aws-sdk-verifiedpermissions 1.34.0 → 1.36.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (11) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +10 -0
  3. data/VERSION +1 -1
  4. data/lib/aws-sdk-verifiedpermissions/client.rb +1132 -12
  5. data/lib/aws-sdk-verifiedpermissions/client_api.rb +1 -0
  6. data/lib/aws-sdk-verifiedpermissions/endpoint_parameters.rb +9 -6
  7. data/lib/aws-sdk-verifiedpermissions/endpoints.rb +2 -284
  8. data/lib/aws-sdk-verifiedpermissions/plugins/endpoints.rb +1 -58
  9. data/lib/aws-sdk-verifiedpermissions/types.rb +9 -14
  10. data/lib/aws-sdk-verifiedpermissions.rb +1 -1
  11. metadata +6 -6
data/lib/aws-sdk-verifiedpermissions/client.rb CHANGED
@@ -502,6 +502,172 @@ module Aws::VerifiedPermissions
502
502
  #
503
503
  # * {Types::BatchIsAuthorizedOutput#results #results} => Array<Types::BatchIsAuthorizedOutputItem>
504
504
  #
505
+ #
506
+ # @example Example: Batch - Example 1
507
+ #
508
+ # # The following example requests two authorization decisions for two principals of type Usernamed
509
+ # # Alice and Annalisa.
510
+ #
511
+ # resp = client.batch_is_authorized({
512
+ # entities: {
513
+ # entity_list: [
514
+ # {
515
+ # attributes: {
516
+ # "Account" => {
517
+ # entity_identifier: {
518
+ # entity_id: "1234",
519
+ # entity_type: "PhotoFlash::Account",
520
+ # },
521
+ # },
522
+ # "Email" => {
523
+ # string: "",
524
+ # },
525
+ # },
526
+ # identifier: {
527
+ # entity_id: "Alice",
528
+ # entity_type: "PhotoFlash::User",
529
+ # },
530
+ # parents: [
531
+ # ],
532
+ # },
533
+ # {
534
+ # attributes: {
535
+ # "Account" => {
536
+ # entity_identifier: {
537
+ # entity_id: "5678",
538
+ # entity_type: "PhotoFlash::Account",
539
+ # },
540
+ # },
541
+ # "Email" => {
542
+ # string: "",
543
+ # },
544
+ # },
545
+ # identifier: {
546
+ # entity_id: "Annalisa",
547
+ # entity_type: "PhotoFlash::User",
548
+ # },
549
+ # parents: [
550
+ # ],
551
+ # },
552
+ # {
553
+ # attributes: {
554
+ # "IsPrivate" => {
555
+ # boolean: false,
556
+ # },
557
+ # "Name" => {
558
+ # string: "",
559
+ # },
560
+ # },
561
+ # identifier: {
562
+ # entity_id: "VacationPhoto94.jpg",
563
+ # entity_type: "PhotoFlash::Photo",
564
+ # },
565
+ # parents: [
566
+ # {
567
+ # entity_id: "1234",
568
+ # entity_type: "PhotoFlash::Account",
569
+ # },
570
+ # ],
571
+ # },
572
+ # {
573
+ # attributes: {
574
+ # "Name" => {
575
+ # string: "",
576
+ # },
577
+ # },
578
+ # identifier: {
579
+ # entity_id: "1234",
580
+ # entity_type: "PhotoFlash::Account",
581
+ # },
582
+ # parents: [
583
+ # ],
584
+ # },
585
+ # ],
586
+ # },
587
+ # policy_store_id: "C7v5xMplfFH3i3e4Jrzb1a",
588
+ # requests: [
589
+ # {
590
+ # action: {
591
+ # action_id: "ViewPhoto",
592
+ # action_type: "PhotoFlash::Action",
593
+ # },
594
+ # principal: {
595
+ # entity_id: "Alice",
596
+ # entity_type: "PhotoFlash::User",
597
+ # },
598
+ # resource: {
599
+ # entity_id: "VacationPhoto94.jpg",
600
+ # entity_type: "PhotoFlash::Photo",
601
+ # },
602
+ # },
603
+ # {
604
+ # action: {
605
+ # action_id: "DeletePhoto",
606
+ # action_type: "PhotoFlash::Action",
607
+ # },
608
+ # principal: {
609
+ # entity_id: "Annalisa",
610
+ # entity_type: "PhotoFlash::User",
611
+ # },
612
+ # resource: {
613
+ # entity_id: "VacationPhoto94.jpg",
614
+ # entity_type: "PhotoFlash::Photo",
615
+ # },
616
+ # },
617
+ # ],
618
+ # })
619
+ #
620
+ # resp.to_h outputs the following:
621
+ # {
622
+ # results: [
623
+ # {
624
+ # errors: [
625
+ # ],
626
+ # decision: "ALLOW",
627
+ # determining_policies: [
628
+ # {
629
+ # policy_id: "9wYxMpljbbZQb5fcZHyJhY",
630
+ # },
631
+ # ],
632
+ # request: {
633
+ # action: {
634
+ # action_id: "ViewPhoto",
635
+ # action_type: "PhotoFlash::Action",
636
+ # },
637
+ # principal: {
638
+ # entity_id: "alice",
639
+ # entity_type: "PhotoFlash::User",
640
+ # },
641
+ # resource: {
642
+ # entity_id: "VacationPhoto94.jpg",
643
+ # entity_type: "PhotoFlash::Photo",
644
+ # },
645
+ # },
646
+ # },
647
+ # {
648
+ # errors: [
649
+ # ],
650
+ # decision: "DENY",
651
+ # determining_policies: [
652
+ # ],
653
+ # request: {
654
+ # action: {
655
+ # action_id: "DeletePhoto",
656
+ # action_type: "PhotoFlash::Action",
657
+ # },
658
+ # principal: {
659
+ # entity_id: "annalisa",
660
+ # entity_type: "PhotoFlash::User",
661
+ # },
662
+ # resource: {
663
+ # entity_id: "VacationPhoto94.jpg",
664
+ # entity_type: "PhotoFlash::Photo",
665
+ # },
666
+ # },
667
+ # },
668
+ # ],
669
+ # }
670
+ #
505
671
  # @example Request syntax with placeholder values
506
672
  #
507
673
  # resp = client.batch_is_authorized({
@@ -650,6 +816,144 @@ module Aws::VerifiedPermissions
650
816
  # * {Types::BatchIsAuthorizedWithTokenOutput#principal #principal} => Types::EntityIdentifier
651
817
  # * {Types::BatchIsAuthorizedWithTokenOutput#results #results} => Array<Types::BatchIsAuthorizedWithTokenOutputItem>
652
818
  #
819
+ #
820
+ # @example Example: Batch - Example 1
821
+ #
822
+ # # The following example requests three authorization decisions for two resources and two actions in
823
+ # # different photo albums.
