diff --git a/clients/client-verifiedpermissions/README.md b/clients/client-verifiedpermissions/README.md index 4a2b7fefddb4d..ddede3fb63dca 100644 --- a/clients/client-verifiedpermissions/README.md +++ b/clients/client-verifiedpermissions/README.md @@ -267,6 +267,14 @@ see LICENSE for more information. ## Client Commands (Operations List) +
+ +BatchGetPolicy + + +[Command API Reference](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/verifiedpermissions/command/BatchGetPolicyCommand/) / [Input](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-aws-sdk-client-verifiedpermissions/Interface/BatchGetPolicyCommandInput/) / [Output](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-aws-sdk-client-verifiedpermissions/Interface/BatchGetPolicyCommandOutput/) + +
BatchIsAuthorized diff --git a/clients/client-verifiedpermissions/src/VerifiedPermissions.ts b/clients/client-verifiedpermissions/src/VerifiedPermissions.ts index 5d2a9cf881a59..d2a3ad6320d9d 100644 --- a/clients/client-verifiedpermissions/src/VerifiedPermissions.ts +++ b/clients/client-verifiedpermissions/src/VerifiedPermissions.ts @@ -2,6 +2,11 @@ import { createAggregatedClient } from "@smithy/smithy-client"; import { HttpHandlerOptions as __HttpHandlerOptions } from "@smithy/types"; +import { + BatchGetPolicyCommand, + BatchGetPolicyCommandInput, + BatchGetPolicyCommandOutput, +} from "./commands/BatchGetPolicyCommand"; import { BatchIsAuthorizedCommand, BatchIsAuthorizedCommandInput, @@ -123,6 +128,7 @@ import { import { VerifiedPermissionsClient, VerifiedPermissionsClientConfig } from "./VerifiedPermissionsClient"; const commands = { + BatchGetPolicyCommand, BatchIsAuthorizedCommand, BatchIsAuthorizedWithTokenCommand, CreateIdentitySourceCommand, @@ -152,6 +158,20 @@ const commands = { }; export interface VerifiedPermissions { + /** + * @see {@link BatchGetPolicyCommand} + */ + batchGetPolicy( + args: BatchGetPolicyCommandInput, + options?: __HttpHandlerOptions + ): Promise; + batchGetPolicy(args: BatchGetPolicyCommandInput, cb: (err: any, data?: BatchGetPolicyCommandOutput) => void): void; + batchGetPolicy( + args: BatchGetPolicyCommandInput, + options: __HttpHandlerOptions, + cb: (err: any, data?: BatchGetPolicyCommandOutput) => void + ): void; + /** * @see {@link BatchIsAuthorizedCommand} */ diff --git a/clients/client-verifiedpermissions/src/VerifiedPermissionsClient.ts b/clients/client-verifiedpermissions/src/VerifiedPermissionsClient.ts index 166298675cd3a..b3fac06468919 100644 --- a/clients/client-verifiedpermissions/src/VerifiedPermissionsClient.ts +++ b/clients/client-verifiedpermissions/src/VerifiedPermissionsClient.ts @@ -53,6 +53,7 @@ import { HttpAuthSchemeResolvedConfig, resolveHttpAuthSchemeConfig, } from "./auth/httpAuthSchemeProvider"; +import { BatchGetPolicyCommandInput, BatchGetPolicyCommandOutput } from "./commands/BatchGetPolicyCommand"; import { BatchIsAuthorizedCommandInput, BatchIsAuthorizedCommandOutput } from "./commands/BatchIsAuthorizedCommand"; import { BatchIsAuthorizedWithTokenCommandInput, @@ -124,6 +125,7 @@ export { __Client }; * @public */ export type ServiceInputTypes = + | BatchGetPolicyCommandInput | BatchIsAuthorizedCommandInput | BatchIsAuthorizedWithTokenCommandInput | CreateIdentitySourceCommandInput @@ -155,6 +157,7 @@ export type ServiceInputTypes = * @public */ export type ServiceOutputTypes = + | BatchGetPolicyCommandOutput | BatchIsAuthorizedCommandOutput | BatchIsAuthorizedWithTokenCommandOutput | CreateIdentitySourceCommandOutput diff --git a/clients/client-verifiedpermissions/src/commands/BatchGetPolicyCommand.ts b/clients/client-verifiedpermissions/src/commands/BatchGetPolicyCommand.ts new file mode 100644 index 0000000000000..3fc0e56041bbd --- /dev/null +++ b/clients/client-verifiedpermissions/src/commands/BatchGetPolicyCommand.ts @@ -0,0 +1,302 @@ +// smithy-typescript generated code +import { getEndpointPlugin } from "@smithy/middleware-endpoint"; +import { getSerdePlugin } from "@smithy/middleware-serde"; +import { Command as $Command } from "@smithy/smithy-client"; +import { MetadataBearer as __MetadataBearer } from "@smithy/types"; + +import { commonParams } from "../endpoint/EndpointParameters"; +import { BatchGetPolicyInput, BatchGetPolicyOutput, BatchGetPolicyOutputFilterSensitiveLog } from "../models/models_0"; +import { de_BatchGetPolicyCommand, se_BatchGetPolicyCommand } from "../protocols/Aws_json1_0"; +import { + ServiceInputTypes, + ServiceOutputTypes, + VerifiedPermissionsClientResolvedConfig, +} from "../VerifiedPermissionsClient"; + +/** + * @public + */ +export type { __MetadataBearer }; +export { $Command }; +/** + * @public + * + * The input for {@link BatchGetPolicyCommand}. + */ +export interface BatchGetPolicyCommandInput extends BatchGetPolicyInput {} +/** + * @public + * + * The output of {@link BatchGetPolicyCommand}. + */ +export interface BatchGetPolicyCommandOutput extends BatchGetPolicyOutput, __MetadataBearer {} + +/** + *

Retrieves information about a group (batch) of policies.

+ * + *

The BatchGetPolicy operation doesn't have its own IAM + * permission. To authorize this operation for Amazon Web Services principals, include the permission + * verifiedpermissions:GetPolicy in their IAM policies.

+ * + * @example + * Use a bare-bones client and the command you need to make an API call. + * ```javascript + * import { VerifiedPermissionsClient, BatchGetPolicyCommand } from "@aws-sdk/client-verifiedpermissions"; // ES Modules import + * // const { VerifiedPermissionsClient, BatchGetPolicyCommand } = require("@aws-sdk/client-verifiedpermissions"); // CommonJS import + * const client = new VerifiedPermissionsClient(config); + * const input = { // BatchGetPolicyInput + * requests: [ // BatchGetPolicyInputList // required + * { // BatchGetPolicyInputItem + * policyStoreId: "STRING_VALUE", // required + * policyId: "STRING_VALUE", // required + * }, + * ], + * }; + * const command = new BatchGetPolicyCommand(input); + * const response = await client.send(command); + * // { // BatchGetPolicyOutput + * // results: [ // BatchGetPolicyOutputList // required + * // { // BatchGetPolicyOutputItem + * // policyStoreId: "STRING_VALUE", // required + * // policyId: "STRING_VALUE", // required + * // policyType: "STATIC" || "TEMPLATE_LINKED", // required + * // definition: { // PolicyDefinitionDetail Union: only one key present + * // static: { // StaticPolicyDefinitionDetail + * // description: "STRING_VALUE", + * // statement: "STRING_VALUE", // required + * // }, + * // templateLinked: { // TemplateLinkedPolicyDefinitionDetail + * // policyTemplateId: "STRING_VALUE", // required + * // principal: { // EntityIdentifier + * // entityType: "STRING_VALUE", // required + * // entityId: "STRING_VALUE", // required + * // }, + * // resource: { + * // entityType: "STRING_VALUE", // required + * // entityId: "STRING_VALUE", // required + * // }, + * // }, + * // }, + * // createdDate: new Date("TIMESTAMP"), // required + * // lastUpdatedDate: new Date("TIMESTAMP"), // required + * // }, + * // ], + * // errors: [ // BatchGetPolicyErrorList // required + * // { // BatchGetPolicyErrorItem + * // code: "POLICY_STORE_NOT_FOUND" || "POLICY_NOT_FOUND", // required + * // policyStoreId: "STRING_VALUE", // required + * // policyId: "STRING_VALUE", // required + * // message: "STRING_VALUE", // required + * // }, + * // ], + * // }; + * + * ``` + * + * @param BatchGetPolicyCommandInput - {@link BatchGetPolicyCommandInput} + * @returns {@link BatchGetPolicyCommandOutput} + * @see {@link BatchGetPolicyCommandInput} for command's `input` shape. + * @see {@link BatchGetPolicyCommandOutput} for command's `response` shape. + * @see {@link VerifiedPermissionsClientResolvedConfig | config} for VerifiedPermissionsClient's `config` shape. + * + * @throws {@link AccessDeniedException} (client fault) + *

You don't have sufficient access to perform this action.

