aws-sdk-verifiedpermissions 1.16.0 → 1.18.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 5feea7f2095a4b93f870439a3270581748a46a0863cfec80f0db7aecc3eb47d2
-  data.tar.gz: 810f54093fce433be30c1359b60119b8dfd3d5e0e9b9eef6bc3a986b30509def
+  metadata.gz: b2e2e4bc3c9002c9339678fb29f3c6ce9c8ad6c017b6c3e16528f4dd22c5ab32
+  data.tar.gz: 32987a27b39ea1e5ee5dac39c0bb0e339faea04b805c9d0cb7270168685efcdc
 SHA512:
-  metadata.gz: 1c92fccbb1514bfbf1bc1e7fb7a81a7a0299012e63ca7a2e02e0a43babca05bd33e5ae78f89eff559a22a867e721137cadf80f4608afb79893fcdf959c0f2910
-  data.tar.gz: 6e650705242930feb999ff6fd76079201bfaa25360447b1a2c08916bed5198b593a7628662e427cee696dda221c479ece4be59730176d147a23d4aa9ef90c5cb
+  metadata.gz: 224a6f6b501cec475a0a375b1f4df6a1adc5973a7d6696e59eade5c53493f0b1d3329458a6db844f74be81caed71a8436342312fb0902192fc13e8df587657d4
+  data.tar.gz: 17cb9addf43c47fab588adcbb689dcf88256ebd5927e274c8092395703d38d57bdfbba8cfc9cf6b4f6761c44799636569aff4eca1c88f52e32ae32894d1e7870

data/CHANGELOG.md

@@ -1,6 +1,16 @@
 Unreleased Changes
 ------------------
 
+1.18.0 (2024-04-04)
+------------------
+
+* Feature - Adds GroupConfiguration field to Identity Source API's
+
+1.17.0 (2024-03-06)
+------------------
+
+* Feature - Deprecating details in favor of configuration for GetIdentitySource and ListIdentitySources APIs.
+
 1.16.0 (2024-01-26)
 ------------------
 

