aws-sdk-verifiedpermissions 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -0,0 +1,1938 @@
1
+ # frozen_string_literal: true
2
+
3
+ # WARNING ABOUT GENERATED CODE
4
+ #
5
+ # This file is generated. See the contributing guide for more information:
6
+ # https://github.com/aws/aws-sdk-ruby/blob/version-3/CONTRIBUTING.md
7
+ #
8
+ # WARNING ABOUT GENERATED CODE
9
+
10
+ require 'seahorse/client/plugins/content_length.rb'
11
+ require 'aws-sdk-core/plugins/credentials_configuration.rb'
12
+ require 'aws-sdk-core/plugins/logging.rb'
13
+ require 'aws-sdk-core/plugins/param_converter.rb'
14
+ require 'aws-sdk-core/plugins/param_validator.rb'
15
+ require 'aws-sdk-core/plugins/user_agent.rb'
16
+ require 'aws-sdk-core/plugins/helpful_socket_errors.rb'
17
+ require 'aws-sdk-core/plugins/retry_errors.rb'
18
+ require 'aws-sdk-core/plugins/global_configuration.rb'
19
+ require 'aws-sdk-core/plugins/regional_endpoint.rb'
20
+ require 'aws-sdk-core/plugins/endpoint_discovery.rb'
21
+ require 'aws-sdk-core/plugins/endpoint_pattern.rb'
22
+ require 'aws-sdk-core/plugins/response_paging.rb'
23
+ require 'aws-sdk-core/plugins/stub_responses.rb'
24
+ require 'aws-sdk-core/plugins/idempotency_token.rb'
25
+ require 'aws-sdk-core/plugins/jsonvalue_converter.rb'
26
+ require 'aws-sdk-core/plugins/client_metrics_plugin.rb'
27
+ require 'aws-sdk-core/plugins/client_metrics_send_plugin.rb'
28
+ require 'aws-sdk-core/plugins/transfer_encoding.rb'
29
+ require 'aws-sdk-core/plugins/http_checksum.rb'
30
+ require 'aws-sdk-core/plugins/checksum_algorithm.rb'
31
+ require 'aws-sdk-core/plugins/defaults_mode.rb'
32
+ require 'aws-sdk-core/plugins/recursion_detection.rb'
33
+ require 'aws-sdk-core/plugins/sign.rb'
34
+ require 'aws-sdk-core/plugins/protocols/json_rpc.rb'
35
+
36
+ Aws::Plugins::GlobalConfiguration.add_identifier(:verifiedpermissions)
37
+
38
+ module Aws::VerifiedPermissions
39
+ # An API client for VerifiedPermissions. To construct a client, you need to configure a `:region` and `:credentials`.
40
+ #
41
+ # client = Aws::VerifiedPermissions::Client.new(
42
+ # region: region_name,
43
+ # credentials: credentials,
44
+ # # ...
45
+ # )
46
+ #
47
+ # For details on configuring region and credentials see
48
+ # the [developer guide](/sdk-for-ruby/v3/developer-guide/setup-config.html).
49
+ #
50
+ # See {#initialize} for a full list of supported configuration options.
51
+ class Client < Seahorse::Client::Base
52
+
53
+ include Aws::ClientStubs
54
+
55
+ @identifier = :verifiedpermissions
56
+
57
+ set_api(ClientApi::API)
58
+
59
+ add_plugin(Seahorse::Client::Plugins::ContentLength)
60
+ add_plugin(Aws::Plugins::CredentialsConfiguration)
61
+ add_plugin(Aws::Plugins::Logging)
62
+ add_plugin(Aws::Plugins::ParamConverter)
63
+ add_plugin(Aws::Plugins::ParamValidator)
64
+ add_plugin(Aws::Plugins::UserAgent)
65
+ add_plugin(Aws::Plugins::HelpfulSocketErrors)
66
+ add_plugin(Aws::Plugins::RetryErrors)
67
+ add_plugin(Aws::Plugins::GlobalConfiguration)
68
+ add_plugin(Aws::Plugins::RegionalEndpoint)
69
+ add_plugin(Aws::Plugins::EndpointDiscovery)
70
+ add_plugin(Aws::Plugins::EndpointPattern)
71
+ add_plugin(Aws::Plugins::ResponsePaging)
72
+ add_plugin(Aws::Plugins::StubResponses)
73
+ add_plugin(Aws::Plugins::IdempotencyToken)
74
+ add_plugin(Aws::Plugins::JsonvalueConverter)
75
+ add_plugin(Aws::Plugins::ClientMetricsPlugin)
76
+ add_plugin(Aws::Plugins::ClientMetricsSendPlugin)
77
+ add_plugin(Aws::Plugins::TransferEncoding)
78
+ add_plugin(Aws::Plugins::HttpChecksum)
79
+ add_plugin(Aws::Plugins::ChecksumAlgorithm)
80
+ add_plugin(Aws::Plugins::DefaultsMode)
81
+ add_plugin(Aws::Plugins::RecursionDetection)
82
+ add_plugin(Aws::Plugins::Sign)
83
+ add_plugin(Aws::Plugins::Protocols::JsonRpc)
84
+ add_plugin(Aws::VerifiedPermissions::Plugins::Endpoints)
85
+
86
+ # @overload initialize(options)
87
+ # @param [Hash] options
88
+ # @option options [required, Aws::CredentialProvider] :credentials
89
+ # Your AWS credentials. This can be an instance of any one of the
90
+ # following classes:
91
+ #
92
+ # * `Aws::Credentials` - Used for configuring static, non-refreshing
93
+ # credentials.
94
+ #
95
+ # * `Aws::SharedCredentials` - Used for loading static credentials from a
96
+ # shared file, such as `~/.aws/config`.
97
+ #
98
+ # * `Aws::AssumeRoleCredentials` - Used when you need to assume a role.
99
+ #
100
+ # * `Aws::AssumeRoleWebIdentityCredentials` - Used when you need to
101
+ # assume a role after providing credentials via the web.
102
+ #
103
+ # * `Aws::SSOCredentials` - Used for loading credentials from AWS SSO using an
104
+ # access token generated from `aws login`.
105
+ #
106
+ # * `Aws::ProcessCredentials` - Used for loading credentials from a
107
+ # process that outputs to stdout.
108
+ #
109
+ # * `Aws::InstanceProfileCredentials` - Used for loading credentials
110
+ # from an EC2 IMDS on an EC2 instance.
111
+ #
112
+ # * `Aws::ECSCredentials` - Used for loading credentials from
113
+ # instances running in ECS.
114
+ #
115
+ # * `Aws::CognitoIdentityCredentials` - Used for loading credentials
116
+ # from the Cognito Identity service.
117
+ #
118
+ # When `:credentials` are not configured directly, the following
119
+ # locations will be searched for credentials:
120
+ #
121
+ # * `Aws.config[:credentials]`
122
+ # * The `:access_key_id`, `:secret_access_key`, and `:session_token` options.
123
+ # * ENV['AWS_ACCESS_KEY_ID'], ENV['AWS_SECRET_ACCESS_KEY']
124
+ # * `~/.aws/credentials`
125
+ # * `~/.aws/config`
126
+ # * EC2/ECS IMDS instance profile - When used by default, the timeouts
127
+ # are very aggressive. Construct and pass an instance of
128
+ # `Aws::InstanceProfileCredentails` or `Aws::ECSCredentials` to
129
+ # enable retries and extended timeouts. Instance profile credential
130
+ # fetching can be disabled by setting ENV['AWS_EC2_METADATA_DISABLED']
131
+ # to true.
132
+ #
133
+ # @option options [required, String] :region
134
+ # The AWS region to connect to. The configured `:region` is
135
+ # used to determine the service `:endpoint`. When not passed,
136
+ # a default `:region` is searched for in the following locations:
137
+ #
138
+ # * `Aws.config[:region]`
139
+ # * `ENV['AWS_REGION']`
140
+ # * `ENV['AMAZON_REGION']`
141
+ # * `ENV['AWS_DEFAULT_REGION']`
142
+ # * `~/.aws/credentials`
143
+ # * `~/.aws/config`
144
+ #
145
+ # @option options [String] :access_key_id
146
+ #
147
+ # @option options [Boolean] :active_endpoint_cache (false)
148
+ # When set to `true`, a thread polling for endpoints will be running in
149
+ # the background every 60 secs (default). Defaults to `false`.
150
+ #
151
+ # @option options [Boolean] :adaptive_retry_wait_to_fill (true)
152
+ # Used only in `adaptive` retry mode. When true, the request will sleep
153
+ # until there is sufficent client side capacity to retry the request.
154
+ # When false, the request will raise a `RetryCapacityNotAvailableError` and will
155
+ # not retry instead of sleeping.
156
+ #
157
+ # @option options [Boolean] :client_side_monitoring (false)
158
+ # When `true`, client-side metrics will be collected for all API requests from
159
+ # this client.
160
+ #
161
+ # @option options [String] :client_side_monitoring_client_id ("")
162
+ # Allows you to provide an identifier for this client which will be attached to
163
+ # all generated client side metrics. Defaults to an empty string.
164
+ #
165
+ # @option options [String] :client_side_monitoring_host ("127.0.0.1")
166
+ # Allows you to specify the DNS hostname or IPv4 or IPv6 address that the client
167
+ # side monitoring agent is running on, where client metrics will be published via UDP.
168
+ #
169
+ # @option options [Integer] :client_side_monitoring_port (31000)
170
+ # Required for publishing client metrics. The port that the client side monitoring
171
+ # agent is running on, where client metrics will be published via UDP.
172
+ #
173
+ # @option options [Aws::ClientSideMonitoring::Publisher] :client_side_monitoring_publisher (Aws::ClientSideMonitoring::Publisher)
174
+ # Allows you to provide a custom client-side monitoring publisher class. By default,
175
+ # will use the Client Side Monitoring Agent Publisher.
176
+ #
177
+ # @option options [Boolean] :convert_params (true)
178
+ # When `true`, an attempt is made to coerce request parameters into
179
+ # the required types.
180
+ #
181
+ # @option options [Boolean] :correct_clock_skew (true)
182
+ # Used only in `standard` and adaptive retry modes. Specifies whether to apply
183
+ # a clock skew correction and retry requests with skewed client clocks.
184
+ #
185
+ # @option options [String] :defaults_mode ("legacy")
186
+ # See {Aws::DefaultsModeConfiguration} for a list of the
187
+ # accepted modes and the configuration defaults that are included.
188
+ #
189
+ # @option options [Boolean] :disable_host_prefix_injection (false)
190
+ # Set to true to disable SDK automatically adding host prefix
191
+ # to default service endpoint when available.
192
+ #
193
+ # @option options [String] :endpoint
194
+ # The client endpoint is normally constructed from the `:region`
195
+ # option. You should only configure an `:endpoint` when connecting
196
+ # to test or custom endpoints. This should be a valid HTTP(S) URI.
197
+ #
198
+ # @option options [Integer] :endpoint_cache_max_entries (1000)
199
+ # Used for the maximum size limit of the LRU cache storing endpoints data
200
+ # for endpoint discovery enabled operations. Defaults to 1000.
