aws-sdk-verifiedpermissions 1.34.0 → 1.36.0

Sign up to get free protection for your applications and to get access to all the features.
@@ -502,6 +502,172 @@ module Aws::VerifiedPermissions
502
502
  #
503
503
  # * {Types::BatchIsAuthorizedOutput#results #results} => Array<Types::BatchIsAuthorizedOutputItem>
504
504
  #
505
+ #
506
+ # @example Example: Batch - Example 1
507
+ #
508
+ # # The following example requests two authorization decisions for two principals of type Usernamed
509
+ # # Alice and Annalisa.
510
+ #
511
+ # resp = client.batch_is_authorized({
512
+ # entities: {
513
+ # entity_list: [
514
+ # {
515
+ # attributes: {
516
+ # "Account" => {
517
+ # entity_identifier: {
518
+ # entity_id: "1234",
519
+ # entity_type: "PhotoFlash::Account",
520
+ # },
521
+ # },
522
+ # "Email" => {
523
+ # string: "",
524
+ # },
525
+ # },
526
+ # identifier: {
527
+ # entity_id: "Alice",
528
+ # entity_type: "PhotoFlash::User",
529
+ # },
530
+ # parents: [
531
+ # ],
532
+ # },
533
+ # {
534
+ # attributes: {
535
+ # "Account" => {
536
+ # entity_identifier: {
537
+ # entity_id: "5678",
538
+ # entity_type: "PhotoFlash::Account",
539
+ # },
540
+ # },
541
+ # "Email" => {
542
+ # string: "",
543
+ # },
544
+ # },
545
+ # identifier: {
546
+ # entity_id: "Annalisa",
547
+ # entity_type: "PhotoFlash::User",
548
+ # },
549
+ # parents: [
550
+ # ],
551
+ # },
552
+ # {
553
+ # attributes: {
554
+ # "IsPrivate" => {
555
+ # boolean: false,
556
+ # },
557
+ # "Name" => {
558
+ # string: "",
559
+ # },
560
+ # },
561
+ # identifier: {
562
+ # entity_id: "VacationPhoto94.jpg",
563
+ # entity_type: "PhotoFlash::Photo",
564
+ # },
565
+ # parents: [
566
+ # {
567
+ # entity_id: "1234",
568
+ # entity_type: "PhotoFlash::Account",
569
+ # },
570
+ # ],
571
+ # },
572
+ # {
573
+ # attributes: {
574
+ # "Name" => {
575
+ # string: "",
576
+ # },
577
+ # },
578
+ # identifier: {
579
+ # entity_id: "1234",
580
+ # entity_type: "PhotoFlash::Account",
581
+ # },
582
+ # parents: [
583
+ # ],
584
+ # },
585
+ # ],
586
+ # },
587
+ # policy_store_id: "C7v5xMplfFH3i3e4Jrzb1a",
588
+ # requests: [
589
+ # {
590
+ # action: {
591
+ # action_id: "ViewPhoto",
592
+ # action_type: "PhotoFlash::Action",
593
+ # },
594
+ # principal: {
595
+ # entity_id: "Alice",
596
+ # entity_type: "PhotoFlash::User",
597
+ # },
598
+ # resource: {
599
+ # entity_id: "VacationPhoto94.jpg",
600
+ # entity_type: "PhotoFlash::Photo",
601
+ # },
602
+ # },
603
+ # {
604
+ # action: {
605
+ # action_id: "DeletePhoto",
606
+ # action_type: "PhotoFlash::Action",
607
+ # },
608
+ # principal: {
609
+ # entity_id: "Annalisa",
610
+ # entity_type: "PhotoFlash::User",
611
+ # },
612
+ # resource: {
613
+ # entity_id: "VacationPhoto94.jpg",
614
+ # entity_type: "PhotoFlash::Photo",
615
+ # },
616
+ # },
617
+ # ],
618
+ # })
619
+ #
620
+ # resp.to_h outputs the following:
621
+ # {
622
+ # results: [
623
+ # {
624
+ # errors: [
625
+ # ],
626
+ # decision: "ALLOW",
627
+ # determining_policies: [
628
+ # {
629
+ # policy_id: "9wYxMpljbbZQb5fcZHyJhY",
630
+ # },
631
+ # ],
632
+ # request: {
633
+ # action: {
634
+ # action_id: "ViewPhoto",
635
+ # action_type: "PhotoFlash::Action",
636
+ # },
637
+ # principal: {
638
+ # entity_id: "alice",
639
+ # entity_type: "PhotoFlash::User",
640
+ # },
641
+ # resource: {
642
+ # entity_id: "VacationPhoto94.jpg",
643
+ # entity_type: "PhotoFlash::Photo",
644
+ # },
645
+ # },
646
+ # },
647
+ # {
648
+ # errors: [
649
+ # ],
650
+ # decision: "DENY",
651
+ # determining_policies: [
652
+ # ],
653
+ # request: {
654
+ # action: {
655
+ # action_id: "DeletePhoto",
656
+ # action_type: "PhotoFlash::Action",
657
+ # },
658
+ # principal: {
659
+ # entity_id: "annalisa",
660
+ # entity_type: "PhotoFlash::User",
661
+ # },
662
+ # resource: {
663
+ # entity_id: "VacationPhoto94.jpg",
664
+ # entity_type: "PhotoFlash::Photo",
665
+ # },
666
+ # },
667
+ # },
668
+ # ],
669
+ # }
670
+ #
505
671
  # @example Request syntax with placeholder values
506
672
  #
507
673
  # resp = client.batch_is_authorized({
@@ -650,6 +816,144 @@ module Aws::VerifiedPermissions
650
816
  # * {Types::BatchIsAuthorizedWithTokenOutput#principal #principal} => Types::EntityIdentifier
651
817
  # * {Types::BatchIsAuthorizedWithTokenOutput#results #results} => Array<Types::BatchIsAuthorizedWithTokenOutputItem>
652
818
  #
819
+ #
820
+ # @example Example: Batch - Example 1
821
+ #
822
+ # # The following example requests three authorization decisions for two resources and two actions in
823
+ # # different photo albums.