+ * + * @throws {@link InternalServerException} (server fault) + *

The request failed because of an internal error. Try your request again later

+ * + * @throws {@link ThrottlingException} (client fault) + *

The request failed because it exceeded a throttling quota.

+ * + * @throws {@link ValidationException} (client fault) + *

The request failed because one or more input parameters don't satisfy their constraint + * requirements. The output is provided as a list of fields and a reason for each field that + * isn't valid.

+ *

The possible reasons include the following:

+ *
    + *
  • + *

    + * UnrecognizedEntityType + *

    + *

    The policy includes an entity type that isn't found in the schema.

    + *
    • + *
  • + *

    + * UnrecognizedActionId + *

    + *

    The policy includes an action id that isn't found in the schema.

    + *
    • + *
  • + *

    + * InvalidActionApplication + *

    + *

    The policy includes an action that, according to the schema, doesn't support + * the specified principal and resource.

    + *
    • + *
  • + *

    + * UnexpectedType + *

    + *

    The policy included an operand that isn't a valid type for the specified + * operation.

    + *
    • + *
  • + *

    + * IncompatibleTypes + *

    + *

    The types of elements included in a set, or the types of + * expressions used in an if...then...else clause aren't compatible in + * this context.

    + *
    • + *
  • + *

    + * MissingAttribute + *

    + *

    The policy attempts to access a record or entity attribute that isn't + * specified in the schema. Test for the existence of the attribute first before + * attempting to access its value. For more information, see the has (presence of attribute test) operator in the + * Cedar Policy Language Guide.

    + *
    • + *
  • + *

    + * UnsafeOptionalAttributeAccess + *

    + *

    The policy attempts to access a record or entity attribute that is optional + * and isn't guaranteed to be present. Test for the existence of the attribute + * first before attempting to access its value. For more information, see the + * has (presence of attribute test) operator in the + * Cedar Policy Language Guide.

    + *
    • + *
  • + *

    + * ImpossiblePolicy + *

    + *

    Cedar has determined that a policy condition always evaluates to false. If + * the policy is always false, it can never apply to any query, and so it can never + * affect an authorization decision.

    + *
    • + *
  • + *

    + * WrongNumberArguments + *

    + *

    The policy references an extension type with the wrong number of + * arguments.

    + *
    • + *
  • + *

    + * FunctionArgumentValidationError + *

    + *

    Cedar couldn't parse the argument passed to an extension type. For example, + * a string that is to be parsed as an IPv4 address can contain only digits and the + * period character.

    + *
    • + *
+ * + * @throws {@link VerifiedPermissionsServiceException} + *

Base exception class for all service exceptions from VerifiedPermissions service.