824
+ #
825
+ # resp = client.batch_is_authorized_with_token({
826
+ # entities: {
827
+ # entity_list: [
828
+ # {
829
+ # identifier: {
830
+ # entity_id: "VacationPhoto94.jpg",
831
+ # entity_type: "PhotoFlash::Photo",
832
+ # },
833
+ # parents: [
834
+ # {
835
+ # entity_id: "MyExampleAlbum1",
836
+ # entity_type: "PhotoFlash::Album",
837
+ # },
838
+ # ],
839
+ # },
840
+ # {
841
+ # identifier: {
842
+ # entity_id: "OfficePhoto94.jpg",
843
+ # entity_type: "PhotoFlash::Photo",
844
+ # },
845
+ # parents: [
846
+ # {
847
+ # entity_id: "MyExampleAlbum2",
848
+ # entity_type: "PhotoFlash::Album",
849
+ # },
850
+ # ],
851
+ # },
852
+ # ],
853
+ # },
854
+ # identity_token: "eyJra12345EXAMPLE",
855
+ # policy_store_id: "C7v5xMplfFH3i3e4Jrzb1a",
856
+ # requests: [
857
+ # {
858
+ # action: {
859
+ # action_id: "ViewPhoto",
860
+ # action_type: "PhotoFlash::Action",
861
+ # },
862
+ # resource: {
863
+ # entity_id: "VacationPhoto94.jpg",
864
+ # entity_type: "PhotoFlash::Photo",
865
+ # },
866
+ # },
867
+ # {
868
+ # action: {
869
+ # action_id: "SharePhoto",
870
+ # action_type: "PhotoFlash::Action",
871
+ # },
872
+ # resource: {
873
+ # entity_id: "VacationPhoto94.jpg",
874
+ # entity_type: "PhotoFlash::Photo",
875
+ # },
876
+ # },
877
+ # {
878
+ # action: {
879
+ # action_id: "ViewPhoto",
880
+ # action_type: "PhotoFlash::Action",
881
+ # },
882
+ # resource: {
883
+ # entity_id: "OfficePhoto94.jpg",
884
+ # entity_type: "PhotoFlash::Photo",
885
+ # },
886
+ # },
887
+ # ],
888
+ # })
889
+ #
890
+ # resp.to_h outputs the following:
891
+ # {
892
+ # principal: {
893
+ # entity_id: "us-east-1_EXAMPLE|a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
894
+ # entity_type: "PhotoFlash::User",
895
+ # },
896
+ # results: [
897
+ # {
898
+ # errors: [
899
+ # ],
900
+ # decision: "ALLOW",
901
+ # determining_policies: [
902
+ # {
903
+ # policy_id: "9wYixMplbbZQb5fcZHyJhY",
904
+ # },
905
+ # ],
906
+ # request: {
907
+ # action: {
908
+ # action_id: "ViewPhoto",
909
+ # action_type: "PhotoFlash::Action",
910
+ # },
911
+ # resource: {
912
+ # entity_id: "VacationPhoto94.jpg",
913
+ # entity_type: "PhotoFlash::Photo",
914
+ # },
915
+ # },
916
+ # },
917
+ # {
918
+ # errors: [
919
+ # ],
920
+ # decision: "ALLOW",
921
+ # determining_policies: [
922
+ # {
923
+ # policy_id: "9wYixMplbbZQb5fcZHyJhY",
924
+ # },
925
+ # ],
926
+ # request: {
927
+ # action: {
928
+ # action_id: "SharePhoto",
929
+ # action_type: "PhotoFlash::Action",
930
+ # },
931
+ # resource: {
932
+ # entity_id: "VacationPhoto94.jpg",
933
+ # entity_type: "PhotoFlash::Photo",
934
+ # },
935
+ # },
936
+ # },
937
+ # {
938
+ # errors: [
939
+ # ],
940
+ # decision: "DENY",
941
+ # determining_policies: [
942
+ # ],
943
+ # request: {
944
+ # action: {
945
+ # action_id: "ViewPhoto",
946
+ # action_type: "PhotoFlash::Action",
947
+ # },
948
+ # resource: {
949
+ # entity_id: "OfficePhoto94.jpg",
950
+ # entity_type: "PhotoFlash::Photo",
951
+ # },
952
+ # },
953
+ # },
954
+ # ],
955
+ # }
956
+ #
653
957
  # @example Request syntax with placeholder values
654
958
  #
655
959
  # resp = client.batch_is_authorized_with_token({
@@ -746,7 +1050,7 @@ module Aws::VerifiedPermissions
746
1050
  # `MyCorp::User::us-east-1_EXAMPLE|a1b2c3d4-5678-90ab-cdef-EXAMPLE11111`.
747
1051
  #
748
1052
  # * OpenID Connect (OIDC) provider: `Namespace::[Entity
749
- # type]::[principalIdClaim]|[user principal attribute]`, for example
1053
+ # type]::[entityIdPrefix]|[user principal attribute]`, for example
750
1054
  # `MyCorp::User::MyOIDCProvider|a1b2c3d4-5678-90ab-cdef-EXAMPLE22222`.
751
1055
  #
752
1056
  # </note>
@@ -811,6 +1115,35 @@ module Aws::VerifiedPermissions
811
1115
  # * {Types::CreateIdentitySourceOutput#last_updated_date #last_updated_date} => Time
812
1116
  # * {Types::CreateIdentitySourceOutput#policy_store_id #policy_store_id} => String
813
1117
  #
1118
+ #
1119
+ # @example Example: To create an identity source
1120
+ #
1121
+ # # The following ``create-identity-source`` example creates an identity source that lets you reference identities stored in
1122
+ # # the specified Amazon Cognito user pool. Those identities are available in Verified Permissions as entities of type
1123
+ # # ``User``.
1124
+ #
1125
+ # resp = client.create_identity_source({
1126
+ # client_token: "a1b2c3d4-e5f6-a1b2-c3d4-TOKEN1111111",
1127
+ # configuration: {
1128
+ # cognito_user_pool_configuration: {
1129
+ # client_ids: [
1130
+ # "a1b2c3d4e5f6g7h8i9j0kalbmc",
1131
+ # ],
1132
+ # user_pool_arn: "arn:aws:cognito-idp:us-east-1:123456789012:userpool/us-east-1_1a2b3c4d5",
1133
+ # },
1134
+ # },
1135
+ # policy_store_id: "C7v5xMplfFH3i3e4Jrzb1a",
1136
+ # principal_entity_type: "User",
1137
+ # })
1138
+ #
1139
+ # resp.to_h outputs the following:
1140
+ # {
1141
+ # created_date: Time.parse("2024-08-12T18:20:50.99Z"),
1142
+ # identity_source_id: "ISEXAMPLEabcdefg111111",
1143
+ # last_updated_date: Time.parse("2024-08-12T18:20:50.99Z"),
1144
+ # policy_store_id: "C7v5xMplfFH3i3e4Jrzb1a",
1145
+ # }
1146
+ #
814
1147
  # @example Request syntax with placeholder values
815
1148
  #
816
1149
  # resp = client.create_identity_source({
@@ -938,6 +1271,111 @@ module Aws::VerifiedPermissions
938
1271
  # * {Types::CreatePolicyOutput#last_updated_date #last_updated_date} => Time
939
1272
  # * {Types::CreatePolicyOutput#effect #effect} => String
940
1273
  #
1274
+ #
1275
+ # @example Example: To create a static policy
1276
+ #
1277
+ # # The following example request creates a static policy with a policy scope that specifies both a principal and a
1278
+ # # resource. The response includes both the Principal and Resource elements because both were specified in the request
1279
+ # # policy scope.
1280
+ #
1281
+ # resp = client.create_policy({
1282
+ # client_token: "a1b2c3d4-e5f6-a1b2-c3d4-TOKEN1111111",
1283
+ # definition: {
1284
+ # static: {
1285
+ # description: "Grant members of janeFriends UserGroup access to the vacationFolder Album",
1286
+ # statement: "permit( principal in UserGroup::\"janeFriends\", action, resource in Album::\"vacationFolder\" );",
1287
+ # },
1288
+ # },
1289
+ # policy_store_id: "C7v5xMplfFH3i3e4Jrzb1a",
1290
+ # })
1291
+ #
1292
+ # resp.to_h outputs the following:
1293
+ # {
1294
+ # created_date: Time.parse("2024-08-12T18:20:50.99Z"),
1295
+ # last_updated_date: Time.parse("2024-08-12T18:20:50.99Z"),
1296
+ # policy_id: "9wYxMpljbbZQb5fcZHyJhY",
1297
+ # policy_store_id: "C7v5xMplfFH3i3e4Jrzb1a",
1298
+ # policy_type: "STATIC",
1299
+ # principal: {
1300
+ # entity_id: "janeFriends",
1301
+ # entity_type: "UserGroup",
1302
+ # },
1303
+ # resource: {
1304
+ # entity_id: "vacationFolder",
1305
+ # entity_type: "Album",
1306
+ # },
1307
+ # }
1308
+ #
1309
+ # @example Example: To create a static policy
1310
+ #
1311
+ # # The following example request creates a static policy with a policy scope that specifies both a principal and a
1312
+ # # resource. The response includes both the Principal and Resource elements because both were specified in the request
1313
+ # # policy scope.
