@aws-sdk/client-verifiedpermissions 3.799.0 → 3.803.0

package/dist-es/protocols/Aws_json1_0.js

@@ -2,7 +2,7 @@ import { awsExpectUnion as __expectUnion, loadRestJsonErrorCode, parseJsonBody a
 import { HttpRequest as __HttpRequest } from "@smithy/protocol-http";
 import { _json, collectBody, decorateServiceException as __decorateServiceException, expectBoolean as __expectBoolean, expectLong as __expectLong, expectNonNull as __expectNonNull, expectString as __expectString, parseRfc3339DateTimeWithOffset as __parseRfc3339DateTimeWithOffset, take, withBaseException, } from "@smithy/smithy-client";
 import { v4 as generateIdempotencyToken } from "uuid";
-import { AccessDeniedException, AttributeValue, ConflictException, ContextDefinition, EntitiesDefinition, InternalServerException, InvalidStateException, ResourceNotFoundException, ServiceQuotaExceededException, ThrottlingException, ValidationException, } from "../models/models_0";
+import { AccessDeniedException, AttributeValue, ConflictException, ContextDefinition, EntitiesDefinition, InternalServerException, InvalidStateException, ResourceNotFoundException, ServiceQuotaExceededException, ThrottlingException, TooManyTagsException, ValidationException, } from "../models/models_0";
 import { VerifiedPermissionsServiceException as __BaseException } from "../models/VerifiedPermissionsServiceException";
 export const se_BatchGetPolicyCommand = async (input, context) => {
     const headers = sharedHeaders("BatchGetPolicy");
@@ -136,12 +136,30 @@ export const se_ListPolicyTemplatesCommand = async (input, context) => {
     body = JSON.stringify(_json(input));
     return buildHttpRpcRequest(context, headers, "/", undefined, body);
 };
+export const se_ListTagsForResourceCommand = async (input, context) => {
+    const headers = sharedHeaders("ListTagsForResource");
+    let body;
+    body = JSON.stringify(_json(input));
+    return buildHttpRpcRequest(context, headers, "/", undefined, body);
+};
 export const se_PutSchemaCommand = async (input, context) => {
     const headers = sharedHeaders("PutSchema");
     let body;
     body = JSON.stringify(_json(input));
     return buildHttpRpcRequest(context, headers, "/", undefined, body);
 };
+export const se_TagResourceCommand = async (input, context) => {
+    const headers = sharedHeaders("TagResource");
+    let body;
+    body = JSON.stringify(_json(input));
+    return buildHttpRpcRequest(context, headers, "/", undefined, body);
+};
+export const se_UntagResourceCommand = async (input, context) => {
+    const headers = sharedHeaders("UntagResource");
+    let body;
+    body = JSON.stringify(_json(input));
+    return buildHttpRpcRequest(context, headers, "/", undefined, body);
+};
 export const se_UpdateIdentitySourceCommand = async (input, context) => {
     const headers = sharedHeaders("UpdateIdentitySource");
     let body;
@@ -452,6 +470,19 @@ export const de_ListPolicyTemplatesCommand = async (output, context) => {
     };
     return response;
 };
+export const de_ListTagsForResourceCommand = async (output, context) => {
+    if (output.statusCode >= 300) {
+        return de_CommandError(output, context);
+    }
+    const data = await parseBody(output.body, context);
+    let contents = {};
+    contents = _json(data);
+    const response = {
+        $metadata: deserializeMetadata(output),
+        ...contents,
+    };
+    return response;
+};
 export const de_PutSchemaCommand = async (output, context) => {
     if (output.statusCode >= 300) {
         return de_CommandError(output, context);
@@ -465,6 +496,32 @@ export const de_PutSchemaCommand = async (output, context) => {
     };
     return response;
 };
+export const de_TagResourceCommand = async (output, context) => {
+    if (output.statusCode >= 300) {
+        return de_CommandError(output, context);
+    }
+    const data = await parseBody(output.body, context);
+    let contents = {};
+    contents = _json(data);
+    const response = {
+        $metadata: deserializeMetadata(output),
+        ...contents,
+    };
+    return response;
+};
+export const de_UntagResourceCommand = async (output, context) => {
+    if (output.statusCode >= 300) {
+        return de_CommandError(output, context);
+    }
+    const data = await parseBody(output.body, context);
+    let contents = {};
+    contents = _json(data);
+    const response = {
+        $metadata: deserializeMetadata(output),
+        ...contents,
+    };
+    return response;
+};
 export const de_UpdateIdentitySourceCommand = async (output, context) => {
     if (output.statusCode >= 300) {
         return de_CommandError(output, context);
@@ -548,6 +605,9 @@ const de_CommandError = async (output, context) => {
         case "InvalidStateException":
         case "com.amazonaws.verifiedpermissions#InvalidStateException":
             throw await de_InvalidStateExceptionRes(parsedOutput, context);
+        case "TooManyTagsException":
+        case "com.amazonaws.verifiedpermissions#TooManyTagsException":
+            throw await de_TooManyTagsExceptionRes(parsedOutput, context);
         default:
             const parsedBody = parsedOutput.body;
             return throwDefaultError({
@@ -620,6 +680,15 @@ const de_ThrottlingExceptionRes = async (parsedOutput, context) => {
     });
     return __decorateServiceException(exception, body);
 };
+const de_TooManyTagsExceptionRes = async (parsedOutput, context) => {
+    const body = parsedOutput.body;
+    const deserialized = _json(body);
+    const exception = new TooManyTagsException({
+        $metadata: deserializeMetadata(parsedOutput),
+        ...deserialized,
+    });
+    return __decorateServiceException(exception, body);
+};