+ * + * @public + * @example To retrieve details about a policy + * ```javascript + * // The following example retrieves information about the specified policy contained in the specified policy store. In this example, the requested policy is a template-linked policy, so it returns the ID of the policy template, and the specific principal and resource used by this policy. + * const input = { + * "requests": [ + * { + * "policyId": "PWv5M6d5HePx3gVVLKY1nK", + * "policyStoreId": "ERZeDpRc34dkYZeb6FZRVC" + * }, + * { + * "policyId": "LzFn6KgLWvv4Mbegus35jn", + * "policyStoreId": "ERZeDpRc34dkYZeb6FZRVC" + * }, + * { + * "policyId": "77gLjer8H5o3mvrnMGrSL5", + * "policyStoreId": "ERZeDpRc34dkYZeb6FZRVC" + * } + * ] + * }; + * const command = new BatchGetPolicyCommand(input); + * const response = await client.send(command); + * /* response == + * { + * "errors": [], + * "results": [ + * { + * "createdDate": "2024-10-18T18:53:39.258153Z", + * "definition": { + * "static": { + * "description": "Users can manage account resources in any account they own", + * "statement": "permit (principal, action in PhotoFlash::Action::\"ManageAccount\",resource) when { resource in principal.Account };" + * } + * }, + * "lastUpdatedDate": "2024-10-18T18:53:39.258153Z", + * "policyId": "PWv5M6d5HePx3gVVLKY1nK", + * "policyStoreId": "ERZeDpRc34dkYZeb6FZRVC", + * "policyType": "STATIC" + * }, + * { + * "createdDate": "2024-10-18T18:57:03.305027Z", + * "definition": { + * "static": { + * "description": "User alice can't delete any photos.", + * "statement": "forbid (principal == PhotoFlash::User::\"alice\", action in [PhotoFlash::Action::\"DeletePhoto\"], resource);" + * } + * }, + * "lastUpdatedDate": "2024-10-18T18:57:03.305027Z", + * "policyId": "LzFn6KgLWvv4Mbegus35jn", + * "policyStoreId": "ERZeDpRc34dkYZeb6FZRVC", + * "policyType": "STATIC" + * }, + * { + * "createdDate": "2024-10-18T18:57:48.005343Z", + * "definition": { + * "static": { + * "description": "User alice can view and delete photos.", + * "statement": "permit (principal == PhotoFlash::User::\"alice\", action in [PhotoFlash::Action::\"DeletePhoto\", PhotoFlash::Action::\"ViewPhoto\"], resource);" + * } + * }, + * "lastUpdatedDate": "2024-10-18T18:57:48.005343Z", + * "policyId": "77gLjer8H5o3mvrnMGrSL5", + * "policyStoreId": "ERZeDpRc34dkYZeb6FZRVC", + * "policyType": "STATIC" + * } + * ] + * } + * *\/ + * // example id: example-1 + * ``` + * + */ +export class BatchGetPolicyCommand extends $Command + .classBuilder< + BatchGetPolicyCommandInput, + BatchGetPolicyCommandOutput, + VerifiedPermissionsClientResolvedConfig, + ServiceInputTypes, + ServiceOutputTypes + >() + .ep(commonParams) + .m(function (this: any, Command: any, cs: any, config: VerifiedPermissionsClientResolvedConfig, o: any) { + return [ + getSerdePlugin(config, this.serialize, this.deserialize), + getEndpointPlugin(config, Command.getEndpointParameterInstructions()), + ]; + }) + .s("VerifiedPermissions", "BatchGetPolicy", {}) + .n("VerifiedPermissionsClient", "BatchGetPolicyCommand") + .f(void 0, BatchGetPolicyOutputFilterSensitiveLog) + .ser(se_BatchGetPolicyCommand) + .de(de_BatchGetPolicyCommand) + .build() { + /** @internal type navigation helper, not in runtime. */ + protected declare static __types: { + api: { + input: BatchGetPolicyInput; + output: BatchGetPolicyOutput; + }; + sdk: { + input: BatchGetPolicyCommandInput; + output: BatchGetPolicyCommandOutput; + }; + }; +} diff --git a/clients/client-verifiedpermissions/src/commands/BatchIsAuthorizedCommand.ts b/clients/client-verifiedpermissions/src/commands/BatchIsAuthorizedCommand.ts index 0e4d17b3474dc..3ce9abb133c67 100644 --- a/clients/client-verifiedpermissions/src/commands/BatchIsAuthorizedCommand.ts +++ b/clients/client-verifiedpermissions/src/commands/BatchIsAuthorizedCommand.ts @@ -94,11 +94,15 @@ export interface BatchIsAuthorizedCommandOutput extends BatchIsAuthorizedOutput, * record: { // RecordAttribute * "": "", * }, + * ipaddr: "STRING_VALUE", + * decimal: "STRING_VALUE", * }, * ], * record: { * "": "", * }, + * ipaddr: "STRING_VALUE", + * decimal: "STRING_VALUE", * }, * }, * parents: [ // ParentList @@ -163,11 +167,15 @@ export interface BatchIsAuthorizedCommandOutput extends BatchIsAuthorizedOutput, * // record: { // RecordAttribute * // "": "", * // }, + * // ipaddr: "STRING_VALUE", + * // decimal: "STRING_VALUE", * // }, * // ], * // record: { * // "": "", * // }, + * // ipaddr: "STRING_VALUE", + * // decimal: "STRING_VALUE", * // }, * // }, * // }, diff --git a/clients/client-verifiedpermissions/src/commands/BatchIsAuthorizedWithTokenCommand.ts b/clients/client-verifiedpermissions/src/commands/BatchIsAuthorizedWithTokenCommand.ts index 84868a029fe8e..efefd9cffcbdf 100644 --- a/clients/client-verifiedpermissions/src/commands/BatchIsAuthorizedWithTokenCommand.ts +++ b/clients/client-verifiedpermissions/src/commands/BatchIsAuthorizedWithTokenCommand.ts @@ -94,11 +94,15 @@ export interface BatchIsAuthorizedWithTokenCommandOutput extends BatchIsAuthoriz * record: { // RecordAttribute * "": "", * }, + * ipaddr: "STRING_VALUE", + * decimal: "STRING_VALUE", * }, * ], * record: { * "": "", * }, + * ipaddr: "STRING_VALUE", + * decimal: "STRING_VALUE", * }, * }, * parents: [ // ParentList @@ -159,11 +163,15 @@ export interface BatchIsAuthorizedWithTokenCommandOutput extends BatchIsAuthoriz * // record: { // RecordAttribute * // "": "", * // }, + * // ipaddr: "STRING_VALUE", + * // decimal: "STRING_VALUE", * // }, * // ], * // record: { * // "": "", * // }, + * // ipaddr: "STRING_VALUE", + * // decimal: "STRING_VALUE", * // }, * // }, * // }, diff --git a/clients/client-verifiedpermissions/src/commands/IsAuthorizedCommand.ts b/clients/client-verifiedpermissions/src/commands/IsAuthorizedCommand.ts index 5d433200d8e67..9a8e2f5bb80c2 100644 --- a/clients/client-verifiedpermissions/src/commands/IsAuthorizedCommand.ts +++ b/clients/client-verifiedpermissions/src/commands/IsAuthorizedCommand.ts @@ -85,11 +85,15 @@ export interface IsAuthorizedCommandOutput extends IsAuthorizedOutput, __Metadat * record: { // RecordAttribute * "": "", * }, + * ipaddr: "STRING_VALUE", + * decimal: "STRING_VALUE", * }, * ], * record: { * "": "", * }, + * ipaddr: "STRING_VALUE", + * decimal: "STRING_VALUE", * }, * }, * }, diff --git a/clients/client-verifiedpermissions/src/commands/IsAuthorizedWithTokenCommand.ts b/clients/client-verifiedpermissions/src/commands/IsAuthorizedWithTokenCommand.ts index be03bf358f35e..78affb8182579 100644 --- a/clients/client-verifiedpermissions/src/commands/IsAuthorizedWithTokenCommand.ts +++ b/clients/client-verifiedpermissions/src/commands/IsAuthorizedWithTokenCommand.ts @@ -91,11 +91,15 @@ export interface IsAuthorizedWithTokenCommandOutput extends IsAuthorizedWithToke * record: { // RecordAttribute * "": "", * }, + * ipaddr: "STRING_VALUE", + * decimal: "STRING_VALUE", * }, * ], * record: { * "": "", * }, + * ipaddr: "STRING_VALUE", + * decimal: "STRING_VALUE", * }, * }, * }, diff --git a/clients/client-verifiedpermissions/src/commands/index.ts b/clients/client-verifiedpermissions/src/commands/index.ts index 2014a892d3abb..75784ab35d9d6 100644 --- a/clients/client-verifiedpermissions/src/commands/index.ts +++ b/clients/client-verifiedpermissions/src/commands/index.ts @@ -1,4 +1,5 @@ // smithy-typescript generated code +export * from "./BatchGetPolicyCommand"; export * from "./BatchIsAuthorizedCommand"; export * from "./BatchIsAuthorizedWithTokenCommand"; export * from "./CreateIdentitySourceCommand"; diff --git a/clients/client-verifiedpermissions/src/models/models_0.ts b/clients/client-verifiedpermissions/src/models/models_0.ts index d6e02d426206d..4201a09c3d380 100644 --- a/clients/client-verifiedpermissions/src/models/models_0.ts +++ b/clients/client-verifiedpermissions/src/models/models_0.ts @@ -76,121 +76,288 @@ export interface EntityIdentifier { entityId: string | undefined; } +/** + *

Information about a policy that you include in a BatchGetPolicy API request.

+ * @public + */ +export interface BatchGetPolicyInputItem { + /** + *

The identifier of the policy store where the policy you want information about is stored.

+ * @public + */ + policyStoreId: string | undefined; + + /** + *

The identifier of the policy you want information about.

+ * @public + */ + policyId: string | undefined; +} + +/** + * @public + */ +export interface BatchGetPolicyInput { + /** + *

An array of up to 100 policies you want information about.

+ * @public + */ + requests: BatchGetPolicyInputItem[] | undefined; +} + /** * @public * @enum */ -export const Decision = { - ALLOW: "ALLOW", - DENY: "DENY", +export const BatchGetPolicyErrorCode = { + POLICY_NOT_FOUND: "POLICY_NOT_FOUND", + POLICY_STORE_NOT_FOUND: "POLICY_STORE_NOT_FOUND", } as const; /** * @public */ -export type Decision = (typeof Decision)[keyof typeof Decision]; +export type BatchGetPolicyErrorCode = (typeof BatchGetPolicyErrorCode)[keyof typeof BatchGetPolicyErrorCode]; /** - *

Contains information about one of the policies that determined an authorization - * decision.

- *

This data type is used as an element in a response parameter for the IsAuthorized, BatchIsAuthorized, and IsAuthorizedWithToken - * operations.

- *

Example: "determiningPolicies":[\{"policyId":"SPEXAMPLEabcdefg111111"\}] - *

+ *

Contains the information about an error resulting from a BatchGetPolicy API call.

* @public */ -export interface DeterminingPolicyItem { +export interface BatchGetPolicyErrorItem { /** - *

The Id of a policy that determined to an authorization decision.

- *

Example: "policyId":"SPEXAMPLEabcdefg111111" - *

+ *

The error code that was returned.

+ * @public + */ + code: BatchGetPolicyErrorCode | undefined; + + /** + *

The identifier of the policy store associated with the failed request.

+ * @public + */ + policyStoreId: string | undefined; + + /** + *

The identifier of the policy associated with the failed request.

* @public */ policyId: string | undefined; + + /** + *

A detailed error message.

+ * @public + */ + message: string | undefined; } /** - *

Contains a description of an evaluation error.

- *

This data type is a response parameter of the IsAuthorized, BatchIsAuthorized, and IsAuthorizedWithToken operations.

+ *

A structure that contains details about a static policy. It includes the description and + * policy body.

+ *

This data type is used within a PolicyDefinition structure as + * part of a request parameter for the CreatePolicy operation.

* @public */ -export interface EvaluationErrorItem { +export interface StaticPolicyDefinitionDetail { /** - *

The error description.

+ *

A description of the static policy.

* @public */ - errorDescription: string | undefined; + description?: string; + + /** + *

The content of the static policy written in the Cedar policy language.

+ * @public + */ + statement: string | undefined; } /** - *

The request failed because of an internal error. Try your request again later

+ *

Contains information about a policy that was created by instantiating a policy template.

* @public */ -export class InternalServerException extends __BaseException { - readonly name: "InternalServerException" = "InternalServerException"; - readonly $fault: "server" = "server"; - $retryable = {}; +export interface TemplateLinkedPolicyDefinitionDetail { /** - * @internal + *

The unique identifier of the policy template used to create this policy.