824
+ #
825
+ # resp = client.batch_is_authorized_with_token({
826
+ # entities: {
827
+ # entity_list: [
828
+ # {
829
+ # identifier: {
830
+ # entity_id: "VacationPhoto94.jpg",
831
+ # entity_type: "PhotoFlash::Photo",
832
+ # },
833
+ # parents: [
834
+ # {
835
+ # entity_id: "MyExampleAlbum1",
836
+ # entity_type: "PhotoFlash::Album",
837
+ # },
838
+ # ],
839
+ # },
840
+ # {
841
+ # identifier: {
842
+ # entity_id: "OfficePhoto94.jpg",
843
+ # entity_type: "PhotoFlash::Photo",
844
+ # },
845
+ # parents: [
846
+ # {
847
+ # entity_id: "MyExampleAlbum2",
848
+ # entity_type: "PhotoFlash::Album",
849
+ # },
850
+ # ],
851
+ # },
852
+ # ],
853
+ # },
854
+ # identity_token: "eyJra12345EXAMPLE",
855
+ # policy_store_id: "C7v5xMplfFH3i3e4Jrzb1a",
856
+ # requests: [
857
+ # {
858
+ # action: {
859
+ # action_id: "ViewPhoto",
860
+ # action_type: "PhotoFlash::Action",
861
+ # },
862
+ # resource: {
863
+ # entity_id: "VacationPhoto94.jpg",
864
+ # entity_type: "PhotoFlash::Photo",
865
+ # },
866
+ # },
867
+ # {
868
+ # action: {
869
+ # action_id: "SharePhoto",
870
+ # action_type: "PhotoFlash::Action",
871
+ # },
872
+ # resource: {
873
+ # entity_id: "VacationPhoto94.jpg",
874
+ # entity_type: "PhotoFlash::Photo",
875
+ # },
876
+ # },
877
+ # {
878
+ # action: {
879
+ # action_id: "ViewPhoto",
880
+ # action_type: "PhotoFlash::Action",
881
+ # },
882
+ # resource: {
883
+ # entity_id: "OfficePhoto94.jpg",
884
+ # entity_type: "PhotoFlash::Photo",
885
+ # },
886
+ # },
887
+ # ],
888
+ # })
889
+ #
890
+ # resp.to_h outputs the following:
891
+ # {
892
+ # principal: {
893
+ # entity_id: "us-east-1_EXAMPLE|a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
894
+ # entity_type: "PhotoFlash::User",
895
+ # },
896
+ # results: [
897
+ # {
898
+ # errors: [
899
+ # ],
900
+ # decision: "ALLOW",
901
+ # determining_policies: [
902
+ # {
903
+ # policy_id: "9wYixMplbbZQb5fcZHyJhY",
904
+ # },
905
+ # ],
906
+ # request: {
907
+ # action: {
908
+ # action_id: "ViewPhoto",
909
+ # action_type: "PhotoFlash::Action",
910
+ # },
911
+ # resource: {
912
+ # entity_id: "VacationPhoto94.jpg",
913
+ # entity_type: "PhotoFlash::Photo",
914
+ # },
915
+ # },
916
+ # },
917
+ # {
918
+ # errors: [
919
+ # ],
920
+ # decision: "ALLOW",
921
+ # determining_policies: [
922
+ # {
923
+ # policy_id: "9wYixMplbbZQb5fcZHyJhY",
924
+ # },
925
+ # ],
926
+ # request: {
927
+ # action: {
928
+ # action_id: "SharePhoto",
929
+ # action_type: "PhotoFlash::Action",
930
+ # },
931
+ # resource: {
932
+ # entity_id: "VacationPhoto94.jpg",
933
+ # entity_type: "PhotoFlash::Photo",
934
+ # },
935
+ # },
936
+ # },
937
+ # {
938
+ # errors: [
939
+ # ],
940
+ # decision: "DENY",
941
+ # determining_policies: [
942
+ # ],
943
+ # request: {
944
+ # action: {
945
+ # action_id: "ViewPhoto",
946
+ # action_type: "PhotoFlash::Action",
947
+ # },
948
+ # resource: {
949
+ # entity_id: "OfficePhoto94.jpg",
950
+ # entity_type: "PhotoFlash::Photo",
951
+ # },
952
+ # },
953
+ # },
954
+ # ],
955
+ # }
956
+ #
653
957
  # @example Request syntax with placeholder values
654
958
  #
655
959
  # resp = client.batch_is_authorized_with_token({
@@ -746,7 +1050,7 @@ module Aws::VerifiedPermissions
746
1050
  # `MyCorp::User::us-east-1_EXAMPLE|a1b2c3d4-5678-90ab-cdef-EXAMPLE11111`.
747
1051
  #
748
1052
  # * OpenID Connect (OIDC) provider: `Namespace::[Entity
749
- # type]::[principalIdClaim]|[user principal attribute]`, for example
1053
+ # type]::[entityIdPrefix]|[user principal attribute]`, for example
750
1054
  # `MyCorp::User::MyOIDCProvider|a1b2c3d4-5678-90ab-cdef-EXAMPLE22222`.
751
1055
  #
752
1056
  # </note>
@@ -811,6 +1115,35 @@ module Aws::VerifiedPermissions
811
1115
  # * {Types::CreateIdentitySourceOutput#last_updated_date #last_updated_date} => Time
812
1116
  # * {Types::CreateIdentitySourceOutput#policy_store_id #policy_store_id} => String
813
1117
  #
1118
+ #
1119
+ # @example Example: To create an identity source
1120
+ #
1121
+ # # The following ``create-identity-source`` example creates an identity source that lets you reference identities stored in
1122
+ # # the specified Amazon Cognito user pool. Those identities are available in Verified Permissions as entities of type
1123
+ # # ``User``.
1124
+ #
1125
+ # resp = client.create_identity_source({
1126
+ # client_token: "a1b2c3d4-e5f6-a1b2-c3d4-TOKEN1111111",
1127
+ # configuration: {
1128
+ # cognito_user_pool_configuration: {
1129
+ # client_ids: [
1130
+ # "a1b2c3d4e5f6g7h8i9j0kalbmc",
1131
+ # ],
1132
+ # user_pool_arn: "arn:aws:cognito-idp:us-east-1:123456789012:userpool/us-east-1_1a2b3c4d5",
1133
+ # },
1134
+ # },
1135
+ # policy_store_id: "C7v5xMplfFH3i3e4Jrzb1a",
1136
+ # principal_entity_type: "User",
1137
+ # })
1138
+ #
1139
+ # resp.to_h outputs the following:
1140
+ # {
1141
+ # created_date: Time.parse("2024-08-12T18:20:50.99Z"),
1142
+ # identity_source_id: "ISEXAMPLEabcdefg111111",
1143
+ # last_updated_date: Time.parse("2024-08-12T18:20:50.99Z"),
1144
+ # policy_store_id: "C7v5xMplfFH3i3e4Jrzb1a",
1145
+ # }
1146
+ #
814
1147
  # @example Request syntax with placeholder values
815
1148
  #
816
1149
  # resp = client.create_identity_source({
@@ -938,6 +1271,111 @@ module Aws::VerifiedPermissions
938
1271
  # * {Types::CreatePolicyOutput#last_updated_date #last_updated_date} => Time
939
1272
  # * {Types::CreatePolicyOutput#effect #effect} => String
940
1273
  #
1274
+ #
1275
+ # @example Example: To create a static policy
1276
+ #
1277
+ # # The following example request creates a static policy with a policy scope that specifies both a principal and a
1278
+ # # resource. The response includes both the Principal and Resource elements because both were specified in the request
1279
+ # # policy scope.
1280
+ #
1281
+ # resp = client.create_policy({
1282
+ # client_token: "a1b2c3d4-e5f6-a1b2-c3d4-TOKEN1111111",
1283
+ # definition: {
1284
+ # static: {
1285
+ # description: "Grant members of janeFriends UserGroup access to the vacationFolder Album",
1286
+ # statement: "permit( principal in UserGroup::\"janeFriends\", action, resource in Album::\"vacationFolder\" );",
1287
+ # },
1288
+ # },
1289
+ # policy_store_id: "C7v5xMplfFH3i3e4Jrzb1a",
1290
+ # })
1291
+ #
1292
+ # resp.to_h outputs the following:
1293
+ # {
1294
+ # created_date: Time.parse("2024-08-12T18:20:50.99Z"),
1295
+ # last_updated_date: Time.parse("2024-08-12T18:20:50.99Z"),
1296
+ # policy_id: "9wYxMpljbbZQb5fcZHyJhY",
1297
+ # policy_store_id: "C7v5xMplfFH3i3e4Jrzb1a",
1298
+ # policy_type: "STATIC",
1299
+ # principal: {
1300
+ # entity_id: "janeFriends",
1301
+ # entity_type: "UserGroup",
1302
+ # },
1303
+ # resource: {
1304
+ # entity_id: "vacationFolder",
1305
+ # entity_type: "Album",
1306
+ # },
1307
+ # }
1308
+ #
1309
+ # @example Example: To create a static policy
1310
+ #
1311
+ # # The following example request creates a static policy with a policy scope that specifies both a principal and a
1312
+ # # resource. The response includes both the Principal and Resource elements because both were specified in the request
1313
+ # # policy scope.
