* Note: Do not directly implement this interface, new methods are added to it regularly. Extend from * {@link com.amazonaws.services.verifiedpermissions.AbstractAmazonVerifiedPermissions} instead. *
**
* Amazon Verified Permissions is a permissions management service from Amazon Web Services. You can use Verified * Permissions to manage permissions for your application, and authorize user access based on those permissions. Using * Verified Permissions, application developers can grant access based on information about the users, resources, and * requested actions. You can also evaluate additional information like group membership, attributes of the resources, * and session context, such as time of request and IP addresses. Verified Permissions manages these permissions by * letting you create and store authorization policies for your applications, such as consumer-facing web sites and * enterprise business systems. *
** Verified Permissions uses Cedar as the policy language to express your permission requirements. Cedar supports both * role-based access control (RBAC) and attribute-based access control (ABAC) authorization models. *
** For more information about configuring, administering, and using Amazon Verified Permissions in your applications, * see the Amazon Verified Permissions User * Guide. *
** For more information about the Cedar policy language, see the Cedar Policy * Language Guide. *
** When you write Cedar policies that reference principals, resources and actions, you can define the unique identifiers * used for each of those elements. We strongly recommend that you follow these best practices: *
** Use values like universally unique identifiers (UUIDs) for all principal and resource identifiers. *
*
* For example, if user jane leaves the company, and you later let someone else use the name
* jane, then that new user automatically gets access to everything granted by policies that still
* reference User::"jane". Cedar can’t distinguish between the new user and the old. This applies to both
* principal and resource identifiers. Always use identifiers that are guaranteed unique and never reused to ensure that
* you don’t unintentionally grant access because of the presence of an old identifier in a policy.
*
* Where you use a UUID for an entity, we recommend that you follow it with the // comment specifier and the ‘friendly’ * name of your entity. This helps to make your policies easier to understand. For example: principal == * User::"a1b2c3d4-e5f6-a1b2-c3d4-EXAMPLE11111", // alice *
** Do not include personally identifying, confidential, or sensitive information as part of the unique identifier for * your principals or resources. These identifiers are included in log entries shared in CloudTrail trails. *
** Several operations return structures that appear similar, but have different purposes. As new functionality is added * to the product, the structure used in a parameter of one operation might need to change in a way that wouldn't make * sense for the same parameter in a different operation. To help you understand the purpose of each, the following * naming convention is used for the structures: *
*
* Parameter type structures that end in Detail are used in Get operations.
*
* Parameter type structures that end in Item are used in List operations.
*
* Parameter type structures that use neither suffix are used in the mutating (create and update) operations. *
** Creates a reference to an Amazon Cognito user pool as an external identity provider (IdP). *
** After you create an identity source, you can use the identities provided by the IdP as proxies for the principal * in authorization queries that use the IsAuthorizedWithToken operation. These identities take the form of tokens that contain claims about the * user, such as IDs, attributes and group memberships. Amazon Cognito provides both identity tokens and access * tokens, and Verified Permissions can use either or both. Any combination of identity and access tokens results in * the same Cedar principal. Verified Permissions automatically translates the information about the identities into * the standard Cedar attributes that can be evaluated by your policies. Because the Amazon Cognito identity and * access tokens can contain different information, the tokens you choose to use determine which principal * attributes are available to access when evaluating Cedar policies. *
** If you delete a Amazon Cognito user pool or user, tokens from that deleted pool or that deleted user continue to * be usable until they expire. *
** To reference a user from this identity source in your Cedar policies, use the following syntax. *
** IdentityType::"<CognitoUserPoolIdentifier>|<CognitoClientId> *
*
* Where IdentityType is the string that you provide to the PrincipalEntityType parameter
* for this operation. The CognitoUserPoolId and CognitoClientId are defined by the Amazon
* Cognito user pool.
*
* The possible reasons include the following: *
** UnrecognizedEntityType *
** The policy includes an entity type that isn't found in the schema. *
** UnrecognizedActionId *
** The policy includes an action id that isn't found in the schema. *
** InvalidActionApplication *
** The policy includes an action that, according to the schema, doesn't support the specified principal and * resource. *
** UnexpectedType *
** The policy included an operand that isn't a valid type for the specified operation. *
** IncompatibleTypes *
*
* The types of elements included in a set, or the types of expressions used in an
* if...then...else clause aren't compatible in this context.
*
* MissingAttribute *
** The policy attempts to access a record or entity attribute that isn't specified in the schema. Test for * the existence of the attribute first before attempting to access its value. For more information, see the * has (presence * of attribute test) operator in the Cedar Policy Language Guide. *
** UnsafeOptionalAttributeAccess *
** The policy attempts to access a record or entity attribute that is optional and isn't guaranteed to be * present. Test for the existence of the attribute first before attempting to access its value. For more * information, see the has (presence of * attribute test) operator in the Cedar Policy Language Guide. *
** ImpossiblePolicy *
** Cedar has determined that a policy condition always evaluates to false. If the policy is always false, it * can never apply to any query, and so it can never affect an authorization decision. *
** WrongNumberArguments *
** The policy references an extension type with the wrong number of arguments. *
** FunctionArgumentValidationError *
** Cedar couldn't parse the argument passed to an extension type. For example, a string that is to be parsed * as an IPv4 address can contain only digits and the period character. *
** Creates a Cedar policy and saves it in the specified policy store. You can create either a static policy or a * policy linked to a policy template. *
*
* To create a static policy, provide the Cedar policy text in the StaticPolicy section of the
* PolicyDefinition.
*
* To create a policy that is dynamically linked to a policy template, specify the policy template ID and the
* principal and resource to associate with this policy in the templateLinked section of the
* PolicyDefinition. If the policy template is ever updated, any policies linked to the policy template
* automatically use the updated template.
