* Note: Do not directly implement this interface, new methods are added to it regularly. Extend from * {@link com.amazonaws.services.verifiedpermissions.AbstractAmazonVerifiedPermissionsAsync} instead. *
**
* Amazon Verified Permissions is a permissions management service from Amazon Web Services. You can use Verified * Permissions to manage permissions for your application, and authorize user access based on those permissions. Using * Verified Permissions, application developers can grant access based on information about the users, resources, and * requested actions. You can also evaluate additional information like group membership, attributes of the resources, * and session context, such as time of request and IP addresses. Verified Permissions manages these permissions by * letting you create and store authorization policies for your applications, such as consumer-facing web sites and * enterprise business systems. *
** Verified Permissions uses Cedar as the policy language to express your permission requirements. Cedar supports both * role-based access control (RBAC) and attribute-based access control (ABAC) authorization models. *
** For more information about configuring, administering, and using Amazon Verified Permissions in your applications, * see the Amazon Verified Permissions User * Guide. *
** For more information about the Cedar policy language, see the Cedar Policy * Language Guide. *
** When you write Cedar policies that reference principals, resources and actions, you can define the unique identifiers * used for each of those elements. We strongly recommend that you follow these best practices: *
** Use values like universally unique identifiers (UUIDs) for all principal and resource identifiers. *
*
* For example, if user jane leaves the company, and you later let someone else use the name
* jane, then that new user automatically gets access to everything granted by policies that still
* reference User::"jane". Cedar can’t distinguish between the new user and the old. This applies to both
* principal and resource identifiers. Always use identifiers that are guaranteed unique and never reused to ensure that
* you don’t unintentionally grant access because of the presence of an old identifier in a policy.
*
* Where you use a UUID for an entity, we recommend that you follow it with the // comment specifier and the ‘friendly’ * name of your entity. This helps to make your policies easier to understand. For example: principal == * User::"a1b2c3d4-e5f6-a1b2-c3d4-EXAMPLE11111", // alice *
** Do not include personally identifying, confidential, or sensitive information as part of the unique identifier for * your principals or resources. These identifiers are included in log entries shared in CloudTrail trails. *
** Several operations return structures that appear similar, but have different purposes. As new functionality is added * to the product, the structure used in a parameter of one operation might need to change in a way that wouldn't make * sense for the same parameter in a different operation. To help you understand the purpose of each, the following * naming convention is used for the structures: *
*
* Parameter type structures that end in Detail are used in Get operations.
*
* Parameter type structures that end in Item are used in List operations.
*
* Parameter type structures that use neither suffix are used in the mutating (create and update) operations. *
** Creates a reference to an Amazon Cognito user pool as an external identity provider (IdP). *
** After you create an identity source, you can use the identities provided by the IdP as proxies for the principal * in authorization queries that use the IsAuthorizedWithToken operation. These identities take the form of tokens that contain claims about the * user, such as IDs, attributes and group memberships. Amazon Cognito provides both identity tokens and access * tokens, and Verified Permissions can use either or both. Any combination of identity and access tokens results in * the same Cedar principal. Verified Permissions automatically translates the information about the identities into * the standard Cedar attributes that can be evaluated by your policies. Because the Amazon Cognito identity and * access tokens can contain different information, the tokens you choose to use determine which principal * attributes are available to access when evaluating Cedar policies. *
** If you delete a Amazon Cognito user pool or user, tokens from that deleted pool or that deleted user continue to * be usable until they expire. *
** To reference a user from this identity source in your Cedar policies, use the following syntax. *
** IdentityType::"<CognitoUserPoolIdentifier>|<CognitoClientId> *
*
* Where IdentityType is the string that you provide to the PrincipalEntityType parameter
* for this operation. The CognitoUserPoolId and CognitoClientId are defined by the Amazon
* Cognito user pool.
