aws-sdk-verifiedpermissions 1.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +7 -0
- data/CHANGELOG.md +8 -0
- data/LICENSE.txt +202 -0
- data/VERSION +1 -0
- data/lib/aws-sdk-verifiedpermissions/client.rb +1938 -0
- data/lib/aws-sdk-verifiedpermissions/client_api.rb +1048 -0
- data/lib/aws-sdk-verifiedpermissions/customizations.rb +0 -0
- data/lib/aws-sdk-verifiedpermissions/endpoint_parameters.rb +66 -0
- data/lib/aws-sdk-verifiedpermissions/endpoint_provider.rb +54 -0
- data/lib/aws-sdk-verifiedpermissions/endpoints.rb +351 -0
- data/lib/aws-sdk-verifiedpermissions/errors.rb +212 -0
- data/lib/aws-sdk-verifiedpermissions/plugins/endpoints.rb +116 -0
- data/lib/aws-sdk-verifiedpermissions/resource.rb +26 -0
- data/lib/aws-sdk-verifiedpermissions/types.rb +2954 -0
- data/lib/aws-sdk-verifiedpermissions/waiters.rb +15 -0
- data/lib/aws-sdk-verifiedpermissions.rb +58 -0
- metadata +95 -0
@@ -0,0 +1,1938 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
# WARNING ABOUT GENERATED CODE
|
4
|
+
#
|
5
|
+
# This file is generated. See the contributing guide for more information:
|
6
|
+
# https://github.com/aws/aws-sdk-ruby/blob/version-3/CONTRIBUTING.md
|
7
|
+
#
|
8
|
+
# WARNING ABOUT GENERATED CODE
|
9
|
+
|
10
|
+
require 'seahorse/client/plugins/content_length.rb'
|
11
|
+
require 'aws-sdk-core/plugins/credentials_configuration.rb'
|
12
|
+
require 'aws-sdk-core/plugins/logging.rb'
|
13
|
+
require 'aws-sdk-core/plugins/param_converter.rb'
|
14
|
+
require 'aws-sdk-core/plugins/param_validator.rb'
|
15
|
+
require 'aws-sdk-core/plugins/user_agent.rb'
|
16
|
+
require 'aws-sdk-core/plugins/helpful_socket_errors.rb'
|
17
|
+
require 'aws-sdk-core/plugins/retry_errors.rb'
|
18
|
+
require 'aws-sdk-core/plugins/global_configuration.rb'
|
19
|
+
require 'aws-sdk-core/plugins/regional_endpoint.rb'
|
20
|
+
require 'aws-sdk-core/plugins/endpoint_discovery.rb'
|
21
|
+
require 'aws-sdk-core/plugins/endpoint_pattern.rb'
|
22
|
+
require 'aws-sdk-core/plugins/response_paging.rb'
|
23
|
+
require 'aws-sdk-core/plugins/stub_responses.rb'
|
24
|
+
require 'aws-sdk-core/plugins/idempotency_token.rb'
|
25
|
+
require 'aws-sdk-core/plugins/jsonvalue_converter.rb'
|
26
|
+
require 'aws-sdk-core/plugins/client_metrics_plugin.rb'
|
27
|
+
require 'aws-sdk-core/plugins/client_metrics_send_plugin.rb'
|
28
|
+
require 'aws-sdk-core/plugins/transfer_encoding.rb'
|
29
|
+
require 'aws-sdk-core/plugins/http_checksum.rb'
|
30
|
+
require 'aws-sdk-core/plugins/checksum_algorithm.rb'
|
31
|
+
require 'aws-sdk-core/plugins/defaults_mode.rb'
|
32
|
+
require 'aws-sdk-core/plugins/recursion_detection.rb'
|
33
|
+
require 'aws-sdk-core/plugins/sign.rb'
|
34
|
+
require 'aws-sdk-core/plugins/protocols/json_rpc.rb'
|
35
|
+
|
36
|
+
Aws::Plugins::GlobalConfiguration.add_identifier(:verifiedpermissions)
|
37
|
+
|
38
|
+
module Aws::VerifiedPermissions
|
39
|
+
# An API client for VerifiedPermissions. To construct a client, you need to configure a `:region` and `:credentials`.
|
40
|
+
#
|
41
|
+
# client = Aws::VerifiedPermissions::Client.new(
|
42
|
+
# region: region_name,
|
43
|
+
# credentials: credentials,
|
44
|
+
# # ...
|
45
|
+
# )
|
46
|
+
#
|
47
|
+
# For details on configuring region and credentials see
|
48
|
+
# the [developer guide](/sdk-for-ruby/v3/developer-guide/setup-config.html).
|
49
|
+
#
|
50
|
+
# See {#initialize} for a full list of supported configuration options.
|
51
|
+
class Client < Seahorse::Client::Base
|
52
|
+
|
53
|
+
include Aws::ClientStubs
|
54
|
+
|
55
|
+
@identifier = :verifiedpermissions
|
56
|
+
|
57
|
+
set_api(ClientApi::API)
|
58
|
+
|
59
|
+
add_plugin(Seahorse::Client::Plugins::ContentLength)
|
60
|
+
add_plugin(Aws::Plugins::CredentialsConfiguration)
|
61
|
+
add_plugin(Aws::Plugins::Logging)
|
62
|
+
add_plugin(Aws::Plugins::ParamConverter)
|
63
|
+
add_plugin(Aws::Plugins::ParamValidator)
|
64
|
+
add_plugin(Aws::Plugins::UserAgent)
|
65
|
+
add_plugin(Aws::Plugins::HelpfulSocketErrors)
|
66
|
+
add_plugin(Aws::Plugins::RetryErrors)
|
67
|
+
add_plugin(Aws::Plugins::GlobalConfiguration)
|
68
|
+
add_plugin(Aws::Plugins::RegionalEndpoint)
|
69
|
+
add_plugin(Aws::Plugins::EndpointDiscovery)
|
70
|
+
add_plugin(Aws::Plugins::EndpointPattern)
|
71
|
+
add_plugin(Aws::Plugins::ResponsePaging)
|
72
|
+
add_plugin(Aws::Plugins::StubResponses)
|
73
|
+
add_plugin(Aws::Plugins::IdempotencyToken)
|
74
|
+
add_plugin(Aws::Plugins::JsonvalueConverter)
|
75
|
+
add_plugin(Aws::Plugins::ClientMetricsPlugin)
|
76
|
+
add_plugin(Aws::Plugins::ClientMetricsSendPlugin)
|
77
|
+
add_plugin(Aws::Plugins::TransferEncoding)
|
78
|
+
add_plugin(Aws::Plugins::HttpChecksum)
|
79
|
+
add_plugin(Aws::Plugins::ChecksumAlgorithm)
|
80
|
+
add_plugin(Aws::Plugins::DefaultsMode)
|
81
|
+
add_plugin(Aws::Plugins::RecursionDetection)
|
82
|
+
add_plugin(Aws::Plugins::Sign)
|
83
|
+
add_plugin(Aws::Plugins::Protocols::JsonRpc)
|
84
|
+
add_plugin(Aws::VerifiedPermissions::Plugins::Endpoints)
|
85
|
+
|
86
|
+
# @overload initialize(options)
|
87
|
+
# @param [Hash] options
|
88
|
+
# @option options [required, Aws::CredentialProvider] :credentials
|
89
|
+
# Your AWS credentials. This can be an instance of any one of the
|
90
|
+
# following classes:
|
91
|
+
#
|
92
|
+
# * `Aws::Credentials` - Used for configuring static, non-refreshing
|
93
|
+
# credentials.
|
94
|
+
#
|
95
|
+
# * `Aws::SharedCredentials` - Used for loading static credentials from a
|
96
|
+
# shared file, such as `~/.aws/config`.
|
97
|
+
#
|
98
|
+
# * `Aws::AssumeRoleCredentials` - Used when you need to assume a role.
|
99
|
+
#
|
100
|
+
# * `Aws::AssumeRoleWebIdentityCredentials` - Used when you need to
|
101
|
+
# assume a role after providing credentials via the web.
|
102
|
+
#
|
103
|
+
# * `Aws::SSOCredentials` - Used for loading credentials from AWS SSO using an
|
104
|
+
# access token generated from `aws login`.
|
105
|
+
#
|
106
|
+
# * `Aws::ProcessCredentials` - Used for loading credentials from a
|
107
|
+
# process that outputs to stdout.
|
108
|
+
#
|
109
|
+
# * `Aws::InstanceProfileCredentials` - Used for loading credentials
|
110
|
+
# from an EC2 IMDS on an EC2 instance.
|
111
|
+
#
|
112
|
+
# * `Aws::ECSCredentials` - Used for loading credentials from
|
113
|
+
# instances running in ECS.
|
114
|
+
#
|
115
|
+
# * `Aws::CognitoIdentityCredentials` - Used for loading credentials
|
116
|
+
# from the Cognito Identity service.
|
117
|
+
#
|
118
|
+
# When `:credentials` are not configured directly, the following
|
119
|
+
# locations will be searched for credentials:
|
120
|
+
#
|
121
|
+
# * `Aws.config[:credentials]`
|
122
|
+
# * The `:access_key_id`, `:secret_access_key`, and `:session_token` options.
|
123
|
+
# * ENV['AWS_ACCESS_KEY_ID'], ENV['AWS_SECRET_ACCESS_KEY']
|
124
|
+
# * `~/.aws/credentials`
|
125
|
+
# * `~/.aws/config`
|
126
|
+
# * EC2/ECS IMDS instance profile - When used by default, the timeouts
|
127
|
+
# are very aggressive. Construct and pass an instance of
|
128
|
+
# `Aws::InstanceProfileCredentails` or `Aws::ECSCredentials` to
|
129
|
+
# enable retries and extended timeouts. Instance profile credential
|
130
|
+
# fetching can be disabled by setting ENV['AWS_EC2_METADATA_DISABLED']
|
131
|
+
# to true.
|
132
|
+
#
|
133
|
+
# @option options [required, String] :region
|
134
|
+
# The AWS region to connect to. The configured `:region` is
|
135
|
+
# used to determine the service `:endpoint`. When not passed,
|
136
|
+
# a default `:region` is searched for in the following locations:
|
137
|
+
#
|
138
|
+
# * `Aws.config[:region]`
|
139
|
+
# * `ENV['AWS_REGION']`
|
140
|
+
# * `ENV['AMAZON_REGION']`
|
141
|
+
# * `ENV['AWS_DEFAULT_REGION']`
|
142
|
+
# * `~/.aws/credentials`
|
143
|
+
# * `~/.aws/config`
|
144
|
+
#
|
145
|
+
# @option options [String] :access_key_id
|
146
|
+
#
|
147
|
+
# @option options [Boolean] :active_endpoint_cache (false)
|
148
|
+
# When set to `true`, a thread polling for endpoints will be running in
|
149
|
+
# the background every 60 secs (default). Defaults to `false`.
|
150
|
+
#
|
151
|
+
# @option options [Boolean] :adaptive_retry_wait_to_fill (true)
|
152
|
+
# Used only in `adaptive` retry mode. When true, the request will sleep
|
153
|
+
# until there is sufficent client side capacity to retry the request.
|
154
|
+
# When false, the request will raise a `RetryCapacityNotAvailableError` and will
|
155
|
+
# not retry instead of sleeping.
|
156
|
+
#
|
157
|
+
# @option options [Boolean] :client_side_monitoring (false)
|
158
|
+
# When `true`, client-side metrics will be collected for all API requests from
|
159
|
+
# this client.
|
160
|
+
#
|
161
|
+
# @option options [String] :client_side_monitoring_client_id ("")
|
162
|
+
# Allows you to provide an identifier for this client which will be attached to
|
163
|
+
# all generated client side metrics. Defaults to an empty string.
|
164
|
+
#
|
165
|
+
# @option options [String] :client_side_monitoring_host ("127.0.0.1")
|
166
|
+
# Allows you to specify the DNS hostname or IPv4 or IPv6 address that the client
|
167
|
+
# side monitoring agent is running on, where client metrics will be published via UDP.
|
168
|
+
#
|
169
|
+
# @option options [Integer] :client_side_monitoring_port (31000)
|
170
|
+
# Required for publishing client metrics. The port that the client side monitoring
|
171
|
+
# agent is running on, where client metrics will be published via UDP.
|
172
|
+
#
|
173
|
+
# @option options [Aws::ClientSideMonitoring::Publisher] :client_side_monitoring_publisher (Aws::ClientSideMonitoring::Publisher)
