From c86d34336b5ff57c79e279059e9c967a8e8125ca Mon Sep 17 00:00:00 2001 From: awstools Date: Thu, 19 Oct 2023 19:36:15 +0000 Subject: [PATCH] feat(client-verifiedpermissions): Improving Amazon Verified Permissions Create experience --- .../commands/CreateIdentitySourceCommand.ts | 8 +- .../src/commands/CreatePolicyCommand.ts | 8 +- .../src/commands/CreatePolicyStoreCommand.ts | 11 +- .../commands/CreatePolicyTemplateCommand.ts | 8 +- .../commands/DeleteIdentitySourceCommand.ts | 4 +- .../src/commands/DeletePolicyCommand.ts | 4 +- .../src/commands/DeletePolicyStoreCommand.ts | 4 +- .../commands/DeletePolicyTemplateCommand.ts | 4 +- .../src/commands/GetIdentitySourceCommand.ts | 4 +- .../src/commands/GetPolicyCommand.ts | 4 +- .../src/commands/GetPolicyStoreCommand.ts | 4 +- .../src/commands/GetPolicyTemplateCommand.ts | 4 +- .../src/commands/GetSchemaCommand.ts | 4 +- .../src/commands/IsAuthorizedCommand.ts | 4 +- .../commands/IsAuthorizedWithTokenCommand.ts | 4 +- .../commands/ListIdentitySourcesCommand.ts | 4 +- .../src/commands/ListPoliciesCommand.ts | 4 +- .../src/commands/ListPolicyStoresCommand.ts | 4 +- .../commands/ListPolicyTemplatesCommand.ts | 4 +- .../src/commands/PutSchemaCommand.ts | 4 +- .../commands/UpdateIdentitySourceCommand.ts | 4 +- .../src/commands/UpdatePolicyCommand.ts | 4 +- .../src/commands/UpdatePolicyStoreCommand.ts | 4 +- .../commands/UpdatePolicyTemplateCommand.ts | 9 +- .../src/endpoint/ruleset.ts | 44 ++++---- .../src/models/models_0.ts | 14 +-- .../src/protocols/Aws_json1_0.ts | 12 +++ .../aws-models/verifiedpermissions.json | 101 ++++++++++-------- 28 files changed, 164 insertions(+), 127 deletions(-) diff --git a/clients/client-verifiedpermissions/src/commands/CreateIdentitySourceCommand.ts b/clients/client-verifiedpermissions/src/commands/CreateIdentitySourceCommand.ts index f5af3dad6712..a01fecc53e73 100644 --- a/clients/client-verifiedpermissions/src/commands/CreateIdentitySourceCommand.ts +++ b/clients/client-verifiedpermissions/src/commands/CreateIdentitySourceCommand.ts @@ -113,6 +113,10 @@ export interface CreateIdentitySourceCommandOutput extends CreateIdentitySourceO * @see {@link CreateIdentitySourceCommandOutput} for command's `response` shape. * @see {@link VerifiedPermissionsClientResolvedConfig | config} for VerifiedPermissionsClient's `config` shape. * + * @throws {@link ConflictException} (client fault) + *

The request failed because another request to modify a resource occurred at the + * same.

+ * * @throws {@link ResourceNotFoundException} (client fault) *

The request failed because it references a resource that doesn't exist.

* @@ -174,7 +178,7 @@ export interface CreateIdentitySourceCommandOutput extends CreateIdentitySourceO *

*

The policy attempts to access a record or entity attribute that isn't * specified in the schema. Test for the existence of the attribute first before - * attempting to access its value. For more information, see the has (presence of attribute test) operator in the + * attempting to access its value. For more information, see the has (presence of attribute test) operator in the * Cedar Policy Language Guide.

* *
  • @@ -184,7 +188,7 @@ export interface CreateIdentitySourceCommandOutput extends CreateIdentitySourceO *

    The policy attempts to access a record or entity attribute that is optional * and isn't guaranteed to be present. Test for the existence of the attribute * first before attempting to access its value. For more information, see the - * has (presence of attribute test) operator in the + * has (presence of attribute test) operator in the * Cedar Policy Language Guide.

    *
    • *
  • diff --git a/clients/client-verifiedpermissions/src/commands/CreatePolicyCommand.ts b/clients/client-verifiedpermissions/src/commands/CreatePolicyCommand.ts index 4168a8cfbe2b..88a1d723d92c 100644 --- a/clients/client-verifiedpermissions/src/commands/CreatePolicyCommand.ts +++ b/clients/client-verifiedpermissions/src/commands/CreatePolicyCommand.ts @@ -126,6 +126,10 @@ export interface CreatePolicyCommandOutput extends CreatePolicyOutput, __Metadat * @see {@link CreatePolicyCommandOutput} for command's `response` shape. * @see {@link VerifiedPermissionsClientResolvedConfig | config} for VerifiedPermissionsClient's `config` shape. * + * @throws {@link ConflictException} (client fault) + *

    The request failed because another request to modify a resource occurred at the + * same.

    + * * @throws {@link ResourceNotFoundException} (client fault) *

    The request failed because it references a resource that doesn't exist.

    * @@ -187,7 +191,7 @@ export interface CreatePolicyCommandOutput extends CreatePolicyOutput, __Metadat *

    *

    The policy attempts to access a record or entity attribute that isn't * specified in the schema. Test for the existence of the attribute first before - * attempting to access its value. For more information, see the has (presence of attribute test) operator in the + * attempting to access its value. For more information, see the has (presence of attribute test) operator in the * Cedar Policy Language Guide.

    *
    • *
  • @@ -197,7 +201,7 @@ export interface CreatePolicyCommandOutput extends CreatePolicyOutput, __Metadat *

    The policy attempts to access a record or entity attribute that is optional * and isn't guaranteed to be present. Test for the existence of the attribute * first before attempting to access its value. For more information, see the - * has (presence of attribute test) operator in the + * has (presence of attribute test) operator in the * Cedar Policy Language Guide.

    *
    • *
  • diff --git a/clients/client-verifiedpermissions/src/commands/CreatePolicyStoreCommand.ts b/clients/client-verifiedpermissions/src/commands/CreatePolicyStoreCommand.ts index dd493134420e..0a22118959e6 100644 --- a/clients/client-verifiedpermissions/src/commands/CreatePolicyStoreCommand.ts +++ b/clients/client-verifiedpermissions/src/commands/CreatePolicyStoreCommand.ts @@ -43,8 +43,7 @@ export interface CreatePolicyStoreCommandOutput extends CreatePolicyStoreOutput, * @public *

    Creates a policy store. A policy store is a container for policy resources.

    * - *

    Although Cedar - * supports multiple namespaces, Verified Permissions currently supports only one + *

    Although Cedar supports multiple namespaces, Verified Permissions currently supports only one * namespace per policy store.

    *     * @@ -82,6 +81,10 @@ export interface CreatePolicyStoreCommandOutput extends CreatePolicyStoreOutput, * @see {@link CreatePolicyStoreCommandOutput} for command's `response` shape. * @see {@link VerifiedPermissionsClientResolvedConfig | config} for VerifiedPermissionsClient's `config` shape. * + * @throws {@link ConflictException} (client fault) + *

    The request failed because another request to modify a resource occurred at the + * same.

    + * * @throws {@link ServiceQuotaExceededException} (client fault) *

    The request failed because it would cause a service quota to be exceeded.

    * @@ -140,7 +143,7 @@ export interface CreatePolicyStoreCommandOutput extends CreatePolicyStoreOutput, *

    *

    The policy attempts to access a record or entity attribute that isn't * specified in the schema. Test for the existence of the attribute first before - * attempting to access its value. For more information, see the has (presence of attribute test) operator in the + * attempting to access its value. For more information, see the has (presence of attribute test) operator in the * Cedar Policy Language Guide.