201
+ #
202
+ # @option options [Integer] :endpoint_cache_max_threads (10)
203
+ # Used for the maximum threads in use for polling endpoints to be cached, defaults to 10.
204
+ #
205
+ # @option options [Integer] :endpoint_cache_poll_interval (60)
206
+ # When :endpoint_discovery and :active_endpoint_cache is enabled,
207
+ # Use this option to config the time interval in seconds for making
208
+ # requests fetching endpoints information. Defaults to 60 sec.
209
+ #
210
+ # @option options [Boolean] :endpoint_discovery (false)
211
+ # When set to `true`, endpoint discovery will be enabled for operations when available.
212
+ #
213
+ # @option options [Aws::Log::Formatter] :log_formatter (Aws::Log::Formatter.default)
214
+ # The log formatter.
215
+ #
216
+ # @option options [Symbol] :log_level (:info)
217
+ # The log level to send messages to the `:logger` at.
218
+ #
219
+ # @option options [Logger] :logger
220
+ # The Logger instance to send log messages to. If this option
221
+ # is not set, logging will be disabled.
222
+ #
223
+ # @option options [Integer] :max_attempts (3)
224
+ # An integer representing the maximum number attempts that will be made for
225
+ # a single request, including the initial attempt. For example,
226
+ # setting this value to 5 will result in a request being retried up to
227
+ # 4 times. Used in `standard` and `adaptive` retry modes.
228
+ #
229
+ # @option options [String] :profile ("default")
230
+ # Used when loading credentials from the shared credentials file
231
+ # at HOME/.aws/credentials. When not specified, 'default' is used.
232
+ #
233
+ # @option options [Proc] :retry_backoff
234
+ # A proc or lambda used for backoff. Defaults to 2**retries * retry_base_delay.
235
+ # This option is only used in the `legacy` retry mode.
236
+ #
237
+ # @option options [Float] :retry_base_delay (0.3)
238
+ # The base delay in seconds used by the default backoff function. This option
239
+ # is only used in the `legacy` retry mode.
240
+ #
241
+ # @option options [Symbol] :retry_jitter (:none)
242
+ # A delay randomiser function used by the default backoff function.
243
+ # Some predefined functions can be referenced by name - :none, :equal, :full,
244
+ # otherwise a Proc that takes and returns a number. This option is only used
245
+ # in the `legacy` retry mode.
246
+ #
247
+ # @see https://www.awsarchitectureblog.com/2015/03/backoff.html
248
+ #
249
+ # @option options [Integer] :retry_limit (3)
250
+ # The maximum number of times to retry failed requests. Only
251
+ # ~ 500 level server errors and certain ~ 400 level client errors
252
+ # are retried. Generally, these are throttling errors, data
253
+ # checksum errors, networking errors, timeout errors, auth errors,
254
+ # endpoint discovery, and errors from expired credentials.
255
+ # This option is only used in the `legacy` retry mode.
256
+ #
257
+ # @option options [Integer] :retry_max_delay (0)
258
+ # The maximum number of seconds to delay between retries (0 for no limit)
259
+ # used by the default backoff function. This option is only used in the
260
+ # `legacy` retry mode.
261
+ #
262
+ # @option options [String] :retry_mode ("legacy")
263
+ # Specifies which retry algorithm to use. Values are:
264
+ #
265
+ # * `legacy` - The pre-existing retry behavior. This is default value if
266
+ # no retry mode is provided.
267
+ #
268
+ # * `standard` - A standardized set of retry rules across the AWS SDKs.
269
+ # This includes support for retry quotas, which limit the number of
270
+ # unsuccessful retries a client can make.
271
+ #
272
+ # * `adaptive` - An experimental retry mode that includes all the
273
+ # functionality of `standard` mode along with automatic client side
274
+ # throttling. This is a provisional mode that may change behavior
275
+ # in the future.
276
+ #
277
+ #
278
+ # @option options [String] :sdk_ua_app_id
279
+ # A unique and opaque application ID that is appended to the
280
+ # User-Agent header as app/<sdk_ua_app_id>. It should have a
281
+ # maximum length of 50.
282
+ #
283
+ # @option options [String] :secret_access_key
284
+ #
285
+ # @option options [String] :session_token
286
+ #
287
+ # @option options [Boolean] :simple_json (false)
288
+ # Disables request parameter conversion, validation, and formatting.
289
+ # Also disable response data type conversions. This option is useful
290
+ # when you want to ensure the highest level of performance by
291
+ # avoiding overhead of walking request parameters and response data
292
+ # structures.
293
+ #
294
+ # When `:simple_json` is enabled, the request parameters hash must
295
+ # be formatted exactly as the DynamoDB API expects.
296
+ #
297
+ # @option options [Boolean] :stub_responses (false)
298
+ # Causes the client to return stubbed responses. By default
299
+ # fake responses are generated and returned. You can specify
300
+ # the response data to return or errors to raise by calling
301
+ # {ClientStubs#stub_responses}. See {ClientStubs} for more information.
302
+ #
303
+ # ** Please note ** When response stubbing is enabled, no HTTP
304
+ # requests are made, and retries are disabled.
305
+ #
306
+ # @option options [Aws::TokenProvider] :token_provider
307
+ # A Bearer Token Provider. This can be an instance of any one of the
308
+ # following classes:
309
+ #
310
+ # * `Aws::StaticTokenProvider` - Used for configuring static, non-refreshing
311
+ # tokens.
312
+ #
313
+ # * `Aws::SSOTokenProvider` - Used for loading tokens from AWS SSO using an
314
+ # access token generated from `aws login`.
315
+ #
316
+ # When `:token_provider` is not configured directly, the `Aws::TokenProviderChain`
317
+ # will be used to search for tokens configured for your profile in shared configuration files.
318
+ #
319
+ # @option options [Boolean] :use_dualstack_endpoint
320
+ # When set to `true`, dualstack enabled endpoints (with `.aws` TLD)
321
+ # will be used if available.
322
+ #
323
+ # @option options [Boolean] :use_fips_endpoint
324
+ # When set to `true`, fips compatible endpoints will be used if available.
325
+ # When a `fips` region is used, the region is normalized and this config
326
+ # is set to `true`.
327
+ #
328
+ # @option options [Boolean] :validate_params (true)
329
+ # When `true`, request parameters are validated before
330
+ # sending the request.
331
+ #
332
+ # @option options [Aws::VerifiedPermissions::EndpointProvider] :endpoint_provider
333
+ # The endpoint provider used to resolve endpoints. Any object that responds to `#resolve_endpoint(parameters)` where `parameters` is a Struct similar to `Aws::VerifiedPermissions::EndpointParameters`
334
+ #
335
+ # @option options [URI::HTTP,String] :http_proxy A proxy to send
336
+ # requests through. Formatted like 'http://proxy.com:123'.
337
+ #
338
+ # @option options [Float] :http_open_timeout (15) The number of
339
+ # seconds to wait when opening a HTTP session before raising a
340
+ # `Timeout::Error`.
341
+ #
342
+ # @option options [Float] :http_read_timeout (60) The default
343
+ # number of seconds to wait for response data. This value can
344
+ # safely be set per-request on the session.
345
+ #
346
+ # @option options [Float] :http_idle_timeout (5) The number of
347
+ # seconds a connection is allowed to sit idle before it is
348
+ # considered stale. Stale connections are closed and removed
349
+ # from the pool before making a request.
350
+ #
351
+ # @option options [Float] :http_continue_timeout (1) The number of
352
+ # seconds to wait for a 100-continue response before sending the
353
+ # request body. This option has no effect unless the request has
354
+ # "Expect" header set to "100-continue". Defaults to `nil` which
355
+ # disables this behaviour. This value can safely be set per
356
+ # request on the session.
357
+ #
358
+ # @option options [Float] :ssl_timeout (nil) Sets the SSL timeout
359
+ # in seconds.
360
+ #
361
+ # @option options [Boolean] :http_wire_trace (false) When `true`,
362
+ # HTTP debug output will be sent to the `:logger`.
363
+ #
364
+ # @option options [Boolean] :ssl_verify_peer (true) When `true`,
365
+ # SSL peer certificates are verified when establishing a
366
+ # connection.
367
+ #
368
+ # @option options [String] :ssl_ca_bundle Full path to the SSL
369
+ # certificate authority bundle file that should be used when
370
+ # verifying peer certificates. If you do not pass
371
+ # `:ssl_ca_bundle` or `:ssl_ca_directory` the the system default
372
+ # will be used if available.
373
+ #
374
+ # @option options [String] :ssl_ca_directory Full path of the
375
+ # directory that contains the unbundled SSL certificate
376
+ # authority files for verifying peer certificates. If you do
377
+ # not pass `:ssl_ca_bundle` or `:ssl_ca_directory` the the
378
+ # system default will be used if available.
379
+ #
380
+ def initialize(*args)
381
+ super
382
+ end
383
+
384
+ # @!group API Operations
385
+
386
+ # Creates a reference to an Amazon Cognito user pool as an external
387
+ # identity provider (IdP).
388
+ #
389
+ # After you create an identity source, you can use the identities
390
+ # provided by the IdP as proxies for the principal in authorization
391
+ # queries that use the [IsAuthorizedWithToken][1] operation. These
392
+ # identities take the form of tokens that contain claims about the user,
393
+ # such as IDs, attributes and group memberships. Amazon Cognito provides
394
+ # both identity tokens and access tokens, and Verified Permissions can
395
+ # use either or both. Any combination of identity and access tokens
396
+ # results in the same Cedar principal. Verified Permissions
397
+ # automatically translates the information about the identities into the
398
+ # standard Cedar attributes that can be evaluated by your policies.
399
+ # Because the Amazon Cognito identity and access tokens can contain
400
+ # different information, the tokens you choose to use determine which
401
+ # principal attributes are available to access when evaluating Cedar
402
+ # policies.
403
+ #
404
+ # If you delete a Amazon Cognito user pool or user, tokens from that
405
+ # deleted pool or that deleted user continue to be usable until they
406
+ # expire.
407
+ #
408
+ # <note markdown="1"> To reference a user from this identity source in your Cedar policies,
409
+ # use the following syntax.
410
+ #
411
+ # *IdentityType::"&lt;CognitoUserPoolIdentifier&gt;\|&lt;CognitoClientId&gt;*
412
+ #
413
+ # Where `IdentityType` is the string that you provide to the
414
+ # `PrincipalEntityType` parameter for this operation. The
415
+ # `CognitoUserPoolId` and `CognitoClientId` are defined by the Amazon
416
+ # Cognito user pool.
417
+ #
418
+ # </note>
419
+ #
420
+ #
421
+ #
422
+ # [1]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_IsAuthorizedWithToken.html
423
+ #
424
+ # @option params [String] :client_token
425
+ # Specifies a unique, case-sensitive ID that you provide to ensure the
426
+ # idempotency of the request. This lets you safely retry the request
427
+ # without accidentally performing the same operation a second time.
428
+ # Passing the same value to a later call to an operation requires that
429
+ # you also pass the same value for all other parameters. We recommend
430
+ # that you use a [UUID type of value.][1].
