All Downloads are FREE. Search and download functionalities are using the official Maven repository.

com.amazonaws.services.verifiedpermissions.AmazonVerifiedPermissionsClient Maven / Gradle / Ivy

/*
 * Copyright 2019-2024 Amazon.com, Inc. or its affiliates. All Rights Reserved.
 * 
 * Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance with
 * the License. A copy of the License is located at
 * 
 * http://aws.amazon.com/apache2.0
 * 
 * or in the "license" file accompanying this file. This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
 * CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions
 * and limitations under the License.
 */
package com.amazonaws.services.verifiedpermissions;

import org.w3c.dom.*;

import java.net.*;
import java.util.*;

import javax.annotation.Generated;

import org.apache.commons.logging.*;

import com.amazonaws.*;
import com.amazonaws.annotation.SdkInternalApi;
import com.amazonaws.auth.*;

import com.amazonaws.handlers.*;
import com.amazonaws.http.*;
import com.amazonaws.internal.*;
import com.amazonaws.internal.auth.*;
import com.amazonaws.metrics.*;
import com.amazonaws.regions.*;
import com.amazonaws.transform.*;
import com.amazonaws.util.*;
import com.amazonaws.protocol.json.*;
import com.amazonaws.util.AWSRequestMetrics.Field;
import com.amazonaws.annotation.ThreadSafe;
import com.amazonaws.client.AwsSyncClientParams;
import com.amazonaws.client.builder.AdvancedConfig;

import com.amazonaws.services.verifiedpermissions.AmazonVerifiedPermissionsClientBuilder;

import com.amazonaws.AmazonServiceException;

import com.amazonaws.services.verifiedpermissions.model.*;

import com.amazonaws.services.verifiedpermissions.model.transform.*;

/**
 * Client for accessing Amazon Verified Permissions. All service calls made using this client are blocking, and will not
 * return until the service call completes.
 * 

*

* Amazon Verified Permissions is a permissions management service from Amazon Web Services. You can use Verified * Permissions to manage permissions for your application, and authorize user access based on those permissions. Using * Verified Permissions, application developers can grant access based on information about the users, resources, and * requested actions. You can also evaluate additional information like group membership, attributes of the resources, * and session context, such as time of request and IP addresses. Verified Permissions manages these permissions by * letting you create and store authorization policies for your applications, such as consumer-facing web sites and * enterprise business systems. *

*

* Verified Permissions uses Cedar as the policy language to express your permission requirements. Cedar supports both * role-based access control (RBAC) and attribute-based access control (ABAC) authorization models. *

*

* For more information about configuring, administering, and using Amazon Verified Permissions in your applications, * see the Amazon Verified Permissions User * Guide. *

*

* For more information about the Cedar policy language, see the Cedar Policy * Language Guide. *

* *

* When you write Cedar policies that reference principals, resources and actions, you can define the unique identifiers * used for each of those elements. We strongly recommend that you follow these best practices: *

*
    *
  • *

    * Use values like universally unique identifiers (UUIDs) for all principal and resource identifiers. *

    *

    * For example, if user jane leaves the company, and you later let someone else use the name * jane, then that new user automatically gets access to everything granted by policies that still * reference User::"jane". Cedar can’t distinguish between the new user and the old. This applies to both * principal and resource identifiers. Always use identifiers that are guaranteed unique and never reused to ensure that * you don’t unintentionally grant access because of the presence of an old identifier in a policy. *

    *

    * Where you use a UUID for an entity, we recommend that you follow it with the // comment specifier and the ‘friendly’ * name of your entity. This helps to make your policies easier to understand. For example: principal == * User::"a1b2c3d4-e5f6-a1b2-c3d4-EXAMPLE11111", // alice *

    *
  • *
  • *

    * Do not include personally identifying, confidential, or sensitive information as part of the unique identifier for * your principals or resources. These identifiers are included in log entries shared in CloudTrail trails. *

    *
  • *
*
*

* Several operations return structures that appear similar, but have different purposes. As new functionality is added * to the product, the structure used in a parameter of one operation might need to change in a way that wouldn't make * sense for the same parameter in a different operation. To help you understand the purpose of each, the following * naming convention is used for the structures: *

*
    *
  • *

    * Parameter type structures that end in Detail are used in Get operations. *

    *
  • *
  • *

    * Parameter type structures that end in Item are used in List operations. *

    *
  • *
  • *

    * Parameter type structures that use neither suffix are used in the mutating (create and update) operations. *

    *
  • *
*/ @ThreadSafe @Generated("com.amazonaws:aws-java-sdk-code-generator") public class AmazonVerifiedPermissionsClient extends AmazonWebServiceClient implements AmazonVerifiedPermissions { /** Provider for AWS credentials. */ private final AWSCredentialsProvider awsCredentialsProvider; private static final Log log = LogFactory.getLog(AmazonVerifiedPermissions.class); /** Default signing name for the service. */ private static final String DEFAULT_SIGNING_NAME = "verifiedpermissions"; /** Client configuration factory providing ClientConfigurations tailored to this client */ protected static final ClientConfigurationFactory configFactory = new ClientConfigurationFactory(); private final AdvancedConfig advancedConfig; private static final com.amazonaws.protocol.json.SdkJsonProtocolFactory protocolFactory = new com.amazonaws.protocol.json.SdkJsonProtocolFactory( new JsonClientMetadata() .withProtocolVersion("1.0") .withSupportsCbor(false) .withSupportsIon(false) .addErrorMetadata( new JsonErrorShapeMetadata().withErrorCode("ThrottlingException").withExceptionUnmarshaller( com.amazonaws.services.verifiedpermissions.model.transform.ThrottlingExceptionUnmarshaller.getInstance())) .addErrorMetadata( new JsonErrorShapeMetadata().withErrorCode("ServiceQuotaExceededException").withExceptionUnmarshaller( com.amazonaws.services.verifiedpermissions.model.transform.ServiceQuotaExceededExceptionUnmarshaller.getInstance())) .addErrorMetadata( new JsonErrorShapeMetadata().withErrorCode("InternalServerException").withExceptionUnmarshaller( com.amazonaws.services.verifiedpermissions.model.transform.InternalServerExceptionUnmarshaller.getInstance())) .addErrorMetadata( new JsonErrorShapeMetadata().withErrorCode("AccessDeniedException").withExceptionUnmarshaller( com.amazonaws.services.verifiedpermissions.model.transform.AccessDeniedExceptionUnmarshaller.getInstance())) .addErrorMetadata( new JsonErrorShapeMetadata().withErrorCode("ConflictException").withExceptionUnmarshaller( com.amazonaws.services.verifiedpermissions.model.transform.ConflictExceptionUnmarshaller.getInstance())) .addErrorMetadata( new JsonErrorShapeMetadata().withErrorCode("ResourceNotFoundException").withExceptionUnmarshaller( com.amazonaws.services.verifiedpermissions.model.transform.ResourceNotFoundExceptionUnmarshaller.getInstance())) .addErrorMetadata( new JsonErrorShapeMetadata().withErrorCode("ValidationException").withExceptionUnmarshaller( com.amazonaws.services.verifiedpermissions.model.transform.ValidationExceptionUnmarshaller.getInstance())) .withBaseServiceExceptionClass(com.amazonaws.services.verifiedpermissions.model.AmazonVerifiedPermissionsException.class)); public static AmazonVerifiedPermissionsClientBuilder builder() { return AmazonVerifiedPermissionsClientBuilder.standard(); } /** * Constructs a new client to invoke service methods on Amazon Verified Permissions using the specified parameters. * *

* All service calls made using this new client object are blocking, and will not return until the service call * completes. * * @param clientParams * Object providing client parameters. */ AmazonVerifiedPermissionsClient(AwsSyncClientParams clientParams) { this(clientParams, false); } /** * Constructs a new client to invoke service methods on Amazon Verified Permissions using the specified parameters. * *

* All service calls made using this new client object are blocking, and will not return until the service call * completes. * * @param clientParams * Object providing client parameters. */ AmazonVerifiedPermissionsClient(AwsSyncClientParams clientParams, boolean endpointDiscoveryEnabled) { super(clientParams); this.awsCredentialsProvider = clientParams.getCredentialsProvider(); this.advancedConfig = clientParams.getAdvancedConfig(); init(); } private void init() { setServiceNameIntern(DEFAULT_SIGNING_NAME); setEndpointPrefix(ENDPOINT_PREFIX); // calling this.setEndPoint(...) will also modify the signer accordingly setEndpoint("verifiedpermissions.us-east-1.amazonaws.com"); HandlerChainFactory chainFactory = new HandlerChainFactory(); requestHandler2s.addAll(chainFactory.newRequestHandlerChain("/com/amazonaws/services/verifiedpermissions/request.handlers")); requestHandler2s.addAll(chainFactory.newRequestHandler2Chain("/com/amazonaws/services/verifiedpermissions/request.handler2s")); requestHandler2s.addAll(chainFactory.getGlobalHandlers()); } /** *

* Makes a series of decisions about multiple authorization requests for one principal or resource. Each request * contains the equivalent content of an IsAuthorized request: principal, action, resource, and * context. Either the principal or the resource parameter must be identical across all * requests. For example, Verified Permissions won't evaluate a pair of requests where bob views * photo1 and alice views photo2. Authorization of bob to view * photo1 and photo2, or bob and alice to view * photo1, are valid batches. *

*

* The request is evaluated against all policies in the specified policy store that match the entities that you * declare. The result of the decisions is a series of Allow or Deny responses, along with * the IDs of the policies that produced each decision. *

*

* The entities of a BatchIsAuthorized API request can contain up to 100 principals and up * to 100 resources. The requests of a BatchIsAuthorized API request can contain up to 30 * requests. *

* *

* The BatchIsAuthorized operation doesn't have its own IAM permission. To authorize this operation for * Amazon Web Services principals, include the permission verifiedpermissions:IsAuthorized in their IAM * policies. *

*
* * @param batchIsAuthorizedRequest * @return Result of the BatchIsAuthorized operation returned by the service. * @throws ValidationException * The request failed because one or more input parameters don't satisfy their constraint requirements. The * output is provided as a list of fields and a reason for each field that isn't valid.

*

* The possible reasons include the following: *

*
    *
  • *

    * UnrecognizedEntityType *

    *

    * The policy includes an entity type that isn't found in the schema. *

    *
  • *
  • *

    * UnrecognizedActionId *

    *

    * The policy includes an action id that isn't found in the schema. *

    *
  • *
  • *

    * InvalidActionApplication *

    *

    * The policy includes an action that, according to the schema, doesn't support the specified principal and * resource. *

    *
  • *
  • *

    * UnexpectedType *

    *

    * The policy included an operand that isn't a valid type for the specified operation. *

    *
  • *
  • *

    * IncompatibleTypes *

    *

    * The types of elements included in a set, or the types of expressions used in an * if...then...else clause aren't compatible in this context. *

    *
  • *
  • *

    * MissingAttribute *

    *

    * The policy attempts to access a record or entity attribute that isn't specified in the schema. Test for * the existence of the attribute first before attempting to access its value. For more information, see the * has * (presence of attribute test) operator in the Cedar Policy Language Guide. *

    *
  • *
  • *

    * UnsafeOptionalAttributeAccess *

    *

    * The policy attempts to access a record or entity attribute that is optional and isn't guaranteed to be * present. Test for the existence of the attribute first before attempting to access its value. For more * information, see the has * (presence of attribute test) operator in the Cedar Policy Language Guide. *

    *
  • *
  • *

    * ImpossiblePolicy *

    *

    * Cedar has determined that a policy condition always evaluates to false. If the policy is always false, it * can never apply to any query, and so it can never affect an authorization decision. *

    *
  • *
  • *

    * WrongNumberArguments *

    *

    * The policy references an extension type with the wrong number of arguments. *

    *
  • *
  • *

    * FunctionArgumentValidationError *

    *

    * Cedar couldn't parse the argument passed to an extension type. For example, a string that is to be parsed * as an IPv4 address can contain only digits and the period character. *

    *
  • * @throws AccessDeniedException * You don't have sufficient access to perform this action. * @throws ResourceNotFoundException * The request failed because it references a resource that doesn't exist. * @throws ThrottlingException * The request failed because it exceeded a throttling quota. * @throws InternalServerException * The request failed because of an internal error. Try your request again later * @sample AmazonVerifiedPermissions.BatchIsAuthorized * @see AWS API Documentation */ @Override public BatchIsAuthorizedResult batchIsAuthorized(BatchIsAuthorizedRequest request) { request = beforeClientExecution(request); return executeBatchIsAuthorized(request); } @SdkInternalApi final BatchIsAuthorizedResult executeBatchIsAuthorized(BatchIsAuthorizedRequest batchIsAuthorizedRequest) { ExecutionContext executionContext = createExecutionContext(batchIsAuthorizedRequest); AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics(); awsRequestMetrics.startEvent(Field.ClientExecuteTime); Request request = null; Response response = null; try { awsRequestMetrics.startEvent(Field.RequestMarshallTime); try { request = new BatchIsAuthorizedRequestProtocolMarshaller(protocolFactory).marshall(super.beforeMarshalling(batchIsAuthorizedRequest)); // Binds the request metrics to the current request. request.setAWSRequestMetrics(awsRequestMetrics); request.addHandlerContext(HandlerContextKey.CLIENT_ENDPOINT, endpoint); request.addHandlerContext(HandlerContextKey.ENDPOINT_OVERRIDDEN, isEndpointOverridden()); request.addHandlerContext(HandlerContextKey.SIGNING_REGION, getSigningRegion()); request.addHandlerContext(HandlerContextKey.SERVICE_ID, "VerifiedPermissions"); request.addHandlerContext(HandlerContextKey.OPERATION_NAME, "BatchIsAuthorized"); request.addHandlerContext(HandlerContextKey.ADVANCED_CONFIG, advancedConfig); } finally { awsRequestMetrics.endEvent(Field.RequestMarshallTime); } HttpResponseHandler> responseHandler = protocolFactory.createResponseHandler( new JsonOperationMetadata().withPayloadJson(true).withHasStreamingSuccessResponse(false), new BatchIsAuthorizedResultJsonUnmarshaller()); response = invoke(request, responseHandler, executionContext); return response.getAwsResponse(); } finally { endClientExecution(awsRequestMetrics, request, response); } } /** *

    * Makes a series of decisions about multiple authorization requests for one token. The principal in this request * comes from an external identity source in the form of an identity or access token, formatted as a JSON web token (JWT). The information in the parameters can * also define additional context that Verified Permissions can include in the evaluations. *

    *

    * The request is evaluated against all policies in the specified policy store that match the entities that you * provide in the entities declaration and in the token. The result of the decisions is a series of * Allow or Deny responses, along with the IDs of the policies that produced each * decision. *

    *

    * The entities of a BatchIsAuthorizedWithToken API request can contain up to 100 * resources and up to 99 user groups. The requests of a BatchIsAuthorizedWithToken API * request can contain up to 30 requests. *

    * *

    * The BatchIsAuthorizedWithToken operation doesn't have its own IAM permission. To authorize this * operation for Amazon Web Services principals, include the permission * verifiedpermissions:IsAuthorizedWithToken in their IAM policies. *

    *
    * * @param batchIsAuthorizedWithTokenRequest * @return Result of the BatchIsAuthorizedWithToken operation returned by the service. * @throws ValidationException * The request failed because one or more input parameters don't satisfy their constraint requirements. The * output is provided as a list of fields and a reason for each field that isn't valid.

