aws-sdk-verifiedpermissions 1.10.0 → 1.12.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +10 -0
- data/VERSION +1 -1
- data/lib/aws-sdk-verifiedpermissions/client.rb +118 -4
- data/lib/aws-sdk-verifiedpermissions/client_api.rb +47 -0
- data/lib/aws-sdk-verifiedpermissions/endpoint_provider.rb +1 -1
- data/lib/aws-sdk-verifiedpermissions/endpoints.rb +14 -0
- data/lib/aws-sdk-verifiedpermissions/plugins/endpoints.rb +2 -0
- data/lib/aws-sdk-verifiedpermissions/types.rb +151 -20
- data/lib/aws-sdk-verifiedpermissions.rb +2 -2
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: e4350747f7c9d5eefcd327c3dd718371ef8ff17f79c5df5579d592494e994446
|
|
4
|
+
data.tar.gz: 4e373448bb0bef180106961947012043e12541e799d3686066a39ee6794ec6c6
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 63e0f5ce5571a99c861a8a5c018afab8573f375053979cc11c9527c727062c4302c23166f148a9d5ecc21e9bf722c732da79ee878afbdffc520a55b09b53af55
|
|
7
|
+
data.tar.gz: b02ea3597ba9bde71f014fe6c86a787379c37cef92e2af68f00cc690ef199cd59a371435469acd9ac6de9dd52bc4c557ff23fd56cbd23b08d77a3456e9153137
|
data/CHANGELOG.md
CHANGED
|
@@ -1,6 +1,16 @@
|
|
|
1
1
|
Unreleased Changes
|
|
2
2
|
------------------
|
|
3
3
|
|
|
4
|
+
1.12.0 (2023-11-17)
|
|
5
|
+
------------------
|
|
6
|
+
|
|
7
|
+
* Feature - Adding BatchIsAuthorized API which supports multiple authorization requests against a PolicyStore
|
|
8
|
+
|
|
9
|
+
1.11.0 (2023-10-19)
|
|
10
|
+
------------------
|
|
11
|
+
|
|
12
|
+
* Feature - Improving Amazon Verified Permissions Create experience
|
|
13
|
+
|
|
4
14
|
1.10.0 (2023-09-27)
|
|
5
15
|
------------------
|
|
6
16
|
|
data/VERSION
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
1.