431
+ #
432
+ # If you don't provide this value, then Amazon Web Services generates a
433
+ # random one for you.
434
+ #
435
+ # If you retry the operation with the same `ClientToken`, but with
436
+ # different parameters, the retry fails with an
437
+ # `IdempotentParameterMismatch` error.
438
+ #
439
+ # **A suitable default value is auto-generated.** You should normally
440
+ # not need to pass this option.**
441
+ #
442
+ #
443
+ #
444
+ # [1]: https://wikipedia.org/wiki/Universally_unique_Id
445
+ #
446
+ # @option params [required, String] :policy_store_id
447
+ # Specifies the ID of the policy store in which you want to store this
448
+ # identity source. Only policies and requests made using this policy
449
+ # store can reference identities from the identity provider configured
450
+ # in the new identity source.
451
+ #
452
+ # @option params [required, Types::Configuration] :configuration
453
+ # Specifies the details required to communicate with the identity
454
+ # provider (IdP) associated with this identity source.
455
+ #
456
+ # <note markdown="1"> At this time, the only valid member of this structure is a Amazon
457
+ # Cognito user pool configuration.
458
+ #
459
+ # You must specify a `UserPoolArn`, and optionally, a `ClientId`.
460
+ #
461
+ # </note>
462
+ #
463
+ # @option params [String] :principal_entity_type
464
+ # Specifies the namespace and data type of the principals generated for
465
+ # identities authenticated by the new identity source.
466
+ #
467
+ # @return [Types::CreateIdentitySourceOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
468
+ #
469
+ # * {Types::CreateIdentitySourceOutput#created_date #created_date} => Time
470
+ # * {Types::CreateIdentitySourceOutput#identity_source_id #identity_source_id} => String
471
+ # * {Types::CreateIdentitySourceOutput#last_updated_date #last_updated_date} => Time
472
+ # * {Types::CreateIdentitySourceOutput#policy_store_id #policy_store_id} => String
473
+ #
474
+ # @example Request syntax with placeholder values
475
+ #
476
+ # resp = client.create_identity_source({
477
+ # client_token: "IdempotencyToken",
478
+ # policy_store_id: "PolicyStoreId", # required
479
+ # configuration: { # required
480
+ # cognito_user_pool_configuration: {
481
+ # user_pool_arn: "UserPoolArn", # required
482
+ # client_ids: ["ClientId"],
483
+ # },
484
+ # },
485
+ # principal_entity_type: "PrincipalEntityType",
486
+ # })
487
+ #
488
+ # @example Response structure
489
+ #
490
+ # resp.created_date #=> Time
491
+ # resp.identity_source_id #=> String
492
+ # resp.last_updated_date #=> Time
493
+ # resp.policy_store_id #=> String
494
+ #
495
+ # @see http://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/CreateIdentitySource AWS API Documentation
496
+ #
497
+ # @overload create_identity_source(params = {})
498
+ # @param [Hash] params ({})
499
+ def create_identity_source(params = {}, options = {})
500
+ req = build_request(:create_identity_source, params)
501
+ req.send_request(options)
502
+ end
503
+
504
+ # Creates a Cedar policy and saves it in the specified policy store. You
505
+ # can create either a static policy or a policy linked to a policy
506
+ # template.
507
+ #
508
+ # * To create a static policy, provide the Cedar policy text in the
509
+ # `StaticPolicy` section of the `PolicyDefinition`.
510
+ #
511
+ # * To create a policy that is dynamically linked to a policy template,
512
+ # specify the policy template ID and the principal and resource to
513
+ # associate with this policy in the `templateLinked` section of the
514
+ # `PolicyDefinition`. If the policy template is ever updated, any
515
+ # policies linked to the policy template automatically use the updated
516
+ # template.
517
+ #
518
+ # <note markdown="1"> Creating a policy causes it to be validated against the schema in the
519
+ # policy store. If the policy doesn't pass validation, the operation
520
+ # fails and the policy isn't stored.
521
+ #
522
+ # </note>
523
+ #
524
+ # @option params [String] :client_token
525
+ # Specifies a unique, case-sensitive ID that you provide to ensure the
526
+ # idempotency of the request. This lets you safely retry the request
527
+ # without accidentally performing the same operation a second time.
528
+ # Passing the same value to a later call to an operation requires that
529
+ # you also pass the same value for all other parameters. We recommend
530
+ # that you use a [UUID type of value.][1].
531
+ #
532
+ # If you don't provide this value, then Amazon Web Services generates a
533
+ # random one for you.
534
+ #
535
+ # If you retry the operation with the same `ClientToken`, but with
536
+ # different parameters, the retry fails with an
537
+ # `IdempotentParameterMismatch` error.
538
+ #
539
+ # **A suitable default value is auto-generated.** You should normally
540
+ # not need to pass this option.**
541
+ #
542
+ #
543
+ #
544
+ # [1]: https://wikipedia.org/wiki/Universally_unique_Id
545
+ #
546
+ # @option params [required, String] :policy_store_id
547
+ # Specifies the `PolicyStoreId` of the policy store you want to store
548
+ # the policy in.
549
+ #
550
+ # @option params [required, Types::PolicyDefinition] :definition
551
+ # A structure that specifies the policy type and content to use for the
552
+ # new policy. You must include either a static or a templateLinked
553
+ # element. The policy content must be written in the Cedar policy
554
+ # language.
555
+ #
556
+ # @return [Types::CreatePolicyOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
557
+ #
558
+ # * {Types::CreatePolicyOutput#policy_store_id #policy_store_id} => String
559
+ # * {Types::CreatePolicyOutput#policy_id #policy_id} => String
560
+ # * {Types::CreatePolicyOutput#policy_type #policy_type} => String
561
+ # * {Types::CreatePolicyOutput#principal #principal} => Types::EntityIdentifier
562
+ # * {Types::CreatePolicyOutput#resource #resource} => Types::EntityIdentifier
563
+ # * {Types::CreatePolicyOutput#created_date #created_date} => Time
564
+ # * {Types::CreatePolicyOutput#last_updated_date #last_updated_date} => Time
565
+ #
566
+ # @example Request syntax with placeholder values
567
+ #
568
+ # resp = client.create_policy({
569
+ # client_token: "IdempotencyToken",
570
+ # policy_store_id: "PolicyStoreId", # required
571
+ # definition: { # required
572
+ # static: {
573
+ # description: "StaticPolicyDescription",
574
+ # statement: "PolicyStatement", # required
575
+ # },
576
+ # template_linked: {
577
+ # policy_template_id: "PolicyTemplateId", # required
578
+ # principal: {
579
+ # entity_type: "EntityType", # required
580
+ # entity_id: "EntityId", # required
581
+ # },
582
+ # resource: {
583
+ # entity_type: "EntityType", # required
584
+ # entity_id: "EntityId", # required
585
+ # },
586
+ # },
587
+ # },
588
+ # })
589
+ #
590
+ # @example Response structure
591
+ #
592
+ # resp.policy_store_id #=> String
593
+ # resp.policy_id #=> String
594
+ # resp.policy_type #=> String, one of "STATIC", "TEMPLATE_LINKED"
595
+ # resp.principal.entity_type #=> String
596
+ # resp.principal.entity_id #=> String
597
+ # resp.resource.entity_type #=> String
598
+ # resp.resource.entity_id #=> String
599
+ # resp.created_date #=> Time
600
+ # resp.last_updated_date #=> Time
601
+ #
602
+ # @see http://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/CreatePolicy AWS API Documentation
603
+ #
604
+ # @overload create_policy(params = {})
605
+ # @param [Hash] params ({})
606
+ def create_policy(params = {}, options = {})
607
+ req = build_request(:create_policy, params)
608
+ req.send_request(options)
609
+ end
610
+
611
+ # Creates a policy store. A policy store is a container for policy
612
+ # resources.
613
+ #
614
+ # @option params [String] :client_token
615
+ # Specifies a unique, case-sensitive ID that you provide to ensure the
616
+ # idempotency of the request. This lets you safely retry the request
617
+ # without accidentally performing the same operation a second time.
618
+ # Passing the same value to a later call to an operation requires that
619
+ # you also pass the same value for all other parameters. We recommend
620
+ # that you use a [UUID type of value.][1].
621
+ #
622
+ # If you don't provide this value, then Amazon Web Services generates a
623
+ # random one for you.
624
+ #
625
+ # If you retry the operation with the same `ClientToken`, but with
626
+ # different parameters, the retry fails with an
627
+ # `IdempotentParameterMismatch` error.
628
+ #
629
+ # **A suitable default value is auto-generated.** You should normally
630
+ # not need to pass this option.**
631
+ #
632
+ #
633
+ #
634
+ # [1]: https://wikipedia.org/wiki/Universally_unique_Id
635
+ #
636
+ # @option params [required, Types::ValidationSettings] :validation_settings
637
+ # Specifies the validation setting for this policy store.
638
+ #
639
+ # Currently, the only valid and required value is `Mode`.
640
+ #
641
+ # We recommend that you turn on `STRICT` mode only after you define a
642
+ # schema. If a schema doesn't exist, then `STRICT` mode causes any
643
+ # policy to fail validation, and Verified Permissions rejects the
644
+ # policy. You can turn off validation by using the
645
+ # [UpdatePolicyStore][1]. Then, when you have a schema defined, use
646
+ # [UpdatePolicyStore][1] again to turn validation back on.
647
+ #
648
+ #
649
+ #
650
+ # [1]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_UpdatePolicyStore
651
+ #
652
+ # @return [Types::CreatePolicyStoreOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
653
+ #
654
+ # * {Types::CreatePolicyStoreOutput#policy_store_id #policy_store_id} => String
655
+ # * {Types::CreatePolicyStoreOutput#arn #arn} => String
656
+ # * {Types::CreatePolicyStoreOutput#created_date #created_date} => Time
657
+ # * {Types::CreatePolicyStoreOutput#last_updated_date #last_updated_date} => Time
658
+ #
659
+ # @example Request syntax with placeholder values
660
+ #
661
+ # resp = client.create_policy_store({
662
+ # client_token: "IdempotencyToken",
663
+ # validation_settings: { # required
664
+ # mode: "OFF", # required, accepts OFF, STRICT
665
+ # },
666
+ # })
667
+ #
668
+ # @example Response structure
669
+ #
670
+ # resp.policy_store_id #=> String
671
+ # resp.arn #=> String
672
+ # resp.created_date #=> Time
673
+ # resp.last_updated_date #=> Time
674
+ #
675
+ # @see http://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/CreatePolicyStore AWS API Documentation
676
+ #
677
+ # @overload create_policy_store(params = {})
678
+ # @param [Hash] params ({})
679
+ def create_policy_store(params = {}, options = {})
680
+ req = build_request(:create_policy_store, params)
681
+ req.send_request(options)
682
+ end
683
+
684
+ # Creates a policy template. A template can use placeholders for the
685
+ # principal and resource. A template must be instantiated into a policy
686
+ # by associating it with specific principals and resources to use for
687
+ # the placeholders. That instantiated policy can then be considered in
688
+ # authorization decisions. The instantiated policy works identically to
689
+ # any other policy, except that it is dynamically linked to the
690
+ # template. If the template changes, then any policies that are linked
691
+ # to that template are immediately updated as well.