data/VERSION

@@ -1 +1 @@
-1.16.0
+1.18.0

data/lib/aws-sdk-verifiedpermissions/client.rb

@@ -555,8 +555,8 @@ module Aws::VerifiedPermissions
     # <note markdown="1"> Verified Permissions is <i> <a
     # href="https://wikipedia.org/wiki/Eventual_consistency">eventually
     # consistent</a> </i>. It can take a few seconds for a new or changed
-    # element to be propagate through the service and be visible in the
-    # results of other Verified Permissions operations.
+    # element to propagate through the service and be visible in the results
+    # of other Verified Permissions operations.
     #
     #  </note>
     #
@@ -576,8 +576,12 @@ module Aws::VerifiedPermissions
     #   random one for you.
     #
     #   If you retry the operation with the same `ClientToken`, but with
-    #   different parameters, the retry fails with an
-    #   `IdempotentParameterMismatch` error.
+    #   different parameters, the retry fails with an `ConflictException`
+    #   error.
+    #
+    #   Verified Permissions recognizes a `ClientToken` for eight hours. After
+    #   eight hours, the next request with the same parameters performs the
+    #   operation again regardless of the value of `ClientToken`.
     #
     #   **A suitable default value is auto-generated.** You should normally
     #   not need to pass this option.**
@@ -623,6 +627,9 @@ module Aws::VerifiedPermissions
     #       cognito_user_pool_configuration: {
     #         user_pool_arn: "UserPoolArn", # required
     #         client_ids: ["ClientId"],
+    #         group_configuration: {
+    #           group_entity_type: "GroupEntityType", # required
+    #         },
     #       },
     #     },
     #     principal_entity_type: "PrincipalEntityType",
@@ -667,8 +674,8 @@ module Aws::VerifiedPermissions
     # <note markdown="1"> Verified Permissions is <i> <a
     # href="https://wikipedia.org/wiki/Eventual_consistency">eventually
     # consistent</a> </i>. It can take a few seconds for a new or changed
-    # element to be propagate through the service and be visible in the
-    # results of other Verified Permissions operations.
+    # element to propagate through the service and be visible in the results
+    # of other Verified Permissions operations.
     #
     #  </note>
     #
@@ -684,8 +691,12 @@ module Aws::VerifiedPermissions
     #   random one for you.
     #
     #   If you retry the operation with the same `ClientToken`, but with
-    #   different parameters, the retry fails with an
-    #   `IdempotentParameterMismatch` error.
+    #   different parameters, the retry fails with an `ConflictException`
+    #   error.
+    #
+    #   Verified Permissions recognizes a `ClientToken` for eight hours. After
+    #   eight hours, the next request with the same parameters performs the
+    #   operation again regardless of the value of `ClientToken`.
     #
     #   **A suitable default value is auto-generated.** You should normally
     #   not need to pass this option.**
@@ -770,8 +781,8 @@ module Aws::VerifiedPermissions
     # <note markdown="1"> Verified Permissions is <i> <a
     # href="https://wikipedia.org/wiki/Eventual_consistency">eventually
     # consistent</a> </i>. It can take a few seconds for a new or changed
-    # element to be propagate through the service and be visible in the
-    # results of other Verified Permissions operations.
+    # element to propagate through the service and be visible in the results
+    # of other Verified Permissions operations.
     #
     #  </note>
     #
@@ -791,8 +802,12 @@ module Aws::VerifiedPermissions
     #   random one for you.
     #
     #   If you retry the operation with the same `ClientToken`, but with
-    #   different parameters, the retry fails with an
-    #   `IdempotentParameterMismatch` error.
+    #   different parameters, the retry fails with an `ConflictException`
+    #   error.
+    #
+    #   Verified Permissions recognizes a `ClientToken` for eight hours. After
+    #   eight hours, the next request with the same parameters performs the
+    #   operation again regardless of the value of `ClientToken`.
     #
     #   **A suitable default value is auto-generated.** You should normally
     #   not need to pass this option.**
@@ -866,8 +881,8 @@ module Aws::VerifiedPermissions
     # <note markdown="1"> Verified Permissions is <i> <a
     # href="https://wikipedia.org/wiki/Eventual_consistency">eventually
     # consistent</a> </i>. It can take a few seconds for a new or changed
-    # element to be propagate through the service and be visible in the
-    # results of other Verified Permissions operations.
+    # element to propagate through the service and be visible in the results
+    # of other Verified Permissions operations.
     #
     #  </note>
     #
@@ -883,8 +898,12 @@ module Aws::VerifiedPermissions
     #   random one for you.
     #
     #   If you retry the operation with the same `ClientToken`, but with
-    #   different parameters, the retry fails with an
-    #   `IdempotentParameterMismatch` error.
+    #   different parameters, the retry fails with an `ConflictException`
+    #   error.
+    #
+    #   Verified Permissions recognizes a `ClientToken` for eight hours. After
+    #   eight hours, the next request with the same parameters performs the
+    #   operation again regardless of the value of `ClientToken`.
     #
     #   **A suitable default value is auto-generated.** You should normally
     #   not need to pass this option.**
@@ -1076,6 +1095,7 @@ module Aws::VerifiedPermissions
     #   * {Types::GetIdentitySourceOutput#last_updated_date #last_updated_date} => Time
     #   * {Types::GetIdentitySourceOutput#policy_store_id #policy_store_id} => String
     #   * {Types::GetIdentitySourceOutput#principal_entity_type #principal_entity_type} => String
+    #   * {Types::GetIdentitySourceOutput#configuration #configuration} => Types::ConfigurationDetail
     #
     # @example Request syntax with placeholder values
     #
@@ -1096,6 +1116,11 @@ module Aws::VerifiedPermissions
     #   resp.last_updated_date #=> Time
     #   resp.policy_store_id #=> String
     #   resp.principal_entity_type #=> String
+    #   resp.configuration.cognito_user_pool_configuration.user_pool_arn #=> String
+    #   resp.configuration.cognito_user_pool_configuration.client_ids #=> Array
+    #   resp.configuration.cognito_user_pool_configuration.client_ids[0] #=> String
+    #   resp.configuration.cognito_user_pool_configuration.issuer #=> String
+    #   resp.configuration.cognito_user_pool_configuration.group_configuration.group_entity_type #=> String
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/GetIdentitySource AWS API Documentation
     #
@@ -1426,13 +1451,19 @@ module Aws::VerifiedPermissions
     #   Specifies an identity token for the principal to be authorized. This
     #   token is provided to you by the identity provider (IdP) associated
     #   with the specified identity source. You must specify either an
-    #   `AccessToken` or an `IdentityToken`, or both.
+    #   `accessToken`, an `identityToken`, or both.
+    #
+    #   Must be an ID token. Verified Permissions returns an error if the
+    #   `token_use` claim in the submitted token isn't `id`.
     #
     # @option params [String] :access_token
     #   Specifies an access token for the principal to be authorized. This
     #   token is provided to you by the identity provider (IdP) associated
     #   with the specified identity source. You must specify either an
-    #   `AccessToken`, or an `IdentityToken`, or both.
+    #   `accessToken`, an `identityToken`, or both.
+    #
+    #   Must be an access token. Verified Permissions returns an error if the
+    #   `token_use` claim in the submitted token isn't `access`.
     #
     # @option params [Types::ActionIdentifier] :action
     #   Specifies the requested action to be authorized. Is the specified
@@ -1468,6 +1499,7 @@ module Aws::VerifiedPermissions
     #   * {Types::IsAuthorizedWithTokenOutput#decision #decision} => String
     #   * {Types::IsAuthorizedWithTokenOutput#determining_policies #determining_policies} => Array&lt;Types::DeterminingPolicyItem&gt;
     #   * {Types::IsAuthorizedWithTokenOutput#errors #errors} => Array&lt;Types::EvaluationErrorItem&gt;
+    #   * {Types::IsAuthorizedWithTokenOutput#principal #principal} => Types::EntityIdentifier
     #
     # @example Request syntax with placeholder values
     #
@@ -1516,6 +1548,8 @@ module Aws::VerifiedPermissions
     #   resp.determining_policies[0].policy_id #=> String
     #   resp.errors #=> Array
     #   resp.errors[0].error_description #=> String
+    #   resp.principal.entity_type #=> String
+    #   resp.principal.entity_id #=> String
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/IsAuthorizedWithToken AWS API Documentation
     #
@@ -1592,6 +1626,11 @@ module Aws::VerifiedPermissions
     #   resp.identity_sources[0].last_updated_date #=> Time
     #   resp.identity_sources[0].policy_store_id #=> String
     #   resp.identity_sources[0].principal_entity_type #=> String
+    #   resp.identity_sources[0].configuration.cognito_user_pool_configuration.user_pool_arn #=> String
+    #   resp.identity_sources[0].configuration.cognito_user_pool_configuration.client_ids #=> Array
+    #   resp.identity_sources[0].configuration.cognito_user_pool_configuration.client_ids[0] #=> String
+    #   resp.identity_sources[0].configuration.cognito_user_pool_configuration.issuer #=> String
+    #   resp.identity_sources[0].configuration.cognito_user_pool_configuration.group_configuration.group_entity_type #=> String
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/ListIdentitySources AWS API Documentation
     #
@@ -1826,8 +1865,8 @@ module Aws::VerifiedPermissions
     # <note markdown="1"> Verified Permissions is <i> <a
     # href="https://wikipedia.org/wiki/Eventual_consistency">eventually
     # consistent</a> </i>. It can take a few seconds for a new or changed
-    # element to be propagate through the service and be visible in the
-    # results of other Verified Permissions operations.
+    # element to propagate through the service and be visible in the results
+    # of other Verified Permissions operations.
     #
     #  </note>
     #
@@ -1878,8 +1917,8 @@ module Aws::VerifiedPermissions
     # <note markdown="1"> Verified Permissions is <i> <a
     # href="https://wikipedia.org/wiki/Eventual_consistency">eventually
     # consistent</a> </i>. It can take a few seconds for a new or changed
-    # element to be propagate through the service and be visible in the
-    # results of other Verified Permissions operations.
+    # element to propagate through the service and be visible in the results
+    # of other Verified Permissions operations.
     #
     #  </note>
     #
@@ -1921,6 +1960,9 @@ module Aws::VerifiedPermissions
     #       cognito_user_pool_configuration: {
     #         user_pool_arn: "UserPoolArn", # required
     #         client_ids: ["ClientId"],
+    #         group_configuration: {
+    #           group_entity_type: "GroupEntityType", # required
+    #         },
     #       },
     #     },
     #     principal_entity_type: "PrincipalEntityType",
@@ -1954,7 +1996,7 @@ module Aws::VerifiedPermissions
     #   doesn't pass validation, the operation fails and the update isn't
     #   stored.
     #
-    # * When you edit a static policy, You can change only certain elements
+    # * When you edit a static policy, you can change only certain elements
     #   of a static policy:
     #
     #   * The action referenced by the policy.
@@ -1980,8 +2022,8 @@ module Aws::VerifiedPermissions
     # <note markdown="1"> Verified Permissions is <i> <a
     # href="https://wikipedia.org/wiki/Eventual_consistency">eventually
     # consistent</a> </i>. It can take a few seconds for a new or changed
-    # element to be propagate through the service and be visible in the
-    # results of other Verified Permissions operations.
+    # element to propagate through the service and be visible in the results
+    # of other Verified Permissions operations.
     #
     #  </note>
     #
@@ -2072,8 +2114,8 @@ module Aws::VerifiedPermissions
     # <note markdown="1"> Verified Permissions is <i> <a
     # href="https://wikipedia.org/wiki/Eventual_consistency">eventually
     # consistent</a> </i>. It can take a few seconds for a new or changed
-    # element to be propagate through the service and be visible in the
-    # results of other Verified Permissions operations.
+    # element to propagate through the service and be visible in the results
+    # of other Verified Permissions operations.
     #
     #  </note>
     #
@@ -2132,8 +2174,8 @@ module Aws::VerifiedPermissions
     # <note markdown="1"> Verified Permissions is <i> <a
     # href="https://wikipedia.org/wiki/Eventual_consistency">eventually
     # consistent</a> </i>. It can take a few seconds for a new or changed
-    # element to be propagate through the service and be visible in the
-    # results of other Verified Permissions operations.
+    # element to propagate through the service and be visible in the results
+    # of other Verified Permissions operations.
     #
     #  </note>
     #
@@ -2214,7 +2256,7 @@ module Aws::VerifiedPermissions
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-verifiedpermissions'
-      context[:gem_version] = '1.16.0'
+      context[:gem_version] = '1.18.0'
       Seahorse::Client::Request.new(handlers, context)
     end
 