|
|
1
|
+
1.12.0
|
|
@@ -398,6 +398,119 @@ module Aws::VerifiedPermissions
|
|
|
398
398
|
|
|
399
399
|
# @!group API Operations
|
|
400
400
|
|
|
401
|
+
# Makes a series of decisions about multiple authorization requests for
|
|
402
|
+
# one principal or resource. Each request contains the equivalent
|
|
403
|
+
# content of an `IsAuthorized` request: principal, action, resource, and
|
|
404
|
+
# context. Either the `principal` or the `resource` parameter must be
|
|
405
|
+
# identical across all requests. For example, Verified Permissions
|
|
406
|
+
# won't evaluate a pair of requests where `bob` views `photo1` and
|
|
407
|
+
# `alice` views `photo2`. Authorization of `bob` to view `photo1` and
|
|
408
|
+
# `photo2`, or `bob` and `alice` to view `photo1`, are valid batches.
|
|
409
|
+
#
|
|
410
|
+
# The request is evaluated against all policies in the specified policy
|
|
411
|
+
# store that match the entities that you declare. The result of the
|
|
412
|
+
# decisions is a series of `Allow` or `Deny` responses, along with the
|
|
413
|
+
# IDs of the policies that produced each decision.
|
|
414
|
+
#
|
|
415
|
+
# The `entities` of a `BatchIsAuthorized` API request can contain up to
|
|
416
|
+
# 100 principals and up to 100 resources. The `requests` of a
|
|
417
|
+
# `BatchIsAuthorized` API request can contain up to 30 requests.
|
|
418
|
+
#
|
|
419
|
+
# @option params [required, String] :policy_store_id
|
|
420
|
+
# Specifies the ID of the policy store. Policies in this policy store
|
|
421
|
+
# will be used to make the authorization decisions for the input.
|
|
422
|
+
#
|
|
423
|
+
# @option params [Types::EntitiesDefinition] :entities
|
|
424
|
+
# Specifies the list of resources and principals and their associated
|
|
425
|
+
# attributes that Verified Permissions can examine when evaluating the
|
|
426
|
+
# policies.
|
|
427
|
+
#
|
|
428
|
+
# <note markdown="1"> You can include only principal and resource entities in this
|
|
429
|
+
# parameter; you can't include actions. You must specify actions in the
|
|
430
|
+
# schema.
|
|
431
|
+
#
|
|
432
|
+
# </note>
|
|
433
|
+
#
|
|
434
|
+
# @option params [required, Array<Types::BatchIsAuthorizedInputItem>] :requests
|
|
435
|
+
# An array of up to 30 requests that you want Verified Permissions to
|
|
436
|
+
# evaluate.
|
|
437
|
+
#
|
|
438
|
+
# @return [Types::BatchIsAuthorizedOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
|
439
|
+
#
|
|
440
|
+
# * {Types::BatchIsAuthorizedOutput#results #results} => Array<Types::BatchIsAuthorizedOutputItem>
|
|
441
|
+
#
|
|
442
|
+
# @example Request syntax with placeholder values
|
|
443
|
+
#
|
|
444
|
+
# resp = client.batch_is_authorized({
|
|
445
|
+
# policy_store_id: "PolicyStoreId", # required
|
|
446
|
+
# entities: {
|
|
447
|
+
# entity_list: [
|
|
448
|
+
# {
|
|
449
|
+
# identifier: { # required
|
|
450
|
+
# entity_type: "EntityType", # required
|
|
451
|
+
# entity_id: "EntityId", # required
|
|
452
|
+
# },
|
|
453
|
+
# attributes: {
|
|
454
|
+
# "String" => "value", # value <Hash,Array,String,Numeric,Boolean,IO,Set,nil>
|
|
455
|
+
# },
|
|
456
|
+
# parents: [
|
|
457
|
+
# {
|
|
458
|
+
# entity_type: "EntityType", # required
|
|
459
|
+
# entity_id: "EntityId", # required
|
|
460
|
+
# },
|
|
461
|
+
# ],
|
|
462
|
+
# },
|
|
463
|
+
# ],
|
|
464
|
+
# },
|
|
465
|
+
# requests: [ # required
|
|
466
|
+
# {
|
|
467
|
+
# principal: {
|
|
468
|
+
# entity_type: "EntityType", # required
|
|
469
|
+
# entity_id: "EntityId", # required
|
|
470
|
+
# },
|
|
471
|
+
# action: {
|
|
472
|
+
# action_type: "ActionType", # required
|
|
473
|
+
# action_id: "ActionId", # required
|
|
474
|
+
# },
|
|
475
|
+
# resource: {
|
|
476
|
+
# entity_type: "EntityType", # required
|
|
477
|
+
# entity_id: "EntityId", # required
|
|
478
|
+
# },
|
|
479
|
+
# context: {
|
|
480
|
+
# context_map: {
|
|
481
|
+
# "String" => "value", # value <Hash,Array,String,Numeric,Boolean,IO,Set,nil>
|
|
482
|
+
# },
|
|
483
|
+
# },
|
|
484
|
+
# },
|
|
485
|
+
# ],
|
|
486
|
+
# })
|
|
487
|
+
#
|
|
488
|
+
# @example Response structure
|
|
489
|
+
#
|
|
490
|
+
# resp.results #=> Array
|
|
491
|
+
# resp.results[0].request.principal.entity_type #=> String
|
|
492
|
+
# resp.results[0].request.principal.entity_id #=> String
|
|
493
|
+
# resp.results[0].request.action.action_type #=> String
|
|
494
|
+
# resp.results[0].request.action.action_id #=> String
|
|
495
|
+
# resp.results[0].request.resource.entity_type #=> String
|
|
496
|
+
# resp.results[0].request.resource.entity_id #=> String
|
|
497
|
+
# resp.results[0].request.context.context_map #=> Hash
|
|
498
|
+
# resp.results[0].request.context.context_map["String"] #=> <Hash,Array,String,Numeric,Boolean,IO,Set,nil>
|
|
499
|
+
# resp.results[0].decision #=> String, one of "ALLOW", "DENY"
|
|
500
|
+
# resp.results[0].determining_policies #=> Array
|
|
501
|
+
# resp.results[0].determining_policies[0].policy_id #=> String
|
|
502
|
+
# resp.results[0].errors #=> Array
|
|
503
|
+
# resp.results[0].errors[0].error_description #=> String
|
|
504
|
+
#
|
|
505
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/BatchIsAuthorized AWS API Documentation
|
|
506
|
+
#
|
|
507
|
+
# @overload batch_is_authorized(params = {})
|
|
508
|
+
# @param [Hash] params ({})
|
|
509
|
+
def batch_is_authorized(params = {}, options = {})
|
|
510
|
+
req = build_request(:batch_is_authorized, params)
|
|
511
|
+
req.send_request(options)
|
|
512
|
+
end
|
|
513
|
+
|
|
401
514
|
# Creates a reference to an Amazon Cognito user pool as an external
|
|
402
515
|
# identity provider (IdP).
|
|
403
516
|
#
|
|
@@ -657,7 +770,7 @@ module Aws::VerifiedPermissions
|
|
|
657
770
|
#
|
|
658
771
|
#
|
|
659
772
|
#
|
|
660
|
-
# [1]: https://docs.cedarpolicy.com/schema.html#namespace
|
|
773
|
+
# [1]: https://docs.cedarpolicy.com/schema/schema.html#namespace
|
|
661
774
|
#
|
|
662
775
|
# @option params [String] :client_token
|
|
663
776
|
# Specifies a unique, case-sensitive ID that you provide to ensure the
|
|
@@ -1988,8 +2101,9 @@ module Aws::VerifiedPermissions
|
|
|
1988
2101
|
# description and the some elements of the [policyBody][1].
|
|
1989
2102
|
#
|
|
1990
2103
|
# Changes you make to the policy template content are immediately
|
|
1991
|
-
#
|
|
1992
|
-
#
|
|
2104
|
+
# (within the constraints of eventual consistency) reflected in
|
|
2105
|
+
# authorization decisions that involve all template-linked policies
|
|
2106
|
+
# instantiated from this template.
|
|
1993
2107
|
#
|
|
1994
2108
|
# <note markdown="1"> Verified Permissions is <i> <a
|
|
1995
2109
|
# href="https://wikipedia.org/wiki/Eventual_consistency">eventually
|
|
@@ -2076,7 +2190,7 @@ module Aws::VerifiedPermissions
|
|
|
2076
2190
|
params: params,
|
|
2077
2191
|
config: config)
|
|
2078
2192
|
context[:gem_name] = 'aws-sdk-verifiedpermissions'
|
|
2079
|
-
context[:gem_version] = '1.