*
* Creates a reference to an Amazon Cognito user pool as an external identity provider (IdP). *
** After you create an identity source, you can use the identities provided by the IdP as proxies for the principal * in authorization queries that use the IsAuthorizedWithToken operation. These identities take the form of tokens that contain claims about the * user, such as IDs, attributes and group memberships. Amazon Cognito provides both identity tokens and access * tokens, and Verified Permissions can use either or both. Any combination of identity and access tokens results in * the same Cedar principal. Verified Permissions automatically translates the information about the identities into * the standard Cedar attributes that can be evaluated by your policies. Because the Amazon Cognito identity and * access tokens can contain different information, the tokens you choose to use determine which principal * attributes are available to access when evaluating Cedar policies. *
** If you delete a Amazon Cognito user pool or user, tokens from that deleted pool or that deleted user continue to * be usable until they expire. *
** To reference a user from this identity source in your Cedar policies, use the following syntax. *
** IdentityType::"<CognitoUserPoolIdentifier>|<CognitoClientId> *
*
* Where IdentityType is the string that you provide to the PrincipalEntityType parameter
* for this operation. The CognitoUserPoolId and CognitoClientId are defined by the Amazon
* Cognito user pool.
*
* Creates a Cedar policy and saves it in the specified policy store. You can create either a static policy or a * policy linked to a policy template. *
*
* To create a static policy, provide the Cedar policy text in the StaticPolicy section of the
* PolicyDefinition.
*
* To create a policy that is dynamically linked to a policy template, specify the policy template ID and the
* principal and resource to associate with this policy in the templateLinked section of the
* PolicyDefinition. If the policy template is ever updated, any policies linked to the policy template
* automatically use the updated template.
*
* Creating a policy causes it to be validated against the schema in the policy store. If the policy doesn't pass * validation, the operation fails and the policy isn't stored. *
** Creates a Cedar policy and saves it in the specified policy store. You can create either a static policy or a * policy linked to a policy template. *
*
* To create a static policy, provide the Cedar policy text in the StaticPolicy section of the
* PolicyDefinition.
*
* To create a policy that is dynamically linked to a policy template, specify the policy template ID and the
* principal and resource to associate with this policy in the templateLinked section of the
* PolicyDefinition. If the policy template is ever updated, any policies linked to the policy template
* automatically use the updated template.
*
* Creating a policy causes it to be validated against the schema in the policy store. If the policy doesn't pass * validation, the operation fails and the policy isn't stored. *
** Creates a policy store. A policy store is a container for policy resources. *
** Although Cedar supports multiple namespaces, * Verified Permissions currently supports only one namespace per policy store. *
** Creates a policy store. A policy store is a container for policy resources. *
** Although Cedar supports multiple namespaces, * Verified Permissions currently supports only one namespace per policy store. *
** Creates a policy template. A template can use placeholders for the principal and resource. A template must be * instantiated into a policy by associating it with specific principals and resources to use for the placeholders. * That instantiated policy can then be considered in authorization decisions. The instantiated policy works * identically to any other policy, except that it is dynamically linked to the template. If the template changes, * then any policies that are linked to that template are immediately updated as well. *
* * @param createPolicyTemplateRequest * @return A Java Future containing the result of the CreatePolicyTemplate operation returned by the service. * @sample AmazonVerifiedPermissionsAsync.CreatePolicyTemplate * @see AWS API Documentation */ java.util.concurrent.Future* Creates a policy template. A template can use placeholders for the principal and resource. A template must be * instantiated into a policy by associating it with specific principals and resources to use for the placeholders. * That instantiated policy can then be considered in authorization decisions. The instantiated policy works * identically to any other policy, except that it is dynamically linked to the template. If the template changes, * then any policies that are linked to that template are immediately updated as well. *