    *
    • *
  • @@ -150,7 +153,7 @@ export interface CreatePolicyStoreCommandOutput extends CreatePolicyStoreOutput, *

    The policy attempts to access a record or entity attribute that is optional * and isn't guaranteed to be present. Test for the existence of the attribute * first before attempting to access its value. For more information, see the - * has (presence of attribute test) operator in the + * has (presence of attribute test) operator in the * Cedar Policy Language Guide.

    *
    • *
  • diff --git a/clients/client-verifiedpermissions/src/commands/CreatePolicyTemplateCommand.ts b/clients/client-verifiedpermissions/src/commands/CreatePolicyTemplateCommand.ts index 93ebe04794e7..82f620e0e69c 100644 --- a/clients/client-verifiedpermissions/src/commands/CreatePolicyTemplateCommand.ts +++ b/clients/client-verifiedpermissions/src/commands/CreatePolicyTemplateCommand.ts @@ -87,6 +87,10 @@ export interface CreatePolicyTemplateCommandOutput extends CreatePolicyTemplateO * @see {@link CreatePolicyTemplateCommandOutput} for command's `response` shape. * @see {@link VerifiedPermissionsClientResolvedConfig | config} for VerifiedPermissionsClient's `config` shape. * + * @throws {@link ConflictException} (client fault) + *

    The request failed because another request to modify a resource occurred at the + * same.

    + * * @throws {@link ResourceNotFoundException} (client fault) *

    The request failed because it references a resource that doesn't exist.

    * @@ -148,7 +152,7 @@ export interface CreatePolicyTemplateCommandOutput extends CreatePolicyTemplateO *

    *

    The policy attempts to access a record or entity attribute that isn't * specified in the schema. Test for the existence of the attribute first before - * attempting to access its value. For more information, see the has (presence of attribute test) operator in the + * attempting to access its value. For more information, see the has (presence of attribute test) operator in the * Cedar Policy Language Guide.

    *
    • *
  • @@ -158,7 +162,7 @@ export interface CreatePolicyTemplateCommandOutput extends CreatePolicyTemplateO *

    The policy attempts to access a record or entity attribute that is optional * and isn't guaranteed to be present. Test for the existence of the attribute * first before attempting to access its value. For more information, see the - * has (presence of attribute test) operator in the + * has (presence of attribute test) operator in the * Cedar Policy Language Guide.

    *
    • *
  • diff --git a/clients/client-verifiedpermissions/src/commands/DeleteIdentitySourceCommand.ts b/clients/client-verifiedpermissions/src/commands/DeleteIdentitySourceCommand.ts index 4bd9a95ce17f..fea3ea7a0063 100644 --- a/clients/client-verifiedpermissions/src/commands/DeleteIdentitySourceCommand.ts +++ b/clients/client-verifiedpermissions/src/commands/DeleteIdentitySourceCommand.ts @@ -129,7 +129,7 @@ export interface DeleteIdentitySourceCommandOutput extends DeleteIdentitySourceO *

    *

    The policy attempts to access a record or entity attribute that isn't * specified in the schema. Test for the existence of the attribute first before - * attempting to access its value. For more information, see the has (presence of attribute test) operator in the + * attempting to access its value. For more information, see the has (presence of attribute test) operator in the * Cedar Policy Language Guide.

    *
    • *
  • @@ -139,7 +139,7 @@ export interface DeleteIdentitySourceCommandOutput extends DeleteIdentitySourceO *

    The policy attempts to access a record or entity attribute that is optional * and isn't guaranteed to be present. Test for the existence of the attribute * first before attempting to access its value. For more information, see the - * has (presence of attribute test) operator in the + * has (presence of attribute test) operator in the * Cedar Policy Language Guide.

    *
    • *
  • diff --git a/clients/client-verifiedpermissions/src/commands/DeletePolicyCommand.ts b/clients/client-verifiedpermissions/src/commands/DeletePolicyCommand.ts index 7fbf6ab6af0f..cddb8f222da3 100644 --- a/clients/client-verifiedpermissions/src/commands/DeletePolicyCommand.ts +++ b/clients/client-verifiedpermissions/src/commands/DeletePolicyCommand.ts @@ -128,7 +128,7 @@ export interface DeletePolicyCommandOutput extends DeletePolicyOutput, __Metadat *

    *

    The policy attempts to access a record or entity attribute that isn't * specified in the schema. Test for the existence of the attribute first before - * attempting to access its value. For more information, see the has (presence of attribute test) operator in the + * attempting to access its value. For more information, see the has (presence of attribute test) operator in the * Cedar Policy Language Guide.

    *
    • *
  • @@ -138,7 +138,7 @@ export interface DeletePolicyCommandOutput extends DeletePolicyOutput, __Metadat *

    The policy attempts to access a record or entity attribute that is optional * and isn't guaranteed to be present. Test for the existence of the attribute * first before attempting to access its value. For more information, see the - * has (presence of attribute test) operator in the + * has (presence of attribute test) operator in the * Cedar Policy Language Guide.

    *
    • *
  • diff --git a/clients/client-verifiedpermissions/src/commands/DeletePolicyStoreCommand.ts b/clients/client-verifiedpermissions/src/commands/DeletePolicyStoreCommand.ts index 723060d8a3d3..5e36ef572c58 100644 --- a/clients/client-verifiedpermissions/src/commands/DeletePolicyStoreCommand.ts +++ b/clients/client-verifiedpermissions/src/commands/DeletePolicyStoreCommand.ts @@ -120,7 +120,7 @@ export interface DeletePolicyStoreCommandOutput extends DeletePolicyStoreOutput, *

    *

    The policy attempts to access a record or entity attribute that isn't * specified in the schema. Test for the existence of the attribute first before - * attempting to access its value. For more information, see the has (presence of attribute test) operator in the + * attempting to access its value. For more information, see the has (presence of attribute test) operator in the * Cedar Policy Language Guide.

    *
    • *
  • @@ -130,7 +130,7 @@ export interface DeletePolicyStoreCommandOutput extends DeletePolicyStoreOutput, *

    The policy attempts to access a record or entity attribute that is optional * and isn't guaranteed to be present. Test for the existence of the attribute * first before attempting to access its value. For more information, see the - * has (presence of attribute test) operator in the + * has (presence of attribute test) operator in the * Cedar Policy Language Guide.

    *
    • *
  • diff --git a/clients/client-verifiedpermissions/src/commands/DeletePolicyTemplateCommand.ts b/clients/client-verifiedpermissions/src/commands/DeletePolicyTemplateCommand.ts index 0dae8f8ac306..6a70bc83f826 100644 --- a/clients/client-verifiedpermissions/src/commands/DeletePolicyTemplateCommand.ts +++ b/clients/client-verifiedpermissions/src/commands/DeletePolicyTemplateCommand.ts @@ -131,7 +131,7 @@ export interface DeletePolicyTemplateCommandOutput extends DeletePolicyTemplateO *

    *

    The policy attempts to access a record or entity attribute that isn't * specified in the schema. Test for the existence of the attribute first before - * attempting to access its value. For more information, see the has (presence of attribute test) operator in the + * attempting to access its value. For more information, see the has (presence of attribute test) operator in the * Cedar Policy Language Guide.

    *
    • *
  • @@ -141,7 +141,7 @@ export interface DeletePolicyTemplateCommandOutput extends DeletePolicyTemplateO *

    The policy attempts to access a record or entity attribute that is optional * and isn't guaranteed to be present. Test for the existence of the attribute * first before attempting to access its value. For more information, see the - * has (presence of attribute test) operator in the + * has (presence of attribute test) operator in the * Cedar Policy Language Guide.