692
+ #
693
+ # @option params [String] :client_token
694
+ # Specifies a unique, case-sensitive ID that you provide to ensure the
695
+ # idempotency of the request. This lets you safely retry the request
696
+ # without accidentally performing the same operation a second time.
697
+ # Passing the same value to a later call to an operation requires that
698
+ # you also pass the same value for all other parameters. We recommend
699
+ # that you use a [UUID type of value.][1].
700
+ #
701
+ # If you don't provide this value, then Amazon Web Services generates a
702
+ # random one for you.
703
+ #
704
+ # If you retry the operation with the same `ClientToken`, but with
705
+ # different parameters, the retry fails with an
706
+ # `IdempotentParameterMismatch` error.
707
+ #
708
+ # **A suitable default value is auto-generated.** You should normally
709
+ # not need to pass this option.**
710
+ #
711
+ #
712
+ #
713
+ # [1]: https://wikipedia.org/wiki/Universally_unique_Id
714
+ #
715
+ # @option params [required, String] :policy_store_id
716
+ # The ID of the policy store in which to create the policy template.
717
+ #
718
+ # @option params [String] :description
719
+ # Specifies a description for the policy template.
720
+ #
721
+ # @option params [required, String] :statement
722
+ # Specifies the content that you want to use for the new policy
723
+ # template, written in the Cedar policy language.
724
+ #
725
+ # @return [Types::CreatePolicyTemplateOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
726
+ #
727
+ # * {Types::CreatePolicyTemplateOutput#policy_store_id #policy_store_id} => String
728
+ # * {Types::CreatePolicyTemplateOutput#policy_template_id #policy_template_id} => String
729
+ # * {Types::CreatePolicyTemplateOutput#created_date #created_date} => Time
730
+ # * {Types::CreatePolicyTemplateOutput#last_updated_date #last_updated_date} => Time
731
+ #
732
+ # @example Request syntax with placeholder values
733
+ #
734
+ # resp = client.create_policy_template({
735
+ # client_token: "IdempotencyToken",
736
+ # policy_store_id: "PolicyStoreId", # required
737
+ # description: "PolicyTemplateDescription",
738
+ # statement: "PolicyStatement", # required
739
+ # })
740
+ #
741
+ # @example Response structure
742
+ #
743
+ # resp.policy_store_id #=> String
744
+ # resp.policy_template_id #=> String
745
+ # resp.created_date #=> Time
746
+ # resp.last_updated_date #=> Time
747
+ #
748
+ # @see http://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/CreatePolicyTemplate AWS API Documentation
749
+ #
750
+ # @overload create_policy_template(params = {})
751
+ # @param [Hash] params ({})
752
+ def create_policy_template(params = {}, options = {})
753
+ req = build_request(:create_policy_template, params)
754
+ req.send_request(options)
755
+ end
756
+
757
+ # Deletes an identity source that references an identity provider (IdP)
758
+ # such as Amazon Cognito. After you delete the identity source, you can
759
+ # no longer use tokens for identities from that identity source to
760
+ # represent principals in authorization queries made using
761
+ # [IsAuthorizedWithToken][1]. operations.
762
+ #
763
+ #
764
+ #
765
+ # [1]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_IsAuthorizedWithToken.html
766
+ #
767
+ # @option params [required, String] :policy_store_id
768
+ # Specifies the ID of the policy store that contains the identity source
769
+ # that you want to delete.
770
+ #
771
+ # @option params [required, String] :identity_source_id
772
+ # Specifies the ID of the identity source that you want to delete.
773
+ #
774
+ # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
775
+ #
776
+ # @example Request syntax with placeholder values
777
+ #
778
+ # resp = client.delete_identity_source({
779
+ # policy_store_id: "PolicyStoreId", # required
780
+ # identity_source_id: "IdentitySourceId", # required
781
+ # })
782
+ #
783
+ # @see http://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/DeleteIdentitySource AWS API Documentation
784
+ #
785
+ # @overload delete_identity_source(params = {})
786
+ # @param [Hash] params ({})
787
+ def delete_identity_source(params = {}, options = {})
788
+ req = build_request(:delete_identity_source, params)
789
+ req.send_request(options)
790
+ end
791
+
792
+ # Deletes the specified policy from the policy store.
793
+ #
794
+ # This operation is idempotent; if you specify a policy that doesn't
795
+ # exist, the request response returns a successful `HTTP 200` status
796
+ # code.
797
+ #
798
+ # @option params [required, String] :policy_store_id
799
+ # Specifies the ID of the policy store that contains the policy that you
800
+ # want to delete.
801
+ #
802
+ # @option params [required, String] :policy_id
803
+ # Specifies the ID of the policy that you want to delete.
804
+ #
805
+ # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
806
+ #
807
+ # @example Request syntax with placeholder values
808
+ #
809
+ # resp = client.delete_policy({
810
+ # policy_store_id: "PolicyStoreId", # required
811
+ # policy_id: "PolicyId", # required
812
+ # })
813
+ #
814
+ # @see http://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/DeletePolicy AWS API Documentation
815
+ #
816
+ # @overload delete_policy(params = {})
817
+ # @param [Hash] params ({})
818
+ def delete_policy(params = {}, options = {})
819
+ req = build_request(:delete_policy, params)
820
+ req.send_request(options)
821
+ end
822
+
823
+ # Deletes the specified policy store.
824
+ #
825
+ # This operation is idempotent. If you specify a policy store that does
826
+ # not exist, the request response will still return a successful HTTP
827
+ # 200 status code.
828
+ #
829
+ # @option params [required, String] :policy_store_id
830
+ # Specifies the ID of the policy store that you want to delete.
831
+ #
832
+ # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
833
+ #
834
+ # @example Request syntax with placeholder values
835
+ #
836
+ # resp = client.delete_policy_store({
837
+ # policy_store_id: "PolicyStoreId", # required
838
+ # })
839
+ #
840
+ # @see http://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/DeletePolicyStore AWS API Documentation
841
+ #
842
+ # @overload delete_policy_store(params = {})
843
+ # @param [Hash] params ({})
844
+ def delete_policy_store(params = {}, options = {})
845
+ req = build_request(:delete_policy_store, params)
846
+ req.send_request(options)
847
+ end
848
+
849
+ # Deletes the specified policy template from the policy store.
850
+ #
851
+ # This operation also deletes any policies that were created from the
852
+ # specified policy template. Those policies are immediately removed from
853
+ # all future API responses, and are asynchronously deleted from the
854
+ # policy store.
855
+ #
856
+ # @option params [required, String] :policy_store_id
857
+ # Specifies the ID of the policy store that contains the policy template
858
+ # that you want to delete.
859
+ #
860
+ # @option params [required, String] :policy_template_id
861
+ # Specifies the ID of the policy template that you want to delete.
862
+ #
863
+ # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
864
+ #
865
+ # @example Request syntax with placeholder values
866
+ #
867
+ # resp = client.delete_policy_template({
868
+ # policy_store_id: "PolicyStoreId", # required
869
+ # policy_template_id: "PolicyTemplateId", # required
870
+ # })
871
+ #
872
+ # @see http://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/DeletePolicyTemplate AWS API Documentation
873
+ #
874
+ # @overload delete_policy_template(params = {})
875
+ # @param [Hash] params ({})
876
+ def delete_policy_template(params = {}, options = {})
877
+ req = build_request(:delete_policy_template, params)
878
+ req.send_request(options)
879
+ end
880
+
881
+ # Retrieves the details about the specified identity source.
882
+ #
883
+ # @option params [required, String] :policy_store_id
884
+ # Specifies the ID of the policy store that contains the identity source
885
+ # you want information about.
886
+ #
887
+ # @option params [required, String] :identity_source_id
888
+ # Specifies the ID of the identity source you want information about.
889
+ #
890
+ # @return [Types::GetIdentitySourceOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
891
+ #
892
+ # * {Types::GetIdentitySourceOutput#created_date #created_date} => Time
893
+ # * {Types::GetIdentitySourceOutput#details #details} => Types::IdentitySourceDetails
894
+ # * {Types::GetIdentitySourceOutput#identity_source_id #identity_source_id} => String
895
+ # * {Types::GetIdentitySourceOutput#last_updated_date #last_updated_date} => Time
896
+ # * {Types::GetIdentitySourceOutput#policy_store_id #policy_store_id} => String
897
+ # * {Types::GetIdentitySourceOutput#principal_entity_type #principal_entity_type} => String
898
+ #
899
+ # @example Request syntax with placeholder values
900
+ #
901
+ # resp = client.get_identity_source({
902
+ # policy_store_id: "PolicyStoreId", # required
903
+ # identity_source_id: "IdentitySourceId", # required
904
+ # })
905
+ #
906
+ # @example Response structure
907
+ #
908
+ # resp.created_date #=> Time
909
+ # resp.details.client_ids #=> Array
910
+ # resp.details.client_ids[0] #=> String
911
+ # resp.details.user_pool_arn #=> String
912
+ # resp.details.discovery_url #=> String
913
+ # resp.details.open_id_issuer #=> String, one of "COGNITO"
914
+ # resp.identity_source_id #=> String
915
+ # resp.last_updated_date #=> Time
916
+ # resp.policy_store_id #=> String
917
+ # resp.principal_entity_type #=> String
918
+ #
919
+ # @see http://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/GetIdentitySource AWS API Documentation
920
+ #
921
+ # @overload get_identity_source(params = {})
922
+ # @param [Hash] params ({})
923
+ def get_identity_source(params = {}, options = {})
924
+ req = build_request(:get_identity_source, params)
925
+ req.send_request(options)
926
+ end
927
+
928
+ # Retrieves information about the specified policy.
929
+ #
930
+ # @option params [required, String] :policy_store_id
931
+ # Specifies the ID of the policy store that contains the policy that you
932
+ # want information about.
933
+ #
934
+ # @option params [required, String] :policy_id
935
+ # Specifies the ID of the policy you want information about.