1314
+ #
1315
+ # resp = client.create_policy({
1316
+ # client_token: "a1b2c3d4-e5f6-a1b2-c3d4-TOKEN1111111",
1317
+ # definition: {
1318
+ # static: {
1319
+ # description: "Grant members of janeFriends UserGroup access to the vacationFolder Album",
1320
+ # statement: "permit( principal in UserGroup::\"janeFriends\", action, resource in Album::\"vacationFolder\" );",
1321
+ # },
1322
+ # },
1323
+ # policy_store_id: "C7v5xMplfFH3i3e4Jrzb1a",
1324
+ # })
1325
+ #
1326
+ # resp.to_h outputs the following:
1327
+ # {
1328
+ # created_date: Time.parse("2024-08-12T18:20:50.99Z"),
1329
+ # last_updated_date: Time.parse("2024-08-12T18:20:50.99Z"),
1330
+ # policy_id: "9wYxMpljbbZQb5fcZHyJhY",
1331
+ # policy_store_id: "C7v5xMplfFH3i3e4Jrzb1a",
1332
+ # policy_type: "STATIC",
1333
+ # principal: {
1334
+ # entity_id: "janeFriends",
1335
+ # entity_type: "UserGroup",
1336
+ # },
1337
+ # resource: {
1338
+ # entity_id: "vacationFolder",
1339
+ # entity_type: "Album",
1340
+ # },
1341
+ # }
1342
+ #
1343
+ # @example Example: To create a template-linked policy
1344
+ #
1345
+ # # The following example creates a template-linked policy using the specified policy template and associates the specified
1346
+ # # principal to use with the new template-linked policy.
1347
+ #
1348
+ # resp = client.create_policy({
1349
+ # client_token: "a1b2c3d4-e5f6-a1b2-c3d4-TOKEN1111111",
1350
+ # definition: {
1351
+ # template_linked: {
1352
+ # policy_template_id: "PTEXAMPLEabcdefg111111",
1353
+ # principal: {
1354
+ # entity_id: "alice",
1355
+ # entity_type: "User",
1356
+ # },
1357
+ # },
1358
+ # },
1359
+ # policy_store_id: "C7v5xMplfFH3i3e4Jrzb1a",
1360
+ # })
1361
+ #
1362
+ # resp.to_h outputs the following:
1363
+ # {
1364
+ # created_date: Time.parse("2024-08-12T18:20:50.99Z"),
1365
+ # last_updated_date: Time.parse("2024-08-12T18:20:50.99Z"),
1366
+ # policy_id: "Et9KxMplyaDdyurDw8TeFa",
1367
+ # policy_store_id: "C7v5xMplfFH3i3e4Jrzb1a",
1368
+ # policy_type: "TEMPLATE_LINKED",
1369
+ # principal: {
1370
+ # entity_id: "alice",
1371
+ # entity_type: "User",
1372
+ # },
1373
+ # resource: {
1374
+ # entity_id: "VacationPhoto94.jpg",
1375
+ # entity_type: "Photo",
1376
+ # },
1377
+ # }
1378
+ #
941
1379
  # @example Request syntax with placeholder values
942
1380
  #
943
1381
  # resp = client.create_policy({
@@ -1060,6 +1498,26 @@ module Aws::VerifiedPermissions
1060
1498
  # * {Types::CreatePolicyStoreOutput#created_date #created_date} => Time
1061
1499
  # * {Types::CreatePolicyStoreOutput#last_updated_date #last_updated_date} => Time
1062
1500
  #
1501
+ #
1502
+ # @example Example: To create policy store
1503
+ #
1504
+ # # The following example creates a new policy store with strict validation turned on.
1505
+ #
1506
+ # resp = client.create_policy_store({
1507
+ # client_token: "a1b2c3d4-e5f6-a1b2-c3d4-TOKEN1111111",
1508
+ # validation_settings: {
1509
+ # mode: "STRICT",
1510
+ # },
1511
+ # })
1512
+ #
1513
+ # resp.to_h outputs the following:
1514
+ # {
1515
+ # arn: "arn:aws:verifiedpermissions::123456789012:policy-store/C7v5xMplfFH3i3e4Jrzb1a",
1516
+ # created_date: Time.parse("2024-08-12T18:20:50.99Z"),
1517
+ # last_updated_date: Time.parse("2024-08-12T18:20:50.99Z"),
1518
+ # policy_store_id: "C7v5xMplfFH3i3e4Jrzb1a",
1519
+ # }
1520
+ #
1063
1521
  # @example Request syntax with placeholder values
1064
1522
  #
1065
1523
  # resp = client.create_policy_store({
@@ -1146,6 +1604,26 @@ module Aws::VerifiedPermissions
1146
1604
  # * {Types::CreatePolicyTemplateOutput#created_date #created_date} => Time
1147
1605
  # * {Types::CreatePolicyTemplateOutput#last_updated_date #last_updated_date} => Time
1148
1606
  #
1607
+ #
1608
+ # @example Example: To create a policy template
1609
+ #
1610
+ # # The following example creates a policy template that has a placeholder for the principal.
1611
+ #
1612
+ # resp = client.create_policy_template({
1613
+ # client_token: "a1b2c3d4-e5f6-a1b2-c3d4-TOKEN1111111",
1614
+ # description: "Template for research dept",
1615
+ # policy_store_id: "C7v5xMplfFH3i3e4Jrzb1a",
1616
+ # statement: "\"AccessVacation\"\npermit(\n principal in ?principal,\n action == Action::\"view\",\n resource == Photo::\"VacationPhoto94.jpg\"\n)\nwhen {\n principal has department && principal.department == \"research\"\n};",
1617
+ # })
1618
+ #
1619
+ # resp.to_h outputs the following:
1620
+ # {
1621
+ # created_date: Time.parse("2024-08-12T18:20:50.99Z"),
1622
+ # last_updated_date: Time.parse("2024-08-12T18:20:50.99Z"),
1623
+ # policy_store_id: "C7v5xMplfFH3i3e4Jrzb1a",
1624
+ # policy_template_id: "PTEXAMPLEabcdefg111111",
1625
+ # }
1626
+ #
1149
1627
  # @example Request syntax with placeholder values
1150
1628
  #
1151
1629
  # resp = client.create_policy_template({
@@ -1190,6 +1668,20 @@ module Aws::VerifiedPermissions
1190
1668
  #
1191
1669
  # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
1192
1670
  #
1671
+ #
1672
+ # @example Example: To delete an identity source
1673
+ #
1674
+ # # The following example request deletes the specified identity source.
1675
+ #
1676
+ # resp = client.delete_identity_source({
1677
+ # identity_source_id: "ISEXAMPLEabcdefg111111",
1678
+ # policy_store_id: "C7v5xMplfFH3i3e4Jrzb1a",
1679
+ # })
1680
+ #
1681
+ # resp.to_h outputs the following:
1682
+ # {
1683
+ # }
1684
+ #
1193
1685
  # @example Request syntax with placeholder values
1194
1686
  #
1195
1687
  # resp = client.delete_identity_source({
@@ -1221,6 +1713,20 @@ module Aws::VerifiedPermissions
1221
1713
  #
1222
1714
  # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
1223
1715
  #
1716
+ #
1717
+ # @example Example: To delete a policy
1718
+ #
1719
+ # # The following example deletes the specified policy from its policy store.