data/lib/aws-sdk-verifiedpermissions/client_api.rb

@@ -28,8 +28,15 @@ module Aws::VerifiedPermissions
     BooleanAttribute = Shapes::BooleanShape.new(name: 'BooleanAttribute')
     ClientId = Shapes::StringShape.new(name: 'ClientId')
     ClientIds = Shapes::ListShape.new(name: 'ClientIds')
+    CognitoGroupConfiguration = Shapes::StructureShape.new(name: 'CognitoGroupConfiguration')
+    CognitoGroupConfigurationDetail = Shapes::StructureShape.new(name: 'CognitoGroupConfigurationDetail')
+    CognitoGroupConfigurationItem = Shapes::StructureShape.new(name: 'CognitoGroupConfigurationItem')
     CognitoUserPoolConfiguration = Shapes::StructureShape.new(name: 'CognitoUserPoolConfiguration')
+    CognitoUserPoolConfigurationDetail = Shapes::StructureShape.new(name: 'CognitoUserPoolConfigurationDetail')
+    CognitoUserPoolConfigurationItem = Shapes::StructureShape.new(name: 'CognitoUserPoolConfigurationItem')
     Configuration = Shapes::UnionShape.new(name: 'Configuration')
+    ConfigurationDetail = Shapes::UnionShape.new(name: 'ConfigurationDetail')
+    ConfigurationItem = Shapes::UnionShape.new(name: 'ConfigurationItem')
     ConflictException = Shapes::StructureShape.new(name: 'ConflictException')
     ContextDefinition = Shapes::UnionShape.new(name: 'ContextDefinition')
     ContextMap = Shapes::MapShape.new(name: 'ContextMap')
@@ -73,6 +80,7 @@ module Aws::VerifiedPermissions
     GetPolicyTemplateOutput = Shapes::StructureShape.new(name: 'GetPolicyTemplateOutput')
     GetSchemaInput = Shapes::StructureShape.new(name: 'GetSchemaInput')
     GetSchemaOutput = Shapes::StructureShape.new(name: 'GetSchemaOutput')
+    GroupEntityType = Shapes::StringShape.new(name: 'GroupEntityType')
     IdempotencyToken = Shapes::StringShape.new(name: 'IdempotencyToken')
     IdentitySourceDetails = Shapes::StructureShape.new(name: 'IdentitySourceDetails')
     IdentitySourceFilter = Shapes::StructureShape.new(name: 'IdentitySourceFilter')
@@ -86,6 +94,7 @@ module Aws::VerifiedPermissions
     IsAuthorizedOutput = Shapes::StructureShape.new(name: 'IsAuthorizedOutput')
     IsAuthorizedWithTokenInput = Shapes::StructureShape.new(name: 'IsAuthorizedWithTokenInput')
     IsAuthorizedWithTokenOutput = Shapes::StructureShape.new(name: 'IsAuthorizedWithTokenOutput')
+    Issuer = Shapes::StringShape.new(name: 'Issuer')
     ListIdentitySourcesInput = Shapes::StructureShape.new(name: 'ListIdentitySourcesInput')
     ListIdentitySourcesMaxResults = Shapes::IntegerShape.new(name: 'ListIdentitySourcesMaxResults')
     ListIdentitySourcesOutput = Shapes::StructureShape.new(name: 'ListIdentitySourcesOutput')
@@ -144,6 +153,7 @@ module Aws::VerifiedPermissions
     ThrottlingException = Shapes::StructureShape.new(name: 'ThrottlingException')
     TimestampFormat = Shapes::TimestampShape.new(name: 'TimestampFormat', timestampFormat: "iso8601")
     Token = Shapes::StringShape.new(name: 'Token')
+    UpdateCognitoGroupConfiguration = Shapes::StructureShape.new(name: 'UpdateCognitoGroupConfiguration')
     UpdateCognitoUserPoolConfiguration = Shapes::StructureShape.new(name: 'UpdateCognitoUserPoolConfiguration')
     UpdateConfiguration = Shapes::UnionShape.new(name: 'UpdateConfiguration')
     UpdateIdentitySourceInput = Shapes::StructureShape.new(name: 'UpdateIdentitySourceInput')
@@ -212,16 +222,50 @@ module Aws::VerifiedPermissions
 
     ClientIds.member = Shapes::ShapeRef.new(shape: ClientId)
 
+    CognitoGroupConfiguration.add_member(:group_entity_type, Shapes::ShapeRef.new(shape: GroupEntityType, required: true, location_name: "groupEntityType"))
+    CognitoGroupConfiguration.struct_class = Types::CognitoGroupConfiguration
+
+    CognitoGroupConfigurationDetail.add_member(:group_entity_type, Shapes::ShapeRef.new(shape: GroupEntityType, location_name: "groupEntityType"))
+    CognitoGroupConfigurationDetail.struct_class = Types::CognitoGroupConfigurationDetail
+
+    CognitoGroupConfigurationItem.add_member(:group_entity_type, Shapes::ShapeRef.new(shape: GroupEntityType, location_name: "groupEntityType"))
+    CognitoGroupConfigurationItem.struct_class = Types::CognitoGroupConfigurationItem
+
     CognitoUserPoolConfiguration.add_member(:user_pool_arn, Shapes::ShapeRef.new(shape: UserPoolArn, required: true, location_name: "userPoolArn"))
     CognitoUserPoolConfiguration.add_member(:client_ids, Shapes::ShapeRef.new(shape: ClientIds, location_name: "clientIds"))
+    CognitoUserPoolConfiguration.add_member(:group_configuration, Shapes::ShapeRef.new(shape: CognitoGroupConfiguration, location_name: "groupConfiguration"))
     CognitoUserPoolConfiguration.struct_class = Types::CognitoUserPoolConfiguration
 
+    CognitoUserPoolConfigurationDetail.add_member(:user_pool_arn, Shapes::ShapeRef.new(shape: UserPoolArn, required: true, location_name: "userPoolArn"))
+    CognitoUserPoolConfigurationDetail.add_member(:client_ids, Shapes::ShapeRef.new(shape: ClientIds, required: true, location_name: "clientIds"))
+    CognitoUserPoolConfigurationDetail.add_member(:issuer, Shapes::ShapeRef.new(shape: Issuer, required: true, location_name: "issuer"))
+    CognitoUserPoolConfigurationDetail.add_member(:group_configuration, Shapes::ShapeRef.new(shape: CognitoGroupConfigurationDetail, location_name: "groupConfiguration"))
+    CognitoUserPoolConfigurationDetail.struct_class = Types::CognitoUserPoolConfigurationDetail
+
+    CognitoUserPoolConfigurationItem.add_member(:user_pool_arn, Shapes::ShapeRef.new(shape: UserPoolArn, required: true, location_name: "userPoolArn"))
+    CognitoUserPoolConfigurationItem.add_member(:client_ids, Shapes::ShapeRef.new(shape: ClientIds, required: true, location_name: "clientIds"))
+    CognitoUserPoolConfigurationItem.add_member(:issuer, Shapes::ShapeRef.new(shape: Issuer, required: true, location_name: "issuer"))
+    CognitoUserPoolConfigurationItem.add_member(:group_configuration, Shapes::ShapeRef.new(shape: CognitoGroupConfigurationItem, location_name: "groupConfiguration"))
+    CognitoUserPoolConfigurationItem.struct_class = Types::CognitoUserPoolConfigurationItem
+
     Configuration.add_member(:cognito_user_pool_configuration, Shapes::ShapeRef.new(shape: CognitoUserPoolConfiguration, location_name: "cognitoUserPoolConfiguration"))
     Configuration.add_member(:unknown, Shapes::ShapeRef.new(shape: nil, location_name: 'unknown'))
     Configuration.add_member_subclass(:cognito_user_pool_configuration, Types::Configuration::CognitoUserPoolConfiguration)
     Configuration.add_member_subclass(:unknown, Types::Configuration::Unknown)
     Configuration.struct_class = Types::Configuration
 
+    ConfigurationDetail.add_member(:cognito_user_pool_configuration, Shapes::ShapeRef.new(shape: CognitoUserPoolConfigurationDetail, location_name: "cognitoUserPoolConfiguration"))
+    ConfigurationDetail.add_member(:unknown, Shapes::ShapeRef.new(shape: nil, location_name: 'unknown'))
+    ConfigurationDetail.add_member_subclass(:cognito_user_pool_configuration, Types::ConfigurationDetail::CognitoUserPoolConfiguration)
+    ConfigurationDetail.add_member_subclass(:unknown, Types::ConfigurationDetail::Unknown)
+    ConfigurationDetail.struct_class = Types::ConfigurationDetail
+
+    ConfigurationItem.add_member(:cognito_user_pool_configuration, Shapes::ShapeRef.new(shape: CognitoUserPoolConfigurationItem, location_name: "cognitoUserPoolConfiguration"))
+    ConfigurationItem.add_member(:unknown, Shapes::ShapeRef.new(shape: nil, location_name: 'unknown'))
+    ConfigurationItem.add_member_subclass(:cognito_user_pool_configuration, Types::ConfigurationItem::CognitoUserPoolConfiguration)
+    ConfigurationItem.add_member_subclass(:unknown, Types::ConfigurationItem::Unknown)
+    ConfigurationItem.struct_class = Types::ConfigurationItem
+
     ConflictException.add_member(:message, Shapes::ShapeRef.new(shape: String, required: true, location_name: "message"))
     ConflictException.add_member(:resources, Shapes::ShapeRef.new(shape: ResourceConflictList, required: true, location_name: "resources"))
     ConflictException.struct_class = Types::ConflictException
@@ -350,11 +394,12 @@ module Aws::VerifiedPermissions
     GetIdentitySourceInput.struct_class = Types::GetIdentitySourceInput
 