+ * @public */ - constructor(opts: __ExceptionOptionType) { - super({ - name: "InternalServerException", - $fault: "server", - ...opts, - }); - Object.setPrototypeOf(this, InternalServerException.prototype); + policyTemplateId: string | undefined; + + /** + *

The principal associated with this template-linked policy. Verified Permissions substitutes this principal for the + * ?principal placeholder in the policy template when it evaluates an authorization + * request.

+ * @public + */ + principal?: EntityIdentifier; + + /** + *

The resource associated with this template-linked policy. Verified Permissions substitutes this resource for the + * ?resource placeholder in the policy template when it evaluates an authorization + * request.

+ * @public + */ + resource?: EntityIdentifier; +} + +/** + *

A structure that describes a policy definition. It must always have either an + * static or a templateLinked element.

+ *

This data type is used as a response parameter for the GetPolicy operation.

+ * @public + */ +export type PolicyDefinitionDetail = + | PolicyDefinitionDetail.StaticMember + | PolicyDefinitionDetail.TemplateLinkedMember + | PolicyDefinitionDetail.$UnknownMember; + +/** + * @public + */ +export namespace PolicyDefinitionDetail { + /** + *

Information about a static policy that wasn't created with a policy template.

+ * @public + */ + export interface StaticMember { + static: StaticPolicyDefinitionDetail; + templateLinked?: never; + $unknown?: never; + } + + /** + *

Information about a template-linked policy that was created by instantiating a policy template.

+ * @public + */ + export interface TemplateLinkedMember { + static?: never; + templateLinked: TemplateLinkedPolicyDefinitionDetail; + $unknown?: never; + } + + /** + * @public + */ + export interface $UnknownMember { + static?: never; + templateLinked?: never; + $unknown: [string, any]; + } + + export interface Visitor { + static: (value: StaticPolicyDefinitionDetail) => T; + templateLinked: (value: TemplateLinkedPolicyDefinitionDetail) => T; + _: (name: string, value: any) => T; } + + export const visit = (value: PolicyDefinitionDetail, visitor: Visitor): T => { + if (value.static !== undefined) return visitor.static(value.static); + if (value.templateLinked !== undefined) return visitor.templateLinked(value.templateLinked); + return visitor._(value.$unknown[0], value.$unknown[1]); + }; } /** * @public * @enum */ -export const ResourceType = { - IDENTITY_SOURCE: "IDENTITY_SOURCE", - POLICY: "POLICY", - POLICY_STORE: "POLICY_STORE", - POLICY_TEMPLATE: "POLICY_TEMPLATE", - SCHEMA: "SCHEMA", +export const PolicyType = { + STATIC: "STATIC", + TEMPLATE_LINKED: "TEMPLATE_LINKED", } as const; /** * @public */ -export type ResourceType = (typeof ResourceType)[keyof typeof ResourceType]; +export type PolicyType = (typeof PolicyType)[keyof typeof PolicyType]; /** - *

The request failed because it references a resource that doesn't exist.

+ *

Contains information about a policy returned from a BatchGetPolicy API request.

* @public */ -export class ResourceNotFoundException extends __BaseException { - readonly name: "ResourceNotFoundException" = "ResourceNotFoundException"; - readonly $fault: "client" = "client"; +export interface BatchGetPolicyOutputItem { /** - *

The unique ID of the resource referenced in the failed request.

+ *

The identifier of the policy store where the policy you want information about is stored.

* @public */ - resourceId: string | undefined; + policyStoreId: string | undefined; /** - *

The resource type of the resource referenced in the failed request.

+ *

The identifier of the policy you want information about.

* @public */ - resourceType: ResourceType | undefined; + policyId: string | undefined; + /** + *

The type of the policy. This is one of the following values:

+ *
    + *
  • + *

    + * STATIC + *

    + *
    • + *
  • + *

    + * TEMPLATE_LINKED + *

    + *
    • + *
+ * @public + */ + policyType: PolicyType | undefined; + + /** + *

The policy definition of an item in the list of policies returned.

+ * @public + */ + definition: PolicyDefinitionDetail | undefined; + + /** + *

The date and time the policy was created.

+ * @public + */ + createdDate: Date | undefined; + + /** + *

The date and time the policy was most recently updated.

+ * @public + */ + lastUpdatedDate: Date | undefined; +} + +/** + * @public + */ +export interface BatchGetPolicyOutput { + /** + *

Information about the policies listed in the request that were successfully returned. These results are returned in the order they were requested.

+ * @public + */ + results: BatchGetPolicyOutputItem[] | undefined; + + /** + *

Information about the policies from the request that resulted in an error. These results are returned in the order they were requested.

+ * @public + */ + errors: BatchGetPolicyErrorItem[] | undefined; +} + +/** + *

The request failed because of an internal error. Try your request again later

+ * @public + */ +export class InternalServerException extends __BaseException { + readonly name: "InternalServerException" = "InternalServerException"; + readonly $fault: "server" = "server"; + $retryable = {}; /** * @internal */ - constructor(opts: __ExceptionOptionType) { + constructor(opts: __ExceptionOptionType) { super({ - name: "ResourceNotFoundException", - $fault: "client", + name: "InternalServerException", + $fault: "server", ...opts, }); - Object.setPrototypeOf(this, ResourceNotFoundException.prototype); - this.resourceId = opts.resourceId; - this.resourceType = opts.resourceType; + Object.setPrototypeOf(this, InternalServerException.prototype); } } @@ -334,26 +501,123 @@ export interface ValidationExceptionField { * * @public */ -export class ValidationException extends __BaseException { - readonly name: "ValidationException" = "ValidationException"; +export class ValidationException extends __BaseException { + readonly name: "ValidationException" = "ValidationException"; + readonly $fault: "client" = "client"; + /** + *

The list of fields that aren't valid.

+ * @public + */ + fieldList?: ValidationExceptionField[]; + + /** + * @internal + */ + constructor(opts: __ExceptionOptionType) { + super({ + name: "ValidationException", + $fault: "client", + ...opts, + }); + Object.setPrototypeOf(this, ValidationException.prototype); + this.fieldList = opts.fieldList; + } +} + +/** + * @public + * @enum + */ +export const Decision = { + ALLOW: "ALLOW", + DENY: "DENY", +} as const; + +/** + * @public + */ +export type Decision = (typeof Decision)[keyof typeof Decision]; + +/** + *

Contains information about one of the policies that determined an authorization + * decision.

+ *

This data type is used as an element in a response parameter for the IsAuthorized, BatchIsAuthorized, and IsAuthorizedWithToken + * operations.

+ *

Example: "determiningPolicies":[\{"policyId":"SPEXAMPLEabcdefg111111"\}] + *

+ * @public + */ +export interface DeterminingPolicyItem { + /** + *

The Id of a policy that determined to an authorization decision.

+ *

Example: "policyId":"SPEXAMPLEabcdefg111111" + *

+ * @public + */ + policyId: string | undefined; +} + +/** + *

Contains a description of an evaluation error.

+ *

This data type is a response parameter of the IsAuthorized, BatchIsAuthorized, and IsAuthorizedWithToken operations.

+ * @public + */ +export interface EvaluationErrorItem { + /** + *

The error description.

+ * @public + */ + errorDescription: string | undefined; +} + +/** + * @public + * @enum + */ +export const ResourceType = { + IDENTITY_SOURCE: "IDENTITY_SOURCE", + POLICY: "POLICY", + POLICY_STORE: "POLICY_STORE", + POLICY_TEMPLATE: "POLICY_TEMPLATE", + SCHEMA: "SCHEMA", +} as const; + +/** + * @public + */ +export type ResourceType = (typeof ResourceType)[keyof typeof ResourceType]; + +/** + *

The request failed because it references a resource that doesn't exist.

+ * @public + */ +export class ResourceNotFoundException extends __BaseException { + readonly name: "ResourceNotFoundException" = "ResourceNotFoundException"; readonly $fault: "client" = "client"; /** - *

The list of fields that aren't valid.

+ *

The unique ID of the resource referenced in the failed request.

* @public */ - fieldList?: ValidationExceptionField[]; + resourceId: string | undefined; + + /** + *

The resource type of the resource referenced in the failed request.