*
* Creating a policy causes it to be validated against the schema in the policy store. If the policy doesn't pass * validation, the operation fails and the policy isn't stored. *
** The possible reasons include the following: *
** UnrecognizedEntityType *
** The policy includes an entity type that isn't found in the schema. *
** UnrecognizedActionId *
** The policy includes an action id that isn't found in the schema. *
** InvalidActionApplication *
** The policy includes an action that, according to the schema, doesn't support the specified principal and * resource. *
** UnexpectedType *
** The policy included an operand that isn't a valid type for the specified operation. *
** IncompatibleTypes *
*
* The types of elements included in a set, or the types of expressions used in an
* if...then...else clause aren't compatible in this context.
*
* MissingAttribute *
** The policy attempts to access a record or entity attribute that isn't specified in the schema. Test for * the existence of the attribute first before attempting to access its value. For more information, see the * has (presence * of attribute test) operator in the Cedar Policy Language Guide. *
** UnsafeOptionalAttributeAccess *
** The policy attempts to access a record or entity attribute that is optional and isn't guaranteed to be * present. Test for the existence of the attribute first before attempting to access its value. For more * information, see the has (presence of * attribute test) operator in the Cedar Policy Language Guide. *
** ImpossiblePolicy *
** Cedar has determined that a policy condition always evaluates to false. If the policy is always false, it * can never apply to any query, and so it can never affect an authorization decision. *
** WrongNumberArguments *
** The policy references an extension type with the wrong number of arguments. *
** FunctionArgumentValidationError *
** Cedar couldn't parse the argument passed to an extension type. For example, a string that is to be parsed * as an IPv4 address can contain only digits and the period character. *
** Creates a policy store. A policy store is a container for policy resources. *
** Although Cedar supports multiple namespaces, * Verified Permissions currently supports only one namespace per policy store. *
** The possible reasons include the following: *
** UnrecognizedEntityType *
** The policy includes an entity type that isn't found in the schema. *
** UnrecognizedActionId *
** The policy includes an action id that isn't found in the schema. *
** InvalidActionApplication *
** The policy includes an action that, according to the schema, doesn't support the specified principal and * resource. *
** UnexpectedType *
** The policy included an operand that isn't a valid type for the specified operation. *
** IncompatibleTypes *
*
* The types of elements included in a set, or the types of expressions used in an
* if...then...else clause aren't compatible in this context.
*
* MissingAttribute *
** The policy attempts to access a record or entity attribute that isn't specified in the schema. Test for * the existence of the attribute first before attempting to access its value. For more information, see the * has (presence * of attribute test) operator in the Cedar Policy Language Guide. *
** UnsafeOptionalAttributeAccess *
** The policy attempts to access a record or entity attribute that is optional and isn't guaranteed to be * present. Test for the existence of the attribute first before attempting to access its value. For more * information, see the has (presence of * attribute test) operator in the Cedar Policy Language Guide. *
** ImpossiblePolicy *
** Cedar has determined that a policy condition always evaluates to false. If the policy is always false, it * can never apply to any query, and so it can never affect an authorization decision. *
** WrongNumberArguments *
** The policy references an extension type with the wrong number of arguments. *
** FunctionArgumentValidationError *
** Cedar couldn't parse the argument passed to an extension type. For example, a string that is to be parsed * as an IPv4 address can contain only digits and the period character. *
** Creates a policy template. A template can use placeholders for the principal and resource. A template must be * instantiated into a policy by associating it with specific principals and resources to use for the placeholders. * That instantiated policy can then be considered in authorization decisions. The instantiated policy works * identically to any other policy, except that it is dynamically linked to the template. If the template changes, * then any policies that are linked to that template are immediately updated as well. *
* * @param createPolicyTemplateRequest * @return Result of the CreatePolicyTemplate operation returned by the service. * @throws ValidationException * The request failed because one or more input parameters don't satisfy their constraint requirements. The * output is provided as a list of fields and a reason for each field that isn't valid. ** The possible reasons include the following: *
** UnrecognizedEntityType *
** The policy includes an entity type that isn't found in the schema. *
** UnrecognizedActionId *
** The policy includes an action id that isn't found in the schema. *
** InvalidActionApplication *
** The policy includes an action that, according to the schema, doesn't support the specified principal and * resource. *
** UnexpectedType *
** The policy included an operand that isn't a valid type for the specified operation. *
** IncompatibleTypes *
*
* The types of elements included in a set, or the types of expressions used in an
* if...then...else clause aren't compatible in this context.
*
* MissingAttribute *
** The policy attempts to access a record or entity attribute that isn't specified in the schema. Test for * the existence of the attribute first before attempting to access its value. For more information, see the * has (presence * of attribute test) operator in the Cedar Policy Language Guide. *
** UnsafeOptionalAttributeAccess *
** The policy attempts to access a record or entity attribute that is optional and isn't guaranteed to be * present. Test for the existence of the attribute first before attempting to access its value. For more * information, see the has (presence of * attribute test) operator in the Cedar Policy Language Guide. *
** ImpossiblePolicy *
** Cedar has determined that a policy condition always evaluates to false. If the policy is always false, it * can never apply to any query, and so it can never affect an authorization decision. *
** WrongNumberArguments *
** The policy references an extension type with the wrong number of arguments. *
** FunctionArgumentValidationError *
** Cedar couldn't parse the argument passed to an extension type. For example, a string that is to be parsed * as an IPv4 address can contain only digits and the period character. *
** Deletes an identity source that references an identity provider (IdP) such as Amazon Cognito. After you delete * the identity source, you can no longer use tokens for identities from that identity source to represent * principals in authorization queries made using IsAuthorizedWithToken. operations. *
* * @param deleteIdentitySourceRequest * @return Result of the DeleteIdentitySource operation returned by the service. * @throws ValidationException * The request failed because one or more input parameters don't satisfy their constraint requirements. The * output is provided as a list of fields and a reason for each field that isn't valid. ** The possible reasons include the following: *
** UnrecognizedEntityType *
** The policy includes an entity type that isn't found in the schema. *
** UnrecognizedActionId *
** The policy includes an action id that isn't found in the schema. *
** InvalidActionApplication *
** The policy includes an action that, according to the schema, doesn't support the specified principal and * resource. *
** UnexpectedType *
** The policy included an operand that isn't a valid type for the specified operation. *
** IncompatibleTypes *
*
* The types of elements included in a set, or the types of expressions used in an
* if...then...else clause aren't compatible in this context.