1314
+ #
1315
+ # resp = client.create_policy({
1316
+ # client_token: "a1b2c3d4-e5f6-a1b2-c3d4-TOKEN1111111",
1317
+ # definition: {
1318
+ # static: {
1319
+ # description: "Grant members of janeFriends UserGroup access to the vacationFolder Album",
1320
+ # statement: "permit( principal in UserGroup::\"janeFriends\", action, resource in Album::\"vacationFolder\" );",
1321
+ # },
1322
+ # },
1323
+ # policy_store_id: "C7v5xMplfFH3i3e4Jrzb1a",
1324
+ # })
1325
+ #
1326
+ # resp.to_h outputs the following:
1327
+ # {
1328
+ # created_date: Time.parse("2024-08-12T18:20:50.99Z"),
1329
+ # last_updated_date: Time.parse("2024-08-12T18:20:50.99Z"),
1330
+ # policy_id: "9wYxMpljbbZQb5fcZHyJhY",
1331
+ # policy_store_id: "C7v5xMplfFH3i3e4Jrzb1a",
1332
+ # policy_type: "STATIC",
1333
+ # principal: {
1334
+ # entity_id: "janeFriends",
1335
+ # entity_type: "UserGroup",
1336
+ # },
1337
+ # resource: {
1338
+ # entity_id: "vacationFolder",
1339
+ # entity_type: "Album",
1340
+ # },
1341
+ # }
1342
+ #
1343
+ # @example Example: To create a template-linked policy
1344
+ #
1345
+ # # The following example creates a template-linked policy using the specified policy template and associates the specified
1346
+ # # principal to use with the new template-linked policy.
1347
+ #
1348
+ # resp = client.create_policy({
1349
+ # client_token: "a1b2c3d4-e5f6-a1b2-c3d4-TOKEN1111111",
1350
+ # definition: {
1351
+ # template_linked: {
1352
+ # policy_template_id: "PTEXAMPLEabcdefg111111",
1353
+ # principal: {
1354
+ # entity_id: "alice",
1355
+ # entity_type: "User",
1356
+ # },
1357
+ # },
1358
+ # },
1359
+ # policy_store_id: "C7v5xMplfFH3i3e4Jrzb1a",
1360
+ # })
1361
+ #
1362
+ # resp.to_h outputs the following:
1363
+ # {
1364
+ # created_date: Time.parse("2024-08-12T18:20:50.99Z"),
1365
+ # last_updated_date: Time.parse("2024-08-12T18:20:50.99Z"),
1366
+ # policy_id: "Et9KxMplyaDdyurDw8TeFa",
1367
+ # policy_store_id: "C7v5xMplfFH3i3e4Jrzb1a",
1368
+ # policy_type: "TEMPLATE_LINKED",
1369
+ # principal: {
1370
+ # entity_id: "alice",
1371
+ # entity_type: "User",
1372
+ # },
1373
+ # resource: {
1374
+ # entity_id: "VacationPhoto94.jpg",
1375
+ # entity_type: "Photo",
1376
+ # },
1377
+ # }
1378
+ #
941
1379
  # @example Request syntax with placeholder values
942
1380
  #
943
1381
  # resp = client.create_policy({
@@ -1060,6 +1498,26 @@ module Aws::VerifiedPermissions
1060
1498
  # * {Types::CreatePolicyStoreOutput#created_date #created_date} => Time
1061
1499
  # * {Types::CreatePolicyStoreOutput#last_updated_date #last_updated_date} => Time
1062
1500
  #
1501
+ #
1502
+ # @example Example: To create policy store
1503
+ #
1504
+ # # The following example creates a new policy store with strict validation turned on.
1505
+ #
1506
+ # resp = client.create_policy_store({
1507
+ # client_token: "a1b2c3d4-e5f6-a1b2-c3d4-TOKEN1111111",
1508
+ # validation_settings: {
1509
+ # mode: "STRICT",
1510
+ # },
1511
+ # })
1512
+ #
1513
+ # resp.to_h outputs the following:
1514
+ # {
1515
+ # arn: "arn:aws:verifiedpermissions::123456789012:policy-store/C7v5xMplfFH3i3e4Jrzb1a",
1516
+ # created_date: Time.parse("2024-08-12T18:20:50.99Z"),
1517
+ # last_updated_date: Time.parse("2024-08-12T18:20:50.99Z"),
1518
+ # policy_store_id: "C7v5xMplfFH3i3e4Jrzb1a",
1519
+ # }
1520
+ #
1063
1521
  # @example Request syntax with placeholder values
1064
1522
  #
1065
1523
  # resp = client.create_policy_store({
@@ -1146,6 +1604,26 @@ module Aws::VerifiedPermissions
1146
1604
  # * {Types::CreatePolicyTemplateOutput#created_date #created_date} => Time
1147
1605
  # * {Types::CreatePolicyTemplateOutput#last_updated_date #last_updated_date} => Time
1148
1606
  #
1607
+ #
1608
+ # @example Example: To create a policy template
1609
+ #
1610
+ # # The following example creates a policy template that has a placeholder for the principal.
1611
+ #
1612
+ # resp = client.create_policy_template({
1613
+ # client_token: "a1b2c3d4-e5f6-a1b2-c3d4-TOKEN1111111",
1614
+ # description: "Template for research dept",
1615
+ # policy_store_id: "C7v5xMplfFH3i3e4Jrzb1a",
1616
+ # statement: "\"AccessVacation\"\npermit(\n principal in ?principal,\n action == Action::\"view\",\n resource == Photo::\"VacationPhoto94.jpg\"\n)\nwhen {\n principal has department && principal.department == \"research\"\n};",
1617
+ # })
1618
+ #
1619
+ # resp.to_h outputs the following:
1620
+ # {
1621
+ # created_date: Time.parse("2024-08-12T18:20:50.99Z"),
1622
+ # last_updated_date: Time.parse("2024-08-12T18:20:50.99Z"),
1623
+ # policy_store_id: "C7v5xMplfFH3i3e4Jrzb1a",
1624
+ # policy_template_id: "PTEXAMPLEabcdefg111111",
1625
+ # }
1626
+ #
1149
1627
  # @example Request syntax with placeholder values
1150
1628
  #
1151
1629
  # resp = client.create_policy_template({
@@ -1190,6 +1668,20 @@ module Aws::VerifiedPermissions
1190
1668
  #
1191
1669
  # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
1192
1670
  #
1671
+ #
1672
+ # @example Example: To delete an identity source
1673
+ #
1674
+ # # The following example request deletes the specified identity source.
1675
+ #
1676
+ # resp = client.delete_identity_source({
1677
+ # identity_source_id: "ISEXAMPLEabcdefg111111",
1678
+ # policy_store_id: "C7v5xMplfFH3i3e4Jrzb1a",
1679
+ # })
1680
+ #
1681
+ # resp.to_h outputs the following:
1682
+ # {
1683
+ # }
1684
+ #
1193
1685
  # @example Request syntax with placeholder values
1194
1686
  #
1195
1687
  # resp = client.delete_identity_source({
@@ -1221,6 +1713,20 @@ module Aws::VerifiedPermissions
1221
1713
  #
1222
1714
  # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
1223
1715
  #
1716
+ #
1717
+ # @example Example: To delete a policy
1718
+ #
1719
+ # # The following example deletes the specified policy from its policy store.