    *

    * The possible reasons include the following: *

    *
      *
    • *

      * UnrecognizedEntityType *

      *

      * The policy includes an entity type that isn't found in the schema. *

      *
    • *
    • *

      * UnrecognizedActionId *

      *

      * The policy includes an action id that isn't found in the schema. *

      *
    • *
    • *

      * InvalidActionApplication *

      *

      * The policy includes an action that, according to the schema, doesn't support the specified principal and * resource. *

      *
    • *
    • *

      * UnexpectedType *

      *

      * The policy included an operand that isn't a valid type for the specified operation. *

      *
    • *
    • *

      * IncompatibleTypes *

      *

      * The types of elements included in a set, or the types of expressions used in an * if...then...else clause aren't compatible in this context. *

      *
    • *
    • *

      * MissingAttribute *

      *

      * The policy attempts to access a record or entity attribute that isn't specified in the schema. Test for * the existence of the attribute first before attempting to access its value. For more information, see the * has * (presence of attribute test) operator in the Cedar Policy Language Guide. *

      *
    • *
    • *

      * UnsafeOptionalAttributeAccess *

      *

      * The policy attempts to access a record or entity attribute that is optional and isn't guaranteed to be * present. Test for the existence of the attribute first before attempting to access its value. For more * information, see the has * (presence of attribute test) operator in the Cedar Policy Language Guide. *

      *
    • *
    • *

      * ImpossiblePolicy *

      *

      * Cedar has determined that a policy condition always evaluates to false. If the policy is always false, it * can never apply to any query, and so it can never affect an authorization decision. *

      *
    • *
    • *

      * WrongNumberArguments *

      *

      * The policy references an extension type with the wrong number of arguments. *

      *
    • *
    • *

      * FunctionArgumentValidationError *

      *

      * Cedar couldn't parse the argument passed to an extension type. For example, a string that is to be parsed * as an IPv4 address can contain only digits and the period character. *

      *
    • * @throws AccessDeniedException * You don't have sufficient access to perform this action. * @throws ResourceNotFoundException * The request failed because it references a resource that doesn't exist. * @throws ThrottlingException * The request failed because it exceeded a throttling quota. * @throws InternalServerException * The request failed because of an internal error. Try your request again later * @sample AmazonVerifiedPermissions.BatchIsAuthorizedWithToken * @see AWS API Documentation */ @Override public BatchIsAuthorizedWithTokenResult batchIsAuthorizedWithToken(BatchIsAuthorizedWithTokenRequest request) { request = beforeClientExecution(request); return executeBatchIsAuthorizedWithToken(request); } @SdkInternalApi final BatchIsAuthorizedWithTokenResult executeBatchIsAuthorizedWithToken(BatchIsAuthorizedWithTokenRequest batchIsAuthorizedWithTokenRequest) { ExecutionContext executionContext = createExecutionContext(batchIsAuthorizedWithTokenRequest); AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics(); awsRequestMetrics.startEvent(Field.ClientExecuteTime); Request request = null; Response response = null; try { awsRequestMetrics.startEvent(Field.RequestMarshallTime); try { request = new BatchIsAuthorizedWithTokenRequestProtocolMarshaller(protocolFactory).marshall(super .beforeMarshalling(batchIsAuthorizedWithTokenRequest)); // Binds the request metrics to the current request. request.setAWSRequestMetrics(awsRequestMetrics); request.addHandlerContext(HandlerContextKey.CLIENT_ENDPOINT, endpoint); request.addHandlerContext(HandlerContextKey.ENDPOINT_OVERRIDDEN, isEndpointOverridden()); request.addHandlerContext(HandlerContextKey.SIGNING_REGION, getSigningRegion()); request.addHandlerContext(HandlerContextKey.SERVICE_ID, "VerifiedPermissions"); request.addHandlerContext(HandlerContextKey.OPERATION_NAME, "BatchIsAuthorizedWithToken"); request.addHandlerContext(HandlerContextKey.ADVANCED_CONFIG, advancedConfig); } finally { awsRequestMetrics.endEvent(Field.RequestMarshallTime); } HttpResponseHandler> responseHandler = protocolFactory.createResponseHandler( new JsonOperationMetadata().withPayloadJson(true).withHasStreamingSuccessResponse(false), new BatchIsAuthorizedWithTokenResultJsonUnmarshaller()); response = invoke(request, responseHandler, executionContext); return response.getAwsResponse(); } finally { endClientExecution(awsRequestMetrics, request, response); } } /** *

      * Adds an identity source to a policy store–an Amazon Cognito user pool or OpenID Connect (OIDC) identity provider * (IdP). *

      *

      * After you create an identity source, you can use the identities provided by the IdP as proxies for the principal * in authorization queries that use the IsAuthorizedWithToken or BatchIsAuthorizedWithToken API operations. These identities take the form of tokens that contain claims * about the user, such as IDs, attributes and group memberships. Identity sources provide identity (ID) tokens and * access tokens. Verified Permissions derives information about your user and session from token claims. Access * tokens provide action context to your policies, and ID tokens provide principal * Attributes. *

      * *

      * Tokens from an identity source user continue to be usable until they expire. Token revocation and resource * deletion have no effect on the validity of a token in your policy store *

      *
      *

      * To reference a user from this identity source in your Cedar policies, refer to the following syntax examples. *

      *
        *
      • *

        * Amazon Cognito user pool: Namespace::[Entity type]::[User pool ID]|[user principal attribute], for * example MyCorp::User::us-east-1_EXAMPLE|a1b2c3d4-5678-90ab-cdef-EXAMPLE11111. *

        *
      • *
      • *

        * OpenID Connect (OIDC) provider: * Namespace::[Entity type]::[principalIdClaim]|[user principal attribute], for example * MyCorp::User::MyOIDCProvider|a1b2c3d4-5678-90ab-cdef-EXAMPLE22222. *

        *
      • *
      *
      *

      * Verified Permissions is eventually consistent * . It can take a few seconds for a new or changed element to propagate through the service and be visible in * the results of other Verified Permissions operations. *

      *
      * * @param createIdentitySourceRequest * @return Result of the CreateIdentitySource operation returned by the service. * @throws ValidationException * The request failed because one or more input parameters don't satisfy their constraint requirements. The * output is provided as a list of fields and a reason for each field that isn't valid.

      *

      * The possible reasons include the following: *

      *
        *
      • *

        * UnrecognizedEntityType *

        *

        * The policy includes an entity type that isn't found in the schema. *

        *
      • *
      • *

        * UnrecognizedActionId *

        *

        * The policy includes an action id that isn't found in the schema. *

        *
      • *
      • *

        * InvalidActionApplication *

        *

        * The policy includes an action that, according to the schema, doesn't support the specified principal and * resource. *

        *
      • *
      • *

        * UnexpectedType *

        *

        * The policy included an operand that isn't a valid type for the specified operation. *

        *
      • *
      • *

        * IncompatibleTypes *

        *

        * The types of elements included in a set, or the types of expressions used in an * if...then...else clause aren't compatible in this context. *

        *
      • *
      • *

        * MissingAttribute *

        *

        * The policy attempts to access a record or entity attribute that isn't specified in the schema. Test for * the existence of the attribute first before attempting to access its value. For more information, see the * has * (presence of attribute test) operator in the Cedar Policy Language Guide. *

        *
      • *
      • *

        * UnsafeOptionalAttributeAccess *

        *

        * The policy attempts to access a record or entity attribute that is optional and isn't guaranteed to be * present. Test for the existence of the attribute first before attempting to access its value. For more * information, see the has * (presence of attribute test) operator in the Cedar Policy Language Guide. *

        *
      • *
      • *

        * ImpossiblePolicy *

        *

        * Cedar has determined that a policy condition always evaluates to false. If the policy is always false, it * can never apply to any query, and so it can never affect an authorization decision. *

        *
      • *
      • *

        * WrongNumberArguments *

        *

        * The policy references an extension type with the wrong number of arguments. *

        *
      • *
      • *

        * FunctionArgumentValidationError *

        *

        * Cedar couldn't parse the argument passed to an extension type. For example, a string that is to be parsed * as an IPv4 address can contain only digits and the period character. *

        *
      • * @throws ServiceQuotaExceededException * The request failed because it would cause a service quota to be exceeded. * @throws ConflictException * The request failed because another request to modify a resource occurred at the same. * @throws AccessDeniedException * You don't have sufficient access to perform this action. * @throws ResourceNotFoundException * The request failed because it references a resource that doesn't exist. * @throws ThrottlingException * The request failed because it exceeded a throttling quota. * @throws InternalServerException * The request failed because of an internal error. Try your request again later * @sample AmazonVerifiedPermissions.CreateIdentitySource * @see AWS API Documentation */ @Override public CreateIdentitySourceResult createIdentitySource(CreateIdentitySourceRequest request) { request = beforeClientExecution(request); return executeCreateIdentitySource(request); } @SdkInternalApi final CreateIdentitySourceResult executeCreateIdentitySource(CreateIdentitySourceRequest createIdentitySourceRequest) { ExecutionContext executionContext = createExecutionContext(createIdentitySourceRequest); AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics(); awsRequestMetrics.startEvent(Field.ClientExecuteTime); Request request = null; Response response = null; try { awsRequestMetrics.startEvent(Field.RequestMarshallTime); try { request = new CreateIdentitySourceRequestProtocolMarshaller(protocolFactory).marshall(super.beforeMarshalling(createIdentitySourceRequest)); // Binds the request metrics to the current request. request.setAWSRequestMetrics(awsRequestMetrics); request.addHandlerContext(HandlerContextKey.CLIENT_ENDPOINT, endpoint); request.addHandlerContext(HandlerContextKey.ENDPOINT_OVERRIDDEN, isEndpointOverridden()); request.addHandlerContext(HandlerContextKey.SIGNING_REGION, getSigningRegion()); request.addHandlerContext(HandlerContextKey.SERVICE_ID, "VerifiedPermissions"); request.addHandlerContext(HandlerContextKey.OPERATION_NAME, "CreateIdentitySource"); request.addHandlerContext(HandlerContextKey.ADVANCED_CONFIG, advancedConfig); } finally { awsRequestMetrics.endEvent(Field.RequestMarshallTime); } HttpResponseHandler> responseHandler = protocolFactory.createResponseHandler( new JsonOperationMetadata().withPayloadJson(true).withHasStreamingSuccessResponse(false), new CreateIdentitySourceResultJsonUnmarshaller()); response = invoke(request, responseHandler, executionContext); return response.getAwsResponse(); } finally { endClientExecution(awsRequestMetrics, request, response); } } /** *

        * Creates a Cedar policy and saves it in the specified policy store. You can create either a static policy or a * policy linked to a policy template. *

        *
          *
        • *

          * To create a static policy, provide the Cedar policy text in the StaticPolicy section of the * PolicyDefinition. *

          *
        • *
        • *

          * To create a policy that is dynamically linked to a policy template, specify the policy template ID and the * principal and resource to associate with this policy in the templateLinked section of the * PolicyDefinition. If the policy template is ever updated, any policies linked to the policy template * automatically use the updated template. *

          *
        • *
        * *

        * Creating a policy causes it to be validated against the schema in the policy store. If the policy doesn't pass * validation, the operation fails and the policy isn't stored. *

        *
        *

        * Verified Permissions is eventually consistent * . It can take a few seconds for a new or changed element to propagate through the service and be visible in * the results of other Verified Permissions operations. *

        *
        * * @param createPolicyRequest * @return Result of the CreatePolicy operation returned by the service. * @throws ValidationException * The request failed because one or more input parameters don't satisfy their constraint requirements. The * output is provided as a list of fields and a reason for each field that isn't valid.

        *

        * The possible reasons include the following: *

        *
          *
        • *

          * UnrecognizedEntityType *

          *

          * The policy includes an entity type that isn't found in the schema. *

          *
        • *
        • *

          * UnrecognizedActionId *

          *

          * The policy includes an action id that isn't found in the schema. *

          *
        • *
        • *

          * InvalidActionApplication *

          *

          * The policy includes an action that, according to the schema, doesn't support the specified principal and * resource. *

          *
        • *
        • *

          * UnexpectedType *

          *

          * The policy included an operand that isn't a valid type for the specified operation. *

          *
        • *
        • *

          * IncompatibleTypes *

          *

          * The types of elements included in a set, or the types of expressions used in an * if...then...else clause aren't compatible in this context. *

          *
        • *
        • *

          * MissingAttribute *

          *

          * The policy attempts to access a record or entity attribute that isn't specified in the schema. Test for * the existence of the attribute first before attempting to access its value. For more information, see the * has * (presence of attribute test) operator in the Cedar Policy Language Guide. *

          *
        • *
        • *

          * UnsafeOptionalAttributeAccess *

          *

          * The policy attempts to access a record or entity attribute that is optional and isn't guaranteed to be * present. Test for the existence of the attribute first before attempting to access its value. For more * information, see the has * (presence of attribute test) operator in the Cedar Policy Language Guide. *

          *
        • *
        • *

          * ImpossiblePolicy *

          *

          * Cedar has determined that a policy condition always evaluates to false. If the policy is always false, it * can never apply to any query, and so it can never affect an authorization decision. *

          *
        • *
        • *

          * WrongNumberArguments *

          *

          * The policy references an extension type with the wrong number of arguments. *

          *
        • *
        • *

          * FunctionArgumentValidationError *

          *

          * Cedar couldn't parse the argument passed to an extension type. For example, a string that is to be parsed * as an IPv4 address can contain only digits and the period character. *

          *
        • * @throws ServiceQuotaExceededException * The request failed because it would cause a service quota to be exceeded. * @throws ConflictException * The request failed because another request to modify a resource occurred at the same. * @throws AccessDeniedException * You don't have sufficient access to perform this action. * @throws ResourceNotFoundException * The request failed because it references a resource that doesn't exist. * @throws ThrottlingException * The request failed because it exceeded a throttling quota. * @throws InternalServerException * The request failed because of an internal error. Try your request again later * @sample AmazonVerifiedPermissions.CreatePolicy * @see AWS API Documentation */ @Override public CreatePolicyResult createPolicy(CreatePolicyRequest request) { request = beforeClientExecution(request); return executeCreatePolicy(request); } @SdkInternalApi final CreatePolicyResult executeCreatePolicy(CreatePolicyRequest createPolicyRequest) { ExecutionContext executionContext = createExecutionContext(createPolicyRequest); AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics(); awsRequestMetrics.startEvent(Field.ClientExecuteTime); Request request = null; Response response = null; try { awsRequestMetrics.startEvent(Field.RequestMarshallTime); try { request = new CreatePolicyRequestProtocolMarshaller(protocolFactory).marshall(super.beforeMarshalling(createPolicyRequest)); // Binds the request metrics to the current request. request.setAWSRequestMetrics(awsRequestMetrics); request.addHandlerContext(HandlerContextKey.CLIENT_ENDPOINT, endpoint); request.addHandlerContext(HandlerContextKey.ENDPOINT_OVERRIDDEN, isEndpointOverridden()); request.addHandlerContext(HandlerContextKey.SIGNING_REGION, getSigningRegion()); request.addHandlerContext(HandlerContextKey.SERVICE_ID, "VerifiedPermissions"); request.addHandlerContext(HandlerContextKey.OPERATION_NAME, "CreatePolicy"); request.addHandlerContext(HandlerContextKey.ADVANCED_CONFIG, advancedConfig); } finally { awsRequestMetrics.endEvent(Field.RequestMarshallTime); } HttpResponseHandler> responseHandler = protocolFactory.createResponseHandler( new JsonOperationMetadata().withPayloadJson(true).withHasStreamingSuccessResponse(false), new CreatePolicyResultJsonUnmarshaller()); response = invoke(request, responseHandler, executionContext); return response.getAwsResponse(); } finally { endClientExecution(awsRequestMetrics, request, response); } } /** *

          * Creates a policy store. A policy store is a container for policy resources. *

          * *

          * Although Cedar supports multiple * namespaces, Verified Permissions currently supports only one namespace per policy store. *

          *
          *

          * Verified Permissions is eventually consistent * . It can take a few seconds for a new or changed element to propagate through the service and be visible in * the results of other Verified Permissions operations. *

          *
          * * @param createPolicyStoreRequest * @return Result of the CreatePolicyStore operation returned by the service. * @throws ValidationException * The request failed because one or more input parameters don't satisfy their constraint requirements. The * output is provided as a list of fields and a reason for each field that isn't valid.