     GetIdentitySourceOutput.add_member(:created_date, Shapes::ShapeRef.new(shape: TimestampFormat, required: true, location_name: "createdDate"))
-    GetIdentitySourceOutput.add_member(:details, Shapes::ShapeRef.new(shape: IdentitySourceDetails, required: true, location_name: "details"))
+    GetIdentitySourceOutput.add_member(:details, Shapes::ShapeRef.new(shape: IdentitySourceDetails, deprecated: true, location_name: "details", metadata: {"deprecatedMessage"=>"This attribute has been replaced by configuration.cognitoUserPoolConfiguration"}))
     GetIdentitySourceOutput.add_member(:identity_source_id, Shapes::ShapeRef.new(shape: IdentitySourceId, required: true, location_name: "identitySourceId"))
     GetIdentitySourceOutput.add_member(:last_updated_date, Shapes::ShapeRef.new(shape: TimestampFormat, required: true, location_name: "lastUpdatedDate"))
     GetIdentitySourceOutput.add_member(:policy_store_id, Shapes::ShapeRef.new(shape: PolicyStoreId, required: true, location_name: "policyStoreId"))
     GetIdentitySourceOutput.add_member(:principal_entity_type, Shapes::ShapeRef.new(shape: PrincipalEntityType, required: true, location_name: "principalEntityType"))
+    GetIdentitySourceOutput.add_member(:configuration, Shapes::ShapeRef.new(shape: ConfigurationDetail, location_name: "configuration"))
     GetIdentitySourceOutput.struct_class = Types::GetIdentitySourceOutput
 
     GetPolicyInput.add_member(:policy_store_id, Shapes::ShapeRef.new(shape: PolicyStoreId, required: true, location_name: "policyStoreId"))
@@ -404,10 +449,10 @@ module Aws::VerifiedPermissions
     GetSchemaOutput.add_member(:namespaces, Shapes::ShapeRef.new(shape: NamespaceList, location_name: "namespaces"))
     GetSchemaOutput.struct_class = Types::GetSchemaOutput
 
-    IdentitySourceDetails.add_member(:client_ids, Shapes::ShapeRef.new(shape: ClientIds, location_name: "clientIds"))
-    IdentitySourceDetails.add_member(:user_pool_arn, Shapes::ShapeRef.new(shape: UserPoolArn, location_name: "userPoolArn"))
-    IdentitySourceDetails.add_member(:discovery_url, Shapes::ShapeRef.new(shape: DiscoveryUrl, location_name: "discoveryUrl"))
-    IdentitySourceDetails.add_member(:open_id_issuer, Shapes::ShapeRef.new(shape: OpenIdIssuer, location_name: "openIdIssuer"))
+    IdentitySourceDetails.add_member(:client_ids, Shapes::ShapeRef.new(shape: ClientIds, deprecated: true, location_name: "clientIds", metadata: {"deprecatedMessage"=>"This attribute has been replaced by configuration.cognitoUserPoolConfiguration.clientIds"}))
+    IdentitySourceDetails.add_member(:user_pool_arn, Shapes::ShapeRef.new(shape: UserPoolArn, deprecated: true, location_name: "userPoolArn", metadata: {"deprecatedMessage"=>"This attribute has been replaced by configuration.cognitoUserPoolConfiguration.userPoolArn"}))
+    IdentitySourceDetails.add_member(:discovery_url, Shapes::ShapeRef.new(shape: DiscoveryUrl, deprecated: true, location_name: "discoveryUrl", metadata: {"deprecatedMessage"=>"This attribute has been replaced by configuration.cognitoUserPoolConfiguration.issuer"}))
+    IdentitySourceDetails.add_member(:open_id_issuer, Shapes::ShapeRef.new(shape: OpenIdIssuer, deprecated: true, location_name: "openIdIssuer", metadata: {"deprecatedMessage"=>"This attribute has been replaced by configuration"}))
     IdentitySourceDetails.struct_class = Types::IdentitySourceDetails
 
     IdentitySourceFilter.add_member(:principal_entity_type, Shapes::ShapeRef.new(shape: PrincipalEntityType, location_name: "principalEntityType"))
@@ -416,17 +461,18 @@ module Aws::VerifiedPermissions
     IdentitySourceFilters.member = Shapes::ShapeRef.new(shape: IdentitySourceFilter)
 
     IdentitySourceItem.add_member(:created_date, Shapes::ShapeRef.new(shape: TimestampFormat, required: true, location_name: "createdDate"))
-    IdentitySourceItem.add_member(:details, Shapes::ShapeRef.new(shape: IdentitySourceItemDetails, required: true, location_name: "details"))
+    IdentitySourceItem.add_member(:details, Shapes::ShapeRef.new(shape: IdentitySourceItemDetails, deprecated: true, location_name: "details", metadata: {"deprecatedMessage"=>"This attribute has been replaced by configuration.cognitoUserPoolConfiguration"}))
     IdentitySourceItem.add_member(:identity_source_id, Shapes::ShapeRef.new(shape: IdentitySourceId, required: true, location_name: "identitySourceId"))
     IdentitySourceItem.add_member(:last_updated_date, Shapes::ShapeRef.new(shape: TimestampFormat, required: true, location_name: "lastUpdatedDate"))
     IdentitySourceItem.add_member(:policy_store_id, Shapes::ShapeRef.new(shape: PolicyStoreId, required: true, location_name: "policyStoreId"))
     IdentitySourceItem.add_member(:principal_entity_type, Shapes::ShapeRef.new(shape: PrincipalEntityType, required: true, location_name: "principalEntityType"))
+    IdentitySourceItem.add_member(:configuration, Shapes::ShapeRef.new(shape: ConfigurationItem, location_name: "configuration"))
     IdentitySourceItem.struct_class = Types::IdentitySourceItem
 
-    IdentitySourceItemDetails.add_member(:client_ids, Shapes::ShapeRef.new(shape: ClientIds, location_name: "clientIds"))
-    IdentitySourceItemDetails.add_member(:user_pool_arn, Shapes::ShapeRef.new(shape: UserPoolArn, location_name: "userPoolArn"))
-    IdentitySourceItemDetails.add_member(:discovery_url, Shapes::ShapeRef.new(shape: DiscoveryUrl, location_name: "discoveryUrl"))
-    IdentitySourceItemDetails.add_member(:open_id_issuer, Shapes::ShapeRef.new(shape: OpenIdIssuer, location_name: "openIdIssuer"))
+    IdentitySourceItemDetails.add_member(:client_ids, Shapes::ShapeRef.new(shape: ClientIds, deprecated: true, location_name: "clientIds", metadata: {"deprecatedMessage"=>"This attribute has been replaced by configuration.cognitoUserPoolConfiguration.clientIds"}))
+    IdentitySourceItemDetails.add_member(:user_pool_arn, Shapes::ShapeRef.new(shape: UserPoolArn, deprecated: true, location_name: "userPoolArn", metadata: {"deprecatedMessage"=>"This attribute has been replaced by configuration.cognitoUserPoolConfiguration.userPoolArn"}))
+    IdentitySourceItemDetails.add_member(:discovery_url, Shapes::ShapeRef.new(shape: DiscoveryUrl, deprecated: true, location_name: "discoveryUrl", metadata: {"deprecatedMessage"=>"This attribute has been replaced by configuration.cognitoUserPoolConfiguration.issuer"}))
+    IdentitySourceItemDetails.add_member(:open_id_issuer, Shapes::ShapeRef.new(shape: OpenIdIssuer, deprecated: true, location_name: "openIdIssuer", metadata: {"deprecatedMessage"=>"This attribute has been replaced by configuration"}))
     IdentitySourceItemDetails.struct_class = Types::IdentitySourceItemDetails
 
