aws-sdk-verifiedpermissions 1.10.0 → 1.12.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: f9adf56fed10cfe0d76d492cda22394d84c90eeaeabfa245cb2ade65820a768e
4
- data.tar.gz: 0edb7f147ff11cd919576fd995f279caa47644ea95dd58c2d2494981029b1ad6
3
+ metadata.gz: e4350747f7c9d5eefcd327c3dd718371ef8ff17f79c5df5579d592494e994446
4
+ data.tar.gz: 4e373448bb0bef180106961947012043e12541e799d3686066a39ee6794ec6c6
5
5
  SHA512:
6
- metadata.gz: 40de7ee70b9e47b89acc90292f00569f554ff49d1f77dc9f593315242c08131fd05cd2adac0c52d7c76b6031fad7ec9d38fad0d45f59bbfdfe0008cd34394fa3
7
- data.tar.gz: 969aa107505301760df53b082bd5909608b245940279db6dffc540b718c3ac5104165e99ad47cf89db0ae6dc132eb2fd04062bd19ffc36e66825bae1933cd193
6
+ metadata.gz: 63e0f5ce5571a99c861a8a5c018afab8573f375053979cc11c9527c727062c4302c23166f148a9d5ecc21e9bf722c732da79ee878afbdffc520a55b09b53af55
7
+ data.tar.gz: b02ea3597ba9bde71f014fe6c86a787379c37cef92e2af68f00cc690ef199cd59a371435469acd9ac6de9dd52bc4c557ff23fd56cbd23b08d77a3456e9153137
data/CHANGELOG.md CHANGED
@@ -1,6 +1,16 @@
1
1
  Unreleased Changes
2
2
  ------------------
3
3
 
4
+ 1.12.0 (2023-11-17)
5
+ ------------------
6
+
7
+ * Feature - Adding BatchIsAuthorized API which supports multiple authorization requests against a PolicyStore
8
+
9
+ 1.11.0 (2023-10-19)
10
+ ------------------
11
+
12
+ * Feature - Improving Amazon Verified Permissions Create experience
13
+
4
14
  1.10.0 (2023-09-27)
5
15
  ------------------
6
16
 
data/VERSION CHANGED
@@ -1 +1 @@
1
- 1.10.0
1
+ 1.12.0
@@ -398,6 +398,119 @@ module Aws::VerifiedPermissions
398
398
 
399
399
  # @!group API Operations
400
400
 
401
+ # Makes a series of decisions about multiple authorization requests for
402
+ # one principal or resource. Each request contains the equivalent
403
+ # content of an `IsAuthorized` request: principal, action, resource, and
404
+ # context. Either the `principal` or the `resource` parameter must be
405
+ # identical across all requests. For example, Verified Permissions
406
+ # won't evaluate a pair of requests where `bob` views `photo1` and
407
+ # `alice` views `photo2`. Authorization of `bob` to view `photo1` and
408
+ # `photo2`, or `bob` and `alice` to view `photo1`, are valid batches.
409
+ #
410
+ # The request is evaluated against all policies in the specified policy
411
+ # store that match the entities that you declare. The result of the
412
+ # decisions is a series of `Allow` or `Deny` responses, along with the
413
+ # IDs of the policies that produced each decision.
414
+ #
415
+ # The `entities` of a `BatchIsAuthorized` API request can contain up to
416
+ # 100 principals and up to 100 resources. The `requests` of a
417
+ # `BatchIsAuthorized` API request can contain up to 30 requests.
418
+ #
419
+ # @option params [required, String] :policy_store_id
420
+ # Specifies the ID of the policy store. Policies in this policy store
421
+ # will be used to make the authorization decisions for the input.
422
+ #
423
+ # @option params [Types::EntitiesDefinition] :entities
424
+ # Specifies the list of resources and principals and their associated
425
+ # attributes that Verified Permissions can examine when evaluating the
426
+ # policies.
427
+ #
428
+ # <note markdown="1"> You can include only principal and resource entities in this
429
+ # parameter; you can't include actions. You must specify actions in the
430
+ # schema.
431
+ #
432
+ # </note>
433
+ #
434
+ # @option params [required, Array<Types::BatchIsAuthorizedInputItem>] :requests
435
+ # An array of up to 30 requests that you want Verified Permissions to
436
+ # evaluate.