 const de_ValidationExceptionRes = async (parsedOutput, context) => {
     const body = parsedOutput.body;
     const deserialized = _json(body);
@@ -723,6 +792,7 @@ const se_CreatePolicyStoreInput = (input, context) => {
         clientToken: [true, (_) => _ ?? generateIdempotencyToken()],
         deletionProtection: [],
         description: [],
+        tags: _json,
         validationSettings: _json,
     });
 };
@@ -1001,11 +1071,13 @@ const de_GetPolicyOutput = (output, context) => {
 const de_GetPolicyStoreOutput = (output, context) => {
     return take(output, {
         arn: __expectString,
+        cedarVersion: __expectString,
         createdDate: (_) => __expectNonNull(__parseRfc3339DateTimeWithOffset(_)),
         deletionProtection: __expectString,
         description: __expectString,
         lastUpdatedDate: (_) => __expectNonNull(__parseRfc3339DateTimeWithOffset(_)),
         policyStoreId: __expectString,
+        tags: _json,
         validationSettings: _json,
     });
 };

package/dist-types/VerifiedPermissions.d.ts

@@ -21,7 +21,10 @@ import { ListIdentitySourcesCommandInput, ListIdentitySourcesCommandOutput } fro
 import { ListPoliciesCommandInput, ListPoliciesCommandOutput } from "./commands/ListPoliciesCommand";
 import { ListPolicyStoresCommandInput, ListPolicyStoresCommandOutput } from "./commands/ListPolicyStoresCommand";
 import { ListPolicyTemplatesCommandInput, ListPolicyTemplatesCommandOutput } from "./commands/ListPolicyTemplatesCommand";
+import { ListTagsForResourceCommandInput, ListTagsForResourceCommandOutput } from "./commands/ListTagsForResourceCommand";
 import { PutSchemaCommandInput, PutSchemaCommandOutput } from "./commands/PutSchemaCommand";
+import { TagResourceCommandInput, TagResourceCommandOutput } from "./commands/TagResourceCommand";
+import { UntagResourceCommandInput, UntagResourceCommandOutput } from "./commands/UntagResourceCommand";
 import { UpdateIdentitySourceCommandInput, UpdateIdentitySourceCommandOutput } from "./commands/UpdateIdentitySourceCommand";
 import { UpdatePolicyCommandInput, UpdatePolicyCommandOutput } from "./commands/UpdatePolicyCommand";
 import { UpdatePolicyStoreCommandInput, UpdatePolicyStoreCommandOutput } from "./commands/UpdatePolicyStoreCommand";
@@ -161,12 +164,30 @@ export interface VerifiedPermissions {
     listPolicyTemplates(args: ListPolicyTemplatesCommandInput, options?: __HttpHandlerOptions): Promise<ListPolicyTemplatesCommandOutput>;
     listPolicyTemplates(args: ListPolicyTemplatesCommandInput, cb: (err: any, data?: ListPolicyTemplatesCommandOutput) => void): void;
     listPolicyTemplates(args: ListPolicyTemplatesCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: ListPolicyTemplatesCommandOutput) => void): void;
+    /**
+     * @see {@link ListTagsForResourceCommand}
+     */
+    listTagsForResource(args: ListTagsForResourceCommandInput, options?: __HttpHandlerOptions): Promise<ListTagsForResourceCommandOutput>;
+    listTagsForResource(args: ListTagsForResourceCommandInput, cb: (err: any, data?: ListTagsForResourceCommandOutput) => void): void;
+    listTagsForResource(args: ListTagsForResourceCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: ListTagsForResourceCommandOutput) => void): void;
     /**
      * @see {@link PutSchemaCommand}
      */
     putSchema(args: PutSchemaCommandInput, options?: __HttpHandlerOptions): Promise<PutSchemaCommandOutput>;
     putSchema(args: PutSchemaCommandInput, cb: (err: any, data?: PutSchemaCommandOutput) => void): void;
     putSchema(args: PutSchemaCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: PutSchemaCommandOutput) => void): void;
+    /**
+     * @see {@link TagResourceCommand}
+     */
+    tagResource(args: TagResourceCommandInput, options?: __HttpHandlerOptions): Promise<TagResourceCommandOutput>;
+    tagResource(args: TagResourceCommandInput, cb: (err: any, data?: TagResourceCommandOutput) => void): void;
+    tagResource(args: TagResourceCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: TagResourceCommandOutput) => void): void;
+    /**
+     * @see {@link UntagResourceCommand}
+     */
+    untagResource(args: UntagResourceCommandInput, options?: __HttpHandlerOptions): Promise<UntagResourceCommandOutput>;
+    untagResource(args: UntagResourceCommandInput, cb: (err: any, data?: UntagResourceCommandOutput) => void): void;
+    untagResource(args: UntagResourceCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: UntagResourceCommandOutput) => void): void;
     /**
      * @see {@link UpdateIdentitySourceCommand}
      */
@@ -193,71 +214,7 @@ export interface VerifiedPermissions {
     updatePolicyTemplate(args: UpdatePolicyTemplateCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: UpdatePolicyTemplateCommandOutput) => void): void;
 }
 /**
- * <p>Amazon Verified Permissions is a permissions management service from Amazon Web Services. You can use Verified Permissions to manage
- *             permissions for your application, and authorize user access based on those permissions.
- *             Using Verified Permissions, application developers can grant access based on information about the
- *             users, resources, and requested actions. You can also evaluate additional information
- *             like group membership, attributes of the resources, and session context, such as time of
- *             request and IP addresses. Verified Permissions manages these permissions by letting you create and
- *             store authorization policies for your applications, such as consumer-facing web sites
- *             and enterprise business systems.</p>
- *          <p>Verified Permissions uses Cedar as the policy language to express your permission requirements.