    *
    • *
  • diff --git a/clients/client-verifiedpermissions/src/commands/GetIdentitySourceCommand.ts b/clients/client-verifiedpermissions/src/commands/GetIdentitySourceCommand.ts index 277b0dad26ba..16de6a6d9c68 100644 --- a/clients/client-verifiedpermissions/src/commands/GetIdentitySourceCommand.ts +++ b/clients/client-verifiedpermissions/src/commands/GetIdentitySourceCommand.ts @@ -140,7 +140,7 @@ export interface GetIdentitySourceCommandOutput extends GetIdentitySourceOutput, *

    *

    The policy attempts to access a record or entity attribute that isn't * specified in the schema. Test for the existence of the attribute first before - * attempting to access its value. For more information, see the has (presence of attribute test) operator in the + * attempting to access its value. For more information, see the has (presence of attribute test) operator in the * Cedar Policy Language Guide.

    *
    • *
  • @@ -150,7 +150,7 @@ export interface GetIdentitySourceCommandOutput extends GetIdentitySourceOutput, *

    The policy attempts to access a record or entity attribute that is optional * and isn't guaranteed to be present. Test for the existence of the attribute * first before attempting to access its value. For more information, see the - * has (presence of attribute test) operator in the + * has (presence of attribute test) operator in the * Cedar Policy Language Guide.

    *
    • *
  • diff --git a/clients/client-verifiedpermissions/src/commands/GetPolicyCommand.ts b/clients/client-verifiedpermissions/src/commands/GetPolicyCommand.ts index b8e5002d3e5c..657cf3aa6d40 100644 --- a/clients/client-verifiedpermissions/src/commands/GetPolicyCommand.ts +++ b/clients/client-verifiedpermissions/src/commands/GetPolicyCommand.ts @@ -153,7 +153,7 @@ export interface GetPolicyCommandOutput extends GetPolicyOutput, __MetadataBeare *

    *

    The policy attempts to access a record or entity attribute that isn't * specified in the schema. Test for the existence of the attribute first before - * attempting to access its value. For more information, see the has (presence of attribute test) operator in the + * attempting to access its value. For more information, see the has (presence of attribute test) operator in the * Cedar Policy Language Guide.

    *
    • *
  • @@ -163,7 +163,7 @@ export interface GetPolicyCommandOutput extends GetPolicyOutput, __MetadataBeare *

    The policy attempts to access a record or entity attribute that is optional * and isn't guaranteed to be present. Test for the existence of the attribute * first before attempting to access its value. For more information, see the - * has (presence of attribute test) operator in the + * has (presence of attribute test) operator in the * Cedar Policy Language Guide.

    *
    • *
  • diff --git a/clients/client-verifiedpermissions/src/commands/GetPolicyStoreCommand.ts b/clients/client-verifiedpermissions/src/commands/GetPolicyStoreCommand.ts index ea10234644b4..41e61fcb88ba 100644 --- a/clients/client-verifiedpermissions/src/commands/GetPolicyStoreCommand.ts +++ b/clients/client-verifiedpermissions/src/commands/GetPolicyStoreCommand.ts @@ -129,7 +129,7 @@ export interface GetPolicyStoreCommandOutput extends GetPolicyStoreOutput, __Met *

    *

    The policy attempts to access a record or entity attribute that isn't * specified in the schema. Test for the existence of the attribute first before - * attempting to access its value. For more information, see the has (presence of attribute test) operator in the + * attempting to access its value. For more information, see the has (presence of attribute test) operator in the * Cedar Policy Language Guide.

    *
    • *
  • @@ -139,7 +139,7 @@ export interface GetPolicyStoreCommandOutput extends GetPolicyStoreOutput, __Met *

    The policy attempts to access a record or entity attribute that is optional * and isn't guaranteed to be present. Test for the existence of the attribute * first before attempting to access its value. For more information, see the - * has (presence of attribute test) operator in the + * has (presence of attribute test) operator in the * Cedar Policy Language Guide.

    *
    • *
  • diff --git a/clients/client-verifiedpermissions/src/commands/GetPolicyTemplateCommand.ts b/clients/client-verifiedpermissions/src/commands/GetPolicyTemplateCommand.ts index 4d3fe08dc028..2e9929ce9228 100644 --- a/clients/client-verifiedpermissions/src/commands/GetPolicyTemplateCommand.ts +++ b/clients/client-verifiedpermissions/src/commands/GetPolicyTemplateCommand.ts @@ -133,7 +133,7 @@ export interface GetPolicyTemplateCommandOutput extends GetPolicyTemplateOutput, *

    *

    The policy attempts to access a record or entity attribute that isn't * specified in the schema. Test for the existence of the attribute first before - * attempting to access its value. For more information, see the has (presence of attribute test) operator in the + * attempting to access its value. For more information, see the has (presence of attribute test) operator in the * Cedar Policy Language Guide.

    *
    • *
  • @@ -143,7 +143,7 @@ export interface GetPolicyTemplateCommandOutput extends GetPolicyTemplateOutput, *

    The policy attempts to access a record or entity attribute that is optional * and isn't guaranteed to be present. Test for the existence of the attribute * first before attempting to access its value. For more information, see the - * has (presence of attribute test) operator in the + * has (presence of attribute test) operator in the * Cedar Policy Language Guide.

    *
    • *
  • diff --git a/clients/client-verifiedpermissions/src/commands/GetSchemaCommand.ts b/clients/client-verifiedpermissions/src/commands/GetSchemaCommand.ts index 2f3839b61458..9fe6608da22c 100644 --- a/clients/client-verifiedpermissions/src/commands/GetSchemaCommand.ts +++ b/clients/client-verifiedpermissions/src/commands/GetSchemaCommand.ts @@ -126,7 +126,7 @@ export interface GetSchemaCommandOutput extends GetSchemaOutput, __MetadataBeare *

    *

    The policy attempts to access a record or entity attribute that isn't * specified in the schema. Test for the existence of the attribute first before - * attempting to access its value. For more information, see the has (presence of attribute test) operator in the + * attempting to access its value. For more information, see the has (presence of attribute test) operator in the * Cedar Policy Language Guide.

    *
    • *
  • @@ -136,7 +136,7 @@ export interface GetSchemaCommandOutput extends GetSchemaOutput, __MetadataBeare *

    The policy attempts to access a record or entity attribute that is optional * and isn't guaranteed to be present. Test for the existence of the attribute * first before attempting to access its value. For more information, see the - * has (presence of attribute test) operator in the + * has (presence of attribute test) operator in the * Cedar Policy Language Guide.

    *
    • *
  • diff --git a/clients/client-verifiedpermissions/src/commands/IsAuthorizedCommand.ts b/clients/client-verifiedpermissions/src/commands/IsAuthorizedCommand.ts index ec54ff386f6f..049ab4676bcb 100644 --- a/clients/client-verifiedpermissions/src/commands/IsAuthorizedCommand.ts +++ b/clients/client-verifiedpermissions/src/commands/IsAuthorizedCommand.ts @@ -198,7 +198,7 @@ export interface IsAuthorizedCommandOutput extends IsAuthorizedOutput, __Metadat *

    *

    The policy attempts to access a record or entity attribute that isn't * specified in the schema. Test for the existence of the attribute first before - * attempting to access its value. For more information, see the has (presence of attribute test) operator in the + * attempting to access its value. For more information, see the has (presence of attribute test) operator in the * Cedar Policy Language Guide.

    *
    • *
  • @@ -208,7 +208,7 @@ export interface IsAuthorizedCommandOutput extends IsAuthorizedOutput, __Metadat *

    The policy attempts to access a record or entity attribute that is optional * and isn't guaranteed to be present. Test for the existence of the attribute * first before attempting to access its value. For more information, see the - * has (presence of attribute test) operator in the + * has (presence of attribute test) operator in the * Cedar Policy Language Guide.

    *
    • *
  • diff --git a/clients/client-verifiedpermissions/src/commands/IsAuthorizedWithTokenCommand.ts b/clients/client-verifiedpermissions/src/commands/IsAuthorizedWithTokenCommand.ts index 7db23635eaab..ae90eaa87c6f 100644 --- a/clients/client-verifiedpermissions/src/commands/IsAuthorizedWithTokenCommand.ts +++ b/clients/client-verifiedpermissions/src/commands/IsAuthorizedWithTokenCommand.ts @@ -213,7 +213,7 @@ export interface IsAuthorizedWithTokenCommandOutput extends IsAuthorizedWithToke *

    *

    The policy attempts to access a record or entity attribute that isn't * specified in the schema. Test for the existence of the attribute first before - * attempting to access its value. For more information, see the has (presence of attribute test) operator in the + * attempting to access its value. For more information, see the has (presence of attribute test) operator in the * Cedar Policy Language Guide.

