import type { Construct } from 'constructs';
import type { ICluster } from './cluster';
import type { AccessEntryReference, IAccessEntryRef } from './eks.generated';
import type { IResource, RemovalPolicy } from '../../core';
import { Resource } from '../../core';
/**
 * Represents an access entry in an Amazon EKS cluster.
 *
 * An access entry defines the permissions and scope for a user or role to access an Amazon EKS cluster.
 *
 * @interface IAccessEntry
 * @extends {IResource}
 * @property {string} accessEntryName - The name of the access entry.
 * @property {string} accessEntryArn - The Amazon Resource Name (ARN) of the access entry.
 */
export interface IAccessEntry extends IResource, IAccessEntryRef {
    /**
     * The name of the access entry.
     * @attribute
     */
    readonly accessEntryName: string;
    /**
     * The Amazon Resource Name (ARN) of the access entry.
     * @attribute
     */
    readonly accessEntryArn: string;
}
/**
 * Represents the attributes of an access entry.
 */
export interface AccessEntryAttributes {
    /**
     * The name of the access entry.
     */
    readonly accessEntryName: string;
    /**
     * The Amazon Resource Name (ARN) of the access entry.
     */
    readonly accessEntryArn: string;
}
/**
 * Represents the scope type of an access policy.
 *
 * The scope type determines the level of access granted by the policy.
 *
 * @export
 * @enum {string}
 */
export declare enum AccessScopeType {
    /**
     * The policy applies to a specific namespace within the cluster.
     */
    NAMESPACE = "namespace",
    /**
     * The policy applies to the entire cluster.
     */
    CLUSTER = "cluster"
}
/**
 * Represents the scope of an access policy.
 *
 * The scope defines the namespaces or cluster-level access granted by the policy.
 *
 * @interface AccessScope
 * @property {string[]} [namespaces] - The namespaces to which the policy applies, if the scope type is 'namespace'.
 * @property {AccessScopeType} type - The scope type of the policy, either 'namespace' or 'cluster'.
 */
export interface AccessScope {
    /**
     * A Kubernetes namespace that an access policy is scoped to. A value is required if you specified
     * namespace for Type.
     *
     * @default - no specific namespaces for this scope.
     */
    readonly namespaces?: string[];
    /**
     * The scope type of the policy, either 'namespace' or 'cluster'.
     */
    readonly type: AccessScopeType;
}
/**
 * Represents an Amazon EKS Access Policy ARN.
 *
 * Amazon EKS Access Policies are used to control access to Amazon EKS clusters.
 *
 * @see https://docs.aws.amazon.com/eks/latest/userguide/access-policies.html
 */
export declare class AccessPolicyArn {
    readonly policyName: string;
    /**
     * The Amazon EKS Admin Policy. This access policy includes permissions that grant an IAM principal
     * most permissions to resources. When associated to an access entry, its access scope is typically
     * one or more Kubernetes namespaces.
     */
    static readonly AMAZON_EKS_ADMIN_POLICY: AccessPolicyArn;
    /**
     * The Amazon EKS Cluster Admin Policy. This access policy includes permissions that grant an IAM
     * principal administrator access to a cluster. When associated to an access entry, its access scope
     * is typically the cluster, rather than a Kubernetes namespace.
     */
    static readonly AMAZON_EKS_CLUSTER_ADMIN_POLICY: AccessPolicyArn;
    /**
     * The Amazon EKS Admin View Policy. This access policy includes permissions that grant an IAM principal
     * access to list/view all resources in a cluster.
     */
    static readonly AMAZON_EKS_ADMIN_VIEW_POLICY: AccessPolicyArn;
    /**
     * The Amazon EKS Edit Policy. This access policy includes permissions that allow an IAM principal
     * to edit most Kubernetes resources.
     */
    static readonly AMAZON_EKS_EDIT_POLICY: AccessPolicyArn;
    /**
     * The Amazon EKS View Policy. This access policy includes permissions that grant an IAM principal
     * access to list/view all resources in a cluster.