- *             Cedar supports both role-based access control (RBAC) and attribute-based access
- *             control (ABAC) authorization models.</p>
- *          <p>For more information about configuring, administering, and using Amazon Verified Permissions in your
- *             applications, see the <a href="https://docs.aws.amazon.com/verifiedpermissions/latest/userguide/">Amazon Verified Permissions User Guide</a>.</p>
- *          <p>For more information about the Cedar policy language, see the <a href="https://docs.cedarpolicy.com/">Cedar Policy Language Guide</a>.</p>
- *          <important>
- *             <p>When you write Cedar policies that reference principals, resources and actions,
- *                 you can define the unique identifiers used for each of those elements. We strongly
- *                 recommend that you follow these best practices:</p>
- *             <ul>
- *                <li>
- *                   <p>
- *                      <b>Use values like universally unique identifiers
- *                             (UUIDs) for all principal and resource identifiers.</b>
- *                   </p>
- *                   <p>For example, if user <code>jane</code> leaves the company, and you later
- *                         let someone else use the name <code>jane</code>, then that new user
- *                         automatically gets access to everything granted by policies that still
- *                         reference <code>User::"jane"</code>. Cedar can’t distinguish between the
- *                         new user and the old. This applies to both principal and resource
- *                         identifiers. Always use identifiers that are guaranteed unique and never
- *                         reused to ensure that you don’t unintentionally grant access because of the
- *                         presence of an old identifier in a policy.</p>
- *                   <p>Where you use a UUID for an entity, we recommend that you follow it with
- *                         the // comment specifier and the ‘friendly’ name of your entity. This helps
- *                         to make your policies easier to understand. For example: principal ==
- *                         User::"a1b2c3d4-e5f6-a1b2-c3d4-EXAMPLE11111", // alice</p>
- *                </li>
- *                <li>
- *                   <p>
- *                      <b>Do not include personally identifying, confidential,
- *                             or sensitive information as part of the unique identifier for your
- *                             principals or resources.</b> These identifiers are included in
- *                         log entries shared in CloudTrail trails.</p>
- *                </li>
- *             </ul>
- *          </important>
- *          <p>Several operations return structures that appear similar, but have different purposes.
- *             As new functionality is added to the product, the structure used in a parameter of one
- *             operation might need to change in a way that wouldn't make sense for the same parameter
- *             in a different operation. To help you understand the purpose of each, the following
- *             naming convention is used for the structures:</p>
- *          <ul>
- *             <li>
- *                <p>Parameter type structures that end in <code>Detail</code> are used in
- *                         <code>Get</code> operations.</p>
- *             </li>
- *             <li>
- *                <p>Parameter type structures that end in <code>Item</code> are used in
- *                         <code>List</code> operations.</p>
- *             </li>
- *             <li>
- *                <p>Parameter type structures that use neither suffix are used in the mutating
- *                     (create and update) operations.</p>
- *             </li>
- *          </ul>
+ * <p>Amazon Verified Permissions is a permissions management service from Amazon Web Services. You can use Verified Permissions to manage permissions for your application, and authorize user access based on those permissions. Using Verified Permissions, application developers can grant access based on information about the users, resources, and requested actions. You can also evaluate additional information like group membership, attributes of the resources, and session context, such as time of request and IP addresses. Verified Permissions manages these permissions by letting you create and store authorization policies for your applications, such as consumer-facing web sites and enterprise business systems.</p> <p>Verified Permissions uses Cedar as the policy language to express your permission requirements. Cedar supports both role-based access control (RBAC) and attribute-based access control (ABAC) authorization models.</p> <p>For more information about configuring, administering, and using Amazon Verified Permissions in your applications, see the <a href="https://docs.aws.amazon.com/verifiedpermissions/latest/userguide/">Amazon Verified Permissions User Guide</a>.</p> <p>For more information about the Cedar policy language, see the <a href="https://docs.cedarpolicy.com/">Cedar Policy Language Guide</a>.</p> <important> <p>When you write Cedar policies that reference principals, resources and actions, you can define the unique identifiers used for each of those elements. We strongly recommend that you follow these best practices:</p> <ul> <li> <p> <b>Use values like universally unique identifiers (UUIDs) for all principal and resource identifiers.</b> </p> <p>For example, if user <code>jane</code> leaves the company, and you later let someone else use the name <code>jane</code>, then that new user automatically gets access to everything granted by policies that still reference <code>User::"jane"</code>. Cedar can’t distinguish between the new user and the old. This applies to both principal and resource identifiers. Always use identifiers that are guaranteed unique and never reused to ensure that you don’t unintentionally grant access because of the presence of an old identifier in a policy.</p> <p>Where you use a UUID for an entity, we recommend that you follow it with the // comment specifier and the ‘friendly’ name of your entity. This helps to make your policies easier to understand. For example: principal == User::"a1b2c3d4-e5f6-a1b2-c3d4-EXAMPLE11111", // alice</p> </li> <li> <p> <b>Do not include personally identifying, confidential, or sensitive information as part of the unique identifier for your principals or resources.</b> These identifiers are included in log entries shared in CloudTrail trails.</p> </li> </ul> </important> <p>Several operations return structures that appear similar, but have different purposes. As new functionality is added to the product, the structure used in a parameter of one operation might need to change in a way that wouldn't make sense for the same parameter in a different operation. To help you understand the purpose of each, the following naming convention is used for the structures:</p> <ul> <li> <p>Parameter type structures that end in <code>Detail</code> are used in <code>Get</code> operations.</p> </li> <li> <p>Parameter type structures that end in <code>Item</code> are used in <code>List</code> operations.</p> </li> <li> <p>Parameter type structures that use neither suffix are used in the mutating (create and update) operations.</p> </li> </ul>