*
* MissingAttribute *
** The policy attempts to access a record or entity attribute that isn't specified in the schema. Test for * the existence of the attribute first before attempting to access its value. For more information, see the * has (presence * of attribute test) operator in the Cedar Policy Language Guide. *
** UnsafeOptionalAttributeAccess *
** The policy attempts to access a record or entity attribute that is optional and isn't guaranteed to be * present. Test for the existence of the attribute first before attempting to access its value. For more * information, see the has (presence of * attribute test) operator in the Cedar Policy Language Guide. *
** ImpossiblePolicy *
** Cedar has determined that a policy condition always evaluates to false. If the policy is always false, it * can never apply to any query, and so it can never affect an authorization decision. *
** WrongNumberArguments *
** The policy references an extension type with the wrong number of arguments. *
** FunctionArgumentValidationError *
** Cedar couldn't parse the argument passed to an extension type. For example, a string that is to be parsed * as an IPv4 address can contain only digits and the period character. *
** Deletes the specified policy from the policy store. *
*
* This operation is idempotent; if you specify a policy that doesn't exist, the request response returns a
* successful HTTP 200 status code.
*
* The possible reasons include the following: *
** UnrecognizedEntityType *
** The policy includes an entity type that isn't found in the schema. *
** UnrecognizedActionId *
** The policy includes an action id that isn't found in the schema. *
** InvalidActionApplication *
** The policy includes an action that, according to the schema, doesn't support the specified principal and * resource. *
** UnexpectedType *
** The policy included an operand that isn't a valid type for the specified operation. *
** IncompatibleTypes *
*
* The types of elements included in a set, or the types of expressions used in an
* if...then...else clause aren't compatible in this context.
*
* MissingAttribute *
** The policy attempts to access a record or entity attribute that isn't specified in the schema. Test for * the existence of the attribute first before attempting to access its value. For more information, see the * has (presence * of attribute test) operator in the Cedar Policy Language Guide. *
** UnsafeOptionalAttributeAccess *
** The policy attempts to access a record or entity attribute that is optional and isn't guaranteed to be * present. Test for the existence of the attribute first before attempting to access its value. For more * information, see the has (presence of * attribute test) operator in the Cedar Policy Language Guide. *
** ImpossiblePolicy *
** Cedar has determined that a policy condition always evaluates to false. If the policy is always false, it * can never apply to any query, and so it can never affect an authorization decision. *
** WrongNumberArguments *
** The policy references an extension type with the wrong number of arguments. *
** FunctionArgumentValidationError *
** Cedar couldn't parse the argument passed to an extension type. For example, a string that is to be parsed * as an IPv4 address can contain only digits and the period character. *
** Deletes the specified policy store. *
** This operation is idempotent. If you specify a policy store that does not exist, the request response will still * return a successful HTTP 200 status code. *
* * @param deletePolicyStoreRequest * @return Result of the DeletePolicyStore operation returned by the service. * @throws ValidationException * The request failed because one or more input parameters don't satisfy their constraint requirements. The * output is provided as a list of fields and a reason for each field that isn't valid. ** The possible reasons include the following: *
** UnrecognizedEntityType *
** The policy includes an entity type that isn't found in the schema. *
** UnrecognizedActionId *
** The policy includes an action id that isn't found in the schema. *
** InvalidActionApplication *
** The policy includes an action that, according to the schema, doesn't support the specified principal and * resource. *
** UnexpectedType *
** The policy included an operand that isn't a valid type for the specified operation. *
** IncompatibleTypes *
*
* The types of elements included in a set, or the types of expressions used in an
* if...then...else clause aren't compatible in this context.
*
* MissingAttribute *
** The policy attempts to access a record or entity attribute that isn't specified in the schema. Test for * the existence of the attribute first before attempting to access its value. For more information, see the * has (presence * of attribute test) operator in the Cedar Policy Language Guide. *
** UnsafeOptionalAttributeAccess *
** The policy attempts to access a record or entity attribute that is optional and isn't guaranteed to be * present. Test for the existence of the attribute first before attempting to access its value. For more * information, see the has (presence of * attribute test) operator in the Cedar Policy Language Guide. *
** ImpossiblePolicy *
** Cedar has determined that a policy condition always evaluates to false. If the policy is always false, it * can never apply to any query, and so it can never affect an authorization decision. *
** WrongNumberArguments *
** The policy references an extension type with the wrong number of arguments. *
** FunctionArgumentValidationError *
** Cedar couldn't parse the argument passed to an extension type. For example, a string that is to be parsed * as an IPv4 address can contain only digits and the period character. *
** Deletes the specified policy template from the policy store. *
** This operation also deletes any policies that were created from the specified policy template. Those policies are * immediately removed from all future API responses, and are asynchronously deleted from the policy store. *
** The possible reasons include the following: *
** UnrecognizedEntityType *
** The policy includes an entity type that isn't found in the schema. *
** UnrecognizedActionId *
** The policy includes an action id that isn't found in the schema. *
** InvalidActionApplication *
** The policy includes an action that, according to the schema, doesn't support the specified principal and * resource. *
** UnexpectedType *
** The policy included an operand that isn't a valid type for the specified operation. *
** IncompatibleTypes *
*
* The types of elements included in a set, or the types of expressions used in an
* if...then...else clause aren't compatible in this context.
