@aws-sdk/client-verifiedpermissions 3.540.0 → 3.550.0

package/dist-types/commands/BatchIsAuthorizedWithTokenCommand.d.ts

@@ -0,0 +1,285 @@
+import { Command as $Command } from "@smithy/smithy-client";
+import { MetadataBearer as __MetadataBearer } from "@smithy/types";
+import { BatchIsAuthorizedWithTokenInput, BatchIsAuthorizedWithTokenOutput } from "../models/models_0";
+import { ServiceInputTypes, ServiceOutputTypes, VerifiedPermissionsClientResolvedConfig } from "../VerifiedPermissionsClient";
+/**
+ * @public
+ */
+export { __MetadataBearer, $Command };
+/**
+ * @public
+ *
+ * The input for {@link BatchIsAuthorizedWithTokenCommand}.
+ */
+export interface BatchIsAuthorizedWithTokenCommandInput extends BatchIsAuthorizedWithTokenInput {
+}
+/**
+ * @public
+ *
+ * The output of {@link BatchIsAuthorizedWithTokenCommand}.
+ */
+export interface BatchIsAuthorizedWithTokenCommandOutput extends BatchIsAuthorizedWithTokenOutput, __MetadataBearer {
+}
+declare const BatchIsAuthorizedWithTokenCommand_base: {
+    new (input: BatchIsAuthorizedWithTokenCommandInput): import("@smithy/smithy-client").CommandImpl<BatchIsAuthorizedWithTokenCommandInput, BatchIsAuthorizedWithTokenCommandOutput, VerifiedPermissionsClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes>;
+    new (__0_0: BatchIsAuthorizedWithTokenCommandInput): import("@smithy/smithy-client").CommandImpl<BatchIsAuthorizedWithTokenCommandInput, BatchIsAuthorizedWithTokenCommandOutput, VerifiedPermissionsClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes>;
+    getEndpointParameterInstructions(): import("@smithy/middleware-endpoint").EndpointParameterInstructions;
+};
+/**
+ * <p>Makes a series of decisions about multiple authorization requests for one token. The
+ *             principal in this request comes from an external identity source in the form of an identity or
+ *             access token, formatted as a <a href="https://wikipedia.org/wiki/JSON_Web_Token">JSON
+ *                 web token (JWT)</a>. The information in the parameters can also define
+ *             additional context that Verified Permissions can include in the evaluations.</p>
+ *          <p>The request is evaluated against all policies in the specified policy store that match the
+ *             entities that you provide in the entities declaration and in the token. The result of
+ *             the decisions is a series of <code>Allow</code> or <code>Deny</code> responses, along
+ *             with the IDs of the policies that produced each decision.</p>
+ *          <p>The <code>entities</code> of a <code>BatchIsAuthorizedWithToken</code> API request can
+ *             contain up to 100 resources and up to 99 user groups. The <code>requests</code> of a
+ *                 <code>BatchIsAuthorizedWithToken</code> API request can contain up to 30
+ *             requests.</p>
+ *          <note>
+ *             <p>The <code>BatchIsAuthorizedWithToken</code> operation doesn't have its own
+ *                 IAM permission. To authorize this operation for Amazon Web Services principals, include the
+ *                 permission <code>verifiedpermissions:IsAuthorizedWithToken</code> in their IAM
+ *                 policies.</p>
+ *          </note>
+ * @example
+ * Use a bare-bones client and the command you need to make an API call.
+ * ```javascript
+ * import { VerifiedPermissionsClient, BatchIsAuthorizedWithTokenCommand } from "@aws-sdk/client-verifiedpermissions"; // ES Modules import
+ * // const { VerifiedPermissionsClient, BatchIsAuthorizedWithTokenCommand } = require("@aws-sdk/client-verifiedpermissions"); // CommonJS import
+ * const client = new VerifiedPermissionsClient(config);
+ * const input = { // BatchIsAuthorizedWithTokenInput
+ *   policyStoreId: "STRING_VALUE", // required
+ *   identityToken: "STRING_VALUE",
+ *   accessToken: "STRING_VALUE",
+ *   entities: { // EntitiesDefinition Union: only one key present
+ *     entityList: [ // EntityList
+ *       { // EntityItem
+ *         identifier: { // EntityIdentifier
+ *           entityType: "STRING_VALUE", // required
+ *           entityId: "STRING_VALUE", // required
+ *         },
+ *         attributes: { // EntityAttributes
+ *           "<keys>": { // AttributeValue Union: only one key present
+ *             boolean: true || false,
+ *             entityIdentifier: {
+ *               entityType: "STRING_VALUE", // required
+ *               entityId: "STRING_VALUE", // required
+ *             },
+ *             long: Number("long"),
+ *             string: "STRING_VALUE",
+ *             set: [ // SetAttribute