  * @public
  */
 export declare class VerifiedPermissions extends VerifiedPermissionsClient implements VerifiedPermissions {

package/dist-types/VerifiedPermissionsClient.d.ts

@@ -29,7 +29,10 @@ import { ListIdentitySourcesCommandInput, ListIdentitySourcesCommandOutput } fro
 import { ListPoliciesCommandInput, ListPoliciesCommandOutput } from "./commands/ListPoliciesCommand";
 import { ListPolicyStoresCommandInput, ListPolicyStoresCommandOutput } from "./commands/ListPolicyStoresCommand";
 import { ListPolicyTemplatesCommandInput, ListPolicyTemplatesCommandOutput } from "./commands/ListPolicyTemplatesCommand";
+import { ListTagsForResourceCommandInput, ListTagsForResourceCommandOutput } from "./commands/ListTagsForResourceCommand";
 import { PutSchemaCommandInput, PutSchemaCommandOutput } from "./commands/PutSchemaCommand";
+import { TagResourceCommandInput, TagResourceCommandOutput } from "./commands/TagResourceCommand";
+import { UntagResourceCommandInput, UntagResourceCommandOutput } from "./commands/UntagResourceCommand";
 import { UpdateIdentitySourceCommandInput, UpdateIdentitySourceCommandOutput } from "./commands/UpdateIdentitySourceCommand";
 import { UpdatePolicyCommandInput, UpdatePolicyCommandOutput } from "./commands/UpdatePolicyCommand";
 import { UpdatePolicyStoreCommandInput, UpdatePolicyStoreCommandOutput } from "./commands/UpdatePolicyStoreCommand";
@@ -40,11 +43,11 @@ export { __Client };
 /**
  * @public
  */
-export type ServiceInputTypes = BatchGetPolicyCommandInput | BatchIsAuthorizedCommandInput | BatchIsAuthorizedWithTokenCommandInput | CreateIdentitySourceCommandInput | CreatePolicyCommandInput | CreatePolicyStoreCommandInput | CreatePolicyTemplateCommandInput | DeleteIdentitySourceCommandInput | DeletePolicyCommandInput | DeletePolicyStoreCommandInput | DeletePolicyTemplateCommandInput | GetIdentitySourceCommandInput | GetPolicyCommandInput | GetPolicyStoreCommandInput | GetPolicyTemplateCommandInput | GetSchemaCommandInput | IsAuthorizedCommandInput | IsAuthorizedWithTokenCommandInput | ListIdentitySourcesCommandInput | ListPoliciesCommandInput | ListPolicyStoresCommandInput | ListPolicyTemplatesCommandInput | PutSchemaCommandInput | UpdateIdentitySourceCommandInput | UpdatePolicyCommandInput | UpdatePolicyStoreCommandInput | UpdatePolicyTemplateCommandInput;
+export type ServiceInputTypes = BatchGetPolicyCommandInput | BatchIsAuthorizedCommandInput | BatchIsAuthorizedWithTokenCommandInput | CreateIdentitySourceCommandInput | CreatePolicyCommandInput | CreatePolicyStoreCommandInput | CreatePolicyTemplateCommandInput | DeleteIdentitySourceCommandInput | DeletePolicyCommandInput | DeletePolicyStoreCommandInput | DeletePolicyTemplateCommandInput | GetIdentitySourceCommandInput | GetPolicyCommandInput | GetPolicyStoreCommandInput | GetPolicyTemplateCommandInput | GetSchemaCommandInput | IsAuthorizedCommandInput | IsAuthorizedWithTokenCommandInput | ListIdentitySourcesCommandInput | ListPoliciesCommandInput | ListPolicyStoresCommandInput | ListPolicyTemplatesCommandInput | ListTagsForResourceCommandInput | PutSchemaCommandInput | TagResourceCommandInput | UntagResourceCommandInput | UpdateIdentitySourceCommandInput | UpdatePolicyCommandInput | UpdatePolicyStoreCommandInput | UpdatePolicyTemplateCommandInput;
 /**
  * @public
  */
-export type ServiceOutputTypes = BatchGetPolicyCommandOutput | BatchIsAuthorizedCommandOutput | BatchIsAuthorizedWithTokenCommandOutput | CreateIdentitySourceCommandOutput | CreatePolicyCommandOutput | CreatePolicyStoreCommandOutput | CreatePolicyTemplateCommandOutput | DeleteIdentitySourceCommandOutput | DeletePolicyCommandOutput | DeletePolicyStoreCommandOutput | DeletePolicyTemplateCommandOutput | GetIdentitySourceCommandOutput | GetPolicyCommandOutput | GetPolicyStoreCommandOutput | GetPolicyTemplateCommandOutput | GetSchemaCommandOutput | IsAuthorizedCommandOutput | IsAuthorizedWithTokenCommandOutput | ListIdentitySourcesCommandOutput | ListPoliciesCommandOutput | ListPolicyStoresCommandOutput | ListPolicyTemplatesCommandOutput | PutSchemaCommandOutput | UpdateIdentitySourceCommandOutput | UpdatePolicyCommandOutput | UpdatePolicyStoreCommandOutput | UpdatePolicyTemplateCommandOutput;
+export type ServiceOutputTypes = BatchGetPolicyCommandOutput | BatchIsAuthorizedCommandOutput | BatchIsAuthorizedWithTokenCommandOutput | CreateIdentitySourceCommandOutput | CreatePolicyCommandOutput | CreatePolicyStoreCommandOutput | CreatePolicyTemplateCommandOutput | DeleteIdentitySourceCommandOutput | DeletePolicyCommandOutput | DeletePolicyStoreCommandOutput | DeletePolicyTemplateCommandOutput | GetIdentitySourceCommandOutput | GetPolicyCommandOutput | GetPolicyStoreCommandOutput | GetPolicyTemplateCommandOutput | GetSchemaCommandOutput | IsAuthorizedCommandOutput | IsAuthorizedWithTokenCommandOutput | ListIdentitySourcesCommandOutput | ListPoliciesCommandOutput | ListPolicyStoresCommandOutput | ListPolicyTemplatesCommandOutput | ListTagsForResourceCommandOutput | PutSchemaCommandOutput | TagResourceCommandOutput | UntagResourceCommandOutput | UpdateIdentitySourceCommandOutput | UpdatePolicyCommandOutput | UpdatePolicyStoreCommandOutput | UpdatePolicyTemplateCommandOutput;
 /**
  * @public
  */
@@ -196,71 +199,7 @@ export type VerifiedPermissionsClientResolvedConfigType = __SmithyResolvedConfig
 export interface VerifiedPermissionsClientResolvedConfig extends VerifiedPermissionsClientResolvedConfigType {
 }
 /**
- * <p>Amazon Verified Permissions is a permissions management service from Amazon Web Services. You can use Verified Permissions to manage
- *             permissions for your application, and authorize user access based on those permissions.
