feat(client-sagemaker): Introduced Scope and AuthenticationRequestExtraParams to SageMaker Workforce OIDC configuration; this allows customers to modify these options for their private Workforce IdP integration. Model Registry Cross-account model package groups are discoverable.

Author: awstools

clients/client-sagemaker/src/commands/CreateWorkforceCommand.ts

@@ -70,6 +70,10 @@ export interface CreateWorkforceCommandOutput extends CreateWorkforceResponse, _
  *     UserInfoEndpoint: "STRING_VALUE", // required
  *     LogoutEndpoint: "STRING_VALUE", // required
  *     JwksUri: "STRING_VALUE", // required
+ *     Scope: "STRING_VALUE",
+ *     AuthenticationRequestExtraParams: { // AuthenticationRequestExtraParams
+ *       "<keys>": "STRING_VALUE",
+ *     },
  *   },
  *   SourceIpConfig: { // SourceIpConfig
  *     Cidrs: [ // Cidrs // required

clients/client-sagemaker/src/commands/DescribeWorkforceCommand.ts

@@ -68,6 +68,10 @@ export interface DescribeWorkforceCommandOutput extends DescribeWorkforceRespons
  * //       UserInfoEndpoint: "STRING_VALUE",
  * //       LogoutEndpoint: "STRING_VALUE",
  * //       JwksUri: "STRING_VALUE",
+ * //       Scope: "STRING_VALUE",
+ * //       AuthenticationRequestExtraParams: { // AuthenticationRequestExtraParams
+ * //         "<keys>": "STRING_VALUE",
+ * //       },
  * //     },
  * //     CreateDate: new Date("TIMESTAMP"),
  * //     WorkforceVpcConfig: { // WorkforceVpcConfigResponse

clients/client-sagemaker/src/commands/ListModelPackageGroupsCommand.ts

@@ -43,6 +43,7 @@ export interface ListModelPackageGroupsCommandOutput extends ListModelPackageGro
  *   NextToken: "STRING_VALUE",
  *   SortBy: "Name" || "CreationTime",
  *   SortOrder: "Ascending" || "Descending",
+ *   CrossAccountFilterOption: "SameAccount" || "CrossAccount",
  * };
  * const command = new ListModelPackageGroupsCommand(input);
  * const response = await client.send(command);

clients/client-sagemaker/src/commands/ListWorkforcesCommand.ts

@@ -69,6 +69,10 @@ export interface ListWorkforcesCommandOutput extends ListWorkforcesResponse, __M
  * //         UserInfoEndpoint: "STRING_VALUE",
  * //         LogoutEndpoint: "STRING_VALUE",
  * //         JwksUri: "STRING_VALUE",
+ * //         Scope: "STRING_VALUE",
+ * //         AuthenticationRequestExtraParams: { // AuthenticationRequestExtraParams
+ * //           "<keys>": "STRING_VALUE",
+ * //         },
  * //       },
  * //       CreateDate: new Date("TIMESTAMP"),
  * //       WorkforceVpcConfig: { // WorkforceVpcConfigResponse

clients/client-sagemaker/src/commands/UpdateWorkforceCommand.ts

@@ -80,6 +80,10 @@ export interface UpdateWorkforceCommandOutput extends UpdateWorkforceResponse, _
  *     UserInfoEndpoint: "STRING_VALUE", // required
  *     LogoutEndpoint: "STRING_VALUE", // required
  *     JwksUri: "STRING_VALUE", // required
+ *     Scope: "STRING_VALUE",
+ *     AuthenticationRequestExtraParams: { // AuthenticationRequestExtraParams
+ *       "<keys>": "STRING_VALUE",
+ *     },
  *   },
  *   WorkforceVpcConfig: { // WorkforceVpcConfigRequest
  *     VpcId: "STRING_VALUE",
@@ -116,6 +120,10 @@ export interface UpdateWorkforceCommandOutput extends UpdateWorkforceResponse, _
  * //       UserInfoEndpoint: "STRING_VALUE",
  * //       LogoutEndpoint: "STRING_VALUE",
  * //       JwksUri: "STRING_VALUE",
+ * //       Scope: "STRING_VALUE",
+ * //       AuthenticationRequestExtraParams: { // AuthenticationRequestExtraParams
+ * //         "<keys>": "STRING_VALUE",
+ * //       },
  * //     },
  * //     CreateDate: new Date("TIMESTAMP"),
  * //     WorkforceVpcConfig: { // WorkforceVpcConfigResponse

