aws-sdk-verifiedpermissions 1.23.0 → 1.25.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 9c5f4c00b98f6913e06959231c209202b8cabcc7fa2d1d4fe58ff98ff3c8ef45
4
- data.tar.gz: 1fc4d59e1d9a64b1c449b266c6ae63fbf3bde1ae36d9b697dc1a1a78a34ad7a7
3
+ metadata.gz: 7436aa408f12f700718c05bfb4fcfdf6aae6b8942cb2614920905c6431343321
4
+ data.tar.gz: 1fb625e734f40e67e70eecc74845e9ffeed485316aa086020b9d25960b0fa6ec
5
5
  SHA512:
6
- metadata.gz: 6d8e29388fecd0a0d9d08679444c9502c88e8ad57a52883c75fc53d5e963bb08cf492b85c6cb42da205ea2f3c8ad5d25b87230c6c9c53ebcd8c5d6631d07a518
7
- data.tar.gz: 726cbf8ce3143b6c608e08e7d161338b1715a9a095b39af7c928e816b46cf93160a7b03105ad2c68a758a1ed43a13195e4747a85dd7a5bdd2165f1e47ccaa420
6
+ metadata.gz: d8833c450d1461dc11daca50e02950864a7f65c86ca77f38618143d8016179889ac6dd96cfe19887284b48a1e0c826300dd8148bc2a0b41bac20b644420da781
7
+ data.tar.gz: 35e209be86d428bfe0ac0f173679df8bcdb903789b54ad9ee1d51724488873fb1963f3d32aa380bce604379ebb7792cbf5f95755ccc9e394dd9be3ef0ccc6d2a
data/CHANGELOG.md CHANGED
@@ -1,6 +1,16 @@
1
1
  Unreleased Changes
2
2
  ------------------
3
3
 
4
+ 1.25.0 (2024-06-24)
5
+ ------------------
6
+
7
+ * Feature - Code Generated Changes, see `./build_tools` or `aws-sdk-core`'s CHANGELOG.md for details.
8
+
9
+ 1.24.0 (2024-06-07)
10
+ ------------------
11
+
12
+ * Feature - This release adds OpenIdConnect (OIDC) configuration support for IdentitySources, allowing for external IDPs to be used in authorization requests.
13
+
4
14
  1.23.0 (2024-06-05)
5
15
  ------------------
6
16
 
data/VERSION CHANGED
@@ -1 +1 @@
1
- 1.23.0
1
+ 1.25.0
@@ -89,6 +89,11 @@ module Aws::VerifiedPermissions
89
89
 
90
90
  # @overload initialize(options)
91
91
  # @param [Hash] options
92
+ #
93
+ # @option options [Array<Seahorse::Client::Plugin>] :plugins ([]])
94
+ # A list of plugins to apply to the client. Each plugin is either a
95
+ # class name or an instance of a plugin class.
96
+ #
92
97
  # @option options [required, Aws::CredentialProvider] :credentials
93
98
  # Your AWS credentials. This can be an instance of any one of the
94
99
  # following classes:
@@ -209,7 +214,6 @@ module Aws::VerifiedPermissions
209
214
  # 'https://example.com'
210
215
  # 'http://example.com:123'
211
216
  #
212
- #
213
217
  # @option options [Integer] :endpoint_cache_max_entries (1000)
214
218
  # Used for the maximum size limit of the LRU cache storing endpoints data
215
219
  # for endpoint discovery enabled operations. Defaults to 1000.
@@ -298,7 +302,6 @@ module Aws::VerifiedPermissions
298
302
  # throttling. This is a provisional mode that may change behavior
299
303
  # in the future.
300
304
  #
301
- #
302
305
  # @option options [String] :sdk_ua_app_id
303
306
  # A unique and opaque application ID that is appended to the
304
307
  # User-Agent header as app/sdk_ua_app_id. It should have a
@@ -689,37 +692,34 @@ module Aws::VerifiedPermissions
689
692
  req.send_request(options)
690
693
  end
691
694
 