    *
    • *
  • @@ -223,7 +223,7 @@ export interface IsAuthorizedWithTokenCommandOutput extends IsAuthorizedWithToke *

    The policy attempts to access a record or entity attribute that is optional * and isn't guaranteed to be present. Test for the existence of the attribute * first before attempting to access its value. For more information, see the - * has (presence of attribute test) operator in the + * has (presence of attribute test) operator in the * Cedar Policy Language Guide.

    *
    • *
  • diff --git a/clients/client-verifiedpermissions/src/commands/ListIdentitySourcesCommand.ts b/clients/client-verifiedpermissions/src/commands/ListIdentitySourcesCommand.ts index eed17efeeac4..9546d0567bcf 100644 --- a/clients/client-verifiedpermissions/src/commands/ListIdentitySourcesCommand.ts +++ b/clients/client-verifiedpermissions/src/commands/ListIdentitySourcesCommand.ts @@ -152,7 +152,7 @@ export interface ListIdentitySourcesCommandOutput extends ListIdentitySourcesOut *

    *

    The policy attempts to access a record or entity attribute that isn't * specified in the schema. Test for the existence of the attribute first before - * attempting to access its value. For more information, see the has (presence of attribute test) operator in the + * attempting to access its value. For more information, see the has (presence of attribute test) operator in the * Cedar Policy Language Guide.

    *
    • *
  • @@ -162,7 +162,7 @@ export interface ListIdentitySourcesCommandOutput extends ListIdentitySourcesOut *

    The policy attempts to access a record or entity attribute that is optional * and isn't guaranteed to be present. Test for the existence of the attribute * first before attempting to access its value. For more information, see the - * has (presence of attribute test) operator in the + * has (presence of attribute test) operator in the * Cedar Policy Language Guide.

    *
    • *
  • diff --git a/clients/client-verifiedpermissions/src/commands/ListPoliciesCommand.ts b/clients/client-verifiedpermissions/src/commands/ListPoliciesCommand.ts index 76f300097d29..5eeb147ecc0c 100644 --- a/clients/client-verifiedpermissions/src/commands/ListPoliciesCommand.ts +++ b/clients/client-verifiedpermissions/src/commands/ListPoliciesCommand.ts @@ -181,7 +181,7 @@ export interface ListPoliciesCommandOutput extends ListPoliciesOutput, __Metadat *

    *

    The policy attempts to access a record or entity attribute that isn't * specified in the schema. Test for the existence of the attribute first before - * attempting to access its value. For more information, see the has (presence of attribute test) operator in the + * attempting to access its value. For more information, see the has (presence of attribute test) operator in the * Cedar Policy Language Guide.

    *
    • *
  • @@ -191,7 +191,7 @@ export interface ListPoliciesCommandOutput extends ListPoliciesOutput, __Metadat *

    The policy attempts to access a record or entity attribute that is optional * and isn't guaranteed to be present. Test for the existence of the attribute * first before attempting to access its value. For more information, see the - * has (presence of attribute test) operator in the + * has (presence of attribute test) operator in the * Cedar Policy Language Guide.

    *
    • *
  • diff --git a/clients/client-verifiedpermissions/src/commands/ListPolicyStoresCommand.ts b/clients/client-verifiedpermissions/src/commands/ListPolicyStoresCommand.ts index d1913c518669..50b9b7161a14 100644 --- a/clients/client-verifiedpermissions/src/commands/ListPolicyStoresCommand.ts +++ b/clients/client-verifiedpermissions/src/commands/ListPolicyStoresCommand.ts @@ -128,7 +128,7 @@ export interface ListPolicyStoresCommandOutput extends ListPolicyStoresOutput, _ *

    *

    The policy attempts to access a record or entity attribute that isn't * specified in the schema. Test for the existence of the attribute first before - * attempting to access its value. For more information, see the has (presence of attribute test) operator in the + * attempting to access its value. For more information, see the has (presence of attribute test) operator in the * Cedar Policy Language Guide.

    *
    • *
  • @@ -138,7 +138,7 @@ export interface ListPolicyStoresCommandOutput extends ListPolicyStoresOutput, _ *

    The policy attempts to access a record or entity attribute that is optional * and isn't guaranteed to be present. Test for the existence of the attribute * first before attempting to access its value. For more information, see the - * has (presence of attribute test) operator in the + * has (presence of attribute test) operator in the * Cedar Policy Language Guide.

    *
    • *
  • diff --git a/clients/client-verifiedpermissions/src/commands/ListPolicyTemplatesCommand.ts b/clients/client-verifiedpermissions/src/commands/ListPolicyTemplatesCommand.ts index 61c7d314b617..9fb4aaa5dd84 100644 --- a/clients/client-verifiedpermissions/src/commands/ListPolicyTemplatesCommand.ts +++ b/clients/client-verifiedpermissions/src/commands/ListPolicyTemplatesCommand.ts @@ -138,7 +138,7 @@ export interface ListPolicyTemplatesCommandOutput extends ListPolicyTemplatesOut *

    *

    The policy attempts to access a record or entity attribute that isn't * specified in the schema. Test for the existence of the attribute first before - * attempting to access its value. For more information, see the has (presence of attribute test) operator in the + * attempting to access its value. For more information, see the has (presence of attribute test) operator in the * Cedar Policy Language Guide.

    *
    • *
  • @@ -148,7 +148,7 @@ export interface ListPolicyTemplatesCommandOutput extends ListPolicyTemplatesOut *

    The policy attempts to access a record or entity attribute that is optional * and isn't guaranteed to be present. Test for the existence of the attribute * first before attempting to access its value. For more information, see the - * has (presence of attribute test) operator in the + * has (presence of attribute test) operator in the * Cedar Policy Language Guide.

    *
    • *
  • diff --git a/clients/client-verifiedpermissions/src/commands/PutSchemaCommand.ts b/clients/client-verifiedpermissions/src/commands/PutSchemaCommand.ts index 1de4d2f87df8..d51358e3d416 100644 --- a/clients/client-verifiedpermissions/src/commands/PutSchemaCommand.ts +++ b/clients/client-verifiedpermissions/src/commands/PutSchemaCommand.ts @@ -153,7 +153,7 @@ export interface PutSchemaCommandOutput extends PutSchemaOutput, __MetadataBeare *

    *

    The policy attempts to access a record or entity attribute that isn't * specified in the schema. Test for the existence of the attribute first before - * attempting to access its value. For more information, see the has (presence of attribute test) operator in the + * attempting to access its value. For more information, see the has (presence of attribute test) operator in the * Cedar Policy Language Guide.

    *
    • *
  • @@ -163,7 +163,7 @@ export interface PutSchemaCommandOutput extends PutSchemaOutput, __MetadataBeare *

    The policy attempts to access a record or entity attribute that is optional * and isn't guaranteed to be present. Test for the existence of the attribute * first before attempting to access its value. For more information, see the - * has (presence of attribute test) operator in the + * has (presence of attribute test) operator in the * Cedar Policy Language Guide.

    *
    • *
  • diff --git a/clients/client-verifiedpermissions/src/commands/UpdateIdentitySourceCommand.ts b/clients/client-verifiedpermissions/src/commands/UpdateIdentitySourceCommand.ts index 303ab646fdef..06f94b673671 100644 --- a/clients/client-verifiedpermissions/src/commands/UpdateIdentitySourceCommand.ts +++ b/clients/client-verifiedpermissions/src/commands/UpdateIdentitySourceCommand.ts @@ -151,7 +151,7 @@ export interface UpdateIdentitySourceCommandOutput extends UpdateIdentitySourceO *

    *

    The policy attempts to access a record or entity attribute that isn't * specified in the schema. Test for the existence of the attribute first before - * attempting to access its value. For more information, see the has (presence of attribute test) operator in the + * attempting to access its value. For more information, see the has (presence of attribute test) operator in the * Cedar Policy Language Guide.