936
+ #
937
+ # @return [Types::GetPolicyOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
938
+ #
939
+ # * {Types::GetPolicyOutput#policy_store_id #policy_store_id} => String
940
+ # * {Types::GetPolicyOutput#policy_id #policy_id} => String
941
+ # * {Types::GetPolicyOutput#policy_type #policy_type} => String
942
+ # * {Types::GetPolicyOutput#principal #principal} => Types::EntityIdentifier
943
+ # * {Types::GetPolicyOutput#resource #resource} => Types::EntityIdentifier
944
+ # * {Types::GetPolicyOutput#definition #definition} => Types::PolicyDefinitionDetail
945
+ # * {Types::GetPolicyOutput#created_date #created_date} => Time
946
+ # * {Types::GetPolicyOutput#last_updated_date #last_updated_date} => Time
947
+ #
948
+ # @example Request syntax with placeholder values
949
+ #
950
+ # resp = client.get_policy({
951
+ # policy_store_id: "PolicyStoreId", # required
952
+ # policy_id: "PolicyId", # required
953
+ # })
954
+ #
955
+ # @example Response structure
956
+ #
957
+ # resp.policy_store_id #=> String
958
+ # resp.policy_id #=> String
959
+ # resp.policy_type #=> String, one of "STATIC", "TEMPLATE_LINKED"
960
+ # resp.principal.entity_type #=> String
961
+ # resp.principal.entity_id #=> String
962
+ # resp.resource.entity_type #=> String
963
+ # resp.resource.entity_id #=> String
964
+ # resp.definition.static.description #=> String
965
+ # resp.definition.static.statement #=> String
966
+ # resp.definition.template_linked.policy_template_id #=> String
967
+ # resp.definition.template_linked.principal.entity_type #=> String
968
+ # resp.definition.template_linked.principal.entity_id #=> String
969
+ # resp.definition.template_linked.resource.entity_type #=> String
970
+ # resp.definition.template_linked.resource.entity_id #=> String
971
+ # resp.created_date #=> Time
972
+ # resp.last_updated_date #=> Time
973
+ #
974
+ # @see http://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/GetPolicy AWS API Documentation
975
+ #
976
+ # @overload get_policy(params = {})
977
+ # @param [Hash] params ({})
978
+ def get_policy(params = {}, options = {})
979
+ req = build_request(:get_policy, params)
980
+ req.send_request(options)
981
+ end
982
+
983
+ # Retrieves details about a policy store.
984
+ #
985
+ # @option params [required, String] :policy_store_id
986
+ # Specifies the ID of the policy store that you want information about.
987
+ #
988
+ # @return [Types::GetPolicyStoreOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
989
+ #
990
+ # * {Types::GetPolicyStoreOutput#policy_store_id #policy_store_id} => String
991
+ # * {Types::GetPolicyStoreOutput#arn #arn} => String
992
+ # * {Types::GetPolicyStoreOutput#validation_settings #validation_settings} => Types::ValidationSettings
993
+ # * {Types::GetPolicyStoreOutput#created_date #created_date} => Time
994
+ # * {Types::GetPolicyStoreOutput#last_updated_date #last_updated_date} => Time
995
+ #
996
+ # @example Request syntax with placeholder values
997
+ #
998
+ # resp = client.get_policy_store({
999
+ # policy_store_id: "PolicyStoreId", # required
1000
+ # })
1001
+ #
1002
+ # @example Response structure
1003
+ #
1004
+ # resp.policy_store_id #=> String
1005
+ # resp.arn #=> String
1006
+ # resp.validation_settings.mode #=> String, one of "OFF", "STRICT"
1007
+ # resp.created_date #=> Time
1008
+ # resp.last_updated_date #=> Time
1009
+ #
1010
+ # @see http://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/GetPolicyStore AWS API Documentation
1011
+ #
1012
+ # @overload get_policy_store(params = {})
1013
+ # @param [Hash] params ({})
1014
+ def get_policy_store(params = {}, options = {})
1015
+ req = build_request(:get_policy_store, params)
1016
+ req.send_request(options)
1017
+ end
1018
+
1019
+ # Retrieve the details for the specified policy template in the
1020
+ # specified policy store.
1021
+ #
1022
+ # @option params [required, String] :policy_store_id
1023
+ # Specifies the ID of the policy store that contains the policy template
1024
+ # that you want information about.
1025
+ #
1026
+ # @option params [required, String] :policy_template_id
1027
+ # Specifies the ID of the policy template that you want information
1028
+ # about.
1029
+ #
1030
+ # @return [Types::GetPolicyTemplateOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
1031
+ #
1032
+ # * {Types::GetPolicyTemplateOutput#policy_store_id #policy_store_id} => String
1033
+ # * {Types::GetPolicyTemplateOutput#policy_template_id #policy_template_id} => String
1034
+ # * {Types::GetPolicyTemplateOutput#description #description} => String
1035
+ # * {Types::GetPolicyTemplateOutput#statement #statement} => String
1036
+ # * {Types::GetPolicyTemplateOutput#created_date #created_date} => Time
1037
+ # * {Types::GetPolicyTemplateOutput#last_updated_date #last_updated_date} => Time
1038
+ #
1039
+ # @example Request syntax with placeholder values
1040
+ #
1041
+ # resp = client.get_policy_template({
1042
+ # policy_store_id: "PolicyStoreId", # required
1043
+ # policy_template_id: "PolicyTemplateId", # required
1044
+ # })
1045
+ #
1046
+ # @example Response structure
1047
+ #
1048
+ # resp.policy_store_id #=> String
1049
+ # resp.policy_template_id #=> String
1050
+ # resp.description #=> String
1051
+ # resp.statement #=> String
1052
+ # resp.created_date #=> Time
1053
+ # resp.last_updated_date #=> Time
1054
+ #
1055
+ # @see http://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/GetPolicyTemplate AWS API Documentation
1056
+ #
1057
+ # @overload get_policy_template(params = {})
1058
+ # @param [Hash] params ({})
1059
+ def get_policy_template(params = {}, options = {})
1060
+ req = build_request(:get_policy_template, params)
1061
+ req.send_request(options)
1062
+ end
1063
+
1064
+ # Retrieve the details for the specified schema in the specified policy
1065
+ # store.
1066
+ #
1067
+ # @option params [required, String] :policy_store_id
1068
+ # Specifies the ID of the policy store that contains the schema.
1069
+ #
1070
+ # @return [Types::GetSchemaOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
1071
+ #
1072
+ # * {Types::GetSchemaOutput#policy_store_id #policy_store_id} => String
1073
+ # * {Types::GetSchemaOutput#schema #schema} => String
1074
+ # * {Types::GetSchemaOutput#created_date #created_date} => Time
1075
+ # * {Types::GetSchemaOutput#last_updated_date #last_updated_date} => Time
1076
+ #
1077
+ # @example Request syntax with placeholder values
1078
+ #
1079
+ # resp = client.get_schema({
1080
+ # policy_store_id: "PolicyStoreId", # required
1081
+ # })
1082
+ #
1083
+ # @example Response structure
1084
+ #
1085
+ # resp.policy_store_id #=> String
1086
+ # resp.schema #=> String
1087
+ # resp.created_date #=> Time
1088
+ # resp.last_updated_date #=> Time
1089
+ #
1090
+ # @see http://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/GetSchema AWS API Documentation
1091
+ #
1092
+ # @overload get_schema(params = {})
1093
+ # @param [Hash] params ({})
1094
+ def get_schema(params = {}, options = {})
1095
+ req = build_request(:get_schema, params)
1096
+ req.send_request(options)
1097
+ end
1098
+
1099
+ # Makes an authorization decision about a service request described in
1100
+ # the parameters. The information in the parameters can also define
1101
+ # additional context that Verified Permissions can include in the
1102
+ # evaluation. The request is evaluated against all matching policies in
1103
+ # the specified policy store. The result of the decision is either
1104
+ # `Allow` or `Deny`, along with a list of the policies that resulted in
1105
+ # the decision.
1106
+ #
1107
+ # @option params [required, String] :policy_store_id
1108
+ # Specifies the ID of the policy store. Policies in this policy store
1109
+ # will be used to make an authorization decision for the input.
1110
+ #
1111
+ # @option params [Types::EntityIdentifier] :principal
1112
+ # Specifies the principal for which the authorization decision is to be
1113
+ # made.
1114
+ #
1115
+ # @option params [Types::ActionIdentifier] :action
1116
+ # Specifies the requested action to be authorized. For example, is the
1117
+ # principal authorized to perform this action on the resource?
1118
+ #
1119
+ # @option params [Types::EntityIdentifier] :resource
1120
+ # Specifies the resource for which the authorization decision is to be
1121
+ # made.
1122
+ #
1123
+ # @option params [Types::ContextDefinition] :context
1124
+ # Specifies additional context that can be used to make more granular
1125
+ # authorization decisions.
1126
+ #
1127
+ # @option params [Types::EntitiesDefinition] :entities
1128
+ # Specifies the list of entities and their associated attributes that
1129
+ # Verified Permissions can examine when evaluating the policies.
1130
+ #
1131
+ # @return [Types::IsAuthorizedOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
1132
+ #
1133
+ # * {Types::IsAuthorizedOutput#decision #decision} => String
1134
+ # * {Types::IsAuthorizedOutput#determining_policies #determining_policies} => Array&lt;Types::DeterminingPolicyItem&gt;
1135
+ # * {Types::IsAuthorizedOutput#errors #errors} => Array&lt;Types::EvaluationErrorItem&gt;
1136
+ #
1137
+ # @example Request syntax with placeholder values
1138
+ #
1139
+ # resp = client.is_authorized({
1140
+ # policy_store_id: "PolicyStoreId", # required
1141
+ # principal: {
1142
+ # entity_type: "EntityType", # required
1143
+ # entity_id: "EntityId", # required
1144
+ # },
1145
+ # action: {
1146
+ # action_type: "ActionType", # required
1147
+ # action_id: "ActionId", # required
1148
+ # },
1149
+ # resource: {
1150
+ # entity_type: "EntityType", # required
1151
+ # entity_id: "EntityId", # required
1152
+ # },
1153
+ # context: {
1154
+ # context_map: {
1155
+ # "String" => "value", # value <Hash,Array,String,Numeric,Boolean,IO,Set,nil>
1156
+ # },
1157
+ # },
1158
+ # entities: {
1159
+ # entity_list: [
1160
+ # {
1161
+ # identifier: { # required
1162
+ # entity_type: "EntityType", # required
1163
+ # entity_id: "EntityId", # required
1164
+ # },
1165
+ # attributes: {
1166
+ # "String" => "value", # value <Hash,Array,String,Numeric,Boolean,IO,Set,nil>
1167
+ # },
1168
+ # parents: [
1169
+ # {
1170
+ # entity_type: "EntityType", # required
1171
+ # entity_id: "EntityId", # required
1172
+ # },
1173
+ # ],
1174
+ # },
1175
+ # ],
1176
+ # },
1177
+ # })
1178
+ #
1179
+ # @example Response structure
1180
+ #
1181
+ # resp.decision #=> String, one of "ALLOW", "DENY"
1182
+ # resp.determining_policies #=> Array
1183
+ # resp.determining_policies[0].policy_id #=> String
1184
+ # resp.errors #=> Array
1185
+ # resp.errors[0].error_description #=> String
1186
+ #
1187
+ # @see http://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/IsAuthorized AWS API Documentation
1188
+ #
1189
+ # @overload is_authorized(params = {})
1190
+ # @param [Hash] params ({})
1191
+ def is_authorized(params = {}, options = {})
1192
+ req = build_request(:is_authorized, params)
1193
+ req.send_request(options)
1194
+ end
1195
+
1196
+ # Makes an authorization decision about a service request described in
1197
+ # the parameters. The principal in this request comes from an external
1198
+ # identity source. The information in the parameters can also define
1199
+ # additional context that Verified Permissions can include in the
1200
+ # evaluation. The request is evaluated against all matching policies in
1201
+ # the specified policy store. The result of the decision is either
1202
+ # `Allow` or `Deny`, along with a list of the policies that resulted in
1203
+ # the decision.