1720
+ #
1721
+ # resp = client.delete_policy({
1722
+ # policy_id: "9wYxMpljbbZQb5fcZHyJhY",
1723
+ # policy_store_id: "C7v5xMplfFH3i3e4Jrzb1a",
1724
+ # })
1725
+ #
1726
+ # resp.to_h outputs the following:
1727
+ # {
1728
+ # }
1729
+ #
1224
1730
  # @example Request syntax with placeholder values
1225
1731
  #
1226
1732
  # resp = client.delete_policy({
@@ -1248,6 +1754,19 @@ module Aws::VerifiedPermissions
1248
1754
  #
1249
1755
  # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
1250
1756
  #
1757
+ #
1758
+ # @example Example: To delete a policy store
1759
+ #
1760
+ # # The following example deletes the specified policy store.
1761
+ #
1762
+ # resp = client.delete_policy_store({
1763
+ # policy_store_id: "C7v5xMplfFH3i3e4Jrzb1a",
1764
+ # })
1765
+ #
1766
+ # resp.to_h outputs the following:
1767
+ # {
1768
+ # }
1769
+ #
1251
1770
  # @example Request syntax with placeholder values
1252
1771
  #
1253
1772
  # resp = client.delete_policy_store({
@@ -1279,6 +1798,21 @@ module Aws::VerifiedPermissions
1279
1798
  #
1280
1799
  # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
1281
1800
  #
1801
+ #
1802
+ # @example Example: To delete a policy template
1803
+ #
1804
+ # # The following example deletes a policy template. Before you can perform this operation, you must first delete any
1805
+ # # template-linked policies that were instantiated from this policy template. To delete them, use DeletePolicy.
1806
+ #
1807
+ # resp = client.delete_policy_template({
1808
+ # policy_store_id: "C7v5xMplfFH3i3e4Jrzb1a",
1809
+ # policy_template_id: "PTEXAMPLEabcdefg111111",
1810
+ # })
1811
+ #
1812
+ # resp.to_h outputs the following:
1813
+ # {
1814
+ # }
1815
+ #
1282
1816
  # @example Request syntax with placeholder values
1283
1817
  #
1284
1818
  # resp = client.delete_policy_template({
@@ -1314,6 +1848,33 @@ module Aws::VerifiedPermissions
1314
1848
  # * {Types::GetIdentitySourceOutput#principal_entity_type #principal_entity_type} => String
1315
1849
  # * {Types::GetIdentitySourceOutput#configuration #configuration} => Types::ConfigurationDetail
1316
1850
  #
1851
+ #
1852
+ # @example Example: To retrieve details about an identity source
1853
+ #
1854
+ # # The following example retrieves the details for the specified identity source.
1855
+ #
1856
+ # resp = client.get_identity_source({
1857
+ # identity_source_id: "ISEXAMPLEabcdefg111111",
1858
+ # policy_store_id: "C7v5xMplfFH3i3e4Jrzb1a",
1859
+ # })
1860
+ #
1861
+ # resp.to_h outputs the following:
1862
+ # {
1863
+ # created_date: Time.parse("2024-08-12T18:20:50.99Z"),
1864
+ # details: {
1865
+ # client_ids: [
1866
+ # "a1b2c3d4e5f6g7h8i9j0kalbmc",
1867
+ # ],
1868
+ # discovery_url: "https://cognito-idp.us-east-1.amazonaws.com/us-east-1_1a2b3c4d5",
1869
+ # open_id_issuer: "COGNITO",
1870
+ # user_pool_arn: "arn:aws:cognito-idp:us-east-1:123456789012:userpool/us-east-1_1a2b3c4d5",
1871
+ # },
1872
+ # identity_source_id: "ISEXAMPLEabcdefg111111",
1873
+ # last_updated_date: Time.parse("2024-08-12T18:20:50.99Z"),
1874
+ # policy_store_id: "C7v5xMplfFH3i3e4Jrzb1a",
1875
+ # principal_entity_type: "AWS::Cognito",
1876
+ # }
1877
+ #
1317
1878
  # @example Request syntax with placeholder values
1318
1879
  #
1319
1880
  # resp = client.get_identity_source({
@@ -1380,6 +1941,37 @@ module Aws::VerifiedPermissions
1380
1941
  # * {Types::GetPolicyOutput#last_updated_date #last_updated_date} => Time
1381
1942
  # * {Types::GetPolicyOutput#effect #effect} => String
1382
1943
  #
1944
+ #
1945
+ # @example Example: To retrieve details about a policy
1946
+ #
1947
+ # # The following example retrieves information about the specified policy contained in the specified policy store. In this
1948
+ # # example, the requested policy is a template-linked policy, so it returns the ID of the policy template, and the specific
1949
+ # # principal and resource used by this policy.
1950
+ #
1951
+ # resp = client.get_policy({
1952
+ # policy_id: "9wYixMplbbZQb5fcZHyJhY",
1953
+ # policy_store_id: "C7v5xMplfFH3i3e4Jrzb1a",
1954
+ # })
1955
+ #
1956
+ # resp.to_h outputs the following:
1957
+ # {
1958
+ # created_date: Time.parse("2024-08-12T18:20:50.99Z"),
1959
+ # definition: {
1960
+ # static: {
1961
+ # description: "Grant everyone of janeFriends UserGroup access to the vacationFolder Album",
1962
+ # statement: "permit(principal, action, resource in Album::\"publicFolder\");",
1963
+ # },
1964
+ # },
1965
+ # last_updated_date: Time.parse("2024-08-12T18:20:50.99Z"),
1966
+ # policy_id: "9wYxMpljbbZQb5fcZHyJhY",
1967
+ # policy_store_id: "C7v5xMplfFH3i3e4Jrzb1a",
1968
+ # policy_type: "STATIC",
1969
+ # resource: {
1970
+ # entity_id: "publicFolder",
1971
+ # entity_type: "Album",
1972
+ # },
1973
+ # }
1974
+ #
1383
1975
  # @example Request syntax with placeholder values
1384
1976
  #
1385
1977
  # resp = client.get_policy({
@@ -1433,6 +2025,26 @@ module Aws::VerifiedPermissions
1433
2025
  # * {Types::GetPolicyStoreOutput#last_updated_date #last_updated_date} => Time
1434
2026
  # * {Types::GetPolicyStoreOutput#description #description} => String
1435
2027
  #
2028
+ #
2029
+ # @example Example: GetPolicyStore
2030
+ #
2031
+ # # The following example retrieves details about the specified policy store.
2032
+ #
2033
+ # resp = client.get_policy_store({
2034
+ # policy_store_id: "C7v5xMplfFH3i3e4Jrzb1a",
2035
+ # })
2036
+ #
2037
+ # resp.to_h outputs the following:
2038
+ # {
2039
+ # arn: "arn:aws:verifiedpermissions::123456789012:policy-store/C7v5xMplfFH3i3e4Jrzb1a",
2040
+ # created_date: Time.parse("2024-08-12T18:20:50.99Z"),
2041
+ # last_updated_date: Time.parse("2024-08-12T18:20:50.99Z"),
2042
+ # policy_store_id: "C7v5xMplfFH3i3e4Jrzb1a",
2043
+ # validation_settings: {
2044
+ # mode: "STRICT",
2045
+ # },
2046
+ # }
2047
+ #
1436
2048
  # @example Request syntax with placeholder values
1437
2049
  #
1438
2050
  # resp = client.get_policy_store({
@@ -1477,6 +2089,26 @@ module Aws::VerifiedPermissions
1477
2089
  # * {Types::GetPolicyTemplateOutput#created_date #created_date} => Time
1478
2090
  # * {Types::GetPolicyTemplateOutput#last_updated_date #last_updated_date} => Time
1479
2091
  #
2092
+ #
2093
+ # @example Example: GetPolicyTemplate
2094
+ #
2095
+ # # The following example displays the details of the specified policy template.