437
+ #
438
+ # @return [Types::BatchIsAuthorizedOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
439
+ #
440
+ # * {Types::BatchIsAuthorizedOutput#results #results} => Array&lt;Types::BatchIsAuthorizedOutputItem&gt;
441
+ #
442
+ # @example Request syntax with placeholder values
443
+ #
444
+ # resp = client.batch_is_authorized({
445
+ # policy_store_id: "PolicyStoreId", # required
446
+ # entities: {
447
+ # entity_list: [
448
+ # {
449
+ # identifier: { # required
450
+ # entity_type: "EntityType", # required
451
+ # entity_id: "EntityId", # required
452
+ # },
453
+ # attributes: {
454
+ # "String" => "value", # value <Hash,Array,String,Numeric,Boolean,IO,Set,nil>
455
+ # },
456
+ # parents: [
457
+ # {
458
+ # entity_type: "EntityType", # required
459
+ # entity_id: "EntityId", # required
460
+ # },
461
+ # ],
462
+ # },
463
+ # ],
464
+ # },
465
+ # requests: [ # required
466
+ # {
467
+ # principal: {
468
+ # entity_type: "EntityType", # required
469
+ # entity_id: "EntityId", # required
470
+ # },
471
+ # action: {
472
+ # action_type: "ActionType", # required
473
+ # action_id: "ActionId", # required
474
+ # },
475
+ # resource: {
476
+ # entity_type: "EntityType", # required
477
+ # entity_id: "EntityId", # required
478
+ # },
479
+ # context: {
480
+ # context_map: {
481
+ # "String" => "value", # value <Hash,Array,String,Numeric,Boolean,IO,Set,nil>
482
+ # },
483
+ # },
484
+ # },
485
+ # ],
486
+ # })
487
+ #
488
+ # @example Response structure
489
+ #
490
+ # resp.results #=> Array
491
+ # resp.results[0].request.principal.entity_type #=> String
492
+ # resp.results[0].request.principal.entity_id #=> String
493
+ # resp.results[0].request.action.action_type #=> String
494
+ # resp.results[0].request.action.action_id #=> String
495
+ # resp.results[0].request.resource.entity_type #=> String
496
+ # resp.results[0].request.resource.entity_id #=> String
497
+ # resp.results[0].request.context.context_map #=> Hash
498
+ # resp.results[0].request.context.context_map["String"] #=> <Hash,Array,String,Numeric,Boolean,IO,Set,nil>
499
+ # resp.results[0].decision #=> String, one of "ALLOW", "DENY"
500
+ # resp.results[0].determining_policies #=> Array
501
+ # resp.results[0].determining_policies[0].policy_id #=> String
502
+ # resp.results[0].errors #=> Array
503
+ # resp.results[0].errors[0].error_description #=> String
504
+ #
505
+ # @see http://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/BatchIsAuthorized AWS API Documentation
506
+ #
507
+ # @overload batch_is_authorized(params = {})
508
+ # @param [Hash] params ({})
509
+ def batch_is_authorized(params = {}, options = {})
510
+ req = build_request(:batch_is_authorized, params)
511
+ req.send_request(options)
512
+ end
513
+
401
514
  # Creates a reference to an Amazon Cognito user pool as an external
402
515
  # identity provider (IdP).
403
516
  #
@@ -657,7 +770,7 @@ module Aws::VerifiedPermissions
657
770
  #
658
771
  #
659
772
  #
660
- # [1]: https://docs.cedarpolicy.com/schema.html#namespace
773
+ # [1]: https://docs.cedarpolicy.com/schema/schema.html#namespace
661
774
  #
662
775
  # @option params [String] :client_token
663
776
  # Specifies a unique, case-sensitive ID that you provide to ensure the
@@ -1988,8 +2101,9 @@ module Aws::VerifiedPermissions
1988
2101
  # description and the some elements of the [policyBody][1].
1989
2102
  #
1990
2103
  # Changes you make to the policy template content are immediately
1991
- # reflected in authorization decisions that involve all template-linked
1992
- # policies instantiated from this template.
2104
+ # (within the constraints of eventual consistency) reflected in
2105
+ # authorization decisions that involve all template-linked policies
2106
+ # instantiated from this template.
