ALIYUN::CloudSSO::UserProvision类型用于创建RAM用户同步。
语法
{
"Type": "ALIYUN::CloudSSO::UserProvision",
"Properties": {
"Description": String,
"DirectoryId": String,
"PrincipalId": String,
"TargetType": String,
"DuplicationStrategy": String,
"DeletionStrategy": String,
"PrincipalType": String,
"TargetId": String
}
}
属性
属性名称 | 类型 | 必须 | 允许更新 | 描述 | 约束 |
Description | String | 否 | 是 | 描述。 | 无 |
DirectoryId | String | 是 | 否 | 目录ID。 | 无 |
PrincipalId | String | 是 | 否 | RAM用户同步的身份ID。 | 取值:
|
TargetType | String | 是 | 否 | RAM用户同步的目标类型。 | 目前取值为 |
DuplicationStrategy | String | 是 | 是 | 冲突策略。 | 当云SSO用户同步到RAM时,如果RAM中存在同名用户时的处理策略。取值:
|
DeletionStrategy | String | 是 | 是 | 删除策略。 | 删除RAM用户同步时,对已同步的RAM用户的处理策略。取值:
|
PrincipalType | String | 是 | 否 | RAM用户同步的身份类型。 | 取值:
|
TargetId | String | 是 | 否 | RAM用户同步的目标ID。 | 目前取值为RD账号ID。 |
返回值
Fn::GetAtt
UserProvisionId:RAM用户同步的ID。
示例
YAML
格式ROSTemplateFormatVersion: '2015-09-01' Parameters: DeletionStrategy: AllowedValues: - Delete - Keep Description: en: 'Delete policy. The treatment strategy for the synchronized RAM users when the RAM user synchronization is removed. Valid values: - Delete: Delete When the RAM user synchronization is removed, the RAM users that have been synchronized to the RAM from the cloud SSO are deleted. - Keep: When the RAM user synchronization is removed, the RAM users that have been synchronized to the RAM from the cloud SSO are retained.' Required: true Type: String Description: AssociationProperty: TextArea Description: en: The description of the user. Required: false Type: String DirectoryId: Description: en: The ID of the directory. Required: true Type: String DuplicationStrategy: AllowedValues: - KeepBoth - TakeOver Description: en: 'Conflict policy. When the cloud SSO user is synchronized to the RAM, the processing strategy if there is a user with the same name in the RAM. Valid values: - KeepBoth: Keep both of them. When the cloud SSO user is synchronized to RAM, if the RAM already has a user with the same name, it will try to create a RAM user with the user name after adding the suffix _sso to the user name of the cloud SSO user. - TakeOver: Take over. When the cloud SSO user is synchronized to the RAM, if the RAM already has a user with the same name, the existing RAM user is directly replaced by the cloud SSO synchronization user.' Required: true Type: String PrincipalId: Description: en: 'The ID of the principal. Valid values: - When the PrincipalType value is Group, the value is the cloud SSO user group ID (g-********). - When PrincipalType takes the value User, this value is the cloud SSO user ID (u-********).' Required: true Type: String PrincipalType: AllowedValues: - User - Group Description: en: 'The type of the principal. Valid values: - User: The principal is a cloud SSO user. - Group: The principal is a cloud SSO group.' Required: true Type: String TargetId: Description: en: Target ID for RAM user synchronization. Currently, it is the RD account ID. Required: true Type: String TargetType: AllowedValues: - RD-Account Description: en: Target type for RAM user synchronization. Currently, it is RD-Account. Required: true Type: String Resources: UserProvision: Properties: DeletionStrategy: Ref: DeletionStrategy Description: Ref: Description DirectoryId: Ref: DirectoryId DuplicationStrategy: Ref: DuplicationStrategy PrincipalId: Ref: PrincipalId PrincipalType: Ref: PrincipalType TargetId: Ref: TargetId TargetType: Ref: TargetType Type: ALIYUN::CloudSSO::UserProvision Outputs: UserProvisionId: Description: The ID of the user provisioning. Value: Fn::GetAtt: - UserProvision - UserProvisionId
JSON
格式{ "ROSTemplateFormatVersion": "2015-09-01", "Parameters": { "Description": { "AssociationProperty": "TextArea", "Type": "String", "Description": { "en": "The description of the user." }, "Required": false }, "DirectoryId": { "Type": "String", "Description": { "en": "The ID of the directory." }, "Required": true }, "PrincipalId": { "Type": "String", "Description": { "en": "The ID of the principal. Valid values:\n- When the PrincipalType value is Group, the value is the cloud SSO user group ID (g-********).\n- When PrincipalType takes the value User, this value is the cloud SSO user ID (u-********)." }, "Required": true }, "TargetType": { "Type": "String", "Description": { "en": "Target type for RAM user synchronization. Currently, it is RD-Account." }, "AllowedValues": [ "RD-Account" ], "Required": true }, "DuplicationStrategy": { "Type": "String", "Description": { "en": "Conflict policy. When the cloud SSO user is synchronized to the RAM, the processing strategy if there is a user with the same name in the RAM. Valid values:\n- KeepBoth: Keep both of them. When the cloud SSO user is synchronized to RAM, if the RAM already has a user with the same name, it will try to create a RAM user with the user name after adding the suffix _sso to the user name of the cloud SSO user.\n- TakeOver: Take over. When the cloud SSO user is synchronized to the RAM, if the RAM already has a user with the same name, the existing RAM user is directly replaced by the cloud SSO synchronization user." }, "AllowedValues": [ "KeepBoth", "TakeOver" ], "Required": true }, "DeletionStrategy": { "Type": "String", "Description": { "en": "Delete policy. The treatment strategy for the synchronized RAM users when the RAM user synchronization is removed. Valid values:\n- Delete: Delete When the RAM user synchronization is removed, the RAM users that have been synchronized to the RAM from the cloud SSO are deleted.\n- Keep: When the RAM user synchronization is removed, the RAM users that have been synchronized to the RAM from the cloud SSO are retained." }, "AllowedValues": [ "Delete", "Keep" ], "Required": true }, "PrincipalType": { "Type": "String", "Description": { "en": "The type of the principal. Valid values:\n- User: The principal is a cloud SSO user.\n- Group: The principal is a cloud SSO group." }, "AllowedValues": [ "User", "Group" ], "Required": true }, "TargetId": { "Type": "String", "Description": { "en": "Target ID for RAM user synchronization. Currently, it is the RD account ID." }, "Required": true } }, "Resources": { "UserProvision": { "Type": "ALIYUN::CloudSSO::UserProvision", "Properties": { "Description": { "Ref": "Description" }, "DirectoryId": { "Ref": "DirectoryId" }, "PrincipalId": { "Ref": "PrincipalId" }, "TargetType": { "Ref": "TargetType" }, "DuplicationStrategy": { "Ref": "DuplicationStrategy" }, "DeletionStrategy": { "Ref": "DeletionStrategy" }, "PrincipalType": { "Ref": "PrincipalType" }, "TargetId": { "Ref": "TargetId" } } } }, "Outputs": { "UserProvisionId": { "Description": "The ID of the user provisioning.", "Value": { "Fn::GetAtt": [ "UserProvision", "UserProvisionId" ] } } } }
- 本页导读 (1)