1720
+ #
1721
+ # resp = client.delete_policy({
1722
+ # policy_id: "9wYxMpljbbZQb5fcZHyJhY",
1723
+ # policy_store_id: "C7v5xMplfFH3i3e4Jrzb1a",
1724
+ # })
1725
+ #
1726
+ # resp.to_h outputs the following:
1727
+ # {
1728
+ # }
1729
+ #
1224
1730
  # @example Request syntax with placeholder values
1225
1731
  #
1226
1732
  # resp = client.delete_policy({
@@ -1248,6 +1754,19 @@ module Aws::VerifiedPermissions
1248
1754
  #
1249
1755
  # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
1250
1756
  #
1757
+ #
1758
+ # @example Example: To delete a policy store
1759
+ #
1760
+ # # The following example deletes the specified policy store.
1761
+ #
1762
+ # resp = client.delete_policy_store({
1763
+ # policy_store_id: "C7v5xMplfFH3i3e4Jrzb1a",
1764
+ # })
1765
+ #
1766
+ # resp.to_h outputs the following:
1767
+ # {
1768
+ # }
1769
+ #
1251
1770
  # @example Request syntax with placeholder values
1252
1771
  #
1253
1772
  # resp = client.delete_policy_store({
@@ -1279,6 +1798,21 @@ module Aws::VerifiedPermissions
1279
1798
  #
1280
1799
  # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
1281
1800
  #
1801
+ #
1802
+ # @example Example: To delete a policy template
1803
+ #
1804
+ # # The following example deletes a policy template. Before you can perform this operation, you must first delete any
1805
+ # # template-linked policies that were instantiated from this policy template. To delete them, use DeletePolicy.
1806
+ #
1807
+ # resp = client.delete_policy_template({
1808
+ # policy_store_id: "C7v5xMplfFH3i3e4Jrzb1a",
1809
+ # policy_template_id: "PTEXAMPLEabcdefg111111",
1810
+ # })
1811
+ #
1812
+ # resp.to_h outputs the following:
1813
+ # {
1814
+ # }
1815
+ #
1282
1816
  # @example Request syntax with placeholder values
1283
1817
  #
1284
1818
  # resp = client.delete_policy_template({
@@ -1314,6 +1848,33 @@ module Aws::VerifiedPermissions
1314
1848
  # * {Types::GetIdentitySourceOutput#principal_entity_type #principal_entity_type} => String
1315
1849
  # * {Types::GetIdentitySourceOutput#configuration #configuration} => Types::ConfigurationDetail
1316
1850
  #
1851
+ #
1852
+ # @example Example: To retrieve details about an identity source
1853
+ #
1854
+ # # The following example retrieves the details for the specified identity source.
1855
+ #
1856
+ # resp = client.get_identity_source({
1857
+ # identity_source_id: "ISEXAMPLEabcdefg111111",
1858
+ # policy_store_id: "C7v5xMplfFH3i3e4Jrzb1a",
1859
+ # })
1860
+ #
1861
+ # resp.to_h outputs the following:
1862
+ # {
1863
+ # created_date: Time.parse("2024-08-12T18:20:50.99Z"),
1864
+ # details: {
1865
+ # client_ids: [
1866
+ # "a1b2c3d4e5f6g7h8i9j0kalbmc",
1867
+ # ],
1868
+ # discovery_url: "https://cognito-idp.us-east-1.amazonaws.com/us-east-1_1a2b3c4d5",
1869
+ # open_id_issuer: "COGNITO",
1870
+ # user_pool_arn: "arn:aws:cognito-idp:us-east-1:123456789012:userpool/us-east-1_1a2b3c4d5",
1871
+ # },
1872
+ # identity_source_id: "ISEXAMPLEabcdefg111111",
1873
+ # last_updated_date: Time.parse("2024-08-12T18:20:50.99Z"),
1874
+ # policy_store_id: "C7v5xMplfFH3i3e4Jrzb1a",
1875
+ # principal_entity_type: "AWS::Cognito",
1876
+ # }
1877
+ #
1317
1878
  # @example Request syntax with placeholder values
1318
1879
  #
1319
1880
  # resp = client.get_identity_source({
@@ -1380,6 +1941,37 @@ module Aws::VerifiedPermissions
1380
1941
  # * {Types::GetPolicyOutput#last_updated_date #last_updated_date} => Time
1381
1942
  # * {Types::GetPolicyOutput#effect #effect} => String
1382
1943
  #
1944
+ #
1945
+ # @example Example: To retrieve details about a policy
1946
+ #
1947
+ # # The following example retrieves information about the specified policy contained in the specified policy store. In this
1948
+ # # example, the requested policy is a template-linked policy, so it returns the ID of the policy template, and the specific
1949
+ # # principal and resource used by this policy.
1950
+ #
1951
+ # resp = client.get_policy({
1952
+ # policy_id: "9wYixMplbbZQb5fcZHyJhY",
1953
+ # policy_store_id: "C7v5xMplfFH3i3e4Jrzb1a",
1954
+ # })
1955
+ #
1956
+ # resp.to_h outputs the following:
1957
+ # {
1958
+ # created_date: Time.parse("2024-08-12T18:20:50.99Z"),
1959
+ # definition: {
1960
+ # static: {
1961
+ # description: "Grant everyone of janeFriends UserGroup access to the vacationFolder Album",
1962
+ # statement: "permit(principal, action, resource in Album::\"publicFolder\");",
1963
+ # },
1964
+ # },
1965
+ # last_updated_date: Time.parse("2024-08-12T18:20:50.99Z"),
1966
+ # policy_id: "9wYxMpljbbZQb5fcZHyJhY",
1967
+ # policy_store_id: "C7v5xMplfFH3i3e4Jrzb1a",
1968
+ # policy_type: "STATIC",
1969
+ # resource: {
1970
+ # entity_id: "publicFolder",
1971
+ # entity_type: "Album",
1972
+ # },
1973
+ # }
1974
+ #
1383
1975
  # @example Request syntax with placeholder values
1384
1976
  #
1385
1977
  # resp = client.get_policy({
@@ -1433,6 +2025,26 @@ module Aws::VerifiedPermissions
1433
2025
  # * {Types::GetPolicyStoreOutput#last_updated_date #last_updated_date} => Time
1434
2026
  # * {Types::GetPolicyStoreOutput#description #description} => String
1435
2027
  #
2028
+ #
2029
+ # @example Example: GetPolicyStore
2030
+ #
2031
+ # # The following example retrieves details about the specified policy store.
2032
+ #
2033
+ # resp = client.get_policy_store({
2034
+ # policy_store_id: "C7v5xMplfFH3i3e4Jrzb1a",
2035
+ # })
2036
+ #
2037
+ # resp.to_h outputs the following:
2038
+ # {
2039
+ # arn: "arn:aws:verifiedpermissions::123456789012:policy-store/C7v5xMplfFH3i3e4Jrzb1a",
2040
+ # created_date: Time.parse("2024-08-12T18:20:50.99Z"),
2041
+ # last_updated_date: Time.parse("2024-08-12T18:20:50.99Z"),
2042
+ # policy_store_id: "C7v5xMplfFH3i3e4Jrzb1a",
2043
+ # validation_settings: {
2044
+ # mode: "STRICT",
2045
+ # },
2046
+ # }
2047
+ #
1436
2048
  # @example Request syntax with placeholder values
1437
2049
  #
1438
2050
  # resp = client.get_policy_store({
@@ -1477,6 +2089,26 @@ module Aws::VerifiedPermissions
1477
2089
  # * {Types::GetPolicyTemplateOutput#created_date #created_date} => Time
1478
2090
  # * {Types::GetPolicyTemplateOutput#last_updated_date #last_updated_date} => Time
1479
2091
  #
2092
+ #
2093
+ # @example Example: GetPolicyTemplate
2094
+ #
2095
+ # # The following example displays the details of the specified policy template.