|
|
2193
|
+
context[:gem_version] = '1.12.0'
|
|
2080
2194
|
Seahorse::Client::Request.new(handlers, context)
|
|
2081
2195
|
end
|
|
2082
2196
|
|
|
@@ -18,6 +18,12 @@ module Aws::VerifiedPermissions
|
|
|
18
18
|
ActionIdentifier = Shapes::StructureShape.new(name: 'ActionIdentifier')
|
|
19
19
|
ActionType = Shapes::StringShape.new(name: 'ActionType')
|
|
20
20
|
AttributeValue = Shapes::UnionShape.new(name: 'AttributeValue')
|
|
21
|
+
BatchIsAuthorizedInput = Shapes::StructureShape.new(name: 'BatchIsAuthorizedInput')
|
|
22
|
+
BatchIsAuthorizedInputItem = Shapes::StructureShape.new(name: 'BatchIsAuthorizedInputItem')
|
|
23
|
+
BatchIsAuthorizedInputList = Shapes::ListShape.new(name: 'BatchIsAuthorizedInputList')
|
|
24
|
+
BatchIsAuthorizedOutput = Shapes::StructureShape.new(name: 'BatchIsAuthorizedOutput')
|
|
25
|
+
BatchIsAuthorizedOutputItem = Shapes::StructureShape.new(name: 'BatchIsAuthorizedOutputItem')
|
|
26
|
+
BatchIsAuthorizedOutputList = Shapes::ListShape.new(name: 'BatchIsAuthorizedOutputList')
|
|
21
27
|
Boolean = Shapes::BooleanShape.new(name: 'Boolean')
|
|
22
28
|
BooleanAttribute = Shapes::BooleanShape.new(name: 'BooleanAttribute')
|
|
23
29
|
ClientId = Shapes::StringShape.new(name: 'ClientId')
|
|
@@ -179,6 +185,30 @@ module Aws::VerifiedPermissions
|
|
|
179
185
|
AttributeValue.add_member_subclass(:unknown, Types::AttributeValue::Unknown)
|
|
180
186
|
AttributeValue.struct_class = Types::AttributeValue
|
|
181
187
|
|
|
188
|
+
BatchIsAuthorizedInput.add_member(:policy_store_id, Shapes::ShapeRef.new(shape: PolicyStoreId, required: true, location_name: "policyStoreId"))
|
|
189
|
+
BatchIsAuthorizedInput.add_member(:entities, Shapes::ShapeRef.new(shape: EntitiesDefinition, location_name: "entities"))
|
|
190
|
+
BatchIsAuthorizedInput.add_member(:requests, Shapes::ShapeRef.new(shape: BatchIsAuthorizedInputList, required: true, location_name: "requests"))
|
|
191
|
+
BatchIsAuthorizedInput.struct_class = Types::BatchIsAuthorizedInput
|
|
192
|
+
|
|
193
|
+
BatchIsAuthorizedInputItem.add_member(:principal, Shapes::ShapeRef.new(shape: EntityIdentifier, location_name: "principal"))
|
|
194
|
+
BatchIsAuthorizedInputItem.add_member(:action, Shapes::ShapeRef.new(shape: ActionIdentifier, location_name: "action"))
|
|
195
|
+
BatchIsAuthorizedInputItem.add_member(:resource, Shapes::ShapeRef.new(shape: EntityIdentifier, location_name: "resource"))
|
|
196
|
+
BatchIsAuthorizedInputItem.add_member(:context, Shapes::ShapeRef.new(shape: ContextDefinition, location_name: "context"))
|
|
197
|
+
BatchIsAuthorizedInputItem.struct_class = Types::BatchIsAuthorizedInputItem
|
|
198
|
+
|
|
199
|
+
BatchIsAuthorizedInputList.member = Shapes::ShapeRef.new(shape: BatchIsAuthorizedInputItem)
|
|
200
|
+
|
|
201
|
+
BatchIsAuthorizedOutput.add_member(:results, Shapes::ShapeRef.new(shape: BatchIsAuthorizedOutputList, required: true, location_name: "results"))
|
|
202
|
+
BatchIsAuthorizedOutput.struct_class = Types::BatchIsAuthorizedOutput
|
|
203
|
+
|
|
204
|
+
BatchIsAuthorizedOutputItem.add_member(:request, Shapes::ShapeRef.new(shape: BatchIsAuthorizedInputItem, required: true, location_name: "request"))
|
|
205
|
+
BatchIsAuthorizedOutputItem.add_member(:decision, Shapes::ShapeRef.new(shape: Decision, required: true, location_name: "decision"))
|
|
206
|
+
BatchIsAuthorizedOutputItem.add_member(:determining_policies, Shapes::ShapeRef.new(shape: DeterminingPolicyList, required: true, location_name: "determiningPolicies"))
|
|
207
|
+
BatchIsAuthorizedOutputItem.add_member(:errors, Shapes::ShapeRef.new(shape: EvaluationErrorList, required: true, location_name: "errors"))
|
|
208
|
+
BatchIsAuthorizedOutputItem.struct_class = Types::BatchIsAuthorizedOutputItem
|
|
209
|
+
|
|
210
|
+
BatchIsAuthorizedOutputList.member = Shapes::ShapeRef.new(shape: BatchIsAuthorizedOutputItem)
|
|
211
|
+
|
|
182
212
|