1993
2107
  #
1994
2108
  # <note markdown="1"> Verified Permissions is <i> <a
1995
2109
  # href="https://wikipedia.org/wiki/Eventual_consistency">eventually
@@ -2076,7 +2190,7 @@ module Aws::VerifiedPermissions
2076
2190
  params: params,
2077
2191
  config: config)
2078
2192
  context[:gem_name] = 'aws-sdk-verifiedpermissions'
2079
- context[:gem_version] = '1.10.0'
2193
+ context[:gem_version] = '1.12.0'
2080
2194
  Seahorse::Client::Request.new(handlers, context)
2081
2195
  end
2082
2196
 
@@ -18,6 +18,12 @@ module Aws::VerifiedPermissions
18
18
  ActionIdentifier = Shapes::StructureShape.new(name: 'ActionIdentifier')
19
19
  ActionType = Shapes::StringShape.new(name: 'ActionType')
20
20
  AttributeValue = Shapes::UnionShape.new(name: 'AttributeValue')
21
+ BatchIsAuthorizedInput = Shapes::StructureShape.new(name: 'BatchIsAuthorizedInput')
22
+ BatchIsAuthorizedInputItem = Shapes::StructureShape.new(name: 'BatchIsAuthorizedInputItem')
23
+ BatchIsAuthorizedInputList = Shapes::ListShape.new(name: 'BatchIsAuthorizedInputList')
24
+ BatchIsAuthorizedOutput = Shapes::StructureShape.new(name: 'BatchIsAuthorizedOutput')
25
+ BatchIsAuthorizedOutputItem = Shapes::StructureShape.new(name: 'BatchIsAuthorizedOutputItem')
26
+ BatchIsAuthorizedOutputList = Shapes::ListShape.new(name: 'BatchIsAuthorizedOutputList')
21
27
  Boolean = Shapes::BooleanShape.new(name: 'Boolean')
22
28
  BooleanAttribute = Shapes::BooleanShape.new(name: 'BooleanAttribute')
23
29
  ClientId = Shapes::StringShape.new(name: 'ClientId')
@@ -179,6 +185,30 @@ module Aws::VerifiedPermissions
179
185
  AttributeValue.add_member_subclass(:unknown, Types::AttributeValue::Unknown)
180
186
  AttributeValue.struct_class = Types::AttributeValue
181
187
 
188
+ BatchIsAuthorizedInput.add_member(:policy_store_id, Shapes::ShapeRef.new(shape: PolicyStoreId, required: true, location_name: "policyStoreId"))
189
+ BatchIsAuthorizedInput.add_member(:entities, Shapes::ShapeRef.new(shape: EntitiesDefinition, location_name: "entities"))
190
+ BatchIsAuthorizedInput.add_member(:requests, Shapes::ShapeRef.new(shape: BatchIsAuthorizedInputList, required: true, location_name: "requests"))
191
+ BatchIsAuthorizedInput.struct_class = Types::BatchIsAuthorizedInput
192
+
193
+ BatchIsAuthorizedInputItem.add_member(:principal, Shapes::ShapeRef.new(shape: EntityIdentifier, location_name: "principal"))
194
+ BatchIsAuthorizedInputItem.add_member(:action, Shapes::ShapeRef.new(shape: ActionIdentifier, location_name: "action"))
195
+ BatchIsAuthorizedInputItem.add_member(:resource, Shapes::ShapeRef.new(shape: EntityIdentifier, location_name: "resource"))
196
+ BatchIsAuthorizedInputItem.add_member(:context, Shapes::ShapeRef.new(shape: ContextDefinition, location_name: "context"))
197
+ BatchIsAuthorizedInputItem.struct_class = Types::BatchIsAuthorizedInputItem
198
+
199
+ BatchIsAuthorizedInputList.member = Shapes::ShapeRef.new(shape: BatchIsAuthorizedInputItem)
200
+
201
+ BatchIsAuthorizedOutput.add_member(:results, Shapes::ShapeRef.new(shape: BatchIsAuthorizedOutputList, required: true, location_name: "results"))
202
+ BatchIsAuthorizedOutput.struct_class = Types::BatchIsAuthorizedOutput
203
+
204
+ BatchIsAuthorizedOutputItem.add_member(:request, Shapes::ShapeRef.new(shape: BatchIsAuthorizedInputItem, required: true, location_name: "request"))
205
+ BatchIsAuthorizedOutputItem.add_member(:decision, Shapes::ShapeRef.new(shape: Decision, required: true, location_name: "decision"))
206
+ BatchIsAuthorizedOutputItem.add_member(:determining_policies, Shapes::ShapeRef.new(shape: DeterminingPolicyList, required: true, location_name: "determiningPolicies"))
207
+ BatchIsAuthorizedOutputItem.add_member(:errors, Shapes::ShapeRef.new(shape: EvaluationErrorList, required: true, location_name: "errors"))