          *

          * The possible reasons include the following: *

          *
            *
          • *

            * UnrecognizedEntityType *

            *

            * The policy includes an entity type that isn't found in the schema. *

            *
          • *
          • *

            * UnrecognizedActionId *

            *

            * The policy includes an action id that isn't found in the schema. *

            *
          • *
          • *

            * InvalidActionApplication *

            *

            * The policy includes an action that, according to the schema, doesn't support the specified principal and * resource. *

            *
          • *
          • *

            * UnexpectedType *

            *

            * The policy included an operand that isn't a valid type for the specified operation. *

            *
          • *
          • *

            * IncompatibleTypes *

            *

            * The types of elements included in a set, or the types of expressions used in an * if...then...else clause aren't compatible in this context. *

            *
          • *
          • *

            * MissingAttribute *

            *

            * The policy attempts to access a record or entity attribute that isn't specified in the schema. Test for * the existence of the attribute first before attempting to access its value. For more information, see the * has * (presence of attribute test) operator in the Cedar Policy Language Guide. *

            *
          • *
          • *

            * UnsafeOptionalAttributeAccess *

            *

            * The policy attempts to access a record or entity attribute that is optional and isn't guaranteed to be * present. Test for the existence of the attribute first before attempting to access its value. For more * information, see the has * (presence of attribute test) operator in the Cedar Policy Language Guide. *

            *
          • *
          • *

            * ImpossiblePolicy *

            *

            * Cedar has determined that a policy condition always evaluates to false. If the policy is always false, it * can never apply to any query, and so it can never affect an authorization decision. *

            *
          • *
          • *

            * WrongNumberArguments *

            *

            * The policy references an extension type with the wrong number of arguments. *

            *
          • *
          • *

            * FunctionArgumentValidationError *

            *

            * Cedar couldn't parse the argument passed to an extension type. For example, a string that is to be parsed * as an IPv4 address can contain only digits and the period character. *

            *
          • * @throws ServiceQuotaExceededException * The request failed because it would cause a service quota to be exceeded. * @throws ConflictException * The request failed because another request to modify a resource occurred at the same. * @throws AccessDeniedException * You don't have sufficient access to perform this action. * @throws ThrottlingException * The request failed because it exceeded a throttling quota. * @throws InternalServerException * The request failed because of an internal error. Try your request again later * @sample AmazonVerifiedPermissions.CreatePolicyStore * @see AWS API Documentation */ @Override public CreatePolicyStoreResult createPolicyStore(CreatePolicyStoreRequest request) { request = beforeClientExecution(request); return executeCreatePolicyStore(request); } @SdkInternalApi final CreatePolicyStoreResult executeCreatePolicyStore(CreatePolicyStoreRequest createPolicyStoreRequest) { ExecutionContext executionContext = createExecutionContext(createPolicyStoreRequest); AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics(); awsRequestMetrics.startEvent(Field.ClientExecuteTime); Request request = null; Response response = null; try { awsRequestMetrics.startEvent(Field.RequestMarshallTime); try { request = new CreatePolicyStoreRequestProtocolMarshaller(protocolFactory).marshall(super.beforeMarshalling(createPolicyStoreRequest)); // Binds the request metrics to the current request. request.setAWSRequestMetrics(awsRequestMetrics); request.addHandlerContext(HandlerContextKey.CLIENT_ENDPOINT, endpoint); request.addHandlerContext(HandlerContextKey.ENDPOINT_OVERRIDDEN, isEndpointOverridden()); request.addHandlerContext(HandlerContextKey.SIGNING_REGION, getSigningRegion()); request.addHandlerContext(HandlerContextKey.SERVICE_ID, "VerifiedPermissions"); request.addHandlerContext(HandlerContextKey.OPERATION_NAME, "CreatePolicyStore"); request.addHandlerContext(HandlerContextKey.ADVANCED_CONFIG, advancedConfig); } finally { awsRequestMetrics.endEvent(Field.RequestMarshallTime); } HttpResponseHandler> responseHandler = protocolFactory.createResponseHandler( new JsonOperationMetadata().withPayloadJson(true).withHasStreamingSuccessResponse(false), new CreatePolicyStoreResultJsonUnmarshaller()); response = invoke(request, responseHandler, executionContext); return response.getAwsResponse(); } finally { endClientExecution(awsRequestMetrics, request, response); } } /** *

            * Creates a policy template. A template can use placeholders for the principal and resource. A template must be * instantiated into a policy by associating it with specific principals and resources to use for the placeholders. * That instantiated policy can then be considered in authorization decisions. The instantiated policy works * identically to any other policy, except that it is dynamically linked to the template. If the template changes, * then any policies that are linked to that template are immediately updated as well. *

            * *

            * Verified Permissions is eventually consistent * . It can take a few seconds for a new or changed element to propagate through the service and be visible in * the results of other Verified Permissions operations. *

            *
            * * @param createPolicyTemplateRequest * @return Result of the CreatePolicyTemplate operation returned by the service. * @throws ValidationException * The request failed because one or more input parameters don't satisfy their constraint requirements. The * output is provided as a list of fields and a reason for each field that isn't valid.

            *

            * The possible reasons include the following: *

            *
              *
            • *

              * UnrecognizedEntityType *

              *

              * The policy includes an entity type that isn't found in the schema. *

              *
            • *
            • *

              * UnrecognizedActionId *

              *

              * The policy includes an action id that isn't found in the schema. *

              *
            • *
            • *

              * InvalidActionApplication *

              *

              * The policy includes an action that, according to the schema, doesn't support the specified principal and * resource. *

              *
            • *
            • *

              * UnexpectedType *

              *

              * The policy included an operand that isn't a valid type for the specified operation. *

              *
            • *
            • *

              * IncompatibleTypes *

              *

              * The types of elements included in a set, or the types of expressions used in an * if...then...else clause aren't compatible in this context. *

              *
            • *
            • *

              * MissingAttribute *

              *

              * The policy attempts to access a record or entity attribute that isn't specified in the schema. Test for * the existence of the attribute first before attempting to access its value. For more information, see the * has * (presence of attribute test) operator in the Cedar Policy Language Guide. *

              *
            • *
            • *

              * UnsafeOptionalAttributeAccess *

              *

              * The policy attempts to access a record or entity attribute that is optional and isn't guaranteed to be * present. Test for the existence of the attribute first before attempting to access its value. For more * information, see the has * (presence of attribute test) operator in the Cedar Policy Language Guide. *

              *
            • *
            • *

              * ImpossiblePolicy *

              *

              * Cedar has determined that a policy condition always evaluates to false. If the policy is always false, it * can never apply to any query, and so it can never affect an authorization decision. *

              *
            • *
            • *

              * WrongNumberArguments *

              *

              * The policy references an extension type with the wrong number of arguments. *

              *
            • *
            • *

              * FunctionArgumentValidationError *

              *

              * Cedar couldn't parse the argument passed to an extension type. For example, a string that is to be parsed * as an IPv4 address can contain only digits and the period character. *

              *
            • * @throws ServiceQuotaExceededException * The request failed because it would cause a service quota to be exceeded. * @throws ConflictException * The request failed because another request to modify a resource occurred at the same. * @throws AccessDeniedException * You don't have sufficient access to perform this action. * @throws ResourceNotFoundException * The request failed because it references a resource that doesn't exist. * @throws ThrottlingException * The request failed because it exceeded a throttling quota. * @throws InternalServerException * The request failed because of an internal error. Try your request again later * @sample AmazonVerifiedPermissions.CreatePolicyTemplate * @see AWS API Documentation */ @Override public CreatePolicyTemplateResult createPolicyTemplate(CreatePolicyTemplateRequest request) { request = beforeClientExecution(request); return executeCreatePolicyTemplate(request); } @SdkInternalApi final CreatePolicyTemplateResult executeCreatePolicyTemplate(CreatePolicyTemplateRequest createPolicyTemplateRequest) { ExecutionContext executionContext = createExecutionContext(createPolicyTemplateRequest); AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics(); awsRequestMetrics.startEvent(Field.ClientExecuteTime); Request request = null; Response response = null; try { awsRequestMetrics.startEvent(Field.RequestMarshallTime); try { request = new CreatePolicyTemplateRequestProtocolMarshaller(protocolFactory).marshall(super.beforeMarshalling(createPolicyTemplateRequest)); // Binds the request metrics to the current request. request.setAWSRequestMetrics(awsRequestMetrics); request.addHandlerContext(HandlerContextKey.CLIENT_ENDPOINT, endpoint); request.addHandlerContext(HandlerContextKey.ENDPOINT_OVERRIDDEN, isEndpointOverridden()); request.addHandlerContext(HandlerContextKey.SIGNING_REGION, getSigningRegion()); request.addHandlerContext(HandlerContextKey.SERVICE_ID, "VerifiedPermissions"); request.addHandlerContext(HandlerContextKey.OPERATION_NAME, "CreatePolicyTemplate"); request.addHandlerContext(HandlerContextKey.ADVANCED_CONFIG, advancedConfig); } finally { awsRequestMetrics.endEvent(Field.RequestMarshallTime); } HttpResponseHandler> responseHandler = protocolFactory.createResponseHandler( new JsonOperationMetadata().withPayloadJson(true).withHasStreamingSuccessResponse(false), new CreatePolicyTemplateResultJsonUnmarshaller()); response = invoke(request, responseHandler, executionContext); return response.getAwsResponse(); } finally { endClientExecution(awsRequestMetrics, request, response); } } /** *

              * Deletes an identity source that references an identity provider (IdP) such as Amazon Cognito. After you delete * the identity source, you can no longer use tokens for identities from that identity source to represent * principals in authorization queries made using IsAuthorizedWithToken. operations. *

              * * @param deleteIdentitySourceRequest * @return Result of the DeleteIdentitySource operation returned by the service. * @throws ValidationException * The request failed because one or more input parameters don't satisfy their constraint requirements. The * output is provided as a list of fields and a reason for each field that isn't valid.

              *

              * The possible reasons include the following: *

              *
                *
              • *

                * UnrecognizedEntityType *

                *

                * The policy includes an entity type that isn't found in the schema. *

                *
              • *
              • *

                * UnrecognizedActionId *

                *

                * The policy includes an action id that isn't found in the schema. *

                *
              • *
              • *

                * InvalidActionApplication *

                *

                * The policy includes an action that, according to the schema, doesn't support the specified principal and * resource. *

                *
              • *
              • *

                * UnexpectedType *

                *

                * The policy included an operand that isn't a valid type for the specified operation. *

                *
              • *
              • *

                * IncompatibleTypes *

                *

                * The types of elements included in a set, or the types of expressions used in an * if...then...else clause aren't compatible in this context. *

                *
              • *
              • *

                * MissingAttribute *

                *

                * The policy attempts to access a record or entity attribute that isn't specified in the schema. Test for * the existence of the attribute first before attempting to access its value. For more information, see the * has * (presence of attribute test) operator in the Cedar Policy Language Guide. *

                *
              • *
              • *

                * UnsafeOptionalAttributeAccess *

                *

                * The policy attempts to access a record or entity attribute that is optional and isn't guaranteed to be * present. Test for the existence of the attribute first before attempting to access its value. For more * information, see the has * (presence of attribute test) operator in the Cedar Policy Language Guide. *

                *
              • *
              • *

                * ImpossiblePolicy *

                *

                * Cedar has determined that a policy condition always evaluates to false. If the policy is always false, it * can never apply to any query, and so it can never affect an authorization decision. *

                *
              • *
              • *

                * WrongNumberArguments *

                *

                * The policy references an extension type with the wrong number of arguments. *

                *
              • *
              • *

                * FunctionArgumentValidationError *

                *

                * Cedar couldn't parse the argument passed to an extension type. For example, a string that is to be parsed * as an IPv4 address can contain only digits and the period character. *

                *
              • * @throws ConflictException * The request failed because another request to modify a resource occurred at the same. * @throws AccessDeniedException * You don't have sufficient access to perform this action. * @throws ResourceNotFoundException * The request failed because it references a resource that doesn't exist. * @throws ThrottlingException * The request failed because it exceeded a throttling quota. * @throws InternalServerException * The request failed because of an internal error. Try your request again later * @sample AmazonVerifiedPermissions.DeleteIdentitySource * @see AWS API Documentation */ @Override public DeleteIdentitySourceResult deleteIdentitySource(DeleteIdentitySourceRequest request) { request = beforeClientExecution(request); return executeDeleteIdentitySource(request); } @SdkInternalApi final DeleteIdentitySourceResult executeDeleteIdentitySource(DeleteIdentitySourceRequest deleteIdentitySourceRequest) { ExecutionContext executionContext = createExecutionContext(deleteIdentitySourceRequest); AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics(); awsRequestMetrics.startEvent(Field.ClientExecuteTime); Request request = null; Response response = null; try { awsRequestMetrics.startEvent(Field.RequestMarshallTime); try { request = new DeleteIdentitySourceRequestProtocolMarshaller(protocolFactory).marshall(super.beforeMarshalling(deleteIdentitySourceRequest)); // Binds the request metrics to the current request. request.setAWSRequestMetrics(awsRequestMetrics); request.addHandlerContext(HandlerContextKey.CLIENT_ENDPOINT, endpoint); request.addHandlerContext(HandlerContextKey.ENDPOINT_OVERRIDDEN, isEndpointOverridden()); request.addHandlerContext(HandlerContextKey.SIGNING_REGION, getSigningRegion()); request.addHandlerContext(HandlerContextKey.SERVICE_ID, "VerifiedPermissions"); request.addHandlerContext(HandlerContextKey.OPERATION_NAME, "DeleteIdentitySource"); request.addHandlerContext(HandlerContextKey.ADVANCED_CONFIG, advancedConfig); } finally { awsRequestMetrics.endEvent(Field.RequestMarshallTime); } HttpResponseHandler> responseHandler = protocolFactory.createResponseHandler( new JsonOperationMetadata().withPayloadJson(true).withHasStreamingSuccessResponse(false), new DeleteIdentitySourceResultJsonUnmarshaller()); response = invoke(request, responseHandler, executionContext); return response.getAwsResponse(); } finally { endClientExecution(awsRequestMetrics, request, response); } } /** *

                * Deletes the specified policy from the policy store. *

                *

                * This operation is idempotent; if you specify a policy that doesn't exist, the request response returns a * successful HTTP 200 status code. *

                * * @param deletePolicyRequest * @return Result of the DeletePolicy operation returned by the service. * @throws ValidationException * The request failed because one or more input parameters don't satisfy their constraint requirements. The * output is provided as a list of fields and a reason for each field that isn't valid.

                *

                * The possible reasons include the following: *

                *
                  *
                • *

                  * UnrecognizedEntityType *

                  *

                  * The policy includes an entity type that isn't found in the schema. *

                  *
                • *
                • *

                  * UnrecognizedActionId *

                  *

                  * The policy includes an action id that isn't found in the schema. *

                  *
                • *
                • *

                  * InvalidActionApplication *

                  *

                  * The policy includes an action that, according to the schema, doesn't support the specified principal and * resource. *

                  *
                • *
                • *

                  * UnexpectedType *

                  *

                  * The policy included an operand that isn't a valid type for the specified operation. *

                  *
                • *
                • *

                  * IncompatibleTypes *

                  *

                  * The types of elements included in a set, or the types of expressions used in an * if...then...else clause aren't compatible in this context. *

                  *
                • *
                • *

                  * MissingAttribute *

                  *

                  * The policy attempts to access a record or entity attribute that isn't specified in the schema. Test for * the existence of the attribute first before attempting to access its value. For more information, see the * has * (presence of attribute test) operator in the Cedar Policy Language Guide. *

                  *
                • *
                • *

                  * UnsafeOptionalAttributeAccess *

                  *

                  * The policy attempts to access a record or entity attribute that is optional and isn't guaranteed to be * present. Test for the existence of the attribute first before attempting to access its value. For more * information, see the has * (presence of attribute test) operator in the Cedar Policy Language Guide. *

                  *
                • *
                • *

                  * ImpossiblePolicy *

                  *

                  * Cedar has determined that a policy condition always evaluates to false. If the policy is always false, it * can never apply to any query, and so it can never affect an authorization decision. *

                  *
                • *
                • *

                  * WrongNumberArguments *

                  *

                  * The policy references an extension type with the wrong number of arguments. *

                  *
                • *
                • *

                  * FunctionArgumentValidationError *

                  *

                  * Cedar couldn't parse the argument passed to an extension type. For example, a string that is to be parsed * as an IPv4 address can contain only digits and the period character. *

                  *
                • * @throws ConflictException * The request failed because another request to modify a resource occurred at the same. * @throws AccessDeniedException * You don't have sufficient access to perform this action. * @throws ResourceNotFoundException * The request failed because it references a resource that doesn't exist. * @throws ThrottlingException * The request failed because it exceeded a throttling quota. * @throws InternalServerException * The request failed because of an internal error. Try your request again later * @sample AmazonVerifiedPermissions.DeletePolicy * @see AWS API Documentation */ @Override public DeletePolicyResult deletePolicy(DeletePolicyRequest request) { request = beforeClientExecution(request); return executeDeletePolicy(request); } @SdkInternalApi final DeletePolicyResult executeDeletePolicy(DeletePolicyRequest deletePolicyRequest) { ExecutionContext executionContext = createExecutionContext(deletePolicyRequest); AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics(); awsRequestMetrics.startEvent(Field.ClientExecuteTime); Request request = null; Response response = null; try { awsRequestMetrics.startEvent(Field.RequestMarshallTime); try { request = new DeletePolicyRequestProtocolMarshaller(protocolFactory).marshall(super.beforeMarshalling(deletePolicyRequest)); // Binds the request metrics to the current request. request.setAWSRequestMetrics(awsRequestMetrics); request.addHandlerContext(HandlerContextKey.CLIENT_ENDPOINT, endpoint); request.addHandlerContext(HandlerContextKey.ENDPOINT_OVERRIDDEN, isEndpointOverridden()); request.addHandlerContext(HandlerContextKey.SIGNING_REGION, getSigningRegion()); request.addHandlerContext(HandlerContextKey.SERVICE_ID, "VerifiedPermissions"); request.addHandlerContext(HandlerContextKey.OPERATION_NAME, "DeletePolicy"); request.addHandlerContext(HandlerContextKey.ADVANCED_CONFIG, advancedConfig); } finally { awsRequestMetrics.endEvent(Field.RequestMarshallTime); } HttpResponseHandler> responseHandler = protocolFactory.createResponseHandler( new JsonOperationMetadata().withPayloadJson(true).withHasStreamingSuccessResponse(false), new DeletePolicyResultJsonUnmarshaller()); response = invoke(request, responseHandler, executionContext); return response.getAwsResponse(); } finally { endClientExecution(awsRequestMetrics, request, response); } } /** *

                  * Deletes the specified policy store. *

                  *

                  * This operation is idempotent. If you specify a policy store that does not exist, the request response will still * return a successful HTTP 200 status code. *

                  * * @param deletePolicyStoreRequest * @return Result of the DeletePolicyStore operation returned by the service. * @throws ValidationException * The request failed because one or more input parameters don't satisfy their constraint requirements. The * output is provided as a list of fields and a reason for each field that isn't valid.