2096
+ #
2097
+ # resp = client.get_policy_template({
2098
+ # policy_store_id: "C7v5xMplfFH3i3e4Jrzb1a",
2099
+ # policy_template_id: "PTEXAMPLEabcdefg111111",
2100
+ # })
2101
+ #
2102
+ # resp.to_h outputs the following:
2103
+ # {
2104
+ # created_date: Time.parse("2024-08-12T18:20:50.99Z"),
2105
+ # description: "Template for research dept",
2106
+ # last_updated_date: Time.parse("2024-08-12T18:20:50.99Z"),
2107
+ # policy_store_id: "C7v5xMplfFH3i3e4Jrzb1a",
2108
+ # policy_template_id: "PTEXAMPLEabcdefg111111",
2109
+ # statement: "permit(\n principal ?principal,\n action == Action::\"view\",\n resource in ?resource\n) when {\n principal has department && principal.department == \"research\" \n};",
2110
+ # }
2111
+ #
1480
2112
  # @example Request syntax with placeholder values
1481
2113
  #
1482
2114
  # resp = client.get_policy_template({
@@ -1516,6 +2148,29 @@ module Aws::VerifiedPermissions
1516
2148
  # * {Types::GetSchemaOutput#last_updated_date #last_updated_date} => Time
1517
2149
  # * {Types::GetSchemaOutput#namespaces #namespaces} => Array&lt;String&gt;
1518
2150
  #
2151
+ #
2152
+ # @example Example: GetSchema
2153
+ #
2154
+ # # The following example retrieves the current schema stored in the specified policy store.
2155
+ # # Note
2156
+ # # The JSON in the parameters of this operation are strings that can contain embedded quotation marks (") within the
2157
+ # # outermost quotation mark pair. This requires that you stringify the JSON object by preceding all embedded quotation
2158
+ # # marks with a backslash character ( \" ) and combining all lines into a single text line with no line breaks.
2159
+ # # Example strings might be displayed wrapped across multiple lines here for readability, but the operation requires the
2160
+ # # parameters be submitted as single line strings.
2161
+ #
2162
+ # resp = client.get_schema({
2163
+ # policy_store_id: "C7v5xMplfFH3i3e4Jrzb1a",
2164
+ # })
2165
+ #
2166
+ # resp.to_h outputs the following:
2167
+ # {
2168
+ # created_date: Time.parse("2024-08-12T18:20:50.99Z"),
2169
+ # last_updated_date: Time.parse("2024-08-12T18:20:50.99Z"),
2170
+ # policy_store_id: "C7v5xMplfFH3i3e4Jrzb1a",
2171
+ # schema: "{\n\"My::Application\": {\n\"actions\": {\n\"remoteAccess\": {\n\"appliesTo\": {\n\"principalTypes\": [\"Employee\"]\n}\n}\n},\n\"entityTypes\": {\n\"Employee\": {\n\"shape\": {\n\"attributes\": {\n\"jobLevel\": { \"type\": \"Long\" },\n\"name\": { \"type\":\"String\" }\n},\n\"type\": \"Record\"\n}\n}\n}\n}\n }",
2172
+ # }
2173
+ #
1519
2174
  # @example Request syntax with placeholder values
1520
2175
  #
1521
2176
  # resp = client.get_schema({
@@ -1585,6 +2240,72 @@ module Aws::VerifiedPermissions
1585
2240
  # * {Types::IsAuthorizedOutput#determining_policies #determining_policies} => Array&lt;Types::DeterminingPolicyItem&gt;
1586
2241
  # * {Types::IsAuthorizedOutput#errors #errors} => Array&lt;Types::EvaluationErrorItem&gt;
1587
2242
  #
2243
+ #
2244
+ # @example Example: IsAuthorized - Example 1
2245
+ #
2246
+ # # The following example requests an authorization decision for a principal of type User named Alice, who wants to perform
2247
+ # # the updatePhoto operation, on a resource of type Photo named VacationPhoto94.jpg.
2248
+ # # The response shows that the request was allowed by one policy.
2249
+ #
2250
+ # resp = client.is_authorized({
2251
+ # action: {
2252
+ # action_id: "view",
2253
+ # action_type: "Action",
2254
+ # },
2255
+ # policy_store_id: "C7v5xMplfFH3i3e4Jrzb1a",
2256
+ # principal: {
2257
+ # entity_id: "alice",
2258
+ # entity_type: "User",
2259
+ # },
2260
+ # resource: {
2261
+ # entity_id: "VacationPhoto94.jpg",
2262
+ # entity_type: "Photo",
2263
+ # },
2264
+ # })
2265
+ #
2266
+ # resp.to_h outputs the following:
2267
+ # {
2268
+ # errors: [
2269
+ # ],
2270
+ # decision: "ALLOW",
2271
+ # determining_policies: [
2272
+ # {
2273
+ # policy_id: "9wYxMpljbbZQb5fcZHyJhY",
2274
+ # },
2275
+ # ],
2276
+ # }
2277
+ #
2278
+ # @example Example: IsAuthorized - Example 2
2279
+ #
2280
+ # # The following example is the same as the previous example, except that the principal is User::"bob", and the policy
2281
+ # # store doesn't contain any policy that allows that user access to Album::"alice_folder". The output infers that the Deny
2282
+ # # was implicit because the list of DeterminingPolicies is empty.
2283
+ #
2284
+ # resp = client.is_authorized({
2285
+ # action: {
2286
+ # action_id: "view",
2287
+ # action_type: "Action",
2288
+ # },
2289
+ # policy_store_id: "C7v5xMplfFH3i3e4Jrzb1a",
2290
+ # principal: {
2291
+ # entity_id: "bob",
2292
+ # entity_type: "User",
2293
+ # },
2294
+ # resource: {
2295
+ # entity_id: "VacationPhoto94.jpg",
2296
+ # entity_type: "Photo",
2297
+ # },
2298
+ # })
2299
+ #
2300
+ # resp.to_h outputs the following:
2301
+ # {
2302
+ # errors: [
2303
+ # ],
2304
+ # decision: "DENY",
2305
+ # determining_policies: [
2306
+ # ],
2307
+ # }
2308
+ #
1588
2309
  # @example Request syntax with placeholder values
1589
2310
  #
1590
2311
  # resp = client.is_authorized({
@@ -1654,9 +2375,6 @@ module Aws::VerifiedPermissions
1654
2375
  # `Allow` or `Deny`, along with a list of the policies that resulted in
1655
2376
  # the decision.
1656
2377
  #
1657
- # At this time, Verified Permissions accepts tokens from only Amazon
1658
- # Cognito.
1659
- #
1660
2378
  # Verified Permissions validates each token that is specified in a
1661
2379
  # request by checking its expiration date and its signature.
1662
2380
  #
@@ -1726,6 +2444,44 @@ module Aws::VerifiedPermissions
1726
2444
  # * {Types::IsAuthorizedWithTokenOutput#errors #errors} => Array&lt;Types::EvaluationErrorItem&gt;
1727
2445
  # * {Types::IsAuthorizedWithTokenOutput#principal #principal} => Types::EntityIdentifier
1728
2446
  #
2447
+ #
2448
+ # @example Example: IsAuthorizedWithToken - Example 1
2449
+ #
2450
+ # # The following example requests an authorization decision for a user who was authenticated by Amazon Cognito. The request
2451
+ # # uses the identity token provided by Amazon Cognito instead of the access token. In this example, the specified
2452
+ # # information store is configured to return principals as entities of type CognitoUser. The policy store contains a policy
2453
+ # # with the following statement.