    *
    • *
  • @@ -161,7 +161,7 @@ export interface UpdateIdentitySourceCommandOutput extends UpdateIdentitySourceO *

    The policy attempts to access a record or entity attribute that is optional * and isn't guaranteed to be present. Test for the existence of the attribute * first before attempting to access its value. For more information, see the - * has (presence of attribute test) operator in the + * has (presence of attribute test) operator in the * Cedar Policy Language Guide.

    *
    • *
  • diff --git a/clients/client-verifiedpermissions/src/commands/UpdatePolicyCommand.ts b/clients/client-verifiedpermissions/src/commands/UpdatePolicyCommand.ts index a93377da4154..c4549dc4fa0f 100644 --- a/clients/client-verifiedpermissions/src/commands/UpdatePolicyCommand.ts +++ b/clients/client-verifiedpermissions/src/commands/UpdatePolicyCommand.ts @@ -204,7 +204,7 @@ export interface UpdatePolicyCommandOutput extends UpdatePolicyOutput, __Metadat *

    *

    The policy attempts to access a record or entity attribute that isn't * specified in the schema. Test for the existence of the attribute first before - * attempting to access its value. For more information, see the has (presence of attribute test) operator in the + * attempting to access its value. For more information, see the has (presence of attribute test) operator in the * Cedar Policy Language Guide.

    *
    • *
  • @@ -214,7 +214,7 @@ export interface UpdatePolicyCommandOutput extends UpdatePolicyOutput, __Metadat *

    The policy attempts to access a record or entity attribute that is optional * and isn't guaranteed to be present. Test for the existence of the attribute * first before attempting to access its value. For more information, see the - * has (presence of attribute test) operator in the + * has (presence of attribute test) operator in the * Cedar Policy Language Guide.

    *
    • *
  • diff --git a/clients/client-verifiedpermissions/src/commands/UpdatePolicyStoreCommand.ts b/clients/client-verifiedpermissions/src/commands/UpdatePolicyStoreCommand.ts index 32a0ff25b680..844621ff28b5 100644 --- a/clients/client-verifiedpermissions/src/commands/UpdatePolicyStoreCommand.ts +++ b/clients/client-verifiedpermissions/src/commands/UpdatePolicyStoreCommand.ts @@ -139,7 +139,7 @@ export interface UpdatePolicyStoreCommandOutput extends UpdatePolicyStoreOutput, *

    *

    The policy attempts to access a record or entity attribute that isn't * specified in the schema. Test for the existence of the attribute first before - * attempting to access its value. For more information, see the has (presence of attribute test) operator in the + * attempting to access its value. For more information, see the has (presence of attribute test) operator in the * Cedar Policy Language Guide.

    *
    • *
  • @@ -149,7 +149,7 @@ export interface UpdatePolicyStoreCommandOutput extends UpdatePolicyStoreOutput, *

    The policy attempts to access a record or entity attribute that is optional * and isn't guaranteed to be present. Test for the existence of the attribute * first before attempting to access its value. For more information, see the - * has (presence of attribute test) operator in the + * has (presence of attribute test) operator in the * Cedar Policy Language Guide.

    *
    • *
  • diff --git a/clients/client-verifiedpermissions/src/commands/UpdatePolicyTemplateCommand.ts b/clients/client-verifiedpermissions/src/commands/UpdatePolicyTemplateCommand.ts index 8e2206223ec1..eccc2202f086 100644 --- a/clients/client-verifiedpermissions/src/commands/UpdatePolicyTemplateCommand.ts +++ b/clients/client-verifiedpermissions/src/commands/UpdatePolicyTemplateCommand.ts @@ -48,8 +48,9 @@ export interface UpdatePolicyTemplateCommandOutput extends UpdatePolicyTemplateO *

    Updates the specified policy template. You can update only the description and the some elements * of the policyBody.

    * - *

    Changes you make to the policy template content are immediately reflected in authorization - * decisions that involve all template-linked policies instantiated from this template.

    + *

    Changes you make to the policy template content are immediately (within the constraints of + * eventual consistency) reflected in authorization decisions that involve all template-linked policies + * instantiated from this template.

    *     * *

    Verified Permissions is @@ -148,7 +149,7 @@ export interface UpdatePolicyTemplateCommandOutput extends UpdatePolicyTemplateO *

    *

    The policy attempts to access a record or entity attribute that isn't * specified in the schema. Test for the existence of the attribute first before - * attempting to access its value. For more information, see the has (presence of attribute test) operator in the + * attempting to access its value. For more information, see the has (presence of attribute test) operator in the * Cedar Policy Language Guide.

    *
    • *
  • @@ -158,7 +159,7 @@ export interface UpdatePolicyTemplateCommandOutput extends UpdatePolicyTemplateO *

    The policy attempts to access a record or entity attribute that is optional * and isn't guaranteed to be present. Test for the existence of the attribute * first before attempting to access its value. For more information, see the - * has (presence of attribute test) operator in the + * has (presence of attribute test) operator in the * Cedar Policy Language Guide.