                  *

                  * The possible reasons include the following: *

                  *
                    *
                  • *

                    * UnrecognizedEntityType *

                    *

                    * The policy includes an entity type that isn't found in the schema. *

                    *
                  • *
                  • *

                    * UnrecognizedActionId *

                    *

                    * The policy includes an action id that isn't found in the schema. *

                    *
                  • *
                  • *

                    * InvalidActionApplication *

                    *

                    * The policy includes an action that, according to the schema, doesn't support the specified principal and * resource. *

                    *
                  • *
                  • *

                    * UnexpectedType *

                    *

                    * The policy included an operand that isn't a valid type for the specified operation. *

                    *
                  • *
                  • *

                    * IncompatibleTypes *

                    *

                    * The types of elements included in a set, or the types of expressions used in an * if...then...else clause aren't compatible in this context. *

                    *
                  • *
                  • *

                    * MissingAttribute *

                    *

                    * The policy attempts to access a record or entity attribute that isn't specified in the schema. Test for * the existence of the attribute first before attempting to access its value. For more information, see the * has * (presence of attribute test) operator in the Cedar Policy Language Guide. *

                    *
                  • *
                  • *

                    * UnsafeOptionalAttributeAccess *

                    *

                    * The policy attempts to access a record or entity attribute that is optional and isn't guaranteed to be * present. Test for the existence of the attribute first before attempting to access its value. For more * information, see the has * (presence of attribute test) operator in the Cedar Policy Language Guide. *

                    *
                  • *
                  • *

                    * ImpossiblePolicy *

                    *

                    * Cedar has determined that a policy condition always evaluates to false. If the policy is always false, it * can never apply to any query, and so it can never affect an authorization decision. *

                    *
                  • *
                  • *

                    * WrongNumberArguments *

                    *

                    * The policy references an extension type with the wrong number of arguments. *

                    *
                  • *
                  • *

                    * FunctionArgumentValidationError *

                    *

                    * Cedar couldn't parse the argument passed to an extension type. For example, a string that is to be parsed * as an IPv4 address can contain only digits and the period character. *

                    *
                  • * @throws AccessDeniedException * You don't have sufficient access to perform this action. * @throws ThrottlingException * The request failed because it exceeded a throttling quota. * @throws InternalServerException * The request failed because of an internal error. Try your request again later * @sample AmazonVerifiedPermissions.DeletePolicyStore * @see AWS API Documentation */ @Override public DeletePolicyStoreResult deletePolicyStore(DeletePolicyStoreRequest request) { request = beforeClientExecution(request); return executeDeletePolicyStore(request); } @SdkInternalApi final DeletePolicyStoreResult executeDeletePolicyStore(DeletePolicyStoreRequest deletePolicyStoreRequest) { ExecutionContext executionContext = createExecutionContext(deletePolicyStoreRequest); AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics(); awsRequestMetrics.startEvent(Field.ClientExecuteTime); Request request = null; Response response = null; try { awsRequestMetrics.startEvent(Field.RequestMarshallTime); try { request = new DeletePolicyStoreRequestProtocolMarshaller(protocolFactory).marshall(super.beforeMarshalling(deletePolicyStoreRequest)); // Binds the request metrics to the current request. request.setAWSRequestMetrics(awsRequestMetrics); request.addHandlerContext(HandlerContextKey.CLIENT_ENDPOINT, endpoint); request.addHandlerContext(HandlerContextKey.ENDPOINT_OVERRIDDEN, isEndpointOverridden()); request.addHandlerContext(HandlerContextKey.SIGNING_REGION, getSigningRegion()); request.addHandlerContext(HandlerContextKey.SERVICE_ID, "VerifiedPermissions"); request.addHandlerContext(HandlerContextKey.OPERATION_NAME, "DeletePolicyStore"); request.addHandlerContext(HandlerContextKey.ADVANCED_CONFIG, advancedConfig); } finally { awsRequestMetrics.endEvent(Field.RequestMarshallTime); } HttpResponseHandler> responseHandler = protocolFactory.createResponseHandler( new JsonOperationMetadata().withPayloadJson(true).withHasStreamingSuccessResponse(false), new DeletePolicyStoreResultJsonUnmarshaller()); response = invoke(request, responseHandler, executionContext); return response.getAwsResponse(); } finally { endClientExecution(awsRequestMetrics, request, response); } } /** *

                    * Deletes the specified policy template from the policy store. *

                    * *

                    * This operation also deletes any policies that were created from the specified policy template. Those policies are * immediately removed from all future API responses, and are asynchronously deleted from the policy store. *

                    *
                    * * @param deletePolicyTemplateRequest * @return Result of the DeletePolicyTemplate operation returned by the service. * @throws ValidationException * The request failed because one or more input parameters don't satisfy their constraint requirements. The * output is provided as a list of fields and a reason for each field that isn't valid.

                    *

                    * The possible reasons include the following: *

                    *
                      *
                    • *

                      * UnrecognizedEntityType *

                      *

                      * The policy includes an entity type that isn't found in the schema. *

                      *
                    • *
                    • *

                      * UnrecognizedActionId *

                      *

                      * The policy includes an action id that isn't found in the schema. *

                      *
                    • *
                    • *

                      * InvalidActionApplication *

                      *

                      * The policy includes an action that, according to the schema, doesn't support the specified principal and * resource. *

                      *
                    • *
                    • *

                      * UnexpectedType *

                      *

                      * The policy included an operand that isn't a valid type for the specified operation. *

                      *
                    • *
                    • *

                      * IncompatibleTypes *

                      *

                      * The types of elements included in a set, or the types of expressions used in an * if...then...else clause aren't compatible in this context. *

                      *
                    • *
                    • *

                      * MissingAttribute *

                      *

                      * The policy attempts to access a record or entity attribute that isn't specified in the schema. Test for * the existence of the attribute first before attempting to access its value. For more information, see the * has * (presence of attribute test) operator in the Cedar Policy Language Guide. *

                      *
                    • *
                    • *

                      * UnsafeOptionalAttributeAccess *

                      *

                      * The policy attempts to access a record or entity attribute that is optional and isn't guaranteed to be * present. Test for the existence of the attribute first before attempting to access its value. For more * information, see the has * (presence of attribute test) operator in the Cedar Policy Language Guide. *

                      *
                    • *
                    • *

                      * ImpossiblePolicy *

                      *

                      * Cedar has determined that a policy condition always evaluates to false. If the policy is always false, it * can never apply to any query, and so it can never affect an authorization decision. *

                      *
                    • *
                    • *

                      * WrongNumberArguments *

                      *

                      * The policy references an extension type with the wrong number of arguments. *

                      *
                    • *
                    • *

                      * FunctionArgumentValidationError *

                      *

                      * Cedar couldn't parse the argument passed to an extension type. For example, a string that is to be parsed * as an IPv4 address can contain only digits and the period character. *

                      *
                    • * @throws ConflictException * The request failed because another request to modify a resource occurred at the same. * @throws AccessDeniedException * You don't have sufficient access to perform this action. * @throws ResourceNotFoundException * The request failed because it references a resource that doesn't exist. * @throws ThrottlingException * The request failed because it exceeded a throttling quota. * @throws InternalServerException * The request failed because of an internal error. Try your request again later * @sample AmazonVerifiedPermissions.DeletePolicyTemplate * @see AWS API Documentation */ @Override public DeletePolicyTemplateResult deletePolicyTemplate(DeletePolicyTemplateRequest request) { request = beforeClientExecution(request); return executeDeletePolicyTemplate(request); } @SdkInternalApi final DeletePolicyTemplateResult executeDeletePolicyTemplate(DeletePolicyTemplateRequest deletePolicyTemplateRequest) { ExecutionContext executionContext = createExecutionContext(deletePolicyTemplateRequest); AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics(); awsRequestMetrics.startEvent(Field.ClientExecuteTime); Request request = null; Response response = null; try { awsRequestMetrics.startEvent(Field.RequestMarshallTime); try { request = new DeletePolicyTemplateRequestProtocolMarshaller(protocolFactory).marshall(super.beforeMarshalling(deletePolicyTemplateRequest)); // Binds the request metrics to the current request. request.setAWSRequestMetrics(awsRequestMetrics); request.addHandlerContext(HandlerContextKey.CLIENT_ENDPOINT, endpoint); request.addHandlerContext(HandlerContextKey.ENDPOINT_OVERRIDDEN, isEndpointOverridden()); request.addHandlerContext(HandlerContextKey.SIGNING_REGION, getSigningRegion()); request.addHandlerContext(HandlerContextKey.SERVICE_ID, "VerifiedPermissions"); request.addHandlerContext(HandlerContextKey.OPERATION_NAME, "DeletePolicyTemplate"); request.addHandlerContext(HandlerContextKey.ADVANCED_CONFIG, advancedConfig); } finally { awsRequestMetrics.endEvent(Field.RequestMarshallTime); } HttpResponseHandler> responseHandler = protocolFactory.createResponseHandler( new JsonOperationMetadata().withPayloadJson(true).withHasStreamingSuccessResponse(false), new DeletePolicyTemplateResultJsonUnmarshaller()); response = invoke(request, responseHandler, executionContext); return response.getAwsResponse(); } finally { endClientExecution(awsRequestMetrics, request, response); } } /** *

                      * Retrieves the details about the specified identity source. *

                      * * @param getIdentitySourceRequest * @return Result of the GetIdentitySource operation returned by the service. * @throws ValidationException * The request failed because one or more input parameters don't satisfy their constraint requirements. The * output is provided as a list of fields and a reason for each field that isn't valid.

                      *

                      * The possible reasons include the following: *

                      *
                        *
                      • *

                        * UnrecognizedEntityType *

                        *

                        * The policy includes an entity type that isn't found in the schema. *

                        *
                      • *
                      • *

                        * UnrecognizedActionId *

                        *

                        * The policy includes an action id that isn't found in the schema. *

                        *
                      • *
                      • *

                        * InvalidActionApplication *

                        *

                        * The policy includes an action that, according to the schema, doesn't support the specified principal and * resource. *

                        *
                      • *
                      • *

                        * UnexpectedType *

                        *

                        * The policy included an operand that isn't a valid type for the specified operation. *

                        *
                      • *
                      • *

                        * IncompatibleTypes *

                        *

                        * The types of elements included in a set, or the types of expressions used in an * if...then...else clause aren't compatible in this context. *

                        *
                      • *
                      • *

                        * MissingAttribute *

                        *

                        * The policy attempts to access a record or entity attribute that isn't specified in the schema. Test for * the existence of the attribute first before attempting to access its value. For more information, see the * has * (presence of attribute test) operator in the Cedar Policy Language Guide. *

                        *
                      • *
                      • *

                        * UnsafeOptionalAttributeAccess *

                        *

                        * The policy attempts to access a record or entity attribute that is optional and isn't guaranteed to be * present. Test for the existence of the attribute first before attempting to access its value. For more * information, see the has * (presence of attribute test) operator in the Cedar Policy Language Guide. *

                        *
                      • *
                      • *

                        * ImpossiblePolicy *

                        *

                        * Cedar has determined that a policy condition always evaluates to false. If the policy is always false, it * can never apply to any query, and so it can never affect an authorization decision. *

                        *
                      • *
                      • *

                        * WrongNumberArguments *

                        *

                        * The policy references an extension type with the wrong number of arguments. *

                        *
                      • *
                      • *

                        * FunctionArgumentValidationError *

                        *

                        * Cedar couldn't parse the argument passed to an extension type. For example, a string that is to be parsed * as an IPv4 address can contain only digits and the period character. *

                        *
                      • * @throws AccessDeniedException * You don't have sufficient access to perform this action. * @throws ResourceNotFoundException * The request failed because it references a resource that doesn't exist. * @throws ThrottlingException * The request failed because it exceeded a throttling quota. * @throws InternalServerException * The request failed because of an internal error. Try your request again later * @sample AmazonVerifiedPermissions.GetIdentitySource * @see AWS API Documentation */ @Override public GetIdentitySourceResult getIdentitySource(GetIdentitySourceRequest request) { request = beforeClientExecution(request); return executeGetIdentitySource(request); } @SdkInternalApi final GetIdentitySourceResult executeGetIdentitySource(GetIdentitySourceRequest getIdentitySourceRequest) { ExecutionContext executionContext = createExecutionContext(getIdentitySourceRequest); AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics(); awsRequestMetrics.startEvent(Field.ClientExecuteTime); Request request = null; Response response = null; try { awsRequestMetrics.startEvent(Field.RequestMarshallTime); try { request = new GetIdentitySourceRequestProtocolMarshaller(protocolFactory).marshall(super.beforeMarshalling(getIdentitySourceRequest)); // Binds the request metrics to the current request. request.setAWSRequestMetrics(awsRequestMetrics); request.addHandlerContext(HandlerContextKey.CLIENT_ENDPOINT, endpoint); request.addHandlerContext(HandlerContextKey.ENDPOINT_OVERRIDDEN, isEndpointOverridden()); request.addHandlerContext(HandlerContextKey.SIGNING_REGION, getSigningRegion()); request.addHandlerContext(HandlerContextKey.SERVICE_ID, "VerifiedPermissions"); request.addHandlerContext(HandlerContextKey.OPERATION_NAME, "GetIdentitySource"); request.addHandlerContext(HandlerContextKey.ADVANCED_CONFIG, advancedConfig); } finally { awsRequestMetrics.endEvent(Field.RequestMarshallTime); } HttpResponseHandler> responseHandler = protocolFactory.createResponseHandler( new JsonOperationMetadata().withPayloadJson(true).withHasStreamingSuccessResponse(false), new GetIdentitySourceResultJsonUnmarshaller()); response = invoke(request, responseHandler, executionContext); return response.getAwsResponse(); } finally { endClientExecution(awsRequestMetrics, request, response); } } /** *

                        * Retrieves information about the specified policy. *

                        * * @param getPolicyRequest * @return Result of the GetPolicy operation returned by the service. * @throws ValidationException * The request failed because one or more input parameters don't satisfy their constraint requirements. The * output is provided as a list of fields and a reason for each field that isn't valid.

