import { IResolvable, Stack, StackProps } from 'aws-cdk-lib';
import { Construct } from 'constructs';
import { AccountConfig, GroupConfig, SsoProps } from './aws-org';
export interface PermissionSetOptions {
    /**
       * The description of the `PermissionSet` .
       *
       * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sso-permissionset.html#cfn-sso-permissionset-description
       */
    readonly description?: string;
    /**
     * The IAM inline policy that is attached to the permission set.
     *
     * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sso-permissionset.html#cfn-sso-permissionset-inlinepolicy
     */
    readonly inlinePolicy?: any | IResolvable;
    /**
     * A structure that stores the details of the IAM managed policy.
     *
     * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sso-permissionset.html#cfn-sso-permissionset-managedpolicies
     */
    readonly managedPolicies?: string[];
    /**
     * The length of time that the application user sessions are valid for in the ISO-8601 standard.
     *
     * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sso-permissionset.html#cfn-sso-permissionset-sessionduration
     */
    readonly sessionDuration?: string;
    /**
     * Used to redirect users within the application during the federation authentication process.
     *
     * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sso-permissionset.html#cfn-sso-permissionset-relaystatetype
     */
    readonly relayStateType?: string;
}
export interface SsoPermissionConfig<T extends string, S extends string> {
    readonly groupPermissions: AccountConfig<T, GroupConfig<S, string[]>>;
    /**
     * optional configuration options for the Admin permission set
     *
     * @default `AdministratorAccess` with 8 hours session duration
     */
    readonly adminSetOptions?: PermissionSetOptions;
    /**
     * optional configuration options for the ReadOnly permission set
     *
     * @default `ReadOnlyAccess` with 8 hours session duration
     */
    readonly readOnlySetOptions?: PermissionSetOptions;
    /**
     * optional configuration options for the Admin permission set
     *
     * @default `ReadOnlyAccess` and `job-function/Billing` with 8 hours session duration
     */
    readonly billingSetOptions?: PermissionSetOptions;
    /**
     * add more permission sets here besides Admin, Billing, and ReadOnly
     */
    readonly permissionSets?: {
        [name: string]: PermissionSetOptions;
    };
    /**
     * Collection of group - permission set assignments for every new account
     *
     * Use this to grant your admins permissions for every account directly after creation
     */
    readonly defaultAssignmentsForNewAccount?: {
        readonly groupName: S;
        readonly permissionSetName: string;
    }[];
}
export type SsoPermissionStackProps<T extends string, S extends string> = SsoProps<T, S> & SsoPermissionConfig<T, S> & StackProps;
export declare class SsoPermissionStack<T extends string, S extends string> extends Stack {
    private permissionSets;
    constructor(scope: Construct, id: string, props: SsoPermissionStackProps<T, S>);
}