    *
    • *
  • diff --git a/clients/client-verifiedpermissions/src/endpoint/ruleset.ts b/clients/client-verifiedpermissions/src/endpoint/ruleset.ts index 81835c772223..673144b14a4a 100644 --- a/clients/client-verifiedpermissions/src/endpoint/ruleset.ts +++ b/clients/client-verifiedpermissions/src/endpoint/ruleset.ts @@ -6,25 +6,27 @@ import { RuleSetObject } from "@smithy/types"; or see "smithy.rules#endpointRuleSet" in codegen/sdk-codegen/aws-models/verifiedpermissions.json */ -const q="required", -r="fn", -s="argv", -t="ref"; -const a="isSet", -b="tree", -c="error", -d="endpoint", -e="PartitionResult", -f={[q]:false,"type":"String"}, -g={[q]:true,"default":false,"type":"Boolean"}, -h={[t]:"Endpoint"}, -i={[r]:"booleanEquals",[s]:[{[t]:"UseFIPS"},true]}, -j={[r]:"booleanEquals",[s]:[{[t]:"UseDualStack"},true]}, -k={}, -l={[r]:"booleanEquals",[s]:[true,{[r]:"getAttr",[s]:[{[t]:e},"supportsFIPS"]}]}, -m={[r]:"booleanEquals",[s]:[true,{[r]:"getAttr",[s]:[{[t]:e},"supportsDualStack"]}]}, -n=[i], -o=[j], -p=[{[t]:"Region"}]; -const _data={version:"1.0",parameters:{Region:f,UseDualStack:g,UseFIPS:g,Endpoint:f},rules:[{conditions:[{[r]:a,[s]:[h]}],type:b,rules:[{conditions:n,error:"Invalid Configuration: FIPS and custom endpoint are not supported",type:c},{type:b,rules:[{conditions:o,error:"Invalid Configuration: Dualstack and custom endpoint are not supported",type:c},{endpoint:{url:h,properties:k,headers:k},type:d}]}]},{type:b,rules:[{conditions:[{[r]:a,[s]:p}],type:b,rules:[{conditions:[{[r]:"aws.partition",[s]:p,assign:e}],type:b,rules:[{conditions:[i,j],type:b,rules:[{conditions:[l,m],type:b,rules:[{type:b,rules:[{endpoint:{url:"https://verifiedpermissions-fips.{Region}.{PartitionResult#dualStackDnsSuffix}",properties:k,headers:k},type:d}]}]},{error:"FIPS and DualStack are enabled, but this partition does not support one or both",type:c}]},{conditions:n,type:b,rules:[{conditions:[l],type:b,rules:[{type:b,rules:[{endpoint:{url:"https://verifiedpermissions-fips.{Region}.{PartitionResult#dnsSuffix}",properties:k,headers:k},type:d}]}]},{error:"FIPS is enabled but this partition does not support FIPS",type:c}]},{conditions:o,type:b,rules:[{conditions:[m],type:b,rules:[{type:b,rules:[{endpoint:{url:"https://verifiedpermissions.{Region}.{PartitionResult#dualStackDnsSuffix}",properties:k,headers:k},type:d}]}]},{error:"DualStack is enabled but this partition does not support DualStack",type:c}]},{type:b,rules:[{endpoint:{url:"https://verifiedpermissions.{Region}.{PartitionResult#dnsSuffix}",properties:k,headers:k},type:d}]}]}]},{error:"Invalid Configuration: Missing Region",type:c}]}]}; +const s="required", +t="fn", +u="argv", +v="ref"; +const a=true, +b="isSet", +c="booleanEquals", +d="error", +e="endpoint", +f="tree", +g="PartitionResult", +h={[s]:false,"type":"String"}, +i={[s]:true,"default":false,"type":"Boolean"}, +j={[v]:"Endpoint"}, +k={[t]:c,[u]:[{[v]:"UseFIPS"},true]}, +l={[t]:c,[u]:[{[v]:"UseDualStack"},true]}, +m={}, +n={[t]:"getAttr",[u]:[{[v]:g},"supportsFIPS"]}, +o={[t]:c,[u]:[true,{[t]:"getAttr",[u]:[{[v]:g},"supportsDualStack"]}]}, +p=[k], +q=[l], +r=[{[v]:"Region"}]; +const _data={version:"1.0",parameters:{Region:h,UseDualStack:i,UseFIPS:i,Endpoint:h},rules:[{conditions:[{[t]:b,[u]:[j]}],rules:[{conditions:p,error:"Invalid Configuration: FIPS and custom endpoint are not supported",type:d},{rules:[{conditions:q,error:"Invalid Configuration: Dualstack and custom endpoint are not supported",type:d},{endpoint:{url:j,properties:m,headers:m},type:e}],type:f}],type:f},{rules:[{conditions:[{[t]:b,[u]:r}],rules:[{conditions:[{[t]:"aws.partition",[u]:r,assign:g}],rules:[{conditions:[k,l],rules:[{conditions:[{[t]:c,[u]:[a,n]},o],rules:[{rules:[{endpoint:{url:"https://verifiedpermissions-fips.{Region}.{PartitionResult#dualStackDnsSuffix}",properties:m,headers:m},type:e}],type:f}],type:f},{error:"FIPS and DualStack are enabled, but this partition does not support one or both",type:d}],type:f},{conditions:p,rules:[{conditions:[{[t]:c,[u]:[n,a]}],rules:[{rules:[{endpoint:{url:"https://verifiedpermissions-fips.{Region}.{PartitionResult#dnsSuffix}",properties:m,headers:m},type:e}],type:f}],type:f},{error:"FIPS is enabled but this partition does not support FIPS",type:d}],type:f},{conditions:q,rules:[{conditions:[o],rules:[{rules:[{endpoint:{url:"https://verifiedpermissions.{Region}.{PartitionResult#dualStackDnsSuffix}",properties:m,headers:m},type:e}],type:f}],type:f},{error:"DualStack is enabled but this partition does not support DualStack",type:d}],type:f},{rules:[{endpoint:{url:"https://verifiedpermissions.{Region}.{PartitionResult#dnsSuffix}",properties:m,headers:m},type:e}],type:f}],type:f}],type:f},{error:"Invalid Configuration: Missing Region",type:d}],type:f}]}; export const ruleSet: RuleSetObject = _data; diff --git a/clients/client-verifiedpermissions/src/models/models_0.ts b/clients/client-verifiedpermissions/src/models/models_0.ts index 436064c533f4..4a4b409d54c5 100644 --- a/clients/client-verifiedpermissions/src/models/models_0.ts +++ b/clients/client-verifiedpermissions/src/models/models_0.ts @@ -505,7 +505,7 @@ export interface ValidationExceptionField { *

    *

    The policy attempts to access a record or entity attribute that isn't * specified in the schema. Test for the existence of the attribute first before - * attempting to access its value. For more information, see the has (presence of attribute test) operator in the + * attempting to access its value. For more information, see the has (presence of attribute test) operator in the * Cedar Policy Language Guide.

    *
    • *
  • @@ -515,7 +515,7 @@ export interface ValidationExceptionField { *

    The policy attempts to access a record or entity attribute that is optional * and isn't guaranteed to be present. Test for the existence of the attribute * first before attempting to access its value. For more information, see the - * has (presence of attribute test) operator in the + * has (presence of attribute test) operator in the * Cedar Policy Language Guide.

    *
    • *
  • @@ -2813,7 +2813,7 @@ export type AttributeValue = export namespace AttributeValue { /** * @public - *

    An attribute value of Boolean type.

    + *

    An attribute value of Boolean type.

    *

    Example: \{"boolean": true\} *

    */ @@ -2846,7 +2846,7 @@ export namespace AttributeValue { /** * @public - *

    An attribute value of Long type.

    + *

    An attribute value of Long type.

    *

    Example: \{"long": 0\} *

    */ @@ -2862,7 +2862,7 @@ export namespace AttributeValue { /** * @public - *

    An attribute value of String type.

    + *

    An attribute value of String type.

    *

    Example: \{"string": "abc"\} *

    */ @@ -2878,7 +2878,7 @@ export namespace AttributeValue { /** * @public - *

    An attribute value of Set type.

    + *

    An attribute value of Set type.

    *

    Example: \{"set": [ \{\} ] \} *

    */ @@ -2894,7 +2894,7 @@ export namespace AttributeValue { /** * @public - *

    An attribute value of Record type.

    + *

    An attribute value of Record type.

    *

    Example: \{"record": \{ "keyName": \{\} \} \} *

    */ diff --git a/clients/client-verifiedpermissions/src/protocols/Aws_json1_0.ts b/clients/client-verifiedpermissions/src/protocols/Aws_json1_0.ts index 74fe76ddd5ec..b851272dc60c 100644 --- a/clients/client-verifiedpermissions/src/protocols/Aws_json1_0.ts +++ b/clients/client-verifiedpermissions/src/protocols/Aws_json1_0.ts @@ -495,6 +495,9 @@ const de_CreateIdentitySourceCommandError = async ( case "AccessDeniedException": case "com.amazonaws.verifiedpermissions#AccessDeniedException": throw await de_AccessDeniedExceptionRes(parsedOutput, context); + case "ConflictException": + case "com.amazonaws.verifiedpermissions#ConflictException": + throw await de_ConflictExceptionRes(parsedOutput, context); case "InternalServerException": case "com.amazonaws.verifiedpermissions#InternalServerException": throw await de_InternalServerExceptionRes(parsedOutput, context); @@ -556,6 +559,9 @@ const de_CreatePolicyCommandError = async ( case "AccessDeniedException": case "com.amazonaws.verifiedpermissions#AccessDeniedException": throw await de_AccessDeniedExceptionRes(parsedOutput, context); + case "ConflictException": + case "com.amazonaws.verifiedpermissions#ConflictException": + throw await de_ConflictExceptionRes(parsedOutput, context); case "InternalServerException": case "com.amazonaws.verifiedpermissions#InternalServerException": throw await de_InternalServerExceptionRes(parsedOutput, context); @@ -617,6 +623,9 @@ const de_CreatePolicyStoreCommandError = async ( case "AccessDeniedException": case "com.amazonaws.verifiedpermissions#AccessDeniedException": throw await de_AccessDeniedExceptionRes(parsedOutput, context); + case "ConflictException": + case "com.amazonaws.verifiedpermissions#ConflictException": + throw await de_ConflictExceptionRes(parsedOutput, context); case "InternalServerException": case "com.amazonaws.verifiedpermissions#InternalServerException": throw await de_InternalServerExceptionRes(parsedOutput, context); @@ -675,6 +684,9 @@ const de_CreatePolicyTemplateCommandError = async ( case "AccessDeniedException": case "com.amazonaws.verifiedpermissions#AccessDeniedException": throw await de_AccessDeniedExceptionRes(parsedOutput, context); + case "ConflictException": + case "com.amazonaws.verifiedpermissions#ConflictException": + throw await de_ConflictExceptionRes(parsedOutput, context); case "InternalServerException": case "com.amazonaws.verifiedpermissions#InternalServerException": throw await de_InternalServerExceptionRes(parsedOutput, context); diff --git a/codegen/sdk-codegen/aws-models/verifiedpermissions.json b/codegen/sdk-codegen/aws-models/verifiedpermissions.json index 4ab01f58bbf1..afb8c7268bbe 100644 --- a/codegen/sdk-codegen/aws-models/verifiedpermissions.json +++ b/codegen/sdk-codegen/aws-models/verifiedpermissions.json @@ -67,7 +67,7 @@ "boolean": { "target": "com.amazonaws.verifiedpermissions#BooleanAttribute", "traits": { - "smithy.api#documentation": "