+ * @public + */ + resourceType: ResourceType | undefined; /** * @internal */ - constructor(opts: __ExceptionOptionType) { + constructor(opts: __ExceptionOptionType) { super({ - name: "ValidationException", + name: "ResourceNotFoundException", $fault: "client", ...opts, }); - Object.setPrototypeOf(this, ValidationException.prototype); - this.fieldList = opts.fieldList; + Object.setPrototypeOf(this, ResourceNotFoundException.prototype); + this.resourceId = opts.resourceId; + this.resourceType = opts.resourceType; } } @@ -1618,20 +1882,6 @@ export const PolicyEffect = { */ export type PolicyEffect = (typeof PolicyEffect)[keyof typeof PolicyEffect]; -/** - * @public - * @enum - */ -export const PolicyType = { - STATIC: "STATIC", - TEMPLATE_LINKED: "TEMPLATE_LINKED", -} as const; - -/** - * @public - */ -export type PolicyType = (typeof PolicyType)[keyof typeof PolicyType]; - /** * @public */ @@ -2182,112 +2432,6 @@ export interface GetPolicyInput { policyId: string | undefined; } -/** - *

A structure that contains details about a static policy. It includes the description and - * policy body.

- *

This data type is used within a PolicyDefinition structure as - * part of a request parameter for the CreatePolicy operation.

- * @public - */ -export interface StaticPolicyDefinitionDetail { - /** - *

A description of the static policy.

- * @public - */ - description?: string; - - /** - *

The content of the static policy written in the Cedar policy language.

- * @public - */ - statement: string | undefined; -} - -/** - *

Contains information about a policy that was created by instantiating a policy template.

- * @public - */ -export interface TemplateLinkedPolicyDefinitionDetail { - /** - *

The unique identifier of the policy template used to create this policy.

- * @public - */ - policyTemplateId: string | undefined; - - /** - *

The principal associated with this template-linked policy. Verified Permissions substitutes this principal for the - * ?principal placeholder in the policy template when it evaluates an authorization - * request.

- * @public - */ - principal?: EntityIdentifier; - - /** - *

The resource associated with this template-linked policy. Verified Permissions substitutes this resource for the - * ?resource placeholder in the policy template when it evaluates an authorization - * request.

- * @public - */ - resource?: EntityIdentifier; -} - -/** - *

A structure that describes a policy definition. It must always have either an - * static or a templateLinked element.

- *

This data type is used as a response parameter for the GetPolicy operation.

- * @public - */ -export type PolicyDefinitionDetail = - | PolicyDefinitionDetail.StaticMember - | PolicyDefinitionDetail.TemplateLinkedMember - | PolicyDefinitionDetail.$UnknownMember; - -/** - * @public - */ -export namespace PolicyDefinitionDetail { - /** - *

Information about a static policy that wasn't created with a policy template.

- * @public - */ - export interface StaticMember { - static: StaticPolicyDefinitionDetail; - templateLinked?: never; - $unknown?: never; - } - - /** - *

Information about a template-linked policy that was created by instantiating a policy template.

- * @public - */ - export interface TemplateLinkedMember { - static?: never; - templateLinked: TemplateLinkedPolicyDefinitionDetail; - $unknown?: never; - } - - /** - * @public - */ - export interface $UnknownMember { - static?: never; - templateLinked?: never; - $unknown: [string, any]; - } - - export interface Visitor { - static: (value: StaticPolicyDefinitionDetail) => T; - templateLinked: (value: TemplateLinkedPolicyDefinitionDetail) => T; - _: (name: string, value: any) => T; - } - - export const visit = (value: PolicyDefinitionDetail, visitor: Visitor): T => { - if (value.static !== undefined) return visitor.static(value.static); - if (value.templateLinked !== undefined) return visitor.templateLinked(value.templateLinked); - return visitor._(value.$unknown[0], value.$unknown[1]); - }; -} - /** * @public */ @@ -3291,7 +3435,7 @@ export namespace PolicyDefinitionItem { */ export interface PolicyItem { /** - *

The identifier of the PolicyStore where the policy you want information about is + *

The identifier of the policy store where the policy you want information about is * stored.

* @public */ @@ -4011,7 +4155,9 @@ export interface UpdatePolicyStoreOutput { */ export type AttributeValue = | AttributeValue.BooleanMember + | AttributeValue.DecimalMember | AttributeValue.EntityIdentifierMember + | AttributeValue.IpaddrMember | AttributeValue.LongMember | AttributeValue.RecordMember | AttributeValue.SetMember @@ -4036,6 +4182,8 @@ export namespace AttributeValue { string?: never; set?: never; record?: never; + ipaddr?: never; + decimal?: never; $unknown?: never; } @@ -4053,6 +4201,8 @@ export namespace AttributeValue { string?: never; set?: never; record?: never; + ipaddr?: never; + decimal?: never; $unknown?: never; } @@ -4069,6 +4219,8 @@ export namespace AttributeValue { string?: never; set?: never; record?: never; + ipaddr?: never; + decimal?: never; $unknown?: never; } @@ -4086,6 +4238,8 @@ export namespace AttributeValue { string: string; set?: never; record?: never; + ipaddr?: never; + decimal?: never; $unknown?: never; } @@ -4102,6 +4256,8 @@ export namespace AttributeValue { string?: never; set: AttributeValue[]; record?: never; + ipaddr?: never; + decimal?: never; $unknown?: never; } @@ -4119,6 +4275,44 @@ export namespace AttributeValue { string?: never; set?: never; record: Record; + ipaddr?: never; + decimal?: never; + $unknown?: never; + } + + /** + *

An attribute value of ipaddr type.

+ *

Example: \{"ip": "192.168.1.100"\} + *

+ * @public + */ + export interface IpaddrMember { + boolean?: never; + entityIdentifier?: never; + long?: never; + string?: never; + set?: never; + record?: never; + ipaddr: string; + decimal?: never; + $unknown?: never; + } + + /** + *

An attribute value of decimal type.

+ *

Example: \{"decimal": "1.1"\} + *

+ * @public + */ + export interface DecimalMember { + boolean?: never; + entityIdentifier?: never; + long?: never; + string?: never; + set?: never; + record?: never; + ipaddr?: never; + decimal: string; $unknown?: never; } @@ -4132,6 +4326,8 @@ export namespace AttributeValue { string?: never; set?: never; record?: never; + ipaddr?: never; + decimal?: never; $unknown: [string, any]; } @@ -4142,6 +4338,8 @@ export namespace AttributeValue { string: (value: string) => T; set: (value: AttributeValue[]) => T; record: (value: Record) => T; + ipaddr: (value: string) => T; + decimal: (value: string) => T; _: (name: string, value: any) => T; } @@ -4152,6 +4350,8 @@ export namespace AttributeValue { if (value.string !== undefined) return visitor.string(value.string); if (value.set !== undefined) return visitor.set(value.set); if (value.record !== undefined) return visitor.record(value.record); + if (value.ipaddr !== undefined) return visitor.ipaddr(value.ipaddr); + if (value.decimal !== undefined) return visitor.decimal(value.decimal); return visitor._(value.$unknown[0], value.$unknown[1]); }; } @@ -4431,7 +4631,7 @@ export namespace EntitiesDefinition { export interface BatchIsAuthorizedOutput { /** *

A series of Allow or Deny decisions for each request, and - * the policies that produced them.

+ * the policies that produced them. These results are returned in the order they were requested.

* @public */ results: BatchIsAuthorizedOutputItem[] | undefined; @@ -4449,7 +4649,7 @@ export interface BatchIsAuthorizedWithTokenOutput { /** *

A series of Allow or Deny decisions for each request, and - * the policies that produced them.

+ * the policies that produced them. These results are returned in the order they were requested.

