ALIYUN::CloudSSO::UserProvision类型用于创建RAM用户同步。
语法
{
"Type": "ALIYUN::CloudSSO::UserProvision",
"Properties": {
"Description": String,
"DirectoryId": String,
"PrincipalId": String,
"TargetType": String,
"DuplicationStrategy": String,
"DeletionStrategy": String,
"PrincipalType": String,
"TargetId": String
}
}属性
属性名称 | 类型 | 必须 | 允许更新 | 描述 | 约束 |
DeletionStrategy | String | 是 | 是 | 删除策略。 | 删除RAM用户同步时,对已同步的RAM用户的处理策略。取值:
|
DirectoryId | String | 是 | 否 | 目录ID。 | 无 |
DuplicationStrategy | String | 是 | 是 | 冲突策略。 | 当云SSO用户同步到RAM时,如果RAM中存在同名用户时的处理策略。取值:
|
PrincipalId | String | 是 | 否 | RAM用户同步的身份ID。 | 取值:
|
PrincipalType | String | 是 | 否 | RAM用户同步的身份类型。 | 取值:
|
TargetId | String | 是 | 否 | RAM用户同步的目标ID。 | 目前取值为RD账号ID。 |
TargetType | String | 是 | 否 | RAM用户同步的目标类型。 | 目前取值为 |
Description | String | 否 | 是 | 描述。 | 无 |
返回值
Fn::GetAtt
UserProvisionId:RAM用户同步的ID。
示例
YAML格式
ROSTemplateFormatVersion: '2015-09-01'
Parameters:
DeletionStrategy:
AllowedValues:
- Delete
- Keep
Description:
en: 'Delete policy. The treatment strategy for the synchronized RAM users when
the RAM user synchronization is removed. Valid values:
- Delete: Delete When the RAM user synchronization is removed, the RAM users
that have been synchronized to the RAM from the cloud SSO are deleted.
- Keep: When the RAM user synchronization is removed, the RAM users that have
been synchronized to the RAM from the cloud SSO are retained.'
Required: true
Type: String
Description:
AssociationProperty: TextArea
Description:
en: The description of the user.
Required: false
Type: String
DirectoryId:
Description:
en: The ID of the directory.
Required: true
Type: String
DuplicationStrategy:
AllowedValues:
- KeepBoth
- TakeOver
Description:
en: 'Conflict policy. When the cloud SSO user is synchronized to the RAM, the
processing strategy if there is a user with the same name in the RAM. Valid
values:
- KeepBoth: Keep both of them. When the cloud SSO user is synchronized to
RAM, if the RAM already has a user with the same name, it will try to create
a RAM user with the user name after adding the suffix _sso to the user name
of the cloud SSO user.
- TakeOver: Take over. When the cloud SSO user is synchronized to the RAM,
if the RAM already has a user with the same name, the existing RAM user is
directly replaced by the cloud SSO synchronization user.'
Required: true
Type: String
PrincipalId:
Description:
en: 'The ID of the principal. Valid values:
- When the PrincipalType value is Group, the value is the cloud SSO user group
ID (g-********).
- When PrincipalType takes the value User, this value is the cloud SSO user
ID (u-********).'
Required: true
Type: String
PrincipalType:
AllowedValues:
- User
- Group
Description:
en: 'The type of the principal. Valid values:
- User: The principal is a cloud SSO user.
- Group: The principal is a cloud SSO group.'
Required: true
Type: String
TargetId:
Description:
en: Target ID for RAM user synchronization. Currently, it is the RD account
ID.
Required: true
Type: String
TargetType:
AllowedValues:
- RD-Account
Description:
en: Target type for RAM user synchronization. Currently, it is RD-Account.