208
+ BatchIsAuthorizedOutputItem.struct_class = Types::BatchIsAuthorizedOutputItem
209
+
210
+ BatchIsAuthorizedOutputList.member = Shapes::ShapeRef.new(shape: BatchIsAuthorizedOutputItem)
211
+
182
212
  ClientIds.member = Shapes::ShapeRef.new(shape: ClientId)
183
213
 
184
214
  CognitoUserPoolConfiguration.add_member(:user_pool_arn, Shapes::ShapeRef.new(shape: UserPoolArn, required: true, location_name: "userPoolArn"))
@@ -696,6 +726,19 @@ module Aws::VerifiedPermissions
696
726
  "uid" => "verifiedpermissions-2021-12-01",
697
727
  }
698
728
 
729
+ api.add_operation(:batch_is_authorized, Seahorse::Model::Operation.new.tap do |o|
730
+ o.name = "BatchIsAuthorized"
731
+ o.http_method = "POST"
732
+ o.http_request_uri = "/"
733
+ o.input = Shapes::ShapeRef.new(shape: BatchIsAuthorizedInput)
734
+ o.output = Shapes::ShapeRef.new(shape: BatchIsAuthorizedOutput)
735
+ o.errors << Shapes::ShapeRef.new(shape: ValidationException)
736
+ o.errors << Shapes::ShapeRef.new(shape: AccessDeniedException)
737
+ o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
738
+ o.errors << Shapes::ShapeRef.new(shape: ThrottlingException)
739
+ o.errors << Shapes::ShapeRef.new(shape: InternalServerException)
740
+ end)
741
+
699
742
  api.add_operation(:create_identity_source, Seahorse::Model::Operation.new.tap do |o|
700
743
  o.name = "CreateIdentitySource"
701
744
  o.http_method = "POST"
@@ -704,6 +747,7 @@ module Aws::VerifiedPermissions
704
747
  o.output = Shapes::ShapeRef.new(shape: CreateIdentitySourceOutput)
705
748
  o.errors << Shapes::ShapeRef.new(shape: ValidationException)
706
749
  o.errors << Shapes::ShapeRef.new(shape: ServiceQuotaExceededException)
750
+ o.errors << Shapes::ShapeRef.new(shape: ConflictException)
707
751
  o.errors << Shapes::ShapeRef.new(shape: AccessDeniedException)
708
752
  o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
709
753
  o.errors << Shapes::ShapeRef.new(shape: ThrottlingException)
@@ -718,6 +762,7 @@ module Aws::VerifiedPermissions
718
762
  o.output = Shapes::ShapeRef.new(shape: CreatePolicyOutput)
719
763
  o.errors << Shapes::ShapeRef.new(shape: ValidationException)
720
764
  o.errors << Shapes::ShapeRef.new(shape: ServiceQuotaExceededException)
765
+ o.errors << Shapes::ShapeRef.new(shape: ConflictException)
721
766
  o.errors << Shapes::ShapeRef.new(shape: AccessDeniedException)
722
767
  o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
723
768
  o.errors << Shapes::ShapeRef.new(shape: ThrottlingException)
@@ -732,6 +777,7 @@ module Aws::VerifiedPermissions
732
777
  o.output = Shapes::ShapeRef.new(shape: CreatePolicyStoreOutput)
733
778
  o.errors << Shapes::ShapeRef.new(shape: ValidationException)
734
779
  o.errors << Shapes::ShapeRef.new(shape: ServiceQuotaExceededException)
780
+ o.errors << Shapes::ShapeRef.new(shape: ConflictException)
735
781
  o.errors << Shapes::ShapeRef.new(shape: AccessDeniedException)
736
782
  o.errors << Shapes::ShapeRef.new(shape: ThrottlingException)
737
783
  o.errors << Shapes::ShapeRef.new(shape: InternalServerException)
@@ -745,6 +791,7 @@ module Aws::VerifiedPermissions
745
791
  o.output = Shapes::ShapeRef.new(shape: CreatePolicyTemplateOutput)
746
792
  o.errors << Shapes::ShapeRef.new(shape: ValidationException)
747
793
  o.errors << Shapes::ShapeRef.new(shape: ServiceQuotaExceededException)
794
+ o.errors << Shapes::ShapeRef.new(shape: ConflictException)
748
795
  o.errors << Shapes::ShapeRef.new(shape: AccessDeniedException)
749
796
  o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
750
797
  o.errors << Shapes::ShapeRef.new(shape: ThrottlingException)
@@ -32,7 +32,7 @@ module Aws::VerifiedPermissions
32
32
  raise ArgumentError, "FIPS and DualStack are enabled, but this partition does not support one or both"