2454
+ # # permit(
2455
+ # # principal == CognitoUser::"us-east-1_1a2b3c4d5|a1b2c3d4e5f6g7h8i9j0kalbmc",
2456
+ # # action,
2457
+ # # resource == Photo::"VacationPhoto94.jpg"
2458
+ # # );
2459
+ #
2460
+ # resp = client.is_authorized_with_token({
2461
+ # action: {
2462
+ # action_id: "View",
2463
+ # action_type: "Action",
2464
+ # },
2465
+ # identity_token: "EgZjxMPlbWUyBggAEEUYOdIBCDM3NDlqMGo3qAIAsAIA",
2466
+ # policy_store_id: "C7v5xMplfFH3i3e4Jrzb1a",
2467
+ # resource: {
2468
+ # entity_id: "vacationPhoto94.jpg",
2469
+ # entity_type: "Photo",
2470
+ # },
2471
+ # })
2472
+ #
2473
+ # resp.to_h outputs the following:
2474
+ # {
2475
+ # errors: [
2476
+ # ],
2477
+ # decision: "ALLOW",
2478
+ # determining_policies: [
2479
+ # {
2480
+ # policy_id: "9wYxMpljbbZQb5fcZHyJhY",
2481
+ # },
2482
+ # ],
2483
+ # }
2484
+ #
1729
2485
  # @example Request syntax with placeholder values
1730
2486
  #
1731
2487
  # resp = client.is_authorized_with_token({
@@ -1824,6 +2580,36 @@ module Aws::VerifiedPermissions
1824
2580
  #
1825
2581
  # The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
1826
2582
  #
2583
+ #
2584
+ # @example Example: ListIdentitySources
2585
+ #
2586
+ # # The following example request creates lists the identity sources currently defined in the specified policy store.
2587
+ #
2588
+ # resp = client.list_identity_sources({
2589
+ # policy_store_id: "C7v5xMplfFH3i3e4Jrzb1a",
2590
+ # })
2591
+ #
2592
+ # resp.to_h outputs the following:
2593
+ # {
2594
+ # identity_sources: [
2595
+ # {
2596
+ # created_date: Time.parse("2023-05-19T20:29:23.66812Z"),
2597
+ # details: {
2598
+ # client_ids: [
2599
+ # "a1b2c3d4e5f6g7h8i9j0kalbmc",
2600
+ # ],
2601
+ # discovery_url: "https://cognito-idp.us-east-1.amazonaws.com/us-east-1_1a2b3c4d5",
2602
+ # open_id_issuer: "COGNITO",
2603
+ # user_pool_arn: "arn:aws:cognito-idp:us-east-1:123456789012:userpool/us-east-1_1a2b3c4d5",
2604
+ # },
2605
+ # identity_source_id: "ISEXAMPLEabcdefg111111",
2606
+ # last_updated_date: Time.parse("2023-05-19T20:29:23.66812Z"),
2607
+ # policy_store_id: "C7v5xMplfFH3i3e4Jrzb1a",
2608
+ # principal_entity_type: "User",
2609
+ # },
2610
+ # ],
2611
+ # }
2612
+ #
1827
2613
  # @example Request syntax with placeholder values
1828
2614
  #
1829
2615
  # resp = client.list_identity_sources({
@@ -1915,6 +2701,163 @@ module Aws::VerifiedPermissions
1915
2701
  #
1916
2702
  # The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
1917
2703
  #
2704
+ #
2705
+ # @example Example: ListPolicies - Example 1
2706
+ #
2707
+ # # The following example lists all policies in the policy store.
2708
+ #
2709
+ # resp = client.list_policies({
2710
+ # policy_store_id: "C7v5xMplfFH3i3e4Jrzb1a",
2711
+ # })
2712
+ #
2713
+ # resp.to_h outputs the following:
2714
+ # {
2715
+ # policies: [
2716
+ # {
2717
+ # created_date: Time.parse("2024-08-12T18:20:50.99Z"),
2718
+ # definition: {
2719
+ # static: {
2720
+ # description: "Grant members of janeFriends UserGroup access to the vacationFolder Album",
2721
+ # },
2722
+ # },
2723
+ # last_updated_date: Time.parse("2024-08-12T18:20:50.99Z"),
2724
+ # policy_id: "9wYxMpljbbZQb5fcZHyJhY",
2725
+ # policy_store_id: "C7v5xMplfFH3i3e4Jrzb1a",
2726
+ # policy_type: "STATIC",
2727
+ # principal: {
2728
+ # entity_id: "janeFriends",
2729
+ # entity_type: "UserGroup",
2730
+ # },
2731
+ # resource: {
2732
+ # entity_id: "vacationFolder",
2733
+ # entity_type: "Album",
2734
+ # },
2735
+ # },
2736
+ # {
2737
+ # created_date: Time.parse("2024-08-12T18:20:50.99Z"),
2738
+ # definition: {
2739
+ # static: {
2740
+ # description: "Grant everyone access to the publicFolder Album",
2741
+ # },
2742
+ # },
2743
+ # last_updated_date: Time.parse("2024-08-12T18:20:50.99Z"),
2744
+ # policy_id: "Et9KxMplyaDdyurDw8TeFa",
2745
+ # policy_store_id: "C7v5xMplfFH3i3e4Jrzb1a",
2746
+ # policy_type: "STATIC",
2747
+ # resource: {
2748
+ # entity_id: "publicFolder",
2749
+ # entity_type: "Album",
2750
+ # },
2751
+ # },
2752
+ # ],
2753
+ # }
2754
+ #
2755
+ # @example Example: ListPolicies - Example 2
2756
+ #
2757
+ # # The following example lists all policies for a specified principal.
2758
+ #
2759
+ # resp = client.list_policies({
2760
+ # filter: {
2761
+ # principal: {
2762
+ # identifier: {
2763
+ # entity_id: "alice",
2764
+ # entity_type: "User",
2765
+ # },
2766
+ # },
2767
+ # },
2768
+ # policy_store_id: "C7v5xMplfFH3i3e4Jrzb1a",
2769
+ # })
2770
+ #
2771
+ # resp.to_h outputs the following:
2772
+ # {
2773
+ # policies: [
2774
+ # {
2775
+ # created_date: Time.parse("2022-12-09T22:55:16.067533Z"),
2776
+ # definition: {
2777
+ # static: {
2778
+ # description: "An example policy",
2779
+ # },
2780
+ # },
2781
+ # last_updated_date: Time.parse("2022-12-09T22:55:16.067533Z"),
2782
+ # policy_id: "Et9KxMplyaDdyurDw8TeFa",
2783
+ # policy_store_id: "C7v5xMplfFH3i3e4Jrzb1a",
2784
+ # policy_type: "STATIC",
2785
+ # principal: {
2786
+ # entity_id: "alice",
2787
+ # entity_type: "User",
2788
+ # },
2789
+ # resource: {
2790
+ # entity_id: "bob_folder",
2791
+ # entity_type: "Album",
2792
+ # },
2793
+ # },
2794
+ # {
2795
+ # created_date: Time.parse("2022-12-09T23:00:24.66266Z"),
2796
+ # definition: {
2797
+ # static: {
2798
+ # },
2799
+ # },
2800
+ # last_updated_date: Time.parse("2022-12-09T23:00:24.66266Z"),
2801
+ # policy_id: "9wYxMpljbbZQb5fcZHyJhY",
2802
+ # policy_store_id: "C7v5xMplfFH3i3e4Jrzb1a",
2803
+ # policy_type: "STATIC",
2804
+ # principal: {
2805
+ # entity_id: "alice",
2806
+ # entity_type: "User",
2807
+ # },
2808
+ # resource: {
2809
+ # entity_id: "alice_folder",
2810
+ # entity_type: "Album",
2811
+ # },
2812
+ # },
2813
+ # ],
2814
+ # }
2815
+ #
2816
+ # @example Example: ListPolicies - Example 3
2817
+ #
2818
+ # # The following example uses the Filter parameter to list only the template-linked policies in the specified policy store.