692
- # Creates a reference to an Amazon Cognito user pool as an external
693
- # identity provider (IdP).
695
+ # Adds an identity source to a policy store–an Amazon Cognito user pool
696
+ # or OpenID Connect (OIDC) identity provider (IdP).
694
697
  #
695
698
  # After you create an identity source, you can use the identities
696
699
  # provided by the IdP as proxies for the principal in authorization
697
- # queries that use the [IsAuthorizedWithToken][1] operation. These
698
- # identities take the form of tokens that contain claims about the user,
699
- # such as IDs, attributes and group memberships. Amazon Cognito provides
700
- # both identity tokens and access tokens, and Verified Permissions can
701
- # use either or both. Any combination of identity and access tokens
702
- # results in the same Cedar principal. Verified Permissions
703
- # automatically translates the information about the identities into the
704
- # standard Cedar attributes that can be evaluated by your policies.
705
- # Because the Amazon Cognito identity and access tokens can contain
706
- # different information, the tokens you choose to use determine which
707
- # principal attributes are available to access when evaluating Cedar
708
- # policies.
709
- #
710
- # If you delete a Amazon Cognito user pool or user, tokens from that
711
- # deleted pool or that deleted user continue to be usable until they
712
- # expire.
700
+ # queries that use the [IsAuthorizedWithToken][1] or
701
+ # [BatchIsAuthorizedWithToken][2] API operations. These identities take
702
+ # the form of tokens that contain claims about the user, such as IDs,
703
+ # attributes and group memberships. Identity sources provide identity
704
+ # (ID) tokens and access tokens. Verified Permissions derives
705
+ # information about your user and session from token claims. Access
706
+ # tokens provide action `context` to your policies, and ID tokens
707
+ # provide principal `Attributes`.
708
+ #
709
+ # Tokens from an identity source user continue to be usable until they
710
+ # expire. Token revocation and resource deletion have no effect on the
711
+ # validity of a token in your policy store
713
712
  #
714
713
  # <note markdown="1"> To reference a user from this identity source in your Cedar policies,
715
- # use the following syntax.
714
+ # refer to the following syntax examples.
716
715
  #
717
- # *IdentityType::"&lt;CognitoUserPoolIdentifier&gt;\|&lt;CognitoClientId&gt;*
716
+ # * Amazon Cognito user pool: `Namespace::[Entity type]::[User pool
717
+ # ID]|[user principal attribute]`, for example
718
+ # `MyCorp::User::us-east-1_EXAMPLE|a1b2c3d4-5678-90ab-cdef-EXAMPLE11111`.
718
719
  #
719
- # Where `IdentityType` is the string that you provide to the
720
- # `PrincipalEntityType` parameter for this operation. The
721
- # `CognitoUserPoolId` and `CognitoClientId` are defined by the Amazon
722
- # Cognito user pool.
720
+ # * OpenID Connect (OIDC) provider: `Namespace::[Entity
721
+ # type]::[principalIdClaim]|[user principal attribute]`, for example
722
+ # `MyCorp::User::MyOIDCProvider|a1b2c3d4-5678-90ab-cdef-EXAMPLE22222`.
723
723
  #
724
724
  # </note>
725
725
  #
@@ -734,6 +734,7 @@ module Aws::VerifiedPermissions
734
734
  #
735
735
  #
736
736
  # [1]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_IsAuthorizedWithToken.html
737
+ # [2]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_BatchIsAuthorizedWithToken.html
737
738
  #
738
739
  # @option params [String] :client_token
739
740
  # Specifies a unique, case-sensitive ID that you provide to ensure the
@@ -771,13 +772,6 @@ module Aws::VerifiedPermissions
771
772
  # Specifies the details required to communicate with the identity
772
773
  # provider (IdP) associated with this identity source.
773
774
  #
774
- # <note markdown="1"> At this time, the only valid member of this structure is a Amazon
775
- # Cognito user pool configuration.
776
- #
777
- # You must specify a `UserPoolArn`, and optionally, a `ClientId`.
778
- #
779
- # </note>
780
- #
781
775
  # @option params [String] :principal_entity_type
782
776
  # Specifies the namespace and data type of the principals generated for
783
777
  # identities authenticated by the new identity source.
@@ -802,6 +796,24 @@ module Aws::VerifiedPermissions
802
796
  # group_entity_type: "GroupEntityType", # required
803
797
  # },
804
798
  # },
799
+ # open_id_connect_configuration: {
800
+ # issuer: "Issuer", # required
801
+ # entity_id_prefix: "EntityIdPrefix",
802
+ # group_configuration: {
803
+ # group_claim: "Claim", # required
804
+ # group_entity_type: "GroupEntityType", # required
805
+ # },
806
+ # token_selection: { # required
807
+ # access_token_only: {
808
+ # principal_id_claim: "Claim",
809
+ # audiences: ["Audience"],
810
+ # },
811
+ # identity_token_only: {
812
+ # principal_id_claim: "Claim",
813
+ # client_ids: ["ClientId"],
814
+ # },
815
+ # },
816
+ # },
805
817
  # },
806
818
  # principal_entity_type: "PrincipalEntityType",
807
819
  # })
@@ -1298,6 +1310,16 @@ module Aws::VerifiedPermissions
1298
1310
  # resp.configuration.cognito_user_pool_configuration.client_ids[0] #=> String
1299
1311
  # resp.configuration.cognito_user_pool_configuration.issuer #=> String
1300
1312
  # resp.configuration.cognito_user_pool_configuration.group_configuration.group_entity_type #=> String
1313
+ # resp.configuration.open_id_connect_configuration.issuer #=> String
1314
+ # resp.configuration.open_id_connect_configuration.entity_id_prefix #=> String
1315
+ # resp.configuration.open_id_connect_configuration.group_configuration.group_claim #=> String
1316
+ # resp.configuration.open_id_connect_configuration.group_configuration.group_entity_type #=> String
1317
+ # resp.configuration.open_id_connect_configuration.token_selection.access_token_only.principal_id_claim #=> String
1318
+ # resp.configuration.open_id_connect_configuration.token_selection.access_token_only.audiences #=> Array
1319
+ # resp.configuration.open_id_connect_configuration.token_selection.access_token_only.audiences[0] #=> String
1320
+ # resp.configuration.open_id_connect_configuration.token_selection.identity_token_only.principal_id_claim #=> String
1321
+ # resp.configuration.open_id_connect_configuration.token_selection.identity_token_only.client_ids #=> Array
1322
+ # resp.configuration.open_id_connect_configuration.token_selection.identity_token_only.client_ids[0] #=> String
1301
1323
  #
1302
1324
  # @see http://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/GetIdentitySource AWS API Documentation
1303
1325
  #
@@ -1610,9 +1632,9 @@ module Aws::VerifiedPermissions
1610
1632
  # Verified Permissions validates each token that is specified in a
1611
1633
  # request by checking its expiration date and its signature.
1612
1634
  #
1613
- # If you delete a Amazon Cognito user pool or user, tokens from that
1614
- # deleted pool or that deleted user continue to be usable until they
1615
- # expire.
1635
+ # Tokens from an identity source user continue to be usable until they
1636
+ # expire. Token revocation and resource deletion have no effect on the
1637
+ # validity of a token in your policy store
1616
1638
  #
1617
1639
  #
1618
1640
  #
@@ -1806,6 +1828,16 @@ module Aws::VerifiedPermissions
1806
1828
  # resp.identity_sources[0].configuration.cognito_user_pool_configuration.client_ids[0] #=> String
1807
1829
  # resp.identity_sources[0].configuration.cognito_user_pool_configuration.issuer #=> String
1808
1830
  # resp.identity_sources[0].configuration.cognito_user_pool_configuration.group_configuration.group_entity_type #=> String
1831
+ # resp.identity_sources[0].configuration.open_id_connect_configuration.issuer #=> String
1832
+ # resp.identity_sources[0].configuration.open_id_connect_configuration.entity_id_prefix #=> String
1833
+ # resp.identity_sources[0].configuration.open_id_connect_configuration.group_configuration.group_claim #=> String
1834
+ # resp.identity_sources[0].configuration.open_id_connect_configuration.group_configuration.group_entity_type #=> String
1835
+ # resp.identity_sources[0].configuration.open_id_connect_configuration.token_selection.access_token_only.principal_id_claim #=> String
1836
+ # resp.identity_sources[0].configuration.open_id_connect_configuration.token_selection.access_token_only.audiences #=> Array
1837
+ # resp.identity_sources[0].configuration.open_id_connect_configuration.token_selection.access_token_only.audiences[0] #=> String
1838
+ # resp.identity_sources[0].configuration.open_id_connect_configuration.token_selection.identity_token_only.principal_id_claim #=> String
1839
+ # resp.identity_sources[0].configuration.open_id_connect_configuration.token_selection.identity_token_only.client_ids #=> Array
1840
+ # resp.identity_sources[0].configuration.open_id_connect_configuration.token_selection.identity_token_only.client_ids[0] #=> String
1809
1841
  #
1810
1842
  # @see http://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/ListIdentitySources AWS API Documentation
1811
1843
  #
@@ -2090,7 +2122,7 @@ module Aws::VerifiedPermissions
2090
2122
  end
2091
2123
 
