   * URL that vends the IdPs metadata.
   */
  Url?: string;
  /**
   * XML blob of the IdPs metadata.
   */
  Xml?: string;
}
/**
 * Maps Grafana friendly names to the IdPs SAML attributes.
 */
export interface AssertionAttributes {
  /**
   * Name of the attribute within the SAML assert to use as the users name in Grafana.
   */
  Name?: string;
  /**
   * Name of the attribute within the SAML assert to use as the users login handle in Grafana.
   */
  Login?: string;
  /**
   * Name of the attribute within the SAML assert to use as the users email in Grafana.
   */
  Email?: string;
  /**
   * Name of the attribute within the SAML assert to use as the users groups in Grafana.
   */
  Groups?: string;
  /**
   * Name of the attribute within the SAML assert to use as the users roles in Grafana.
   */
  Role?: string;
  /**
   * Name of the attribute within the SAML assert to use as the users organizations in Grafana.
   */
  Org?: string;
}
/**
 * Maps SAML roles to the Grafana Editor and Admin roles.
 */
export interface RoleValues {
  /**
   * List of SAML roles which will be mapped into the Grafana Editor role.
   */
  Editor?: string[];
  /**
   * List of SAML roles which will be mapped into the Grafana Admin role.
   */
  Admin?: string[];
}
/**
 * The configuration settings for an Amazon VPC that contains data sources for your Grafana workspace to connect to.
 */
export interface VpcConfiguration {
  /**
   * The list of Amazon EC2 security group IDs attached to the Amazon VPC for your Grafana workspace to connect.
   *
   * @minItems 1
   * @maxItems 5
   */
  SecurityGroupIds:
    | [string]
    | [string, string]
    | [string, string, string]
    | [string, string, string, string]
    | [string, string, string, string, string];
  /**
   * The list of Amazon EC2 subnet IDs created in the Amazon VPC for your Grafana workspace to connect.
   *
   * @minItems 2
   * @maxItems 6
   */
  SubnetIds:
    | [string, string]
    | [string, string, string]
    | [string, string, string, string]
    | [string, string, string, string, string]
    | [string, string, string, string, string, string];
}