|
174
|
+
# Allows you to provide a custom client-side monitoring publisher class. By default,
|
175
|
+
# will use the Client Side Monitoring Agent Publisher.
|
176
|
+
#
|
177
|
+
# @option options [Boolean] :convert_params (true)
|
178
|
+
# When `true`, an attempt is made to coerce request parameters into
|
179
|
+
# the required types.
|
180
|
+
#
|
181
|
+
# @option options [Boolean] :correct_clock_skew (true)
|
182
|
+
# Used only in `standard` and adaptive retry modes. Specifies whether to apply
|
183
|
+
# a clock skew correction and retry requests with skewed client clocks.
|
184
|
+
#
|
185
|
+
# @option options [String] :defaults_mode ("legacy")
|
186
|
+
# See {Aws::DefaultsModeConfiguration} for a list of the
|
187
|
+
# accepted modes and the configuration defaults that are included.
|
188
|
+
#
|
189
|
+
# @option options [Boolean] :disable_host_prefix_injection (false)
|
190
|
+
# Set to true to disable SDK automatically adding host prefix
|
191
|
+
# to default service endpoint when available.
|
192
|
+
#
|
193
|
+
# @option options [String] :endpoint
|
194
|
+
# The client endpoint is normally constructed from the `:region`
|
195
|
+
# option. You should only configure an `:endpoint` when connecting
|
196
|
+
# to test or custom endpoints. This should be a valid HTTP(S) URI.
|
197
|
+
#
|
198
|
+
# @option options [Integer] :endpoint_cache_max_entries (1000)
|
199
|
+
# Used for the maximum size limit of the LRU cache storing endpoints data
|
200
|
+
# for endpoint discovery enabled operations. Defaults to 1000.
|
201
|
+
#
|
202
|
+
# @option options [Integer] :endpoint_cache_max_threads (10)
|
203
|
+
# Used for the maximum threads in use for polling endpoints to be cached, defaults to 10.
|
204
|
+
#
|
205
|
+
# @option options [Integer] :endpoint_cache_poll_interval (60)
|
206
|
+
# When :endpoint_discovery and :active_endpoint_cache is enabled,
|
207
|
+
# Use this option to config the time interval in seconds for making
|
208
|
+
# requests fetching endpoints information. Defaults to 60 sec.
|
209
|
+
#
|
210
|
+
# @option options [Boolean] :endpoint_discovery (false)
|
211
|
+
# When set to `true`, endpoint discovery will be enabled for operations when available.
|
212
|
+
#
|
213
|
+
# @option options [Aws::Log::Formatter] :log_formatter (Aws::Log::Formatter.default)
|
214
|
+
# The log formatter.
|
215
|
+
#
|
216
|
+
# @option options [Symbol] :log_level (:info)
|
217
|
+
# The log level to send messages to the `:logger` at.
|
218
|
+
#
|
219
|
+
# @option options [Logger] :logger
|
220
|
+
# The Logger instance to send log messages to. If this option
|
221
|
+
# is not set, logging will be disabled.
|
222
|
+
#
|
223
|
+
# @option options [Integer] :max_attempts (3)
|
224
|
+
# An integer representing the maximum number attempts that will be made for
|
225
|
+
# a single request, including the initial attempt. For example,
|
226
|
+
# setting this value to 5 will result in a request being retried up to
|
227
|
+
# 4 times. Used in `standard` and `adaptive` retry modes.
|
228
|
+
#
|
229
|
+
# @option options [String] :profile ("default")
|
230
|
+
# Used when loading credentials from the shared credentials file
|
231
|
+
# at HOME/.aws/credentials. When not specified, 'default' is used.
|
232
|
+
#
|
233
|
+
# @option options [Proc] :retry_backoff
|
234
|
+
# A proc or lambda used for backoff. Defaults to 2**retries * retry_base_delay.
|
235
|
+
# This option is only used in the `legacy` retry mode.
|
236
|
+
#
|
237
|
+
# @option options [Float] :retry_base_delay (0.3)
|
238
|
+
# The base delay in seconds used by the default backoff function. This option
|
239
|
+
# is only used in the `legacy` retry mode.
|
240
|
+
#
|
241
|
+
# @option options [Symbol] :retry_jitter (:none)
|
242
|
+
# A delay randomiser function used by the default backoff function.
|
243
|
+
# Some predefined functions can be referenced by name - :none, :equal, :full,
|
244
|
+
# otherwise a Proc that takes and returns a number. This option is only used
|
245
|
+
# in the `legacy` retry mode.
|
246
|
+
#
|
247
|
+
# @see https://www.awsarchitectureblog.com/2015/03/backoff.html
|
248
|
+
#
|
249
|
+
# @option options [Integer] :retry_limit (3)
|
250
|
+
# The maximum number of times to retry failed requests. Only
|
251
|
+
# ~ 500 level server errors and certain ~ 400 level client errors
|
252
|
+
# are retried. Generally, these are throttling errors, data
|
253
|
+
# checksum errors, networking errors, timeout errors, auth errors,
|
254
|
+
# endpoint discovery, and errors from expired credentials.
|
255
|
+
# This option is only used in the `legacy` retry mode.
|
256
|
+
#
|
257
|
+
# @option options [Integer] :retry_max_delay (0)
|
258
|
+
# The maximum number of seconds to delay between retries (0 for no limit)
|
259
|
+
# used by the default backoff function. This option is only used in the
|
260
|
+
# `legacy` retry mode.
|
261
|
+
#
|
262
|
+
# @option options [String] :retry_mode ("legacy")
|
263
|
+
# Specifies which retry algorithm to use. Values are:
|
264
|
+
#
|
265
|
+
# * `legacy` - The pre-existing retry behavior. This is default value if
|
266
|
+
# no retry mode is provided.
|
267
|
+
#
|
268
|
+
# * `standard` - A standardized set of retry rules across the AWS SDKs.
|
269
|
+
# This includes support for retry quotas, which limit the number of
|
270
|
+
# unsuccessful retries a client can make.
|
271
|
+
#
|
272
|
+
# * `adaptive` - An experimental retry mode that includes all the
|
273
|
+
# functionality of `standard` mode along with automatic client side
|
274
|
+
# throttling. This is a provisional mode that may change behavior
|
275
|
+
# in the future.
|
276
|
+
#
|
277
|
+
#
|
278
|
+
# @option options [String] :sdk_ua_app_id
|
279
|
+
# A unique and opaque application ID that is appended to the
|
280
|
+
# User-Agent header as app/<sdk_ua_app_id>. It should have a
|
281
|
+
# maximum length of 50.
|
282
|
+
#
|
283
|
+
# @option options [String] :secret_access_key
|
284
|
+
#
|
285
|
+
# @option options [String] :session_token
|
286
|
+
#
|
287
|
+
# @option options [Boolean] :simple_json (false)
|
288
|
+
# Disables request parameter conversion, validation, and formatting.
|
289
|
+
# Also disable response data type conversions. This option is useful
|
290
|
+
# when you want to ensure the highest level of performance by
|
291
|
+
# avoiding overhead of walking request parameters and response data
|
292
|
+
# structures.
|
293
|
+
#
|
294
|
+
# When `:simple_json` is enabled, the request parameters hash must
|
295
|
+
# be formatted exactly as the DynamoDB API expects.
|
296
|
+
#
|
297
|
+
# @option options [Boolean] :stub_responses (false)
|
298
|
+
# Causes the client to return stubbed responses. By default
|
299
|
+
# fake responses are generated and returned. You can specify
|
300
|
+
# the response data to return or errors to raise by calling
|
301
|
+
# {ClientStubs#stub_responses}. See {ClientStubs} for more information.
|
302
|
+
#
|
303
|
+
# ** Please note ** When response stubbing is enabled, no HTTP
|
304
|
+
# requests are made, and retries are disabled.
|
305
|
+
#
|
306
|
+
# @option options [Aws::TokenProvider] :token_provider
|
307
|
+
# A Bearer Token Provider. This can be an instance of any one of the
|
308
|
+
# following classes:
|
309
|
+
#
|
310
|
+
# * `Aws::StaticTokenProvider` - Used for configuring static, non-refreshing
|
311
|
+
# tokens.
|
312
|
+
#
|
313
|
+
# * `Aws::SSOTokenProvider` - Used for loading tokens from AWS SSO using an
|
314
|
+
# access token generated from `aws login`.
|
315
|
+
#
|
316
|
+
# When `:token_provider` is not configured directly, the `Aws::TokenProviderChain`
|
317
|
+
# will be used to search for tokens configured for your profile in shared configuration files.
|
318
|
+
#
|
319
|
+
# @option options [Boolean] :use_dualstack_endpoint
|
320
|
+
# When set to `true`, dualstack enabled endpoints (with `.aws` TLD)
|
321
|
+
# will be used if available.
|
322
|
+
#
|
323
|
+
# @option options [Boolean] :use_fips_endpoint
|
324
|
+
# When set to `true`, fips compatible endpoints will be used if available.
|
325
|
+
# When a `fips` region is used, the region is normalized and this config
|
326
|
+
# is set to `true`.
|
327
|
+
#
|
328
|
+
# @option options [Boolean] :validate_params (true)
|
329
|
+
# When `true`, request parameters are validated before
|
330
|
+
# sending the request.
|
331
|
+
#
|
332
|
+
# @option options [Aws::VerifiedPermissions::EndpointProvider] :endpoint_provider
|
333
|
+
# The endpoint provider used to resolve endpoints. Any object that responds to `#resolve_endpoint(parameters)` where `parameters` is a Struct similar to `Aws::VerifiedPermissions::EndpointParameters`
|
334
|
+
#
|
335
|
+
# @option options [URI::HTTP,String] :http_proxy A proxy to send
|
336
|
+
# requests through. Formatted like 'http://proxy.com:123'.
|
337
|
+
#
|
338
|
+
# @option options [Float] :http_open_timeout (15) The number of
|
339
|
+
# seconds to wait when opening a HTTP session before raising a
|
340
|
+
# `Timeout::Error`.
|
341
|
+
#
|
342
|
+
# @option options [Float] :http_read_timeout (60) The default
|
343
|
+
# number of seconds to wait for response data. This value can
|
344
|
+
# safely be set per-request on the session.
|
345
|
+
#
|
346
|
+
# @option options [Float] :http_idle_timeout (5) The number of
|
347
|
+
# seconds a connection is allowed to sit idle before it is
|
348
|
+
# considered stale. Stale connections are closed and removed
|
349
|
+
# from the pool before making a request.
|
350
|
+
#
|
351
|
+
# @option options [Float] :http_continue_timeout (1) The number of
|
352
|
+
# seconds to wait for a 100-continue response before sending the
|
353
|
+
# request body. This option has no effect unless the request has
|
354
|
+
# "Expect" header set to "100-continue". Defaults to `nil` which
|
355
|
+
# disables this behaviour. This value can safely be set per
|
356
|
+
# request on the session.
|
357
|
+
#
|
358
|
+
# @option options [Float] :ssl_timeout (nil) Sets the SSL timeout
|
359
|
+
# in seconds.
|
360
|
+
#
|
361
|
+
# @option options [Boolean] :http_wire_trace (false) When `true`,
|
362
|
+
# HTTP debug output will be sent to the `:logger`.
|
363
|
+
#
|
364
|
+
# @option options [Boolean] :ssl_verify_peer (true) When `true`,
|
365
|
+
# SSL peer certificates are verified when establishing a
|
366
|
+
# connection.
|
367
|
+
#
|
368
|
+
# @option options [String] :ssl_ca_bundle Full path to the SSL
|
369
|
+
# certificate authority bundle file that should be used when
|
370
|
+
# verifying peer certificates. If you do not pass
|
371
|
+
# `:ssl_ca_bundle` or `:ssl_ca_directory` the the system default
|
372
|
+
# will be used if available.
|
373
|
+
#
|
374
|
+
# @option options [String] :ssl_ca_directory Full path of the
|
375
|
+
# directory that contains the unbundled SSL certificate
|
376
|
+
# authority files for verifying peer certificates. If you do
|
377
|
+
# not pass `:ssl_ca_bundle` or `:ssl_ca_directory` the the
|
378
|
+
# system default will be used if available.
|
379
|
+
#
|
380
|
+
def initialize(*args)