33
33
  end
34
34
  if Aws::Endpoints::Matchers.boolean_equals?(use_fips, true)
35
- if Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsFIPS"))
35
+ if Aws::Endpoints::Matchers.boolean_equals?(Aws::Endpoints::Matchers.attr(partition_result, "supportsFIPS"), true)
36
36
  return Aws::Endpoints::Endpoint.new(url: "https://verifiedpermissions-fips.#{region}.#{partition_result['dnsSuffix']}", headers: {}, properties: {})
37
37
  end
38
38
  raise ArgumentError, "FIPS is enabled but this partition does not support FIPS"
@@ -12,6 +12,20 @@ module Aws::VerifiedPermissions
12
12
  # @api private
13
13
  module Endpoints
14
14
 
15
+ class BatchIsAuthorized
16
+ def self.build(context)
17
+ unless context.config.regional_endpoint
18
+ endpoint = context.config.endpoint.to_s
19
+ end
20
+ Aws::VerifiedPermissions::EndpointParameters.new(
21
+ region: context.config.region,
22
+ use_dual_stack: context.config.use_dualstack_endpoint,
23
+ use_fips: context.config.use_fips_endpoint,
24
+ endpoint: endpoint,
25
+ )
26
+ end
27
+ end
28
+
15
29
  class CreateIdentitySource
16
30
  def self.build(context)
17
31
  unless context.config.regional_endpoint
@@ -56,6 +56,8 @@ module Aws::VerifiedPermissions
56
56
 
57
57
  def parameters_for_operation(context)
58
58
  case context.operation_name
59
+ when :batch_is_authorized
60
+ Aws::VerifiedPermissions::Endpoints::BatchIsAuthorized.build(context)
59
61
  when :create_identity_source
60
62
  Aws::VerifiedPermissions::Endpoints::CreateIdentitySource.build(context)
61
63
  when :create_policy
@@ -26,15 +26,17 @@ module Aws::VerifiedPermissions
26
26
  # Contains information about an action for a request for which an
27
27
  # authorization decision is made.
28
28
  #
29
- # This data type is used as an request parameter to the
30
- # [IsAuthorized][1] and [IsAuthorizedWithToken][2] operations.
29
+ # This data type is used as a request parameter to the
30
+ # [IsAuthorized][1], [BatchIsAuthorized][2], and
31
+ # [IsAuthorizedWithToken][3] operations.
31
32
  #
32
33
  # Example: `\{ "actionId": "<action name>", "actionType": "Action" \}`
33
34
  #
34
35
  #
35
36
  #
36
37
  # [1]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_IsAuthorized.html
37
- # [2]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_IsAuthorizedWithToken.html
38
+ # [2]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_BatchIsAuthorized.html
39
+ # [3]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_IsAuthorizedWithToken.html
38
40
  #
39
41
  # @!attribute [rw] action_type
40
42
  # The type of an action.
@@ -60,16 +62,20 @@ module Aws::VerifiedPermissions
60
62
  #
61
63
  # This data type is used as a member of the [ContextDefinition][1]
62
64
  # structure which is uses as a request parameter for the
63
- # [IsAuthorized][2] and [IsAuthorizedWithToken][3] operations.
65
+ # [IsAuthorized][2], [BatchIsAuthorized][3], and
66
+ # [IsAuthorizedWithToken][4] operations.
64
67
  #
65
68
  #
66
69
  #
67
70
  # [1]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_ContextDefinition.html
68
71
  # [2]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_IsAuthorized.html
69
- # [3]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_IsAuthorizedWithToken.html
72
+ # [3]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_BatchIsAuthorized.html
73
+ # [4]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_IsAuthorizedWithToken.html
70
74
  #
71
75
  # @note AttributeValue is a union - when making an API calls you must set exactly one of the members.
72
76
  #
77
+ # @note AttributeValue is a union - when returned from an API call exactly one value will be set and the returned type will be a subclass of AttributeValue corresponding to the set member.