* * @param createPolicyTemplateRequest * @param asyncHandler * Asynchronous callback handler for events in the lifecycle of the request. Users can provide an * implementation of the callback methods in this interface to receive notification of successful or * unsuccessful completion of the operation. * @return A Java Future containing the result of the CreatePolicyTemplate operation returned by the service. * @sample AmazonVerifiedPermissionsAsyncHandler.CreatePolicyTemplate * @see AWS API Documentation */ java.util.concurrent.Future* Deletes an identity source that references an identity provider (IdP) such as Amazon Cognito. After you delete * the identity source, you can no longer use tokens for identities from that identity source to represent * principals in authorization queries made using IsAuthorizedWithToken. operations. *
* * @param deleteIdentitySourceRequest * @return A Java Future containing the result of the DeleteIdentitySource operation returned by the service. * @sample AmazonVerifiedPermissionsAsync.DeleteIdentitySource * @see AWS API Documentation */ java.util.concurrent.Future* Deletes an identity source that references an identity provider (IdP) such as Amazon Cognito. After you delete * the identity source, you can no longer use tokens for identities from that identity source to represent * principals in authorization queries made using IsAuthorizedWithToken. operations. *
* * @param deleteIdentitySourceRequest * @param asyncHandler * Asynchronous callback handler for events in the lifecycle of the request. Users can provide an * implementation of the callback methods in this interface to receive notification of successful or * unsuccessful completion of the operation. * @return A Java Future containing the result of the DeleteIdentitySource operation returned by the service. * @sample AmazonVerifiedPermissionsAsyncHandler.DeleteIdentitySource * @see AWS API Documentation */ java.util.concurrent.Future* Deletes the specified policy from the policy store. *
*
* This operation is idempotent; if you specify a policy that doesn't exist, the request response returns a
* successful HTTP 200 status code.
*
* Deletes the specified policy from the policy store. *
*
* This operation is idempotent; if you specify a policy that doesn't exist, the request response returns a
* successful HTTP 200 status code.
*
* Deletes the specified policy store. *
** This operation is idempotent. If you specify a policy store that does not exist, the request response will still * return a successful HTTP 200 status code. *
* * @param deletePolicyStoreRequest * @return A Java Future containing the result of the DeletePolicyStore operation returned by the service. * @sample AmazonVerifiedPermissionsAsync.DeletePolicyStore * @see AWS API Documentation */ java.util.concurrent.Future* Deletes the specified policy store. *
** This operation is idempotent. If you specify a policy store that does not exist, the request response will still * return a successful HTTP 200 status code. *
* * @param deletePolicyStoreRequest * @param asyncHandler * Asynchronous callback handler for events in the lifecycle of the request. Users can provide an * implementation of the callback methods in this interface to receive notification of successful or * unsuccessful completion of the operation. * @return A Java Future containing the result of the DeletePolicyStore operation returned by the service. * @sample AmazonVerifiedPermissionsAsyncHandler.DeletePolicyStore * @see AWS API Documentation */ java.util.concurrent.Future* Deletes the specified policy template from the policy store. *
** This operation also deletes any policies that were created from the specified policy template. Those policies are * immediately removed from all future API responses, and are asynchronously deleted from the policy store. *
** Deletes the specified policy template from the policy store. *
** This operation also deletes any policies that were created from the specified policy template. Those policies are * immediately removed from all future API responses, and are asynchronously deleted from the policy store. *
** Retrieves the details about the specified identity source. *
* * @param getIdentitySourceRequest * @return A Java Future containing the result of the GetIdentitySource operation returned by the service. * @sample AmazonVerifiedPermissionsAsync.GetIdentitySource * @see AWS API Documentation */ java.util.concurrent.Future* Retrieves the details about the specified identity source. *
* * @param getIdentitySourceRequest * @param asyncHandler * Asynchronous callback handler for events in the lifecycle of the request. Users can provide an * implementation of the callback methods in this interface to receive notification of successful or * unsuccessful completion of the operation. * @return A Java Future containing the result of the GetIdentitySource operation returned by the service. * @sample AmazonVerifiedPermissionsAsyncHandler.GetIdentitySource * @see AWS API Documentation */ java.util.concurrent.Future* Retrieves information about the specified policy. *
* * @param getPolicyRequest * @return A Java Future containing the result of the GetPolicy operation returned by the service. * @sample AmazonVerifiedPermissionsAsync.GetPolicy * @see AWS * API Documentation */ java.util.concurrent.Future* Retrieves information about the specified policy. *