1204
+ #
1205
+ # If you delete a Amazon Cognito user pool or user, tokens from that
1206
+ # deleted pool or that deleted user continue to be usable until they
1207
+ # expire.
1208
+ #
1209
+ # @option params [required, String] :policy_store_id
1210
+ # Specifies the ID of the policy store. Policies in this policy store
1211
+ # will be used to make an authorization decision for the input.
1212
+ #
1213
+ # @option params [String] :identity_token
1214
+ # Specifies an identity token for the principal to be authorized. This
1215
+ # token is provided to you by the identity provider (IdP) associated
1216
+ # with the specified identity source. You must specify either an
1217
+ # `AccessToken` or an `IdentityToken`, but not both.
1218
+ #
1219
+ # @option params [String] :access_token
1220
+ # Specifies an access token for the principal to be authorized. This
1221
+ # token is provided to you by the identity provider (IdP) associated
1222
+ # with the specified identity source. You must specify either an
1223
+ # `AccessToken` or an `IdentityToken`, but not both.
1224
+ #
1225
+ # @option params [Types::ActionIdentifier] :action
1226
+ # Specifies the requested action to be authorized. Is the specified
1227
+ # principal authorized to perform this action on the specified resource.
1228
+ #
1229
+ # @option params [Types::EntityIdentifier] :resource
1230
+ # Specifies the resource for which the authorization decision is made.
1231
+ # For example, is the principal allowed to perform the action on the
1232
+ # resource?
1233
+ #
1234
+ # @option params [Types::ContextDefinition] :context
1235
+ # Specifies additional context that can be used to make more granular
1236
+ # authorization decisions.
1237
+ #
1238
+ # @option params [Types::EntitiesDefinition] :entities
1239
+ # Specifies the list of entities and their associated attributes that
1240
+ # Verified Permissions can examine when evaluating the policies.
1241
+ #
1242
+ # @return [Types::IsAuthorizedWithTokenOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
1243
+ #
1244
+ # * {Types::IsAuthorizedWithTokenOutput#decision #decision} => String
1245
+ # * {Types::IsAuthorizedWithTokenOutput#determining_policies #determining_policies} => Array&lt;Types::DeterminingPolicyItem&gt;
1246
+ # * {Types::IsAuthorizedWithTokenOutput#errors #errors} => Array&lt;Types::EvaluationErrorItem&gt;
1247
+ #
1248
+ # @example Request syntax with placeholder values
1249
+ #
1250
+ # resp = client.is_authorized_with_token({
1251
+ # policy_store_id: "PolicyStoreId", # required
1252
+ # identity_token: "Token",
1253
+ # access_token: "Token",
1254
+ # action: {
1255
+ # action_type: "ActionType", # required
1256
+ # action_id: "ActionId", # required
1257
+ # },
1258
+ # resource: {
1259
+ # entity_type: "EntityType", # required
1260
+ # entity_id: "EntityId", # required
1261
+ # },
1262
+ # context: {
1263
+ # context_map: {
1264
+ # "String" => "value", # value <Hash,Array,String,Numeric,Boolean,IO,Set,nil>
1265
+ # },
1266
+ # },
1267
+ # entities: {
1268
+ # entity_list: [
1269
+ # {
1270
+ # identifier: { # required
1271
+ # entity_type: "EntityType", # required
1272
+ # entity_id: "EntityId", # required
1273
+ # },
1274
+ # attributes: {
1275
+ # "String" => "value", # value <Hash,Array,String,Numeric,Boolean,IO,Set,nil>
1276
+ # },
1277
+ # parents: [
1278
+ # {
1279
+ # entity_type: "EntityType", # required
1280
+ # entity_id: "EntityId", # required
1281
+ # },
1282
+ # ],
1283
+ # },
1284
+ # ],
1285
+ # },
1286
+ # })
1287
+ #
1288
+ # @example Response structure
1289
+ #
1290
+ # resp.decision #=> String, one of "ALLOW", "DENY"
1291
+ # resp.determining_policies #=> Array
1292
+ # resp.determining_policies[0].policy_id #=> String
1293
+ # resp.errors #=> Array
1294
+ # resp.errors[0].error_description #=> String
1295
+ #
1296
+ # @see http://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/IsAuthorizedWithToken AWS API Documentation
1297
+ #
1298
+ # @overload is_authorized_with_token(params = {})
1299
+ # @param [Hash] params ({})
1300
+ def is_authorized_with_token(params = {}, options = {})
1301
+ req = build_request(:is_authorized_with_token, params)
1302
+ req.send_request(options)
1303
+ end
1304
+
1305
+ # Returns a paginated list of all of the identity sources defined in the
1306
+ # specified policy store.
1307
+ #
1308
+ # @option params [required, String] :policy_store_id
1309
+ # Specifies the ID of the policy store that contains the identity
1310
+ # sources that you want to list.
1311
+ #
1312
+ # @option params [String] :next_token
1313
+ # Specifies that you want to receive the next page of results. Valid
1314
+ # only if you received a `NextToken` response in the previous request.
1315
+ # If you did, it indicates that more output is available. Set this
1316
+ # parameter to the value provided by the previous call's `NextToken`
1317
+ # response to request the next page of results.
1318
+ #
1319
+ # @option params [Integer] :max_results
1320
+ # Specifies the total number of results that you want included on each
1321
+ # page of the response. If you do not include this parameter, it
1322
+ # defaults to a value that is specific to the operation. If additional
1323
+ # items exist beyond the number you specify, the `NextToken` response
1324
+ # element is returned with a value (not null). Include the specified
1325
+ # value as the `NextToken` request parameter in the next call to the
1326
+ # operation to get the next part of the results. Note that the service
1327
+ # might return fewer results than the maximum even when there are more
1328
+ # results available. You should check `NextToken` after every operation
1329
+ # to ensure that you receive all of the results.
1330
+ #
1331
+ # @option params [Array<Types::IdentitySourceFilter>] :filters
1332
+ # Specifies characteristics of an identity source that you can use to
1333
+ # limit the output to matching identity sources.
1334
+ #
1335
+ # @return [Types::ListIdentitySourcesOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
1336
+ #
1337
+ # * {Types::ListIdentitySourcesOutput#next_token #next_token} => String
1338
+ # * {Types::ListIdentitySourcesOutput#identity_sources #identity_sources} => Array&lt;Types::IdentitySourceItem&gt;
1339
+ #
1340
+ # The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
1341
+ #
1342
+ # @example Request syntax with placeholder values
1343
+ #
1344
+ # resp = client.list_identity_sources({
1345
+ # policy_store_id: "PolicyStoreId", # required
1346
+ # next_token: "NextToken",
1347
+ # max_results: 1,
1348
+ # filters: [
1349
+ # {
1350
+ # principal_entity_type: "PrincipalEntityType",
1351
+ # },
1352
+ # ],
1353
+ # })
1354
+ #
1355
+ # @example Response structure
1356
+ #
1357
+ # resp.next_token #=> String
1358
+ # resp.identity_sources #=> Array
1359
+ # resp.identity_sources[0].created_date #=> Time
1360
+ # resp.identity_sources[0].details.client_ids #=> Array
1361
+ # resp.identity_sources[0].details.client_ids[0] #=> String
1362
+ # resp.identity_sources[0].details.user_pool_arn #=> String
1363
+ # resp.identity_sources[0].details.discovery_url #=> String
1364
+ # resp.identity_sources[0].details.open_id_issuer #=> String, one of "COGNITO"
1365
+ # resp.identity_sources[0].identity_source_id #=> String
1366
+ # resp.identity_sources[0].last_updated_date #=> Time
1367
+ # resp.identity_sources[0].policy_store_id #=> String
1368
+ # resp.identity_sources[0].principal_entity_type #=> String
1369
+ #
1370
+ # @see http://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/ListIdentitySources AWS API Documentation
1371
+ #
1372
+ # @overload list_identity_sources(params = {})
1373
+ # @param [Hash] params ({})
1374
+ def list_identity_sources(params = {}, options = {})
1375
+ req = build_request(:list_identity_sources, params)
1376
+ req.send_request(options)
1377
+ end
1378
+
1379
+ # Returns a paginated list of all policies stored in the specified
1380
+ # policy store.
1381
+ #
1382
+ # @option params [required, String] :policy_store_id
1383
+ # Specifies the ID of the policy store you want to list policies from.
1384
+ #
1385
+ # @option params [String] :next_token
1386
+ # Specifies that you want to receive the next page of results. Valid
1387
+ # only if you received a `NextToken` response in the previous request.
1388
+ # If you did, it indicates that more output is available. Set this
1389
+ # parameter to the value provided by the previous call's `NextToken`
1390
+ # response to request the next page of results.
1391
+ #
1392
+ # @option params [Integer] :max_results
1393
+ # Specifies the total number of results that you want included on each
1394
+ # page of the response. If you do not include this parameter, it
1395
+ # defaults to a value that is specific to the operation. If additional
1396
+ # items exist beyond the number you specify, the `NextToken` response
1397
+ # element is returned with a value (not null). Include the specified
1398
+ # value as the `NextToken` request parameter in the next call to the
1399
+ # operation to get the next part of the results. Note that the service
1400
+ # might return fewer results than the maximum even when there are more
1401
+ # results available. You should check `NextToken` after every operation
1402
+ # to ensure that you receive all of the results.
1403
+ #
1404
+ # @option params [Types::PolicyFilter] :filter
1405
+ # Specifies a filter that limits the response to only policies that
1406
+ # match the specified criteria. For example, you list only the policies
1407
+ # that reference a specified principal.