ClientIds.member = Shapes::ShapeRef.new(shape: ClientId)
|
|
183
213
|
|
|
184
214
|
CognitoUserPoolConfiguration.add_member(:user_pool_arn, Shapes::ShapeRef.new(shape: UserPoolArn, required: true, location_name: "userPoolArn"))
|
|
@@ -696,6 +726,19 @@ module Aws::VerifiedPermissions
|
|
|
696
726
|
"uid" => "verifiedpermissions-2021-12-01",
|
|
697
727
|
}
|
|
698
728
|
|
|
729
|
+
api.add_operation(:batch_is_authorized, Seahorse::Model::Operation.new.tap do |o|
|
|
730
|
+
o.name = "BatchIsAuthorized"
|
|
731
|
+
o.http_method = "POST"
|
|
732
|
+
o.http_request_uri = "/"
|
|
733
|
+
o.input = Shapes::ShapeRef.new(shape: BatchIsAuthorizedInput)
|
|
734
|
+
o.output = Shapes::ShapeRef.new(shape: BatchIsAuthorizedOutput)
|
|
735
|
+
o.errors << Shapes::ShapeRef.new(shape: ValidationException)
|
|
736
|
+
o.errors << Shapes::ShapeRef.new(shape: AccessDeniedException)
|
|
737
|
+
o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
|
|
738
|
+
o.errors << Shapes::ShapeRef.new(shape: ThrottlingException)
|
|
739
|
+
o.errors << Shapes::ShapeRef.new(shape: InternalServerException)
|
|
740
|
+
end)
|
|
741
|
+
|
|
699
742
|
api.add_operation(:create_identity_source, Seahorse::Model::Operation.new.tap do |o|
|
|
700
743
|
o.name = "CreateIdentitySource"
|
|
701
744
|
o.http_method = "POST"
|
|
@@ -704,6 +747,7 @@ module Aws::VerifiedPermissions
|
|
|
704
747
|
o.output = Shapes::ShapeRef.new(shape: CreateIdentitySourceOutput)
|
|
705
748
|
o.errors << Shapes::ShapeRef.new(shape: ValidationException)
|
|
706
749
|
o.errors << Shapes::ShapeRef.new(shape: ServiceQuotaExceededException)
|
|
750
|
+
o.errors << Shapes::ShapeRef.new(shape: ConflictException)
|
|
707
751
|
o.errors << Shapes::ShapeRef.new(shape: AccessDeniedException)
|
|
708
752
|
o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
|
|
709
753
|
o.errors << Shapes::ShapeRef.new(shape: ThrottlingException)
|
|
@@ -718,6 +762,7 @@ module Aws::VerifiedPermissions
|
|
|
718
762
|
o.output = Shapes::ShapeRef.new(shape: CreatePolicyOutput)
|
|
719
763
|
o.errors << Shapes::ShapeRef.new(shape: ValidationException)
|
|
720
764
|
o.errors << Shapes::ShapeRef.new(shape: ServiceQuotaExceededException)
|
|
765
|
+
o.errors << Shapes::ShapeRef.new(shape: ConflictException)
|
|
721
766
|
o.errors << Shapes::ShapeRef.new(shape: AccessDeniedException)
|
|
722
767
|
o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
|
|
723
768
|
o.errors << Shapes::ShapeRef.new(shape: ThrottlingException)
|
|
@@ -732,6 +777,7 @@ module Aws::VerifiedPermissions
|
|
|
732
777
|
o.output = Shapes::ShapeRef.new(shape: CreatePolicyStoreOutput)
|
|
733
778
|
o.errors << Shapes::ShapeRef.new(shape: ValidationException)
|
|
734
779
|
o.errors << Shapes::ShapeRef.new(shape: ServiceQuotaExceededException)
|
|
780
|
+
o.errors << Shapes::ShapeRef.new(shape: ConflictException)
|
|
735
781
|
o.errors << Shapes::ShapeRef.new(shape: AccessDeniedException)
|
|
736
782
|
o.errors << Shapes::ShapeRef.new(shape: ThrottlingException)
|
|
737
783
|
o.errors << Shapes::ShapeRef.new(shape: InternalServerException)
|
|
@@ -745,6 +791,7 @@ module Aws::VerifiedPermissions
|
|
|
745
791
|
o.output = Shapes::ShapeRef.new(shape: CreatePolicyTemplateOutput)
|
|
746
792
|
o.errors << Shapes::ShapeRef.new(shape: ValidationException)
|
|
747
793
|
o.errors << Shapes::ShapeRef.new(shape: ServiceQuotaExceededException)
|
|
794
|
+
o.errors << Shapes::ShapeRef.new(shape: ConflictException)
|
|
748
795
|
o.errors << Shapes::ShapeRef.new(shape: AccessDeniedException)
|
|
749
796
|
o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
|
|
750
797
|
o.errors << Shapes::ShapeRef.new(shape: ThrottlingException)
|
|
@@ -32,7 +32,7 @@ module Aws::VerifiedPermissions
|
|
|
32
32
|
raise ArgumentError, "FIPS and DualStack are enabled, but this partition does not support one or both"
|
|
33
33
|
end
|
|
34
34
|