78
+ #
73
79
  # @!attribute [rw] boolean
74
80
  # An attribute value of [Boolean][1] type.
75
81
  #
@@ -77,7 +83,7 @@ module Aws::VerifiedPermissions
77
83
  #
78
84
  #
79
85
  #
80
- # [1]: https://docs.cedarpolicy.com/syntax-datatypes.html#boolean
86
+ # [1]: https://docs.cedarpolicy.com/policies/syntax-datatypes.html#boolean
81
87
  # @return [Boolean]
82
88
  #
83
89
  # @!attribute [rw] entity_identifier
@@ -98,7 +104,7 @@ module Aws::VerifiedPermissions
98
104
  #
99
105
  #
100
106
  #
101
- # [1]: https://docs.cedarpolicy.com/syntax-datatypes.html#long
107
+ # [1]: https://docs.cedarpolicy.com/policies/syntax-datatypes.html#long
102
108
  # @return [Integer]
103
109
  #
104
110
  # @!attribute [rw] string
@@ -108,7 +114,7 @@ module Aws::VerifiedPermissions
108
114
  #
109
115
  #
110
116
  #
111
- # [1]: https://docs.cedarpolicy.com/syntax-datatypes.html#string
117
+ # [1]: https://docs.cedarpolicy.com/policies/syntax-datatypes.html#string
112
118
  # @return [String]
113
119
  #
114
120
  # @!attribute [rw] set
@@ -118,7 +124,7 @@ module Aws::VerifiedPermissions
118
124
  #
119
125
  #
120
126
  #
121
- # [1]: https://docs.cedarpolicy.com/syntax-datatypes.html#set
127
+ # [1]: https://docs.cedarpolicy.com/policies/syntax-datatypes.html#set
122
128
  # @return [Array<Types::AttributeValue>]
123
129
  #
124
130
  # @!attribute [rw] record
@@ -128,7 +134,7 @@ module Aws::VerifiedPermissions
128
134
  #
129
135
  #
130
136
  #
131
- # [1]: https://docs.cedarpolicy.com/syntax-datatypes.html#record
137
+ # [1]: https://docs.cedarpolicy.com/policies/syntax-datatypes.html#record
132
138
  # @return [Hash<String,Types::AttributeValue>]
133
139
  #
134
140
  # @see http://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/AttributeValue AWS API Documentation
@@ -154,6 +160,124 @@ module Aws::VerifiedPermissions
154
160
  class Unknown < AttributeValue; end
155
161
  end
156
162
 
163
+ # @!attribute [rw] policy_store_id
164
+ # Specifies the ID of the policy store. Policies in this policy store
165
+ # will be used to make the authorization decisions for the input.
166
+ # @return [String]
167
+ #
168
+ # @!attribute [rw] entities
169
+ # Specifies the list of resources and principals and their associated
170
+ # attributes that Verified Permissions can examine when evaluating the
171
+ # policies.
172
+ #
173
+ # <note markdown="1"> You can include only principal and resource entities in this
174
+ # parameter; you can't include actions. You must specify actions in
175
+ # the schema.
176
+ #
177
+ # </note>
178
+ # @return [Types::EntitiesDefinition]
179
+ #
180
+ # @!attribute [rw] requests
181
+ # An array of up to 30 requests that you want Verified Permissions to
182
+ # evaluate.
183
+ # @return [Array<Types::BatchIsAuthorizedInputItem>]
184
+ #
185
+ # @see http://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/BatchIsAuthorizedInput AWS API Documentation
186
+ #
187
+ class BatchIsAuthorizedInput < Struct.new(
188
+ :policy_store_id,
189
+ :entities,
190
+ :requests)
191
+ SENSITIVE = []
192
+ include Aws::Structure
193
+ end
194
+
195
+ # An authorization request that you include in a `BatchIsAuthorized` API
196
+ # request.
197
+ #
198
+ # @!attribute [rw] principal
199
+ # Specifies the principal for which the authorization decision is to
200
+ # be made.
201
+ # @return [Types::EntityIdentifier]
202
+ #
203
+ # @!attribute [rw] action
204
+ # Specifies the requested action to be authorized. For example, is the
205
+ # principal authorized to perform this action on the resource?