|
381
|
+
super
|
382
|
+
end
|
383
|
+
|
384
|
+
# @!group API Operations
|
385
|
+
|
386
|
+
# Creates a reference to an Amazon Cognito user pool as an external
|
387
|
+
# identity provider (IdP).
|
388
|
+
#
|
389
|
+
# After you create an identity source, you can use the identities
|
390
|
+
# provided by the IdP as proxies for the principal in authorization
|
391
|
+
# queries that use the [IsAuthorizedWithToken][1] operation. These
|
392
|
+
# identities take the form of tokens that contain claims about the user,
|
393
|
+
# such as IDs, attributes and group memberships. Amazon Cognito provides
|
394
|
+
# both identity tokens and access tokens, and Verified Permissions can
|
395
|
+
# use either or both. Any combination of identity and access tokens
|
396
|
+
# results in the same Cedar principal. Verified Permissions
|
397
|
+
# automatically translates the information about the identities into the
|
398
|
+
# standard Cedar attributes that can be evaluated by your policies.
|
399
|
+
# Because the Amazon Cognito identity and access tokens can contain
|
400
|
+
# different information, the tokens you choose to use determine which
|
401
|
+
# principal attributes are available to access when evaluating Cedar
|
402
|
+
# policies.
|
403
|
+
#
|
404
|
+
# If you delete a Amazon Cognito user pool or user, tokens from that
|
405
|
+
# deleted pool or that deleted user continue to be usable until they
|
406
|
+
# expire.
|
407
|
+
#
|
408
|
+
# <note markdown="1"> To reference a user from this identity source in your Cedar policies,
|
409
|
+
# use the following syntax.
|
410
|
+
#
|
411
|
+
# *IdentityType::"<CognitoUserPoolIdentifier>\|<CognitoClientId>*
|
412
|
+
#
|
413
|
+
# Where `IdentityType` is the string that you provide to the
|
414
|
+
# `PrincipalEntityType` parameter for this operation. The
|
415
|
+
# `CognitoUserPoolId` and `CognitoClientId` are defined by the Amazon
|
416
|
+
# Cognito user pool.
|
417
|
+
#
|
418
|
+
# </note>
|
419
|
+
#
|
420
|
+
#
|
421
|
+
#
|
422
|
+
# [1]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_IsAuthorizedWithToken.html
|
423
|
+
#
|
424
|
+
# @option params [String] :client_token
|
425
|
+
# Specifies a unique, case-sensitive ID that you provide to ensure the
|
426
|
+
# idempotency of the request. This lets you safely retry the request
|
427
|
+
# without accidentally performing the same operation a second time.
|
428
|
+
# Passing the same value to a later call to an operation requires that
|
429
|
+
# you also pass the same value for all other parameters. We recommend
|
430
|
+
# that you use a [UUID type of value.][1].
|
431
|
+
#
|
432
|
+
# If you don't provide this value, then Amazon Web Services generates a
|
433
|
+
# random one for you.
|
434
|
+
#
|
435
|
+
# If you retry the operation with the same `ClientToken`, but with
|
436
|
+
# different parameters, the retry fails with an
|
437
|
+
# `IdempotentParameterMismatch` error.
|
438
|
+
#
|
439
|
+
# **A suitable default value is auto-generated.** You should normally
|
440
|
+
# not need to pass this option.**
|
441
|
+
#
|
442
|
+
#
|
443
|
+
#
|
444
|
+
# [1]: https://wikipedia.org/wiki/Universally_unique_Id
|
445
|
+
#
|
446
|
+
# @option params [required, String] :policy_store_id
|
447
|
+
# Specifies the ID of the policy store in which you want to store this
|
448
|
+
# identity source. Only policies and requests made using this policy
|
449
|
+
# store can reference identities from the identity provider configured
|
450
|
+
# in the new identity source.
|
451
|
+
#
|
452
|
+
# @option params [required, Types::Configuration] :configuration
|
453
|
+
# Specifies the details required to communicate with the identity
|
454
|
+
# provider (IdP) associated with this identity source.
|
455
|
+
#
|
456
|
+
# <note markdown="1"> At this time, the only valid member of this structure is a Amazon
|
457
|
+
# Cognito user pool configuration.
|
458
|
+
#
|
459
|
+
# You must specify a `UserPoolArn`, and optionally, a `ClientId`.
|
460
|
+
#
|
461
|
+
# </note>
|
462
|
+
#
|
463
|
+
# @option params [String] :principal_entity_type
|
464
|
+
# Specifies the namespace and data type of the principals generated for
|
465
|
+
# identities authenticated by the new identity source.
|
466
|
+
#
|
467
|
+
# @return [Types::CreateIdentitySourceOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
468
|
+
#
|
469
|
+
# * {Types::CreateIdentitySourceOutput#created_date #created_date} => Time
|
470
|
+
# * {Types::CreateIdentitySourceOutput#identity_source_id #identity_source_id} => String
|
471
|
+
# * {Types::CreateIdentitySourceOutput#last_updated_date #last_updated_date} => Time
|
472
|
+
# * {Types::CreateIdentitySourceOutput#policy_store_id #policy_store_id} => String
|
473
|
+
#
|
474
|
+
# @example Request syntax with placeholder values
|
475
|
+
#
|
476
|
+
# resp = client.create_identity_source({
|
477
|
+
# client_token: "IdempotencyToken",
|
478
|
+
# policy_store_id: "PolicyStoreId", # required
|
479
|
+
# configuration: { # required
|
480
|
+
# cognito_user_pool_configuration: {
|
481
|
+
# user_pool_arn: "UserPoolArn", # required
|
482
|
+
# client_ids: ["ClientId"],
|
483
|
+
# },
|
484
|
+
# },
|
485
|
+
# principal_entity_type: "PrincipalEntityType",
|
486
|
+
# })
|
487
|
+
#
|
488
|
+
# @example Response structure
|
489
|
+
#
|
490
|
+
# resp.created_date #=> Time
|
491
|
+
# resp.identity_source_id #=> String
|
492
|
+
# resp.last_updated_date #=> Time
|
493
|
+
# resp.policy_store_id #=> String
|
494
|
+
#
|
495
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/CreateIdentitySource AWS API Documentation
|
496
|
+
#
|
497
|
+
# @overload create_identity_source(params = {})
|
498
|
+
# @param [Hash] params ({})
|
499
|
+
def create_identity_source(params = {}, options = {})
|
500
|
+
req = build_request(:create_identity_source, params)
|
501
|
+
req.send_request(options)
|
502
|
+
end
|
503
|
+
|
504
|
+
# Creates a Cedar policy and saves it in the specified policy store. You
|
505
|
+
# can create either a static policy or a policy linked to a policy
|
506
|
+
# template.
|
507
|
+
#
|
508
|
+
# * To create a static policy, provide the Cedar policy text in the
|
509
|
+
# `StaticPolicy` section of the `PolicyDefinition`.
|
510
|
+
#
|
511
|
+
# * To create a policy that is dynamically linked to a policy template,
|
512
|
+
# specify the policy template ID and the principal and resource to
|
513
|
+
# associate with this policy in the `templateLinked` section of the
|
514
|
+
# `PolicyDefinition`. If the policy template is ever updated, any
|
515
|
+
# policies linked to the policy template automatically use the updated
|
516
|
+
# template.
|
517
|
+
#
|
518
|
+
# <note markdown="1"> Creating a policy causes it to be validated against the schema in the
|
519
|
+
# policy store. If the policy doesn't pass validation, the operation
|
520
|
+
# fails and the policy isn't stored.
|
521
|
+
#
|
522
|
+
# </note>
|
523
|
+
#
|
524
|
+
# @option params [String] :client_token
|
525
|
+
# Specifies a unique, case-sensitive ID that you provide to ensure the
|
526
|
+
# idempotency of the request. This lets you safely retry the request
|
527
|
+
# without accidentally performing the same operation a second time.
|
528
|
+
# Passing the same value to a later call to an operation requires that
|
529
|
+
# you also pass the same value for all other parameters. We recommend
|
530
|
+
# that you use a [UUID type of value.][1].
|
531
|
+
#
|
532
|
+
# If you don't provide this value, then Amazon Web Services generates a
|
533
|
+
# random one for you.
|
534
|
+
#
|
535
|
+
# If you retry the operation with the same `ClientToken`, but with
|
536
|
+
# different parameters, the retry fails with an
|
537
|
+
# `IdempotentParameterMismatch` error.
|
538
|
+
#
|
539
|
+
# **A suitable default value is auto-generated.** You should normally
|
540
|
+
# not need to pass this option.**
|
541
|
+
#
|
542
|
+
#
|
543
|
+
#
|
544
|
+
# [1]: https://wikipedia.org/wiki/Universally_unique_Id
|
545
|
+
#
|
546
|
+
# @option params [required, String] :policy_store_id
|
547
|
+
# Specifies the `PolicyStoreId` of the policy store you want to store
|
548
|
+
# the policy in.
|
549
|
+
#
|
550
|
+
# @option params [required, Types::PolicyDefinition] :definition
|
551
|
+
# A structure that specifies the policy type and content to use for the
|
552
|
+
# new policy. You must include either a static or a templateLinked
|
553
|
+
# element. The policy content must be written in the Cedar policy
|
554
|
+
# language.
|
555
|
+
#
|
556
|
+
# @return [Types::CreatePolicyOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
557
|
+
#
|
558
|
+
# * {Types::CreatePolicyOutput#policy_store_id #policy_store_id} => String
|
559
|
+
# * {Types::CreatePolicyOutput#policy_id #policy_id} => String
|
560
|
+
# * {Types::CreatePolicyOutput#policy_type #policy_type} => String
|
561
|
+
# * {Types::CreatePolicyOutput#principal #principal} => Types::EntityIdentifier
|
562
|
+
# * {Types::CreatePolicyOutput#resource #resource} => Types::EntityIdentifier
|
563
|
+
# * {Types::CreatePolicyOutput#created_date #created_date} => Time
|
564
|
+
# * {Types::CreatePolicyOutput#last_updated_date #last_updated_date} => Time
|
565
|
+
#
|
566
|
+
# @example Request syntax with placeholder values
|
567
|
+
#
|
568
|
+
# resp = client.create_policy({
|
569
|
+
# client_token: "IdempotencyToken",
|
570
|
+
# policy_store_id: "PolicyStoreId", # required
|
571
|
+
# definition: { # required
|
572
|
+
# static: {
|
573
|
+
# description: "StaticPolicyDescription",
|
574
|
+
# statement: "PolicyStatement", # required
|
575
|
+
# },
|
576
|
+
# template_linked: {
|
577
|
+
# policy_template_id: "PolicyTemplateId", # required
|
578
|
+
# principal: {
|
579
|
+
# entity_type: "EntityType", # required
|
580
|
+
# entity_id: "EntityId", # required
|
581
|
+
# },
|
582
|
+
# resource: {
|
583
|
+
# entity_type: "EntityType", # required
|
584
|
+
# entity_id: "EntityId", # required
|
585
|
+
# },
|
586
|
+
# },
|
587
|
+
# },
|
588
|
+
# })
|
589
|
+
#
|
590
|
+
# @example Response structure
|
591
|
+
#
|
592
|
+
# resp.policy_store_id #=> String
|
593
|
+
# resp.policy_id #=> String
|
594
|
+
# resp.policy_type #=> String, one of "STATIC", "TEMPLATE_LINKED"
|
595
|
+
# resp.principal.entity_type #=> String
|
596
|
+
# resp.principal.entity_id #=> String
|
597
|
+
# resp.resource.entity_type #=> String
|
598
|
+
# resp.resource.entity_id #=> String
|
599
|
+
# resp.created_date #=> Time
|
600
|
+
# resp.last_updated_date #=> Time
|
601
|
+
#
|
602
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/CreatePolicy AWS API Documentation
|
603
|
+
#
|
604
|
+
# @overload create_policy(params = {})
|
605
|
+
# @param [Hash] params ({})
|
606
|
+
def create_policy(params = {}, options = {})
|
607
|
+
req = build_request(:create_policy, params)
|
608
|
+
req.send_request(options)
|
609
|
+
end
|
610
|
+
|
611
|
+
# Creates a policy store. A policy store is a container for policy
|
612
|
+
# resources.
|
613
|
+
#
|
614
|
+
# @option params [String] :client_token
|
615
|
+
# Specifies a unique, case-sensitive ID that you provide to ensure the
|
616
|
+
# idempotency of the request. This lets you safely retry the request
|
617
|
+
# without accidentally performing the same operation a second time.
|
618
|
+
# Passing the same value to a later call to an operation requires that
|
619
|
+
# you also pass the same value for all other parameters. We recommend
|
620
|
+
# that you use a [UUID type of value.][1].
|
621
|
+
#
|
622
|
+
# If you don't provide this value, then Amazon Web Services generates a
|
623
|
+
# random one for you.
|
624
|
+
#
|
625
|
+
# If you retry the operation with the same `ClientToken`, but with
|
626
|
+
# different parameters, the retry fails with an
|
627
|
+
# `IdempotentParameterMismatch` error.
|
628
|
+
#
|
629
|
+
# **A suitable default value is auto-generated.** You should normally
|
630
|
+
# not need to pass this option.**
|
631
|
+
#
|
632
|
+
#
|
633
|
+
#
|
634
|
+
# [1]: https://wikipedia.org/wiki/Universally_unique_Id
|
635
|
+
#
|
636
|
+
# @option params [required, Types::ValidationSettings] :validation_settings
|
637
|
+
# Specifies the validation setting for this policy store.
|
638
|
+
#
|
639
|
+
# Currently, the only valid and required value is `Mode`.
|
640
|
+
#
|
641
|
+
# We recommend that you turn on `STRICT` mode only after you define a
|
642
|
+
# schema. If a schema doesn't exist, then `STRICT` mode causes any
|
643
|
+
# policy to fail validation, and Verified Permissions rejects the
|
644
|
+
# policy. You can turn off validation by using the
|
645
|
+
# [UpdatePolicyStore][1]. Then, when you have a schema defined, use
|
646
|
+
# [UpdatePolicyStore][1] again to turn validation back on.
|
647
|
+
#
|
648
|
+
#
|
649
|
+
#
|
650
|
+
# [1]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_UpdatePolicyStore
|
651
|
+
#
|
652
|
+
# @return [Types::CreatePolicyStoreOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
653
|
+
#
|
654
|
+
# * {Types::CreatePolicyStoreOutput#policy_store_id #policy_store_id} => String
|
655
|
+
# * {Types::CreatePolicyStoreOutput#arn #arn} => String
|
656
|
+
# * {Types::CreatePolicyStoreOutput#created_date #created_date} => Time
|
657
|
+
# * {Types::CreatePolicyStoreOutput#last_updated_date #last_updated_date} => Time
|
658
|
+
#
|
659
|
+
# @example Request syntax with placeholder values
|
660
|
+
#
|
661
|
+
# resp = client.create_policy_store({
|
662
|
+
# client_token: "IdempotencyToken",
|
663
|
+
# validation_settings: { # required
|
664
|
+
# mode: "OFF", # required, accepts OFF, STRICT
|
665
|
+
# },
|
666
|
+
# })
|
667
|
+
#
|
668
|
+
# @example Response structure
|
669
|
+
#
|
670
|
+
# resp.policy_store_id #=> String
|
671
|
+
# resp.arn #=> String
|
672
|
+
# resp.created_date #=> Time
|
673
|
+
# resp.last_updated_date #=> Time
|
674
|
+
#
|
675
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/CreatePolicyStore AWS API Documentation
|
676
|
+
#
|
677
|
+
# @overload create_policy_store(params = {})
|
678
|
+
# @param [Hash] params ({})
|
679
|
+
def create_policy_store(params = {}, options = {})
|
680
|
+
req = build_request(:create_policy_store, params)
|
681
|
+
req.send_request(options)