clients/client-sagemaker/src/models/models_2.ts

@@ -1428,6 +1428,18 @@ export interface OidcConfig {
    * @public
    */
   JwksUri: string | undefined;
+
+  /**
+   * <p>An array of string identifiers used to refer to the specific pieces of user data or claims that the client application wants to access.</p>
+   * @public
+   */
+  Scope?: string;
+
+  /**
+   * <p>A string to string map of identifiers specific to the custom identity provider (IdP) being used.</p>
+   * @public
+   */
+  AuthenticationRequestExtraParams?: Record<string, string>;
 }
 
 /**

clients/client-sagemaker/src/models/models_3.ts

@@ -85,6 +85,7 @@ import {
 } from "./models_1";
 
 import {
+  CrossAccountFilterOption,
   CustomizedMetricSpecification,
   DataCaptureConfigSummary,
   DataProcessing,
@@ -2240,6 +2241,18 @@ export interface OidcConfigForResponse {
    * @public
    */
   JwksUri?: string;
+
+  /**
+   * <p>An array of string identifiers used to refer to the specific pieces of user data or claims that the client application wants to access.</p>
+   * @public
+   */
+  Scope?: string;
+
+  /**
+   * <p>A string to string map of identifiers specific to the custom identity provider (IdP) being used.</p>
+   * @public
+   */
+  AuthenticationRequestExtraParams?: Record<string, string>;
 }
 
 /**
@@ -10010,6 +10023,16 @@ export interface ListModelPackageGroupsInput {
    * @public
    */
   SortOrder?: SortOrder;
+
+  /**
+   * <p>A filter that returns either model groups shared with you or model groups in
+   * 	  your own account. When the value is <code>CrossAccount</code>, the results show
+   * 	  the resources made discoverable to you from other accounts. When the value is
+   *           <code>SameAccount</code> or <code>null</code>, the results show resources from your
+   *  	  account. The default is <code>SameAccount</code>.</p>
+   * @public
+   */
+  CrossAccountFilterOption?: CrossAccountFilterOption;
 }
 
 /**

clients/client-sagemaker/src/protocols/Aws_json1_1.ts

@@ -12572,6 +12572,8 @@ const de_ResourceNotFoundRes = async (parsedOutput: any, context: __SerdeContext
 
 // se_AttributeNames omitted.
 
+// se_AuthenticationRequestExtraParams omitted.
+
 // se_AutoMLAlgorithmConfig omitted.
 
 // se_AutoMLAlgorithms omitted.
@@ -14504,6 +14506,7 @@ const se_ListModelPackageGroupsInput = (input: ListModelPackageGroupsInput, cont
   return take(input, {
     CreationTimeAfter: (_) => _.getTime() / 1_000,
     CreationTimeBefore: (_) => _.getTime() / 1_000,
+    CrossAccountFilterOption: [],
     MaxResults: [],
     NameContains: [],
     NextToken: [],
@@ -16348,6 +16351,19 @@ const de_AttributeNames = (output: any, context: __SerdeContext): string[] => {
   return retVal;
 };
 
+/**
+ * deserializeAws_json1_1AuthenticationRequestExtraParams
+ */
+const de_AuthenticationRequestExtraParams = (output: any, context: __SerdeContext): Record<string, string> => {
+  return Object.entries(output).reduce((acc: Record<string, string>, [key, value]: [string, any]) => {
+    if (value === null) {
+      return acc;
+    }
+    acc[key as string] = __expectString(value) as any;
+    return acc;
+  }, {} as Record<string, string>);
+};
+
 /**
  * deserializeAws_json1_1AutoMLAlgorithmConfig
  */
@@ -25274,11 +25290,13 @@ const de_OfflineStoreStatus = (output: any, context: __SerdeContext): OfflineSto
  */
 const de_OidcConfigForResponse = (output: any, context: __SerdeContext): OidcConfigForResponse => {
   return take(output, {
+    AuthenticationRequestExtraParams: (_: any) => de_AuthenticationRequestExtraParams(_, context),
     AuthorizationEndpoint: __expectString,
     ClientId: __expectString,
     Issuer: __expectString,
     JwksUri: __expectString,
     LogoutEndpoint: __expectString,
+    Scope: __expectString,
     TokenEndpoint: __expectString,
     UserInfoEndpoint: __expectString,
   }) as any;