2096
+ #
2097
+ # resp = client.get_policy_template({
2098
+ # policy_store_id: "C7v5xMplfFH3i3e4Jrzb1a",
2099
+ # policy_template_id: "PTEXAMPLEabcdefg111111",
2100
+ # })
2101
+ #
2102
+ # resp.to_h outputs the following:
2103
+ # {
2104
+ # created_date: Time.parse("2024-08-12T18:20:50.99Z"),
2105
+ # description: "Template for research dept",
2106
+ # last_updated_date: Time.parse("2024-08-12T18:20:50.99Z"),
2107
+ # policy_store_id: "C7v5xMplfFH3i3e4Jrzb1a",
2108
+ # policy_template_id: "PTEXAMPLEabcdefg111111",
2109
+ # statement: "permit(\n principal ?principal,\n action == Action::\"view\",\n resource in ?resource\n) when {\n principal has department && principal.department == \"research\" \n};",
2110
+ # }
2111
+ #
1480
2112
  # @example Request syntax with placeholder values
1481
2113
  #
1482
2114
  # resp = client.get_policy_template({
@@ -1516,6 +2148,29 @@ module Aws::VerifiedPermissions
1516
2148
  # * {Types::GetSchemaOutput#last_updated_date #last_updated_date} => Time
1517
2149
  # * {Types::GetSchemaOutput#namespaces #namespaces} => Array&lt;String&gt;
1518
2150
  #
2151
+ #
2152
+ # @example Example: GetSchema
2153
+ #
2154
+ # # The following example retrieves the current schema stored in the specified policy store.
2155
+ # # Note
2156
+ # # The JSON in the parameters of this operation are strings that can contain embedded quotation marks (") within the
2157
+ # # outermost quotation mark pair. This requires that you stringify the JSON object by preceding all embedded quotation
2158
+ # # marks with a backslash character ( \" ) and combining all lines into a single text line with no line breaks.
2159
+ # # Example strings might be displayed wrapped across multiple lines here for readability, but the operation requires the
2160
+ # # parameters be submitted as single line strings.
2161
+ #
2162
+ # resp = client.get_schema({
2163
+ # policy_store_id: "C7v5xMplfFH3i3e4Jrzb1a",
2164
+ # })
2165
+ #
2166
+ # resp.to_h outputs the following:
2167
+ # {
2168
+ # created_date: Time.parse("2024-08-12T18:20:50.99Z"),
2169
+ # last_updated_date: Time.parse("2024-08-12T18:20:50.99Z"),
2170
+ # policy_store_id: "C7v5xMplfFH3i3e4Jrzb1a",
2171
+ # schema: "{\n\"My::Application\": {\n\"actions\": {\n\"remoteAccess\": {\n\"appliesTo\": {\n\"principalTypes\": [\"Employee\"]\n}\n}\n},\n\"entityTypes\": {\n\"Employee\": {\n\"shape\": {\n\"attributes\": {\n\"jobLevel\": { \"type\": \"Long\" },\n\"name\": { \"type\":\"String\" }\n},\n\"type\": \"Record\"\n}\n}\n}\n}\n }",
2172
+ # }
2173
+ #
1519
2174
  # @example Request syntax with placeholder values
1520
2175
  #
1521
2176
  # resp = client.get_schema({
@@ -1585,6 +2240,72 @@ module Aws::VerifiedPermissions
1585
2240
  # * {Types::IsAuthorizedOutput#determining_policies #determining_policies} => Array&lt;Types::DeterminingPolicyItem&gt;
1586
2241
  # * {Types::IsAuthorizedOutput#errors #errors} => Array&lt;Types::EvaluationErrorItem&gt;
1587
2242
  #
2243
+ #
2244
+ # @example Example: IsAuthorized - Example 1
2245
+ #
2246
+ # # The following example requests an authorization decision for a principal of type User named Alice, who wants to perform
2247
+ # # the updatePhoto operation, on a resource of type Photo named VacationPhoto94.jpg.
2248
+ # # The response shows that the request was allowed by one policy.
2249
+ #
2250
+ # resp = client.is_authorized({
2251
+ # action: {
2252
+ # action_id: "view",
2253
+ # action_type: "Action",
2254
+ # },
2255
+ # policy_store_id: "C7v5xMplfFH3i3e4Jrzb1a",
2256
+ # principal: {
2257
+ # entity_id: "alice",
2258
+ # entity_type: "User",
2259
+ # },
2260
+ # resource: {
2261
+ # entity_id: "VacationPhoto94.jpg",
2262
+ # entity_type: "Photo",
2263
+ # },
2264
+ # })
2265
+ #
2266
+ # resp.to_h outputs the following:
2267
+ # {
2268
+ # errors: [
2269
+ # ],
2270
+ # decision: "ALLOW",
2271
+ # determining_policies: [
2272
+ # {
2273
+ # policy_id: "9wYxMpljbbZQb5fcZHyJhY",
2274
+ # },
2275
+ # ],
2276
+ # }
2277
+ #
2278
+ # @example Example: IsAuthorized - Example 2
2279
+ #
2280
+ # # The following example is the same as the previous example, except that the principal is User::"bob", and the policy
2281
+ # # store doesn't contain any policy that allows that user access to Album::"alice_folder". The output infers that the Deny
2282
+ # # was implicit because the list of DeterminingPolicies is empty.
2283
+ #
2284
+ # resp = client.is_authorized({
2285
+ # action: {
2286
+ # action_id: "view",
2287
+ # action_type: "Action",
2288
+ # },
2289
+ # policy_store_id: "C7v5xMplfFH3i3e4Jrzb1a",
2290
+ # principal: {
2291
+ # entity_id: "bob",
2292
+ # entity_type: "User",
2293
+ # },
2294
+ # resource: {
2295
+ # entity_id: "VacationPhoto94.jpg",
2296
+ # entity_type: "Photo",
2297
+ # },
2298
+ # })
2299
+ #
2300
+ # resp.to_h outputs the following:
2301
+ # {
2302
+ # errors: [
2303
+ # ],
2304
+ # decision: "DENY",
2305
+ # determining_policies: [
2306
+ # ],
2307
+ # }
2308
+ #
1588
2309
  # @example Request syntax with placeholder values
1589
2310
  #
1590
2311
  # resp = client.is_authorized({
@@ -1654,9 +2375,6 @@ module Aws::VerifiedPermissions
1654
2375
  # `Allow` or `Deny`, along with a list of the policies that resulted in
1655
2376
  # the decision.
1656
2377
  #
1657
- # At this time, Verified Permissions accepts tokens from only Amazon
1658
- # Cognito.
1659
- #
1660
2378
  # Verified Permissions validates each token that is specified in a
1661
2379
  # request by checking its expiration date and its signature.
1662
2380
  #
@@ -1726,6 +2444,44 @@ module Aws::VerifiedPermissions
1726
2444
  # * {Types::IsAuthorizedWithTokenOutput#errors #errors} => Array&lt;Types::EvaluationErrorItem&gt;
1727
2445
  # * {Types::IsAuthorizedWithTokenOutput#principal #principal} => Types::EntityIdentifier
1728
2446
  #
2447
+ #
2448
+ # @example Example: IsAuthorizedWithToken - Example 1
2449
+ #
2450
+ # # The following example requests an authorization decision for a user who was authenticated by Amazon Cognito. The request
2451
+ # # uses the identity token provided by Amazon Cognito instead of the access token. In this example, the specified
2452
+ # # information store is configured to return principals as entities of type CognitoUser. The policy store contains a policy
2453
+ # # with the following statement.