Required: true
Type: String
Resources:
UserProvision:
Properties:
DeletionStrategy:
Ref: DeletionStrategy
Description:
Ref: Description
DirectoryId:
Ref: DirectoryId
DuplicationStrategy:
Ref: DuplicationStrategy
PrincipalId:
Ref: PrincipalId
PrincipalType:
Ref: PrincipalType
TargetId:
Ref: TargetId
TargetType:
Ref: TargetType
Type: ALIYUN::CloudSSO::UserProvision
Outputs:
UserProvisionId:
Description: The ID of the user provisioning.
Value:
Fn::GetAtt:
- UserProvision
- UserProvisionId
JSON格式
{
"ROSTemplateFormatVersion": "2015-09-01",
"Parameters": {
"Description": {
"AssociationProperty": "TextArea",
"Type": "String",
"Description": {
"en": "The description of the user."
},
"Required": false
},
"DirectoryId": {
"Type": "String",
"Description": {
"en": "The ID of the directory."
},
"Required": true
},
"PrincipalId": {
"Type": "String",
"Description": {
"en": "The ID of the principal. Valid values:\n- When the PrincipalType value is Group, the value is the cloud SSO user group ID (g-********).\n- When PrincipalType takes the value User, this value is the cloud SSO user ID (u-********)."
},
"Required": true
},
"TargetType": {
"Type": "String",
"Description": {
"en": "Target type for RAM user synchronization. Currently, it is RD-Account."
},
"AllowedValues": [
"RD-Account"
],
"Required": true
},
"DuplicationStrategy": {
"Type": "String",
"Description": {
"en": "Conflict policy. When the cloud SSO user is synchronized to the RAM, the processing strategy if there is a user with the same name in the RAM. Valid values:\n- KeepBoth: Keep both of them. When the cloud SSO user is synchronized to RAM, if the RAM already has a user with the same name, it will try to create a RAM user with the user name after adding the suffix _sso to the user name of the cloud SSO user.\n- TakeOver: Take over. When the cloud SSO user is synchronized to the RAM, if the RAM already has a user with the same name, the existing RAM user is directly replaced by the cloud SSO synchronization user."
},
"AllowedValues": [
"KeepBoth",
"TakeOver"
],
"Required": true
},
"DeletionStrategy": {
"Type": "String",
"Description": {
"en": "Delete policy. The treatment strategy for the synchronized RAM users when the RAM user synchronization is removed. Valid values:\n- Delete: Delete When the RAM user synchronization is removed, the RAM users that have been synchronized to the RAM from the cloud SSO are deleted.\n- Keep: When the RAM user synchronization is removed, the RAM users that have been synchronized to the RAM from the cloud SSO are retained."
},
"AllowedValues": [
"Delete",
"Keep"
],
"Required": true
},
"PrincipalType": {
"Type": "String",
"Description": {
"en": "The type of the principal. Valid values:\n- User: The principal is a cloud SSO user.\n- Group: The principal is a cloud SSO group."
},
"AllowedValues": [
"User",
"Group"
],
"Required": true
},
"TargetId": {
"Type": "String",
"Description": {
"en": "Target ID for RAM user synchronization. Currently, it is the RD account ID."
},
"Required": true
}
},
"Resources": {
"UserProvision": {
"Type": "ALIYUN::CloudSSO::UserProvision",
"Properties": {
"Description": {
"Ref": "Description"
},
"DirectoryId": {
"Ref": "DirectoryId"
},
"PrincipalId": {
"Ref": "PrincipalId"
},
"TargetType": {
"Ref": "TargetType"
},
"DuplicationStrategy": {
"Ref": "DuplicationStrategy"
},
"DeletionStrategy": {
"Ref": "DeletionStrategy"
},
"PrincipalType": {
"Ref": "PrincipalType"
},
"TargetId": {
"Ref": "TargetId"
}
}
}
},
"Outputs": {
"UserProvisionId": {
"Description": "The ID of the user provisioning.",
"Value": {
"Fn::GetAtt": [
"UserProvision",
"UserProvisionId"
]
}
}
}
}