if Aws::Endpoints::Matchers.boolean_equals?(use_fips, true)
|
|
35
|
-
if Aws::Endpoints::Matchers.boolean_equals?(
|
|
35
|
+
if Aws::Endpoints::Matchers.boolean_equals?(Aws::Endpoints::Matchers.attr(partition_result, "supportsFIPS"), true)
|
|
36
36
|
return Aws::Endpoints::Endpoint.new(url: "https://verifiedpermissions-fips.#{region}.#{partition_result['dnsSuffix']}", headers: {}, properties: {})
|
|
37
37
|
end
|
|
38
38
|
raise ArgumentError, "FIPS is enabled but this partition does not support FIPS"
|
|
@@ -12,6 +12,20 @@ module Aws::VerifiedPermissions
|
|
|
12
12
|
# @api private
|
|
13
13
|
module Endpoints
|
|
14
14
|
|
|
15
|
+
class BatchIsAuthorized
|
|
16
|
+
def self.build(context)
|
|
17
|
+
unless context.config.regional_endpoint
|
|
18
|
+
endpoint = context.config.endpoint.to_s
|
|
19
|
+
end
|
|
20
|
+
Aws::VerifiedPermissions::EndpointParameters.new(
|
|
21
|
+
region: context.config.region,
|
|
22
|
+
use_dual_stack: context.config.use_dualstack_endpoint,
|
|
23
|
+
use_fips: context.config.use_fips_endpoint,
|
|
24
|
+
endpoint: endpoint,
|
|
25
|
+
)
|
|
26
|
+
end
|
|
27
|
+
end
|
|
28
|
+
|
|
15
29
|
class CreateIdentitySource
|
|
16
30
|
def self.build(context)
|
|
17
31
|
unless context.config.regional_endpoint
|
|
@@ -56,6 +56,8 @@ module Aws::VerifiedPermissions
|
|
|
56
56
|
|
|
57
57
|
def parameters_for_operation(context)
|
|
58
58
|
case context.operation_name
|
|
59
|
+
when :batch_is_authorized
|
|
60
|
+
Aws::VerifiedPermissions::Endpoints::BatchIsAuthorized.build(context)
|
|
59
61
|
when :create_identity_source
|
|
60
62
|
Aws::VerifiedPermissions::Endpoints::CreateIdentitySource.build(context)
|
|
61
63
|
when :create_policy
|
|
@@ -26,15 +26,17 @@ module Aws::VerifiedPermissions
|
|
|
26
26
|
# Contains information about an action for a request for which an
|
|
27
27
|
# authorization decision is made.
|
|
28
28
|
#
|
|
29
|
-
# This data type is used as
|
|
30
|
-
# [IsAuthorized][1]
|
|
29
|
+
# This data type is used as a request parameter to the
|
|
30
|
+
# [IsAuthorized][1], [BatchIsAuthorized][2], and
|
|
31
|
+
# [IsAuthorizedWithToken][3] operations.
|
|
31
32
|
#
|
|
32
33
|
# Example: `\{ "actionId": "<action name>", "actionType": "Action" \}`
|
|
33
34
|
#
|
|
34
35
|
#
|
|
35
36
|
#
|
|
36
37
|
# [1]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_IsAuthorized.html
|
|
37
|
-
# [2]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/
|
|
38
|
+
# [2]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_BatchIsAuthorized.html
|
|
39
|
+
# [3]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_IsAuthorizedWithToken.html
|
|
38
40
|
#
|
|
39
41
|
# @!attribute [rw] action_type
|
|
40
42
|
# The type of an action.
|
|
@@ -60,16 +62,20 @@ module Aws::VerifiedPermissions
|
|
|
60
62
|
#
|
|
61
63
|
# This data type is used as a member of the [ContextDefinition][1]
|
|
62
64
|
# structure which is uses as a request parameter for the
|
|
63
|
-
# [IsAuthorized][2]
|
|
65
|
+
# [IsAuthorized][2], [BatchIsAuthorized][3], and
|
|
66
|
+
# [IsAuthorizedWithToken][4] operations.
|
|
64
67
|
#
|
|
65
68
|
#
|
|
66
69
|
#
|
|
67
70
|
# [1]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_ContextDefinition.html
|
|
68
71
|
# [2]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_IsAuthorized.html
|
|
69
|
-
# [3]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/
|
|
72
|
+
# [3]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_BatchIsAuthorized.html
|
|
73
|
+
# [4]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_IsAuthorizedWithToken.html
|
|
70
74
|
#
|
|
71
75
|
# @note AttributeValue is a union - when making an API calls you must set exactly one of the members.
|
|
72
76
|
#
|
|
77
|
+
# @note AttributeValue is a union - when returned from an API call exactly one value will be set and the returned type will be a subclass of AttributeValue corresponding to the set member.