                        *

                        * The possible reasons include the following: *

                        *
                          *
                        • *

                          * UnrecognizedEntityType *

                          *

                          * The policy includes an entity type that isn't found in the schema. *

                          *
                        • *
                        • *

                          * UnrecognizedActionId *

                          *

                          * The policy includes an action id that isn't found in the schema. *

                          *
                        • *
                        • *

                          * InvalidActionApplication *

                          *

                          * The policy includes an action that, according to the schema, doesn't support the specified principal and * resource. *

                          *
                        • *
                        • *

                          * UnexpectedType *

                          *

                          * The policy included an operand that isn't a valid type for the specified operation. *

                          *
                        • *
                        • *

                          * IncompatibleTypes *

                          *

                          * The types of elements included in a set, or the types of expressions used in an * if...then...else clause aren't compatible in this context. *

                          *
                        • *
                        • *

                          * MissingAttribute *

                          *

                          * The policy attempts to access a record or entity attribute that isn't specified in the schema. Test for * the existence of the attribute first before attempting to access its value. For more information, see the * has * (presence of attribute test) operator in the Cedar Policy Language Guide. *

                          *
                        • *
                        • *

                          * UnsafeOptionalAttributeAccess *

                          *

                          * The policy attempts to access a record or entity attribute that is optional and isn't guaranteed to be * present. Test for the existence of the attribute first before attempting to access its value. For more * information, see the has * (presence of attribute test) operator in the Cedar Policy Language Guide. *

                          *
                        • *
                        • *

                          * ImpossiblePolicy *

                          *

                          * Cedar has determined that a policy condition always evaluates to false. If the policy is always false, it * can never apply to any query, and so it can never affect an authorization decision. *

                          *
                        • *
                        • *

                          * WrongNumberArguments *

                          *

                          * The policy references an extension type with the wrong number of arguments. *

                          *
                        • *
                        • *

                          * FunctionArgumentValidationError *

                          *

                          * Cedar couldn't parse the argument passed to an extension type. For example, a string that is to be parsed * as an IPv4 address can contain only digits and the period character. *

                          *
                        • * @throws AccessDeniedException * You don't have sufficient access to perform this action. * @throws ResourceNotFoundException * The request failed because it references a resource that doesn't exist. * @throws ThrottlingException * The request failed because it exceeded a throttling quota. * @throws InternalServerException * The request failed because of an internal error. Try your request again later * @sample AmazonVerifiedPermissions.GetPolicy * @see AWS * API Documentation */ @Override public GetPolicyResult getPolicy(GetPolicyRequest request) { request = beforeClientExecution(request); return executeGetPolicy(request); } @SdkInternalApi final GetPolicyResult executeGetPolicy(GetPolicyRequest getPolicyRequest) { ExecutionContext executionContext = createExecutionContext(getPolicyRequest); AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics(); awsRequestMetrics.startEvent(Field.ClientExecuteTime); Request request = null; Response response = null; try { awsRequestMetrics.startEvent(Field.RequestMarshallTime); try { request = new GetPolicyRequestProtocolMarshaller(protocolFactory).marshall(super.beforeMarshalling(getPolicyRequest)); // Binds the request metrics to the current request. request.setAWSRequestMetrics(awsRequestMetrics); request.addHandlerContext(HandlerContextKey.CLIENT_ENDPOINT, endpoint); request.addHandlerContext(HandlerContextKey.ENDPOINT_OVERRIDDEN, isEndpointOverridden()); request.addHandlerContext(HandlerContextKey.SIGNING_REGION, getSigningRegion()); request.addHandlerContext(HandlerContextKey.SERVICE_ID, "VerifiedPermissions"); request.addHandlerContext(HandlerContextKey.OPERATION_NAME, "GetPolicy"); request.addHandlerContext(HandlerContextKey.ADVANCED_CONFIG, advancedConfig); } finally { awsRequestMetrics.endEvent(Field.RequestMarshallTime); } HttpResponseHandler> responseHandler = protocolFactory.createResponseHandler(new JsonOperationMetadata() .withPayloadJson(true).withHasStreamingSuccessResponse(false), new GetPolicyResultJsonUnmarshaller()); response = invoke(request, responseHandler, executionContext); return response.getAwsResponse(); } finally { endClientExecution(awsRequestMetrics, request, response); } } /** *

                          * Retrieves details about a policy store. *

                          * * @param getPolicyStoreRequest * @return Result of the GetPolicyStore operation returned by the service. * @throws ValidationException * The request failed because one or more input parameters don't satisfy their constraint requirements. The * output is provided as a list of fields and a reason for each field that isn't valid.

                          *

                          * The possible reasons include the following: *

                          *
                            *
                          • *

                            * UnrecognizedEntityType *

                            *

                            * The policy includes an entity type that isn't found in the schema. *

                            *
                          • *
                          • *

                            * UnrecognizedActionId *

                            *

                            * The policy includes an action id that isn't found in the schema. *

                            *
                          • *
                          • *

                            * InvalidActionApplication *

                            *

                            * The policy includes an action that, according to the schema, doesn't support the specified principal and * resource. *

                            *
                          • *
                          • *

                            * UnexpectedType *

                            *

                            * The policy included an operand that isn't a valid type for the specified operation. *

                            *
                          • *
                          • *

                            * IncompatibleTypes *

                            *

                            * The types of elements included in a set, or the types of expressions used in an * if...then...else clause aren't compatible in this context. *

                            *
                          • *
                          • *

                            * MissingAttribute *

                            *

                            * The policy attempts to access a record or entity attribute that isn't specified in the schema. Test for * the existence of the attribute first before attempting to access its value. For more information, see the * has * (presence of attribute test) operator in the Cedar Policy Language Guide. *

                            *
                          • *
                          • *

                            * UnsafeOptionalAttributeAccess *

                            *

                            * The policy attempts to access a record or entity attribute that is optional and isn't guaranteed to be * present. Test for the existence of the attribute first before attempting to access its value. For more * information, see the has * (presence of attribute test) operator in the Cedar Policy Language Guide. *

                            *
                          • *
                          • *

                            * ImpossiblePolicy *

                            *

                            * Cedar has determined that a policy condition always evaluates to false. If the policy is always false, it * can never apply to any query, and so it can never affect an authorization decision. *

                            *
                          • *
                          • *

                            * WrongNumberArguments *

                            *

                            * The policy references an extension type with the wrong number of arguments. *

                            *
                          • *
                          • *

                            * FunctionArgumentValidationError *

                            *

                            * Cedar couldn't parse the argument passed to an extension type. For example, a string that is to be parsed * as an IPv4 address can contain only digits and the period character. *

                            *
                          • * @throws AccessDeniedException * You don't have sufficient access to perform this action. * @throws ResourceNotFoundException * The request failed because it references a resource that doesn't exist. * @throws ThrottlingException * The request failed because it exceeded a throttling quota. * @throws InternalServerException * The request failed because of an internal error. Try your request again later * @sample AmazonVerifiedPermissions.GetPolicyStore * @see AWS API Documentation */ @Override public GetPolicyStoreResult getPolicyStore(GetPolicyStoreRequest request) { request = beforeClientExecution(request); return executeGetPolicyStore(request); } @SdkInternalApi final GetPolicyStoreResult executeGetPolicyStore(GetPolicyStoreRequest getPolicyStoreRequest) { ExecutionContext executionContext = createExecutionContext(getPolicyStoreRequest); AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics(); awsRequestMetrics.startEvent(Field.ClientExecuteTime); Request request = null; Response response = null; try { awsRequestMetrics.startEvent(Field.RequestMarshallTime); try { request = new GetPolicyStoreRequestProtocolMarshaller(protocolFactory).marshall(super.beforeMarshalling(getPolicyStoreRequest)); // Binds the request metrics to the current request. request.setAWSRequestMetrics(awsRequestMetrics); request.addHandlerContext(HandlerContextKey.CLIENT_ENDPOINT, endpoint); request.addHandlerContext(HandlerContextKey.ENDPOINT_OVERRIDDEN, isEndpointOverridden()); request.addHandlerContext(HandlerContextKey.SIGNING_REGION, getSigningRegion()); request.addHandlerContext(HandlerContextKey.SERVICE_ID, "VerifiedPermissions"); request.addHandlerContext(HandlerContextKey.OPERATION_NAME, "GetPolicyStore"); request.addHandlerContext(HandlerContextKey.ADVANCED_CONFIG, advancedConfig); } finally { awsRequestMetrics.endEvent(Field.RequestMarshallTime); } HttpResponseHandler> responseHandler = protocolFactory.createResponseHandler( new JsonOperationMetadata().withPayloadJson(true).withHasStreamingSuccessResponse(false), new GetPolicyStoreResultJsonUnmarshaller()); response = invoke(request, responseHandler, executionContext); return response.getAwsResponse(); } finally { endClientExecution(awsRequestMetrics, request, response); } } /** *

                            * Retrieve the details for the specified policy template in the specified policy store. *

                            * * @param getPolicyTemplateRequest * @return Result of the GetPolicyTemplate operation returned by the service. * @throws ValidationException * The request failed because one or more input parameters don't satisfy their constraint requirements. The * output is provided as a list of fields and a reason for each field that isn't valid.

                            *

                            * The possible reasons include the following: *

                            *
                              *
                            • *

                              * UnrecognizedEntityType *

                              *

                              * The policy includes an entity type that isn't found in the schema. *

                              *
                            • *
                            • *

                              * UnrecognizedActionId *

                              *

                              * The policy includes an action id that isn't found in the schema. *

                              *
                            • *
                            • *

                              * InvalidActionApplication *

                              *

                              * The policy includes an action that, according to the schema, doesn't support the specified principal and * resource. *

                              *
                            • *
                            • *

                              * UnexpectedType *

                              *

                              * The policy included an operand that isn't a valid type for the specified operation. *

                              *
                            • *
                            • *

                              * IncompatibleTypes *

                              *

                              * The types of elements included in a set, or the types of expressions used in an * if...then...else clause aren't compatible in this context. *

                              *
                            • *
                            • *

                              * MissingAttribute *

                              *

                              * The policy attempts to access a record or entity attribute that isn't specified in the schema. Test for * the existence of the attribute first before attempting to access its value. For more information, see the * has * (presence of attribute test) operator in the Cedar Policy Language Guide. *

                              *
                            • *
                            • *

                              * UnsafeOptionalAttributeAccess *

                              *

                              * The policy attempts to access a record or entity attribute that is optional and isn't guaranteed to be * present. Test for the existence of the attribute first before attempting to access its value. For more * information, see the has * (presence of attribute test) operator in the Cedar Policy Language Guide. *

                              *
                            • *
                            • *

                              * ImpossiblePolicy *

                              *

                              * Cedar has determined that a policy condition always evaluates to false. If the policy is always false, it * can never apply to any query, and so it can never affect an authorization decision. *

                              *
                            • *
                            • *

                              * WrongNumberArguments *

                              *

                              * The policy references an extension type with the wrong number of arguments. *

                              *
                            • *
                            • *

                              * FunctionArgumentValidationError *

                              *

                              * Cedar couldn't parse the argument passed to an extension type. For example, a string that is to be parsed * as an IPv4 address can contain only digits and the period character. *

                              *
                            • * @throws AccessDeniedException * You don't have sufficient access to perform this action. * @throws ResourceNotFoundException * The request failed because it references a resource that doesn't exist. * @throws ThrottlingException * The request failed because it exceeded a throttling quota. * @throws InternalServerException * The request failed because of an internal error. Try your request again later * @sample AmazonVerifiedPermissions.GetPolicyTemplate * @see AWS API Documentation */ @Override public GetPolicyTemplateResult getPolicyTemplate(GetPolicyTemplateRequest request) { request = beforeClientExecution(request); return executeGetPolicyTemplate(request); } @SdkInternalApi final GetPolicyTemplateResult executeGetPolicyTemplate(GetPolicyTemplateRequest getPolicyTemplateRequest) { ExecutionContext executionContext = createExecutionContext(getPolicyTemplateRequest); AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics(); awsRequestMetrics.startEvent(Field.ClientExecuteTime); Request request = null; Response response = null; try { awsRequestMetrics.startEvent(Field.RequestMarshallTime); try { request = new GetPolicyTemplateRequestProtocolMarshaller(protocolFactory).marshall(super.beforeMarshalling(getPolicyTemplateRequest)); // Binds the request metrics to the current request. request.setAWSRequestMetrics(awsRequestMetrics); request.addHandlerContext(HandlerContextKey.CLIENT_ENDPOINT, endpoint); request.addHandlerContext(HandlerContextKey.ENDPOINT_OVERRIDDEN, isEndpointOverridden()); request.addHandlerContext(HandlerContextKey.SIGNING_REGION, getSigningRegion()); request.addHandlerContext(HandlerContextKey.SERVICE_ID, "VerifiedPermissions"); request.addHandlerContext(HandlerContextKey.OPERATION_NAME, "GetPolicyTemplate"); request.addHandlerContext(HandlerContextKey.ADVANCED_CONFIG, advancedConfig); } finally { awsRequestMetrics.endEvent(Field.RequestMarshallTime); } HttpResponseHandler> responseHandler = protocolFactory.createResponseHandler( new JsonOperationMetadata().withPayloadJson(true).withHasStreamingSuccessResponse(false), new GetPolicyTemplateResultJsonUnmarshaller()); response = invoke(request, responseHandler, executionContext); return response.getAwsResponse(); } finally { endClientExecution(awsRequestMetrics, request, response); } } /** *

                              * Retrieve the details for the specified schema in the specified policy store. *

                              * * @param getSchemaRequest * @return Result of the GetSchema operation returned by the service. * @throws ValidationException * The request failed because one or more input parameters don't satisfy their constraint requirements. The * output is provided as a list of fields and a reason for each field that isn't valid.

                              *

                              * The possible reasons include the following: *

                              *
                                *
                              • *

                                * UnrecognizedEntityType *

                                *

                                * The policy includes an entity type that isn't found in the schema. *

                                *
                              • *
                              • *

                                * UnrecognizedActionId *

                                *

                                * The policy includes an action id that isn't found in the schema. *

                                *
                              • *
                              • *

                                * InvalidActionApplication *

                                *

                                * The policy includes an action that, according to the schema, doesn't support the specified principal and * resource. *

                                *
                              • *
                              • *

                                * UnexpectedType *

                                *

                                * The policy included an operand that isn't a valid type for the specified operation. *

                                *
                              • *
                              • *

                                * IncompatibleTypes *

                                *

                                * The types of elements included in a set, or the types of expressions used in an * if...then...else clause aren't compatible in this context. *

                                *
                              • *
                              • *

                                * MissingAttribute *

                                *

                                * The policy attempts to access a record or entity attribute that isn't specified in the schema. Test for * the existence of the attribute first before attempting to access its value. For more information, see the * has * (presence of attribute test) operator in the Cedar Policy Language Guide. *

                                *
                              • *
                              • *

                                * UnsafeOptionalAttributeAccess *

                                *

                                * The policy attempts to access a record or entity attribute that is optional and isn't guaranteed to be * present. Test for the existence of the attribute first before attempting to access its value. For more * information, see the has * (presence of attribute test) operator in the Cedar Policy Language Guide. *

                                *
                              • *
                              • *

                                * ImpossiblePolicy *

                                *

                                * Cedar has determined that a policy condition always evaluates to false. If the policy is always false, it * can never apply to any query, and so it can never affect an authorization decision. *

                                *
                              • *
                              • *

                                * WrongNumberArguments *

                                *

                                * The policy references an extension type with the wrong number of arguments. *

                                *
                              • *
                              • *

                                * FunctionArgumentValidationError *

                                *

                                * Cedar couldn't parse the argument passed to an extension type. For example, a string that is to be parsed * as an IPv4 address can contain only digits and the period character. *

                                *
                              • * @throws AccessDeniedException * You don't have sufficient access to perform this action. * @throws ResourceNotFoundException * The request failed because it references a resource that doesn't exist. * @throws ThrottlingException * The request failed because it exceeded a throttling quota. * @throws InternalServerException * The request failed because of an internal error. Try your request again later * @sample AmazonVerifiedPermissions.GetSchema * @see AWS * API Documentation */ @Override public GetSchemaResult getSchema(GetSchemaRequest request) { request = beforeClientExecution(request); return executeGetSchema(request); } @SdkInternalApi final GetSchemaResult executeGetSchema(GetSchemaRequest getSchemaRequest) { ExecutionContext executionContext = createExecutionContext(getSchemaRequest); AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics(); awsRequestMetrics.startEvent(Field.ClientExecuteTime); Request request = null; Response response = null; try { awsRequestMetrics.startEvent(Field.RequestMarshallTime); try { request = new GetSchemaRequestProtocolMarshaller(protocolFactory).marshall(super.beforeMarshalling(getSchemaRequest)); // Binds the request metrics to the current request. request.setAWSRequestMetrics(awsRequestMetrics); request.addHandlerContext(HandlerContextKey.CLIENT_ENDPOINT, endpoint); request.addHandlerContext(HandlerContextKey.ENDPOINT_OVERRIDDEN, isEndpointOverridden()); request.addHandlerContext(HandlerContextKey.SIGNING_REGION, getSigningRegion()); request.addHandlerContext(HandlerContextKey.SERVICE_ID, "VerifiedPermissions"); request.addHandlerContext(HandlerContextKey.OPERATION_NAME, "GetSchema"); request.addHandlerContext(HandlerContextKey.ADVANCED_CONFIG, advancedConfig); } finally { awsRequestMetrics.endEvent(Field.RequestMarshallTime); } HttpResponseHandler> responseHandler = protocolFactory.createResponseHandler(new JsonOperationMetadata() .withPayloadJson(true).withHasStreamingSuccessResponse(false), new GetSchemaResultJsonUnmarshaller()); response = invoke(request, responseHandler, executionContext); return response.getAwsResponse(); } finally { endClientExecution(awsRequestMetrics, request, response); } } /** *

                                * Makes an authorization decision about a service request described in the parameters. The information in the * parameters can also define additional context that Verified Permissions can include in the evaluation. The * request is evaluated against all matching policies in the specified policy store. The result of the decision is * either Allow or Deny, along with a list of the policies that resulted in the decision. *

                                * * @param isAuthorizedRequest * @return Result of the IsAuthorized operation returned by the service. * @throws ValidationException * The request failed because one or more input parameters don't satisfy their constraint requirements. The * output is provided as a list of fields and a reason for each field that isn't valid.