* * @param getPolicyRequest * @param asyncHandler * Asynchronous callback handler for events in the lifecycle of the request. Users can provide an * implementation of the callback methods in this interface to receive notification of successful or * unsuccessful completion of the operation. * @return A Java Future containing the result of the GetPolicy operation returned by the service. * @sample AmazonVerifiedPermissionsAsyncHandler.GetPolicy * @see AWS * API Documentation */ java.util.concurrent.Future* Retrieves details about a policy store. *
* * @param getPolicyStoreRequest * @return A Java Future containing the result of the GetPolicyStore operation returned by the service. * @sample AmazonVerifiedPermissionsAsync.GetPolicyStore * @see AWS API Documentation */ java.util.concurrent.Future* Retrieves details about a policy store. *
* * @param getPolicyStoreRequest * @param asyncHandler * Asynchronous callback handler for events in the lifecycle of the request. Users can provide an * implementation of the callback methods in this interface to receive notification of successful or * unsuccessful completion of the operation. * @return A Java Future containing the result of the GetPolicyStore operation returned by the service. * @sample AmazonVerifiedPermissionsAsyncHandler.GetPolicyStore * @see AWS API Documentation */ java.util.concurrent.Future* Retrieve the details for the specified policy template in the specified policy store. *
* * @param getPolicyTemplateRequest * @return A Java Future containing the result of the GetPolicyTemplate operation returned by the service. * @sample AmazonVerifiedPermissionsAsync.GetPolicyTemplate * @see AWS API Documentation */ java.util.concurrent.Future* Retrieve the details for the specified policy template in the specified policy store. *
* * @param getPolicyTemplateRequest * @param asyncHandler * Asynchronous callback handler for events in the lifecycle of the request. Users can provide an * implementation of the callback methods in this interface to receive notification of successful or * unsuccessful completion of the operation. * @return A Java Future containing the result of the GetPolicyTemplate operation returned by the service. * @sample AmazonVerifiedPermissionsAsyncHandler.GetPolicyTemplate * @see AWS API Documentation */ java.util.concurrent.Future* Retrieve the details for the specified schema in the specified policy store. *
* * @param getSchemaRequest * @return A Java Future containing the result of the GetSchema operation returned by the service. * @sample AmazonVerifiedPermissionsAsync.GetSchema * @see AWS * API Documentation */ java.util.concurrent.Future* Retrieve the details for the specified schema in the specified policy store. *
* * @param getSchemaRequest * @param asyncHandler * Asynchronous callback handler for events in the lifecycle of the request. Users can provide an * implementation of the callback methods in this interface to receive notification of successful or * unsuccessful completion of the operation. * @return A Java Future containing the result of the GetSchema operation returned by the service. * @sample AmazonVerifiedPermissionsAsyncHandler.GetSchema * @see AWS * API Documentation */ java.util.concurrent.Future
* Makes an authorization decision about a service request described in the parameters. The information in the
* parameters can also define additional context that Verified Permissions can include in the evaluation. The
* request is evaluated against all matching policies in the specified policy store. The result of the decision is
* either Allow or Deny, along with a list of the policies that resulted in the decision.
*
* Makes an authorization decision about a service request described in the parameters. The information in the
* parameters can also define additional context that Verified Permissions can include in the evaluation. The
* request is evaluated against all matching policies in the specified policy store. The result of the decision is
* either Allow or Deny, along with a list of the policies that resulted in the decision.
*
* Makes an authorization decision about a service request described in the parameters. The principal in this
* request comes from an external identity source. The information in the parameters can also define additional
* context that Verified Permissions can include in the evaluation. The request is evaluated against all matching
* policies in the specified policy store. The result of the decision is either Allow or
* Deny, along with a list of the policies that resulted in the decision.
*
* If you delete a Amazon Cognito user pool or user, tokens from that deleted pool or that deleted user continue to * be usable until they expire. *
*
* Makes an authorization decision about a service request described in the parameters. The principal in this
* request comes from an external identity source. The information in the parameters can also define additional
* context that Verified Permissions can include in the evaluation. The request is evaluated against all matching
* policies in the specified policy store. The result of the decision is either Allow or
* Deny, along with a list of the policies that resulted in the decision.