|
|
78
|
+
#
|
|
73
79
|
# @!attribute [rw] boolean
|
|
74
80
|
# An attribute value of [Boolean][1] type.
|
|
75
81
|
#
|
|
@@ -77,7 +83,7 @@ module Aws::VerifiedPermissions
|
|
|
77
83
|
#
|
|
78
84
|
#
|
|
79
85
|
#
|
|
80
|
-
# [1]: https://docs.cedarpolicy.com/syntax-datatypes.html#boolean
|
|
86
|
+
# [1]: https://docs.cedarpolicy.com/policies/syntax-datatypes.html#boolean
|
|
81
87
|
# @return [Boolean]
|
|
82
88
|
#
|
|
83
89
|
# @!attribute [rw] entity_identifier
|
|
@@ -98,7 +104,7 @@ module Aws::VerifiedPermissions
|
|
|
98
104
|
#
|
|
99
105
|
#
|
|
100
106
|
#
|
|
101
|
-
# [1]: https://docs.cedarpolicy.com/syntax-datatypes.html#long
|
|
107
|
+
# [1]: https://docs.cedarpolicy.com/policies/syntax-datatypes.html#long
|
|
102
108
|
# @return [Integer]
|
|
103
109
|
#
|
|
104
110
|
# @!attribute [rw] string
|
|
@@ -108,7 +114,7 @@ module Aws::VerifiedPermissions
|
|
|
108
114
|
#
|
|
109
115
|
#
|
|
110
116
|
#
|
|
111
|
-
# [1]: https://docs.cedarpolicy.com/syntax-datatypes.html#string
|
|
117
|
+
# [1]: https://docs.cedarpolicy.com/policies/syntax-datatypes.html#string
|
|
112
118
|
# @return [String]
|
|
113
119
|
#
|
|
114
120
|
# @!attribute [rw] set
|
|
@@ -118,7 +124,7 @@ module Aws::VerifiedPermissions
|
|
|
118
124
|
#
|
|
119
125
|
#
|
|
120
126
|
#
|
|
121
|
-
# [1]: https://docs.cedarpolicy.com/syntax-datatypes.html#set
|
|
127
|
+
# [1]: https://docs.cedarpolicy.com/policies/syntax-datatypes.html#set
|
|
122
128
|
# @return [Array<Types::AttributeValue>]
|
|
123
129
|
#
|
|
124
130
|
# @!attribute [rw] record
|
|
@@ -128,7 +134,7 @@ module Aws::VerifiedPermissions
|
|
|
128
134
|
#
|
|
129
135
|
#
|
|
130
136
|
#
|
|
131
|
-
# [1]: https://docs.cedarpolicy.com/syntax-datatypes.html#record
|
|
137
|
+
# [1]: https://docs.cedarpolicy.com/policies/syntax-datatypes.html#record
|
|
132
138
|
# @return [Hash<String,Types::AttributeValue>]
|
|
133
139
|
#
|
|
134
140
|
# @see http://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/AttributeValue AWS API Documentation
|
|
@@ -154,6 +160,124 @@ module Aws::VerifiedPermissions
|
|
|
154
160
|
class Unknown < AttributeValue; end
|
|
155
161
|
end
|
|
156
162
|
|
|
163
|
+
# @!attribute [rw] policy_store_id
|
|
164
|
+
# Specifies the ID of the policy store. Policies in this policy store
|
|
165
|
+
# will be used to make the authorization decisions for the input.
|
|
166
|
+
# @return [String]
|
|
167
|
+
#
|
|
168
|
+
# @!attribute [rw] entities
|
|
169
|
+
# Specifies the list of resources and principals and their associated
|
|
170
|
+
# attributes that Verified Permissions can examine when evaluating the
|
|
171
|
+
# policies.
|
|
172
|
+
#
|
|
173
|
+
# <note markdown="1"> You can include only principal and resource entities in this
|
|
174
|
+
# parameter; you can't include actions. You must specify actions in
|
|
175
|
+
# the schema.
|
|
176
|
+
#
|
|
177
|
+
# </note>
|
|
178
|
+
# @return [Types::EntitiesDefinition]
|
|
179
|
+
#
|
|
180
|
+
# @!attribute [rw] requests
|
|
181
|
+
# An array of up to 30 requests that you want Verified Permissions to
|
|
182
|
+
# evaluate.
|
|
183
|
+
# @return [Array<Types::BatchIsAuthorizedInputItem>]
|
|
184
|
+
#
|
|
185
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/BatchIsAuthorizedInput AWS API Documentation
|
|
186
|
+
#
|
|
187
|
+
class BatchIsAuthorizedInput < Struct.new(
|
|
188
|
+
:policy_store_id,
|
|
189
|
+
:entities,
|
|
190
|
+
:requests)
|
|
191
|
+
SENSITIVE = []