*
* MissingAttribute *
** The policy attempts to access a record or entity attribute that isn't specified in the schema. Test for * the existence of the attribute first before attempting to access its value. For more information, see the * has (presence * of attribute test) operator in the Cedar Policy Language Guide. *
** UnsafeOptionalAttributeAccess *
** The policy attempts to access a record or entity attribute that is optional and isn't guaranteed to be * present. Test for the existence of the attribute first before attempting to access its value. For more * information, see the has (presence of * attribute test) operator in the Cedar Policy Language Guide. *
** ImpossiblePolicy *
** Cedar has determined that a policy condition always evaluates to false. If the policy is always false, it * can never apply to any query, and so it can never affect an authorization decision. *
** WrongNumberArguments *
** The policy references an extension type with the wrong number of arguments. *
** FunctionArgumentValidationError *
** Cedar couldn't parse the argument passed to an extension type. For example, a string that is to be parsed * as an IPv4 address can contain only digits and the period character. *
** Retrieves the details about the specified identity source. *
* * @param getIdentitySourceRequest * @return Result of the GetIdentitySource operation returned by the service. * @throws ValidationException * The request failed because one or more input parameters don't satisfy their constraint requirements. The * output is provided as a list of fields and a reason for each field that isn't valid. ** The possible reasons include the following: *
** UnrecognizedEntityType *
** The policy includes an entity type that isn't found in the schema. *
** UnrecognizedActionId *
** The policy includes an action id that isn't found in the schema. *
** InvalidActionApplication *
** The policy includes an action that, according to the schema, doesn't support the specified principal and * resource. *
** UnexpectedType *
** The policy included an operand that isn't a valid type for the specified operation. *
** IncompatibleTypes *
*
* The types of elements included in a set, or the types of expressions used in an
* if...then...else clause aren't compatible in this context.
*
* MissingAttribute *
** The policy attempts to access a record or entity attribute that isn't specified in the schema. Test for * the existence of the attribute first before attempting to access its value. For more information, see the * has (presence * of attribute test) operator in the Cedar Policy Language Guide. *
** UnsafeOptionalAttributeAccess *
** The policy attempts to access a record or entity attribute that is optional and isn't guaranteed to be * present. Test for the existence of the attribute first before attempting to access its value. For more * information, see the has (presence of * attribute test) operator in the Cedar Policy Language Guide. *
** ImpossiblePolicy *
** Cedar has determined that a policy condition always evaluates to false. If the policy is always false, it * can never apply to any query, and so it can never affect an authorization decision. *
** WrongNumberArguments *
** The policy references an extension type with the wrong number of arguments. *
** FunctionArgumentValidationError *
** Cedar couldn't parse the argument passed to an extension type. For example, a string that is to be parsed * as an IPv4 address can contain only digits and the period character. *
** Retrieves information about the specified policy. *
* * @param getPolicyRequest * @return Result of the GetPolicy operation returned by the service. * @throws ValidationException * The request failed because one or more input parameters don't satisfy their constraint requirements. The * output is provided as a list of fields and a reason for each field that isn't valid. ** The possible reasons include the following: *
** UnrecognizedEntityType *
** The policy includes an entity type that isn't found in the schema. *
** UnrecognizedActionId *
** The policy includes an action id that isn't found in the schema. *
** InvalidActionApplication *
** The policy includes an action that, according to the schema, doesn't support the specified principal and * resource. *
** UnexpectedType *
** The policy included an operand that isn't a valid type for the specified operation. *
** IncompatibleTypes *
*
* The types of elements included in a set, or the types of expressions used in an
* if...then...else clause aren't compatible in this context.
*
* MissingAttribute *
** The policy attempts to access a record or entity attribute that isn't specified in the schema. Test for * the existence of the attribute first before attempting to access its value. For more information, see the * has (presence * of attribute test) operator in the Cedar Policy Language Guide. *
** UnsafeOptionalAttributeAccess *
** The policy attempts to access a record or entity attribute that is optional and isn't guaranteed to be * present. Test for the existence of the attribute first before attempting to access its value. For more * information, see the has (presence of * attribute test) operator in the Cedar Policy Language Guide. *
** ImpossiblePolicy *
** Cedar has determined that a policy condition always evaluates to false. If the policy is always false, it * can never apply to any query, and so it can never affect an authorization decision. *
** WrongNumberArguments *
** The policy references an extension type with the wrong number of arguments. *
** FunctionArgumentValidationError *
** Cedar couldn't parse the argument passed to an extension type. For example, a string that is to be parsed * as an IPv4 address can contain only digits and the period character. *
** Retrieves details about a policy store. *
* * @param getPolicyStoreRequest * @return Result of the GetPolicyStore operation returned by the service. * @throws ValidationException * The request failed because one or more input parameters don't satisfy their constraint requirements. The * output is provided as a list of fields and a reason for each field that isn't valid. ** The possible reasons include the following: *
** UnrecognizedEntityType *
** The policy includes an entity type that isn't found in the schema. *
** UnrecognizedActionId *
** The policy includes an action id that isn't found in the schema. *
** InvalidActionApplication *
** The policy includes an action that, according to the schema, doesn't support the specified principal and * resource. *
** UnexpectedType *
** The policy included an operand that isn't a valid type for the specified operation. *
** IncompatibleTypes *
*
* The types of elements included in a set, or the types of expressions used in an
* if...then...else clause aren't compatible in this context.
*
* MissingAttribute *
** The policy attempts to access a record or entity attribute that isn't specified in the schema. Test for * the existence of the attribute first before attempting to access its value. For more information, see the * has (presence * of attribute test) operator in the Cedar Policy Language Guide. *
** UnsafeOptionalAttributeAccess *
** The policy attempts to access a record or entity attribute that is optional and isn't guaranteed to be * present. Test for the existence of the attribute first before attempting to access its value. For more * information, see the has (presence of * attribute test) operator in the Cedar Policy Language Guide. *
** ImpossiblePolicy *
** Cedar has determined that a policy condition always evaluates to false. If the policy is always false, it * can never apply to any query, and so it can never affect an authorization decision. *
** WrongNumberArguments *
** The policy references an extension type with the wrong number of arguments. *
** FunctionArgumentValidationError *
** Cedar couldn't parse the argument passed to an extension type. For example, a string that is to be parsed * as an IPv4 address can contain only digits and the period character. *
** Retrieve the details for the specified policy template in the specified policy store. *
* * @param getPolicyTemplateRequest * @return Result of the GetPolicyTemplate operation returned by the service. * @throws ValidationException * The request failed because one or more input parameters don't satisfy their constraint requirements. The * output is provided as a list of fields and a reason for each field that isn't valid. ** The possible reasons include the following: *
** UnrecognizedEntityType *
** The policy includes an entity type that isn't found in the schema. *
** UnrecognizedActionId *
** The policy includes an action id that isn't found in the schema. *
** InvalidActionApplication *
** The policy includes an action that, according to the schema, doesn't support the specified principal and * resource. *
** UnexpectedType *
** The policy included an operand that isn't a valid type for the specified operation. *
** IncompatibleTypes *
*
* The types of elements included in a set, or the types of expressions used in an
* if...then...else clause aren't compatible in this context.