    An attribute value of Boolean type.

    \n

    Example: {\"boolean\": true}\n

    " + "smithy.api#documentation": "

    An attribute value of Boolean type.

    \n

    Example: {\"boolean\": true}\n

    " } }, "entityIdentifier": { @@ -79,25 +79,25 @@ "long": { "target": "com.amazonaws.verifiedpermissions#LongAttribute", "traits": { - "smithy.api#documentation": "

    An attribute value of Long type.

    \n

    Example: {\"long\": 0}\n

    " + "smithy.api#documentation": "

    An attribute value of Long type.

    \n

    Example: {\"long\": 0}\n

    " } }, "string": { "target": "com.amazonaws.verifiedpermissions#StringAttribute", "traits": { - "smithy.api#documentation": "

    An attribute value of String type.

    \n

    Example: {\"string\": \"abc\"}\n

    " + "smithy.api#documentation": "

    An attribute value of String type.

    \n

    Example: {\"string\": \"abc\"}\n

    " } }, "set": { "target": "com.amazonaws.verifiedpermissions#SetAttribute", "traits": { - "smithy.api#documentation": "

    An attribute value of Set type.

    \n

    Example: {\"set\": [ {} ] }\n

    " + "smithy.api#documentation": "

    An attribute value of Set type.

    \n

    Example: {\"set\": [ {} ] }\n

    " } }, "record": { "target": "com.amazonaws.verifiedpermissions#RecordAttribute", "traits": { - "smithy.api#documentation": "

    An attribute value of Record type.

    \n

    Example: {\"record\": { \"keyName\": {} } }\n

    " + "smithy.api#documentation": "

    An attribute value of Record type.

    \n

    Example: {\"record\": { \"keyName\": {} } }\n

    " } } }, @@ -224,6 +224,9 @@ "target": "com.amazonaws.verifiedpermissions#CreateIdentitySourceOutput" }, "errors": [ + { + "target": "com.amazonaws.verifiedpermissions#ConflictException" + }, { "target": "com.amazonaws.verifiedpermissions#ResourceNotFoundException" }, @@ -317,6 +320,9 @@ "target": "com.amazonaws.verifiedpermissions#CreatePolicyOutput" }, "errors": [ + { + "target": "com.amazonaws.verifiedpermissions#ConflictException" + }, { "target": "com.amazonaws.verifiedpermissions#ResourceNotFoundException" }, @@ -423,13 +429,16 @@ "target": "com.amazonaws.verifiedpermissions#CreatePolicyStoreOutput" }, "errors": [ + { + "target": "com.amazonaws.verifiedpermissions#ConflictException" + }, { "target": "com.amazonaws.verifiedpermissions#ServiceQuotaExceededException" } ], "traits": { "aws.iam#actionPermissionDescription": "Grants permission to create a Cedar policy and save it in the specified policy store", - "smithy.api#documentation": "

    Creates a policy store. A policy store is a container for policy resources.

    \n \n

    Although Cedar\n supports multiple namespaces, Verified Permissions currently supports only one\n namespace per policy store.

    \n     \n \n

    Verified Permissions is \n eventually consistent\n . It can take a few seconds for a new or changed element to be propagate through\n the service and be visible in the results of other Verified Permissions operations.

    \n     ", + "smithy.api#documentation": "

    Creates a policy store. A policy store is a container for policy resources.

    \n \n

    Although Cedar supports multiple namespaces, Verified Permissions currently supports only one\n namespace per policy store.

    \n     \n \n

    Verified Permissions is \n eventually consistent\n . It can take a few seconds for a new or changed element to be propagate through\n the service and be visible in the results of other Verified Permissions operations.

    \n     ", "smithy.api#idempotent": {} } }, @@ -500,6 +509,9 @@ "target": "com.amazonaws.verifiedpermissions#CreatePolicyTemplateOutput" }, "errors": [ + { + "target": "com.amazonaws.verifiedpermissions#ConflictException" + }, { "target": "com.amazonaws.verifiedpermissions#ResourceNotFoundException" }, @@ -3439,7 +3451,7 @@ ], "traits": { "aws.iam#actionPermissionDescription": "Grants permission to update the specified policy template", - "smithy.api#documentation": "

    Updates the specified policy template. You can update only the description and the some elements\n of the policyBody.

    \n \n

    Changes you make to the policy template content are immediately reflected in authorization\n decisions that involve all template-linked policies instantiated from this template.

    \n     \n \n

    Verified Permissions is \n eventually consistent\n . It can take a few seconds for a new or changed element to be propagate through\n the service and be visible in the results of other Verified Permissions operations.

    \n     ", + "smithy.api#documentation": "

    Updates the specified policy template. You can update only the description and the some elements\n of the policyBody.

    \n \n

    Changes you make to the policy template content are immediately (within the constraints of\n eventual consistency) reflected in authorization decisions that involve all template-linked policies\n instantiated from this template.

    \n     \n \n

    Verified Permissions is \n eventually consistent\n . It can take a few seconds for a new or changed element to be propagate through\n the service and be visible in the results of other Verified Permissions operations.

    \n     ", "smithy.api#idempotent": {} } }, @@ -3562,7 +3574,7 @@ } }, "traits": { - "smithy.api#documentation": "

    The request failed because one or more input parameters don't satisfy their constraint\n requirements. The output is provided as a list of fields and a reason for each field that\n isn't valid.

    \n

    The possible reasons include the following:

    \n
      \n
    • \n

      \n UnrecognizedEntityType\n

      \n

      The policy includes an entity type that isn't found in the schema.

      \n
      • \n
    • \n

      \n UnrecognizedActionId\n

      \n

      The policy includes an action id that isn't found in the schema.

      \n
      • \n
    • \n

      \n InvalidActionApplication\n

      \n

      The policy includes an action that, according to the schema, doesn't support\n the specified principal and resource.

      \n
      • \n
    • \n

      \n UnexpectedType\n

      \n

      The policy included an operand that isn't a valid type for the specified\n operation.

      \n
      • \n
    • \n

      \n IncompatibleTypes\n

      \n

      The types of elements included in a set, or the types of\n expressions used in an if...then...else clause aren't compatible in\n this context.

      \n
      • \n
    • \n

      \n MissingAttribute\n

      \n

      The policy attempts to access a record or entity attribute that isn't\n specified in the schema. Test for the existence of the attribute first before\n attempting to access its value. For more information, see the has (presence of attribute test) operator in the\n Cedar Policy Language Guide.

      \n
      • \n
    • \n

      \n UnsafeOptionalAttributeAccess\n

      \n

      The policy attempts to access a record or entity attribute that is optional\n and isn't guaranteed to be present. Test for the existence of the attribute\n first before attempting to access its value. For more information, see the\n has (presence of attribute test) operator in the\n Cedar Policy Language Guide.