|
|
192
|
+
include Aws::Structure
|
|
193
|
+
end
|
|
194
|
+
|
|
195
|
+
# An authorization request that you include in a `BatchIsAuthorized` API
|
|
196
|
+
# request.
|
|
197
|
+
#
|
|
198
|
+
# @!attribute [rw] principal
|
|
199
|
+
# Specifies the principal for which the authorization decision is to
|
|
200
|
+
# be made.
|
|
201
|
+
# @return [Types::EntityIdentifier]
|
|
202
|
+
#
|
|
203
|
+
# @!attribute [rw] action
|
|
204
|
+
# Specifies the requested action to be authorized. For example, is the
|
|
205
|
+
# principal authorized to perform this action on the resource?
|
|
206
|
+
# @return [Types::ActionIdentifier]
|
|
207
|
+
#
|
|
208
|
+
# @!attribute [rw] resource
|
|
209
|
+
# Specifies the resource for which the authorization decision is to be
|
|
210
|
+
# made.
|
|
211
|
+
# @return [Types::EntityIdentifier]
|
|
212
|
+
#
|
|
213
|
+
# @!attribute [rw] context
|
|
214
|
+
# Specifies additional context that can be used to make more granular
|
|
215
|
+
# authorization decisions.
|
|
216
|
+
# @return [Types::ContextDefinition]
|
|
217
|
+
#
|
|
218
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/BatchIsAuthorizedInputItem AWS API Documentation
|
|
219
|
+
#
|
|
220
|
+
class BatchIsAuthorizedInputItem < Struct.new(
|
|
221
|
+
:principal,
|
|
222
|
+
:action,
|
|
223
|
+
:resource,
|
|
224
|
+
:context)
|
|
225
|
+
SENSITIVE = []
|
|
226
|
+
include Aws::Structure
|
|
227
|
+
end
|
|
228
|
+
|
|
229
|
+
# @!attribute [rw] results
|
|
230
|
+
# A series of `Allow` or `Deny` decisions for each request, and the
|
|
231
|
+
# policies that produced them.
|
|
232
|
+
# @return [Array<Types::BatchIsAuthorizedOutputItem>]
|
|
233
|
+
#
|
|
234
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/BatchIsAuthorizedOutput AWS API Documentation
|
|
235
|
+
#
|
|
236
|
+
class BatchIsAuthorizedOutput < Struct.new(
|
|
237
|
+
:results)
|
|
238
|
+
SENSITIVE = []
|
|
239
|
+
include Aws::Structure
|
|
240
|
+
end
|
|
241
|
+
|
|
242
|
+
# The decision, based on policy evaluation, from an individual
|
|
243
|
+
# authorization request in a `BatchIsAuthorized` API request.
|
|
244
|
+
#
|
|
245
|
+
# @!attribute [rw] request
|
|
246
|
+
# The authorization request that initiated the decision.
|
|
247
|
+
# @return [Types::BatchIsAuthorizedInputItem]
|
|
248
|
+
#
|
|
249
|
+
# @!attribute [rw] decision
|
|
250
|
+
# An authorization decision that indicates if the authorization
|
|
251
|
+
# request should be allowed or denied.
|
|
252
|
+
# @return [String]
|
|
253
|
+
#
|
|
254
|
+
# @!attribute [rw] determining_policies
|
|
255
|
+
# The list of determining policies used to make the authorization
|
|
256
|
+
# decision. For example, if there are two matching policies, where one
|
|
257
|
+
# is a forbid and the other is a permit, then the forbid policy will
|
|
258
|
+
# be the determining policy. In the case of multiple matching permit
|
|
259
|
+
# policies then there would be multiple determining policies. In the
|
|
260
|
+
# case that no policies match, and hence the response is DENY, there
|
|
261
|
+
# would be no determining policies.
|
|
262
|
+
# @return [Array<Types::DeterminingPolicyItem>]
|
|
263
|
+
#
|
|
264
|
+
# @!attribute [rw] errors
|
|
265
|
+
# Errors that occurred while making an authorization decision, for
|
|
266
|
+
# example, a policy references an Entity or entity Attribute that does
|
|
267
|
+
# not exist in the slice.
|
|
268
|
+
# @return [Array<Types::EvaluationErrorItem>]
|
|
269
|
+
#
|
|
270
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/BatchIsAuthorizedOutputItem AWS API Documentation
|
|
271
|
+
#
|
|
272
|
+
class BatchIsAuthorizedOutputItem < Struct.new(
|
|
273
|
+
:request,
|
|
274
|
+
:decision,
|
|
275
|
+
:determining_policies,
|
|
276
|
+
:errors)
|
|
277
|
+
SENSITIVE = []
|
|
278
|
+
include Aws::Structure
|
|
279
|
+
end
|
|
280
|
+
|
|
157
281
|
# The configuration for an identity source that represents a connection
|
|
158
282
|
# to an Amazon Cognito user pool used as an identity provider for
|
|
159
283
|
# Verified Permissions.
|
|
@@ -268,25 +392,29 @@ module Aws::VerifiedPermissions
|
|
|
268
392
|
# part of the `when` and `unless` clauses in a policy.
|
|
269
393
|
#
|
|
270
394
|
# This data type is used as a request parameter for the
|
|
271
|
-
# [IsAuthorized][1]
|
|
395
|
+
# [IsAuthorized][1], [BatchIsAuthorized][2], and
|
|
396
|
+
# [IsAuthorizedWithToken][3] operations.
|
|
272
397
|
#
|
|
273
398
|
# Example:
|
|
274
|
-
# `"context":\{"
|
|
399
|
+
# `"context":\{"contextMap":\{"<KeyName1>":\{"boolean":true\},"<KeyName2>":\{"long":1234\}\}\}`
|
|
275
400
|
#
|
|
276
401
|
#
|
|
277
402
|
#
|
|
278
403
|
# [1]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_IsAuthorized.html
|
|
279
|
-
# [2]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/
|
|
404
|
+
# [2]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_BatchIsAuthorized.html
|
|
405
|
+
# [3]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_IsAuthorizedWithToken.html
|
|
280
406
|
#
|
|
281
407
|
# @note ContextDefinition is a union - when making an API calls you must set exactly one of the members.
|
|
282
408
|
#
|
|
409
|
+
# @note ContextDefinition is a union - when returned from an API call exactly one value will be set and the returned type will be a subclass of ContextDefinition corresponding to the set member.