*
* MissingAttribute *
** The policy attempts to access a record or entity attribute that isn't specified in the schema. Test for * the existence of the attribute first before attempting to access its value. For more information, see the * has (presence * of attribute test) operator in the Cedar Policy Language Guide. *
** UnsafeOptionalAttributeAccess *
** The policy attempts to access a record or entity attribute that is optional and isn't guaranteed to be * present. Test for the existence of the attribute first before attempting to access its value. For more * information, see the has (presence of * attribute test) operator in the Cedar Policy Language Guide. *
** ImpossiblePolicy *
** Cedar has determined that a policy condition always evaluates to false. If the policy is always false, it * can never apply to any query, and so it can never affect an authorization decision. *
** WrongNumberArguments *
** The policy references an extension type with the wrong number of arguments. *
** FunctionArgumentValidationError *
** Cedar couldn't parse the argument passed to an extension type. For example, a string that is to be parsed * as an IPv4 address can contain only digits and the period character. *
** Retrieve the details for the specified schema in the specified policy store. *
* * @param getSchemaRequest * @return Result of the GetSchema operation returned by the service. * @throws ValidationException * The request failed because one or more input parameters don't satisfy their constraint requirements. The * output is provided as a list of fields and a reason for each field that isn't valid. ** The possible reasons include the following: *
** UnrecognizedEntityType *
** The policy includes an entity type that isn't found in the schema. *
** UnrecognizedActionId *
** The policy includes an action id that isn't found in the schema. *
** InvalidActionApplication *
** The policy includes an action that, according to the schema, doesn't support the specified principal and * resource. *
** UnexpectedType *
** The policy included an operand that isn't a valid type for the specified operation. *
** IncompatibleTypes *
*
* The types of elements included in a set, or the types of expressions used in an
* if...then...else clause aren't compatible in this context.
*
* MissingAttribute *
** The policy attempts to access a record or entity attribute that isn't specified in the schema. Test for * the existence of the attribute first before attempting to access its value. For more information, see the * has (presence * of attribute test) operator in the Cedar Policy Language Guide. *
** UnsafeOptionalAttributeAccess *
** The policy attempts to access a record or entity attribute that is optional and isn't guaranteed to be * present. Test for the existence of the attribute first before attempting to access its value. For more * information, see the has (presence of * attribute test) operator in the Cedar Policy Language Guide. *
** ImpossiblePolicy *
** Cedar has determined that a policy condition always evaluates to false. If the policy is always false, it * can never apply to any query, and so it can never affect an authorization decision. *
** WrongNumberArguments *
** The policy references an extension type with the wrong number of arguments. *
** FunctionArgumentValidationError *
** Cedar couldn't parse the argument passed to an extension type. For example, a string that is to be parsed * as an IPv4 address can contain only digits and the period character. *
*
* Makes an authorization decision about a service request described in the parameters. The information in the
* parameters can also define additional context that Verified Permissions can include in the evaluation. The
* request is evaluated against all matching policies in the specified policy store. The result of the decision is
* either Allow or Deny, along with a list of the policies that resulted in the decision.
*
* The possible reasons include the following: *
** UnrecognizedEntityType *
** The policy includes an entity type that isn't found in the schema. *
** UnrecognizedActionId *
** The policy includes an action id that isn't found in the schema. *
** InvalidActionApplication *
** The policy includes an action that, according to the schema, doesn't support the specified principal and * resource. *
** UnexpectedType *
** The policy included an operand that isn't a valid type for the specified operation. *
** IncompatibleTypes *
*
* The types of elements included in a set, or the types of expressions used in an
* if...then...else clause aren't compatible in this context.
*
* MissingAttribute *
** The policy attempts to access a record or entity attribute that isn't specified in the schema. Test for * the existence of the attribute first before attempting to access its value. For more information, see the * has (presence * of attribute test) operator in the Cedar Policy Language Guide. *
** UnsafeOptionalAttributeAccess *
** The policy attempts to access a record or entity attribute that is optional and isn't guaranteed to be * present. Test for the existence of the attribute first before attempting to access its value. For more * information, see the has (presence of * attribute test) operator in the Cedar Policy Language Guide. *
** ImpossiblePolicy *
** Cedar has determined that a policy condition always evaluates to false. If the policy is always false, it * can never apply to any query, and so it can never affect an authorization decision. *
** WrongNumberArguments *
** The policy references an extension type with the wrong number of arguments. *
** FunctionArgumentValidationError *
** Cedar couldn't parse the argument passed to an extension type. For example, a string that is to be parsed * as an IPv4 address can contain only digits and the period character. *
*
* Makes an authorization decision about a service request described in the parameters. The principal in this
* request comes from an external identity source. The information in the parameters can also define additional
* context that Verified Permissions can include in the evaluation. The request is evaluated against all matching
* policies in the specified policy store. The result of the decision is either Allow or
* Deny, along with a list of the policies that resulted in the decision.
*
* If you delete a Amazon Cognito user pool or user, tokens from that deleted pool or that deleted user continue to * be usable until they expire. *
** The possible reasons include the following: *
** UnrecognizedEntityType *
** The policy includes an entity type that isn't found in the schema. *
** UnrecognizedActionId *
** The policy includes an action id that isn't found in the schema. *
** InvalidActionApplication *
** The policy includes an action that, according to the schema, doesn't support the specified principal and * resource. *
** UnexpectedType *
** The policy included an operand that isn't a valid type for the specified operation. *
** IncompatibleTypes *
*
* The types of elements included in a set, or the types of expressions used in an
* if...then...else clause aren't compatible in this context.