     IdentitySources.member = Shapes::ShapeRef.new(shape: IdentitySourceItem)
@@ -459,6 +505,7 @@ module Aws::VerifiedPermissions
     IsAuthorizedWithTokenOutput.add_member(:decision, Shapes::ShapeRef.new(shape: Decision, required: true, location_name: "decision"))
     IsAuthorizedWithTokenOutput.add_member(:determining_policies, Shapes::ShapeRef.new(shape: DeterminingPolicyList, required: true, location_name: "determiningPolicies"))
     IsAuthorizedWithTokenOutput.add_member(:errors, Shapes::ShapeRef.new(shape: EvaluationErrorList, required: true, location_name: "errors"))
+    IsAuthorizedWithTokenOutput.add_member(:principal, Shapes::ShapeRef.new(shape: EntityIdentifier, location_name: "principal"))
     IsAuthorizedWithTokenOutput.struct_class = Types::IsAuthorizedWithTokenOutput
 
     ListIdentitySourcesInput.add_member(:policy_store_id, Shapes::ShapeRef.new(shape: PolicyStoreId, required: true, location_name: "policyStoreId"))
@@ -632,8 +679,12 @@ module Aws::VerifiedPermissions
     ThrottlingException.add_member(:quota_code, Shapes::ShapeRef.new(shape: String, location_name: "quotaCode"))
     ThrottlingException.struct_class = Types::ThrottlingException
 
+    UpdateCognitoGroupConfiguration.add_member(:group_entity_type, Shapes::ShapeRef.new(shape: GroupEntityType, required: true, location_name: "groupEntityType"))
+    UpdateCognitoGroupConfiguration.struct_class = Types::UpdateCognitoGroupConfiguration
+
     UpdateCognitoUserPoolConfiguration.add_member(:user_pool_arn, Shapes::ShapeRef.new(shape: UserPoolArn, required: true, location_name: "userPoolArn"))
     UpdateCognitoUserPoolConfiguration.add_member(:client_ids, Shapes::ShapeRef.new(shape: ClientIds, location_name: "clientIds"))
+    UpdateCognitoUserPoolConfiguration.add_member(:group_configuration, Shapes::ShapeRef.new(shape: UpdateCognitoGroupConfiguration, location_name: "groupConfiguration"))
     UpdateCognitoUserPoolConfiguration.struct_class = Types::UpdateCognitoUserPoolConfiguration
 
     UpdateConfiguration.add_member(:cognito_user_pool_configuration, Shapes::ShapeRef.new(shape: UpdateCognitoUserPoolConfiguration, location_name: "cognitoUserPoolConfiguration"))

data/lib/aws-sdk-verifiedpermissions/types.rb

@@ -201,13 +201,13 @@ module Aws::VerifiedPermissions
     #   @return [Types::EntityIdentifier]
     #
     # @!attribute [rw] action
-    #   Specifies the requested action to be authorized. For example, is the
-    #   principal authorized to perform this action on the resource?
+    #   Specifies the requested action to be authorized. For example,
+    #   `PhotoFlash::ReadPhoto`.
     #   @return [Types::ActionIdentifier]
     #
     # @!attribute [rw] resource
-    #   Specifies the resource for which the authorization decision is to be
-    #   made.
+    #   Specifies the resource that you want an authorization decision for.
+    #   For example, `PhotoFlash::Photo`.
     #   @return [Types::EntityIdentifier]
     #
     # @!attribute [rw] context
@@ -262,9 +262,9 @@ module Aws::VerifiedPermissions
     #   @return [Array<Types::DeterminingPolicyItem>]
     #
     # @!attribute [rw] errors
-    #   Errors that occurred while making an authorization decision, for
-    #   example, a policy references an Entity or entity Attribute that does
-    #   not exist in the slice.
+    #   Errors that occurred while making an authorization decision. For
+    #   example, a policy might reference an entity or attribute that
+    #   doesn't exist in the request.
     #   @return [Array<Types::EvaluationErrorItem>]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/BatchIsAuthorizedOutputItem AWS API Documentation
@@ -278,20 +278,94 @@ module Aws::VerifiedPermissions
       include Aws::Structure
     end
 