*
* If you delete a Amazon Cognito user pool or user, tokens from that deleted pool or that deleted user continue to * be usable until they expire. *
** Returns a paginated list of all of the identity sources defined in the specified policy store. *
* * @param listIdentitySourcesRequest * @return A Java Future containing the result of the ListIdentitySources operation returned by the service. * @sample AmazonVerifiedPermissionsAsync.ListIdentitySources * @see AWS API Documentation */ java.util.concurrent.Future* Returns a paginated list of all of the identity sources defined in the specified policy store. *
* * @param listIdentitySourcesRequest * @param asyncHandler * Asynchronous callback handler for events in the lifecycle of the request. Users can provide an * implementation of the callback methods in this interface to receive notification of successful or * unsuccessful completion of the operation. * @return A Java Future containing the result of the ListIdentitySources operation returned by the service. * @sample AmazonVerifiedPermissionsAsyncHandler.ListIdentitySources * @see AWS API Documentation */ java.util.concurrent.Future* Returns a paginated list of all policies stored in the specified policy store. *
* * @param listPoliciesRequest * @return A Java Future containing the result of the ListPolicies operation returned by the service. * @sample AmazonVerifiedPermissionsAsync.ListPolicies * @see AWS API Documentation */ java.util.concurrent.Future* Returns a paginated list of all policies stored in the specified policy store. *
* * @param listPoliciesRequest * @param asyncHandler * Asynchronous callback handler for events in the lifecycle of the request. Users can provide an * implementation of the callback methods in this interface to receive notification of successful or * unsuccessful completion of the operation. * @return A Java Future containing the result of the ListPolicies operation returned by the service. * @sample AmazonVerifiedPermissionsAsyncHandler.ListPolicies * @see AWS API Documentation */ java.util.concurrent.Future* Returns a paginated list of all policy stores in the calling Amazon Web Services account. *
* * @param listPolicyStoresRequest * @return A Java Future containing the result of the ListPolicyStores operation returned by the service. * @sample AmazonVerifiedPermissionsAsync.ListPolicyStores * @see AWS API Documentation */ java.util.concurrent.Future* Returns a paginated list of all policy stores in the calling Amazon Web Services account. *
* * @param listPolicyStoresRequest * @param asyncHandler * Asynchronous callback handler for events in the lifecycle of the request. Users can provide an * implementation of the callback methods in this interface to receive notification of successful or * unsuccessful completion of the operation. * @return A Java Future containing the result of the ListPolicyStores operation returned by the service. * @sample AmazonVerifiedPermissionsAsyncHandler.ListPolicyStores * @see AWS API Documentation */ java.util.concurrent.Future* Returns a paginated list of all policy templates in the specified policy store. *
* * @param listPolicyTemplatesRequest * @return A Java Future containing the result of the ListPolicyTemplates operation returned by the service. * @sample AmazonVerifiedPermissionsAsync.ListPolicyTemplates * @see AWS API Documentation */ java.util.concurrent.Future* Returns a paginated list of all policy templates in the specified policy store. *
* * @param listPolicyTemplatesRequest * @param asyncHandler * Asynchronous callback handler for events in the lifecycle of the request. Users can provide an * implementation of the callback methods in this interface to receive notification of successful or * unsuccessful completion of the operation. * @return A Java Future containing the result of the ListPolicyTemplates operation returned by the service. * @sample AmazonVerifiedPermissionsAsyncHandler.ListPolicyTemplates * @see AWS API Documentation */ java.util.concurrent.Future* Creates or updates the policy schema in the specified policy store. The schema is used to validate any Cedar * policies and policy templates submitted to the policy store. Any changes to the schema validate only policies and * templates submitted after the schema change. Existing policies and templates are not re-evaluated against the * changed schema. If you later update a policy, then it is evaluated against the new schema at that time. *