      \n
      • \n
    • \n

      \n ImpossiblePolicy\n

      \n

      Cedar has determined that a policy condition always evaluates to false. If\n the policy is always false, it can never apply to any query, and so it can never\n affect an authorization decision.

      \n
      • \n
    • \n

      \n WrongNumberArguments\n

      \n

      The policy references an extension type with the wrong number of\n arguments.

      \n
      • \n
    • \n

      \n FunctionArgumentValidationError\n

      \n

      Cedar couldn't parse the argument passed to an extension type. For example,\n a string that is to be parsed as an IPv4 address can contain only digits and the\n period character.

      \n
      • \n
    ", + "smithy.api#documentation": "

    The request failed because one or more input parameters don't satisfy their constraint\n requirements. The output is provided as a list of fields and a reason for each field that\n isn't valid.

    \n

    The possible reasons include the following:

    \n
      \n
    • \n

      \n UnrecognizedEntityType\n

      \n

      The policy includes an entity type that isn't found in the schema.

      \n
      • \n
    • \n

      \n UnrecognizedActionId\n

      \n

      The policy includes an action id that isn't found in the schema.

      \n
      • \n
    • \n

      \n InvalidActionApplication\n

      \n

      The policy includes an action that, according to the schema, doesn't support\n the specified principal and resource.

      \n
      • \n
    • \n

      \n UnexpectedType\n

      \n

      The policy included an operand that isn't a valid type for the specified\n operation.

      \n
      • \n
    • \n

      \n IncompatibleTypes\n

      \n

      The types of elements included in a set, or the types of\n expressions used in an if...then...else clause aren't compatible in\n this context.

      \n
      • \n
    • \n

      \n MissingAttribute\n

      \n

      The policy attempts to access a record or entity attribute that isn't\n specified in the schema. Test for the existence of the attribute first before\n attempting to access its value. For more information, see the has (presence of attribute test) operator in the\n Cedar Policy Language Guide.

      \n
      • \n
    • \n

      \n UnsafeOptionalAttributeAccess\n

      \n

      The policy attempts to access a record or entity attribute that is optional\n and isn't guaranteed to be present. Test for the existence of the attribute\n first before attempting to access its value. For more information, see the\n has (presence of attribute test) operator in the\n Cedar Policy Language Guide.

      \n
      • \n
    • \n

      \n ImpossiblePolicy\n

      \n

      Cedar has determined that a policy condition always evaluates to false. If\n the policy is always false, it can never apply to any query, and so it can never\n affect an authorization decision.

      \n
      • \n
    • \n

      \n WrongNumberArguments\n

      \n

      The policy references an extension type with the wrong number of\n arguments.

      \n
      • \n
    • \n

      \n FunctionArgumentValidationError\n

      \n

      Cedar couldn't parse the argument passed to an extension type. For example,\n a string that is to be parsed as an IPv4 address can contain only digits and the\n period character.

      \n
      • \n
    ", "smithy.api#error": "client" } }, @@ -3660,12 +3672,7 @@ "aws.auth#sigv4": { "name": "verifiedpermissions" }, - "aws.iam#supportedPrincipalTypes": [ - "Root", - "IAMUser", - "IAMRole", - "FederatedUser" - ], + "aws.iam#supportedPrincipalTypes": ["Root", "IAMUser", "IAMRole", "FederatedUser"], "aws.protocols#awsJson1_0": {}, "smithy.api#documentation": "

    Amazon Verified Permissions is a permissions management service from Amazon Web Services. You can use Verified Permissions to manage\n permissions for your application, and authorize user access based on those permissions.\n Using Verified Permissions, application developers can grant access based on information about the\n users, resources, and requested actions. You can also evaluate additional information\n like group membership, attributes of the resources, and session context, such as time of\n request and IP addresses. Verified Permissions manages these permissions by letting you create and\n store authorization policies for your applications, such as consumer-facing web sites\n and enterprise business systems.

    \n

    Verified Permissions uses Cedar as the policy language to express your permission requirements.\n Cedar supports both role-based access control (RBAC) and attribute-based access\n control (ABAC) authorization models.

    \n

    For more information about configuring, administering, and using Amazon Verified Permissions in your\n applications, see the Amazon Verified Permissions User Guide.

    \n

    For more information about the Cedar policy language, see the Cedar Policy Language Guide.

    \n \n

    When you write Cedar policies that reference principals, resources and actions,\n you can define the unique identifiers used for each of those elements. We strongly\n recommend that you follow these best practices:

    \n
      \n
    • \n

      \n Use values like universally unique identifiers\n (UUIDs) for all principal and resource identifiers.\n

      \n

      For example, if user jane leaves the company, and you later\n let someone else use the name jane, then that new user\n automatically gets access to everything granted by policies that still\n reference User::\"jane\". Cedar can’t distinguish between the\n new user and the old. This applies to both principal and resource\n identifiers. Always use identifiers that are guaranteed unique and never\n reused to ensure that you don’t unintentionally grant access because of the\n presence of an old identifier in a policy.

      \n

      Where you use a UUID for an entity, we recommend that you follow it with\n the // comment specifier and the ‘friendly’ name of your entity. This helps\n to make your policies easier to understand. For example: principal ==\n User::\"a1b2c3d4-e5f6-a1b2-c3d4-EXAMPLE11111\", // alice

      \n
      • \n
    • \n

      \n Do not include personally identifying, confidential,\n or sensitive information as part of the unique identifier for your\n principals or resources. These identifiers are included in\n log entries shared in CloudTrail trails.

      \n
      • \n
    \n     \n

    Several operations return structures that appear similar, but have different purposes.\n As new functionality is added to the product, the structure used in a parameter of one\n operation might need to change in a way that wouldn't make sense for the same parameter\n in a different operation. To help you understand the purpose of each, the following\n naming convention is used for the structures:

    \n
      \n
    • \n

      Parameter type structures that end in Detail are used in\n Get operations.

      \n
      • \n
    • \n

      Parameter type structures that end in Item are used in\n List operations.

      \n
      • \n
    • \n

      Parameter type structures that use neither suffix are used in the mutating\n (create and update) operations.

      \n
      • \n
    ", "smithy.api#title": "Amazon Verified Permissions", @@ -3711,7 +3718,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -3730,7 +3736,6 @@ }, { "conditions": [], - "type": "tree", "rules": [ { "conditions": [ @@ -3758,13 +3763,14 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" } - ] + ], + "type": "tree" }, { "conditions": [], - "type": "tree", "rules": [ { "conditions": [ @@ -3777,7 +3783,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -3791,7 +3796,6 @@ "assign": "PartitionResult" } ], - "type": "tree", "rules": [ { "conditions": [ @@ -3814,7 +3818,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -3849,11 +3852,9 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [], - "type": "tree", "rules": [ { "conditions": [], @@ -3864,16 +3865,19 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "FIPS and DualStack are enabled, but this partition does not support one or both", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -3887,14 +3891,12 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ { "fn": "booleanEquals", "argv": [ - true, { "fn": "getAttr", "argv": [ @@ -3903,15 +3905,14 @@ }, "supportsFIPS" ] - } + }, + true ] } ], - "type": "tree", "rules": [ { "conditions": [], - "type": "tree", "rules": [ { "conditions": [], @@ -3922,16 +3923,19 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "FIPS is enabled but this partition does not support FIPS", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -3945,7 +3949,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -3965,11 +3968,9 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [], - "type": "tree", "rules": [ { "conditions": [], @@ -3980,20 +3981,22 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "DualStack is enabled but this partition does not support DualStack", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [], - "type": "tree", "rules": [ { "conditions": [], @@ -4004,18 +4007,22 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" } - ] + ], + "type": "tree" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "Invalid Configuration: Missing Region", "type": "error" } - ] + ], + "type": "tree" } ] }, @@ -4336,4 +4343,4 @@ } } } -} \ No newline at end of file +}