+    # The type of entity that a policy store maps to groups from an Amazon
+    # Cognito user pool identity source.
+    #
+    # This data type is part of a [CognitoUserPoolConfiguration][1]
+    # structure and is a request parameter in [CreateIdentitySource][2].
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_CognitoUserPoolConfiguration.html
+    # [2]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_CreateIdentitySource.html
+    #
+    # @!attribute [rw] group_entity_type
+    #   The name of the schema entity type that's mapped to the user pool
+    #   group. Defaults to `AWS::CognitoGroup`.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/CognitoGroupConfiguration AWS API Documentation
+    #
+    class CognitoGroupConfiguration < Struct.new(
+      :group_entity_type)
+      SENSITIVE = [:group_entity_type]
+      include Aws::Structure
+    end
+
+    # The type of entity that a policy store maps to groups from an Amazon
+    # Cognito user pool identity source.
+    #
+    # This data type is part of an [CognitoUserPoolConfigurationDetail][1]
+    # structure and is a response parameter to [GetIdentitySource][2].
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_CognitoUserPoolConfigurationItem.html
+    # [2]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_GetIdentitySource.html
+    #
+    # @!attribute [rw] group_entity_type
+    #   The name of the schema entity type that's mapped to the user pool
+    #   group. Defaults to `AWS::CognitoGroup`.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/CognitoGroupConfigurationDetail AWS API Documentation
+    #
+    class CognitoGroupConfigurationDetail < Struct.new(
+      :group_entity_type)
+      SENSITIVE = [:group_entity_type]
+      include Aws::Structure
+    end
+
+    # The type of entity that a policy store maps to groups from an Amazon
+    # Cognito user pool identity source.
+    #
+    # This data type is part of an [CognitoUserPoolConfigurationItem][1]
+    # structure and is a response parameter to [ListIdentitySources][2].
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_CognitoUserPoolConfigurationDetail.html
+    # [2]: http://forums.aws.amazon.com/verifiedpermissions/latest/apireference/API_ListIdentitySources.html
+    #
+    # @!attribute [rw] group_entity_type
+    #   The name of the schema entity type that's mapped to the user pool
+    #   group. Defaults to `AWS::CognitoGroup`.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/CognitoGroupConfigurationItem AWS API Documentation
+    #
+    class CognitoGroupConfigurationItem < Struct.new(
+      :group_entity_type)
+      SENSITIVE = [:group_entity_type]
+      include Aws::Structure
+    end
+
     # The configuration for an identity source that represents a connection
     # to an Amazon Cognito user pool used as an identity provider for
     # Verified Permissions.
     #
     # This data type is used as a field that is part of an
-    # [Configuration][1] structure that is used as a parameter to the
-    # [Configuration][1].
+    # [Configuration][1] structure that is used as a parameter to
+    # [CreateIdentitySource][2].
     #
     # Example:`"CognitoUserPoolConfiguration":\{"UserPoolArn":"arn:aws:cognito-idp:us-east-1:123456789012:userpool/us-east-1_1a2b3c4d5","ClientIds":
-    # ["a1b2c3d4e5f6g7h8i9j0kalbmc"]\}`
+    # ["a1b2c3d4e5f6g7h8i9j0kalbmc"],"groupConfiguration":
+    # \{"groupEntityType": "MyCorp::Group"\}\}`
     #
     #
     #
     # [1]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_Configuration.html
+    # [2]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_CreateIdentitySource.html
     #
     # @!attribute [rw] user_pool_arn
     #   The [Amazon Resource Name (ARN)][1] of the Amazon Cognito user pool
@@ -312,11 +386,137 @@ module Aws::VerifiedPermissions
     #   Example: `"ClientIds": ["&ExampleCogClientId;"]`
     #   @return [Array<String>]
     #
+    # @!attribute [rw] group_configuration
+    #   The type of entity that a policy store maps to groups from an Amazon
+    #   Cognito user pool identity source.
+    #   @return [Types::CognitoGroupConfiguration]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/CognitoUserPoolConfiguration AWS API Documentation
     #
     class CognitoUserPoolConfiguration < Struct.new(
       :user_pool_arn,
-      :client_ids)
+      :client_ids,
+      :group_configuration)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # The configuration for an identity source that represents a connection
+    # to an Amazon Cognito user pool used as an identity provider for
+    # Verified Permissions.
+    #
+    # This data type is used as a field that is part of an
+    # [ConfigurationDetail][1] structure that is part of the response to
+    # [GetIdentitySource][2].
+    #
+    # Example:`"CognitoUserPoolConfiguration":\{"UserPoolArn":"arn:aws:cognito-idp:us-east-1:123456789012:userpool/us-east-1_1a2b3c4d5","ClientIds":
+    # ["a1b2c3d4e5f6g7h8i9j0kalbmc"],"groupConfiguration":
+    # \{"groupEntityType": "MyCorp::Group"\}\}`
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_ConfigurationDetail.html
+    # [2]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_GetIdentitySource.html
+    #
+    # @!attribute [rw] user_pool_arn
+    #   The [Amazon Resource Name (ARN)][1] of the Amazon Cognito user pool
+    #   that contains the identities to be authorized.
+    #
+    #   Example: `"userPoolArn":
+    #   "arn:aws:cognito-idp:us-east-1:123456789012:userpool/us-east-1_1a2b3c4d5"`
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html
+    #   @return [String]
+    #
+    # @!attribute [rw] client_ids
+    #   The unique application client IDs that are associated with the
+    #   specified Amazon Cognito user pool.
+    #
+    #   Example: `"clientIds": ["&ExampleCogClientId;"]`
+    #   @return [Array<String>]
+    #
+    # @!attribute [rw] issuer
+    #   The OpenID Connect (OIDC) `issuer` ID of the Amazon Cognito user
+    #   pool that contains the identities to be authorized.
+    #
+    #   Example: `"issuer":
+    #   "https://cognito-idp.us-east-1.amazonaws.com/us-east-1_1a2b3c4d5"`
+    #   @return [String]
+    #
+    # @!attribute [rw] group_configuration
+    #   The type of entity that a policy store maps to groups from an Amazon
+    #   Cognito user pool identity source.
+    #   @return [Types::CognitoGroupConfigurationDetail]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/CognitoUserPoolConfigurationDetail AWS API Documentation
+    #
+    class CognitoUserPoolConfigurationDetail < Struct.new(
+      :user_pool_arn,
+      :client_ids,
+      :issuer,
+      :group_configuration)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # The configuration for an identity source that represents a connection
+    # to an Amazon Cognito user pool used as an identity provider for
+    # Verified Permissions.
+    #
+    # This data type is used as a field that is part of the
+    # [ConfigurationItem][1] structure that is part of the response to
+    # [ListIdentitySources][2].
+    #
+    # Example:`"CognitoUserPoolConfiguration":\{"UserPoolArn":"arn:aws:cognito-idp:us-east-1:123456789012:userpool/us-east-1_1a2b3c4d5","ClientIds":
+    # ["a1b2c3d4e5f6g7h8i9j0kalbmc"],"groupConfiguration":
+    # \{"groupEntityType": "MyCorp::Group"\}\}`
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_ConfigurationItem.html
+    # [2]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_ListIdentitySources.html
+    #
+    # @!attribute [rw] user_pool_arn
+    #   The [Amazon Resource Name (ARN)][1] of the Amazon Cognito user pool
+    #   that contains the identities to be authorized.
+    #
+    #   Example: `"userPoolArn":
+    #   "arn:aws:cognito-idp:us-east-1:123456789012:userpool/us-east-1_1a2b3c4d5"`
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html
+    #   @return [String]
+    #
+    # @!attribute [rw] client_ids
+    #   The unique application client IDs that are associated with the
+    #   specified Amazon Cognito user pool.
+    #
+    #   Example: `"clientIds": ["&ExampleCogClientId;"]`
+    #   @return [Array<String>]
+    #
+    # @!attribute [rw] issuer
+    #   The OpenID Connect (OIDC) `issuer` ID of the Amazon Cognito user
+    #   pool that contains the identities to be authorized.
+    #
+    #   Example: `"issuer":
+    #   "https://cognito-idp.us-east-1.amazonaws.com/us-east-1_1a2b3c4d5"`
+    #   @return [String]
+    #
+    # @!attribute [rw] group_configuration
+    #   The type of entity that a policy store maps to groups from an Amazon
+    #   Cognito user pool identity source.
+    #   @return [Types::CognitoGroupConfigurationItem]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/CognitoUserPoolConfigurationItem AWS API Documentation
+    #
+    class CognitoUserPoolConfigurationItem < Struct.new(
+      :user_pool_arn,
+      :client_ids,
+      :issuer,
+      :group_configuration)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -327,7 +527,7 @@ module Aws::VerifiedPermissions
     # <note markdown="1"> At this time, the only valid member of this structure is a Amazon
     # Cognito user pool configuration.
     #
-    #  You must specify a `userPoolArn`, and optionally, a `ClientId`.
+    #  Specifies a `userPoolArn`, a `groupConfiguration`, and a `ClientId`.
     #
     #  </note>
     #
@@ -348,7 +548,8 @@ module Aws::VerifiedPermissions
     #
     #   Example:
     #   `"configuration":\{"cognitoUserPoolConfiguration":\{"userPoolArn":"arn:aws:cognito-idp:us-east-1:123456789012:userpool/us-east-1_1a2b3c4d5","clientIds":
-    #   ["a1b2c3d4e5f6g7h8i9j0kalbmc"]\}\}`
+    #   ["a1b2c3d4e5f6g7h8i9j0kalbmc"],"groupConfiguration":
+    #   \{"groupEntityType": "MyCorp::Group"\}\}\}`
     #
     #
     #
@@ -368,6 +569,88 @@ module Aws::VerifiedPermissions
       class Unknown < Configuration; end
     end
 