2819
+ #
2820
+ # resp = client.list_policies({
2821
+ # filter: {
2822
+ # policy_type: "TEMPLATE_LINKED",
2823
+ # },
2824
+ # policy_store_id: "C7v5xMplfFH3i3e4Jrzb1a",
2825
+ # })
2826
+ #
2827
+ # resp.to_h outputs the following:
2828
+ # {
2829
+ # policies: [
2830
+ # {
2831
+ # created_date: Time.parse("2023-06-13T16:03:07.620867Z"),
2832
+ # definition: {
2833
+ # template_linked: {
2834
+ # policy_template_id: "PTEXAMPLEabcdefg111111",
2835
+ # principal: {
2836
+ # entity_id: "alice",
2837
+ # entity_type: "User",
2838
+ # },
2839
+ # resource: {
2840
+ # entity_id: "pic.jpg",
2841
+ # entity_type: "Photo",
2842
+ # },
2843
+ # },
2844
+ # },
2845
+ # last_updated_date: Time.parse("2023-06-13T16:03:07.620867Z"),
2846
+ # policy_id: "9wYxMpljbbZQb5fcZHyJhY",
2847
+ # policy_store_id: "C7v5xMplfFH3i3e4Jrzb1a",
2848
+ # policy_type: "TEMPLATE_LINKED",
2849
+ # principal: {
2850
+ # entity_id: "alice",
2851
+ # entity_type: "User",
2852
+ # },
2853
+ # resource: {
2854
+ # entity_id: "pic.jpg",
2855
+ # entity_type: "Photo",
2856
+ # },
2857
+ # },
2858
+ # ],
2859
+ # }
2860
+ #
1918
2861
  # @example Request syntax with placeholder values
1919
2862
  #
1920
2863
  # resp = client.list_policies({
@@ -2005,6 +2948,30 @@ module Aws::VerifiedPermissions
2005
2948
  #
2006
2949
  # The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
2007
2950
  #
2951
+ #
2952
+ # @example Example: ListPolicyStores
2953
+ #
2954
+ # # The following example lists all policy stores in the AWS account in the AWS Region in which you call the operation.
2955
+ #
2956
+ # resp = client.list_policy_stores({
2957
+ # })
2958
+ #
2959
+ # resp.to_h outputs the following:
2960
+ # {
2961
+ # policy_stores: [
2962
+ # {
2963
+ # arn: "arn:aws:verifiedpermissions::123456789012:policy-store/C7v5xMplfFH3i3e4Jrzb1a",
2964
+ # created_date: Time.parse("2023-05-16T17:41:29.103459Z"),
2965
+ # policy_store_id: "C7v5xMplfFH3i3e4Jrzb1a",
2966
+ # },
2967
+ # {
2968
+ # arn: "arn:aws:verifiedpermissions::123456789012:policy-store/PSEXAMPLEabcdefg222222",
2969
+ # created_date: Time.parse("2023-05-16T18:23:04.985521Z"),
2970
+ # policy_store_id: "PSEXAMPLEabcdefg222222",
2971
+ # },
2972
+ # ],
2973
+ # }
2974
+ #
2008
2975
  # @example Request syntax with placeholder values
2009
2976
  #
2010
2977
  # resp = client.list_policy_stores({
@@ -2066,6 +3033,35 @@ module Aws::VerifiedPermissions
2066
3033
  #
2067
3034
  # The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
2068
3035
  #
3036
+ #
3037
+ # @example Example: ListPolicyTemplates
3038
+ #
3039
+ # # The following example retrieves a list of all of the policy templates in the specified policy store.
3040
+ #
3041
+ # resp = client.list_policy_templates({
3042
+ # policy_store_id: "C7v5xMplfFH3i3e4Jrzb1a",
3043
+ # })
3044
+ #
3045
+ # resp.to_h outputs the following:
3046
+ # {
3047
+ # policy_templates: [
3048
+ # {
3049
+ # created_date: Time.parse("2024-08-12T18:20:50.99Z"),
3050
+ # description: "Generic template",
3051
+ # last_updated_date: Time.parse("2024-08-12T18:20:50.99Z"),
3052
+ # policy_store_id: "C7v5xMplfFH3i3e4Jrzb1a",
3053
+ # policy_template_id: "PTEXAMPLEabcdefg111111",
3054
+ # },
3055
+ # {
3056
+ # created_date: Time.parse("2024-08-12T18:20:50.99Z"),
3057
+ # description: "Template for research dept",
3058
+ # last_updated_date: Time.parse("2024-08-12T18:20:50.99Z"),
3059
+ # policy_store_id: "C7v5xMplfFH3i3e4Jrzb1a",
3060
+ # policy_template_id: "PTEXAMPLEabcdefg222222",
3061
+ # },
3062
+ # ],
3063
+ # }
3064
+ #
2069
3065
  # @example Request syntax with placeholder values
2070
3066
  #
2071
3067
  # resp = client.list_policy_templates({
@@ -2123,6 +3119,35 @@ module Aws::VerifiedPermissions
2123
3119
  # * {Types::PutSchemaOutput#created_date #created_date} => Time
2124
3120
  # * {Types::PutSchemaOutput#last_updated_date #last_updated_date} => Time
2125
3121
  #
3122
+ #
3123
+ # @example Example: PutSchema
3124
+ #
3125
+ # # The following example creates a new schema, or updates an existing schema, in the specified policy store. Note that the
3126
+ # # schema text is shown line wrapped for readability. You should submit the entire schema text as a single line of text.
3127
+ # # Note
3128
+ # # The JSON in the parameters of this operation are strings that can contain embedded quotation marks (") within the
3129
+ # # outermost quotation mark pair. This requires that you stringify the JSON object by preceding all embedded quotation
3130
+ # # marks with a backslash character ( \" ) and combining all lines into a single text line with no line breaks.
3131
+ # # Example strings might be displayed wrapped across multiple lines here for readability, but the operation requires the
3132
+ # # parameters be submitted as single line strings.
3133
+ #
3134
+ # resp = client.put_schema({
3135
+ # definition: {
3136
+ # cedar_json: "{\"MySampleNamespace\": {\"actions\": {\"remoteAccess\": {\"appliesTo\": {\"principalTypes\": [\"Employee\"]}}},\"entityTypes\": {\"Employee\": {\"shape\": {\"attributes\": {\"jobLevel\": {\"type\": \"Long\"},\"name\": {\"type\": \"String\"}},\"type\": \"Record\"}}}}}",
3137
+ # },
3138
+ # policy_store_id: "C7v5xMplfFH3i3e4Jrzb1a",
3139
+ # })
3140
+ #
3141
+ # resp.to_h outputs the following:
3142
+ # {
3143
+ # created_date: Time.parse("2023-06-13T19:28:06.003726Z"),
3144
+ # last_updated_date: Time.parse("2023-06-13T19:28:06.003726Z"),
3145
+ # namespaces: [
3146
+ # "My::Sample::Namespace",
3147
+ # ],
3148
+ # policy_store_id: "C7v5xMplfFH3i3e4Jrzb1a",
3149
+ # }
3150
+ #
2126
3151
  # @example Request syntax with placeholder values
2127
3152
  #
2128
3153
  # resp = client.put_schema({
@@ -2172,13 +3197,6 @@ module Aws::VerifiedPermissions
2172
3197
  # Specifies the details required to communicate with the identity
2173
3198
  # provider (IdP) associated with this identity source.
2174
3199
  #
2175
- # <note markdown="1"> At this time, the only valid member of this structure is a Amazon
2176
- # Cognito user pool configuration.
2177
- #
2178
- # You must specify a `userPoolArn`, and optionally, a `ClientId`.