2092
2124
  # Updates the specified identity source to use a new identity provider
2093
- # (IdP) source, or to change the mapping of identities from the IdP to a
2125
+ # (IdP), or to change the mapping of identities from the IdP to a
2094
2126
  # different principal entity type.
2095
2127
  #
2096
2128
  # <note markdown="1"> Verified Permissions is <i> <a
@@ -2143,6 +2175,24 @@ module Aws::VerifiedPermissions
2143
2175
  # group_entity_type: "GroupEntityType", # required
2144
2176
  # },
2145
2177
  # },
2178
+ # open_id_connect_configuration: {
2179
+ # issuer: "Issuer", # required
2180
+ # entity_id_prefix: "EntityIdPrefix",
2181
+ # group_configuration: {
2182
+ # group_claim: "Claim", # required
2183
+ # group_entity_type: "GroupEntityType", # required
2184
+ # },
2185
+ # token_selection: { # required
2186
+ # access_token_only: {
2187
+ # principal_id_claim: "Claim",
2188
+ # audiences: ["Audience"],
2189
+ # },
2190
+ # identity_token_only: {
2191
+ # principal_id_claim: "Claim",
2192
+ # client_ids: ["ClientId"],
2193
+ # },
2194
+ # },
2195
+ # },
2146
2196
  # },
2147
2197
  # principal_entity_type: "PrincipalEntityType",
2148
2198
  # })
@@ -2441,7 +2491,7 @@ module Aws::VerifiedPermissions
2441
2491
  params: params,
2442
2492
  config: config)
2443
2493
  context[:gem_name] = 'aws-sdk-verifiedpermissions'
2444
- context[:gem_version] = '1.23.0'
2494
+ context[:gem_version] = '1.25.0'
2445
2495
  Seahorse::Client::Request.new(handlers, context)
2446
2496
  end
2447
2497
 