2454
+ # # permit(
2455
+ # # principal == CognitoUser::"us-east-1_1a2b3c4d5|a1b2c3d4e5f6g7h8i9j0kalbmc",
2456
+ # # action,
2457
+ # # resource == Photo::"VacationPhoto94.jpg"
2458
+ # # );
2459
+ #
2460
+ # resp = client.is_authorized_with_token({
2461
+ # action: {
2462
+ # action_id: "View",
2463
+ # action_type: "Action",
2464
+ # },
2465
+ # identity_token: "EgZjxMPlbWUyBggAEEUYOdIBCDM3NDlqMGo3qAIAsAIA",
2466
+ # policy_store_id: "C7v5xMplfFH3i3e4Jrzb1a",
2467
+ # resource: {
2468
+ # entity_id: "vacationPhoto94.jpg",
2469
+ # entity_type: "Photo",
2470
+ # },
2471
+ # })
2472
+ #
2473
+ # resp.to_h outputs the following:
2474
+ # {
2475
+ # errors: [
2476
+ # ],
2477
+ # decision: "ALLOW",
2478
+ # determining_policies: [
2479
+ # {
2480
+ # policy_id: "9wYxMpljbbZQb5fcZHyJhY",
2481
+ # },
2482
+ # ],
2483
+ # }
2484
+ #
1729
2485
  # @example Request syntax with placeholder values
1730
2486
  #
1731
2487
  # resp = client.is_authorized_with_token({
@@ -1824,6 +2580,36 @@ module Aws::VerifiedPermissions
1824
2580
  #
1825
2581
  # The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
1826
2582
  #
2583
+ #
2584
+ # @example Example: ListIdentitySources
2585
+ #
2586
+ # # The following example request creates lists the identity sources currently defined in the specified policy store.
2587
+ #
2588
+ # resp = client.list_identity_sources({
2589
+ # policy_store_id: "C7v5xMplfFH3i3e4Jrzb1a",
2590
+ # })
2591
+ #
2592
+ # resp.to_h outputs the following:
2593
+ # {
2594
+ # identity_sources: [
2595
+ # {
2596
+ # created_date: Time.parse("2023-05-19T20:29:23.66812Z"),
2597
+ # details: {
2598
+ # client_ids: [
2599
+ # "a1b2c3d4e5f6g7h8i9j0kalbmc",
2600
+ # ],
2601
+ # discovery_url: "https://cognito-idp.us-east-1.amazonaws.com/us-east-1_1a2b3c4d5",
2602
+ # open_id_issuer: "COGNITO",
2603
+ # user_pool_arn: "arn:aws:cognito-idp:us-east-1:123456789012:userpool/us-east-1_1a2b3c4d5",
2604
+ # },
2605
+ # identity_source_id: "ISEXAMPLEabcdefg111111",
2606
+ # last_updated_date: Time.parse("2023-05-19T20:29:23.66812Z"),
2607
+ # policy_store_id: "C7v5xMplfFH3i3e4Jrzb1a",
2608
+ # principal_entity_type: "User",
2609
+ # },
2610
+ # ],
2611
+ # }
2612
+ #
1827
2613
  # @example Request syntax with placeholder values
1828
2614
  #
1829
2615
  # resp = client.list_identity_sources({
@@ -1915,6 +2701,163 @@ module Aws::VerifiedPermissions
1915
2701
  #
1916
2702
  # The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
1917
2703
  #
2704
+ #
2705
+ # @example Example: ListPolicies - Example 1
2706
+ #
2707
+ # # The following example lists all policies in the policy store.
2708
+ #
2709
+ # resp = client.list_policies({
2710
+ # policy_store_id: "C7v5xMplfFH3i3e4Jrzb1a",
2711
+ # })
2712
+ #
2713
+ # resp.to_h outputs the following:
2714
+ # {
2715
+ # policies: [
2716
+ # {
2717
+ # created_date: Time.parse("2024-08-12T18:20:50.99Z"),
2718
+ # definition: {
2719
+ # static: {
2720
+ # description: "Grant members of janeFriends UserGroup access to the vacationFolder Album",
2721
+ # },
2722
+ # },
2723
+ # last_updated_date: Time.parse("2024-08-12T18:20:50.99Z"),
2724
+ # policy_id: "9wYxMpljbbZQb5fcZHyJhY",
2725
+ # policy_store_id: "C7v5xMplfFH3i3e4Jrzb1a",
2726
+ # policy_type: "STATIC",
2727
+ # principal: {
2728
+ # entity_id: "janeFriends",
2729
+ # entity_type: "UserGroup",
2730
+ # },
2731
+ # resource: {
2732
+ # entity_id: "vacationFolder",
2733
+ # entity_type: "Album",
2734
+ # },
2735
+ # },
2736
+ # {
2737
+ # created_date: Time.parse("2024-08-12T18:20:50.99Z"),
2738
+ # definition: {
2739
+ # static: {
2740
+ # description: "Grant everyone access to the publicFolder Album",
2741
+ # },
2742
+ # },
2743
+ # last_updated_date: Time.parse("2024-08-12T18:20:50.99Z"),
2744
+ # policy_id: "Et9KxMplyaDdyurDw8TeFa",
2745
+ # policy_store_id: "C7v5xMplfFH3i3e4Jrzb1a",
2746
+ # policy_type: "STATIC",
2747
+ # resource: {
2748
+ # entity_id: "publicFolder",
2749
+ # entity_type: "Album",
2750
+ # },
2751
+ # },
2752
+ # ],
2753
+ # }
2754
+ #
2755
+ # @example Example: ListPolicies - Example 2
2756
+ #
2757
+ # # The following example lists all policies for a specified principal.
2758
+ #
2759
+ # resp = client.list_policies({
2760
+ # filter: {
2761
+ # principal: {
2762
+ # identifier: {
2763
+ # entity_id: "alice",
2764
+ # entity_type: "User",
2765
+ # },
2766
+ # },
2767
+ # },
2768
+ # policy_store_id: "C7v5xMplfFH3i3e4Jrzb1a",
2769
+ # })
2770
+ #
2771
+ # resp.to_h outputs the following:
2772
+ # {
2773
+ # policies: [
2774
+ # {
2775
+ # created_date: Time.parse("2022-12-09T22:55:16.067533Z"),
2776
+ # definition: {
2777
+ # static: {
2778
+ # description: "An example policy",
2779
+ # },
2780
+ # },
2781
+ # last_updated_date: Time.parse("2022-12-09T22:55:16.067533Z"),
2782
+ # policy_id: "Et9KxMplyaDdyurDw8TeFa",
2783
+ # policy_store_id: "C7v5xMplfFH3i3e4Jrzb1a",
2784
+ # policy_type: "STATIC",
2785
+ # principal: {
2786
+ # entity_id: "alice",
2787
+ # entity_type: "User",
2788
+ # },
2789
+ # resource: {
2790
+ # entity_id: "bob_folder",
2791
+ # entity_type: "Album",
2792
+ # },
2793
+ # },
2794
+ # {
2795
+ # created_date: Time.parse("2022-12-09T23:00:24.66266Z"),
2796
+ # definition: {
2797
+ # static: {
2798
+ # },
2799
+ # },
2800
+ # last_updated_date: Time.parse("2022-12-09T23:00:24.66266Z"),
2801
+ # policy_id: "9wYxMpljbbZQb5fcZHyJhY",
2802
+ # policy_store_id: "C7v5xMplfFH3i3e4Jrzb1a",
2803
+ # policy_type: "STATIC",
2804
+ # principal: {
2805
+ # entity_id: "alice",
2806
+ # entity_type: "User",
2807
+ # },
2808
+ # resource: {
2809
+ # entity_id: "alice_folder",
2810
+ # entity_type: "Album",
2811
+ # },
2812
+ # },
2813
+ # ],
2814
+ # }
2815
+ #
2816
+ # @example Example: ListPolicies - Example 3
2817
+ #
2818
+ # # The following example uses the Filter parameter to list only the template-linked policies in the specified policy store.