* @public */ results: BatchIsAuthorizedWithTokenOutputItem[] | undefined; @@ -4698,6 +4898,52 @@ export const EntityIdentifierFilterSensitiveLog = (obj: EntityIdentifier): any = ...(obj.entityId && { entityId: SENSITIVE_STRING }), }); +/** + * @internal + */ +export const StaticPolicyDefinitionDetailFilterSensitiveLog = (obj: StaticPolicyDefinitionDetail): any => ({ + ...obj, + ...(obj.description && { description: SENSITIVE_STRING }), + ...(obj.statement && { statement: SENSITIVE_STRING }), +}); + +/** + * @internal + */ +export const TemplateLinkedPolicyDefinitionDetailFilterSensitiveLog = ( + obj: TemplateLinkedPolicyDefinitionDetail +): any => ({ + ...obj, + ...(obj.principal && { principal: EntityIdentifierFilterSensitiveLog(obj.principal) }), + ...(obj.resource && { resource: EntityIdentifierFilterSensitiveLog(obj.resource) }), +}); + +/** + * @internal + */ +export const PolicyDefinitionDetailFilterSensitiveLog = (obj: PolicyDefinitionDetail): any => { + if (obj.static !== undefined) return { static: StaticPolicyDefinitionDetailFilterSensitiveLog(obj.static) }; + if (obj.templateLinked !== undefined) + return { templateLinked: TemplateLinkedPolicyDefinitionDetailFilterSensitiveLog(obj.templateLinked) }; + if (obj.$unknown !== undefined) return { [obj.$unknown[0]]: "UNKNOWN" }; +}; + +/** + * @internal + */ +export const BatchGetPolicyOutputItemFilterSensitiveLog = (obj: BatchGetPolicyOutputItem): any => ({ + ...obj, + ...(obj.definition && { definition: PolicyDefinitionDetailFilterSensitiveLog(obj.definition) }), +}); + +/** + * @internal + */ +export const BatchGetPolicyOutputFilterSensitiveLog = (obj: BatchGetPolicyOutput): any => ({ + ...obj, + ...(obj.results && { results: obj.results.map((item) => BatchGetPolicyOutputItemFilterSensitiveLog(item)) }), +}); + /** * @internal */ @@ -5075,36 +5321,6 @@ export const GetIdentitySourceOutputFilterSensitiveLog = (obj: GetIdentitySource ...(obj.configuration && { configuration: ConfigurationDetailFilterSensitiveLog(obj.configuration) }), }); -/** - * @internal - */ -export const StaticPolicyDefinitionDetailFilterSensitiveLog = (obj: StaticPolicyDefinitionDetail): any => ({ - ...obj, - ...(obj.description && { description: SENSITIVE_STRING }), - ...(obj.statement && { statement: SENSITIVE_STRING }), -}); - -/** - * @internal - */ -export const TemplateLinkedPolicyDefinitionDetailFilterSensitiveLog = ( - obj: TemplateLinkedPolicyDefinitionDetail -): any => ({ - ...obj, - ...(obj.principal && { principal: EntityIdentifierFilterSensitiveLog(obj.principal) }), - ...(obj.resource && { resource: EntityIdentifierFilterSensitiveLog(obj.resource) }), -}); - -/** - * @internal - */ -export const PolicyDefinitionDetailFilterSensitiveLog = (obj: PolicyDefinitionDetail): any => { - if (obj.static !== undefined) return { static: StaticPolicyDefinitionDetailFilterSensitiveLog(obj.static) }; - if (obj.templateLinked !== undefined) - return { templateLinked: TemplateLinkedPolicyDefinitionDetailFilterSensitiveLog(obj.templateLinked) }; - if (obj.$unknown !== undefined) return { [obj.$unknown[0]]: "UNKNOWN" }; -}; - /** * @internal */ @@ -5501,6 +5717,8 @@ export const AttributeValueFilterSensitiveLog = (obj: AttributeValue): any => { {} ), }; + if (obj.ipaddr !== undefined) return { ipaddr: SENSITIVE_STRING }; + if (obj.decimal !== undefined) return { decimal: SENSITIVE_STRING }; if (obj.$unknown !== undefined) return { [obj.$unknown[0]]: "UNKNOWN" }; }; diff --git a/clients/client-verifiedpermissions/src/protocols/Aws_json1_0.ts b/clients/client-verifiedpermissions/src/protocols/Aws_json1_0.ts index 3fe0d6da8f400..da338d3fbfa72 100644 --- a/clients/client-verifiedpermissions/src/protocols/Aws_json1_0.ts +++ b/clients/client-verifiedpermissions/src/protocols/Aws_json1_0.ts @@ -26,6 +26,7 @@ import { } from "@smithy/types"; import { v4 as generateIdempotencyToken } from "uuid"; +import { BatchGetPolicyCommandInput, BatchGetPolicyCommandOutput } from "../commands/BatchGetPolicyCommand"; import { BatchIsAuthorizedCommandInput, BatchIsAuthorizedCommandOutput } from "../commands/BatchIsAuthorizedCommand"; import { BatchIsAuthorizedWithTokenCommandInput, @@ -86,6 +87,10 @@ import { AccessDeniedException, ActionIdentifier, AttributeValue, + BatchGetPolicyInput, + BatchGetPolicyInputItem, + BatchGetPolicyOutput, + BatchGetPolicyOutputItem, BatchIsAuthorizedInput, BatchIsAuthorizedInputItem, BatchIsAuthorizedOutput, @@ -179,6 +184,19 @@ import { } from "../models/models_0"; import { VerifiedPermissionsServiceException as __BaseException } from "../models/VerifiedPermissionsServiceException"; +/** + * serializeAws_json1_0BatchGetPolicyCommand + */ +export const se_BatchGetPolicyCommand = async ( + input: BatchGetPolicyCommandInput, + context: __SerdeContext +): Promise<__HttpRequest> => { + const headers: __HeaderBag = sharedHeaders("BatchGetPolicy"); + let body: any; + body = JSON.stringify(_json(input)); + return buildHttpRpcRequest(context, headers, "/", undefined, body); +}; + /** * serializeAws_json1_0BatchIsAuthorizedCommand */ @@ -517,6 +535,26 @@ export const se_UpdatePolicyTemplateCommand = async ( return buildHttpRpcRequest(context, headers, "/", undefined, body); }; +/** + * deserializeAws_json1_0BatchGetPolicyCommand + */ +export const de_BatchGetPolicyCommand = async ( + output: __HttpResponse, + context: __SerdeContext +): Promise => { + if (output.statusCode >= 300) { + return de_CommandError(output, context); + } + const data: any = await parseBody(output.body, context); + let contents: any = {}; + contents = de_BatchGetPolicyOutput(data, context); + const response: BatchGetPolicyCommandOutput = { + $metadata: deserializeMetadata(output), + ...contents, + }; + return response; +}; + /** * deserializeAws_json1_0BatchIsAuthorizedCommand */ @@ -1053,15 +1091,15 @@ const de_CommandError = async (output: __HttpResponse, context: __SerdeContext): case "InternalServerException": case "com.amazonaws.verifiedpermissions#InternalServerException": throw await de_InternalServerExceptionRes(parsedOutput, context); - case "ResourceNotFoundException": - case "com.amazonaws.verifiedpermissions#ResourceNotFoundException": - throw await de_ResourceNotFoundExceptionRes(parsedOutput, context); case "ThrottlingException": case "com.amazonaws.verifiedpermissions#ThrottlingException": throw await de_ThrottlingExceptionRes(parsedOutput, context); case "ValidationException": case "com.amazonaws.verifiedpermissions#ValidationException": throw await de_ValidationExceptionRes(parsedOutput, context); + case "ResourceNotFoundException": + case "com.amazonaws.verifiedpermissions#ResourceNotFoundException": + throw await de_ResourceNotFoundExceptionRes(parsedOutput, context); case "ConflictException": case "com.amazonaws.verifiedpermissions#ConflictException": throw await de_ConflictExceptionRes(parsedOutput, context); @@ -1189,7 +1227,9 @@ const de_ValidationExceptionRes = async (parsedOutput: any, context: __SerdeCont const se_AttributeValue = (input: AttributeValue, context: __SerdeContext): any => { return AttributeValue.visit(input, { boolean: (value) => ({ boolean: value }), + decimal: (value) => ({ decimal: value }), entityIdentifier: (value) => ({ entityIdentifier: _json(value) }), + ipaddr: (value) => ({ ipaddr: value }), long: (value) => ({ long: value }), record: (value) => ({ record: se_RecordAttribute(value, context) }), set: (value) => ({ set: se_SetAttribute(value, context) }), @@ -1200,6 +1240,12 @@ const se_AttributeValue = (input: AttributeValue, context: __SerdeContext): any // se_Audiences omitted. +// se_BatchGetPolicyInput omitted. + +// se_BatchGetPolicyInputItem omitted. + +// se_BatchGetPolicyInputList omitted. + /** * serializeAws_json1_0BatchIsAuthorizedInput */ @@ -1551,11 +1597,17 @@ const de_AttributeValue = (output: any, context: __SerdeContext): AttributeValue if (__expectBoolean(output.boolean) !== undefined) { return { boolean: __expectBoolean(output.boolean) as any }; } + if (__expectString(output.decimal) !== undefined) { + return { decimal: __expectString(output.decimal) as any }; + } if (output.entityIdentifier != null) { return { entityIdentifier: _json(output.entityIdentifier), }; } + if (__expectString(output.ipaddr) !== undefined) { + return { ipaddr: __expectString(output.ipaddr) as any }; + } if (__expectLong(output.long) !== undefined) { return { long: __expectLong(output.long) as any }; } @@ -1577,6 +1629,46 @@ const de_AttributeValue = (output: any, context: __SerdeContext): AttributeValue // de_Audiences omitted. +// de_BatchGetPolicyErrorItem omitted. + +// de_BatchGetPolicyErrorList omitted. + +/** + * deserializeAws_json1_0BatchGetPolicyOutput + */ +const de_BatchGetPolicyOutput = (output: any, context: __SerdeContext): BatchGetPolicyOutput => { + return take(output, { + errors: _json, + results: (_: any) => de_BatchGetPolicyOutputList(_, context), + }) as any; +}; + +/** + * deserializeAws_json1_0BatchGetPolicyOutputItem + */ +const de_BatchGetPolicyOutputItem = (output: any, context: __SerdeContext): BatchGetPolicyOutputItem => { + return take(output, { + createdDate: (_: any) => __expectNonNull(__parseRfc3339DateTimeWithOffset(_)), + definition: (_: any) => _json(__expectUnion(_)), + lastUpdatedDate: (_: any) => __expectNonNull(__parseRfc3339DateTimeWithOffset(_)), + policyId: __expectString, + policyStoreId: __expectString, + policyType: __expectString, + }) as any; +}; + +/** + * deserializeAws_json1_0BatchGetPolicyOutputList + */ +const de_BatchGetPolicyOutputList = (output: any, context: __SerdeContext): BatchGetPolicyOutputItem[] => { + const retVal = (output || []) + .filter((e: any) => e != null) + .map((entry: any) => { + return de_BatchGetPolicyOutputItem(entry, context); + }); + return retVal; +}; + /** * deserializeAws_json1_0BatchIsAuthorizedInputItem */ diff --git a/codegen/sdk-codegen/aws-models/verifiedpermissions.json b/codegen/sdk-codegen/aws-models/verifiedpermissions.json index d7e073c1f1037..e2b51fcbf7645 100644 --- a/codegen/sdk-codegen/aws-models/verifiedpermissions.json +++ b/codegen/sdk-codegen/aws-models/verifiedpermissions.json @@ -105,6 +105,18 @@ "traits": { "smithy.api#documentation": "