- *             Using Verified Permissions, application developers can grant access based on information about the
- *             users, resources, and requested actions. You can also evaluate additional information
- *             like group membership, attributes of the resources, and session context, such as time of
- *             request and IP addresses. Verified Permissions manages these permissions by letting you create and
- *             store authorization policies for your applications, such as consumer-facing web sites
- *             and enterprise business systems.</p>
- *          <p>Verified Permissions uses Cedar as the policy language to express your permission requirements.
- *             Cedar supports both role-based access control (RBAC) and attribute-based access
- *             control (ABAC) authorization models.</p>
- *          <p>For more information about configuring, administering, and using Amazon Verified Permissions in your
- *             applications, see the <a href="https://docs.aws.amazon.com/verifiedpermissions/latest/userguide/">Amazon Verified Permissions User Guide</a>.</p>
- *          <p>For more information about the Cedar policy language, see the <a href="https://docs.cedarpolicy.com/">Cedar Policy Language Guide</a>.</p>
- *          <important>
- *             <p>When you write Cedar policies that reference principals, resources and actions,
- *                 you can define the unique identifiers used for each of those elements. We strongly
- *                 recommend that you follow these best practices:</p>
- *             <ul>
- *                <li>
- *                   <p>
- *                      <b>Use values like universally unique identifiers
- *                             (UUIDs) for all principal and resource identifiers.</b>
- *                   </p>
- *                   <p>For example, if user <code>jane</code> leaves the company, and you later
- *                         let someone else use the name <code>jane</code>, then that new user
- *                         automatically gets access to everything granted by policies that still
- *                         reference <code>User::"jane"</code>. Cedar can’t distinguish between the
- *                         new user and the old. This applies to both principal and resource
- *                         identifiers. Always use identifiers that are guaranteed unique and never
- *                         reused to ensure that you don’t unintentionally grant access because of the
- *                         presence of an old identifier in a policy.</p>
- *                   <p>Where you use a UUID for an entity, we recommend that you follow it with
- *                         the // comment specifier and the ‘friendly’ name of your entity. This helps
- *                         to make your policies easier to understand. For example: principal ==
- *                         User::"a1b2c3d4-e5f6-a1b2-c3d4-EXAMPLE11111", // alice</p>
- *                </li>
- *                <li>
- *                   <p>
- *                      <b>Do not include personally identifying, confidential,
- *                             or sensitive information as part of the unique identifier for your
- *                             principals or resources.</b> These identifiers are included in
- *                         log entries shared in CloudTrail trails.</p>
- *                </li>
- *             </ul>
- *          </important>
- *          <p>Several operations return structures that appear similar, but have different purposes.
- *             As new functionality is added to the product, the structure used in a parameter of one
- *             operation might need to change in a way that wouldn't make sense for the same parameter
- *             in a different operation. To help you understand the purpose of each, the following
- *             naming convention is used for the structures:</p>
- *          <ul>
- *             <li>
- *                <p>Parameter type structures that end in <code>Detail</code> are used in
- *                         <code>Get</code> operations.</p>
- *             </li>
- *             <li>
- *                <p>Parameter type structures that end in <code>Item</code> are used in
- *                         <code>List</code> operations.</p>
- *             </li>
- *             <li>
- *                <p>Parameter type structures that use neither suffix are used in the mutating
- *                     (create and update) operations.</p>
- *             </li>
- *          </ul>
+ * <p>Amazon Verified Permissions is a permissions management service from Amazon Web Services. You can use Verified Permissions to manage permissions for your application, and authorize user access based on those permissions. Using Verified Permissions, application developers can grant access based on information about the users, resources, and requested actions. You can also evaluate additional information like group membership, attributes of the resources, and session context, such as time of request and IP addresses. Verified Permissions manages these permissions by letting you create and store authorization policies for your applications, such as consumer-facing web sites and enterprise business systems.</p> <p>Verified Permissions uses Cedar as the policy language to express your permission requirements. Cedar supports both role-based access control (RBAC) and attribute-based access control (ABAC) authorization models.</p> <p>For more information about configuring, administering, and using Amazon Verified Permissions in your applications, see the <a href="https://docs.aws.amazon.com/verifiedpermissions/latest/userguide/">Amazon Verified Permissions User Guide</a>.</p> <p>For more information about the Cedar policy language, see the <a href="https://docs.cedarpolicy.com/">Cedar Policy Language Guide</a>.</p> <important> <p>When you write Cedar policies that reference principals, resources and actions, you can define the unique identifiers used for each of those elements. We strongly recommend that you follow these best practices:</p> <ul> <li> <p> <b>Use values like universally unique identifiers (UUIDs) for all principal and resource identifiers.</b> </p> <p>For example, if user <code>jane</code> leaves the company, and you later let someone else use the name <code>jane</code>, then that new user automatically gets access to everything granted by policies that still reference <code>User::"jane"</code>. Cedar can’t distinguish between the new user and the old. This applies to both principal and resource identifiers. Always use identifiers that are guaranteed unique and never reused to ensure that you don’t unintentionally grant access because of the presence of an old identifier in a policy.