+    # Contains configuration information about an identity source.
+    #
+    # This data type is a response parameter to the [GetIdentitySource][1]
+    # operation.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_GetIdentitySource.html
+    #
+    # @note ConfigurationDetail is a union - when returned from an API call exactly one value will be set and the returned type will be a subclass of ConfigurationDetail corresponding to the set member.
+    #
+    # @!attribute [rw] cognito_user_pool_configuration
+    #   Contains configuration details of a Amazon Cognito user pool that
+    #   Verified Permissions can use as a source of authenticated identities
+    #   as entities. It specifies the [Amazon Resource Name (ARN)][1] of a
+    #   Amazon Cognito user pool, the policy store entity that you want to
+    #   assign to user groups, and one or more application client IDs.
+    #
+    #   Example:
+    #   `"configuration":\{"cognitoUserPoolConfiguration":\{"userPoolArn":"arn:aws:cognito-idp:us-east-1:123456789012:userpool/us-east-1_1a2b3c4d5","clientIds":
+    #   ["a1b2c3d4e5f6g7h8i9j0kalbmc"],"groupConfiguration":
+    #   \{"groupEntityType": "MyCorp::Group"\}\}\}`
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html
+    #   @return [Types::CognitoUserPoolConfigurationDetail]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/ConfigurationDetail AWS API Documentation
+    #
+    class ConfigurationDetail < Struct.new(
+      :cognito_user_pool_configuration,
+      :unknown)
+      SENSITIVE = []
+      include Aws::Structure
+      include Aws::Structure::Union
+
+      class CognitoUserPoolConfiguration < ConfigurationDetail; end
+      class Unknown < ConfigurationDetail; end
+    end
+
+    # Contains configuration information about an identity source.
+    #
+    # This data type is a response parameter to the [ListIdentitySources][1]
+    # operation.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_ListIdentitySources.html
+    #
+    # @note ConfigurationItem is a union - when returned from an API call exactly one value will be set and the returned type will be a subclass of ConfigurationItem corresponding to the set member.
+    #
+    # @!attribute [rw] cognito_user_pool_configuration
+    #   Contains configuration details of a Amazon Cognito user pool that
+    #   Verified Permissions can use as a source of authenticated identities
+    #   as entities. It specifies the [Amazon Resource Name (ARN)][1] of a
+    #   Amazon Cognito user pool, the policy store entity that you want to
+    #   assign to user groups, and one or more application client IDs.
+    #
+    #   Example:
+    #   `"configuration":\{"cognitoUserPoolConfiguration":\{"userPoolArn":"arn:aws:cognito-idp:us-east-1:123456789012:userpool/us-east-1_1a2b3c4d5","clientIds":
+    #   ["a1b2c3d4e5f6g7h8i9j0kalbmc"],"groupConfiguration":
+    #   \{"groupEntityType": "MyCorp::Group"\}\}\}`
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html
+    #   @return [Types::CognitoUserPoolConfigurationItem]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/ConfigurationItem AWS API Documentation
+    #
+    class ConfigurationItem < Struct.new(
+      :cognito_user_pool_configuration,
+      :unknown)
+      SENSITIVE = []
+      include Aws::Structure
+      include Aws::Structure::Union
+
+      class CognitoUserPoolConfiguration < ConfigurationItem; end
+      class Unknown < ConfigurationItem; end
+    end
+
     # The request failed because another request to modify a resource
     # occurred at the same.
     #
@@ -442,8 +725,13 @@ module Aws::VerifiedPermissions
     #   a random one for you.
     #
     #   If you retry the operation with the same `ClientToken`, but with
-    #   different parameters, the retry fails with an
-    #   `IdempotentParameterMismatch` error.
+    #   different parameters, the retry fails with an `ConflictException`
+    #   error.
+    #
+    #   Verified Permissions recognizes a `ClientToken` for eight hours.
+    #   After eight hours, the next request with the same parameters
+    #   performs the operation again regardless of the value of
+    #   `ClientToken`.
     #
     #   **A suitable default value is auto-generated.** You should normally
     #   not need to pass this option.
@@ -527,8 +815,13 @@ module Aws::VerifiedPermissions
     #   a random one for you.
     #
     #   If you retry the operation with the same `ClientToken`, but with
-    #   different parameters, the retry fails with an
-    #   `IdempotentParameterMismatch` error.
+    #   different parameters, the retry fails with an `ConflictException`
+    #   error.
+    #
+    #   Verified Permissions recognizes a `ClientToken` for eight hours.
+    #   After eight hours, the next request with the same parameters
+    #   performs the operation again regardless of the value of
+    #   `ClientToken`.
     #
     #   **A suitable default value is auto-generated.** You should normally
     #   not need to pass this option.
@@ -618,8 +911,13 @@ module Aws::VerifiedPermissions
     #   a random one for you.
     #
     #   If you retry the operation with the same `ClientToken`, but with
-    #   different parameters, the retry fails with an
-    #   `IdempotentParameterMismatch` error.
+    #   different parameters, the retry fails with an `ConflictException`
+    #   error.
+    #
+    #   Verified Permissions recognizes a `ClientToken` for eight hours.
+    #   After eight hours, the next request with the same parameters
+    #   performs the operation again regardless of the value of
+    #   `ClientToken`.
     #
     #   **A suitable default value is auto-generated.** You should normally
     #   not need to pass this option.
@@ -700,8 +998,13 @@ module Aws::VerifiedPermissions
     #   a random one for you.
     #
     #   If you retry the operation with the same `ClientToken`, but with
-    #   different parameters, the retry fails with an
-    #   `IdempotentParameterMismatch` error.
+    #   different parameters, the retry fails with an `ConflictException`
+    #   error.
+    #
+    #   Verified Permissions recognizes a `ClientToken` for eight hours.
+    #   After eight hours, the next request with the same parameters
+    #   performs the operation again regardless of the value of
+    #   `ClientToken`.
     #
     #   **A suitable default value is auto-generated.** You should normally
     #   not need to pass this option.
@@ -1086,6 +1389,10 @@ module Aws::VerifiedPermissions
     #   by this identity source.
     #   @return [String]
     #
+    # @!attribute [rw] configuration
+    #   Contains configuration information about an identity source.
+    #   @return [Types::ConfigurationDetail]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/GetIdentitySourceOutput AWS API Documentation
     #
     class GetIdentitySourceOutput < Struct.new(
@@ -1094,7 +1401,8 @@ module Aws::VerifiedPermissions
       :identity_source_id,
       :last_updated_date,
       :policy_store_id,
-      :principal_entity_type)
+      :principal_entity_type,
+      :configuration)
       SENSITIVE = [:principal_entity_type]
       include Aws::Structure
     end
@@ -1324,12 +1632,13 @@ module Aws::VerifiedPermissions
 
     # A structure that contains configuration of the identity source.
     #
-    # This data type is used as a response parameter for the
-    # [CreateIdentitySource][1] operation.
+    # This data type was a response parameter for the [GetIdentitySource][1]
+    # operation. Replaced by [ConfigurationDetail][2].
     #
     #
     #
-    # [1]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_CreateIdentitySource.html
+    # [1]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_GetIdentitySource.html
+    # [2]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_ConfigurationDetail.html
     #
     # @!attribute [rw] client_ids
     #   The application client IDs associated with the specified Amazon
@@ -1377,8 +1686,8 @@ module Aws::VerifiedPermissions
     # A structure that defines characteristics of an identity source that
     # you can use to filter.
     #
-    # This data type is used as a request parameter for the
-    # [ListIdentityStores][1] operation.
+    # This data type is a request parameter for the [ListIdentityStores][1]
+    # operation.
     #
     #
     #
@@ -1399,12 +1708,12 @@ module Aws::VerifiedPermissions
 
     # A structure that defines an identity source.
     #
-    # This data type is used as a request parameter for the
-    # [ListIdentityStores][1] operation.
+    # This data type is a response parameter to the [ListIdentitySources][1]
+    # operation.
     #
     #
     #
-    # [1]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_ListIdentityStores.html
+    # [1]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_ListIdentitySources.html
     #
     # @!attribute [rw] created_date
     #   The date and time the identity source was originally created.
@@ -1433,6 +1742,10 @@ module Aws::VerifiedPermissions
     #   associated with this identity source.
     #   @return [String]
     #
+    # @!attribute [rw] configuration
+    #   Contains configuration information about an identity source.
+    #   @return [Types::ConfigurationItem]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/IdentitySourceItem AWS API Documentation
     #
     class IdentitySourceItem < Struct.new(
@@ -1441,19 +1754,22 @@ module Aws::VerifiedPermissions
       :identity_source_id,
       :last_updated_date,
       :policy_store_id,
-      :principal_entity_type)
+      :principal_entity_type,
+      :configuration)
       SENSITIVE = [:principal_entity_type]
       include Aws::Structure
     end
 
     # A structure that contains configuration of the identity source.
     #
-    # This data type is used as a response parameter for the
-    # [CreateIdentitySource][1] operation.
+    # This data type was a response parameter for the
+    # [ListIdentitySources][1] operation. Replaced by
+    # [ConfigurationItem][2].
     #
     #
     #
-    # [1]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_CreateIdentitySource.html
+    # [1]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_ListIdentitySources.html
+    # [2]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_ConfigurationItem.html
     #
     # @!attribute [rw] client_ids
     #   The application client IDs associated with the specified Amazon
@@ -1597,14 +1913,20 @@ module Aws::VerifiedPermissions
     #   Specifies an identity token for the principal to be authorized. This
     #   token is provided to you by the identity provider (IdP) associated
     #   with the specified identity source. You must specify either an
-    #   `AccessToken` or an `IdentityToken`, or both.
+    #   `accessToken`, an `identityToken`, or both.
+    #
+    #   Must be an ID token. Verified Permissions returns an error if the
+    #   `token_use` claim in the submitted token isn't `id`.
     #   @return [String]
     #
     # @!attribute [rw] access_token
     #   Specifies an access token for the principal to be authorized. This
     #   token is provided to you by the identity provider (IdP) associated
     #   with the specified identity source. You must specify either an
-    #   `AccessToken`, or an `IdentityToken`, or both.
+    #   `accessToken`, an `identityToken`, or both.
+    #
+    #   Must be an access token. Verified Permissions returns an error if
+    #   the `token_use` claim in the submitted token isn't `access`.
     #   @return [String]
     #
     # @!attribute [rw] action
@@ -1676,12 +1998,17 @@ module Aws::VerifiedPermissions
     #   not exist in the slice.
     #   @return [Array<Types::EvaluationErrorItem>]
     #
+    # @!attribute [rw] principal
+    #   The identifier of the principal in the ID or access token.
+    #   @return [Types::EntityIdentifier]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/IsAuthorizedWithTokenOutput AWS API Documentation
     #
     class IsAuthorizedWithTokenOutput < Struct.new(
       :decision,
       :determining_policies,
-      :errors)
+      :errors,
+      :principal)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -2509,13 +2836,8 @@ module Aws::VerifiedPermissions
       include Aws::Structure
     end
 