* * @param putSchemaRequest * @return A Java Future containing the result of the PutSchema operation returned by the service. * @sample AmazonVerifiedPermissionsAsync.PutSchema * @see AWS * API Documentation */ java.util.concurrent.Future* Creates or updates the policy schema in the specified policy store. The schema is used to validate any Cedar * policies and policy templates submitted to the policy store. Any changes to the schema validate only policies and * templates submitted after the schema change. Existing policies and templates are not re-evaluated against the * changed schema. If you later update a policy, then it is evaluated against the new schema at that time. *
* * @param putSchemaRequest * @param asyncHandler * Asynchronous callback handler for events in the lifecycle of the request. Users can provide an * implementation of the callback methods in this interface to receive notification of successful or * unsuccessful completion of the operation. * @return A Java Future containing the result of the PutSchema operation returned by the service. * @sample AmazonVerifiedPermissionsAsyncHandler.PutSchema * @see AWS * API Documentation */ java.util.concurrent.Future* Updates the specified identity source to use a new identity provider (IdP) source, or to change the mapping of * identities from the IdP to a different principal entity type. *
* * @param updateIdentitySourceRequest * @return A Java Future containing the result of the UpdateIdentitySource operation returned by the service. * @sample AmazonVerifiedPermissionsAsync.UpdateIdentitySource * @see AWS API Documentation */ java.util.concurrent.Future* Updates the specified identity source to use a new identity provider (IdP) source, or to change the mapping of * identities from the IdP to a different principal entity type. *
* * @param updateIdentitySourceRequest * @param asyncHandler * Asynchronous callback handler for events in the lifecycle of the request. Users can provide an * implementation of the callback methods in this interface to receive notification of successful or * unsuccessful completion of the operation. * @return A Java Future containing the result of the UpdateIdentitySource operation returned by the service. * @sample AmazonVerifiedPermissionsAsyncHandler.UpdateIdentitySource * @see AWS API Documentation */ java.util.concurrent.Future* Modifies a Cedar static policy in the specified policy store. You can change only certain elements of the UpdatePolicyDefinition parameter. You can directly update only static policies. To change a template-linked * policy, you must update the template instead, using UpdatePolicyTemplate. *
** If policy validation is enabled in the policy store, then updating a static policy causes Verified Permissions to * validate the policy against the schema in the policy store. If the updated static policy doesn't pass validation, * the operation fails and the update isn't stored. *
** Modifies a Cedar static policy in the specified policy store. You can change only certain elements of the UpdatePolicyDefinition parameter. You can directly update only static policies. To change a template-linked * policy, you must update the template instead, using UpdatePolicyTemplate. *
** If policy validation is enabled in the policy store, then updating a static policy causes Verified Permissions to * validate the policy against the schema in the policy store. If the updated static policy doesn't pass validation, * the operation fails and the update isn't stored. *
** Modifies the validation setting for a policy store. *
* * @param updatePolicyStoreRequest * @return A Java Future containing the result of the UpdatePolicyStore operation returned by the service. * @sample AmazonVerifiedPermissionsAsync.UpdatePolicyStore * @see AWS API Documentation */ java.util.concurrent.Future* Modifies the validation setting for a policy store. *
* * @param updatePolicyStoreRequest * @param asyncHandler * Asynchronous callback handler for events in the lifecycle of the request. Users can provide an * implementation of the callback methods in this interface to receive notification of successful or * unsuccessful completion of the operation. * @return A Java Future containing the result of the UpdatePolicyStore operation returned by the service. * @sample AmazonVerifiedPermissionsAsyncHandler.UpdatePolicyStore * @see AWS API Documentation */ java.util.concurrent.Future* Updates the specified policy template. You can update only the description and the some elements of the policyBody. *
** Changes you make to the policy template content are immediately reflected in authorization decisions that involve * all template-linked policies instantiated from this template. *
** Updates the specified policy template. You can update only the description and the some elements of the policyBody. *
** Changes you make to the policy template content are immediately reflected in authorization decisions that involve * all template-linked policies instantiated from this template. *
*