|
|
410
|
+
#
|
|
283
411
|
# @!attribute [rw] context_map
|
|
284
412
|
# An list of attributes that are needed to successfully evaluate an
|
|
285
413
|
# authorization request. Each attribute in this array must include a
|
|
286
414
|
# map of a data type and its value.
|
|
287
415
|
#
|
|
288
416
|
# Example:
|
|
289
|
-
# `"
|
|
417
|
+
# `"contextMap":\{"<KeyName1>":\{"boolean":true\},"<KeyName2>":\{"long":1234\}\}`
|
|
290
418
|
# @return [Hash<String,Types::AttributeValue>]
|
|
291
419
|
#
|
|
292
420
|
# @see http://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/ContextDefinition AWS API Documentation
|
|
@@ -714,7 +842,8 @@ module Aws::VerifiedPermissions
|
|
|
714
842
|
# authorization decision.
|
|
715
843
|
#
|
|
716
844
|
# This data type is used as an element in a response parameter for the
|
|
717
|
-
# [IsAuthorized][1]
|
|
845
|
+
# [IsAuthorized][1], [BatchIsAuthorized][2], and
|
|
846
|
+
# [IsAuthorizedWithToken][3] operations.
|
|
718
847
|
#
|
|
719
848
|
# Example:
|
|
720
849
|
# `"determiningPolicies":[\{"policyId":"SPEXAMPLEabcdefg111111"\}]`
|
|
@@ -722,7 +851,8 @@ module Aws::VerifiedPermissions
|
|
|
722
851
|
#
|
|
723
852
|
#
|
|
724
853
|
# [1]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_IsAuthorized.html
|
|
725
|
-
# [2]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/
|
|
854
|
+
# [2]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_BatchIsAuthorized.html
|
|
855
|
+
# [3]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_IsAuthorizedWithToken.html
|
|
726
856
|
#
|
|
727
857
|
# @!attribute [rw] policy_id
|
|
728
858
|
# The Id of a policy that determined to an authorization decision.
|
|
@@ -885,13 +1015,14 @@ module Aws::VerifiedPermissions
|
|
|
885
1015
|
|
|
886
1016
|
# Contains a description of an evaluation error.
|
|
887
1017
|
#
|
|
888
|
-
# This data type is
|
|
889
|
-
# and [IsAuthorizedWithToken][
|
|
1018
|
+
# This data type is a response parameter of the [IsAuthorized][1],
|
|
1019
|
+
# [BatchIsAuthorized][2], and [IsAuthorizedWithToken][3] operations.
|
|
890
1020
|
#
|
|
891
1021
|
#
|
|
892
1022
|
#
|
|
893
1023
|
# [1]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_IsAuthorized.html
|
|
894
|
-
# [2]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/
|
|
1024
|
+
# [2]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_BatchIsAuthorized.html
|
|
1025
|
+
# [3]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_IsAuthorizedWithToken.html
|
|
895
1026
|
#
|
|
896
1027
|
# @!attribute [rw] error_description
|
|
897
1028
|
# The error description.
|
|
@@ -2913,7 +3044,7 @@ module Aws::VerifiedPermissions
|
|
|
2913
3044
|
#
|
|
2914
3045
|
#
|
|
2915
3046
|
#
|
|
2916
|
-
# [1]: https://docs.cedarpolicy.com/syntax-operators.html#has-presence-of-attribute-test
|
|
3047
|
+
# [1]: https://docs.cedarpolicy.com/policies/syntax-operators.html#has-presence-of-attribute-test
|
|
2917
3048
|
#
|
|
2918
3049
|
# @!attribute [rw] message
|
|
2919
3050
|
# @return [String]
|
|
@@ -33,7 +33,7 @@ require_relative 'aws-sdk-verifiedpermissions/customizations'
|
|
|
33
33
|
# structure.
|
|
34
34
|
#
|
|
35
35
|
# verified_permissions = Aws::VerifiedPermissions::Client.new
|
|
36
|
-
# resp = verified_permissions.
|
|
36
|
+
# resp = verified_permissions.batch_is_authorized(params)
|
|
37
37
|
#
|
|
38
38
|
# See {Client} for more information.
|
|
39
39
|
#
|
|
@@ -53,6 +53,6 @@ require_relative 'aws-sdk-verifiedpermissions/customizations'
|
|
|
53
53
|
# @!group service
|
|
54
54
|
module Aws::VerifiedPermissions
|
|
55
55
|
|
|
56
|
-
GEM_VERSION = '1.
|
|
56
|
+
GEM_VERSION = '1.12.0'
|
|
57
57
|
|
|
58
58
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: aws-sdk-verifiedpermissions
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.
|
|
4
|
+
version: 1.12.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Amazon Web Services
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2023-
|
|
11
|
+
date: 2023-11-17 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: aws-sdk-core
|