|
682
|
+
end
|
683
|
+
|
684
|
+
# Creates a policy template. A template can use placeholders for the
|
685
|
+
# principal and resource. A template must be instantiated into a policy
|
686
|
+
# by associating it with specific principals and resources to use for
|
687
|
+
# the placeholders. That instantiated policy can then be considered in
|
688
|
+
# authorization decisions. The instantiated policy works identically to
|
689
|
+
# any other policy, except that it is dynamically linked to the
|
690
|
+
# template. If the template changes, then any policies that are linked
|
691
|
+
# to that template are immediately updated as well.
|
692
|
+
#
|
693
|
+
# @option params [String] :client_token
|
694
|
+
# Specifies a unique, case-sensitive ID that you provide to ensure the
|
695
|
+
# idempotency of the request. This lets you safely retry the request
|
696
|
+
# without accidentally performing the same operation a second time.
|
697
|
+
# Passing the same value to a later call to an operation requires that
|
698
|
+
# you also pass the same value for all other parameters. We recommend
|
699
|
+
# that you use a [UUID type of value.][1].
|
700
|
+
#
|
701
|
+
# If you don't provide this value, then Amazon Web Services generates a
|
702
|
+
# random one for you.
|
703
|
+
#
|
704
|
+
# If you retry the operation with the same `ClientToken`, but with
|
705
|
+
# different parameters, the retry fails with an
|
706
|
+
# `IdempotentParameterMismatch` error.
|
707
|
+
#
|
708
|
+
# **A suitable default value is auto-generated.** You should normally
|
709
|
+
# not need to pass this option.**
|
710
|
+
#
|
711
|
+
#
|
712
|
+
#
|
713
|
+
# [1]: https://wikipedia.org/wiki/Universally_unique_Id
|
714
|
+
#
|
715
|
+
# @option params [required, String] :policy_store_id
|
716
|
+
# The ID of the policy store in which to create the policy template.
|
717
|
+
#
|
718
|
+
# @option params [String] :description
|
719
|
+
# Specifies a description for the policy template.
|
720
|
+
#
|
721
|
+
# @option params [required, String] :statement
|
722
|
+
# Specifies the content that you want to use for the new policy
|
723
|
+
# template, written in the Cedar policy language.
|
724
|
+
#
|
725
|
+
# @return [Types::CreatePolicyTemplateOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
726
|
+
#
|
727
|
+
# * {Types::CreatePolicyTemplateOutput#policy_store_id #policy_store_id} => String
|
728
|
+
# * {Types::CreatePolicyTemplateOutput#policy_template_id #policy_template_id} => String
|
729
|
+
# * {Types::CreatePolicyTemplateOutput#created_date #created_date} => Time
|
730
|
+
# * {Types::CreatePolicyTemplateOutput#last_updated_date #last_updated_date} => Time
|
731
|
+
#
|
732
|
+
# @example Request syntax with placeholder values
|
733
|
+
#
|
734
|
+
# resp = client.create_policy_template({
|
735
|
+
# client_token: "IdempotencyToken",
|
736
|
+
# policy_store_id: "PolicyStoreId", # required
|
737
|
+
# description: "PolicyTemplateDescription",
|
738
|
+
# statement: "PolicyStatement", # required
|
739
|
+
# })
|
740
|
+
#
|
741
|
+
# @example Response structure
|
742
|
+
#
|
743
|
+
# resp.policy_store_id #=> String
|
744
|
+
# resp.policy_template_id #=> String
|
745
|
+
# resp.created_date #=> Time
|
746
|
+
# resp.last_updated_date #=> Time
|
747
|
+
#
|
748
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/CreatePolicyTemplate AWS API Documentation
|
749
|
+
#
|
750
|
+
# @overload create_policy_template(params = {})
|
751
|
+
# @param [Hash] params ({})
|
752
|
+
def create_policy_template(params = {}, options = {})
|
753
|
+
req = build_request(:create_policy_template, params)
|
754
|
+
req.send_request(options)
|
755
|
+
end
|
756
|
+
|
757
|
+
# Deletes an identity source that references an identity provider (IdP)
|
758
|
+
# such as Amazon Cognito. After you delete the identity source, you can
|
759
|
+
# no longer use tokens for identities from that identity source to
|
760
|
+
# represent principals in authorization queries made using
|
761
|
+
# [IsAuthorizedWithToken][1]. operations.
|
762
|
+
#
|
763
|
+
#
|
764
|
+
#
|
765
|
+
# [1]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_IsAuthorizedWithToken.html
|
766
|
+
#
|
767
|
+
# @option params [required, String] :policy_store_id
|
768
|
+
# Specifies the ID of the policy store that contains the identity source
|
769
|
+
# that you want to delete.
|
770
|
+
#
|
771
|
+
# @option params [required, String] :identity_source_id
|
772
|
+
# Specifies the ID of the identity source that you want to delete.
|
773
|
+
#
|
774
|
+
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
775
|
+
#
|
776
|
+
# @example Request syntax with placeholder values
|
777
|
+
#
|
778
|
+
# resp = client.delete_identity_source({
|
779
|
+
# policy_store_id: "PolicyStoreId", # required
|
780
|
+
# identity_source_id: "IdentitySourceId", # required
|
781
|
+
# })
|
782
|
+
#
|
783
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/DeleteIdentitySource AWS API Documentation
|
784
|
+
#
|
785
|
+
# @overload delete_identity_source(params = {})
|
786
|
+
# @param [Hash] params ({})
|
787
|
+
def delete_identity_source(params = {}, options = {})
|
788
|
+
req = build_request(:delete_identity_source, params)
|
789
|
+
req.send_request(options)
|
790
|
+
end
|
791
|
+
|
792
|
+
# Deletes the specified policy from the policy store.
|
793
|
+
#
|
794
|
+
# This operation is idempotent; if you specify a policy that doesn't
|
795
|
+
# exist, the request response returns a successful `HTTP 200` status
|
796
|
+
# code.
|
797
|
+
#
|
798
|
+
# @option params [required, String] :policy_store_id
|
799
|
+
# Specifies the ID of the policy store that contains the policy that you
|
800
|
+
# want to delete.
|
801
|
+
#
|
802
|
+
# @option params [required, String] :policy_id
|
803
|
+
# Specifies the ID of the policy that you want to delete.
|
804
|
+
#
|
805
|
+
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
806
|
+
#
|
807
|
+
# @example Request syntax with placeholder values
|
808
|
+
#
|
809
|
+
# resp = client.delete_policy({
|
810
|
+
# policy_store_id: "PolicyStoreId", # required
|
811
|
+
# policy_id: "PolicyId", # required
|
812
|
+
# })
|
813
|
+
#
|
814
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/DeletePolicy AWS API Documentation
|
815
|
+
#
|
816
|
+
# @overload delete_policy(params = {})
|
817
|
+
# @param [Hash] params ({})
|
818
|
+
def delete_policy(params = {}, options = {})
|
819
|
+
req = build_request(:delete_policy, params)
|
820
|
+
req.send_request(options)
|
821
|
+
end
|
822
|
+
|
823
|
+
# Deletes the specified policy store.
|
824
|
+
#
|
825
|
+
# This operation is idempotent. If you specify a policy store that does
|
826
|
+
# not exist, the request response will still return a successful HTTP
|
827
|
+
# 200 status code.
|
828
|
+
#
|
829
|
+
# @option params [required, String] :policy_store_id
|
830
|
+
# Specifies the ID of the policy store that you want to delete.
|
831
|
+
#
|
832
|
+
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
833
|
+
#
|
834
|
+
# @example Request syntax with placeholder values
|
835
|
+
#
|
836
|
+
# resp = client.delete_policy_store({
|
837
|
+
# policy_store_id: "PolicyStoreId", # required
|
838
|
+
# })
|
839
|
+
#
|
840
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/DeletePolicyStore AWS API Documentation
|
841
|
+
#
|
842
|
+
# @overload delete_policy_store(params = {})
|
843
|
+
# @param [Hash] params ({})
|
844
|
+
def delete_policy_store(params = {}, options = {})
|
845
|
+
req = build_request(:delete_policy_store, params)
|
846
|
+
req.send_request(options)
|
847
|
+
end
|
848
|
+
|
849
|
+
# Deletes the specified policy template from the policy store.
|
850
|
+
#
|
851
|
+
# This operation also deletes any policies that were created from the
|
852
|
+
# specified policy template. Those policies are immediately removed from
|
853
|
+
# all future API responses, and are asynchronously deleted from the
|
854
|
+
# policy store.
|
855
|
+
#
|
856
|
+
# @option params [required, String] :policy_store_id
|
857
|
+
# Specifies the ID of the policy store that contains the policy template
|
858
|
+
# that you want to delete.
|
859
|
+
#
|
860
|
+
# @option params [required, String] :policy_template_id
|
861
|
+
# Specifies the ID of the policy template that you want to delete.
|
862
|
+
#
|
863
|
+
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
864
|
+
#
|
865
|
+
# @example Request syntax with placeholder values
|
866
|
+
#
|
867
|
+
# resp = client.delete_policy_template({
|
868
|
+
# policy_store_id: "PolicyStoreId", # required
|
869
|
+
# policy_template_id: "PolicyTemplateId", # required
|
870
|
+
# })
|
871
|
+
#
|
872
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/DeletePolicyTemplate AWS API Documentation
|
873
|
+
#
|
874
|
+
# @overload delete_policy_template(params = {})
|
875
|
+
# @param [Hash] params ({})
|
876
|
+
def delete_policy_template(params = {}, options = {})
|
877
|
+
req = build_request(:delete_policy_template, params)
|
878
|
+
req.send_request(options)
|
879
|
+
end
|
880
|
+
|
881
|
+
# Retrieves the details about the specified identity source.
|
882
|
+
#
|
883
|
+
# @option params [required, String] :policy_store_id
|
884
|
+
# Specifies the ID of the policy store that contains the identity source
|
885
|
+
# you want information about.
|
886
|
+
#
|
887
|
+
# @option params [required, String] :identity_source_id
|
888
|
+
# Specifies the ID of the identity source you want information about.
|
889
|
+
#
|
890
|
+
# @return [Types::GetIdentitySourceOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
891
|
+
#
|
892
|
+
# * {Types::GetIdentitySourceOutput#created_date #created_date} => Time
|
893
|
+
# * {Types::GetIdentitySourceOutput#details #details} => Types::IdentitySourceDetails
|
894
|
+
# * {Types::GetIdentitySourceOutput#identity_source_id #identity_source_id} => String
|
895
|
+
# * {Types::GetIdentitySourceOutput#last_updated_date #last_updated_date} => Time
|
896
|
+
# * {Types::GetIdentitySourceOutput#policy_store_id #policy_store_id} => String
|
897
|
+
# * {Types::GetIdentitySourceOutput#principal_entity_type #principal_entity_type} => String
|
898
|
+
#
|
899
|
+
# @example Request syntax with placeholder values
|
900
|
+
#
|
901
|
+
# resp = client.get_identity_source({
|
902
|
+
# policy_store_id: "PolicyStoreId", # required
|
903
|
+
# identity_source_id: "IdentitySourceId", # required
|
904
|
+
# })
|
905
|
+
#
|
906
|
+
# @example Response structure
|
907
|
+
#
|
908
|
+
# resp.created_date #=> Time
|
909
|
+
# resp.details.client_ids #=> Array
|
910
|
+
# resp.details.client_ids[0] #=> String
|
911
|
+
# resp.details.user_pool_arn #=> String
|
912
|
+
# resp.details.discovery_url #=> String
|
913
|
+
# resp.details.open_id_issuer #=> String, one of "COGNITO"
|
914
|
+
# resp.identity_source_id #=> String
|
915
|
+
# resp.last_updated_date #=> Time
|
916
|
+
# resp.policy_store_id #=> String
|
917
|
+
# resp.principal_entity_type #=> String
|
918
|
+
#
|
919
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/GetIdentitySource AWS API Documentation
|
920
|
+
#
|
921
|
+
# @overload get_identity_source(params = {})
|
922
|
+
# @param [Hash] params ({})
|
923
|
+
def get_identity_source(params = {}, options = {})
|
924
|
+
req = build_request(:get_identity_source, params)
|
925
|
+
req.send_request(options)