An attribute value of Record\n type.

\n

Example: {\"record\": { \"keyName\": {} } }\n

" } + }, + "ipaddr": { + "target": "com.amazonaws.verifiedpermissions#IpAddr", + "traits": { + "smithy.api#documentation": "

An attribute value of ipaddr type.

\n

Example: {\"ip\": \"192.168.1.100\"}\n

" + } + }, + "decimal": { + "target": "com.amazonaws.verifiedpermissions#Decimal", + "traits": { + "smithy.api#documentation": "

An attribute value of decimal type.

\n

Example: {\"decimal\": \"1.1\"}\n

" + } } }, "traits": { @@ -132,6 +144,283 @@ } } }, + "com.amazonaws.verifiedpermissions#BatchGetPolicy": { + "type": "operation", + "input": { + "target": "com.amazonaws.verifiedpermissions#BatchGetPolicyInput" + }, + "output": { + "target": "com.amazonaws.verifiedpermissions#BatchGetPolicyOutput" + }, + "traits": { + "aws.iam#iamAction": { + "documentation": "Grants permission to return a list of a requested policies stored in the specified policy stores", + "name": "GetPolicy" + }, + "smithy.api#documentation": "

Retrieves information about a group (batch) of policies.

\n \n

The BatchGetPolicy operation doesn't have its own IAM\n permission. To authorize this operation for Amazon Web Services principals, include the permission\n verifiedpermissions:GetPolicy in their IAM policies.

\n ", + "smithy.api#examples": [ + { + "title": "To retrieve details about a policy", + "documentation": "The following example retrieves information about the specified policy contained in the specified policy store. In this example, the requested policy is a template-linked policy, so it returns the ID of the policy template, and the specific principal and resource used by this policy.", + "input": { + "requests": [ + { + "policyId": "PWv5M6d5HePx3gVVLKY1nK", + "policyStoreId": "ERZeDpRc34dkYZeb6FZRVC" + }, + { + "policyId": "LzFn6KgLWvv4Mbegus35jn", + "policyStoreId": "ERZeDpRc34dkYZeb6FZRVC" + }, + { + "policyId": "77gLjer8H5o3mvrnMGrSL5", + "policyStoreId": "ERZeDpRc34dkYZeb6FZRVC" + } + ] + }, + "output": { + "results": [ + { + "policyStoreId": "ERZeDpRc34dkYZeb6FZRVC", + "policyId": "PWv5M6d5HePx3gVVLKY1nK", + "policyType": "STATIC", + "definition": { + "static": { + "description": "Users can manage account resources in any account they own", + "statement": "permit (principal, action in PhotoFlash::Action::\"ManageAccount\",resource) when { resource in principal.Account };" + } + }, + "createdDate": "2024-10-18T18:53:39.258153Z", + "lastUpdatedDate": "2024-10-18T18:53:39.258153Z" + }, + { + "policyStoreId": "ERZeDpRc34dkYZeb6FZRVC", + "policyId": "LzFn6KgLWvv4Mbegus35jn", + "policyType": "STATIC", + "definition": { + "static": { + "description": "User alice can't delete any photos.", + "statement": "forbid (principal == PhotoFlash::User::\"alice\", action in [PhotoFlash::Action::\"DeletePhoto\"], resource);" + } + }, + "createdDate": "2024-10-18T18:57:03.305027Z", + "lastUpdatedDate": "2024-10-18T18:57:03.305027Z" + }, + { + "policyStoreId": "ERZeDpRc34dkYZeb6FZRVC", + "policyId": "77gLjer8H5o3mvrnMGrSL5", + "policyType": "STATIC", + "definition": { + "static": { + "description": "User alice can view and delete photos.", + "statement": "permit (principal == PhotoFlash::User::\"alice\", action in [PhotoFlash::Action::\"DeletePhoto\", PhotoFlash::Action::\"ViewPhoto\"], resource);" + } + }, + "createdDate": "2024-10-18T18:57:48.005343Z", + "lastUpdatedDate": "2024-10-18T18:57:48.005343Z" + } + ], + "errors": [] + } + } + ], + "smithy.api#readonly": {} + } + }, + "com.amazonaws.verifiedpermissions#BatchGetPolicyErrorCode": { + "type": "enum", + "members": { + "POLICY_STORE_NOT_FOUND": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "POLICY_STORE_NOT_FOUND" + } + }, + "POLICY_NOT_FOUND": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "POLICY_NOT_FOUND" + } + } + } + }, + "com.amazonaws.verifiedpermissions#BatchGetPolicyErrorItem": { + "type": "structure", + "members": { + "code": { + "target": "com.amazonaws.verifiedpermissions#BatchGetPolicyErrorCode", + "traits": { + "smithy.api#documentation": "

The error code that was returned.

", + "smithy.api#required": {} + } + }, + "policyStoreId": { + "target": "smithy.api#String", + "traits": { + "smithy.api#documentation": "

The identifier of the policy store associated with the failed request.