206
+ # @return [Types::ActionIdentifier]
207
+ #
208
+ # @!attribute [rw] resource
209
+ # Specifies the resource for which the authorization decision is to be
210
+ # made.
211
+ # @return [Types::EntityIdentifier]
212
+ #
213
+ # @!attribute [rw] context
214
+ # Specifies additional context that can be used to make more granular
215
+ # authorization decisions.
216
+ # @return [Types::ContextDefinition]
217
+ #
218
+ # @see http://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/BatchIsAuthorizedInputItem AWS API Documentation
219
+ #
220
+ class BatchIsAuthorizedInputItem < Struct.new(
221
+ :principal,
222
+ :action,
223
+ :resource,
224
+ :context)
225
+ SENSITIVE = []
226
+ include Aws::Structure
227
+ end
228
+
229
+ # @!attribute [rw] results
230
+ # A series of `Allow` or `Deny` decisions for each request, and the
231
+ # policies that produced them.
232
+ # @return [Array<Types::BatchIsAuthorizedOutputItem>]
233
+ #
234
+ # @see http://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/BatchIsAuthorizedOutput AWS API Documentation
235
+ #
236
+ class BatchIsAuthorizedOutput < Struct.new(
237
+ :results)
238
+ SENSITIVE = []
239
+ include Aws::Structure
240
+ end
241
+
242
+ # The decision, based on policy evaluation, from an individual
243
+ # authorization request in a `BatchIsAuthorized` API request.
244
+ #
245
+ # @!attribute [rw] request
246
+ # The authorization request that initiated the decision.
247
+ # @return [Types::BatchIsAuthorizedInputItem]
248
+ #
249
+ # @!attribute [rw] decision
250
+ # An authorization decision that indicates if the authorization
251
+ # request should be allowed or denied.
252
+ # @return [String]
253
+ #
254
+ # @!attribute [rw] determining_policies
255
+ # The list of determining policies used to make the authorization
256
+ # decision. For example, if there are two matching policies, where one
257
+ # is a forbid and the other is a permit, then the forbid policy will
258
+ # be the determining policy. In the case of multiple matching permit
259
+ # policies then there would be multiple determining policies. In the
260
+ # case that no policies match, and hence the response is DENY, there
261
+ # would be no determining policies.
262
+ # @return [Array<Types::DeterminingPolicyItem>]
263
+ #
264
+ # @!attribute [rw] errors
265
+ # Errors that occurred while making an authorization decision, for
266
+ # example, a policy references an Entity or entity Attribute that does
267
+ # not exist in the slice.
268
+ # @return [Array<Types::EvaluationErrorItem>]
269
+ #
270
+ # @see http://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/BatchIsAuthorizedOutputItem AWS API Documentation
271
+ #
272
+ class BatchIsAuthorizedOutputItem < Struct.new(
273
+ :request,
274
+ :decision,
275
+ :determining_policies,
276
+ :errors)
277
+ SENSITIVE = []
278
+ include Aws::Structure
279
+ end
280
+
157
281
  # The configuration for an identity source that represents a connection
158
282
  # to an Amazon Cognito user pool used as an identity provider for
159
283
  # Verified Permissions.
@@ -268,25 +392,29 @@ module Aws::VerifiedPermissions
268
392
  # part of the `when` and `unless` clauses in a policy.
269
393
  #
270
394
  # This data type is used as a request parameter for the
271
- # [IsAuthorized][1] and [IsAuthorizedWithToken][2] operations.
395
+ # [IsAuthorized][1], [BatchIsAuthorized][2], and
396
+ # [IsAuthorizedWithToken][3] operations.
272
397
  #
273
398
  # Example:
274
- # `"context":\{"Context":\{"<KeyName1>":\{"boolean":true\},"<KeyName2>":\{"long":1234\}\}\}`
399
+ # `"context":\{"contextMap":\{"<KeyName1>":\{"boolean":true\},"<KeyName2>":\{"long":1234\}\}\}`
275
400
  #
276
401
  #
277
402
  #
278
403
  # [1]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_IsAuthorized.html
279
- # [2]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_IsAuthorizedWithToken.html
404
+ # [2]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_BatchIsAuthorized.html
405
+ # [3]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_IsAuthorizedWithToken.html
280
406
  #
281
407
  # @note ContextDefinition is a union - when making an API calls you must set exactly one of the members.
282
408
  #
409
+ # @note ContextDefinition is a union - when returned from an API call exactly one value will be set and the returned type will be a subclass of ContextDefinition corresponding to the set member.