*
* MissingAttribute *
** The policy attempts to access a record or entity attribute that isn't specified in the schema. Test for * the existence of the attribute first before attempting to access its value. For more information, see the * has (presence * of attribute test) operator in the Cedar Policy Language Guide. *
** UnsafeOptionalAttributeAccess *
** The policy attempts to access a record or entity attribute that is optional and isn't guaranteed to be * present. Test for the existence of the attribute first before attempting to access its value. For more * information, see the has (presence of * attribute test) operator in the Cedar Policy Language Guide. *
** ImpossiblePolicy *
** Cedar has determined that a policy condition always evaluates to false. If the policy is always false, it * can never apply to any query, and so it can never affect an authorization decision. *
** WrongNumberArguments *
** The policy references an extension type with the wrong number of arguments. *
** FunctionArgumentValidationError *
** Cedar couldn't parse the argument passed to an extension type. For example, a string that is to be parsed * as an IPv4 address can contain only digits and the period character. *
** Returns a paginated list of all of the identity sources defined in the specified policy store. *
* * @param listIdentitySourcesRequest * @return Result of the ListIdentitySources operation returned by the service. * @throws ValidationException * The request failed because one or more input parameters don't satisfy their constraint requirements. The * output is provided as a list of fields and a reason for each field that isn't valid. ** The possible reasons include the following: *
** UnrecognizedEntityType *
** The policy includes an entity type that isn't found in the schema. *
** UnrecognizedActionId *
** The policy includes an action id that isn't found in the schema. *
** InvalidActionApplication *
** The policy includes an action that, according to the schema, doesn't support the specified principal and * resource. *
** UnexpectedType *
** The policy included an operand that isn't a valid type for the specified operation. *
** IncompatibleTypes *
*
* The types of elements included in a set, or the types of expressions used in an
* if...then...else clause aren't compatible in this context.
*
* MissingAttribute *
** The policy attempts to access a record or entity attribute that isn't specified in the schema. Test for * the existence of the attribute first before attempting to access its value. For more information, see the * has (presence * of attribute test) operator in the Cedar Policy Language Guide. *
** UnsafeOptionalAttributeAccess *
** The policy attempts to access a record or entity attribute that is optional and isn't guaranteed to be * present. Test for the existence of the attribute first before attempting to access its value. For more * information, see the has (presence of * attribute test) operator in the Cedar Policy Language Guide. *
** ImpossiblePolicy *
** Cedar has determined that a policy condition always evaluates to false. If the policy is always false, it * can never apply to any query, and so it can never affect an authorization decision. *
** WrongNumberArguments *
** The policy references an extension type with the wrong number of arguments. *
** FunctionArgumentValidationError *
** Cedar couldn't parse the argument passed to an extension type. For example, a string that is to be parsed * as an IPv4 address can contain only digits and the period character. *
** Returns a paginated list of all policies stored in the specified policy store. *
* * @param listPoliciesRequest * @return Result of the ListPolicies operation returned by the service. * @throws ValidationException * The request failed because one or more input parameters don't satisfy their constraint requirements. The * output is provided as a list of fields and a reason for each field that isn't valid. ** The possible reasons include the following: *
** UnrecognizedEntityType *
** The policy includes an entity type that isn't found in the schema. *
** UnrecognizedActionId *
** The policy includes an action id that isn't found in the schema. *
** InvalidActionApplication *
** The policy includes an action that, according to the schema, doesn't support the specified principal and * resource. *
** UnexpectedType *
** The policy included an operand that isn't a valid type for the specified operation. *
** IncompatibleTypes *
*
* The types of elements included in a set, or the types of expressions used in an
* if...then...else clause aren't compatible in this context.
*
* MissingAttribute *
** The policy attempts to access a record or entity attribute that isn't specified in the schema. Test for * the existence of the attribute first before attempting to access its value. For more information, see the * has (presence * of attribute test) operator in the Cedar Policy Language Guide. *
** UnsafeOptionalAttributeAccess *
** The policy attempts to access a record or entity attribute that is optional and isn't guaranteed to be * present. Test for the existence of the attribute first before attempting to access its value. For more * information, see the has (presence of * attribute test) operator in the Cedar Policy Language Guide. *
** ImpossiblePolicy *
** Cedar has determined that a policy condition always evaluates to false. If the policy is always false, it * can never apply to any query, and so it can never affect an authorization decision. *
** WrongNumberArguments *
** The policy references an extension type with the wrong number of arguments. *
** FunctionArgumentValidationError *
** Cedar couldn't parse the argument passed to an extension type. For example, a string that is to be parsed * as an IPv4 address can contain only digits and the period character. *
** Returns a paginated list of all policy stores in the calling Amazon Web Services account. *
* * @param listPolicyStoresRequest * @return Result of the ListPolicyStores operation returned by the service. * @throws ValidationException * The request failed because one or more input parameters don't satisfy their constraint requirements. The * output is provided as a list of fields and a reason for each field that isn't valid. ** The possible reasons include the following: *
** UnrecognizedEntityType *
** The policy includes an entity type that isn't found in the schema. *
** UnrecognizedActionId *
** The policy includes an action id that isn't found in the schema. *
** InvalidActionApplication *
** The policy includes an action that, according to the schema, doesn't support the specified principal and * resource. *
** UnexpectedType *
** The policy included an operand that isn't a valid type for the specified operation. *
** IncompatibleTypes *
*
* The types of elements included in a set, or the types of expressions used in an
* if...then...else clause aren't compatible in this context.