codegen/sdk-codegen/aws-models/sagemaker.json

@@ -2847,6 +2847,41 @@
         }
       }
     },
+    "com.amazonaws.sagemaker#AuthenticationRequestExtraParams": {
+      "type": "map",
+      "key": {
+        "target": "com.amazonaws.sagemaker#AuthenticationRequestExtraParamsKey"
+      },
+      "value": {
+        "target": "com.amazonaws.sagemaker#AuthenticationRequestExtraParamsValue"
+      },
+      "traits": {
+        "smithy.api#length": {
+          "min": 0,
+          "max": 10
+        }
+      }
+    },
+    "com.amazonaws.sagemaker#AuthenticationRequestExtraParamsKey": {
+      "type": "string",
+      "traits": {
+        "smithy.api#length": {
+          "min": 0,
+          "max": 512
+        },
+        "smithy.api#pattern": ".*"
+      }
+    },
+    "com.amazonaws.sagemaker#AuthenticationRequestExtraParamsValue": {
+      "type": "string",
+      "traits": {
+        "smithy.api#length": {
+          "min": 0,
+          "max": 512
+        },
+        "smithy.api#pattern": ".*"
+      }
+    },
     "com.amazonaws.sagemaker#AutoGenerateEndpointName": {
       "type": "boolean"
     },
@@ -39525,6 +39560,12 @@
           "traits": {
             "smithy.api#documentation": "<p>The sort order for results. The default is <code>Ascending</code>.</p>"
           }
+        },
+        "CrossAccountFilterOption": {
+          "target": "com.amazonaws.sagemaker#CrossAccountFilterOption",
+          "traits": {
+            "smithy.api#documentation": "<p>A filter that returns either model groups shared with you or model groups in\n\t  your own account. When the value is <code>CrossAccount</code>, the results show\n\t  the resources made discoverable to you from other accounts. When the value is\n          <code>SameAccount</code> or <code>null</code>, the results show resources from your\n \t  account. The default is <code>SameAccount</code>.</p>"
+          }
         }
       },
       "traits": {
@@ -47568,6 +47609,18 @@
             "smithy.api#documentation": "<p>The OIDC IdP JSON Web Key Set (Jwks) URI used to configure your private workforce.</p>",
             "smithy.api#required": {}
           }
+        },
+        "Scope": {
+          "target": "com.amazonaws.sagemaker#Scope",
+          "traits": {
+            "smithy.api#documentation": "<p>An array of string identifiers used to refer to the specific pieces of user data or claims that the client application wants to access.</p>"
+          }
+        },
+        "AuthenticationRequestExtraParams": {
+          "target": "com.amazonaws.sagemaker#AuthenticationRequestExtraParams",
+          "traits": {
+            "smithy.api#documentation": "<p>A string to string map of identifiers specific to the custom identity provider (IdP) being used.</p>"
+          }
         }
       },
       "traits": {
@@ -47618,6 +47671,18 @@
           "traits": {
             "smithy.api#documentation": "<p>The OIDC IdP JSON Web Key Set (Jwks) URI used to configure your private workforce.</p>"
           }
+        },
+        "Scope": {
+          "target": "com.amazonaws.sagemaker#Scope",
+          "traits": {
+            "smithy.api#documentation": "<p>An array of string identifiers used to refer to the specific pieces of user data or claims that the client application wants to access.</p>"
+          }
+        },
+        "AuthenticationRequestExtraParams": {
+          "target": "com.amazonaws.sagemaker#AuthenticationRequestExtraParams",
+          "traits": {
+            "smithy.api#documentation": "<p>A string to string map of identifiers specific to the custom identity provider (IdP) being used.</p>"
+          }
         }
       },
       "traits": {
@@ -57007,6 +57072,16 @@
         }
       }
     },
+    "com.amazonaws.sagemaker#Scope": {
+      "type": "string",
+      "traits": {
+        "smithy.api#length": {
+          "min": 0,
+          "max": 1024
+        },
+        "smithy.api#pattern": "^[!#-\\[\\]-~]+( [!#-\\[\\]-~]+)*$"
+      }
+    },
     "com.amazonaws.sagemaker#Search": {
       "type": "operation",
       "input": {