</p> <p>Where you use a UUID for an entity, we recommend that you follow it with the // comment specifier and the ‘friendly’ name of your entity. This helps to make your policies easier to understand. For example: principal == User::"a1b2c3d4-e5f6-a1b2-c3d4-EXAMPLE11111", // alice</p> </li> <li> <p> <b>Do not include personally identifying, confidential, or sensitive information as part of the unique identifier for your principals or resources.</b> These identifiers are included in log entries shared in CloudTrail trails.</p> </li> </ul> </important> <p>Several operations return structures that appear similar, but have different purposes. As new functionality is added to the product, the structure used in a parameter of one operation might need to change in a way that wouldn't make sense for the same parameter in a different operation. To help you understand the purpose of each, the following naming convention is used for the structures:</p> <ul> <li> <p>Parameter type structures that end in <code>Detail</code> are used in <code>Get</code> operations.</p> </li> <li> <p>Parameter type structures that end in <code>Item</code> are used in <code>List</code> operations.</p> </li> <li> <p>Parameter type structures that use neither suffix are used in the mutating (create and update) operations.</p> </li> </ul>
  * @public
  */
 export declare class VerifiedPermissionsClient extends __Client<__HttpHandlerOptions, ServiceInputTypes, ServiceOutputTypes, VerifiedPermissionsClientResolvedConfig> {

package/dist-types/commands/BatchGetPolicyCommand.d.ts

@@ -27,12 +27,7 @@ declare const BatchGetPolicyCommand_base: {
     getEndpointParameterInstructions(): import("@smithy/middleware-endpoint").EndpointParameterInstructions;
 };
 /**
- * <p>Retrieves information about a group (batch) of policies.</p>
- *          <note>
- *             <p>The <code>BatchGetPolicy</code> operation doesn't have its own IAM
- *                 permission. To authorize this operation for Amazon Web Services principals, include the permission
- *                 <code>verifiedpermissions:GetPolicy</code> in their IAM policies.</p>
- *          </note>
+ * <p>Retrieves information about a group (batch) of policies.</p> <note> <p>The <code>BatchGetPolicy</code> operation doesn't have its own IAM permission. To authorize this operation for Amazon Web Services principals, include the permission <code>verifiedpermissions:GetPolicy</code> in their IAM policies.</p> </note>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript
@@ -104,88 +99,7 @@ declare const BatchGetPolicyCommand_base: {
  *  <p>The request failed because it exceeded a throttling quota.</p>
  *
  * @throws {@link ValidationException} (client fault)
- *  <p>The request failed because one or more input parameters don't satisfy their constraint
- *             requirements. The output is provided as a list of fields and a reason for each field that
- *             isn't valid.</p>
- *          <p>The possible reasons include the following:</p>
- *          <ul>
- *             <li>
- *                <p>
- *                   <b>UnrecognizedEntityType</b>
- *                </p>
- *                <p>The policy includes an entity type that isn't found in the schema.</p>
- *             </li>
- *             <li>
- *                <p>
- *                   <b>UnrecognizedActionId</b>
- *                </p>
- *                <p>The policy includes an action id that isn't found in the schema.</p>
- *             </li>
- *             <li>
- *                <p>
- *                   <b>InvalidActionApplication</b>
- *                </p>
- *                <p>The policy includes an action that, according to the schema, doesn't support
- *                     the specified principal and resource.</p>
- *             </li>
- *             <li>
- *                <p>
- *                   <b>UnexpectedType</b>
- *                </p>
- *                <p>The policy included an operand that isn't a valid type for the specified
- *                     operation.</p>
- *             </li>
- *             <li>
- *                <p>
- *                   <b>IncompatibleTypes</b>
- *                </p>
- *                <p>The types of elements included in a <code>set</code>, or the types of
- *                     expressions used in an <code>if...then...else</code> clause aren't compatible in
- *                     this context.</p>
- *             </li>
- *             <li>
- *                <p>
- *                   <b>MissingAttribute</b>
- *                </p>
- *                <p>The policy attempts to access a record or entity attribute that isn't
- *                     specified in the schema. Test for the existence of the attribute first before
- *                     attempting to access its value. For more information, see the <a href="https://docs.cedarpolicy.com/policies/syntax-operators.html#has-presence-of-attribute-test">has (presence of attribute test) operator</a> in the
- *                         <i>Cedar Policy Language Guide</i>.</p>
- *             </li>
- *             <li>
- *                <p>
- *                   <b>UnsafeOptionalAttributeAccess</b>
- *                </p>
- *                <p>The policy attempts to access a record or entity attribute that is optional
- *                     and isn't guaranteed to be present. Test for the existence of the attribute
- *                     first before attempting to access its value. For more information, see the
- *                         <a href="https://docs.cedarpolicy.com/policies/syntax-operators.html#has-presence-of-attribute-test">has (presence of attribute test) operator</a> in the
- *                         <i>Cedar Policy Language Guide</i>.</p>
- *             </li>
- *             <li>
- *                <p>
- *                   <b>ImpossiblePolicy</b>
- *                </p>
- *                <p>Cedar has determined that a policy condition always evaluates to false. If
- *                     the policy is always false, it can never apply to any query, and so it can never
- *                     affect an authorization decision.</p>
- *             </li>
- *             <li>
- *                <p>
- *                   <b>WrongNumberArguments</b>
- *                </p>
- *                <p>The policy references an extension type with the wrong number of
- *                     arguments.</p>
- *             </li>
- *             <li>
- *                <p>
- *                   <b>FunctionArgumentValidationError</b>
- *                </p>
- *                <p>Cedar couldn't parse the argument passed to an extension type. For example,