+ *               {//  Union: only one key present
+ *                 boolean: true || false,
+ *                 entityIdentifier: "<EntityIdentifier>",
+ *                 long: Number("long"),
+ *                 string: "STRING_VALUE",
+ *                 set: [
+ *                   "<AttributeValue>",
+ *                 ],
+ *                 record: { // RecordAttribute
+ *                   "<keys>": "<AttributeValue>",
+ *                 },
+ *               },
+ *             ],
+ *             record: {
+ *               "<keys>": "<AttributeValue>",
+ *             },
+ *           },
+ *         },
+ *         parents: [ // ParentList
+ *           "<EntityIdentifier>",
+ *         ],
+ *       },
+ *     ],
+ *   },
+ *   requests: [ // BatchIsAuthorizedWithTokenInputList // required
+ *     { // BatchIsAuthorizedWithTokenInputItem
+ *       action: { // ActionIdentifier
+ *         actionType: "STRING_VALUE", // required
+ *         actionId: "STRING_VALUE", // required
+ *       },
+ *       resource: "<EntityIdentifier>",
+ *       context: { // ContextDefinition Union: only one key present
+ *         contextMap: { // ContextMap
+ *           "<keys>": "<AttributeValue>",
+ *         },
+ *       },
+ *     },
+ *   ],
+ * };
+ * const command = new BatchIsAuthorizedWithTokenCommand(input);
+ * const response = await client.send(command);
+ * // { // BatchIsAuthorizedWithTokenOutput
+ * //   principal: { // EntityIdentifier
+ * //     entityType: "STRING_VALUE", // required
+ * //     entityId: "STRING_VALUE", // required
+ * //   },
+ * //   results: [ // BatchIsAuthorizedWithTokenOutputList // required
+ * //     { // BatchIsAuthorizedWithTokenOutputItem
+ * //       request: { // BatchIsAuthorizedWithTokenInputItem
+ * //         action: { // ActionIdentifier
+ * //           actionType: "STRING_VALUE", // required
+ * //           actionId: "STRING_VALUE", // required
+ * //         },
+ * //         resource: {
+ * //           entityType: "STRING_VALUE", // required
+ * //           entityId: "STRING_VALUE", // required
+ * //         },
+ * //         context: { // ContextDefinition Union: only one key present
+ * //           contextMap: { // ContextMap
+ * //             "<keys>": { // AttributeValue Union: only one key present
+ * //               boolean: true || false,
+ * //               entityIdentifier: "<EntityIdentifier>",
+ * //               long: Number("long"),
+ * //               string: "STRING_VALUE",
+ * //               set: [ // SetAttribute
+ * //                 {//  Union: only one key present
+ * //                   boolean: true || false,
+ * //                   entityIdentifier: "<EntityIdentifier>",
+ * //                   long: Number("long"),
+ * //                   string: "STRING_VALUE",
+ * //                   set: [
+ * //                     "<AttributeValue>",
+ * //                   ],
+ * //                   record: { // RecordAttribute
+ * //                     "<keys>": "<AttributeValue>",
+ * //                   },
+ * //                 },
+ * //               ],
+ * //               record: {
+ * //                 "<keys>": "<AttributeValue>",
+ * //               },
+ * //             },
+ * //           },
+ * //         },
+ * //       },
+ * //       decision: "ALLOW" || "DENY", // required
+ * //       determiningPolicies: [ // DeterminingPolicyList // required
+ * //         { // DeterminingPolicyItem
+ * //           policyId: "STRING_VALUE", // required
+ * //         },
+ * //       ],
+ * //       errors: [ // EvaluationErrorList // required
+ * //         { // EvaluationErrorItem
+ * //           errorDescription: "STRING_VALUE", // required
+ * //         },
+ * //       ],
+ * //     },
+ * //   ],
+ * // };
+ *
+ * ```
+ *
+ * @param BatchIsAuthorizedWithTokenCommandInput - {@link BatchIsAuthorizedWithTokenCommandInput}
+ * @returns {@link BatchIsAuthorizedWithTokenCommandOutput}
+ * @see {@link BatchIsAuthorizedWithTokenCommandInput} for command's `input` shape.
+ * @see {@link BatchIsAuthorizedWithTokenCommandOutput} for command's `response` shape.
+ * @see {@link VerifiedPermissionsClientResolvedConfig | config} for VerifiedPermissionsClient's `config` shape.
+ *
+ * @throws {@link ResourceNotFoundException} (client fault)
+ *  <p>The request failed because it references a resource that doesn't exist.</p>
+ *
+ * @throws {@link AccessDeniedException} (client fault)
+ *  <p>You don't have sufficient access to perform this action.</p>
+ *
+ * @throws {@link InternalServerException} (server fault)
+ *  <p>The request failed because of an internal error. Try your request again later</p>