@@ -19,6 +19,8 @@ module Aws::VerifiedPermissions
19
19
  ActionIdentifierList = Shapes::ListShape.new(name: 'ActionIdentifierList')
20
20
  ActionType = Shapes::StringShape.new(name: 'ActionType')
21
21
  AttributeValue = Shapes::UnionShape.new(name: 'AttributeValue')
22
+ Audience = Shapes::StringShape.new(name: 'Audience')
23
+ Audiences = Shapes::ListShape.new(name: 'Audiences')
22
24
  BatchIsAuthorizedInput = Shapes::StructureShape.new(name: 'BatchIsAuthorizedInput')
23
25
  BatchIsAuthorizedInputItem = Shapes::StructureShape.new(name: 'BatchIsAuthorizedInputItem')
24
26
  BatchIsAuthorizedInputList = Shapes::ListShape.new(name: 'BatchIsAuthorizedInputList')
@@ -33,6 +35,7 @@ module Aws::VerifiedPermissions
33
35
  BatchIsAuthorizedWithTokenOutputList = Shapes::ListShape.new(name: 'BatchIsAuthorizedWithTokenOutputList')
34
36
  Boolean = Shapes::BooleanShape.new(name: 'Boolean')
35
37
  BooleanAttribute = Shapes::BooleanShape.new(name: 'BooleanAttribute')
38
+ Claim = Shapes::StringShape.new(name: 'Claim')
36
39
  ClientId = Shapes::StringShape.new(name: 'ClientId')
37
40
  ClientIds = Shapes::ListShape.new(name: 'ClientIds')
38
41
  CognitoGroupConfiguration = Shapes::StructureShape.new(name: 'CognitoGroupConfiguration')
@@ -70,6 +73,7 @@ module Aws::VerifiedPermissions
70
73
  EntitiesDefinition = Shapes::UnionShape.new(name: 'EntitiesDefinition')
71
74
  EntityAttributes = Shapes::MapShape.new(name: 'EntityAttributes')
72
75
  EntityId = Shapes::StringShape.new(name: 'EntityId')
76
+ EntityIdPrefix = Shapes::StringShape.new(name: 'EntityIdPrefix')
73
77
  EntityIdentifier = Shapes::StructureShape.new(name: 'EntityIdentifier')
74
78
  EntityItem = Shapes::StructureShape.new(name: 'EntityItem')
75
79
  EntityList = Shapes::ListShape.new(name: 'EntityList')
@@ -116,6 +120,21 @@ module Aws::VerifiedPermissions
116
120
  Namespace = Shapes::StringShape.new(name: 'Namespace')
117
121
  NamespaceList = Shapes::ListShape.new(name: 'NamespaceList')
118
122
  NextToken = Shapes::StringShape.new(name: 'NextToken')
123
+ OpenIdConnectAccessTokenConfiguration = Shapes::StructureShape.new(name: 'OpenIdConnectAccessTokenConfiguration')
124
+ OpenIdConnectAccessTokenConfigurationDetail = Shapes::StructureShape.new(name: 'OpenIdConnectAccessTokenConfigurationDetail')
125
+ OpenIdConnectAccessTokenConfigurationItem = Shapes::StructureShape.new(name: 'OpenIdConnectAccessTokenConfigurationItem')
126
+ OpenIdConnectConfiguration = Shapes::StructureShape.new(name: 'OpenIdConnectConfiguration')
127
+ OpenIdConnectConfigurationDetail = Shapes::StructureShape.new(name: 'OpenIdConnectConfigurationDetail')
128
+ OpenIdConnectConfigurationItem = Shapes::StructureShape.new(name: 'OpenIdConnectConfigurationItem')
129
+ OpenIdConnectGroupConfiguration = Shapes::StructureShape.new(name: 'OpenIdConnectGroupConfiguration')
130
+ OpenIdConnectGroupConfigurationDetail = Shapes::StructureShape.new(name: 'OpenIdConnectGroupConfigurationDetail')
131
+ OpenIdConnectGroupConfigurationItem = Shapes::StructureShape.new(name: 'OpenIdConnectGroupConfigurationItem')
132
+ OpenIdConnectIdentityTokenConfiguration = Shapes::StructureShape.new(name: 'OpenIdConnectIdentityTokenConfiguration')
133
+ OpenIdConnectIdentityTokenConfigurationDetail = Shapes::StructureShape.new(name: 'OpenIdConnectIdentityTokenConfigurationDetail')
134
+ OpenIdConnectIdentityTokenConfigurationItem = Shapes::StructureShape.new(name: 'OpenIdConnectIdentityTokenConfigurationItem')
135
+ OpenIdConnectTokenSelection = Shapes::UnionShape.new(name: 'OpenIdConnectTokenSelection')
136
+ OpenIdConnectTokenSelectionDetail = Shapes::UnionShape.new(name: 'OpenIdConnectTokenSelectionDetail')
137
+ OpenIdConnectTokenSelectionItem = Shapes::UnionShape.new(name: 'OpenIdConnectTokenSelectionItem')
119
138
  OpenIdIssuer = Shapes::StringShape.new(name: 'OpenIdIssuer')
120
139
  ParentList = Shapes::ListShape.new(name: 'ParentList')
121
140
  PolicyDefinition = Shapes::UnionShape.new(name: 'PolicyDefinition')
@@ -166,6 +185,11 @@ module Aws::VerifiedPermissions
166
185
  UpdateConfiguration = Shapes::UnionShape.new(name: 'UpdateConfiguration')
167
186
  UpdateIdentitySourceInput = Shapes::StructureShape.new(name: 'UpdateIdentitySourceInput')
168
187
  UpdateIdentitySourceOutput = Shapes::StructureShape.new(name: 'UpdateIdentitySourceOutput')
188
+ UpdateOpenIdConnectAccessTokenConfiguration = Shapes::StructureShape.new(name: 'UpdateOpenIdConnectAccessTokenConfiguration')
189
+ UpdateOpenIdConnectConfiguration = Shapes::StructureShape.new(name: 'UpdateOpenIdConnectConfiguration')
190
+ UpdateOpenIdConnectGroupConfiguration = Shapes::StructureShape.new(name: 'UpdateOpenIdConnectGroupConfiguration')
191
+ UpdateOpenIdConnectIdentityTokenConfiguration = Shapes::StructureShape.new(name: 'UpdateOpenIdConnectIdentityTokenConfiguration')
192
+ UpdateOpenIdConnectTokenSelection = Shapes::UnionShape.new(name: 'UpdateOpenIdConnectTokenSelection')
169
193
  UpdatePolicyDefinition = Shapes::UnionShape.new(name: 'UpdatePolicyDefinition')
170
194
  UpdatePolicyInput = Shapes::StructureShape.new(name: 'UpdatePolicyInput')
171
195
  UpdatePolicyOutput = Shapes::StructureShape.new(name: 'UpdatePolicyOutput')
@@ -206,6 +230,8 @@ module Aws::VerifiedPermissions
206
230
  AttributeValue.add_member_subclass(:unknown, Types::AttributeValue::Unknown)
207
231
  AttributeValue.struct_class = Types::AttributeValue
208
232
 