- *                     a string that is to be parsed as an IPv4 address can contain only digits and the
- *                     period character.</p>
- *             </li>
- *          </ul>
+ *  <p>The request failed because one or more input parameters don't satisfy their constraint requirements. The output is provided as a list of fields and a reason for each field that isn't valid.</p> <p>The possible reasons include the following:</p> <ul> <li> <p> <b>UnrecognizedEntityType</b> </p> <p>The policy includes an entity type that isn't found in the schema.</p> </li> <li> <p> <b>UnrecognizedActionId</b> </p> <p>The policy includes an action id that isn't found in the schema.</p> </li> <li> <p> <b>InvalidActionApplication</b> </p> <p>The policy includes an action that, according to the schema, doesn't support the specified principal and resource.</p> </li> <li> <p> <b>UnexpectedType</b> </p> <p>The policy included an operand that isn't a valid type for the specified operation.</p> </li> <li> <p> <b>IncompatibleTypes</b> </p> <p>The types of elements included in a <code>set</code>, or the types of expressions used in an <code>if...then...else</code> clause aren't compatible in this context.</p> </li> <li> <p> <b>MissingAttribute</b> </p> <p>The policy attempts to access a record or entity attribute that isn't specified in the schema. Test for the existence of the attribute first before attempting to access its value. For more information, see the <a href="https://docs.cedarpolicy.com/policies/syntax-operators.html#has-presence-of-attribute-test">has (presence of attribute test) operator</a> in the <i>Cedar Policy Language Guide</i>.</p> </li> <li> <p> <b>UnsafeOptionalAttributeAccess</b> </p> <p>The policy attempts to access a record or entity attribute that is optional and isn't guaranteed to be present. Test for the existence of the attribute first before attempting to access its value. For more information, see the <a href="https://docs.cedarpolicy.com/policies/syntax-operators.html#has-presence-of-attribute-test">has (presence of attribute test) operator</a> in the <i>Cedar Policy Language Guide</i>.</p> </li> <li> <p> <b>ImpossiblePolicy</b> </p> <p>Cedar has determined that a policy condition always evaluates to false. If the policy is always false, it can never apply to any query, and so it can never affect an authorization decision.</p> </li> <li> <p> <b>WrongNumberArguments</b> </p> <p>The policy references an extension type with the wrong number of arguments.</p> </li> <li> <p> <b>FunctionArgumentValidationError</b> </p> <p>Cedar couldn't parse the argument passed to an extension type. For example, a string that is to be parsed as an IPv4 address can contain only digits and the period character.</p> </li> </ul>
  *
  * @throws {@link VerifiedPermissionsServiceException}
  * <p>Base exception class for all service exceptions from VerifiedPermissions service.</p>

package/dist-types/commands/BatchIsAuthorizedCommand.d.ts

@@ -27,27 +27,7 @@ declare const BatchIsAuthorizedCommand_base: {
     getEndpointParameterInstructions(): import("@smithy/middleware-endpoint").EndpointParameterInstructions;
 };
 /**
- * <p>Makes a series of decisions about multiple authorization requests for one principal or
- *             resource. Each request contains the equivalent content of an <code>IsAuthorized</code>
- *             request: principal, action, resource, and context. Either the <code>principal</code> or
- *             the <code>resource</code> parameter must be identical across all requests. For example,
- *             Verified Permissions won't evaluate a pair of requests where <code>bob</code> views
- *                 <code>photo1</code> and <code>alice</code> views <code>photo2</code>. Authorization
- *             of <code>bob</code> to view <code>photo1</code> and <code>photo2</code>, or
- *                 <code>bob</code> and <code>alice</code> to view <code>photo1</code>, are valid
- *             batches. </p>
- *          <p>The request is evaluated against all policies in the specified policy store that match the
- *             entities that you declare. The result of the decisions is a series of <code>Allow</code>
- *             or <code>Deny</code> responses, along with the IDs of the policies that produced each
- *             decision.</p>
- *          <p>The <code>entities</code> of a <code>BatchIsAuthorized</code> API request can contain
- *             up to 100 principals and up to 100 resources. The <code>requests</code> of a
- *                 <code>BatchIsAuthorized</code> API request can contain up to 30 requests.</p>
- *          <note>
- *             <p>The <code>BatchIsAuthorized</code> operation doesn't have its own IAM
- *                 permission. To authorize this operation for Amazon Web Services principals, include the permission
- *                     <code>verifiedpermissions:IsAuthorized</code> in their IAM policies.</p>
- *          </note>
+ * <p>Makes a series of decisions about multiple authorization requests for one principal or resource. Each request contains the equivalent content of an <code>IsAuthorized</code> request: principal, action, resource, and context. Either the <code>principal</code> or the <code>resource</code> parameter must be identical across all requests. For example, Verified Permissions won't evaluate a pair of requests where <code>bob</code> views <code>photo1</code> and <code>alice</code> views <code>photo2</code>. Authorization of <code>bob</code> to view <code>photo1</code> and <code>photo2</code>, or <code>bob</code> and <code>alice</code> to view <code>photo1</code>, are valid batches. </p> <p>The request is evaluated against all policies in the specified policy store that match the entities that you declare. The result of the decisions is a series of <code>Allow</code> or <code>Deny</code> responses, along with the IDs of the policies that produced each decision.</p> <p>The <code>entities</code> of a <code>BatchIsAuthorized</code> API request can contain up to 100 principals and up to 100 resources. The <code>requests</code> of a <code>BatchIsAuthorized</code> API request can contain up to 30 requests.</p> <note> <p>The <code>BatchIsAuthorized</code> operation doesn't have its own IAM permission. To authorize this operation for Amazon Web Services principals, include the permission <code>verifiedpermissions:IsAuthorized</code> in their IAM policies.</p> </note>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript
@@ -209,88 +189,7 @@ declare const BatchIsAuthorizedCommand_base: {
  *  <p>The request failed because it exceeded a throttling quota.</p>
  *
  * @throws {@link ValidationException} (client fault)
- *  <p>The request failed because one or more input parameters don't satisfy their constraint