                                *

                                * The possible reasons include the following: *

                                *
                                  *
                                • *

                                  * UnrecognizedEntityType *

                                  *

                                  * The policy includes an entity type that isn't found in the schema. *

                                  *
                                • *
                                • *

                                  * UnrecognizedActionId *

                                  *

                                  * The policy includes an action id that isn't found in the schema. *

                                  *
                                • *
                                • *

                                  * InvalidActionApplication *

                                  *

                                  * The policy includes an action that, according to the schema, doesn't support the specified principal and * resource. *

                                  *
                                • *
                                • *

                                  * UnexpectedType *

                                  *

                                  * The policy included an operand that isn't a valid type for the specified operation. *

                                  *
                                • *
                                • *

                                  * IncompatibleTypes *

                                  *

                                  * The types of elements included in a set, or the types of expressions used in an * if...then...else clause aren't compatible in this context. *

                                  *
                                • *
                                • *

                                  * MissingAttribute *

                                  *

                                  * The policy attempts to access a record or entity attribute that isn't specified in the schema. Test for * the existence of the attribute first before attempting to access its value. For more information, see the * has * (presence of attribute test) operator in the Cedar Policy Language Guide. *

                                  *
                                • *
                                • *

                                  * UnsafeOptionalAttributeAccess *

                                  *

                                  * The policy attempts to access a record or entity attribute that is optional and isn't guaranteed to be * present. Test for the existence of the attribute first before attempting to access its value. For more * information, see the has * (presence of attribute test) operator in the Cedar Policy Language Guide. *

                                  *
                                • *
                                • *

                                  * ImpossiblePolicy *

                                  *

                                  * Cedar has determined that a policy condition always evaluates to false. If the policy is always false, it * can never apply to any query, and so it can never affect an authorization decision. *

                                  *
                                • *
                                • *

                                  * WrongNumberArguments *

                                  *

                                  * The policy references an extension type with the wrong number of arguments. *

                                  *
                                • *
                                • *

                                  * FunctionArgumentValidationError *

                                  *

                                  * Cedar couldn't parse the argument passed to an extension type. For example, a string that is to be parsed * as an IPv4 address can contain only digits and the period character. *

                                  *
                                • * @throws AccessDeniedException * You don't have sufficient access to perform this action. * @throws ResourceNotFoundException * The request failed because it references a resource that doesn't exist. * @throws ThrottlingException * The request failed because it exceeded a throttling quota. * @throws InternalServerException * The request failed because of an internal error. Try your request again later * @sample AmazonVerifiedPermissions.IsAuthorized * @see AWS API Documentation */ @Override public IsAuthorizedResult isAuthorized(IsAuthorizedRequest request) { request = beforeClientExecution(request); return executeIsAuthorized(request); } @SdkInternalApi final IsAuthorizedResult executeIsAuthorized(IsAuthorizedRequest isAuthorizedRequest) { ExecutionContext executionContext = createExecutionContext(isAuthorizedRequest); AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics(); awsRequestMetrics.startEvent(Field.ClientExecuteTime); Request request = null; Response response = null; try { awsRequestMetrics.startEvent(Field.RequestMarshallTime); try { request = new IsAuthorizedRequestProtocolMarshaller(protocolFactory).marshall(super.beforeMarshalling(isAuthorizedRequest)); // Binds the request metrics to the current request. request.setAWSRequestMetrics(awsRequestMetrics); request.addHandlerContext(HandlerContextKey.CLIENT_ENDPOINT, endpoint); request.addHandlerContext(HandlerContextKey.ENDPOINT_OVERRIDDEN, isEndpointOverridden()); request.addHandlerContext(HandlerContextKey.SIGNING_REGION, getSigningRegion()); request.addHandlerContext(HandlerContextKey.SERVICE_ID, "VerifiedPermissions"); request.addHandlerContext(HandlerContextKey.OPERATION_NAME, "IsAuthorized"); request.addHandlerContext(HandlerContextKey.ADVANCED_CONFIG, advancedConfig); } finally { awsRequestMetrics.endEvent(Field.RequestMarshallTime); } HttpResponseHandler> responseHandler = protocolFactory.createResponseHandler( new JsonOperationMetadata().withPayloadJson(true).withHasStreamingSuccessResponse(false), new IsAuthorizedResultJsonUnmarshaller()); response = invoke(request, responseHandler, executionContext); return response.getAwsResponse(); } finally { endClientExecution(awsRequestMetrics, request, response); } } /** *

                                  * Makes an authorization decision about a service request described in the parameters. The principal in this * request comes from an external identity source in the form of an identity token formatted as a JSON web token (JWT). The information in the parameters can * also define additional context that Verified Permissions can include in the evaluation. The request is evaluated * against all matching policies in the specified policy store. The result of the decision is either * Allow or Deny, along with a list of the policies that resulted in the decision. *

                                  *

                                  * At this time, Verified Permissions accepts tokens from only Amazon Cognito. *

                                  *

                                  * Verified Permissions validates each token that is specified in a request by checking its expiration date and its * signature. *

                                  * *

                                  * Tokens from an identity source user continue to be usable until they expire. Token revocation and resource * deletion have no effect on the validity of a token in your policy store *

                                  *
                                  * * @param isAuthorizedWithTokenRequest * @return Result of the IsAuthorizedWithToken operation returned by the service. * @throws ValidationException * The request failed because one or more input parameters don't satisfy their constraint requirements. The * output is provided as a list of fields and a reason for each field that isn't valid.

                                  *

                                  * The possible reasons include the following: *

                                  *
                                    *
                                  • *

                                    * UnrecognizedEntityType *

                                    *

                                    * The policy includes an entity type that isn't found in the schema. *

                                    *
                                  • *
                                  • *

                                    * UnrecognizedActionId *

                                    *

                                    * The policy includes an action id that isn't found in the schema. *

                                    *
                                  • *
                                  • *

                                    * InvalidActionApplication *

                                    *

                                    * The policy includes an action that, according to the schema, doesn't support the specified principal and * resource. *

                                    *
                                  • *
                                  • *

                                    * UnexpectedType *

                                    *

                                    * The policy included an operand that isn't a valid type for the specified operation. *

                                    *
                                  • *
                                  • *

                                    * IncompatibleTypes *

                                    *

                                    * The types of elements included in a set, or the types of expressions used in an * if...then...else clause aren't compatible in this context. *

                                    *
                                  • *
                                  • *

                                    * MissingAttribute *

                                    *

                                    * The policy attempts to access a record or entity attribute that isn't specified in the schema. Test for * the existence of the attribute first before attempting to access its value. For more information, see the * has * (presence of attribute test) operator in the Cedar Policy Language Guide. *

                                    *
                                  • *
                                  • *

                                    * UnsafeOptionalAttributeAccess *

                                    *

                                    * The policy attempts to access a record or entity attribute that is optional and isn't guaranteed to be * present. Test for the existence of the attribute first before attempting to access its value. For more * information, see the has * (presence of attribute test) operator in the Cedar Policy Language Guide. *

                                    *
                                  • *
                                  • *

                                    * ImpossiblePolicy *

                                    *

                                    * Cedar has determined that a policy condition always evaluates to false. If the policy is always false, it * can never apply to any query, and so it can never affect an authorization decision. *

                                    *
                                  • *
                                  • *

                                    * WrongNumberArguments *

                                    *

                                    * The policy references an extension type with the wrong number of arguments. *

                                    *
                                  • *
                                  • *

                                    * FunctionArgumentValidationError *

                                    *

                                    * Cedar couldn't parse the argument passed to an extension type. For example, a string that is to be parsed * as an IPv4 address can contain only digits and the period character. *

                                    *
                                  • * @throws AccessDeniedException * You don't have sufficient access to perform this action. * @throws ResourceNotFoundException * The request failed because it references a resource that doesn't exist. * @throws ThrottlingException * The request failed because it exceeded a throttling quota. * @throws InternalServerException * The request failed because of an internal error. Try your request again later * @sample AmazonVerifiedPermissions.IsAuthorizedWithToken * @see AWS API Documentation */ @Override public IsAuthorizedWithTokenResult isAuthorizedWithToken(IsAuthorizedWithTokenRequest request) { request = beforeClientExecution(request); return executeIsAuthorizedWithToken(request); } @SdkInternalApi final IsAuthorizedWithTokenResult executeIsAuthorizedWithToken(IsAuthorizedWithTokenRequest isAuthorizedWithTokenRequest) { ExecutionContext executionContext = createExecutionContext(isAuthorizedWithTokenRequest); AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics(); awsRequestMetrics.startEvent(Field.ClientExecuteTime); Request request = null; Response response = null; try { awsRequestMetrics.startEvent(Field.RequestMarshallTime); try { request = new IsAuthorizedWithTokenRequestProtocolMarshaller(protocolFactory).marshall(super.beforeMarshalling(isAuthorizedWithTokenRequest)); // Binds the request metrics to the current request. request.setAWSRequestMetrics(awsRequestMetrics); request.addHandlerContext(HandlerContextKey.CLIENT_ENDPOINT, endpoint); request.addHandlerContext(HandlerContextKey.ENDPOINT_OVERRIDDEN, isEndpointOverridden()); request.addHandlerContext(HandlerContextKey.SIGNING_REGION, getSigningRegion()); request.addHandlerContext(HandlerContextKey.SERVICE_ID, "VerifiedPermissions"); request.addHandlerContext(HandlerContextKey.OPERATION_NAME, "IsAuthorizedWithToken"); request.addHandlerContext(HandlerContextKey.ADVANCED_CONFIG, advancedConfig); } finally { awsRequestMetrics.endEvent(Field.RequestMarshallTime); } HttpResponseHandler> responseHandler = protocolFactory .createResponseHandler(new JsonOperationMetadata().withPayloadJson(true).withHasStreamingSuccessResponse(false), new IsAuthorizedWithTokenResultJsonUnmarshaller()); response = invoke(request, responseHandler, executionContext); return response.getAwsResponse(); } finally { endClientExecution(awsRequestMetrics, request, response); } } /** *

                                    * Returns a paginated list of all of the identity sources defined in the specified policy store. *

                                    * * @param listIdentitySourcesRequest * @return Result of the ListIdentitySources operation returned by the service. * @throws ValidationException * The request failed because one or more input parameters don't satisfy their constraint requirements. The * output is provided as a list of fields and a reason for each field that isn't valid.

                                    *

                                    * The possible reasons include the following: *

                                    *
                                      *
                                    • *

                                      * UnrecognizedEntityType *

                                      *

                                      * The policy includes an entity type that isn't found in the schema. *

                                      *
                                    • *
                                    • *

                                      * UnrecognizedActionId *

                                      *

                                      * The policy includes an action id that isn't found in the schema. *

                                      *
                                    • *
                                    • *

                                      * InvalidActionApplication *

                                      *

                                      * The policy includes an action that, according to the schema, doesn't support the specified principal and * resource. *

                                      *
                                    • *
                                    • *

                                      * UnexpectedType *

                                      *

                                      * The policy included an operand that isn't a valid type for the specified operation. *

                                      *
                                    • *
                                    • *

                                      * IncompatibleTypes *

                                      *

                                      * The types of elements included in a set, or the types of expressions used in an * if...then...else clause aren't compatible in this context. *

                                      *
                                    • *
                                    • *

                                      * MissingAttribute *

                                      *

                                      * The policy attempts to access a record or entity attribute that isn't specified in the schema. Test for * the existence of the attribute first before attempting to access its value. For more information, see the * has * (presence of attribute test) operator in the Cedar Policy Language Guide. *

                                      *
                                    • *
                                    • *

                                      * UnsafeOptionalAttributeAccess *

                                      *

                                      * The policy attempts to access a record or entity attribute that is optional and isn't guaranteed to be * present. Test for the existence of the attribute first before attempting to access its value. For more * information, see the has * (presence of attribute test) operator in the Cedar Policy Language Guide. *

                                      *
                                    • *
                                    • *

                                      * ImpossiblePolicy *

                                      *

                                      * Cedar has determined that a policy condition always evaluates to false. If the policy is always false, it * can never apply to any query, and so it can never affect an authorization decision. *

                                      *
                                    • *
                                    • *

                                      * WrongNumberArguments *

                                      *

                                      * The policy references an extension type with the wrong number of arguments. *

                                      *
                                    • *
                                    • *

                                      * FunctionArgumentValidationError *

                                      *

                                      * Cedar couldn't parse the argument passed to an extension type. For example, a string that is to be parsed * as an IPv4 address can contain only digits and the period character. *

                                      *
                                    • * @throws AccessDeniedException * You don't have sufficient access to perform this action. * @throws ResourceNotFoundException * The request failed because it references a resource that doesn't exist. * @throws ThrottlingException * The request failed because it exceeded a throttling quota. * @throws InternalServerException * The request failed because of an internal error. Try your request again later * @sample AmazonVerifiedPermissions.ListIdentitySources * @see AWS API Documentation */ @Override public ListIdentitySourcesResult listIdentitySources(ListIdentitySourcesRequest request) { request = beforeClientExecution(request); return executeListIdentitySources(request); } @SdkInternalApi final ListIdentitySourcesResult executeListIdentitySources(ListIdentitySourcesRequest listIdentitySourcesRequest) { ExecutionContext executionContext = createExecutionContext(listIdentitySourcesRequest); AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics(); awsRequestMetrics.startEvent(Field.ClientExecuteTime); Request request = null; Response response = null; try { awsRequestMetrics.startEvent(Field.RequestMarshallTime); try { request = new ListIdentitySourcesRequestProtocolMarshaller(protocolFactory).marshall(super.beforeMarshalling(listIdentitySourcesRequest)); // Binds the request metrics to the current request. request.setAWSRequestMetrics(awsRequestMetrics); request.addHandlerContext(HandlerContextKey.CLIENT_ENDPOINT, endpoint); request.addHandlerContext(HandlerContextKey.ENDPOINT_OVERRIDDEN, isEndpointOverridden()); request.addHandlerContext(HandlerContextKey.SIGNING_REGION, getSigningRegion()); request.addHandlerContext(HandlerContextKey.SERVICE_ID, "VerifiedPermissions"); request.addHandlerContext(HandlerContextKey.OPERATION_NAME, "ListIdentitySources"); request.addHandlerContext(HandlerContextKey.ADVANCED_CONFIG, advancedConfig); } finally { awsRequestMetrics.endEvent(Field.RequestMarshallTime); } HttpResponseHandler> responseHandler = protocolFactory.createResponseHandler( new JsonOperationMetadata().withPayloadJson(true).withHasStreamingSuccessResponse(false), new ListIdentitySourcesResultJsonUnmarshaller()); response = invoke(request, responseHandler, executionContext); return response.getAwsResponse(); } finally { endClientExecution(awsRequestMetrics, request, response); } } /** *

                                      * Returns a paginated list of all policies stored in the specified policy store. *

                                      * * @param listPoliciesRequest * @return Result of the ListPolicies operation returned by the service. * @throws ValidationException * The request failed because one or more input parameters don't satisfy their constraint requirements. The * output is provided as a list of fields and a reason for each field that isn't valid.