*
* MissingAttribute *
** The policy attempts to access a record or entity attribute that isn't specified in the schema. Test for * the existence of the attribute first before attempting to access its value. For more information, see the * has (presence * of attribute test) operator in the Cedar Policy Language Guide. *
** UnsafeOptionalAttributeAccess *
** The policy attempts to access a record or entity attribute that is optional and isn't guaranteed to be * present. Test for the existence of the attribute first before attempting to access its value. For more * information, see the has (presence of * attribute test) operator in the Cedar Policy Language Guide. *
** ImpossiblePolicy *
** Cedar has determined that a policy condition always evaluates to false. If the policy is always false, it * can never apply to any query, and so it can never affect an authorization decision. *
** WrongNumberArguments *
** The policy references an extension type with the wrong number of arguments. *
** FunctionArgumentValidationError *
** Cedar couldn't parse the argument passed to an extension type. For example, a string that is to be parsed * as an IPv4 address can contain only digits and the period character. *
** Returns a paginated list of all policy templates in the specified policy store. *
* * @param listPolicyTemplatesRequest * @return Result of the ListPolicyTemplates operation returned by the service. * @throws ValidationException * The request failed because one or more input parameters don't satisfy their constraint requirements. The * output is provided as a list of fields and a reason for each field that isn't valid. ** The possible reasons include the following: *
** UnrecognizedEntityType *
** The policy includes an entity type that isn't found in the schema. *
** UnrecognizedActionId *
** The policy includes an action id that isn't found in the schema. *
** InvalidActionApplication *
** The policy includes an action that, according to the schema, doesn't support the specified principal and * resource. *
** UnexpectedType *
** The policy included an operand that isn't a valid type for the specified operation. *
** IncompatibleTypes *
*
* The types of elements included in a set, or the types of expressions used in an
* if...then...else clause aren't compatible in this context.
*
* MissingAttribute *
** The policy attempts to access a record or entity attribute that isn't specified in the schema. Test for * the existence of the attribute first before attempting to access its value. For more information, see the * has (presence * of attribute test) operator in the Cedar Policy Language Guide. *
** UnsafeOptionalAttributeAccess *
** The policy attempts to access a record or entity attribute that is optional and isn't guaranteed to be * present. Test for the existence of the attribute first before attempting to access its value. For more * information, see the has (presence of * attribute test) operator in the Cedar Policy Language Guide. *
** ImpossiblePolicy *
** Cedar has determined that a policy condition always evaluates to false. If the policy is always false, it * can never apply to any query, and so it can never affect an authorization decision. *
** WrongNumberArguments *
** The policy references an extension type with the wrong number of arguments. *
** FunctionArgumentValidationError *
** Cedar couldn't parse the argument passed to an extension type. For example, a string that is to be parsed * as an IPv4 address can contain only digits and the period character. *
** Creates or updates the policy schema in the specified policy store. The schema is used to validate any Cedar * policies and policy templates submitted to the policy store. Any changes to the schema validate only policies and * templates submitted after the schema change. Existing policies and templates are not re-evaluated against the * changed schema. If you later update a policy, then it is evaluated against the new schema at that time. *
* * @param putSchemaRequest * @return Result of the PutSchema operation returned by the service. * @throws ValidationException * The request failed because one or more input parameters don't satisfy their constraint requirements. The * output is provided as a list of fields and a reason for each field that isn't valid. ** The possible reasons include the following: *
** UnrecognizedEntityType *
** The policy includes an entity type that isn't found in the schema. *
** UnrecognizedActionId *
** The policy includes an action id that isn't found in the schema. *
** InvalidActionApplication *
** The policy includes an action that, according to the schema, doesn't support the specified principal and * resource. *
** UnexpectedType *
** The policy included an operand that isn't a valid type for the specified operation. *
** IncompatibleTypes *
*
* The types of elements included in a set, or the types of expressions used in an
* if...then...else clause aren't compatible in this context.
*
* MissingAttribute *
** The policy attempts to access a record or entity attribute that isn't specified in the schema. Test for * the existence of the attribute first before attempting to access its value. For more information, see the * has (presence * of attribute test) operator in the Cedar Policy Language Guide. *
** UnsafeOptionalAttributeAccess *
** The policy attempts to access a record or entity attribute that is optional and isn't guaranteed to be * present. Test for the existence of the attribute first before attempting to access its value. For more * information, see the has (presence of * attribute test) operator in the Cedar Policy Language Guide. *
** ImpossiblePolicy *
** Cedar has determined that a policy condition always evaluates to false. If the policy is always false, it * can never apply to any query, and so it can never affect an authorization decision. *
** WrongNumberArguments *
** The policy references an extension type with the wrong number of arguments. *
** FunctionArgumentValidationError *
** Cedar couldn't parse the argument passed to an extension type. For example, a string that is to be parsed * as an IPv4 address can contain only digits and the period character. *
** Updates the specified identity source to use a new identity provider (IdP) source, or to change the mapping of * identities from the IdP to a different principal entity type. *
* * @param updateIdentitySourceRequest * @return Result of the UpdateIdentitySource operation returned by the service. * @throws ValidationException * The request failed because one or more input parameters don't satisfy their constraint requirements. The * output is provided as a list of fields and a reason for each field that isn't valid. ** The possible reasons include the following: *
** UnrecognizedEntityType *
** The policy includes an entity type that isn't found in the schema. *
** UnrecognizedActionId *
** The policy includes an action id that isn't found in the schema. *
** InvalidActionApplication *
** The policy includes an action that, according to the schema, doesn't support the specified principal and * resource. *
** UnexpectedType *
** The policy included an operand that isn't a valid type for the specified operation. *
** IncompatibleTypes *
*
* The types of elements included in a set, or the types of expressions used in an
* if...then...else clause aren't compatible in this context.