410
+ #
283
411
  # @!attribute [rw] context_map
284
412
  # An list of attributes that are needed to successfully evaluate an
285
413
  # authorization request. Each attribute in this array must include a
286
414
  # map of a data type and its value.
287
415
  #
288
416
  # Example:
289
- # `"Context":\{"<KeyName1>":\{"boolean":true\},"<KeyName2>":\{"long":1234\}\}`
417
+ # `"contextMap":\{"<KeyName1>":\{"boolean":true\},"<KeyName2>":\{"long":1234\}\}`
290
418
  # @return [Hash<String,Types::AttributeValue>]
291
419
  #
292
420
  # @see http://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/ContextDefinition AWS API Documentation
@@ -714,7 +842,8 @@ module Aws::VerifiedPermissions
714
842
  # authorization decision.
715
843
  #
716
844
  # This data type is used as an element in a response parameter for the
717
- # [IsAuthorized][1] and [IsAuthorizedWithToken][2] operations.
845
+ # [IsAuthorized][1], [BatchIsAuthorized][2], and
846
+ # [IsAuthorizedWithToken][3] operations.
718
847
  #
719
848
  # Example:
720
849
  # `"determiningPolicies":[\{"policyId":"SPEXAMPLEabcdefg111111"\}]`
@@ -722,7 +851,8 @@ module Aws::VerifiedPermissions
722
851
  #
723
852
  #
724
853
  # [1]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_IsAuthorized.html
725
- # [2]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_IsAuthorizedWithToken.html
854
+ # [2]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_BatchIsAuthorized.html
855
+ # [3]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_IsAuthorizedWithToken.html
726
856
  #
727
857
  # @!attribute [rw] policy_id
728
858
  # The Id of a policy that determined to an authorization decision.
@@ -885,13 +1015,14 @@ module Aws::VerifiedPermissions
885
1015
 
886
1016
  # Contains a description of an evaluation error.
887
1017
  #
888
- # This data type is used as a request parameter in the [IsAuthorized][1]
889
- # and [IsAuthorizedWithToken][2] operations.
1018
+ # This data type is a response parameter of the [IsAuthorized][1],
1019
+ # [BatchIsAuthorized][2], and [IsAuthorizedWithToken][3] operations.
890
1020
  #
891
1021
  #
892
1022
  #
893
1023
  # [1]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_IsAuthorized.html
894
- # [2]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_IsAuthorizedWithToken.html
1024
+ # [2]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_BatchIsAuthorized.html
1025
+ # [3]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_IsAuthorizedWithToken.html
895
1026
  #
896
1027
  # @!attribute [rw] error_description
897
1028
  # The error description.
@@ -2913,7 +3044,7 @@ module Aws::VerifiedPermissions
2913
3044
  #
2914
3045
  #
2915
3046
  #
2916
- # [1]: https://docs.cedarpolicy.com/syntax-operators.html#has-presence-of-attribute-test
3047
+ # [1]: https://docs.cedarpolicy.com/policies/syntax-operators.html#has-presence-of-attribute-test
2917
3048
  #
2918
3049
  # @!attribute [rw] message
2919
3050
  # @return [String]
@@ -33,7 +33,7 @@ require_relative 'aws-sdk-verifiedpermissions/customizations'
33
33
  # structure.
34
34
  #
35
35
  # verified_permissions = Aws::VerifiedPermissions::Client.new
36
- # resp = verified_permissions.create_identity_source(params)
36
+ # resp = verified_permissions.batch_is_authorized(params)
37
37
  #
38
38
  # See {Client} for more information.
39
39
  #
@@ -53,6 +53,6 @@ require_relative 'aws-sdk-verifiedpermissions/customizations'
53
53
  # @!group service
54
54
  module Aws::VerifiedPermissions
55
55
 
56
- GEM_VERSION = '1.10.0'
56
+ GEM_VERSION = '1.12.0'
57
57
 
58
58
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: aws-sdk-verifiedpermissions
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.10.0
4
+ version: 1.12.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Amazon Web Services
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2023-09-27 00:00:00.000000000 Z
11
+ date: 2023-11-17 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: aws-sdk-core