|
926
|
+
end
|
927
|
+
|
928
|
+
# Retrieves information about the specified policy.
|
929
|
+
#
|
930
|
+
# @option params [required, String] :policy_store_id
|
931
|
+
# Specifies the ID of the policy store that contains the policy that you
|
932
|
+
# want information about.
|
933
|
+
#
|
934
|
+
# @option params [required, String] :policy_id
|
935
|
+
# Specifies the ID of the policy you want information about.
|
936
|
+
#
|
937
|
+
# @return [Types::GetPolicyOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
938
|
+
#
|
939
|
+
# * {Types::GetPolicyOutput#policy_store_id #policy_store_id} => String
|
940
|
+
# * {Types::GetPolicyOutput#policy_id #policy_id} => String
|
941
|
+
# * {Types::GetPolicyOutput#policy_type #policy_type} => String
|
942
|
+
# * {Types::GetPolicyOutput#principal #principal} => Types::EntityIdentifier
|
943
|
+
# * {Types::GetPolicyOutput#resource #resource} => Types::EntityIdentifier
|
944
|
+
# * {Types::GetPolicyOutput#definition #definition} => Types::PolicyDefinitionDetail
|
945
|
+
# * {Types::GetPolicyOutput#created_date #created_date} => Time
|
946
|
+
# * {Types::GetPolicyOutput#last_updated_date #last_updated_date} => Time
|
947
|
+
#
|
948
|
+
# @example Request syntax with placeholder values
|
949
|
+
#
|
950
|
+
# resp = client.get_policy({
|
951
|
+
# policy_store_id: "PolicyStoreId", # required
|
952
|
+
# policy_id: "PolicyId", # required
|
953
|
+
# })
|
954
|
+
#
|
955
|
+
# @example Response structure
|
956
|
+
#
|
957
|
+
# resp.policy_store_id #=> String
|
958
|
+
# resp.policy_id #=> String
|
959
|
+
# resp.policy_type #=> String, one of "STATIC", "TEMPLATE_LINKED"
|
960
|
+
# resp.principal.entity_type #=> String
|
961
|
+
# resp.principal.entity_id #=> String
|
962
|
+
# resp.resource.entity_type #=> String
|
963
|
+
# resp.resource.entity_id #=> String
|
964
|
+
# resp.definition.static.description #=> String
|
965
|
+
# resp.definition.static.statement #=> String
|
966
|
+
# resp.definition.template_linked.policy_template_id #=> String
|
967
|
+
# resp.definition.template_linked.principal.entity_type #=> String
|
968
|
+
# resp.definition.template_linked.principal.entity_id #=> String
|
969
|
+
# resp.definition.template_linked.resource.entity_type #=> String
|
970
|
+
# resp.definition.template_linked.resource.entity_id #=> String
|
971
|
+
# resp.created_date #=> Time
|
972
|
+
# resp.last_updated_date #=> Time
|
973
|
+
#
|
974
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/GetPolicy AWS API Documentation
|
975
|
+
#
|
976
|
+
# @overload get_policy(params = {})
|
977
|
+
# @param [Hash] params ({})
|
978
|
+
def get_policy(params = {}, options = {})
|
979
|
+
req = build_request(:get_policy, params)
|
980
|
+
req.send_request(options)
|
981
|
+
end
|
982
|
+
|
983
|
+
# Retrieves details about a policy store.
|
984
|
+
#
|
985
|
+
# @option params [required, String] :policy_store_id
|
986
|
+
# Specifies the ID of the policy store that you want information about.
|
987
|
+
#
|
988
|
+
# @return [Types::GetPolicyStoreOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
989
|
+
#
|
990
|
+
# * {Types::GetPolicyStoreOutput#policy_store_id #policy_store_id} => String
|
991
|
+
# * {Types::GetPolicyStoreOutput#arn #arn} => String
|
992
|
+
# * {Types::GetPolicyStoreOutput#validation_settings #validation_settings} => Types::ValidationSettings
|
993
|
+
# * {Types::GetPolicyStoreOutput#created_date #created_date} => Time
|
994
|
+
# * {Types::GetPolicyStoreOutput#last_updated_date #last_updated_date} => Time
|
995
|
+
#
|
996
|
+
# @example Request syntax with placeholder values
|
997
|
+
#
|
998
|
+
# resp = client.get_policy_store({
|
999
|
+
# policy_store_id: "PolicyStoreId", # required
|
1000
|
+
# })
|
1001
|
+
#
|
1002
|
+
# @example Response structure
|
1003
|
+
#
|
1004
|
+
# resp.policy_store_id #=> String
|
1005
|
+
# resp.arn #=> String
|
1006
|
+
# resp.validation_settings.mode #=> String, one of "OFF", "STRICT"
|
1007
|
+
# resp.created_date #=> Time
|
1008
|
+
# resp.last_updated_date #=> Time
|
1009
|
+
#
|
1010
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/GetPolicyStore AWS API Documentation
|
1011
|
+
#
|
1012
|
+
# @overload get_policy_store(params = {})
|
1013
|
+
# @param [Hash] params ({})
|
1014
|
+
def get_policy_store(params = {}, options = {})
|
1015
|
+
req = build_request(:get_policy_store, params)
|
1016
|
+
req.send_request(options)
|
1017
|
+
end
|
1018
|
+
|
1019
|
+
# Retrieve the details for the specified policy template in the
|
1020
|
+
# specified policy store.
|
1021
|
+
#
|
1022
|
+
# @option params [required, String] :policy_store_id
|
1023
|
+
# Specifies the ID of the policy store that contains the policy template
|
1024
|
+
# that you want information about.
|
1025
|
+
#
|
1026
|
+
# @option params [required, String] :policy_template_id
|
1027
|
+
# Specifies the ID of the policy template that you want information
|
1028
|
+
# about.
|
1029
|
+
#
|
1030
|
+
# @return [Types::GetPolicyTemplateOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
1031
|
+
#
|
1032
|
+
# * {Types::GetPolicyTemplateOutput#policy_store_id #policy_store_id} => String
|
1033
|
+
# * {Types::GetPolicyTemplateOutput#policy_template_id #policy_template_id} => String
|
1034
|
+
# * {Types::GetPolicyTemplateOutput#description #description} => String
|
1035
|
+
# * {Types::GetPolicyTemplateOutput#statement #statement} => String
|
1036
|
+
# * {Types::GetPolicyTemplateOutput#created_date #created_date} => Time
|
1037
|
+
# * {Types::GetPolicyTemplateOutput#last_updated_date #last_updated_date} => Time
|
1038
|
+
#
|
1039
|
+
# @example Request syntax with placeholder values
|
1040
|
+
#
|
1041
|
+
# resp = client.get_policy_template({
|
1042
|
+
# policy_store_id: "PolicyStoreId", # required
|
1043
|
+
# policy_template_id: "PolicyTemplateId", # required
|
1044
|
+
# })
|
1045
|
+
#
|
1046
|
+
# @example Response structure
|
1047
|
+
#
|
1048
|
+
# resp.policy_store_id #=> String
|
1049
|
+
# resp.policy_template_id #=> String
|
1050
|
+
# resp.description #=> String
|
1051
|
+
# resp.statement #=> String
|
1052
|
+
# resp.created_date #=> Time
|
1053
|
+
# resp.last_updated_date #=> Time
|
1054
|
+
#
|
1055
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/GetPolicyTemplate AWS API Documentation
|
1056
|
+
#
|
1057
|
+
# @overload get_policy_template(params = {})
|
1058
|
+
# @param [Hash] params ({})
|
1059
|
+
def get_policy_template(params = {}, options = {})
|
1060
|
+
req = build_request(:get_policy_template, params)
|
1061
|
+
req.send_request(options)
|
1062
|
+
end
|
1063
|
+
|
1064
|
+
# Retrieve the details for the specified schema in the specified policy
|
1065
|
+
# store.
|
1066
|
+
#
|
1067
|
+
# @option params [required, String] :policy_store_id
|
1068
|
+
# Specifies the ID of the policy store that contains the schema.
|
1069
|
+
#
|
1070
|
+
# @return [Types::GetSchemaOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
1071
|
+
#
|
1072
|
+
# * {Types::GetSchemaOutput#policy_store_id #policy_store_id} => String
|
1073
|
+
# * {Types::GetSchemaOutput#schema #schema} => String
|
1074
|
+
# * {Types::GetSchemaOutput#created_date #created_date} => Time
|
1075
|
+
# * {Types::GetSchemaOutput#last_updated_date #last_updated_date} => Time
|
1076
|
+
#
|
1077
|
+
# @example Request syntax with placeholder values
|
1078
|
+
#
|
1079
|
+
# resp = client.get_schema({
|
1080
|
+
# policy_store_id: "PolicyStoreId", # required
|
1081
|
+
# })
|
1082
|
+
#
|
1083
|
+
# @example Response structure
|
1084
|
+
#
|
1085
|
+
# resp.policy_store_id #=> String
|
1086
|
+
# resp.schema #=> String
|
1087
|
+
# resp.created_date #=> Time
|
1088
|
+
# resp.last_updated_date #=> Time
|
1089
|
+
#
|
1090
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/GetSchema AWS API Documentation
|
1091
|
+
#
|
1092
|
+
# @overload get_schema(params = {})
|
1093
|
+
# @param [Hash] params ({})
|
1094
|
+
def get_schema(params = {}, options = {})
|
1095
|
+
req = build_request(:get_schema, params)
|
1096
|
+
req.send_request(options)
|
1097
|
+
end
|
1098
|
+
|
1099
|
+
# Makes an authorization decision about a service request described in
|
1100
|
+
# the parameters. The information in the parameters can also define
|
1101
|
+
# additional context that Verified Permissions can include in the
|
1102
|
+
# evaluation. The request is evaluated against all matching policies in
|
1103
|
+
# the specified policy store. The result of the decision is either
|
1104
|
+
# `Allow` or `Deny`, along with a list of the policies that resulted in
|
1105
|
+
# the decision.
|
1106
|
+
#
|
1107
|
+
# @option params [required, String] :policy_store_id
|
1108
|
+
# Specifies the ID of the policy store. Policies in this policy store
|
1109
|
+
# will be used to make an authorization decision for the input.
|
1110
|
+
#
|
1111
|
+
# @option params [Types::EntityIdentifier] :principal
|
1112
|
+
# Specifies the principal for which the authorization decision is to be
|
1113
|
+
# made.
|
1114
|
+
#
|
1115
|
+
# @option params [Types::ActionIdentifier] :action
|
1116
|
+
# Specifies the requested action to be authorized. For example, is the
|
1117
|
+
# principal authorized to perform this action on the resource?
|
1118
|
+
#
|
1119
|
+
# @option params [Types::EntityIdentifier] :resource
|
1120
|
+
# Specifies the resource for which the authorization decision is to be
|
1121
|
+
# made.
|
1122
|
+
#
|
1123
|
+
# @option params [Types::ContextDefinition] :context
|
1124
|
+
# Specifies additional context that can be used to make more granular
|
1125
|
+
# authorization decisions.
|
1126
|
+
#
|
1127
|
+
# @option params [Types::EntitiesDefinition] :entities
|
1128
|
+
# Specifies the list of entities and their associated attributes that
|
1129
|
+
# Verified Permissions can examine when evaluating the policies.
|
1130
|
+
#
|
1131
|
+
# @return [Types::IsAuthorizedOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
1132
|
+
#
|
1133
|
+
# * {Types::IsAuthorizedOutput#decision #decision} => String
|
1134
|
+
# * {Types::IsAuthorizedOutput#determining_policies #determining_policies} => Array<Types::DeterminingPolicyItem>
|
1135
|
+
# * {Types::IsAuthorizedOutput#errors #errors} => Array<Types::EvaluationErrorItem>
|
1136
|
+
#
|
1137
|
+
# @example Request syntax with placeholder values
|
1138
|
+
#
|
1139
|
+
# resp = client.is_authorized({
|
1140
|
+
# policy_store_id: "PolicyStoreId", # required
|
1141
|
+
# principal: {
|
1142
|
+
# entity_type: "EntityType", # required
|
1143
|
+
# entity_id: "EntityId", # required
|
1144
|
+
# },
|
1145
|
+
# action: {
|
1146
|
+
# action_type: "ActionType", # required
|
1147
|
+
# action_id: "ActionId", # required
|
1148
|
+
# },
|
1149
|
+
# resource: {
|
1150
|
+
# entity_type: "EntityType", # required
|
1151
|
+
# entity_id: "EntityId", # required
|
1152
|
+
# },
|
1153
|
+
# context: {
|
1154
|
+
# context_map: {
|
1155
|
+
# "String" => "value", # value <Hash,Array,String,Numeric,Boolean,IO,Set,nil>
|
1156
|
+
# },
|
1157
|
+
# },
|
1158
|
+
# entities: {
|
1159
|
+
# entity_list: [
|
1160
|
+
# {
|
1161
|
+
# identifier: { # required
|
1162
|
+
# entity_type: "EntityType", # required
|
1163
|
+
# entity_id: "EntityId", # required
|
1164
|
+
# },
|
1165
|
+
# attributes: {
|
1166
|
+
# "String" => "value", # value <Hash,Array,String,Numeric,Boolean,IO,Set,nil>
|
1167
|
+
# },
|
1168
|
+
# parents: [
|
1169
|
+
# {
|
1170
|
+
# entity_type: "EntityType", # required
|
1171
|
+
# entity_id: "EntityId", # required
|
1172
|
+
# },
|
1173
|
+
# ],
|
1174
|
+
# },
|
1175
|
+
# ],
|
1176
|
+
# },
|
1177
|
+
# })
|
1178
|
+
#
|
1179
|
+
# @example Response structure
|
1180
|
+
#
|
1181
|
+
# resp.decision #=> String, one of "ALLOW", "DENY"
|
1182
|
+
# resp.determining_policies #=> Array
|
1183
|
+
# resp.determining_policies[0].policy_id #=> String
|
1184
|
+
# resp.errors #=> Array
|
1185
|
+
# resp.errors[0].error_description #=> String
|
1186
|
+
#
|
1187
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/IsAuthorized AWS API Documentation
|
1188
|
+
#
|
1189
|
+
# @overload is_authorized(params = {})
|
1190
|
+
# @param [Hash] params ({})
|
1191
|
+
def is_authorized(params = {}, options = {})
|
1192
|
+
req = build_request(:is_authorized, params)
|
1193
|
+
req.send_request(options)
