import type { Construct } from 'constructs';
import type { IGroup } from './group';
import type { IUserRef, UserReference } from './iam.generated';
import type { IIdentity } from './identity-base';
import type { IManagedPolicy } from './managed-policy';
import { Policy } from './policy';
import type { PolicyStatement } from './policy-statement';
import type { AddToPrincipalPolicyResult, IPrincipal, PrincipalPolicyFragment } from './principals';
import type { SecretValue } from '../../core';
import { Resource } from '../../core';
/**
 * Represents an IAM user
 *
 * @see https://docs.aws.amazon.com/IAM/latest/UserGuide/id_users.html
 */
export interface IUser extends IIdentity, IUserRef {
    /**
     * The user's name
     * @attribute
     */
    readonly userName: string;
    /**
     * The user's ARN
     * @attribute
     */
    readonly userArn: string;
    /**
     * Adds this user to a group.
     */
    addToGroup(group: IGroup): void;
}
/**
 * Properties for defining an IAM user
 */
export interface UserProps {
    /**
     * Groups to add this user to. You can also use `addToGroup` to add this
     * user to a group.
     *
     * @default - No groups.
     */
    readonly groups?: IGroup[];
    /**
     * A list of managed policies associated with this role.
     *
     * You can add managed policies later using
     * `addManagedPolicy(ManagedPolicy.fromAwsManagedPolicyName(policyName))`.
     *
     * @default - No managed policies.
     */
    readonly managedPolicies?: IManagedPolicy[];
    /**
     * The path for the user name. For more information about paths, see IAM
     * Identifiers in the IAM User Guide.
     *
     * @default /
     */
    readonly path?: string;
    /**
     * AWS supports permissions boundaries for IAM entities (users or roles).
     * A permissions boundary is an advanced feature for using a managed policy
     * to set the maximum permissions that an identity-based policy can grant to
     * an IAM entity. An entity's permissions boundary allows it to perform only
     * the actions that are allowed by both its identity-based policies and its
     * permissions boundaries.
     *
     * @link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-role.html#cfn-iam-role-permissionsboundary
     * @link https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html
     *
     * @default - No permissions boundary.
     */
    readonly permissionsBoundary?: IManagedPolicy;
    /**
     * A name for the IAM user. For valid values, see the UserName parameter for
     * the CreateUser action in the IAM API Reference. If you don't specify a
     * name, AWS CloudFormation generates a unique physical ID and uses that ID
     * for the user name.
     *
     * If you specify a name, you cannot perform updates that require
     * replacement of this resource. You can perform updates that require no or
     * some interruption. If you must replace the resource, specify a new name.
     *
     * If you specify a name, you must specify the CAPABILITY_NAMED_IAM value to
     * acknowledge your template's capabilities. For more information, see
     * Acknowledging IAM Resources in AWS CloudFormation Templates.
     *
     * @default - Generated by CloudFormation (recommended)
     */
    readonly userName?: string;
    /**
     * The password for the user. This is required so the user can access the
     * AWS Management Console.
     *
     * You can use `SecretValue.unsafePlainText` to specify a password in plain text or
     * use `secretsmanager.Secret.fromSecretAttributes` to reference a secret in
     * Secrets Manager.
     *
     * @default - User won't be able to access the management console without a password.
     */
    readonly password?: SecretValue;
    /**
     * Specifies whether the user is required to set a new password the next
     * time the user logs in to the AWS Management Console.
     *
     * If this is set to 'true', you must also specify "initialPassword".
     *
     * @default false
     */
    readonly passwordResetRequired?: boolean;
}
/**
 * Represents a user defined outside of this stack.
 */
export interface UserAttributes {
    /**
     * The ARN of the user.
     *
     * Format: arn:<partition>:iam::<account-id>:user/<user-name-with-path>
     */
    readonly userArn: string;
}
/**
 * Define a new IAM user
 */
export declare class User extends Resource implements IIdentity, IUser {
    /**
     * Uniquely identifies this class.
     */
    static readonly PROPERTY_INJECTION_ID: string;
    /**
     * Import an existing user given a username.
     *
     * @param scope construct scope
     * @param id construct id
     * @param userName the username of the existing user to import
     */
    static fromUserName(scope: Construct, id: string, userName: string): IUser;
    /**
     * Import an existing user given a user ARN.
     *
     * If the ARN comes from a Token, the User cannot have a path; if so, any attempt
     * to reference its username will fail.
     *
     * @param scope construct scope
     * @param id construct id
     * @param userArn the ARN of an existing user to import
     */
    static fromUserArn(scope: Construct, id: string, userArn: string): IUser;
    /**
     * Import an existing user given user attributes.
     *
     * If the ARN comes from a Token, the User cannot have a path; if so, any attempt
     * to reference its username will fail.
     *
     * @param scope construct scope
     * @param id construct id
     * @param attrs the attributes of the user to import
     */
    static fromUserAttributes(scope: Construct, id: string, attrs: UserAttributes): IUser;
    readonly grantPrincipal: IPrincipal;
    readonly principalAccount: string | undefined;
    readonly assumeRoleAction: string;
    /**
     * The CfnUser resource
     */
    private readonly _resource;
    /**
     * An attribute that represents the user name.
     * @attribute
     */
    get userName(): string;
    /**
     * An attribute that represents the user's ARN.
     * @attribute
     */
    get userArn(): string;
    /**
     * Returns the permissions boundary attached  to this user
     */
    readonly permissionsBoundary?: IManagedPolicy;
    readonly policyFragment: PrincipalPolicyFragment;
    private readonly groups;
    private readonly managedPolicies;
    private readonly attachedPolicies;
    private defaultPolicy?;
    private readonly _path?;
    constructor(scope: Construct, id: string, props?: UserProps);
    get userRef(): UserReference;
    /**
     * Adds this user to a group.
     */
    addToGroup(group: IGroup): void;
    /**
     * Attaches a managed policy to the user.
     * @param policy The managed policy to attach.
     */
    addManagedPolicy(policy: IManagedPolicy): void;
    /**
     * Attaches a policy to this user.
     */
    attachInlinePolicy(policy: Policy): void;
    /**
     * Adds an IAM statement to the default policy.
     *
     * @returns true
     */
    addToPrincipalPolicy(statement: PolicyStatement): AddToPrincipalPolicyResult;
    addToPolicy(statement: PolicyStatement): boolean;
    private parseLoginProfile;
}