233
+ Audiences.member = Shapes::ShapeRef.new(shape: Audience)
234
+
209
235
  BatchIsAuthorizedInput.add_member(:policy_store_id, Shapes::ShapeRef.new(shape: PolicyStoreId, required: true, location_name: "policyStoreId"))
210
236
  BatchIsAuthorizedInput.add_member(:entities, Shapes::ShapeRef.new(shape: EntitiesDefinition, location_name: "entities"))
211
237
  BatchIsAuthorizedInput.add_member(:requests, Shapes::ShapeRef.new(shape: BatchIsAuthorizedInputList, required: true, location_name: "requests"))
@@ -285,20 +311,26 @@ module Aws::VerifiedPermissions
285
311
  CognitoUserPoolConfigurationItem.struct_class = Types::CognitoUserPoolConfigurationItem
286
312
 
287
313
  Configuration.add_member(:cognito_user_pool_configuration, Shapes::ShapeRef.new(shape: CognitoUserPoolConfiguration, location_name: "cognitoUserPoolConfiguration"))
314
+ Configuration.add_member(:open_id_connect_configuration, Shapes::ShapeRef.new(shape: OpenIdConnectConfiguration, location_name: "openIdConnectConfiguration"))
288
315
  Configuration.add_member(:unknown, Shapes::ShapeRef.new(shape: nil, location_name: 'unknown'))
289
316
  Configuration.add_member_subclass(:cognito_user_pool_configuration, Types::Configuration::CognitoUserPoolConfiguration)
317
+ Configuration.add_member_subclass(:open_id_connect_configuration, Types::Configuration::OpenIdConnectConfiguration)
290
318
  Configuration.add_member_subclass(:unknown, Types::Configuration::Unknown)
291
319
  Configuration.struct_class = Types::Configuration
292
320
 
293
321
  ConfigurationDetail.add_member(:cognito_user_pool_configuration, Shapes::ShapeRef.new(shape: CognitoUserPoolConfigurationDetail, location_name: "cognitoUserPoolConfiguration"))
322
+ ConfigurationDetail.add_member(:open_id_connect_configuration, Shapes::ShapeRef.new(shape: OpenIdConnectConfigurationDetail, location_name: "openIdConnectConfiguration"))
294
323
  ConfigurationDetail.add_member(:unknown, Shapes::ShapeRef.new(shape: nil, location_name: 'unknown'))
295
324
  ConfigurationDetail.add_member_subclass(:cognito_user_pool_configuration, Types::ConfigurationDetail::CognitoUserPoolConfiguration)
325
+ ConfigurationDetail.add_member_subclass(:open_id_connect_configuration, Types::ConfigurationDetail::OpenIdConnectConfiguration)
296
326
  ConfigurationDetail.add_member_subclass(:unknown, Types::ConfigurationDetail::Unknown)
297
327
  ConfigurationDetail.struct_class = Types::ConfigurationDetail
298
328
 
299
329
  ConfigurationItem.add_member(:cognito_user_pool_configuration, Shapes::ShapeRef.new(shape: CognitoUserPoolConfigurationItem, location_name: "cognitoUserPoolConfiguration"))
330
+ ConfigurationItem.add_member(:open_id_connect_configuration, Shapes::ShapeRef.new(shape: OpenIdConnectConfigurationItem, location_name: "openIdConnectConfiguration"))
300
331
  ConfigurationItem.add_member(:unknown, Shapes::ShapeRef.new(shape: nil, location_name: 'unknown'))
301
332
  ConfigurationItem.add_member_subclass(:cognito_user_pool_configuration, Types::ConfigurationItem::CognitoUserPoolConfiguration)
333
+ ConfigurationItem.add_member_subclass(:open_id_connect_configuration, Types::ConfigurationItem::OpenIdConnectConfiguration)
302
334
  ConfigurationItem.add_member_subclass(:unknown, Types::ConfigurationItem::Unknown)
303
335
  ConfigurationItem.struct_class = Types::ConfigurationItem
304
336
 