*
* MissingAttribute *
** The policy attempts to access a record or entity attribute that isn't specified in the schema. Test for * the existence of the attribute first before attempting to access its value. For more information, see the * has (presence * of attribute test) operator in the Cedar Policy Language Guide. *
** UnsafeOptionalAttributeAccess *
** The policy attempts to access a record or entity attribute that is optional and isn't guaranteed to be * present. Test for the existence of the attribute first before attempting to access its value. For more * information, see the has (presence of * attribute test) operator in the Cedar Policy Language Guide. *
** ImpossiblePolicy *
** Cedar has determined that a policy condition always evaluates to false. If the policy is always false, it * can never apply to any query, and so it can never affect an authorization decision. *
** WrongNumberArguments *
** The policy references an extension type with the wrong number of arguments. *
** FunctionArgumentValidationError *
** Cedar couldn't parse the argument passed to an extension type. For example, a string that is to be parsed * as an IPv4 address can contain only digits and the period character. *
** Modifies a Cedar static policy in the specified policy store. You can change only certain elements of the UpdatePolicyDefinition parameter. You can directly update only static policies. To change a template-linked * policy, you must update the template instead, using UpdatePolicyTemplate. *
** If policy validation is enabled in the policy store, then updating a static policy causes Verified Permissions to * validate the policy against the schema in the policy store. If the updated static policy doesn't pass validation, * the operation fails and the update isn't stored. *
** The possible reasons include the following: *
** UnrecognizedEntityType *
** The policy includes an entity type that isn't found in the schema. *
** UnrecognizedActionId *
** The policy includes an action id that isn't found in the schema. *
** InvalidActionApplication *
** The policy includes an action that, according to the schema, doesn't support the specified principal and * resource. *
** UnexpectedType *
** The policy included an operand that isn't a valid type for the specified operation. *
** IncompatibleTypes *
*
* The types of elements included in a set, or the types of expressions used in an
* if...then...else clause aren't compatible in this context.
*
* MissingAttribute *
** The policy attempts to access a record or entity attribute that isn't specified in the schema. Test for * the existence of the attribute first before attempting to access its value. For more information, see the * has (presence * of attribute test) operator in the Cedar Policy Language Guide. *
** UnsafeOptionalAttributeAccess *
** The policy attempts to access a record or entity attribute that is optional and isn't guaranteed to be * present. Test for the existence of the attribute first before attempting to access its value. For more * information, see the has (presence of * attribute test) operator in the Cedar Policy Language Guide. *
** ImpossiblePolicy *
** Cedar has determined that a policy condition always evaluates to false. If the policy is always false, it * can never apply to any query, and so it can never affect an authorization decision. *
** WrongNumberArguments *
** The policy references an extension type with the wrong number of arguments. *
** FunctionArgumentValidationError *
** Cedar couldn't parse the argument passed to an extension type. For example, a string that is to be parsed * as an IPv4 address can contain only digits and the period character. *
** Modifies the validation setting for a policy store. *
* * @param updatePolicyStoreRequest * @return Result of the UpdatePolicyStore operation returned by the service. * @throws ValidationException * The request failed because one or more input parameters don't satisfy their constraint requirements. The * output is provided as a list of fields and a reason for each field that isn't valid. ** The possible reasons include the following: *
** UnrecognizedEntityType *
** The policy includes an entity type that isn't found in the schema. *
** UnrecognizedActionId *
** The policy includes an action id that isn't found in the schema. *
** InvalidActionApplication *
** The policy includes an action that, according to the schema, doesn't support the specified principal and * resource. *
** UnexpectedType *
** The policy included an operand that isn't a valid type for the specified operation. *
** IncompatibleTypes *
*
* The types of elements included in a set, or the types of expressions used in an
* if...then...else clause aren't compatible in this context.
*
* MissingAttribute *
** The policy attempts to access a record or entity attribute that isn't specified in the schema. Test for * the existence of the attribute first before attempting to access its value. For more information, see the * has (presence * of attribute test) operator in the Cedar Policy Language Guide. *
** UnsafeOptionalAttributeAccess *
** The policy attempts to access a record or entity attribute that is optional and isn't guaranteed to be * present. Test for the existence of the attribute first before attempting to access its value. For more * information, see the has (presence of * attribute test) operator in the Cedar Policy Language Guide. *
** ImpossiblePolicy *
** Cedar has determined that a policy condition always evaluates to false. If the policy is always false, it * can never apply to any query, and so it can never affect an authorization decision. *
** WrongNumberArguments *
** The policy references an extension type with the wrong number of arguments. *
** FunctionArgumentValidationError *
** Cedar couldn't parse the argument passed to an extension type. For example, a string that is to be parsed * as an IPv4 address can contain only digits and the period character. *
** Updates the specified policy template. You can update only the description and the some elements of the policyBody. *
** Changes you make to the policy template content are immediately reflected in authorization decisions that involve * all template-linked policies instantiated from this template. *
** The possible reasons include the following: *
** UnrecognizedEntityType *
** The policy includes an entity type that isn't found in the schema. *
** UnrecognizedActionId *
** The policy includes an action id that isn't found in the schema. *
** InvalidActionApplication *
** The policy includes an action that, according to the schema, doesn't support the specified principal and * resource. *
** UnexpectedType *
** The policy included an operand that isn't a valid type for the specified operation. *
** IncompatibleTypes *
*
* The types of elements included in a set, or the types of expressions used in an
* if...then...else clause aren't compatible in this context.
*
* MissingAttribute *
** The policy attempts to access a record or entity attribute that isn't specified in the schema. Test for * the existence of the attribute first before attempting to access its value. For more information, see the * has (presence * of attribute test) operator in the Cedar Policy Language Guide. *
** UnsafeOptionalAttributeAccess *
** The policy attempts to access a record or entity attribute that is optional and isn't guaranteed to be * present. Test for the existence of the attribute first before attempting to access its value. For more * information, see the has (presence of * attribute test) operator in the Cedar Policy Language Guide. *
** ImpossiblePolicy *
** Cedar has determined that a policy condition always evaluates to false. If the policy is always false, it * can never apply to any query, and so it can never affect an authorization decision. *
** WrongNumberArguments *
** The policy references an extension type with the wrong number of arguments. *
** FunctionArgumentValidationError *
** Cedar couldn't parse the argument passed to an extension type. For example, a string that is to be parsed * as an IPv4 address can contain only digits and the period character. *
** Response metadata is only cached for a limited period of time, so if you need to access this extra diagnostic * information for an executed request, you should use this method to retrieve it as soon as possible after * executing a request. * * @param request * The originally executed request. * * @return The response metadata for the specified request, or null if none is available. */ ResponseMetadata getCachedResponseMetadata(AmazonWebServiceRequest request); }