                                      *

                                      * The possible reasons include the following: *

                                      *
                                        *
                                      • *

                                        * UnrecognizedEntityType *

                                        *

                                        * The policy includes an entity type that isn't found in the schema. *

                                        *
                                      • *
                                      • *

                                        * UnrecognizedActionId *

                                        *

                                        * The policy includes an action id that isn't found in the schema. *

                                        *
                                      • *
                                      • *

                                        * InvalidActionApplication *

                                        *

                                        * The policy includes an action that, according to the schema, doesn't support the specified principal and * resource. *

                                        *
                                      • *
                                      • *

                                        * UnexpectedType *

                                        *

                                        * The policy included an operand that isn't a valid type for the specified operation. *

                                        *
                                      • *
                                      • *

                                        * IncompatibleTypes *

                                        *

                                        * The types of elements included in a set, or the types of expressions used in an * if...then...else clause aren't compatible in this context. *

                                        *
                                      • *
                                      • *

                                        * MissingAttribute *

                                        *

                                        * The policy attempts to access a record or entity attribute that isn't specified in the schema. Test for * the existence of the attribute first before attempting to access its value. For more information, see the * has * (presence of attribute test) operator in the Cedar Policy Language Guide. *

                                        *
                                      • *
                                      • *

                                        * UnsafeOptionalAttributeAccess *

                                        *

                                        * The policy attempts to access a record or entity attribute that is optional and isn't guaranteed to be * present. Test for the existence of the attribute first before attempting to access its value. For more * information, see the has * (presence of attribute test) operator in the Cedar Policy Language Guide. *

                                        *
                                      • *
                                      • *

                                        * ImpossiblePolicy *

                                        *

                                        * Cedar has determined that a policy condition always evaluates to false. If the policy is always false, it * can never apply to any query, and so it can never affect an authorization decision. *

                                        *
                                      • *
                                      • *

                                        * WrongNumberArguments *

                                        *

                                        * The policy references an extension type with the wrong number of arguments. *

                                        *
                                      • *
                                      • *

                                        * FunctionArgumentValidationError *

                                        *

                                        * Cedar couldn't parse the argument passed to an extension type. For example, a string that is to be parsed * as an IPv4 address can contain only digits and the period character. *

                                        *
                                      • * @throws AccessDeniedException * You don't have sufficient access to perform this action. * @throws ResourceNotFoundException * The request failed because it references a resource that doesn't exist. * @throws ThrottlingException * The request failed because it exceeded a throttling quota. * @throws InternalServerException * The request failed because of an internal error. Try your request again later * @sample AmazonVerifiedPermissions.ListPolicies * @see AWS API Documentation */ @Override public ListPoliciesResult listPolicies(ListPoliciesRequest request) { request = beforeClientExecution(request); return executeListPolicies(request); } @SdkInternalApi final ListPoliciesResult executeListPolicies(ListPoliciesRequest listPoliciesRequest) { ExecutionContext executionContext = createExecutionContext(listPoliciesRequest); AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics(); awsRequestMetrics.startEvent(Field.ClientExecuteTime); Request request = null; Response response = null; try { awsRequestMetrics.startEvent(Field.RequestMarshallTime); try { request = new ListPoliciesRequestProtocolMarshaller(protocolFactory).marshall(super.beforeMarshalling(listPoliciesRequest)); // Binds the request metrics to the current request. request.setAWSRequestMetrics(awsRequestMetrics); request.addHandlerContext(HandlerContextKey.CLIENT_ENDPOINT, endpoint); request.addHandlerContext(HandlerContextKey.ENDPOINT_OVERRIDDEN, isEndpointOverridden()); request.addHandlerContext(HandlerContextKey.SIGNING_REGION, getSigningRegion()); request.addHandlerContext(HandlerContextKey.SERVICE_ID, "VerifiedPermissions"); request.addHandlerContext(HandlerContextKey.OPERATION_NAME, "ListPolicies"); request.addHandlerContext(HandlerContextKey.ADVANCED_CONFIG, advancedConfig); } finally { awsRequestMetrics.endEvent(Field.RequestMarshallTime); } HttpResponseHandler> responseHandler = protocolFactory.createResponseHandler( new JsonOperationMetadata().withPayloadJson(true).withHasStreamingSuccessResponse(false), new ListPoliciesResultJsonUnmarshaller()); response = invoke(request, responseHandler, executionContext); return response.getAwsResponse(); } finally { endClientExecution(awsRequestMetrics, request, response); } } /** *

                                        * Returns a paginated list of all policy stores in the calling Amazon Web Services account. *

                                        * * @param listPolicyStoresRequest * @return Result of the ListPolicyStores operation returned by the service. * @throws ValidationException * The request failed because one or more input parameters don't satisfy their constraint requirements. The * output is provided as a list of fields and a reason for each field that isn't valid.

                                        *

                                        * The possible reasons include the following: *

                                        *
                                          *
                                        • *

                                          * UnrecognizedEntityType *

                                          *

                                          * The policy includes an entity type that isn't found in the schema. *

                                          *
                                        • *
                                        • *

                                          * UnrecognizedActionId *

                                          *

                                          * The policy includes an action id that isn't found in the schema. *

                                          *
                                        • *
                                        • *

                                          * InvalidActionApplication *

                                          *

                                          * The policy includes an action that, according to the schema, doesn't support the specified principal and * resource. *

                                          *
                                        • *
                                        • *

                                          * UnexpectedType *

                                          *

                                          * The policy included an operand that isn't a valid type for the specified operation. *

                                          *
                                        • *
                                        • *

                                          * IncompatibleTypes *

                                          *

                                          * The types of elements included in a set, or the types of expressions used in an * if...then...else clause aren't compatible in this context. *

                                          *
                                        • *
                                        • *

                                          * MissingAttribute *

                                          *

                                          * The policy attempts to access a record or entity attribute that isn't specified in the schema. Test for * the existence of the attribute first before attempting to access its value. For more information, see the * has * (presence of attribute test) operator in the Cedar Policy Language Guide. *

                                          *
                                        • *
                                        • *

                                          * UnsafeOptionalAttributeAccess *

                                          *

                                          * The policy attempts to access a record or entity attribute that is optional and isn't guaranteed to be * present. Test for the existence of the attribute first before attempting to access its value. For more * information, see the has * (presence of attribute test) operator in the Cedar Policy Language Guide. *

                                          *
                                        • *
                                        • *

                                          * ImpossiblePolicy *

                                          *

                                          * Cedar has determined that a policy condition always evaluates to false. If the policy is always false, it * can never apply to any query, and so it can never affect an authorization decision. *

                                          *
                                        • *
                                        • *

                                          * WrongNumberArguments *

                                          *

                                          * The policy references an extension type with the wrong number of arguments. *

                                          *
                                        • *
                                        • *

                                          * FunctionArgumentValidationError *

                                          *

                                          * Cedar couldn't parse the argument passed to an extension type. For example, a string that is to be parsed * as an IPv4 address can contain only digits and the period character. *

                                          *
                                        • * @throws AccessDeniedException * You don't have sufficient access to perform this action. * @throws ThrottlingException * The request failed because it exceeded a throttling quota. * @throws InternalServerException * The request failed because of an internal error. Try your request again later * @sample AmazonVerifiedPermissions.ListPolicyStores * @see AWS API Documentation */ @Override public ListPolicyStoresResult listPolicyStores(ListPolicyStoresRequest request) { request = beforeClientExecution(request); return executeListPolicyStores(request); } @SdkInternalApi final ListPolicyStoresResult executeListPolicyStores(ListPolicyStoresRequest listPolicyStoresRequest) { ExecutionContext executionContext = createExecutionContext(listPolicyStoresRequest); AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics(); awsRequestMetrics.startEvent(Field.ClientExecuteTime); Request request = null; Response response = null; try { awsRequestMetrics.startEvent(Field.RequestMarshallTime); try { request = new ListPolicyStoresRequestProtocolMarshaller(protocolFactory).marshall(super.beforeMarshalling(listPolicyStoresRequest)); // Binds the request metrics to the current request. request.setAWSRequestMetrics(awsRequestMetrics); request.addHandlerContext(HandlerContextKey.CLIENT_ENDPOINT, endpoint); request.addHandlerContext(HandlerContextKey.ENDPOINT_OVERRIDDEN, isEndpointOverridden()); request.addHandlerContext(HandlerContextKey.SIGNING_REGION, getSigningRegion()); request.addHandlerContext(HandlerContextKey.SERVICE_ID, "VerifiedPermissions"); request.addHandlerContext(HandlerContextKey.OPERATION_NAME, "ListPolicyStores"); request.addHandlerContext(HandlerContextKey.ADVANCED_CONFIG, advancedConfig); } finally { awsRequestMetrics.endEvent(Field.RequestMarshallTime); } HttpResponseHandler> responseHandler = protocolFactory.createResponseHandler( new JsonOperationMetadata().withPayloadJson(true).withHasStreamingSuccessResponse(false), new ListPolicyStoresResultJsonUnmarshaller()); response = invoke(request, responseHandler, executionContext); return response.getAwsResponse(); } finally { endClientExecution(awsRequestMetrics, request, response); } } /** *

                                          * Returns a paginated list of all policy templates in the specified policy store. *

                                          * * @param listPolicyTemplatesRequest * @return Result of the ListPolicyTemplates operation returned by the service. * @throws ValidationException * The request failed because one or more input parameters don't satisfy their constraint requirements. The * output is provided as a list of fields and a reason for each field that isn't valid.

                                          *

                                          * The possible reasons include the following: *

                                          *
                                            *
                                          • *

                                            * UnrecognizedEntityType *

                                            *

                                            * The policy includes an entity type that isn't found in the schema. *

                                            *
                                          • *
                                          • *

                                            * UnrecognizedActionId *

                                            *

                                            * The policy includes an action id that isn't found in the schema. *

                                            *
                                          • *
                                          • *

                                            * InvalidActionApplication *

                                            *

                                            * The policy includes an action that, according to the schema, doesn't support the specified principal and * resource. *

                                            *
                                          • *
                                          • *

                                            * UnexpectedType *

                                            *

                                            * The policy included an operand that isn't a valid type for the specified operation. *

                                            *
                                          • *
                                          • *

                                            * IncompatibleTypes *

                                            *

                                            * The types of elements included in a set, or the types of expressions used in an * if...then...else clause aren't compatible in this context. *

                                            *
                                          • *
                                          • *

                                            * MissingAttribute *

                                            *

                                            * The policy attempts to access a record or entity attribute that isn't specified in the schema. Test for * the existence of the attribute first before attempting to access its value. For more information, see the * has * (presence of attribute test) operator in the Cedar Policy Language Guide. *

                                            *
                                          • *
                                          • *

                                            * UnsafeOptionalAttributeAccess *

                                            *

                                            * The policy attempts to access a record or entity attribute that is optional and isn't guaranteed to be * present. Test for the existence of the attribute first before attempting to access its value. For more * information, see the has * (presence of attribute test) operator in the Cedar Policy Language Guide. *

                                            *
                                          • *
                                          • *

                                            * ImpossiblePolicy *

                                            *

                                            * Cedar has determined that a policy condition always evaluates to false. If the policy is always false, it * can never apply to any query, and so it can never affect an authorization decision. *

                                            *
                                          • *
                                          • *

                                            * WrongNumberArguments *

                                            *

                                            * The policy references an extension type with the wrong number of arguments. *

                                            *
                                          • *
                                          • *

                                            * FunctionArgumentValidationError *

                                            *

                                            * Cedar couldn't parse the argument passed to an extension type. For example, a string that is to be parsed * as an IPv4 address can contain only digits and the period character. *

                                            *
                                          • * @throws AccessDeniedException * You don't have sufficient access to perform this action. * @throws ResourceNotFoundException * The request failed because it references a resource that doesn't exist. * @throws ThrottlingException * The request failed because it exceeded a throttling quota. * @throws InternalServerException * The request failed because of an internal error. Try your request again later * @sample AmazonVerifiedPermissions.ListPolicyTemplates * @see AWS API Documentation */ @Override public ListPolicyTemplatesResult listPolicyTemplates(ListPolicyTemplatesRequest request) { request = beforeClientExecution(request); return executeListPolicyTemplates(request); } @SdkInternalApi final ListPolicyTemplatesResult executeListPolicyTemplates(ListPolicyTemplatesRequest listPolicyTemplatesRequest) { ExecutionContext executionContext = createExecutionContext(listPolicyTemplatesRequest); AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics(); awsRequestMetrics.startEvent(Field.ClientExecuteTime); Request request = null; Response response = null; try { awsRequestMetrics.startEvent(Field.RequestMarshallTime); try { request = new ListPolicyTemplatesRequestProtocolMarshaller(protocolFactory).marshall(super.beforeMarshalling(listPolicyTemplatesRequest)); // Binds the request metrics to the current request. request.setAWSRequestMetrics(awsRequestMetrics); request.addHandlerContext(HandlerContextKey.CLIENT_ENDPOINT, endpoint); request.addHandlerContext(HandlerContextKey.ENDPOINT_OVERRIDDEN, isEndpointOverridden()); request.addHandlerContext(HandlerContextKey.SIGNING_REGION, getSigningRegion()); request.addHandlerContext(HandlerContextKey.SERVICE_ID, "VerifiedPermissions"); request.addHandlerContext(HandlerContextKey.OPERATION_NAME, "ListPolicyTemplates"); request.addHandlerContext(HandlerContextKey.ADVANCED_CONFIG, advancedConfig); } finally { awsRequestMetrics.endEvent(Field.RequestMarshallTime); } HttpResponseHandler> responseHandler = protocolFactory.createResponseHandler( new JsonOperationMetadata().withPayloadJson(true).withHasStreamingSuccessResponse(false), new ListPolicyTemplatesResultJsonUnmarshaller()); response = invoke(request, responseHandler, executionContext); return response.getAwsResponse(); } finally { endClientExecution(awsRequestMetrics, request, response); } } /** *

                                            * Creates or updates the policy schema in the specified policy store. The schema is used to validate any Cedar * policies and policy templates submitted to the policy store. Any changes to the schema validate only policies and * templates submitted after the schema change. Existing policies and templates are not re-evaluated against the * changed schema. If you later update a policy, then it is evaluated against the new schema at that time. *

                                            * *

                                            * Verified Permissions is eventually consistent * . It can take a few seconds for a new or changed element to propagate through the service and be visible in * the results of other Verified Permissions operations. *

                                            *
                                            * * @param putSchemaRequest * @return Result of the PutSchema operation returned by the service. * @throws ValidationException * The request failed because one or more input parameters don't satisfy their constraint requirements. The * output is provided as a list of fields and a reason for each field that isn't valid.

                                            *

                                            * The possible reasons include the following: *

                                            *
                                              *
                                            • *

                                              * UnrecognizedEntityType *

                                              *

                                              * The policy includes an entity type that isn't found in the schema. *

                                              *
                                            • *
                                            • *

                                              * UnrecognizedActionId *

                                              *

                                              * The policy includes an action id that isn't found in the schema. *

                                              *
                                            • *
                                            • *

                                              * InvalidActionApplication *

                                              *

                                              * The policy includes an action that, according to the schema, doesn't support the specified principal and * resource. *

                                              *
                                            • *
                                            • *

                                              * UnexpectedType *

                                              *

                                              * The policy included an operand that isn't a valid type for the specified operation. *

                                              *
                                            • *
                                            • *

                                              * IncompatibleTypes *

                                              *

                                              * The types of elements included in a set, or the types of expressions used in an * if...then...else clause aren't compatible in this context. *

                                              *
                                            • *
                                            • *

                                              * MissingAttribute *

                                              *

                                              * The policy attempts to access a record or entity attribute that isn't specified in the schema. Test for * the existence of the attribute first before attempting to access its value. For more information, see the * has * (presence of attribute test) operator in the Cedar Policy Language Guide. *

                                              *
                                            • *
                                            • *

                                              * UnsafeOptionalAttributeAccess *

                                              *

                                              * The policy attempts to access a record or entity attribute that is optional and isn't guaranteed to be * present. Test for the existence of the attribute first before attempting to access its value. For more * information, see the has * (presence of attribute test) operator in the Cedar Policy Language Guide. *

                                              *
                                            • *
                                            • *

                                              * ImpossiblePolicy *

                                              *

                                              * Cedar has determined that a policy condition always evaluates to false. If the policy is always false, it * can never apply to any query, and so it can never affect an authorization decision. *

                                              *
                                            • *
                                            • *

                                              * WrongNumberArguments *

                                              *

                                              * The policy references an extension type with the wrong number of arguments. *

                                              *
                                            • *
                                            • *

                                              * FunctionArgumentValidationError *

                                              *

                                              * Cedar couldn't parse the argument passed to an extension type. For example, a string that is to be parsed * as an IPv4 address can contain only digits and the period character. *

                                              *
                                            • * @throws ServiceQuotaExceededException * The request failed because it would cause a service quota to be exceeded. * @throws ConflictException * The request failed because another request to modify a resource occurred at the same. * @throws AccessDeniedException * You don't have sufficient access to perform this action. * @throws ResourceNotFoundException * The request failed because it references a resource that doesn't exist. * @throws ThrottlingException * The request failed because it exceeded a throttling quota. * @throws InternalServerException * The request failed because of an internal error. Try your request again later * @sample AmazonVerifiedPermissions.PutSchema * @see AWS * API Documentation */ @Override public PutSchemaResult putSchema(PutSchemaRequest request) { request = beforeClientExecution(request); return executePutSchema(request); } @SdkInternalApi final PutSchemaResult executePutSchema(PutSchemaRequest putSchemaRequest) { ExecutionContext executionContext = createExecutionContext(putSchemaRequest); AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics(); awsRequestMetrics.startEvent(Field.ClientExecuteTime); Request request = null; Response response = null; try { awsRequestMetrics.startEvent(Field.RequestMarshallTime); try { request = new PutSchemaRequestProtocolMarshaller(protocolFactory).marshall(super.beforeMarshalling(putSchemaRequest)); // Binds the request metrics to the current request. request.setAWSRequestMetrics(awsRequestMetrics); request.addHandlerContext(HandlerContextKey.CLIENT_ENDPOINT, endpoint); request.addHandlerContext(HandlerContextKey.ENDPOINT_OVERRIDDEN, isEndpointOverridden()); request.addHandlerContext(HandlerContextKey.SIGNING_REGION, getSigningRegion()); request.addHandlerContext(HandlerContextKey.SERVICE_ID, "VerifiedPermissions"); request.addHandlerContext(HandlerContextKey.OPERATION_NAME, "PutSchema"); request.addHandlerContext(HandlerContextKey.ADVANCED_CONFIG, advancedConfig); } finally { awsRequestMetrics.endEvent(Field.RequestMarshallTime); } HttpResponseHandler> responseHandler = protocolFactory.createResponseHandler(new JsonOperationMetadata() .withPayloadJson(true).withHasStreamingSuccessResponse(false), new PutSchemaResultJsonUnmarshaller()); response = invoke(request, responseHandler, executionContext); return response.getAwsResponse(); } finally { endClientExecution(awsRequestMetrics, request, response); } } /** *

                                              * Updates the specified identity source to use a new identity provider (IdP), or to change the mapping of * identities from the IdP to a different principal entity type. *

                                              * *

                                              * Verified Permissions is eventually consistent * . It can take a few seconds for a new or changed element to propagate through the service and be visible in * the results of other Verified Permissions operations. *

                                              *
                                              * * @param updateIdentitySourceRequest * @return Result of the UpdateIdentitySource operation returned by the service. * @throws ValidationException * The request failed because one or more input parameters don't satisfy their constraint requirements. The * output is provided as a list of fields and a reason for each field that isn't valid.