|
1194
|
+
end
|
1195
|
+
|
1196
|
+
# Makes an authorization decision about a service request described in
|
1197
|
+
# the parameters. The principal in this request comes from an external
|
1198
|
+
# identity source. The information in the parameters can also define
|
1199
|
+
# additional context that Verified Permissions can include in the
|
1200
|
+
# evaluation. The request is evaluated against all matching policies in
|
1201
|
+
# the specified policy store. The result of the decision is either
|
1202
|
+
# `Allow` or `Deny`, along with a list of the policies that resulted in
|
1203
|
+
# the decision.
|
1204
|
+
#
|
1205
|
+
# If you delete a Amazon Cognito user pool or user, tokens from that
|
1206
|
+
# deleted pool or that deleted user continue to be usable until they
|
1207
|
+
# expire.
|
1208
|
+
#
|
1209
|
+
# @option params [required, String] :policy_store_id
|
1210
|
+
# Specifies the ID of the policy store. Policies in this policy store
|
1211
|
+
# will be used to make an authorization decision for the input.
|
1212
|
+
#
|
1213
|
+
# @option params [String] :identity_token
|
1214
|
+
# Specifies an identity token for the principal to be authorized. This
|
1215
|
+
# token is provided to you by the identity provider (IdP) associated
|
1216
|
+
# with the specified identity source. You must specify either an
|
1217
|
+
# `AccessToken` or an `IdentityToken`, but not both.
|
1218
|
+
#
|
1219
|
+
# @option params [String] :access_token
|
1220
|
+
# Specifies an access token for the principal to be authorized. This
|
1221
|
+
# token is provided to you by the identity provider (IdP) associated
|
1222
|
+
# with the specified identity source. You must specify either an
|
1223
|
+
# `AccessToken` or an `IdentityToken`, but not both.
|
1224
|
+
#
|
1225
|
+
# @option params [Types::ActionIdentifier] :action
|
1226
|
+
# Specifies the requested action to be authorized. Is the specified
|
1227
|
+
# principal authorized to perform this action on the specified resource.
|
1228
|
+
#
|
1229
|
+
# @option params [Types::EntityIdentifier] :resource
|
1230
|
+
# Specifies the resource for which the authorization decision is made.
|
1231
|
+
# For example, is the principal allowed to perform the action on the
|
1232
|
+
# resource?
|
1233
|
+
#
|
1234
|
+
# @option params [Types::ContextDefinition] :context
|
1235
|
+
# Specifies additional context that can be used to make more granular
|
1236
|
+
# authorization decisions.
|
1237
|
+
#
|
1238
|
+
# @option params [Types::EntitiesDefinition] :entities
|
1239
|
+
# Specifies the list of entities and their associated attributes that
|
1240
|
+
# Verified Permissions can examine when evaluating the policies.
|
1241
|
+
#
|
1242
|
+
# @return [Types::IsAuthorizedWithTokenOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
1243
|
+
#
|
1244
|
+
# * {Types::IsAuthorizedWithTokenOutput#decision #decision} => String
|
1245
|
+
# * {Types::IsAuthorizedWithTokenOutput#determining_policies #determining_policies} => Array<Types::DeterminingPolicyItem>
|
1246
|
+
# * {Types::IsAuthorizedWithTokenOutput#errors #errors} => Array<Types::EvaluationErrorItem>
|
1247
|
+
#
|
1248
|
+
# @example Request syntax with placeholder values
|
1249
|
+
#
|
1250
|
+
# resp = client.is_authorized_with_token({
|
1251
|
+
# policy_store_id: "PolicyStoreId", # required
|
1252
|
+
# identity_token: "Token",
|
1253
|
+
# access_token: "Token",
|
1254
|
+
# action: {
|
1255
|
+
# action_type: "ActionType", # required
|
1256
|
+
# action_id: "ActionId", # required
|
1257
|
+
# },
|
1258
|
+
# resource: {
|
1259
|
+
# entity_type: "EntityType", # required
|
1260
|
+
# entity_id: "EntityId", # required
|
1261
|
+
# },
|
1262
|
+
# context: {
|
1263
|
+
# context_map: {
|
1264
|
+
# "String" => "value", # value <Hash,Array,String,Numeric,Boolean,IO,Set,nil>
|
1265
|
+
# },
|
1266
|
+
# },
|
1267
|
+
# entities: {
|
1268
|
+
# entity_list: [
|
1269
|
+
# {
|
1270
|
+
# identifier: { # required
|
1271
|
+
# entity_type: "EntityType", # required
|
1272
|
+
# entity_id: "EntityId", # required
|
1273
|
+
# },
|
1274
|
+
# attributes: {
|
1275
|
+
# "String" => "value", # value <Hash,Array,String,Numeric,Boolean,IO,Set,nil>
|
1276
|
+
# },
|
1277
|
+
# parents: [
|
1278
|
+
# {
|
1279
|
+
# entity_type: "EntityType", # required
|
1280
|
+
# entity_id: "EntityId", # required
|
1281
|
+
# },
|
1282
|
+
# ],
|
1283
|
+
# },
|
1284
|
+
# ],
|
1285
|
+
# },
|
1286
|
+
# })
|
1287
|
+
#
|
1288
|
+
# @example Response structure
|
1289
|
+
#
|
1290
|
+
# resp.decision #=> String, one of "ALLOW", "DENY"
|
1291
|
+
# resp.determining_policies #=> Array
|
1292
|
+
# resp.determining_policies[0].policy_id #=> String
|
1293
|
+
# resp.errors #=> Array
|
1294
|
+
# resp.errors[0].error_description #=> String
|
1295
|
+
#
|
1296
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/IsAuthorizedWithToken AWS API Documentation
|
1297
|
+
#
|
1298
|
+
# @overload is_authorized_with_token(params = {})
|
1299
|
+
# @param [Hash] params ({})
|
1300
|
+
def is_authorized_with_token(params = {}, options = {})
|
1301
|
+
req = build_request(:is_authorized_with_token, params)
|
1302
|
+
req.send_request(options)
|
1303
|
+
end
|
1304
|
+
|
1305
|
+
# Returns a paginated list of all of the identity sources defined in the
|
1306
|
+
# specified policy store.
|
1307
|
+
#
|
1308
|
+
# @option params [required, String] :policy_store_id
|
1309
|
+
# Specifies the ID of the policy store that contains the identity
|
1310
|
+
# sources that you want to list.
|
1311
|
+
#
|
1312
|
+
# @option params [String] :next_token
|
1313
|
+
# Specifies that you want to receive the next page of results. Valid
|
1314
|
+
# only if you received a `NextToken` response in the previous request.
|
1315
|
+
# If you did, it indicates that more output is available. Set this
|
1316
|
+
# parameter to the value provided by the previous call's `NextToken`
|
1317
|
+
# response to request the next page of results.
|
1318
|
+
#
|
1319
|
+
# @option params [Integer] :max_results
|
1320
|
+
# Specifies the total number of results that you want included on each
|
1321
|
+
# page of the response. If you do not include this parameter, it
|
1322
|
+
# defaults to a value that is specific to the operation. If additional
|
1323
|
+
# items exist beyond the number you specify, the `NextToken` response
|
1324
|
+
# element is returned with a value (not null). Include the specified
|
1325
|
+
# value as the `NextToken` request parameter in the next call to the
|
1326
|
+
# operation to get the next part of the results. Note that the service
|
1327
|
+
# might return fewer results than the maximum even when there are more
|
1328
|
+
# results available. You should check `NextToken` after every operation
|
1329
|
+
# to ensure that you receive all of the results.
|
1330
|
+
#
|
1331
|
+
# @option params [Array<Types::IdentitySourceFilter>] :filters
|
1332
|
+
# Specifies characteristics of an identity source that you can use to
|
1333
|
+
# limit the output to matching identity sources.
|
1334
|
+
#
|
1335
|
+
# @return [Types::ListIdentitySourcesOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
1336
|
+
#
|
1337
|
+
# * {Types::ListIdentitySourcesOutput#next_token #next_token} => String
|
1338
|
+
# * {Types::ListIdentitySourcesOutput#identity_sources #identity_sources} => Array<Types::IdentitySourceItem>
|
1339
|
+
#
|
1340
|
+
# The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
|
1341
|
+
#
|
1342
|
+
# @example Request syntax with placeholder values
|
1343
|
+
#
|
1344
|
+
# resp = client.list_identity_sources({
|
1345
|
+
# policy_store_id: "PolicyStoreId", # required
|
1346
|
+
# next_token: "NextToken",
|
1347
|
+
# max_results: 1,
|
1348
|
+
# filters: [
|
1349
|
+
# {
|
1350
|
+
# principal_entity_type: "PrincipalEntityType",
|
1351
|
+
# },
|
1352
|
+
# ],
|
1353
|
+
# })
|
1354
|
+
#
|
1355
|
+
# @example Response structure
|
1356
|
+
#
|
1357
|
+
# resp.next_token #=> String
|
1358
|
+
# resp.identity_sources #=> Array
|
1359
|
+
# resp.identity_sources[0].created_date #=> Time
|
1360
|
+
# resp.identity_sources[0].details.client_ids #=> Array
|
1361
|
+
# resp.identity_sources[0].details.client_ids[0] #=> String
|
1362
|
+
# resp.identity_sources[0].details.user_pool_arn #=> String
|
1363
|
+
# resp.identity_sources[0].details.discovery_url #=> String
|
1364
|
+
# resp.identity_sources[0].details.open_id_issuer #=> String, one of "COGNITO"
|
1365
|
+
# resp.identity_sources[0].identity_source_id #=> String
|
1366
|
+
# resp.identity_sources[0].last_updated_date #=> Time
|
1367
|
+
# resp.identity_sources[0].policy_store_id #=> String
|
1368
|
+
# resp.identity_sources[0].principal_entity_type #=> String
|
1369
|
+
#
|
1370
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/ListIdentitySources AWS API Documentation
|
1371
|
+
#
|
1372
|
+
# @overload list_identity_sources(params = {})
|
1373
|
+
# @param [Hash] params ({})
|
1374
|
+
def list_identity_sources(params = {}, options = {})
|
1375
|
+
req = build_request(:list_identity_sources, params)
|
1376
|
+
req.send_request(options)