2819
+ #
2820
+ # resp = client.list_policies({
2821
+ # filter: {
2822
+ # policy_type: "TEMPLATE_LINKED",
2823
+ # },
2824
+ # policy_store_id: "C7v5xMplfFH3i3e4Jrzb1a",
2825
+ # })
2826
+ #
2827
+ # resp.to_h outputs the following:
2828
+ # {
2829
+ # policies: [
2830
+ # {
2831
+ # created_date: Time.parse("2023-06-13T16:03:07.620867Z"),
2832
+ # definition: {
2833
+ # template_linked: {
2834
+ # policy_template_id: "PTEXAMPLEabcdefg111111",
2835
+ # principal: {
2836
+ # entity_id: "alice",
2837
+ # entity_type: "User",
2838
+ # },
2839
+ # resource: {
2840
+ # entity_id: "pic.jpg",
2841
+ # entity_type: "Photo",
2842
+ # },
2843
+ # },
2844
+ # },
2845
+ # last_updated_date: Time.parse("2023-06-13T16:03:07.620867Z"),
2846
+ # policy_id: "9wYxMpljbbZQb5fcZHyJhY",
2847
+ # policy_store_id: "C7v5xMplfFH3i3e4Jrzb1a",
2848
+ # policy_type: "TEMPLATE_LINKED",
2849
+ # principal: {
2850
+ # entity_id: "alice",
2851
+ # entity_type: "User",
2852
+ # },
2853
+ # resource: {
2854
+ # entity_id: "pic.jpg",
2855
+ # entity_type: "Photo",
2856
+ # },
2857
+ # },
2858
+ # ],
2859
+ # }
2860
+ #
1918
2861
  # @example Request syntax with placeholder values
1919
2862
  #
1920
2863
  # resp = client.list_policies({
@@ -2005,6 +2948,30 @@ module Aws::VerifiedPermissions
2005
2948
  #
2006
2949
  # The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
2007
2950
  #
2951
+ #
2952
+ # @example Example: ListPolicyStores
2953
+ #
2954
+ # # The following example lists all policy stores in the AWS account in the AWS Region in which you call the operation.
2955
+ #
2956
+ # resp = client.list_policy_stores({
2957
+ # })
2958
+ #
2959
+ # resp.to_h outputs the following:
2960
+ # {
2961
+ # policy_stores: [
2962
+ # {
2963
+ # arn: "arn:aws:verifiedpermissions::123456789012:policy-store/C7v5xMplfFH3i3e4Jrzb1a",
2964
+ # created_date: Time.parse("2023-05-16T17:41:29.103459Z"),
2965
+ # policy_store_id: "C7v5xMplfFH3i3e4Jrzb1a",
2966
+ # },
2967
+ # {
2968
+ # arn: "arn:aws:verifiedpermissions::123456789012:policy-store/PSEXAMPLEabcdefg222222",
2969
+ # created_date: Time.parse("2023-05-16T18:23:04.985521Z"),
2970
+ # policy_store_id: "PSEXAMPLEabcdefg222222",
2971
+ # },
2972
+ # ],
2973
+ # }
2974
+ #
2008
2975
  # @example Request syntax with placeholder values
2009
2976
  #
2010
2977
  # resp = client.list_policy_stores({
@@ -2066,6 +3033,35 @@ module Aws::VerifiedPermissions
2066
3033
  #
2067
3034
  # The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
2068
3035
  #
3036
+ #
3037
+ # @example Example: ListPolicyTemplates
3038
+ #
3039
+ # # The following example retrieves a list of all of the policy templates in the specified policy store.
3040
+ #
3041
+ # resp = client.list_policy_templates({
3042
+ # policy_store_id: "C7v5xMplfFH3i3e4Jrzb1a",
3043
+ # })
3044
+ #
3045
+ # resp.to_h outputs the following:
3046
+ # {
3047
+ # policy_templates: [
3048
+ # {
3049
+ # created_date: Time.parse("2024-08-12T18:20:50.99Z"),
3050
+ # description: "Generic template",
3051
+ # last_updated_date: Time.parse("2024-08-12T18:20:50.99Z"),
3052
+ # policy_store_id: "C7v5xMplfFH3i3e4Jrzb1a",
3053
+ # policy_template_id: "PTEXAMPLEabcdefg111111",
3054
+ # },
3055
+ # {
3056
+ # created_date: Time.parse("2024-08-12T18:20:50.99Z"),
3057
+ # description: "Template for research dept",
3058
+ # last_updated_date: Time.parse("2024-08-12T18:20:50.99Z"),
3059
+ # policy_store_id: "C7v5xMplfFH3i3e4Jrzb1a",
3060
+ # policy_template_id: "PTEXAMPLEabcdefg222222",
3061
+ # },
3062
+ # ],
3063
+ # }
3064
+ #
2069
3065
  # @example Request syntax with placeholder values
2070
3066
  #
2071
3067
  # resp = client.list_policy_templates({
@@ -2123,6 +3119,35 @@ module Aws::VerifiedPermissions
2123
3119
  # * {Types::PutSchemaOutput#created_date #created_date} => Time
2124
3120
  # * {Types::PutSchemaOutput#last_updated_date #last_updated_date} => Time
2125
3121
  #
3122
+ #
3123
+ # @example Example: PutSchema
3124
+ #
3125
+ # # The following example creates a new schema, or updates an existing schema, in the specified policy store. Note that the
3126
+ # # schema text is shown line wrapped for readability. You should submit the entire schema text as a single line of text.
3127
+ # # Note
3128
+ # # The JSON in the parameters of this operation are strings that can contain embedded quotation marks (") within the
3129
+ # # outermost quotation mark pair. This requires that you stringify the JSON object by preceding all embedded quotation
3130
+ # # marks with a backslash character ( \" ) and combining all lines into a single text line with no line breaks.
3131
+ # # Example strings might be displayed wrapped across multiple lines here for readability, but the operation requires the
3132
+ # # parameters be submitted as single line strings.
3133
+ #
3134
+ # resp = client.put_schema({
3135
+ # definition: {
3136
+ # cedar_json: "{\"MySampleNamespace\": {\"actions\": {\"remoteAccess\": {\"appliesTo\": {\"principalTypes\": [\"Employee\"]}}},\"entityTypes\": {\"Employee\": {\"shape\": {\"attributes\": {\"jobLevel\": {\"type\": \"Long\"},\"name\": {\"type\": \"String\"}},\"type\": \"Record\"}}}}}",
3137
+ # },
3138
+ # policy_store_id: "C7v5xMplfFH3i3e4Jrzb1a",
3139
+ # })
3140
+ #
3141
+ # resp.to_h outputs the following:
3142
+ # {
3143
+ # created_date: Time.parse("2023-06-13T19:28:06.003726Z"),
3144
+ # last_updated_date: Time.parse("2023-06-13T19:28:06.003726Z"),
3145
+ # namespaces: [
3146
+ # "My::Sample::Namespace",
3147
+ # ],
3148
+ # policy_store_id: "C7v5xMplfFH3i3e4Jrzb1a",
3149
+ # }
3150
+ #
2126
3151
  # @example Request syntax with placeholder values
2127
3152
  #
2128
3153
  # resp = client.put_schema({
@@ -2172,13 +3197,6 @@ module Aws::VerifiedPermissions
2172
3197
  # Specifies the details required to communicate with the identity
2173
3198
  # provider (IdP) associated with this identity source.
2174
3199
  #
2175
- # <note markdown="1"> At this time, the only valid member of this structure is a Amazon
2176
- # Cognito user pool configuration.
2177
- #
2178
- # You must specify a `userPoolArn`, and optionally, a `ClientId`.