     */
    static readonly AMAZON_EKS_VIEW_POLICY: AccessPolicyArn;
    /**
     * Creates a new instance of the AccessPolicy class with the specified policy name.
     * @param policyName The name of the access policy.
     * @returns A new instance of the AccessPolicy class.
     */
    static of(policyName: string): AccessPolicyArn;
    /**
     * The Amazon Resource Name (ARN) of the access policy.
     */
    readonly policyArn: string;
    /**
     * Constructs a new instance of the `AccessEntry` class.
     *
     * @param policyName - The name of the Amazon EKS access policy. This is used to construct the policy ARN.
     */
    constructor(policyName: string);
}
/**
 * Represents an access policy that defines the permissions and scope for a user or role to access an Amazon EKS cluster.
 *
 * @interface IAccessPolicy
 */
export interface IAccessPolicy {
    /**
     * The scope of the access policy, which determines the level of access granted.
     */
    readonly accessScope: AccessScope;
    /**
     * The access policy itself, which defines the specific permissions.
     */
    readonly policy: string;
}
/**
 * Properties for configuring an Amazon EKS Access Policy.
 */
export interface AccessPolicyProps {
    /**
     * The scope of the access policy, which determines the level of access granted.
     */
    readonly accessScope: AccessScope;
    /**
     * The access policy itself, which defines the specific permissions.
     */
    readonly policy: AccessPolicyArn;
}
/**
 * Represents the options required to create an Amazon EKS Access Policy using the `fromAccessPolicyName()` method.
 */
export interface AccessPolicyNameOptions {
    /**
     * The scope of the access policy. This determines the level of access granted by the policy.
     */
    readonly accessScopeType: AccessScopeType;
    /**
     * An optional array of Kubernetes namespaces to which the access policy applies.
     * @default - no specific namespaces for this scope
     */
    readonly namespaces?: string[];
}
/**
 * Represents an Amazon EKS Access Policy that implements the IAccessPolicy interface.
 *
 * @implements {IAccessPolicy}
 */
export declare class AccessPolicy implements IAccessPolicy {
    /**
     * Import AccessPolicy by name.
     */
    static fromAccessPolicyName(policyName: string, options: AccessPolicyNameOptions): IAccessPolicy;
    /**
     * The scope of the access policy, which determines the level of access granted.
     */
    readonly accessScope: AccessScope;
    /**
     * The access policy itself, which defines the specific permissions.
     */
    readonly policy: string;
    /**
     * Constructs a new instance of the AccessPolicy class.
     *
     * @param {AccessPolicyProps} props - The properties for configuring the access policy.
     */
    constructor(props: AccessPolicyProps);
}
/**
 * Represents the different types of access entries that can be used in an Amazon EKS cluster.
 *
 * @enum {string}
 */
export declare enum AccessEntryType {
    /**
     * Represents a standard access entry.
     * Use this type for standard IAM principals that need cluster access with policies.
     */
    STANDARD = "STANDARD",
    /**
     * Represents a Fargate Linux access entry.
     * Use this type for AWS Fargate profiles running Linux containers.
     */
    FARGATE_LINUX = "FARGATE_LINUX",
    /**
     * Represents an EC2 Linux access entry.
     * Use this type for self-managed EC2 instances running Linux that join the cluster as worker nodes.
     */
    EC2_LINUX = "EC2_LINUX",
    /**
     * Represents an EC2 Windows access entry.
     * Use this type for self-managed EC2 instances running Windows that join the cluster as worker nodes.
     */
    EC2_WINDOWS = "EC2_WINDOWS",
    /**
     * Represents an EC2 access entry for EKS Auto Mode.
     * Use this type for node roles in EKS Auto Mode clusters where AWS automatically manages
     * the compute infrastructure. This type cannot have access policies attached.