|
1377
|
+
end
|
1378
|
+
|
1379
|
+
# Returns a paginated list of all policies stored in the specified
|
1380
|
+
# policy store.
|
1381
|
+
#
|
1382
|
+
# @option params [required, String] :policy_store_id
|
1383
|
+
# Specifies the ID of the policy store you want to list policies from.
|
1384
|
+
#
|
1385
|
+
# @option params [String] :next_token
|
1386
|
+
# Specifies that you want to receive the next page of results. Valid
|
1387
|
+
# only if you received a `NextToken` response in the previous request.
|
1388
|
+
# If you did, it indicates that more output is available. Set this
|
1389
|
+
# parameter to the value provided by the previous call's `NextToken`
|
1390
|
+
# response to request the next page of results.
|
1391
|
+
#
|
1392
|
+
# @option params [Integer] :max_results
|
1393
|
+
# Specifies the total number of results that you want included on each
|
1394
|
+
# page of the response. If you do not include this parameter, it
|
1395
|
+
# defaults to a value that is specific to the operation. If additional
|
1396
|
+
# items exist beyond the number you specify, the `NextToken` response
|
1397
|
+
# element is returned with a value (not null). Include the specified
|
1398
|
+
# value as the `NextToken` request parameter in the next call to the
|
1399
|
+
# operation to get the next part of the results. Note that the service
|
1400
|
+
# might return fewer results than the maximum even when there are more
|
1401
|
+
# results available. You should check `NextToken` after every operation
|
1402
|
+
# to ensure that you receive all of the results.
|
1403
|
+
#
|
1404
|
+
# @option params [Types::PolicyFilter] :filter
|
1405
|
+
# Specifies a filter that limits the response to only policies that
|
1406
|
+
# match the specified criteria. For example, you list only the policies
|
1407
|
+
# that reference a specified principal.
|
1408
|
+
#
|
1409
|
+
# @return [Types::ListPoliciesOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
1410
|
+
#
|
1411
|
+
# * {Types::ListPoliciesOutput#next_token #next_token} => String
|
1412
|
+
# * {Types::ListPoliciesOutput#policies #policies} => Array<Types::PolicyItem>
|
1413
|
+
#
|
1414
|
+
# The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
|
1415
|
+
#
|
1416
|
+
# @example Request syntax with placeholder values
|
1417
|
+
#
|
1418
|
+
# resp = client.list_policies({
|
1419
|
+
# policy_store_id: "PolicyStoreId", # required
|
1420
|
+
# next_token: "NextToken",
|
1421
|
+
# max_results: 1,
|
1422
|
+
# filter: {
|
1423
|
+
# principal: {
|
1424
|
+
# unspecified: false,
|
1425
|
+
# identifier: {
|
1426
|
+
# entity_type: "EntityType", # required
|
1427
|
+
# entity_id: "EntityId", # required
|
1428
|
+
# },
|
1429
|
+
# },
|
1430
|
+
# resource: {
|
1431
|
+
# unspecified: false,
|
1432
|
+
# identifier: {
|
1433
|
+
# entity_type: "EntityType", # required
|
1434
|
+
# entity_id: "EntityId", # required
|
1435
|
+
# },
|
1436
|
+
# },
|
1437
|
+
# policy_type: "STATIC", # accepts STATIC, TEMPLATE_LINKED
|
1438
|
+
# policy_template_id: "PolicyTemplateId",
|
1439
|
+
# },
|
1440
|
+
# })
|
1441
|
+
#
|
1442
|
+
# @example Response structure
|
1443
|
+
#
|
1444
|
+
# resp.next_token #=> String
|
1445
|
+
# resp.policies #=> Array
|
1446
|
+
# resp.policies[0].policy_store_id #=> String
|
1447
|
+
# resp.policies[0].policy_id #=> String
|
1448
|
+
# resp.policies[0].policy_type #=> String, one of "STATIC", "TEMPLATE_LINKED"
|
1449
|
+
# resp.policies[0].principal.entity_type #=> String
|
1450
|
+
# resp.policies[0].principal.entity_id #=> String
|
1451
|
+
# resp.policies[0].resource.entity_type #=> String
|
1452
|
+
# resp.policies[0].resource.entity_id #=> String
|
1453
|
+
# resp.policies[0].definition.static.description #=> String
|
1454
|
+
# resp.policies[0].definition.template_linked.policy_template_id #=> String
|
1455
|
+
# resp.policies[0].definition.template_linked.principal.entity_type #=> String
|
1456
|
+
# resp.policies[0].definition.template_linked.principal.entity_id #=> String
|
1457
|
+
# resp.policies[0].definition.template_linked.resource.entity_type #=> String
|
1458
|
+
# resp.policies[0].definition.template_linked.resource.entity_id #=> String
|
1459
|
+
# resp.policies[0].created_date #=> Time
|
1460
|
+
# resp.policies[0].last_updated_date #=> Time
|
1461
|
+
#
|
1462
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/ListPolicies AWS API Documentation
|
1463
|
+
#
|
1464
|
+
# @overload list_policies(params = {})
|
1465
|
+
# @param [Hash] params ({})
|
1466
|
+
def list_policies(params = {}, options = {})
|
1467
|
+
req = build_request(:list_policies, params)
|
1468
|
+
req.send_request(options)
|
1469
|
+
end
|
1470
|
+
|
1471
|
+
# Returns a paginated list of all policy stores in the calling Amazon
|
1472
|
+
# Web Services account.
|
1473
|
+
#
|
1474
|
+
# @option params [String] :next_token
|
1475
|
+
# Specifies that you want to receive the next page of results. Valid
|
1476
|
+
# only if you received a `NextToken` response in the previous request.
|
1477
|
+
# If you did, it indicates that more output is available. Set this
|
1478
|
+
# parameter to the value provided by the previous call's `NextToken`
|
1479
|
+
# response to request the next page of results.
|
1480
|
+
#
|
1481
|
+
# @option params [Integer] :max_results
|
1482
|
+
# Specifies the total number of results that you want included on each
|
1483
|
+
# page of the response. If you do not include this parameter, it
|
1484
|
+
# defaults to a value that is specific to the operation. If additional
|
1485
|
+
# items exist beyond the number you specify, the `NextToken` response
|
1486
|
+
# element is returned with a value (not null). Include the specified
|
1487
|
+
# value as the `NextToken` request parameter in the next call to the
|
1488
|
+
# operation to get the next part of the results. Note that the service
|
1489
|
+
# might return fewer results than the maximum even when there are more
|
1490
|
+
# results available. You should check `NextToken` after every operation
|
1491
|
+
# to ensure that you receive all of the results.
|
1492
|
+
#
|
1493
|
+
# @return [Types::ListPolicyStoresOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
1494
|
+
#
|
1495
|
+
# * {Types::ListPolicyStoresOutput#next_token #next_token} => String
|
1496
|
+
# * {Types::ListPolicyStoresOutput#policy_stores #policy_stores} => Array<Types::PolicyStoreItem>
|
1497
|
+
#
|
1498
|
+
# The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
|
1499
|
+
#
|
1500
|
+
# @example Request syntax with placeholder values
|
1501
|
+
#
|
1502
|
+
# resp = client.list_policy_stores({
|
1503
|
+
# next_token: "NextToken",
|
1504
|
+
# max_results: 1,
|
1505
|
+
# })
|
1506
|
+
#
|
1507
|
+
# @example Response structure
|
1508
|
+
#
|
1509
|
+
# resp.next_token #=> String
|
1510
|
+
# resp.policy_stores #=> Array
|
1511
|
+
# resp.policy_stores[0].policy_store_id #=> String
|
1512
|
+
# resp.policy_stores[0].arn #=> String
|
1513
|
+
# resp.policy_stores[0].created_date #=> Time
|
1514
|
+
#
|
1515
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/ListPolicyStores AWS API Documentation
|
1516
|
+
#
|
1517
|
+
# @overload list_policy_stores(params = {})
|
1518
|
+
# @param [Hash] params ({})
|
1519
|
+
def list_policy_stores(params = {}, options = {})
|
1520
|
+
req = build_request(:list_policy_stores, params)
|
1521
|
+
req.send_request(options)
|
1522
|
+
end
|
1523
|
+
|
1524
|
+
# Returns a paginated list of all policy templates in the specified
|
1525
|
+
# policy store.
|
1526
|
+
#
|
1527
|
+
# @option params [required, String] :policy_store_id
|
1528
|
+
# Specifies the ID of the policy store that contains the policy
|
1529
|
+
# templates you want to list.
|
1530
|
+
#
|
1531
|
+
# @option params [String] :next_token
|
1532
|
+
# Specifies that you want to receive the next page of results. Valid
|
1533
|
+
# only if you received a `NextToken` response in the previous request.
|
1534
|
+
# If you did, it indicates that more output is available. Set this
|
1535
|
+
# parameter to the value provided by the previous call's `NextToken`
|
1536
|
+
# response to request the next page of results.
|
1537
|
+
#
|
1538
|
+
# @option params [Integer] :max_results
|
1539
|
+
# Specifies the total number of results that you want included on each
|
1540
|
+
# page of the response. If you do not include this parameter, it
|
1541
|
+
# defaults to a value that is specific to the operation. If additional
|
1542
|
+
# items exist beyond the number you specify, the `NextToken` response
|
1543
|
+
# element is returned with a value (not null). Include the specified
|
1544
|
+
# value as the `NextToken` request parameter in the next call to the
|
1545
|
+
# operation to get the next part of the results. Note that the service
|
1546
|
+
# might return fewer results than the maximum even when there are more
|
1547
|
+
# results available. You should check `NextToken` after every operation
|
1548
|
+
# to ensure that you receive all of the results.
|
1549
|
+
#
|
1550
|
+
# @return [Types::ListPolicyTemplatesOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
1551
|
+
#
|
1552
|
+
# * {Types::ListPolicyTemplatesOutput#next_token #next_token} => String
|
1553
|
+
# * {Types::ListPolicyTemplatesOutput#policy_templates #policy_templates} => Array<Types::PolicyTemplateItem>
|
1554
|
+
#
|
1555
|
+
# The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
|
1556
|
+
#
|
1557
|
+
# @example Request syntax with placeholder values
|
1558
|
+
#
|
1559
|
+
# resp = client.list_policy_templates({
|
1560
|
+
# policy_store_id: "PolicyStoreId", # required
|
1561
|
+
# next_token: "NextToken",
|
1562
|
+
# max_results: 1,
|
1563
|
+
# })
|
1564
|
+
#
|
1565
|
+
# @example Response structure
|
1566
|
+
#
|
1567
|
+
# resp.next_token #=> String
|
1568
|
+
# resp.policy_templates #=> Array
|
1569
|
+
# resp.policy_templates[0].policy_store_id #=> String
|
1570
|
+
# resp.policy_templates[0].policy_template_id #=> String
|
1571
|
+
# resp.policy_templates[0].description #=> String
|
1572
|
+
# resp.policy_templates[0].created_date #=> Time
|
1573
|
+
# resp.policy_templates[0].last_updated_date #=> Time
|
1574
|
+
#
|
1575
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/ListPolicyTemplates AWS API Documentation
|
1576
|
+
#
|
1577
|
+
# @overload list_policy_templates(params = {})
|
1578
|
+
# @param [Hash] params ({})
|
1579
|
+
def list_policy_templates(params = {}, options = {})
|
1580
|
+
req = build_request(:list_policy_templates, params)
|
1581
|
+
req.send_request(options)
|
1582
|
+
end
|
1583
|
+
|
1584
|
+
# Creates or updates the policy schema in the specified policy store.
|
1585
|
+
# The schema is used to validate any Cedar policies and policy templates
|
1586
|
+
# submitted to the policy store. Any changes to the schema validate only
|
1587
|
+
# policies and templates submitted after the schema change. Existing
|
1588
|
+
# policies and templates are not re-evaluated against the changed
|
1589
|
+
# schema. If you later update a policy, then it is evaluated against the
|
1590
|
+
# new schema at that time.
|
1591
|
+
#
|
1592
|
+
# @option params [required, String] :policy_store_id
|
1593
|
+
# Specifies the ID of the policy store in which to place the schema.
|
1594
|
+
#
|
1595
|
+
# @option params [required, Types::SchemaDefinition] :definition
|
1596
|
+
# Specifies the definition of the schema to be stored. The schema
|
1597
|
+
# definition must be written in Cedar schema JSON.
|
1598
|
+
#
|
1599
|
+
# @return [Types::PutSchemaOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
1600
|
+
#
|
1601
|
+
# * {Types::PutSchemaOutput#policy_store_id #policy_store_id} => String
|
1602
|
+
# * {Types::PutSchemaOutput#namespaces #namespaces} => Array<String>
|
1603
|
+
# * {Types::PutSchemaOutput#created_date #created_date} => Time
|
1604
|
+
# * {Types::PutSchemaOutput#last_updated_date #last_updated_date} => Time
|
1605
|
+
#
|
1606
|
+
# @example Request syntax with placeholder values
|
1607
|
+
#
|
1608
|
+
# resp = client.put_schema({
|
1609
|
+
# policy_store_id: "PolicyStoreId", # required
|
1610
|
+
# definition: { # required
|
1611
|
+
# cedar_json: "SchemaJson",
|
1612
|
+
# },
|
1613
|
+
# })
|
1614
|
+
#
|
1615
|
+
# @example Response structure
|
1616
|
+
#
|
1617
|
+
# resp.policy_store_id #=> String
|
1618
|
+
# resp.namespaces #=> Array
|
1619
|
+
# resp.namespaces[0] #=> String
|
1620
|
+
# resp.created_date #=> Time
|
1621
|
+
# resp.last_updated_date #=> Time
|
1622
|
+
#
|
1623
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/PutSchema AWS API Documentation
|
1624
|
+
#
|
1625
|
+
# @overload put_schema(params = {})
|
1626
|
+
# @param [Hash] params ({})
|
1627
|
+
def put_schema(params = {}, options = {})
|
1628
|
+
req = build_request(:put_schema, params)
|
1629
|
+
req.send_request(options)
|
1630
|
+
end
|
1631
|
+
|
1632
|
+
# Updates the specified identity source to use a new identity provider
|
1633
|
+
# (IdP) source, or to change the mapping of identities from the IdP to a
|
1634
|
+
# different principal entity type.
|
1635
|
+
#
|
1636
|
+
# @option params [required, String] :policy_store_id
|
1637
|
+
# Specifies the ID of the policy store that contains the identity source
|
1638
|
+
# that you want to update.
|
1639
|
+
#
|
1640
|
+
# @option params [required, String] :identity_source_id
|
1641
|
+
# Specifies the ID of the identity source that you want to update.
|
1642
|
+
#
|
1643
|
+
# @option params [required, Types::UpdateConfiguration] :update_configuration
|
1644
|
+
# Specifies the details required to communicate with the identity
|
1645
|
+
# provider (IdP) associated with this identity source.
|
1646
|
+
#
|
1647
|
+
# <note markdown="1"> At this time, the only valid member of this structure is a Amazon
|
1648
|
+
# Cognito user pool configuration.
|
1649
|
+
#
|
1650
|
+
# You must specify a `userPoolArn`, and optionally, a `ClientId`.
|
1651
|
+
#
|
1652
|
+
# </note>
|
1653
|
+
#
|
1654
|
+
# @option params [String] :principal_entity_type
|
1655
|
+
# Specifies the data type of principals generated for identities
|
1656
|
+
# authenticated by the identity source.
|
1657
|
+
#
|
1658
|
+
# @return [Types::UpdateIdentitySourceOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
1659
|
+
#
|
1660
|
+
# * {Types::UpdateIdentitySourceOutput#created_date #created_date} => Time
|
1661
|
+
# * {Types::UpdateIdentitySourceOutput#identity_source_id #identity_source_id} => String
|
1662
|
+
# * {Types::UpdateIdentitySourceOutput#last_updated_date #last_updated_date} => Time
|
1663
|
+
# * {Types::UpdateIdentitySourceOutput#policy_store_id #policy_store_id} => String
|
1664
|
+
#
|
1665
|
+
# @example Request syntax with placeholder values
|
1666
|
+
#
|
1667
|
+
# resp = client.update_identity_source({
|
1668
|
+
# policy_store_id: "PolicyStoreId", # required
|
1669
|
+
# identity_source_id: "IdentitySourceId", # required
|
1670
|
+
# update_configuration: { # required
|
1671
|
+
# cognito_user_pool_configuration: {
|
1672
|
+
# user_pool_arn: "UserPoolArn", # required
|
1673
|
+
# client_ids: ["ClientId"],
|
1674
|
+
# },
|
1675
|
+
# },
|
1676
|
+
# principal_entity_type: "PrincipalEntityType",
|
1677
|
+
# })
|
1678
|
+
#
|
1679
|
+
# @example Response structure
|
1680
|
+
#
|
1681
|
+
# resp.created_date #=> Time
|
1682
|
+
# resp.identity_source_id #=> String
|
1683
|
+
# resp.last_updated_date #=> Time
|
1684
|
+
# resp.policy_store_id #=> String
|
1685
|
+
#
|
1686
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/UpdateIdentitySource AWS API Documentation
|
1687
|
+
#
|
1688
|
+
# @overload update_identity_source(params = {})
|
1689
|
+
# @param [Hash] params ({})
|
1690
|
+
def update_identity_source(params = {}, options = {})
|
1691
|
+
req = build_request(:update_identity_source, params)
|
1692
|
+
req.send_request(options)