2179
- #
2180
- # </note>
2181
- #
2182
3200
  # @option params [String] :principal_entity_type
2183
3201
  # Specifies the data type of principals generated for identities
2184
3202
  # authenticated by the identity source.
@@ -2190,6 +3208,32 @@ module Aws::VerifiedPermissions
2190
3208
  # * {Types::UpdateIdentitySourceOutput#last_updated_date #last_updated_date} => Time
2191
3209
  # * {Types::UpdateIdentitySourceOutput#policy_store_id #policy_store_id} => String
2192
3210
  #
3211
+ #
3212
+ # @example Example: UpdateIdentitySource
3213
+ #
3214
+ # # The following example updates the configuration of the specified identity source with a new configuration.
3215
+ #
3216
+ # resp = client.update_identity_source({
3217
+ # identity_source_id: "ISEXAMPLEabcdefg111111",
3218
+ # policy_store_id: "C7v5xMplfFH3i3e4Jrzb1a",
3219
+ # update_configuration: {
3220
+ # cognito_user_pool_configuration: {
3221
+ # client_ids: [
3222
+ # "a1b2c3d4e5f6g7h8i9j0kalbmc",
3223
+ # ],
3224
+ # user_pool_arn: "arn:aws:cognito-idp:us-east-1:123456789012:userpool/us-east-1_1a2b3c4d5",
3225
+ # },
3226
+ # },
3227
+ # })
3228
+ #
3229
+ # resp.to_h outputs the following:
3230
+ # {
3231
+ # created_date: Time.parse("2023-05-19T20:30:28.173926Z"),
3232
+ # identity_source_id: "ISEXAMPLEabcdefg111111",
3233
+ # last_updated_date: Time.parse("2023-05-22T20:45:59.962216Z"),
3234
+ # policy_store_id: "C7v5xMplfFH3i3e4Jrzb1a",
3235
+ # }
3236
+ #
2193
3237
  # @example Request syntax with placeholder values
2194
3238
  #
2195
3239
  # resp = client.update_identity_source({
@@ -2334,6 +3378,34 @@ module Aws::VerifiedPermissions
2334
3378
  # * {Types::UpdatePolicyOutput#last_updated_date #last_updated_date} => Time
2335
3379
  # * {Types::UpdatePolicyOutput#effect #effect} => String
2336
3380
  #
3381
+ #
3382
+ # @example Example: UpdatePolicy
3383
+ #
3384
+ # # The following example replaces the definition of the specified static policy with a new one.
3385
+ #
3386
+ # resp = client.update_policy({
3387
+ # definition: {
3388
+ # static: {
3389
+ # statement: "permit(principal, action, resource in Album::\"public_folder\");",
3390
+ # },
3391
+ # },
3392
+ # policy_id: "9wYxMpljbbZQb5fcZHyJhY",
3393
+ # policy_store_id: "C7v5xMplfFH3i3e4Jrzb1a",
3394
+ # })
3395
+ #
3396
+ # resp.to_h outputs the following:
3397
+ # {
3398
+ # created_date: Time.parse("2024-08-12T18:20:50.99Z"),
3399
+ # last_updated_date: Time.parse("2024-08-12T18:20:50.99Z"),
3400
+ # policy_id: "9wYxMpljbbZQb5fcZHyJhY",
3401
+ # policy_store_id: "C7v5xMplfFH3i3e4Jrzb1a",
3402
+ # policy_type: "STATIC",
3403
+ # resource: {
3404
+ # entity_id: "public_folder",
3405
+ # entity_type: "Album",
3406
+ # },
3407
+ # }
3408
+ #
2337
3409
  # @example Request syntax with placeholder values
2338
3410
  #
2339
3411
  # resp = client.update_policy({
@@ -2400,6 +3472,26 @@ module Aws::VerifiedPermissions
2400
3472
  # * {Types::UpdatePolicyStoreOutput#created_date #created_date} => Time
2401
3473
  # * {Types::UpdatePolicyStoreOutput#last_updated_date #last_updated_date} => Time
2402
3474
  #
3475
+ #
3476
+ # @example Example: UpdatePolicyStore
3477
+ #
3478
+ # # The following example turns off the validation settings for a policy store.
3479
+ #
3480
+ # resp = client.update_policy_store({
3481
+ # policy_store_id: "C7v5xMplfFH3i3e4Jrzb1a",
3482
+ # validation_settings: {
3483
+ # mode: "OFF",
3484
+ # },
3485
+ # })
3486
+ #
3487
+ # resp.to_h outputs the following:
3488
+ # {
3489
+ # arn: "arn:aws:verifiedpermissions::123456789012:policy-store/C7v5xMplfFH3i3e4Jrzb1a",
3490
+ # created_date: Time.parse("2023-05-17T18:36:10.134448Z"),
3491
+ # last_updated_date: Time.parse("2023-05-23T18:18:12.443083Z"),
3492
+ # policy_store_id: "C7v5xMplfFH3i3e4Jrzb1a",
3493
+ # }
3494
+ #
2403
3495
  # @example Request syntax with placeholder values
2404
3496
  #
2405
3497
  # resp = client.update_policy_store({
@@ -2481,6 +3573,34 @@ module Aws::VerifiedPermissions
2481
3573
  # * {Types::UpdatePolicyTemplateOutput#created_date #created_date} => Time
2482
3574
  # * {Types::UpdatePolicyTemplateOutput#last_updated_date #last_updated_date} => Time
2483
3575
  #
3576
+ #
3577
+ # @example Example: UpdatePolicyTemplate
3578
+ #
3579
+ # # The following example updates a policy template with both a new description and a new policy body. The effect,
3580
+ # # principal, and resource are the same as the original policy template. Only the action in the head, and the when and
3581
+ # # unless clauses can be different.
3582
+ # # Note
3583
+ # # The JSON in the parameters of this operation are strings that can contain embedded quotation marks (") within the
3584
+ # # outermost quotation mark pair. This requires that you stringify the JSON object by preceding all embedded quotation
3585
+ # # marks with a backslash character ( \" ) and combining all lines into a single text line with no line breaks.
3586
+ # # Example strings might be displayed wrapped across multiple lines here for readability, but the operation requires the
3587
+ # # parameters be submitted as single line strings.
3588
+ #
3589
+ # resp = client.update_policy_template({
3590
+ # description: "My updated template description",
3591
+ # policy_store_id: "C7v5xMplfFH3i3e4Jrzb1a",
3592
+ # policy_template_id: "PTEXAMPLEabcdefg111111",
3593
+ # statement: "\"ResearchAccess\"\npermit(\nprincipal in ?principal,\naction == Action::\"view\",\nresource in ?resource\"\n)\nwhen {\nprincipal has department && principal.department == \"research\"\n};",
3594
+ # })
3595
+ #
3596
+ # resp.to_h outputs the following:
3597
+ # {
3598
+ # created_date: Time.parse("2023-05-17T18:58:48.795411Z"),
3599
+ # last_updated_date: Time.parse("2023-05-17T19:18:48.870209Z"),
3600
+ # policy_store_id: "C7v5xMplfFH3i3e4Jrzb1a",
3601
+ # policy_template_id: "PTEXAMPLEabcdefg111111",
3602
+ # }
3603
+ #
2484
3604
  # @example Request syntax with placeholder values
2485
3605
  #
2486
3606
  # resp = client.update_policy_template({
@@ -2524,7 +3644,7 @@ module Aws::VerifiedPermissions
2524
3644
  tracer: tracer
2525
3645
  )
2526
3646
  context[:gem_name] = 'aws-sdk-verifiedpermissions'
2527
- context[:gem_version] = '1.34.0'
3647
+ context[:gem_version] = '1.36.0'
2528
3648
  Seahorse::Client::Request.new(handlers, context)
2529
3649
  end
2530
3650