     *
     * @see https://docs.aws.amazon.com/eks/latest/userguide/eks-auto-mode.html
     */
    EC2 = "EC2",
    /**
     * Represents a Hybrid Linux access entry for EKS Hybrid Nodes.
     * Use this type for on-premises or edge infrastructure running Linux that connects
     * to your EKS cluster. This type cannot have access policies attached.
     *
     * @see https://docs.aws.amazon.com/eks/latest/userguide/hybrid-nodes.html
     */
    HYBRID_LINUX = "HYBRID_LINUX",
    /**
     * Represents a HyperPod Linux access entry for Amazon SageMaker HyperPod.
     * Use this type for SageMaker HyperPod clusters that need access to your EKS cluster
     * for distributed machine learning workloads. This type cannot have access policies attached.
     *
     * @see https://docs.aws.amazon.com/sagemaker/latest/dg/sagemaker-hyperpod.html
     */
    HYPERPOD_LINUX = "HYPERPOD_LINUX"
}
/**
 * Represents the properties required to create an Amazon EKS access entry.
 */
export interface AccessEntryProps {
    /**
     * The name of the AccessEntry.
     *
     * @default - No access entry name is provided
     */
    readonly accessEntryName?: string;
    /**
     * The type of the AccessEntry.
     *
     * @default STANDARD
     */
    readonly accessEntryType?: AccessEntryType;
    /**
     * The Amazon EKS cluster to which the access entry applies.
     */
    readonly cluster: ICluster;
    /**
     * The access policies that define the permissions and scope for the access entry.
     */
    readonly accessPolicies: IAccessPolicy[];
    /**
     * The Amazon Resource Name (ARN) of the principal (user or role) to associate the access entry with.
     */
    readonly principal: string;
    /**
     * The removal policy applied to the access entry.
     *
     * The removal policy controls what happens to the resource if it stops being managed by CloudFormation.
     * This can happen in one of three situations:
     *
     * - The resource is removed from the template, so CloudFormation stops managing it
     * - A change to the resource is made that requires it to be replaced, so CloudFormation stops managing it
     * - The stack is deleted, so CloudFormation stops managing all resources in it
     *
     * @default RemovalPolicy.DESTROY
     */
    readonly removalPolicy?: RemovalPolicy;
}
/**
 * Represents an access entry in an Amazon EKS cluster.
 *
 * An access entry defines the permissions and scope for a user or role to access an Amazon EKS cluster.
 *
 * @implements {IAccessEntry}
 */
export declare class AccessEntry extends Resource implements IAccessEntry {
    /** Uniquely identifies this class. */
    static readonly PROPERTY_INJECTION_ID: string;
    /**
     * Imports an `AccessEntry` from its attributes.
     *
     * @param scope - The parent construct.
     * @param id - The ID of the imported construct.
     * @param attrs - The attributes of the access entry to import.
     * @returns The imported access entry.
     */
    static fromAccessEntryAttributes(scope: Construct, id: string, attrs: AccessEntryAttributes): IAccessEntry;
    /**
     * The name of the access entry.
     */
    private cluster;
    private principal;
    private accessPolicies;
    private readonly accessEntryType?;
    private readonly resource;
    get accessEntryName(): string;
    get accessEntryArn(): string;
    constructor(scope: Construct, id: string, props: AccessEntryProps);
    /**
     * Add the access policies for this entry.
     * @param newAccessPolicies - The new access policies to add.
     */
    addAccessPolicies(newAccessPolicies: IAccessPolicy[]): void;
    /**
     * Validates that restricted access entry types cannot have access policies attached.
     *
     * @param accessPolicies - The access policies to validate
     * @param accessEntryType - The access entry type to check
     * @throws {ValidationError} If a restricted access entry type has access policies
     * @private
     */
    private validateAccessPoliciesForRestrictedTypes;
    get accessEntryRef(): AccessEntryReference;
}