|
1693
|
+
end
|
1694
|
+
|
1695
|
+
# Modifies a Cedar static policy in the specified policy store. You can
|
1696
|
+
# change only certain elements of the [UpdatePolicyDefinition][1]
|
1697
|
+
# parameter. You can directly update only static policies. To change a
|
1698
|
+
# template-linked policy, you must update the template instead, using
|
1699
|
+
# [UpdatePolicyTemplate][2].
|
1700
|
+
#
|
1701
|
+
# <note markdown="1"> If policy validation is enabled in the policy store, then updating a
|
1702
|
+
# static policy causes Verified Permissions to validate the policy
|
1703
|
+
# against the schema in the policy store. If the updated static policy
|
1704
|
+
# doesn't pass validation, the operation fails and the update isn't
|
1705
|
+
# stored.
|
1706
|
+
#
|
1707
|
+
# </note>
|
1708
|
+
#
|
1709
|
+
#
|
1710
|
+
#
|
1711
|
+
# [1]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_UpdatePolicyInput.html#amazonverifiedpermissions-UpdatePolicy-request-UpdatePolicyDefinition
|
1712
|
+
# [2]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_UpdatePolicyTemplate.html
|
1713
|
+
#
|
1714
|
+
# @option params [required, String] :policy_store_id
|
1715
|
+
# Specifies the ID of the policy store that contains the policy that you
|
1716
|
+
# want to update.
|
1717
|
+
#
|
1718
|
+
# @option params [required, String] :policy_id
|
1719
|
+
# Specifies the ID of the policy that you want to update. To find this
|
1720
|
+
# value, you can use [ListPolicies][1].
|
1721
|
+
#
|
1722
|
+
#
|
1723
|
+
#
|
1724
|
+
# [1]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_ListPolicies.html
|
1725
|
+
#
|
1726
|
+
# @option params [required, Types::UpdatePolicyDefinition] :definition
|
1727
|
+
# Specifies the updated policy content that you want to replace on the
|
1728
|
+
# specified policy. The content must be valid Cedar policy language
|
1729
|
+
# text.
|
1730
|
+
#
|
1731
|
+
# You can change only the following elements from the policy definition:
|
1732
|
+
#
|
1733
|
+
# * The `action` referenced by the policy.
|
1734
|
+
#
|
1735
|
+
# * Any conditional clauses, such as `when` or `unless` clauses.
|
1736
|
+
#
|
1737
|
+
# You **can't** change the following elements:
|
1738
|
+
#
|
1739
|
+
# * Changing from `static` to `templateLinked`.
|
1740
|
+
#
|
1741
|
+
# * Changing the effect of the policy from `permit` or `forbid`.
|
1742
|
+
#
|
1743
|
+
# * The `principal` referenced by the policy.
|
1744
|
+
#
|
1745
|
+
# * The `resource` referenced by the policy.
|
1746
|
+
#
|
1747
|
+
# @return [Types::UpdatePolicyOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
1748
|
+
#
|
1749
|
+
# * {Types::UpdatePolicyOutput#policy_store_id #policy_store_id} => String
|
1750
|
+
# * {Types::UpdatePolicyOutput#policy_id #policy_id} => String
|
1751
|
+
# * {Types::UpdatePolicyOutput#policy_type #policy_type} => String
|
1752
|
+
# * {Types::UpdatePolicyOutput#principal #principal} => Types::EntityIdentifier
|
1753
|
+
# * {Types::UpdatePolicyOutput#resource #resource} => Types::EntityIdentifier
|
1754
|
+
# * {Types::UpdatePolicyOutput#created_date #created_date} => Time
|
1755
|
+
# * {Types::UpdatePolicyOutput#last_updated_date #last_updated_date} => Time
|
1756
|
+
#
|
1757
|
+
# @example Request syntax with placeholder values
|
1758
|
+
#
|
1759
|
+
# resp = client.update_policy({
|
1760
|
+
# policy_store_id: "PolicyStoreId", # required
|
1761
|
+
# policy_id: "PolicyId", # required
|
1762
|
+
# definition: { # required
|
1763
|
+
# static: {
|
1764
|
+
# description: "StaticPolicyDescription",
|
1765
|
+
# statement: "PolicyStatement", # required
|
1766
|
+
# },
|
1767
|
+
# },
|
1768
|
+
# })
|
1769
|
+
#
|
1770
|
+
# @example Response structure
|
1771
|
+
#
|
1772
|
+
# resp.policy_store_id #=> String
|
1773
|
+
# resp.policy_id #=> String
|
1774
|
+
# resp.policy_type #=> String, one of "STATIC", "TEMPLATE_LINKED"
|
1775
|
+
# resp.principal.entity_type #=> String
|
1776
|
+
# resp.principal.entity_id #=> String
|
1777
|
+
# resp.resource.entity_type #=> String
|
1778
|
+
# resp.resource.entity_id #=> String
|
1779
|
+
# resp.created_date #=> Time
|
1780
|
+
# resp.last_updated_date #=> Time
|
1781
|
+
#
|
1782
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/UpdatePolicy AWS API Documentation
|
1783
|
+
#
|
1784
|
+
# @overload update_policy(params = {})
|
1785
|
+
# @param [Hash] params ({})
|
1786
|
+
def update_policy(params = {}, options = {})
|
1787
|
+
req = build_request(:update_policy, params)
|
1788
|
+
req.send_request(options)
|
1789
|
+
end
|
1790
|
+
|
1791
|
+
# Modifies the validation setting for a policy store.
|
1792
|
+
#
|
1793
|
+
# @option params [required, String] :policy_store_id
|
1794
|
+
# Specifies the ID of the policy store that you want to update
|
1795
|
+
#
|
1796
|
+
# @option params [required, Types::ValidationSettings] :validation_settings
|
1797
|
+
# A structure that defines the validation settings that want to enable
|
1798
|
+
# for the policy store.
|
1799
|
+
#
|
1800
|
+
# @return [Types::UpdatePolicyStoreOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
1801
|
+
#
|
1802
|
+
# * {Types::UpdatePolicyStoreOutput#policy_store_id #policy_store_id} => String
|
1803
|
+
# * {Types::UpdatePolicyStoreOutput#arn #arn} => String
|
1804
|
+
# * {Types::UpdatePolicyStoreOutput#created_date #created_date} => Time
|
1805
|
+
# * {Types::UpdatePolicyStoreOutput#last_updated_date #last_updated_date} => Time
|
1806
|
+
#
|
1807
|
+
# @example Request syntax with placeholder values
|
1808
|
+
#
|
1809
|
+
# resp = client.update_policy_store({
|
1810
|
+
# policy_store_id: "PolicyStoreId", # required
|
1811
|
+
# validation_settings: { # required
|
1812
|
+
# mode: "OFF", # required, accepts OFF, STRICT
|
1813
|
+
# },
|
1814
|
+
# })
|
1815
|
+
#
|
1816
|
+
# @example Response structure
|
1817
|
+
#
|
1818
|
+
# resp.policy_store_id #=> String
|
1819
|
+
# resp.arn #=> String
|
1820
|
+
# resp.created_date #=> Time
|
1821
|
+
# resp.last_updated_date #=> Time
|
1822
|
+
#
|
1823
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/UpdatePolicyStore AWS API Documentation
|
1824
|
+
#
|
1825
|
+
# @overload update_policy_store(params = {})
|
1826
|
+
# @param [Hash] params ({})
|
1827
|
+
def update_policy_store(params = {}, options = {})
|
1828
|
+
req = build_request(:update_policy_store, params)
|
1829
|
+
req.send_request(options)
|
1830
|
+
end
|
1831
|
+
|
1832
|
+
# Updates the specified policy template. You can update only the
|
1833
|
+
# description and the some elements of the [policyBody][1].
|
1834
|
+
#
|
1835
|
+
# Changes you make to the policy template content are immediately
|
1836
|
+
# reflected in authorization decisions that involve all template-linked
|
1837
|
+
# policies instantiated from this template.
|
1838
|
+
#
|
1839
|
+
#
|
1840
|
+
#
|
1841
|
+
# [1]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_UpdatePolicyTemplate.html#amazonverifiedpermissions-UpdatePolicyTemplate-request-policyBody
|
1842
|
+
#
|
1843
|
+
# @option params [required, String] :policy_store_id
|
1844
|
+
# Specifies the ID of the policy store that contains the policy template
|
1845
|
+
# that you want to update.
|
1846
|
+
#
|
1847
|
+
# @option params [required, String] :policy_template_id
|
1848
|
+
# Specifies the ID of the policy template that you want to update.
|
1849
|
+
#
|
1850
|
+
# @option params [String] :description
|
1851
|
+
# Specifies a new description to apply to the policy template.
|
1852
|
+
#
|
1853
|
+
# @option params [required, String] :statement
|
1854
|
+
# Specifies new statement content written in Cedar policy language to
|
1855
|
+
# replace the current body of the policy template.
|
1856
|
+
#
|
1857
|
+
# You can change only the following elements of the policy body:
|
1858
|
+
#
|
1859
|
+
# * The `action` referenced by the policy template.
|
1860
|
+
#
|
1861
|
+
# * Any conditional clauses, such as `when` or `unless` clauses.
|
1862
|
+
#
|
1863
|
+
# You **can't** change the following elements:
|
1864
|
+
#
|
1865
|
+
# * The effect (`permit` or `forbid`) of the policy template.
|
1866
|
+
#
|
1867
|
+
# * The `principal` referenced by the policy template.
|
1868
|
+
#
|
1869
|
+
# * The `resource` referenced by the policy template.
|
1870
|
+
#
|
1871
|
+
# @return [Types::UpdatePolicyTemplateOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
1872
|
+
#
|
1873
|
+
# * {Types::UpdatePolicyTemplateOutput#policy_store_id #policy_store_id} => String
|
1874
|
+
# * {Types::UpdatePolicyTemplateOutput#policy_template_id #policy_template_id} => String
|
1875
|
+
# * {Types::UpdatePolicyTemplateOutput#created_date #created_date} => Time
|
1876
|
+
# * {Types::UpdatePolicyTemplateOutput#last_updated_date #last_updated_date} => Time
|
1877
|
+
#
|
1878
|
+
# @example Request syntax with placeholder values
|
1879
|
+
#
|
1880
|
+
# resp = client.update_policy_template({
|
1881
|
+
# policy_store_id: "PolicyStoreId", # required
|
1882
|
+
# policy_template_id: "PolicyTemplateId", # required
|
1883
|
+
# description: "PolicyTemplateDescription",
|
1884
|
+
# statement: "PolicyStatement", # required
|
1885
|
+
# })
|
1886
|
+
#
|
1887
|
+
# @example Response structure
|
1888
|
+
#
|
1889
|
+
# resp.policy_store_id #=> String
|
1890
|
+
# resp.policy_template_id #=> String
|
1891
|
+
# resp.created_date #=> Time
|
1892
|
+
# resp.last_updated_date #=> Time
|
1893
|
+
#
|
1894
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/UpdatePolicyTemplate AWS API Documentation
|
1895
|
+
#
|
1896
|
+
# @overload update_policy_template(params = {})
|
1897
|
+
# @param [Hash] params ({})
|
1898
|
+
def update_policy_template(params = {}, options = {})
|
1899
|
+
req = build_request(:update_policy_template, params)
|
1900
|
+
req.send_request(options)
|
1901
|
+
end
|
1902
|
+
|
1903
|
+
# @!endgroup
|
1904
|
+
|
1905
|
+
# @param params ({})
|
1906
|
+
# @api private
|
1907
|
+
def build_request(operation_name, params = {})
|
1908
|
+
handlers = @handlers.for(operation_name)
|
1909
|
+
context = Seahorse::Client::RequestContext.new(
|
1910
|
+
operation_name: operation_name,
|
1911
|
+
operation: config.api.operation(operation_name),
|
1912
|
+
client: self,
|
1913
|
+
params: params,
|
1914
|
+
config: config)
|
1915
|
+
context[:gem_name] = 'aws-sdk-verifiedpermissions'
|
1916
|
+
context[:gem_version] = '1.0.0'
|
1917
|
+
Seahorse::Client::Request.new(handlers, context)
|
1918
|
+
end
|
1919
|
+
|
1920
|
+
# @api private
|
1921
|
+
# @deprecated
|
1922
|
+
def waiter_names
|
1923
|
+
[]
|
1924
|
+
end
|
1925
|
+
|
1926
|
+
class << self
|
1927
|
+
|
1928
|
+
# @api private
|
1929
|
+
attr_reader :identifier
|
1930
|
+
|
1931
|
+
# @api private
|
1932
|
+
def errors_module
|
1933
|
+
Errors
|
1934
|
+
end
|
1935
|
+
|
1936
|
+
end
|
1937
|
+
end
|
1938
|
+
end
|