-    # Contains information about a policy that was
-    #
-    #
-    #
-    # created by instantiating a policy template.
-    #
-    # This
+    # Contains information about a policy that was created by instantiating
+    # a policy template.
     #
     # @!attribute [rw] policy_template_id
     #   The unique identifier of the policy template used to create this
@@ -2604,6 +2926,22 @@ module Aws::VerifiedPermissions
       include Aws::Structure
     end
 
+    # The user group entities from an Amazon Cognito user pool identity
+    # source.
+    #
+    # @!attribute [rw] group_entity_type
+    #   The name of the schema entity type that's mapped to the user pool
+    #   group. Defaults to `AWS::CognitoGroup`.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/UpdateCognitoGroupConfiguration AWS API Documentation
+    #
+    class UpdateCognitoGroupConfiguration < Struct.new(
+      :group_entity_type)
+      SENSITIVE = [:group_entity_type]
+      include Aws::Structure
+    end
+
     # Contains configuration details of a Amazon Cognito user pool for use
     # with an identity source.
     #
@@ -2621,11 +2959,17 @@ module Aws::VerifiedPermissions
     #   Amazon Cognito user pool.
     #   @return [Array<String>]
     #
+    # @!attribute [rw] group_configuration
+    #   The configuration of the user groups from an Amazon Cognito user
+    #   pool identity source.
+    #   @return [Types::UpdateCognitoGroupConfiguration]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/UpdateCognitoUserPoolConfiguration AWS API Documentation
     #
     class UpdateCognitoUserPoolConfiguration < Struct.new(
       :user_pool_arn,
-      :client_ids)
+      :client_ids,
+      :group_configuration)
       SENSITIVE = []
       include Aws::Structure
     end

data/lib/aws-sdk-verifiedpermissions.rb

@@ -53,6 +53,6 @@ require_relative 'aws-sdk-verifiedpermissions/customizations'
 # @!group service
 module Aws::VerifiedPermissions
 
-  GEM_VERSION = '1.16.0'
+  GEM_VERSION = '1.18.0'
 
 end

data/sig/client.rbs

@@ -133,7 +133,10 @@ module Aws
                                     configuration: {
                                       cognito_user_pool_configuration: {
                                         user_pool_arn: ::String,
-                                        client_ids: Array[::String]?
+                                        client_ids: Array[::String]?,
+                                        group_configuration: {
+                                          group_entity_type: ::String
+                                        }?
                                       }?
                                     },
                                     ?principal_entity_type: ::String
@@ -254,6 +257,7 @@ module Aws
         def last_updated_date: () -> ::Time
         def policy_store_id: () -> ::String
         def principal_entity_type: () -> ::String
+        def configuration: () -> Types::ConfigurationDetail
       end
       # https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/VerifiedPermissions/Client.html#get_identity_source-instance_method
       def get_identity_source: (
@@ -374,6 +378,7 @@ module Aws
         def decision: () -> ("ALLOW" | "DENY")
         def determining_policies: () -> ::Array[Types::DeterminingPolicyItem]
         def errors: () -> ::Array[Types::EvaluationErrorItem]
+        def principal: () -> Types::EntityIdentifier
       end
       # https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/VerifiedPermissions/Client.html#is_authorized_with_token-instance_method
       def is_authorized_with_token: (
@@ -515,7 +520,10 @@ module Aws
                                     update_configuration: {
                                       cognito_user_pool_configuration: {
                                         user_pool_arn: ::String,
-                                        client_ids: Array[::String]?
+                                        client_ids: Array[::String]?,
+                                        group_configuration: {
+                                          group_entity_type: ::String
+                                        }?
                                       }?
                                     },
                                     ?principal_entity_type: ::String

data/sig/types.rbs

@@ -73,9 +73,41 @@ module Aws::VerifiedPermissions
       SENSITIVE: []
     end
 
+    class CognitoGroupConfiguration
+      attr_accessor group_entity_type: ::String
+      SENSITIVE: [:group_entity_type]
+    end
+
+    class CognitoGroupConfigurationDetail
+      attr_accessor group_entity_type: ::String
+      SENSITIVE: [:group_entity_type]
+    end
+
+    class CognitoGroupConfigurationItem
+      attr_accessor group_entity_type: ::String
+      SENSITIVE: [:group_entity_type]
+    end
+
     class CognitoUserPoolConfiguration
       attr_accessor user_pool_arn: ::String
       attr_accessor client_ids: ::Array[::String]
+      attr_accessor group_configuration: Types::CognitoGroupConfiguration
+      SENSITIVE: []
+    end
+
+    class CognitoUserPoolConfigurationDetail
+      attr_accessor user_pool_arn: ::String
+      attr_accessor client_ids: ::Array[::String]
+      attr_accessor issuer: ::String
+      attr_accessor group_configuration: Types::CognitoGroupConfigurationDetail
+      SENSITIVE: []
+    end
+
+    class CognitoUserPoolConfigurationItem
+      attr_accessor user_pool_arn: ::String
+      attr_accessor client_ids: ::Array[::String]
+      attr_accessor issuer: ::String
+      attr_accessor group_configuration: Types::CognitoGroupConfigurationItem
       SENSITIVE: []
     end
 
@@ -90,6 +122,28 @@ module Aws::VerifiedPermissions
       end
     end
 
+    class ConfigurationDetail
+      attr_accessor cognito_user_pool_configuration: Types::CognitoUserPoolConfigurationDetail
+      attr_accessor unknown: untyped
+      SENSITIVE: []
+
+      class CognitoUserPoolConfiguration < ConfigurationDetail
+      end
+      class Unknown < ConfigurationDetail
+      end
+    end
+
+    class ConfigurationItem
+      attr_accessor cognito_user_pool_configuration: Types::CognitoUserPoolConfigurationItem
+      attr_accessor unknown: untyped
+      SENSITIVE: []
+
+      class CognitoUserPoolConfiguration < ConfigurationItem
+      end
+      class Unknown < ConfigurationItem
+      end
+    end
+
     class ConflictException
       attr_accessor message: ::String
       attr_accessor resources: ::Array[Types::ResourceConflict]
@@ -268,6 +322,7 @@ module Aws::VerifiedPermissions
       attr_accessor last_updated_date: ::Time
       attr_accessor policy_store_id: ::String
       attr_accessor principal_entity_type: ::String
+      attr_accessor configuration: Types::ConfigurationDetail
       SENSITIVE: [:principal_entity_type]
     end
 
@@ -354,6 +409,7 @@ module Aws::VerifiedPermissions
       attr_accessor last_updated_date: ::Time
       attr_accessor policy_store_id: ::String
       attr_accessor principal_entity_type: ::String
+      attr_accessor configuration: Types::ConfigurationItem
       SENSITIVE: [:principal_entity_type]
     end
 
@@ -402,6 +458,7 @@ module Aws::VerifiedPermissions
       attr_accessor decision: ("ALLOW" | "DENY")
       attr_accessor determining_policies: ::Array[Types::DeterminingPolicyItem]
       attr_accessor errors: ::Array[Types::EvaluationErrorItem]
+      attr_accessor principal: Types::EntityIdentifier
       SENSITIVE: []
     end
 
@@ -630,9 +687,15 @@ module Aws::VerifiedPermissions
       SENSITIVE: []
     end
 
+    class UpdateCognitoGroupConfiguration
+      attr_accessor group_entity_type: ::String
+      SENSITIVE: [:group_entity_type]
+    end
+
     class UpdateCognitoUserPoolConfiguration
       attr_accessor user_pool_arn: ::String
       attr_accessor client_ids: ::Array[::String]
+      attr_accessor group_configuration: Types::UpdateCognitoGroupConfiguration
       SENSITIVE: []
     end
 

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: aws-sdk-verifiedpermissions
 version: !ruby/object:Gem::Version
-  version: 1.16.0
+  version: 1.18.0
 platform: ruby
 authors:
 - Amazon Web Services
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2024-01-26 00:00:00.000000000 Z
+date: 2024-04-04 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk-core