@@ -587,6 +619,84 @@ module Aws::VerifiedPermissions
587
619
 
588
620
  NamespaceList.member = Shapes::ShapeRef.new(shape: Namespace)
589
621
 
622
+ OpenIdConnectAccessTokenConfiguration.add_member(:principal_id_claim, Shapes::ShapeRef.new(shape: Claim, location_name: "principalIdClaim"))
623
+ OpenIdConnectAccessTokenConfiguration.add_member(:audiences, Shapes::ShapeRef.new(shape: Audiences, location_name: "audiences"))
624
+ OpenIdConnectAccessTokenConfiguration.struct_class = Types::OpenIdConnectAccessTokenConfiguration
625
+
626
+ OpenIdConnectAccessTokenConfigurationDetail.add_member(:principal_id_claim, Shapes::ShapeRef.new(shape: Claim, location_name: "principalIdClaim"))
627
+ OpenIdConnectAccessTokenConfigurationDetail.add_member(:audiences, Shapes::ShapeRef.new(shape: Audiences, location_name: "audiences"))
628
+ OpenIdConnectAccessTokenConfigurationDetail.struct_class = Types::OpenIdConnectAccessTokenConfigurationDetail
629
+
630
+ OpenIdConnectAccessTokenConfigurationItem.add_member(:principal_id_claim, Shapes::ShapeRef.new(shape: Claim, location_name: "principalIdClaim"))
631
+ OpenIdConnectAccessTokenConfigurationItem.add_member(:audiences, Shapes::ShapeRef.new(shape: Audiences, location_name: "audiences"))
632
+ OpenIdConnectAccessTokenConfigurationItem.struct_class = Types::OpenIdConnectAccessTokenConfigurationItem
633
+
634
+ OpenIdConnectConfiguration.add_member(:issuer, Shapes::ShapeRef.new(shape: Issuer, required: true, location_name: "issuer"))
635
+ OpenIdConnectConfiguration.add_member(:entity_id_prefix, Shapes::ShapeRef.new(shape: EntityIdPrefix, location_name: "entityIdPrefix"))
636
+ OpenIdConnectConfiguration.add_member(:group_configuration, Shapes::ShapeRef.new(shape: OpenIdConnectGroupConfiguration, location_name: "groupConfiguration"))
637
+ OpenIdConnectConfiguration.add_member(:token_selection, Shapes::ShapeRef.new(shape: OpenIdConnectTokenSelection, required: true, location_name: "tokenSelection"))
638
+ OpenIdConnectConfiguration.struct_class = Types::OpenIdConnectConfiguration
639
+
640
+ OpenIdConnectConfigurationDetail.add_member(:issuer, Shapes::ShapeRef.new(shape: Issuer, required: true, location_name: "issuer"))
641
+ OpenIdConnectConfigurationDetail.add_member(:entity_id_prefix, Shapes::ShapeRef.new(shape: EntityIdPrefix, location_name: "entityIdPrefix"))
642
+ OpenIdConnectConfigurationDetail.add_member(:group_configuration, Shapes::ShapeRef.new(shape: OpenIdConnectGroupConfigurationDetail, location_name: "groupConfiguration"))
643
+ OpenIdConnectConfigurationDetail.add_member(:token_selection, Shapes::ShapeRef.new(shape: OpenIdConnectTokenSelectionDetail, required: true, location_name: "tokenSelection"))
644
+ OpenIdConnectConfigurationDetail.struct_class = Types::OpenIdConnectConfigurationDetail
645
+
646
+ OpenIdConnectConfigurationItem.add_member(:issuer, Shapes::ShapeRef.new(shape: Issuer, required: true, location_name: "issuer"))
647
+ OpenIdConnectConfigurationItem.add_member(:entity_id_prefix, Shapes::ShapeRef.new(shape: EntityIdPrefix, location_name: "entityIdPrefix"))
648
+ OpenIdConnectConfigurationItem.add_member(:group_configuration, Shapes::ShapeRef.new(shape: OpenIdConnectGroupConfigurationItem, location_name: "groupConfiguration"))
649
+ OpenIdConnectConfigurationItem.add_member(:token_selection, Shapes::ShapeRef.new(shape: OpenIdConnectTokenSelectionItem, required: true, location_name: "tokenSelection"))
650
+ OpenIdConnectConfigurationItem.struct_class = Types::OpenIdConnectConfigurationItem
651
+
652
+ OpenIdConnectGroupConfiguration.add_member(:group_claim, Shapes::ShapeRef.new(shape: Claim, required: true, location_name: "groupClaim"))
653
+ OpenIdConnectGroupConfiguration.add_member(:group_entity_type, Shapes::ShapeRef.new(shape: GroupEntityType, required: true, location_name: "groupEntityType"))
654
+ OpenIdConnectGroupConfiguration.struct_class = Types::OpenIdConnectGroupConfiguration
655
+
656
+ OpenIdConnectGroupConfigurationDetail.add_member(:group_claim, Shapes::ShapeRef.new(shape: Claim, required: true, location_name: "groupClaim"))
657
+ OpenIdConnectGroupConfigurationDetail.add_member(:group_entity_type, Shapes::ShapeRef.new(shape: GroupEntityType, required: true, location_name: "groupEntityType"))
658
+ OpenIdConnectGroupConfigurationDetail.struct_class = Types::OpenIdConnectGroupConfigurationDetail
659
+
660
+ OpenIdConnectGroupConfigurationItem.add_member(:group_claim, Shapes::ShapeRef.new(shape: Claim, required: true, location_name: "groupClaim"))