1408
+ #
1409
+ # @return [Types::ListPoliciesOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
1410
+ #
1411
+ # * {Types::ListPoliciesOutput#next_token #next_token} => String
1412
+ # * {Types::ListPoliciesOutput#policies #policies} => Array&lt;Types::PolicyItem&gt;
1413
+ #
1414
+ # The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
1415
+ #
1416
+ # @example Request syntax with placeholder values
1417
+ #
1418
+ # resp = client.list_policies({
1419
+ # policy_store_id: "PolicyStoreId", # required
1420
+ # next_token: "NextToken",
1421
+ # max_results: 1,
1422
+ # filter: {
1423
+ # principal: {
1424
+ # unspecified: false,
1425
+ # identifier: {
1426
+ # entity_type: "EntityType", # required
1427
+ # entity_id: "EntityId", # required
1428
+ # },
1429
+ # },
1430
+ # resource: {
1431
+ # unspecified: false,
1432
+ # identifier: {
1433
+ # entity_type: "EntityType", # required
1434
+ # entity_id: "EntityId", # required
1435
+ # },
1436
+ # },
1437
+ # policy_type: "STATIC", # accepts STATIC, TEMPLATE_LINKED
1438
+ # policy_template_id: "PolicyTemplateId",
1439
+ # },
1440
+ # })
1441
+ #
1442
+ # @example Response structure
1443
+ #
1444
+ # resp.next_token #=> String
1445
+ # resp.policies #=> Array
1446
+ # resp.policies[0].policy_store_id #=> String
1447
+ # resp.policies[0].policy_id #=> String
1448
+ # resp.policies[0].policy_type #=> String, one of "STATIC", "TEMPLATE_LINKED"
1449
+ # resp.policies[0].principal.entity_type #=> String
1450
+ # resp.policies[0].principal.entity_id #=> String
1451
+ # resp.policies[0].resource.entity_type #=> String
1452
+ # resp.policies[0].resource.entity_id #=> String
1453
+ # resp.policies[0].definition.static.description #=> String
1454
+ # resp.policies[0].definition.template_linked.policy_template_id #=> String
1455
+ # resp.policies[0].definition.template_linked.principal.entity_type #=> String
1456
+ # resp.policies[0].definition.template_linked.principal.entity_id #=> String
1457
+ # resp.policies[0].definition.template_linked.resource.entity_type #=> String
1458
+ # resp.policies[0].definition.template_linked.resource.entity_id #=> String
1459
+ # resp.policies[0].created_date #=> Time
1460
+ # resp.policies[0].last_updated_date #=> Time
1461
+ #
1462
+ # @see http://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/ListPolicies AWS API Documentation
1463
+ #
1464
+ # @overload list_policies(params = {})
1465
+ # @param [Hash] params ({})
1466
+ def list_policies(params = {}, options = {})
1467
+ req = build_request(:list_policies, params)
1468
+ req.send_request(options)
1469
+ end
1470
+
1471
+ # Returns a paginated list of all policy stores in the calling Amazon
1472
+ # Web Services account.
1473
+ #
1474
+ # @option params [String] :next_token
1475
+ # Specifies that you want to receive the next page of results. Valid
1476
+ # only if you received a `NextToken` response in the previous request.
1477
+ # If you did, it indicates that more output is available. Set this
1478
+ # parameter to the value provided by the previous call's `NextToken`
1479
+ # response to request the next page of results.
1480
+ #
1481
+ # @option params [Integer] :max_results
1482
+ # Specifies the total number of results that you want included on each
1483
+ # page of the response. If you do not include this parameter, it
1484
+ # defaults to a value that is specific to the operation. If additional
1485
+ # items exist beyond the number you specify, the `NextToken` response
1486
+ # element is returned with a value (not null). Include the specified
1487
+ # value as the `NextToken` request parameter in the next call to the
1488
+ # operation to get the next part of the results. Note that the service
1489
+ # might return fewer results than the maximum even when there are more
1490
+ # results available. You should check `NextToken` after every operation
1491
+ # to ensure that you receive all of the results.
1492
+ #
1493
+ # @return [Types::ListPolicyStoresOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
1494
+ #
1495
+ # * {Types::ListPolicyStoresOutput#next_token #next_token} => String
1496
+ # * {Types::ListPolicyStoresOutput#policy_stores #policy_stores} => Array&lt;Types::PolicyStoreItem&gt;
1497
+ #
1498
+ # The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
1499
+ #
1500
+ # @example Request syntax with placeholder values
1501
+ #
1502
+ # resp = client.list_policy_stores({
1503
+ # next_token: "NextToken",
1504
+ # max_results: 1,
1505
+ # })
1506
+ #
1507
+ # @example Response structure
1508
+ #
1509
+ # resp.next_token #=> String
1510
+ # resp.policy_stores #=> Array
1511
+ # resp.policy_stores[0].policy_store_id #=> String
1512
+ # resp.policy_stores[0].arn #=> String
1513
+ # resp.policy_stores[0].created_date #=> Time
1514
+ #
1515
+ # @see http://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/ListPolicyStores AWS API Documentation
1516
+ #
1517
+ # @overload list_policy_stores(params = {})
1518
+ # @param [Hash] params ({})
1519
+ def list_policy_stores(params = {}, options = {})
1520
+ req = build_request(:list_policy_stores, params)
1521
+ req.send_request(options)
1522
+ end
1523
+
1524
+ # Returns a paginated list of all policy templates in the specified
1525
+ # policy store.
1526
+ #
1527
+ # @option params [required, String] :policy_store_id
1528
+ # Specifies the ID of the policy store that contains the policy
1529
+ # templates you want to list.
1530
+ #
1531
+ # @option params [String] :next_token
1532
+ # Specifies that you want to receive the next page of results. Valid
1533
+ # only if you received a `NextToken` response in the previous request.
1534
+ # If you did, it indicates that more output is available. Set this
1535
+ # parameter to the value provided by the previous call's `NextToken`
1536
+ # response to request the next page of results.
1537
+ #
1538
+ # @option params [Integer] :max_results
1539
+ # Specifies the total number of results that you want included on each
1540
+ # page of the response. If you do not include this parameter, it
1541
+ # defaults to a value that is specific to the operation. If additional
1542
+ # items exist beyond the number you specify, the `NextToken` response
1543
+ # element is returned with a value (not null). Include the specified
1544
+ # value as the `NextToken` request parameter in the next call to the
1545
+ # operation to get the next part of the results. Note that the service
1546
+ # might return fewer results than the maximum even when there are more
1547
+ # results available. You should check `NextToken` after every operation
1548
+ # to ensure that you receive all of the results.
1549
+ #
1550
+ # @return [Types::ListPolicyTemplatesOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
1551
+ #
1552
+ # * {Types::ListPolicyTemplatesOutput#next_token #next_token} => String
1553
+ # * {Types::ListPolicyTemplatesOutput#policy_templates #policy_templates} => Array&lt;Types::PolicyTemplateItem&gt;
1554
+ #
1555
+ # The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
1556
+ #
1557
+ # @example Request syntax with placeholder values
1558
+ #
1559
+ # resp = client.list_policy_templates({
1560
+ # policy_store_id: "PolicyStoreId", # required
1561
+ # next_token: "NextToken",
1562
+ # max_results: 1,
1563
+ # })
1564
+ #
1565
+ # @example Response structure
1566
+ #
1567
+ # resp.next_token #=> String
1568
+ # resp.policy_templates #=> Array
1569
+ # resp.policy_templates[0].policy_store_id #=> String
1570
+ # resp.policy_templates[0].policy_template_id #=> String
1571
+ # resp.policy_templates[0].description #=> String
1572
+ # resp.policy_templates[0].created_date #=> Time
1573
+ # resp.policy_templates[0].last_updated_date #=> Time
1574
+ #
1575
+ # @see http://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/ListPolicyTemplates AWS API Documentation
1576
+ #
1577
+ # @overload list_policy_templates(params = {})
1578
+ # @param [Hash] params ({})
1579
+ def list_policy_templates(params = {}, options = {})
1580
+ req = build_request(:list_policy_templates, params)
1581
+ req.send_request(options)
1582
+ end
1583
+
1584
+ # Creates or updates the policy schema in the specified policy store.
1585
+ # The schema is used to validate any Cedar policies and policy templates
1586
+ # submitted to the policy store. Any changes to the schema validate only
1587
+ # policies and templates submitted after the schema change. Existing
1588
+ # policies and templates are not re-evaluated against the changed
1589
+ # schema. If you later update a policy, then it is evaluated against the
1590
+ # new schema at that time.
1591
+ #
1592
+ # @option params [required, String] :policy_store_id
1593
+ # Specifies the ID of the policy store in which to place the schema.
1594
+ #
1595
+ # @option params [required, Types::SchemaDefinition] :definition
1596
+ # Specifies the definition of the schema to be stored. The schema
1597
+ # definition must be written in Cedar schema JSON.
1598
+ #
1599
+ # @return [Types::PutSchemaOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
1600
+ #
1601
+ # * {Types::PutSchemaOutput#policy_store_id #policy_store_id} => String
1602
+ # * {Types::PutSchemaOutput#namespaces #namespaces} => Array&lt;String&gt;
1603
+ # * {Types::PutSchemaOutput#created_date #created_date} => Time
1604
+ # * {Types::PutSchemaOutput#last_updated_date #last_updated_date} => Time
1605
+ #
1606
+ # @example Request syntax with placeholder values
1607
+ #
1608
+ # resp = client.put_schema({
1609
+ # policy_store_id: "PolicyStoreId", # required
1610
+ # definition: { # required
1611
+ # cedar_json: "SchemaJson",
1612
+ # },
1613
+ # })
1614
+ #
1615
+ # @example Response structure
1616
+ #
1617
+ # resp.policy_store_id #=> String
1618
+ # resp.namespaces #=> Array
1619
+ # resp.namespaces[0] #=> String
1620
+ # resp.created_date #=> Time
1621
+ # resp.last_updated_date #=> Time
1622
+ #
1623
+ # @see http://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/PutSchema AWS API Documentation
1624
+ #
1625
+ # @overload put_schema(params = {})
1626
+ # @param [Hash] params ({})
1627
+ def put_schema(params = {}, options = {})
1628
+ req = build_request(:put_schema, params)
1629
+ req.send_request(options)
1630
+ end
1631
+
1632
+ # Updates the specified identity source to use a new identity provider
1633
+ # (IdP) source, or to change the mapping of identities from the IdP to a
1634
+ # different principal entity type.
1635
+ #
1636
+ # @option params [required, String] :policy_store_id
1637
+ # Specifies the ID of the policy store that contains the identity source
1638
+ # that you want to update.
1639
+ #
1640
+ # @option params [required, String] :identity_source_id
1641
+ # Specifies the ID of the identity source that you want to update.
1642
+ #
1643
+ # @option params [required, Types::UpdateConfiguration] :update_configuration
1644
+ # Specifies the details required to communicate with the identity
1645
+ # provider (IdP) associated with this identity source.
1646
+ #
1647
+ # <note markdown="1"> At this time, the only valid member of this structure is a Amazon
1648
+ # Cognito user pool configuration.
1649
+ #
1650
+ # You must specify a `userPoolArn`, and optionally, a `ClientId`.
1651
+ #
1652
+ # </note>
1653
+ #
1654
+ # @option params [String] :principal_entity_type
1655
+ # Specifies the data type of principals generated for identities
1656
+ # authenticated by the identity source.
1657
+ #
1658
+ # @return [Types::UpdateIdentitySourceOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
1659
+ #
1660
+ # * {Types::UpdateIdentitySourceOutput#created_date #created_date} => Time
1661
+ # * {Types::UpdateIdentitySourceOutput#identity_source_id #identity_source_id} => String
1662
+ # * {Types::UpdateIdentitySourceOutput#last_updated_date #last_updated_date} => Time
1663
+ # * {Types::UpdateIdentitySourceOutput#policy_store_id #policy_store_id} => String
1664
+ #
1665
+ # @example Request syntax with placeholder values
1666
+ #
1667
+ # resp = client.update_identity_source({
1668
+ # policy_store_id: "PolicyStoreId", # required
1669
+ # identity_source_id: "IdentitySourceId", # required
1670
+ # update_configuration: { # required
1671
+ # cognito_user_pool_configuration: {
1672
+ # user_pool_arn: "UserPoolArn", # required
1673
+ # client_ids: ["ClientId"],
1674
+ # },
1675
+ # },
1676
+ # principal_entity_type: "PrincipalEntityType",
1677
+ # })
1678
+ #
1679
+ # @example Response structure
1680
+ #
1681
+ # resp.created_date #=> Time
1682
+ # resp.identity_source_id #=> String
1683
+ # resp.last_updated_date #=> Time
1684
+ # resp.policy_store_id #=> String
1685
+ #
1686
+ # @see http://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/UpdateIdentitySource AWS API Documentation
1687
+ #
1688
+ # @overload update_identity_source(params = {})
1689
+ # @param [Hash] params ({})
1690
+ def update_identity_source(params = {}, options = {})
1691
+ req = build_request(:update_identity_source, params)
1692
+ req.send_request(options)
1693
+ end
1694
+
1695
+ # Modifies a Cedar static policy in the specified policy store. You can
1696
+ # change only certain elements of the [UpdatePolicyDefinition][1]
1697
+ # parameter. You can directly update only static policies. To change a
1698
+ # template-linked policy, you must update the template instead, using
1699
+ # [UpdatePolicyTemplate][2].