+ *
+ * @throws {@link ThrottlingException} (client fault)
+ *  <p>The request failed because it exceeded a throttling quota.</p>
+ *
+ * @throws {@link ValidationException} (client fault)
+ *  <p>The request failed because one or more input parameters don't satisfy their constraint
+ *             requirements. The output is provided as a list of fields and a reason for each field that
+ *             isn't valid.</p>
+ *          <p>The possible reasons include the following:</p>
+ *          <ul>
+ *             <li>
+ *                <p>
+ *                   <b>UnrecognizedEntityType</b>
+ *                </p>
+ *                <p>The policy includes an entity type that isn't found in the schema.</p>
+ *             </li>
+ *             <li>
+ *                <p>
+ *                   <b>UnrecognizedActionId</b>
+ *                </p>
+ *                <p>The policy includes an action id that isn't found in the schema.</p>
+ *             </li>
+ *             <li>
+ *                <p>
+ *                   <b>InvalidActionApplication</b>
+ *                </p>
+ *                <p>The policy includes an action that, according to the schema, doesn't support
+ *                     the specified principal and resource.</p>
+ *             </li>
+ *             <li>
+ *                <p>
+ *                   <b>UnexpectedType</b>
+ *                </p>
+ *                <p>The policy included an operand that isn't a valid type for the specified
+ *                     operation.</p>
+ *             </li>
+ *             <li>
+ *                <p>
+ *                   <b>IncompatibleTypes</b>
+ *                </p>
+ *                <p>The types of elements included in a <code>set</code>, or the types of
+ *                     expressions used in an <code>if...then...else</code> clause aren't compatible in
+ *                     this context.</p>
+ *             </li>
+ *             <li>
+ *                <p>
+ *                   <b>MissingAttribute</b>
+ *                </p>
+ *                <p>The policy attempts to access a record or entity attribute that isn't
+ *                     specified in the schema. Test for the existence of the attribute first before
+ *                     attempting to access its value. For more information, see the <a href="https://docs.cedarpolicy.com/policies/syntax-operators.html#has-presence-of-attribute-test">has (presence of attribute test) operator</a> in the
+ *                         <i>Cedar Policy Language Guide</i>.</p>
+ *             </li>
+ *             <li>
+ *                <p>
+ *                   <b>UnsafeOptionalAttributeAccess</b>
+ *                </p>
+ *                <p>The policy attempts to access a record or entity attribute that is optional
+ *                     and isn't guaranteed to be present. Test for the existence of the attribute
+ *                     first before attempting to access its value. For more information, see the
+ *                         <a href="https://docs.cedarpolicy.com/policies/syntax-operators.html#has-presence-of-attribute-test">has (presence of attribute test) operator</a> in the
+ *                         <i>Cedar Policy Language Guide</i>.</p>
+ *             </li>
+ *             <li>
+ *                <p>
+ *                   <b>ImpossiblePolicy</b>
+ *                </p>
+ *                <p>Cedar has determined that a policy condition always evaluates to false. If
+ *                     the policy is always false, it can never apply to any query, and so it can never
+ *                     affect an authorization decision.</p>
+ *             </li>
+ *             <li>
+ *                <p>
+ *                   <b>WrongNumberArguments</b>
+ *                </p>
+ *                <p>The policy references an extension type with the wrong number of
+ *                     arguments.</p>
+ *             </li>
+ *             <li>
+ *                <p>
+ *                   <b>FunctionArgumentValidationError</b>
+ *                </p>
+ *                <p>Cedar couldn't parse the argument passed to an extension type. For example,
+ *                     a string that is to be parsed as an IPv4 address can contain only digits and the
+ *                     period character.</p>
+ *             </li>
+ *          </ul>
+ *
+ * @throws {@link VerifiedPermissionsServiceException}
+ * <p>Base exception class for all service exceptions from VerifiedPermissions service.</p>
+ *
+ * @public
+ */
+export declare class BatchIsAuthorizedWithTokenCommand extends BatchIsAuthorizedWithTokenCommand_base {
+}