661
+ OpenIdConnectGroupConfigurationItem.add_member(:group_entity_type, Shapes::ShapeRef.new(shape: GroupEntityType, required: true, location_name: "groupEntityType"))
662
+ OpenIdConnectGroupConfigurationItem.struct_class = Types::OpenIdConnectGroupConfigurationItem
663
+
664
+ OpenIdConnectIdentityTokenConfiguration.add_member(:principal_id_claim, Shapes::ShapeRef.new(shape: Claim, location_name: "principalIdClaim"))
665
+ OpenIdConnectIdentityTokenConfiguration.add_member(:client_ids, Shapes::ShapeRef.new(shape: ClientIds, location_name: "clientIds"))
666
+ OpenIdConnectIdentityTokenConfiguration.struct_class = Types::OpenIdConnectIdentityTokenConfiguration
667
+
668
+ OpenIdConnectIdentityTokenConfigurationDetail.add_member(:principal_id_claim, Shapes::ShapeRef.new(shape: Claim, location_name: "principalIdClaim"))
669
+ OpenIdConnectIdentityTokenConfigurationDetail.add_member(:client_ids, Shapes::ShapeRef.new(shape: ClientIds, location_name: "clientIds"))
670
+ OpenIdConnectIdentityTokenConfigurationDetail.struct_class = Types::OpenIdConnectIdentityTokenConfigurationDetail
671
+
672
+ OpenIdConnectIdentityTokenConfigurationItem.add_member(:principal_id_claim, Shapes::ShapeRef.new(shape: Claim, location_name: "principalIdClaim"))
673
+ OpenIdConnectIdentityTokenConfigurationItem.add_member(:client_ids, Shapes::ShapeRef.new(shape: ClientIds, location_name: "clientIds"))
674
+ OpenIdConnectIdentityTokenConfigurationItem.struct_class = Types::OpenIdConnectIdentityTokenConfigurationItem
675
+
676
+ OpenIdConnectTokenSelection.add_member(:access_token_only, Shapes::ShapeRef.new(shape: OpenIdConnectAccessTokenConfiguration, location_name: "accessTokenOnly"))
677
+ OpenIdConnectTokenSelection.add_member(:identity_token_only, Shapes::ShapeRef.new(shape: OpenIdConnectIdentityTokenConfiguration, location_name: "identityTokenOnly"))
678
+ OpenIdConnectTokenSelection.add_member(:unknown, Shapes::ShapeRef.new(shape: nil, location_name: 'unknown'))
679
+ OpenIdConnectTokenSelection.add_member_subclass(:access_token_only, Types::OpenIdConnectTokenSelection::AccessTokenOnly)
680
+ OpenIdConnectTokenSelection.add_member_subclass(:identity_token_only, Types::OpenIdConnectTokenSelection::IdentityTokenOnly)
681
+ OpenIdConnectTokenSelection.add_member_subclass(:unknown, Types::OpenIdConnectTokenSelection::Unknown)
682
+ OpenIdConnectTokenSelection.struct_class = Types::OpenIdConnectTokenSelection
683
+
684
+ OpenIdConnectTokenSelectionDetail.add_member(:access_token_only, Shapes::ShapeRef.new(shape: OpenIdConnectAccessTokenConfigurationDetail, location_name: "accessTokenOnly"))
685
+ OpenIdConnectTokenSelectionDetail.add_member(:identity_token_only, Shapes::ShapeRef.new(shape: OpenIdConnectIdentityTokenConfigurationDetail, location_name: "identityTokenOnly"))
686
+ OpenIdConnectTokenSelectionDetail.add_member(:unknown, Shapes::ShapeRef.new(shape: nil, location_name: 'unknown'))
687
+ OpenIdConnectTokenSelectionDetail.add_member_subclass(:access_token_only, Types::OpenIdConnectTokenSelectionDetail::AccessTokenOnly)
688
+ OpenIdConnectTokenSelectionDetail.add_member_subclass(:identity_token_only, Types::OpenIdConnectTokenSelectionDetail::IdentityTokenOnly)
689
+ OpenIdConnectTokenSelectionDetail.add_member_subclass(:unknown, Types::OpenIdConnectTokenSelectionDetail::Unknown)
690
+ OpenIdConnectTokenSelectionDetail.struct_class = Types::OpenIdConnectTokenSelectionDetail
691
+
692
+ OpenIdConnectTokenSelectionItem.add_member(:access_token_only, Shapes::ShapeRef.new(shape: OpenIdConnectAccessTokenConfigurationItem, location_name: "accessTokenOnly"))
693
+ OpenIdConnectTokenSelectionItem.add_member(:identity_token_only, Shapes::ShapeRef.new(shape: OpenIdConnectIdentityTokenConfigurationItem, location_name: "identityTokenOnly"))
694
+ OpenIdConnectTokenSelectionItem.add_member(:unknown, Shapes::ShapeRef.new(shape: nil, location_name: 'unknown'))
695
+ OpenIdConnectTokenSelectionItem.add_member_subclass(:access_token_only, Types::OpenIdConnectTokenSelectionItem::AccessTokenOnly)
696
+ OpenIdConnectTokenSelectionItem.add_member_subclass(:identity_token_only, Types::OpenIdConnectTokenSelectionItem::IdentityTokenOnly)
697
+ OpenIdConnectTokenSelectionItem.add_member_subclass(:unknown, Types::OpenIdConnectTokenSelectionItem::Unknown)
698
+ OpenIdConnectTokenSelectionItem.struct_class = Types::OpenIdConnectTokenSelectionItem
699
+
590
700
  ParentList.member = Shapes::ShapeRef.new(shape: EntityIdentifier)
591
701
 