", + "smithy.api#required": {} + } + }, + "policyId": { + "target": "smithy.api#String", + "traits": { + "smithy.api#documentation": "

The identifier of the policy associated with the failed request.

", + "smithy.api#required": {} + } + }, + "message": { + "target": "smithy.api#String", + "traits": { + "smithy.api#documentation": "

A detailed error message.

", + "smithy.api#required": {} + } + } + }, + "traits": { + "smithy.api#documentation": "

Contains the information about an error resulting from a BatchGetPolicy API call.

" + } + }, + "com.amazonaws.verifiedpermissions#BatchGetPolicyErrorList": { + "type": "list", + "member": { + "target": "com.amazonaws.verifiedpermissions#BatchGetPolicyErrorItem" + } + }, + "com.amazonaws.verifiedpermissions#BatchGetPolicyInput": { + "type": "structure", + "members": { + "requests": { + "target": "com.amazonaws.verifiedpermissions#BatchGetPolicyInputList", + "traits": { + "smithy.api#documentation": "

An array of up to 100 policies you want information about.

", + "smithy.api#required": {} + } + } + }, + "traits": { + "smithy.api#input": {} + } + }, + "com.amazonaws.verifiedpermissions#BatchGetPolicyInputItem": { + "type": "structure", + "members": { + "policyStoreId": { + "target": "com.amazonaws.verifiedpermissions#PolicyStoreId", + "traits": { + "smithy.api#documentation": "

The identifier of the policy store where the policy you want information about is stored.

", + "smithy.api#required": {} + } + }, + "policyId": { + "target": "com.amazonaws.verifiedpermissions#PolicyId", + "traits": { + "smithy.api#documentation": "

The identifier of the policy you want information about.

", + "smithy.api#required": {} + } + } + }, + "traits": { + "smithy.api#documentation": "

Information about a policy that you include in a BatchGetPolicy API request.

", + "smithy.api#references": [ + { + "resource": "com.amazonaws.verifiedpermissions#PolicyStore" + }, + { + "resource": "com.amazonaws.verifiedpermissions#Policy" + } + ] + } + }, + "com.amazonaws.verifiedpermissions#BatchGetPolicyInputList": { + "type": "list", + "member": { + "target": "com.amazonaws.verifiedpermissions#BatchGetPolicyInputItem" + }, + "traits": { + "smithy.api#length": { + "min": 1, + "max": 100 + } + } + }, + "com.amazonaws.verifiedpermissions#BatchGetPolicyOutput": { + "type": "structure", + "members": { + "results": { + "target": "com.amazonaws.verifiedpermissions#BatchGetPolicyOutputList", + "traits": { + "smithy.api#documentation": "

Information about the policies listed in the request that were successfully returned. These results are returned in the order they were requested.

", + "smithy.api#required": {} + } + }, + "errors": { + "target": "com.amazonaws.verifiedpermissions#BatchGetPolicyErrorList", + "traits": { + "smithy.api#documentation": "

Information about the policies from the request that resulted in an error. These results are returned in the order they were requested.

", + "smithy.api#required": {} + } + } + }, + "traits": { + "smithy.api#output": {} + } + }, + "com.amazonaws.verifiedpermissions#BatchGetPolicyOutputItem": { + "type": "structure", + "members": { + "policyStoreId": { + "target": "com.amazonaws.verifiedpermissions#PolicyStoreId", + "traits": { + "smithy.api#documentation": "

The identifier of the policy store where the policy you want information about is stored.

", + "smithy.api#required": {} + } + }, + "policyId": { + "target": "com.amazonaws.verifiedpermissions#PolicyId", + "traits": { + "smithy.api#documentation": "

The identifier of the policy you want information about.

", + "smithy.api#required": {} + } + }, + "policyType": { + "target": "com.amazonaws.verifiedpermissions#PolicyType", + "traits": { + "smithy.api#documentation": "

The type of the policy. This is one of the following values:

\n
    \n
  • \n

    \n STATIC\n

    \n
    • \n
  • \n

    \n TEMPLATE_LINKED\n

    \n
    • \n
", + "smithy.api#required": {} + } + }, + "definition": { + "target": "com.amazonaws.verifiedpermissions#PolicyDefinitionDetail", + "traits": { + "smithy.api#documentation": "

The policy definition of an item in the list of policies returned.

", + "smithy.api#required": {} + } + }, + "createdDate": { + "target": "com.amazonaws.verifiedpermissions#TimestampFormat", + "traits": { + "smithy.api#documentation": "

The date and time the policy was created.

", + "smithy.api#required": {} + } + }, + "lastUpdatedDate": { + "target": "com.amazonaws.verifiedpermissions#TimestampFormat", + "traits": { + "smithy.api#documentation": "

The date and time the policy was most recently updated.

", + "smithy.api#required": {} + } + } + }, + "traits": { + "smithy.api#documentation": "

Contains information about a policy returned from a BatchGetPolicy API request.

" + } + }, + "com.amazonaws.verifiedpermissions#BatchGetPolicyOutputList": { + "type": "list", + "member": { + "target": "com.amazonaws.verifiedpermissions#BatchGetPolicyOutputItem" + } + }, "com.amazonaws.verifiedpermissions#BatchIsAuthorized": { "type": "operation", "input": { @@ -388,7 +677,7 @@ "results": { "target": "com.amazonaws.verifiedpermissions#BatchIsAuthorizedOutputList", "traits": { - "smithy.api#documentation": "

A series of Allow or Deny decisions for each request, and\n the policies that produced them.

", + "smithy.api#documentation": "

A series of Allow or Deny decisions for each request, and\n the policies that produced them. These results are returned in the order they were requested.

", "smithy.api#required": {} } } @@ -681,7 +970,7 @@ "results": { "target": "com.amazonaws.verifiedpermissions#BatchIsAuthorizedWithTokenOutputList", "traits": { - "smithy.api#documentation": "

A series of Allow or Deny decisions for each request, and\n the policies that produced them.

", + "smithy.api#documentation": "

A series of Allow or Deny decisions for each request, and\n the policies that produced them. These results are returned in the order they were requested.

", "smithy.api#required": {} } } @@ -1577,6 +1866,17 @@ "smithy.api#output": {} } }, + "com.amazonaws.verifiedpermissions#Decimal": { + "type": "string", + "traits": { + "smithy.api#length": { + "min": 3, + "max": 23 + }, + "smithy.api#pattern": "^-?\\d{1,15}\\.\\d{1,4}$", + "smithy.api#sensitive": {} + } + }, "com.amazonaws.verifiedpermissions#Decision": { "type": "enum", "members": { @@ -2874,6 +3174,17 @@ "smithy.api#retryable": {} } }, + "com.amazonaws.verifiedpermissions#IpAddr": { + "type": "string", + "traits": { + "smithy.api#length": { + "min": 1, + "max": 44 + }, + "smithy.api#pattern": "^[0-9a-fA-F\\.:\\/]*$", + "smithy.api#sensitive": {} + } + }, "com.amazonaws.verifiedpermissions#IsAuthorized": { "type": "operation", "input": { @@ -3714,7 +4025,6 @@ "type": "string", "traits": { "smithy.api#length": { - "min": 1, "max": 100 }, "smithy.api#pattern": "^.*$", @@ -4266,7 +4576,7 @@ "policyStoreId": { "target": "com.amazonaws.verifiedpermissions#PolicyStoreId", "traits": { - "smithy.api#documentation": "

The identifier of the PolicyStore where the policy you want information about is\n stored.

", + "smithy.api#documentation": "

The identifier of the policy store where the policy you want information about is\n stored.

", "smithy.api#required": {} } }, @@ -4392,6 +4702,11 @@ "target": "com.amazonaws.verifiedpermissions#PutSchema" } ], + "collectionOperations": [ + { + "target": "com.amazonaws.verifiedpermissions#BatchGetPolicy" + } + ], "resources": [ { "target": "com.amazonaws.verifiedpermissions#IdentitySource" @@ -4842,8 +5157,7 @@ "type": "string", "traits": { "smithy.api#length": { - "min": 1, - "max": 100000 + "min": 1 }, "smithy.api#sensitive": {} }