2179
- #
2180
- # </note>
2181
- #
2182
3200
  # @option params [String] :principal_entity_type
2183
3201
  # Specifies the data type of principals generated for identities
2184
3202
  # authenticated by the identity source.
@@ -2190,6 +3208,32 @@ module Aws::VerifiedPermissions
2190
3208
  # * {Types::UpdateIdentitySourceOutput#last_updated_date #last_updated_date} => Time
2191
3209
  # * {Types::UpdateIdentitySourceOutput#policy_store_id #policy_store_id} => String
2192
3210
  #
3211
+ #
3212
+ # @example Example: UpdateIdentitySource
3213
+ #
3214
+ # # The following example updates the configuration of the specified identity source with a new configuration.
3215
+ #
3216
+ # resp = client.update_identity_source({
3217
+ # identity_source_id: "ISEXAMPLEabcdefg111111",
3218
+ # policy_store_id: "C7v5xMplfFH3i3e4Jrzb1a",
3219
+ # update_configuration: {
3220
+ # cognito_user_pool_configuration: {
3221
+ # client_ids: [
3222
+ # "a1b2c3d4e5f6g7h8i9j0kalbmc",
3223
+ # ],
3224
+ # user_pool_arn: "arn:aws:cognito-idp:us-east-1:123456789012:userpool/us-east-1_1a2b3c4d5",
3225
+ # },
3226
+ # },
3227
+ # })
3228
+ #
3229
+ # resp.to_h outputs the following:
3230
+ # {
3231
+ # created_date: Time.parse("2023-05-19T20:30:28.173926Z"),
3232
+ # identity_source_id: "ISEXAMPLEabcdefg111111",
3233
+ # last_updated_date: Time.parse("2023-05-22T20:45:59.962216Z"),
3234
+ # policy_store_id: "C7v5xMplfFH3i3e4Jrzb1a",
3235
+ # }
3236
+ #
2193
3237
  # @example Request syntax with placeholder values
2194
3238
  #
2195
3239
  # resp = client.update_identity_source({
@@ -2334,6 +3378,34 @@ module Aws::VerifiedPermissions
2334
3378
  # * {Types::UpdatePolicyOutput#last_updated_date #last_updated_date} => Time
2335
3379
  # * {Types::UpdatePolicyOutput#effect #effect} => String
2336
3380
  #
3381
+ #
3382
+ # @example Example: UpdatePolicy
3383
+ #
3384
+ # # The following example replaces the definition of the specified static policy with a new one.
3385
+ #
3386
+ # resp = client.update_policy({
3387
+ # definition: {
3388
+ # static: {
3389
+ # statement: "permit(principal, action, resource in Album::\"public_folder\");",
3390
+ # },
3391
+ # },
3392
+ # policy_id: "9wYxMpljbbZQb5fcZHyJhY",
3393
+ # policy_store_id: "C7v5xMplfFH3i3e4Jrzb1a",
3394
+ # })
3395
+ #
3396
+ # resp.to_h outputs the following:
3397
+ # {
3398
+ # created_date: Time.parse("2024-08-12T18:20:50.99Z"),
3399
+ # last_updated_date: Time.parse("2024-08-12T18:20:50.99Z"),
3400
+ # policy_id: "9wYxMpljbbZQb5fcZHyJhY",
3401
+ # policy_store_id: "C7v5xMplfFH3i3e4Jrzb1a",
3402
+ # policy_type: "STATIC",
3403
+ # resource: {
3404
+ # entity_id: "public_folder",
3405
+ # entity_type: "Album",
3406
+ # },
3407
+ # }
3408
+ #
2337
3409
  # @example Request syntax with placeholder values
2338
3410
  #
2339
3411
  # resp = client.update_policy({
@@ -2400,6 +3472,26 @@ module Aws::VerifiedPermissions
2400
3472
  # * {Types::UpdatePolicyStoreOutput#created_date #created_date} => Time
2401
3473
  # * {Types::UpdatePolicyStoreOutput#last_updated_date #last_updated_date} => Time
2402
3474
  #
3475
+ #
3476
+ # @example Example: UpdatePolicyStore
3477
+ #
3478
+ # # The following example turns off the validation settings for a policy store.
3479
+ #
3480
+ # resp = client.update_policy_store({
3481
+ # policy_store_id: "C7v5xMplfFH3i3e4Jrzb1a",
3482
+ # validation_settings: {
3483
+ # mode: "OFF",
3484
+ # },
3485
+ # })
3486
+ #
3487
+ # resp.to_h outputs the following:
3488
+ # {
3489
+ # arn: "arn:aws:verifiedpermissions::123456789012:policy-store/C7v5xMplfFH3i3e4Jrzb1a",
3490
+ # created_date: Time.parse("2023-05-17T18:36:10.134448Z"),
3491
+ # last_updated_date: Time.parse("2023-05-23T18:18:12.443083Z"),
3492
+ # policy_store_id: "C7v5xMplfFH3i3e4Jrzb1a",
3493
+ # }
3494
+ #
2403
3495
  # @example Request syntax with placeholder values
2404
3496
  #
2405
3497
  # resp = client.update_policy_store({
@@ -2481,6 +3573,34 @@ module Aws::VerifiedPermissions
2481
3573
  # * {Types::UpdatePolicyTemplateOutput#created_date #created_date} => Time
2482
3574
  # * {Types::UpdatePolicyTemplateOutput#last_updated_date #last_updated_date} => Time
2483
3575
  #
3576
+ #
3577
+ # @example Example: UpdatePolicyTemplate
3578
+ #
3579
+ # # The following example updates a policy template with both a new description and a new policy body. The effect,
3580
+ # # principal, and resource are the same as the original policy template. Only the action in the head, and the when and
3581
+ # # unless clauses can be different.
3582
+ # # Note
3583
+ # # The JSON in the parameters of this operation are strings that can contain embedded quotation marks (") within the
3584
+ # # outermost quotation mark pair. This requires that you stringify the JSON object by preceding all embedded quotation
3585
+ # # marks with a backslash character ( \" ) and combining all lines into a single text line with no line breaks.
3586
+ # # Example strings might be displayed wrapped across multiple lines here for readability, but the operation requires the
3587
+ # # parameters be submitted as single line strings.
3588
+ #
3589
+ # resp = client.update_policy_template({
3590
+ # description: "My updated template description",
3591
+ # policy_store_id: "C7v5xMplfFH3i3e4Jrzb1a",
3592
+ # policy_template_id: "PTEXAMPLEabcdefg111111",
3593
+ # statement: "\"ResearchAccess\"\npermit(\nprincipal in ?principal,\naction == Action::\"view\",\nresource in ?resource\"\n)\nwhen {\nprincipal has department && principal.department == \"research\"\n};",
3594
+ # })
3595
+ #
3596
+ # resp.to_h outputs the following:
3597
+ # {
3598
+ # created_date: Time.parse("2023-05-17T18:58:48.795411Z"),
3599
+ # last_updated_date: Time.parse("2023-05-17T19:18:48.870209Z"),
3600
+ # policy_store_id: "C7v5xMplfFH3i3e4Jrzb1a",
3601
+ # policy_template_id: "PTEXAMPLEabcdefg111111",
3602
+ # }
3603
+ #
2484
3604
  # @example Request syntax with placeholder values
2485
3605
  #
2486
3606
  # resp = client.update_policy_template({
@@ -2524,7 +3644,7 @@ module Aws::VerifiedPermissions
2524
3644
  tracer: tracer
2525
3645
  )
2526
3646
  context[:gem_name] = 'aws-sdk-verifiedpermissions'
2527
- context[:gem_version] = '1.34.0'
3647
+ context[:gem_version] = '1.36.0'
2528
3648
  Seahorse::Client::Request.new(handlers, context)
2529
3649
  end
2530
3650