592
702
  PolicyDefinition.add_member(:static, Shapes::ShapeRef.new(shape: StaticPolicyDefinition, location_name: "static"))
@@ -730,8 +840,10 @@ module Aws::VerifiedPermissions
730
840
  UpdateCognitoUserPoolConfiguration.struct_class = Types::UpdateCognitoUserPoolConfiguration
731
841
 
732
842
  UpdateConfiguration.add_member(:cognito_user_pool_configuration, Shapes::ShapeRef.new(shape: UpdateCognitoUserPoolConfiguration, location_name: "cognitoUserPoolConfiguration"))
843
+ UpdateConfiguration.add_member(:open_id_connect_configuration, Shapes::ShapeRef.new(shape: UpdateOpenIdConnectConfiguration, location_name: "openIdConnectConfiguration"))
733
844
  UpdateConfiguration.add_member(:unknown, Shapes::ShapeRef.new(shape: nil, location_name: 'unknown'))
734
845
  UpdateConfiguration.add_member_subclass(:cognito_user_pool_configuration, Types::UpdateConfiguration::CognitoUserPoolConfiguration)
846
+ UpdateConfiguration.add_member_subclass(:open_id_connect_configuration, Types::UpdateConfiguration::OpenIdConnectConfiguration)
735
847
  UpdateConfiguration.add_member_subclass(:unknown, Types::UpdateConfiguration::Unknown)
736
848
  UpdateConfiguration.struct_class = Types::UpdateConfiguration
737
849
 
@@ -747,6 +859,32 @@ module Aws::VerifiedPermissions
747
859
  UpdateIdentitySourceOutput.add_member(:policy_store_id, Shapes::ShapeRef.new(shape: PolicyStoreId, required: true, location_name: "policyStoreId"))
748
860
  UpdateIdentitySourceOutput.struct_class = Types::UpdateIdentitySourceOutput
749
861
 
862
+ UpdateOpenIdConnectAccessTokenConfiguration.add_member(:principal_id_claim, Shapes::ShapeRef.new(shape: Claim, location_name: "principalIdClaim"))
863
+ UpdateOpenIdConnectAccessTokenConfiguration.add_member(:audiences, Shapes::ShapeRef.new(shape: Audiences, location_name: "audiences"))
864
+ UpdateOpenIdConnectAccessTokenConfiguration.struct_class = Types::UpdateOpenIdConnectAccessTokenConfiguration
865
+
866
+ UpdateOpenIdConnectConfiguration.add_member(:issuer, Shapes::ShapeRef.new(shape: Issuer, required: true, location_name: "issuer"))
867
+ UpdateOpenIdConnectConfiguration.add_member(:entity_id_prefix, Shapes::ShapeRef.new(shape: EntityIdPrefix, location_name: "entityIdPrefix"))
868
+ UpdateOpenIdConnectConfiguration.add_member(:group_configuration, Shapes::ShapeRef.new(shape: UpdateOpenIdConnectGroupConfiguration, location_name: "groupConfiguration"))
869
+ UpdateOpenIdConnectConfiguration.add_member(:token_selection, Shapes::ShapeRef.new(shape: UpdateOpenIdConnectTokenSelection, required: true, location_name: "tokenSelection"))
870
+ UpdateOpenIdConnectConfiguration.struct_class = Types::UpdateOpenIdConnectConfiguration
871
+
872
+ UpdateOpenIdConnectGroupConfiguration.add_member(:group_claim, Shapes::ShapeRef.new(shape: Claim, required: true, location_name: "groupClaim"))
873
+ UpdateOpenIdConnectGroupConfiguration.add_member(:group_entity_type, Shapes::ShapeRef.new(shape: GroupEntityType, required: true, location_name: "groupEntityType"))
874
+ UpdateOpenIdConnectGroupConfiguration.struct_class = Types::UpdateOpenIdConnectGroupConfiguration
875
+
876
+ UpdateOpenIdConnectIdentityTokenConfiguration.add_member(:principal_id_claim, Shapes::ShapeRef.new(shape: Claim, location_name: "principalIdClaim"))
877
+ UpdateOpenIdConnectIdentityTokenConfiguration.add_member(:client_ids, Shapes::ShapeRef.new(shape: ClientIds, location_name: "clientIds"))
878
+ UpdateOpenIdConnectIdentityTokenConfiguration.struct_class = Types::UpdateOpenIdConnectIdentityTokenConfiguration
879
+
880
+ UpdateOpenIdConnectTokenSelection.add_member(:access_token_only, Shapes::ShapeRef.new(shape: UpdateOpenIdConnectAccessTokenConfiguration, location_name: "accessTokenOnly"))
881
+ UpdateOpenIdConnectTokenSelection.add_member(:identity_token_only, Shapes::ShapeRef.new(shape: UpdateOpenIdConnectIdentityTokenConfiguration, location_name: "identityTokenOnly"))
882
+ UpdateOpenIdConnectTokenSelection.add_member(:unknown, Shapes::ShapeRef.new(shape: nil, location_name: 'unknown'))
883
+ UpdateOpenIdConnectTokenSelection.add_member_subclass(:access_token_only, Types::UpdateOpenIdConnectTokenSelection::AccessTokenOnly)
884
+ UpdateOpenIdConnectTokenSelection.add_member_subclass(:identity_token_only, Types::UpdateOpenIdConnectTokenSelection::IdentityTokenOnly)
885
+ UpdateOpenIdConnectTokenSelection.add_member_subclass(:unknown, Types::UpdateOpenIdConnectTokenSelection::Unknown)
886
+ UpdateOpenIdConnectTokenSelection.struct_class = Types::UpdateOpenIdConnectTokenSelection
887
+
750
888
  UpdatePolicyDefinition.add_member(:static, Shapes::ShapeRef.new(shape: UpdateStaticPolicyDefinition, location_name: "static"))
751
889
  UpdatePolicyDefinition.add_member(:unknown, Shapes::ShapeRef.new(shape: nil, location_name: 'unknown'))
752
890
  UpdatePolicyDefinition.add_member_subclass(:static, Types::UpdatePolicyDefinition::Static)