package/dist-types/commands/CreateIdentitySourceCommand.d.ts

@@ -73,6 +73,9 @@ declare const CreateIdentitySourceCommand_base: {
  *       clientIds: [ // ClientIds
  *         "STRING_VALUE",
  *       ],
+ *       groupConfiguration: { // CognitoGroupConfiguration
+ *         groupEntityType: "STRING_VALUE", // required
+ *       },
  *     },
  *   },
  *   principalEntityType: "STRING_VALUE",

package/dist-types/commands/GetIdentitySourceCommand.d.ts

@@ -60,6 +60,9 @@ declare const GetIdentitySourceCommand_base: {
  * //         "STRING_VALUE",
  * //       ],
  * //       issuer: "STRING_VALUE", // required
+ * //       groupConfiguration: { // CognitoGroupConfigurationDetail
+ * //         groupEntityType: "STRING_VALUE",
+ * //       },
  * //     },
  * //   },
  * // };

package/dist-types/commands/IsAuthorizedWithTokenCommand.d.ts

@@ -34,15 +34,6 @@ declare const IsAuthorizedWithTokenCommand_base: {
  *             matching policies in the specified policy store. The result of the decision is either
  *                 <code>Allow</code> or <code>Deny</code>, along with a list of the policies that
  *             resulted in the decision.</p>
- *          <important>
- *             <p>If you specify the <code>identityToken</code> parameter, then this operation
- *                 derives the principal from that token. You must not also include that principal in
- *                 the <code>entities</code> parameter or the operation fails and reports a conflict
- *                 between the two entity sources.</p>
- *             <p>If you provide only an <code>accessToken</code>, then you can include the entity
- *                 as part of the <code>entities</code> parameter to provide additional
- *                 attributes.</p>
- *          </important>
  *          <p>At this time, Verified Permissions accepts tokens from only Amazon Cognito.</p>
  *          <p>Verified Permissions validates each token that is specified in a request by checking its expiration
  *             date and its signature.</p>
@@ -125,6 +116,10 @@ declare const IsAuthorizedWithTokenCommand_base: {
  * //       errorDescription: "STRING_VALUE", // required
  * //     },
  * //   ],
+ * //   principal: { // EntityIdentifier
+ * //     entityType: "STRING_VALUE", // required
+ * //     entityId: "STRING_VALUE", // required
+ * //   },
  * // };
  *
  * ```

package/dist-types/commands/ListIdentitySourcesCommand.d.ts

@@ -69,6 +69,9 @@ declare const ListIdentitySourcesCommand_base: {
  * //             "STRING_VALUE",
  * //           ],
  * //           issuer: "STRING_VALUE", // required
+ * //           groupConfiguration: { // CognitoGroupConfigurationItem
+ * //             groupEntityType: "STRING_VALUE",
+ * //           },
  * //         },
  * //       },
  * //     },

package/dist-types/commands/UpdateIdentitySourceCommand.d.ts

@@ -49,6 +49,9 @@ declare const UpdateIdentitySourceCommand_base: {
  *       clientIds: [ // ClientIds
  *         "STRING_VALUE",
  *       ],
+ *       groupConfiguration: { // UpdateCognitoGroupConfiguration
+ *         groupEntityType: "STRING_VALUE", // required
+ *       },
  *     },
  *   },
  *   principalEntityType: "STRING_VALUE",

package/dist-types/commands/index.d.ts

@@ -1,4 +1,5 @@
 export * from "./BatchIsAuthorizedCommand";
+export * from "./BatchIsAuthorizedWithTokenCommand";
 export * from "./CreateIdentitySourceCommand";
 export * from "./CreatePolicyCommand";
 export * from "./CreatePolicyStoreCommand";