1700
+ #
1701
+ # <note markdown="1"> If policy validation is enabled in the policy store, then updating a
1702
+ # static policy causes Verified Permissions to validate the policy
1703
+ # against the schema in the policy store. If the updated static policy
1704
+ # doesn't pass validation, the operation fails and the update isn't
1705
+ # stored.
1706
+ #
1707
+ # </note>
1708
+ #
1709
+ #
1710
+ #
1711
+ # [1]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_UpdatePolicyInput.html#amazonverifiedpermissions-UpdatePolicy-request-UpdatePolicyDefinition
1712
+ # [2]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_UpdatePolicyTemplate.html
1713
+ #
1714
+ # @option params [required, String] :policy_store_id
1715
+ # Specifies the ID of the policy store that contains the policy that you
1716
+ # want to update.
1717
+ #
1718
+ # @option params [required, String] :policy_id
1719
+ # Specifies the ID of the policy that you want to update. To find this
1720
+ # value, you can use [ListPolicies][1].
1721
+ #
1722
+ #
1723
+ #
1724
+ # [1]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_ListPolicies.html
1725
+ #
1726
+ # @option params [required, Types::UpdatePolicyDefinition] :definition
1727
+ # Specifies the updated policy content that you want to replace on the
1728
+ # specified policy. The content must be valid Cedar policy language
1729
+ # text.
1730
+ #
1731
+ # You can change only the following elements from the policy definition:
1732
+ #
1733
+ # * The `action` referenced by the policy.
1734
+ #
1735
+ # * Any conditional clauses, such as `when` or `unless` clauses.
1736
+ #
1737
+ # You **can't** change the following elements:
1738
+ #
1739
+ # * Changing from `static` to `templateLinked`.
1740
+ #
1741
+ # * Changing the effect of the policy from `permit` or `forbid`.
1742
+ #
1743
+ # * The `principal` referenced by the policy.
1744
+ #
1745
+ # * The `resource` referenced by the policy.
1746
+ #
1747
+ # @return [Types::UpdatePolicyOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
1748
+ #
1749
+ # * {Types::UpdatePolicyOutput#policy_store_id #policy_store_id} => String
1750
+ # * {Types::UpdatePolicyOutput#policy_id #policy_id} => String
1751
+ # * {Types::UpdatePolicyOutput#policy_type #policy_type} => String
1752
+ # * {Types::UpdatePolicyOutput#principal #principal} => Types::EntityIdentifier
1753
+ # * {Types::UpdatePolicyOutput#resource #resource} => Types::EntityIdentifier
1754
+ # * {Types::UpdatePolicyOutput#created_date #created_date} => Time
1755
+ # * {Types::UpdatePolicyOutput#last_updated_date #last_updated_date} => Time
1756
+ #
1757
+ # @example Request syntax with placeholder values
1758
+ #
1759
+ # resp = client.update_policy({
1760
+ # policy_store_id: "PolicyStoreId", # required
1761
+ # policy_id: "PolicyId", # required
1762
+ # definition: { # required
1763
+ # static: {
1764
+ # description: "StaticPolicyDescription",
1765
+ # statement: "PolicyStatement", # required
1766
+ # },
1767
+ # },
1768
+ # })
1769
+ #
1770
+ # @example Response structure
1771
+ #
1772
+ # resp.policy_store_id #=> String
1773
+ # resp.policy_id #=> String
1774
+ # resp.policy_type #=> String, one of "STATIC", "TEMPLATE_LINKED"
1775
+ # resp.principal.entity_type #=> String
1776
+ # resp.principal.entity_id #=> String
1777
+ # resp.resource.entity_type #=> String
1778
+ # resp.resource.entity_id #=> String
1779
+ # resp.created_date #=> Time
1780
+ # resp.last_updated_date #=> Time
1781
+ #
1782
+ # @see http://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/UpdatePolicy AWS API Documentation
1783
+ #
1784
+ # @overload update_policy(params = {})
1785
+ # @param [Hash] params ({})
1786
+ def update_policy(params = {}, options = {})
1787
+ req = build_request(:update_policy, params)
1788
+ req.send_request(options)
1789
+ end
1790
+
1791
+ # Modifies the validation setting for a policy store.
1792
+ #
1793
+ # @option params [required, String] :policy_store_id
1794
+ # Specifies the ID of the policy store that you want to update
1795
+ #
1796
+ # @option params [required, Types::ValidationSettings] :validation_settings
1797
+ # A structure that defines the validation settings that want to enable
1798
+ # for the policy store.
1799
+ #
1800
+ # @return [Types::UpdatePolicyStoreOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
1801
+ #
1802
+ # * {Types::UpdatePolicyStoreOutput#policy_store_id #policy_store_id} => String
1803
+ # * {Types::UpdatePolicyStoreOutput#arn #arn} => String
1804
+ # * {Types::UpdatePolicyStoreOutput#created_date #created_date} => Time
1805
+ # * {Types::UpdatePolicyStoreOutput#last_updated_date #last_updated_date} => Time
1806
+ #
1807
+ # @example Request syntax with placeholder values
1808
+ #
1809
+ # resp = client.update_policy_store({
1810
+ # policy_store_id: "PolicyStoreId", # required
1811
+ # validation_settings: { # required
1812
+ # mode: "OFF", # required, accepts OFF, STRICT
1813
+ # },
1814
+ # })
1815
+ #
1816
+ # @example Response structure
1817
+ #
1818
+ # resp.policy_store_id #=> String
1819
+ # resp.arn #=> String
1820
+ # resp.created_date #=> Time
1821
+ # resp.last_updated_date #=> Time
1822
+ #
1823
+ # @see http://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/UpdatePolicyStore AWS API Documentation
1824
+ #
1825
+ # @overload update_policy_store(params = {})
1826
+ # @param [Hash] params ({})
1827
+ def update_policy_store(params = {}, options = {})
1828
+ req = build_request(:update_policy_store, params)
1829
+ req.send_request(options)
1830
+ end
1831
+
1832
+ # Updates the specified policy template. You can update only the
1833
+ # description and the some elements of the [policyBody][1].
1834
+ #
1835
+ # Changes you make to the policy template content are immediately
1836
+ # reflected in authorization decisions that involve all template-linked
1837
+ # policies instantiated from this template.
1838
+ #
1839
+ #
1840
+ #
1841
+ # [1]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_UpdatePolicyTemplate.html#amazonverifiedpermissions-UpdatePolicyTemplate-request-policyBody
1842
+ #
1843
+ # @option params [required, String] :policy_store_id
1844
+ # Specifies the ID of the policy store that contains the policy template
1845
+ # that you want to update.
1846
+ #
1847
+ # @option params [required, String] :policy_template_id
1848
+ # Specifies the ID of the policy template that you want to update.
1849
+ #
1850
+ # @option params [String] :description
1851
+ # Specifies a new description to apply to the policy template.
1852
+ #
1853
+ # @option params [required, String] :statement
1854
+ # Specifies new statement content written in Cedar policy language to
1855
+ # replace the current body of the policy template.
1856
+ #
1857
+ # You can change only the following elements of the policy body:
1858
+ #
1859
+ # * The `action` referenced by the policy template.
1860
+ #
1861
+ # * Any conditional clauses, such as `when` or `unless` clauses.
1862
+ #
1863
+ # You **can't** change the following elements:
1864
+ #
1865
+ # * The effect (`permit` or `forbid`) of the policy template.
1866
+ #
1867
+ # * The `principal` referenced by the policy template.
1868
+ #
1869
+ # * The `resource` referenced by the policy template.
1870
+ #
1871
+ # @return [Types::UpdatePolicyTemplateOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
1872
+ #
1873
+ # * {Types::UpdatePolicyTemplateOutput#policy_store_id #policy_store_id} => String
1874
+ # * {Types::UpdatePolicyTemplateOutput#policy_template_id #policy_template_id} => String
1875
+ # * {Types::UpdatePolicyTemplateOutput#created_date #created_date} => Time
1876
+ # * {Types::UpdatePolicyTemplateOutput#last_updated_date #last_updated_date} => Time
1877
+ #
1878
+ # @example Request syntax with placeholder values
1879
+ #
1880
+ # resp = client.update_policy_template({
1881
+ # policy_store_id: "PolicyStoreId", # required
1882
+ # policy_template_id: "PolicyTemplateId", # required
1883
+ # description: "PolicyTemplateDescription",
1884
+ # statement: "PolicyStatement", # required
1885
+ # })
1886
+ #
1887
+ # @example Response structure
1888
+ #
1889
+ # resp.policy_store_id #=> String
1890
+ # resp.policy_template_id #=> String
1891
+ # resp.created_date #=> Time
1892
+ # resp.last_updated_date #=> Time
1893
+ #
1894
+ # @see http://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/UpdatePolicyTemplate AWS API Documentation
1895
+ #
1896
+ # @overload update_policy_template(params = {})
1897
+ # @param [Hash] params ({})
1898
+ def update_policy_template(params = {}, options = {})
1899
+ req = build_request(:update_policy_template, params)
1900
+ req.send_request(options)
1901
+ end
1902
+
1903
+ # @!endgroup
1904
+
1905
+ # @param params ({})
1906
+ # @api private
1907
+ def build_request(operation_name, params = {})
1908
+ handlers = @handlers.for(operation_name)
1909
+ context = Seahorse::Client::RequestContext.new(
1910
+ operation_name: operation_name,
1911
+ operation: config.api.operation(operation_name),
1912
+ client: self,
1913
+ params: params,
1914
+ config: config)
1915
+ context[:gem_name] = 'aws-sdk-verifiedpermissions'
1916
+ context[:gem_version] = '1.0.0'
1917
+ Seahorse::Client::Request.new(handlers, context)
1918
+ end
1919
+
1920
+ # @api private
1921
+ # @deprecated
1922
+ def waiter_names
1923
+ []
1924
+ end
1925
+
1926
+ class << self
1927
+
1928
+ # @api private
1929
+ attr_reader :identifier
1930
+
1931
+ # @api private
1932
+ def errors_module
1933
+ Errors
1934
+ end
1935
+
1936
+ end
1937
+ end
1938
+ end