- *             requirements. The output is provided as a list of fields and a reason for each field that
- *             isn't valid.</p>
- *          <p>The possible reasons include the following:</p>
- *          <ul>
- *             <li>
- *                <p>
- *                   <b>UnrecognizedEntityType</b>
- *                </p>
- *                <p>The policy includes an entity type that isn't found in the schema.</p>
- *             </li>
- *             <li>
- *                <p>
- *                   <b>UnrecognizedActionId</b>
- *                </p>
- *                <p>The policy includes an action id that isn't found in the schema.</p>
- *             </li>
- *             <li>
- *                <p>
- *                   <b>InvalidActionApplication</b>
- *                </p>
- *                <p>The policy includes an action that, according to the schema, doesn't support
- *                     the specified principal and resource.</p>
- *             </li>
- *             <li>
- *                <p>
- *                   <b>UnexpectedType</b>
- *                </p>
- *                <p>The policy included an operand that isn't a valid type for the specified
- *                     operation.</p>
- *             </li>
- *             <li>
- *                <p>
- *                   <b>IncompatibleTypes</b>
- *                </p>
- *                <p>The types of elements included in a <code>set</code>, or the types of
- *                     expressions used in an <code>if...then...else</code> clause aren't compatible in
- *                     this context.</p>
- *             </li>
- *             <li>
- *                <p>
- *                   <b>MissingAttribute</b>
- *                </p>
- *                <p>The policy attempts to access a record or entity attribute that isn't
- *                     specified in the schema. Test for the existence of the attribute first before
- *                     attempting to access its value. For more information, see the <a href="https://docs.cedarpolicy.com/policies/syntax-operators.html#has-presence-of-attribute-test">has (presence of attribute test) operator</a> in the
- *                         <i>Cedar Policy Language Guide</i>.</p>
- *             </li>
- *             <li>
- *                <p>
- *                   <b>UnsafeOptionalAttributeAccess</b>
- *                </p>
- *                <p>The policy attempts to access a record or entity attribute that is optional
- *                     and isn't guaranteed to be present. Test for the existence of the attribute
- *                     first before attempting to access its value. For more information, see the
- *                         <a href="https://docs.cedarpolicy.com/policies/syntax-operators.html#has-presence-of-attribute-test">has (presence of attribute test) operator</a> in the
- *                         <i>Cedar Policy Language Guide</i>.</p>
- *             </li>
- *             <li>
- *                <p>
- *                   <b>ImpossiblePolicy</b>
- *                </p>
- *                <p>Cedar has determined that a policy condition always evaluates to false. If
- *                     the policy is always false, it can never apply to any query, and so it can never
- *                     affect an authorization decision.</p>
- *             </li>
- *             <li>
- *                <p>
- *                   <b>WrongNumberArguments</b>
- *                </p>
- *                <p>The policy references an extension type with the wrong number of
- *                     arguments.</p>
- *             </li>
- *             <li>
- *                <p>
- *                   <b>FunctionArgumentValidationError</b>
- *                </p>
- *                <p>Cedar couldn't parse the argument passed to an extension type. For example,
- *                     a string that is to be parsed as an IPv4 address can contain only digits and the
- *                     period character.</p>
- *             </li>
- *          </ul>
+ *  <p>The request failed because one or more input parameters don't satisfy their constraint requirements. The output is provided as a list of fields and a reason for each field that isn't valid.</p> <p>The possible reasons include the following:</p> <ul> <li> <p> <b>UnrecognizedEntityType</b> </p> <p>The policy includes an entity type that isn't found in the schema.</p> </li> <li> <p> <b>UnrecognizedActionId</b> </p> <p>The policy includes an action id that isn't found in the schema.</p> </li> <li> <p> <b>InvalidActionApplication</b> </p> <p>The policy includes an action that, according to the schema, doesn't support the specified principal and resource.</p> </li> <li> <p> <b>UnexpectedType</b> </p> <p>The policy included an operand that isn't a valid type for the specified operation.</p> </li> <li> <p> <b>IncompatibleTypes</b> </p> <p>The types of elements included in a <code>set</code>, or the types of expressions used in an <code>if...then...else</code> clause aren't compatible in this context.</p> </li> <li> <p> <b>MissingAttribute</b> </p> <p>The policy attempts to access a record or entity attribute that isn't specified in the schema. Test for the existence of the attribute first before attempting to access its value. For more information, see the <a href="https://docs.cedarpolicy.com/policies/syntax-operators.html#has-presence-of-attribute-test">has (presence of attribute test) operator</a> in the <i>Cedar Policy Language Guide</i>.</p> </li> <li> <p> <b>UnsafeOptionalAttributeAccess</b> </p> <p>The policy attempts to access a record or entity attribute that is optional and isn't guaranteed to be present. Test for the existence of the attribute first before attempting to access its value. For more information, see the <a href="https://docs.cedarpolicy.com/policies/syntax-operators.html#has-presence-of-attribute-test">has (presence of attribute test) operator</a> in the <i>Cedar Policy Language Guide</i>.</p> </li> <li> <p> <b>ImpossiblePolicy</b> </p> <p>Cedar has determined that a policy condition always evaluates to false. If the policy is always false, it can never apply to any query, and so it can never affect an authorization decision.</p> </li> <li> <p> <b>WrongNumberArguments</b> </p> <p>The policy references an extension type with the wrong number of arguments.</p> </li> <li> <p> <b>FunctionArgumentValidationError</b> </p> <p>Cedar couldn't parse the argument passed to an extension type. For example, a string that is to be parsed as an IPv4 address can contain only digits and the period character.</p> </li> </ul>
  *
  * @throws {@link VerifiedPermissionsServiceException}
  * <p>Base exception class for all service exceptions from VerifiedPermissions service.</p>