                                              *

                                              * The possible reasons include the following: *

                                              *
                                                *
                                              • *

                                                * UnrecognizedEntityType *

                                                *

                                                * The policy includes an entity type that isn't found in the schema. *

                                                *
                                              • *
                                              • *

                                                * UnrecognizedActionId *

                                                *

                                                * The policy includes an action id that isn't found in the schema. *

                                                *
                                              • *
                                              • *

                                                * InvalidActionApplication *

                                                *

                                                * The policy includes an action that, according to the schema, doesn't support the specified principal and * resource. *

                                                *
                                              • *
                                              • *

                                                * UnexpectedType *

                                                *

                                                * The policy included an operand that isn't a valid type for the specified operation. *

                                                *
                                              • *
                                              • *

                                                * IncompatibleTypes *

                                                *

                                                * The types of elements included in a set, or the types of expressions used in an * if...then...else clause aren't compatible in this context. *

                                                *
                                              • *
                                              • *

                                                * MissingAttribute *

                                                *

                                                * The policy attempts to access a record or entity attribute that isn't specified in the schema. Test for * the existence of the attribute first before attempting to access its value. For more information, see the * has * (presence of attribute test) operator in the Cedar Policy Language Guide. *

                                                *
                                              • *
                                              • *

                                                * UnsafeOptionalAttributeAccess *

                                                *

                                                * The policy attempts to access a record or entity attribute that is optional and isn't guaranteed to be * present. Test for the existence of the attribute first before attempting to access its value. For more * information, see the has * (presence of attribute test) operator in the Cedar Policy Language Guide. *

                                                *
                                              • *
                                              • *

                                                * ImpossiblePolicy *

                                                *

                                                * Cedar has determined that a policy condition always evaluates to false. If the policy is always false, it * can never apply to any query, and so it can never affect an authorization decision. *

                                                *
                                              • *
                                              • *

                                                * WrongNumberArguments *

                                                *

                                                * The policy references an extension type with the wrong number of arguments. *

                                                *
                                              • *
                                              • *

                                                * FunctionArgumentValidationError *

                                                *

                                                * Cedar couldn't parse the argument passed to an extension type. For example, a string that is to be parsed * as an IPv4 address can contain only digits and the period character. *

                                                *
                                              • * @throws ConflictException * The request failed because another request to modify a resource occurred at the same. * @throws AccessDeniedException * You don't have sufficient access to perform this action. * @throws ResourceNotFoundException * The request failed because it references a resource that doesn't exist. * @throws ThrottlingException * The request failed because it exceeded a throttling quota. * @throws InternalServerException * The request failed because of an internal error. Try your request again later * @sample AmazonVerifiedPermissions.UpdateIdentitySource * @see AWS API Documentation */ @Override public UpdateIdentitySourceResult updateIdentitySource(UpdateIdentitySourceRequest request) { request = beforeClientExecution(request); return executeUpdateIdentitySource(request); } @SdkInternalApi final UpdateIdentitySourceResult executeUpdateIdentitySource(UpdateIdentitySourceRequest updateIdentitySourceRequest) { ExecutionContext executionContext = createExecutionContext(updateIdentitySourceRequest); AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics(); awsRequestMetrics.startEvent(Field.ClientExecuteTime); Request request = null; Response response = null; try { awsRequestMetrics.startEvent(Field.RequestMarshallTime); try { request = new UpdateIdentitySourceRequestProtocolMarshaller(protocolFactory).marshall(super.beforeMarshalling(updateIdentitySourceRequest)); // Binds the request metrics to the current request. request.setAWSRequestMetrics(awsRequestMetrics); request.addHandlerContext(HandlerContextKey.CLIENT_ENDPOINT, endpoint); request.addHandlerContext(HandlerContextKey.ENDPOINT_OVERRIDDEN, isEndpointOverridden()); request.addHandlerContext(HandlerContextKey.SIGNING_REGION, getSigningRegion()); request.addHandlerContext(HandlerContextKey.SERVICE_ID, "VerifiedPermissions"); request.addHandlerContext(HandlerContextKey.OPERATION_NAME, "UpdateIdentitySource"); request.addHandlerContext(HandlerContextKey.ADVANCED_CONFIG, advancedConfig); } finally { awsRequestMetrics.endEvent(Field.RequestMarshallTime); } HttpResponseHandler> responseHandler = protocolFactory.createResponseHandler( new JsonOperationMetadata().withPayloadJson(true).withHasStreamingSuccessResponse(false), new UpdateIdentitySourceResultJsonUnmarshaller()); response = invoke(request, responseHandler, executionContext); return response.getAwsResponse(); } finally { endClientExecution(awsRequestMetrics, request, response); } } /** *

                                                * Modifies a Cedar static policy in the specified policy store. You can change only certain elements of the UpdatePolicyDefinition parameter. You can directly update only static policies. To change a template-linked * policy, you must update the template instead, using UpdatePolicyTemplate. *

                                                * *
                                                  *
                                                • *

                                                  * If policy validation is enabled in the policy store, then updating a static policy causes Verified Permissions to * validate the policy against the schema in the policy store. If the updated static policy doesn't pass validation, * the operation fails and the update isn't stored. *

                                                  *
                                                • *
                                                • *

                                                  * When you edit a static policy, you can change only certain elements of a static policy: *

                                                  *
                                                    *
                                                  • *

                                                    * The action referenced by the policy. *

                                                    *
                                                  • *
                                                  • *

                                                    * A condition clause, such as when and unless. *

                                                    *
                                                  • *
                                                  *

                                                  * You can't change these elements of a static policy: *

                                                  *
                                                    *
                                                  • *

                                                    * Changing a policy from a static policy to a template-linked policy. *

                                                    *
                                                  • *
                                                  • *

                                                    * Changing the effect of a static policy from permit or forbid. *

                                                    *
                                                  • *
                                                  • *

                                                    * The principal referenced by a static policy. *

                                                    *
                                                  • *
                                                  • *

                                                    * The resource referenced by a static policy. *

                                                    *
                                                  • *
                                                  *
                                                • *
                                                • *

                                                  * To update a template-linked policy, you must update the template instead. *

                                                  *
                                                • *
                                                *
                                                *

                                                * Verified Permissions is eventually consistent * . It can take a few seconds for a new or changed element to propagate through the service and be visible in * the results of other Verified Permissions operations. *

                                                *
                                                * * @param updatePolicyRequest * @return Result of the UpdatePolicy operation returned by the service. * @throws ValidationException * The request failed because one or more input parameters don't satisfy their constraint requirements. The * output is provided as a list of fields and a reason for each field that isn't valid.

                                                *

                                                * The possible reasons include the following: *

                                                *
                                                  *
                                                • *

                                                  * UnrecognizedEntityType *

                                                  *

                                                  * The policy includes an entity type that isn't found in the schema. *

                                                  *
                                                • *
                                                • *

                                                  * UnrecognizedActionId *

                                                  *

                                                  * The policy includes an action id that isn't found in the schema. *

                                                  *
                                                • *
                                                • *

                                                  * InvalidActionApplication *

                                                  *

                                                  * The policy includes an action that, according to the schema, doesn't support the specified principal and * resource. *

                                                  *
                                                • *
                                                • *

                                                  * UnexpectedType *

                                                  *

                                                  * The policy included an operand that isn't a valid type for the specified operation. *

                                                  *
                                                • *
                                                • *

                                                  * IncompatibleTypes *

                                                  *

                                                  * The types of elements included in a set, or the types of expressions used in an * if...then...else clause aren't compatible in this context. *

                                                  *
                                                • *
                                                • *

                                                  * MissingAttribute *

                                                  *

                                                  * The policy attempts to access a record or entity attribute that isn't specified in the schema. Test for * the existence of the attribute first before attempting to access its value. For more information, see the * has * (presence of attribute test) operator in the Cedar Policy Language Guide. *

                                                  *
                                                • *
                                                • *

                                                  * UnsafeOptionalAttributeAccess *

                                                  *

                                                  * The policy attempts to access a record or entity attribute that is optional and isn't guaranteed to be * present. Test for the existence of the attribute first before attempting to access its value. For more * information, see the has * (presence of attribute test) operator in the Cedar Policy Language Guide. *

                                                  *
                                                • *
                                                • *

                                                  * ImpossiblePolicy *

                                                  *

                                                  * Cedar has determined that a policy condition always evaluates to false. If the policy is always false, it * can never apply to any query, and so it can never affect an authorization decision. *

                                                  *
                                                • *
                                                • *

                                                  * WrongNumberArguments *

                                                  *

                                                  * The policy references an extension type with the wrong number of arguments. *

                                                  *
                                                • *
                                                • *

                                                  * FunctionArgumentValidationError *

                                                  *

                                                  * Cedar couldn't parse the argument passed to an extension type. For example, a string that is to be parsed * as an IPv4 address can contain only digits and the period character. *

                                                  *
                                                • * @throws ServiceQuotaExceededException * The request failed because it would cause a service quota to be exceeded. * @throws ConflictException * The request failed because another request to modify a resource occurred at the same. * @throws AccessDeniedException * You don't have sufficient access to perform this action. * @throws ResourceNotFoundException * The request failed because it references a resource that doesn't exist. * @throws ThrottlingException * The request failed because it exceeded a throttling quota. * @throws InternalServerException * The request failed because of an internal error. Try your request again later * @sample AmazonVerifiedPermissions.UpdatePolicy * @see AWS API Documentation */ @Override public UpdatePolicyResult updatePolicy(UpdatePolicyRequest request) { request = beforeClientExecution(request); return executeUpdatePolicy(request); } @SdkInternalApi final UpdatePolicyResult executeUpdatePolicy(UpdatePolicyRequest updatePolicyRequest) { ExecutionContext executionContext = createExecutionContext(updatePolicyRequest); AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics(); awsRequestMetrics.startEvent(Field.ClientExecuteTime); Request request = null; Response response = null; try { awsRequestMetrics.startEvent(Field.RequestMarshallTime); try { request = new UpdatePolicyRequestProtocolMarshaller(protocolFactory).marshall(super.beforeMarshalling(updatePolicyRequest)); // Binds the request metrics to the current request. request.setAWSRequestMetrics(awsRequestMetrics); request.addHandlerContext(HandlerContextKey.CLIENT_ENDPOINT, endpoint); request.addHandlerContext(HandlerContextKey.ENDPOINT_OVERRIDDEN, isEndpointOverridden()); request.addHandlerContext(HandlerContextKey.SIGNING_REGION, getSigningRegion()); request.addHandlerContext(HandlerContextKey.SERVICE_ID, "VerifiedPermissions"); request.addHandlerContext(HandlerContextKey.OPERATION_NAME, "UpdatePolicy"); request.addHandlerContext(HandlerContextKey.ADVANCED_CONFIG, advancedConfig); } finally { awsRequestMetrics.endEvent(Field.RequestMarshallTime); } HttpResponseHandler> responseHandler = protocolFactory.createResponseHandler( new JsonOperationMetadata().withPayloadJson(true).withHasStreamingSuccessResponse(false), new UpdatePolicyResultJsonUnmarshaller()); response = invoke(request, responseHandler, executionContext); return response.getAwsResponse(); } finally { endClientExecution(awsRequestMetrics, request, response); } } /** *

                                                  * Modifies the validation setting for a policy store. *

                                                  * *

                                                  * Verified Permissions is eventually consistent * . It can take a few seconds for a new or changed element to propagate through the service and be visible in * the results of other Verified Permissions operations. *

                                                  *
                                                  * * @param updatePolicyStoreRequest * @return Result of the UpdatePolicyStore operation returned by the service. * @throws ValidationException * The request failed because one or more input parameters don't satisfy their constraint requirements. The * output is provided as a list of fields and a reason for each field that isn't valid.

                                                  *

                                                  * The possible reasons include the following: *

                                                  *
                                                    *
                                                  • *

                                                    * UnrecognizedEntityType *

                                                    *

                                                    * The policy includes an entity type that isn't found in the schema. *

                                                    *
                                                  • *
                                                  • *

                                                    * UnrecognizedActionId *

                                                    *

                                                    * The policy includes an action id that isn't found in the schema. *

                                                    *
                                                  • *
                                                  • *

                                                    * InvalidActionApplication *

                                                    *

                                                    * The policy includes an action that, according to the schema, doesn't support the specified principal and * resource. *

                                                    *
                                                  • *
                                                  • *

                                                    * UnexpectedType *

                                                    *

                                                    * The policy included an operand that isn't a valid type for the specified operation. *

                                                    *
                                                  • *
                                                  • *

                                                    * IncompatibleTypes *

                                                    *

                                                    * The types of elements included in a set, or the types of expressions used in an * if...then...else clause aren't compatible in this context. *

                                                    *
                                                  • *
                                                  • *

                                                    * MissingAttribute *

                                                    *

                                                    * The policy attempts to access a record or entity attribute that isn't specified in the schema. Test for * the existence of the attribute first before attempting to access its value. For more information, see the * has * (presence of attribute test) operator in the Cedar Policy Language Guide. *

                                                    *
                                                  • *
                                                  • *

                                                    * UnsafeOptionalAttributeAccess *

                                                    *

                                                    * The policy attempts to access a record or entity attribute that is optional and isn't guaranteed to be * present. Test for the existence of the attribute first before attempting to access its value. For more * information, see the has * (presence of attribute test) operator in the Cedar Policy Language Guide. *

                                                    *
                                                  • *
                                                  • *

                                                    * ImpossiblePolicy *

                                                    *

                                                    * Cedar has determined that a policy condition always evaluates to false. If the policy is always false, it * can never apply to any query, and so it can never affect an authorization decision. *

                                                    *
                                                  • *
                                                  • *

                                                    * WrongNumberArguments *

                                                    *

                                                    * The policy references an extension type with the wrong number of arguments. *

                                                    *
                                                  • *
                                                  • *

                                                    * FunctionArgumentValidationError *

                                                    *

                                                    * Cedar couldn't parse the argument passed to an extension type. For example, a string that is to be parsed * as an IPv4 address can contain only digits and the period character. *

                                                    *
                                                  • * @throws ConflictException * The request failed because another request to modify a resource occurred at the same. * @throws AccessDeniedException * You don't have sufficient access to perform this action. * @throws ResourceNotFoundException * The request failed because it references a resource that doesn't exist. * @throws ThrottlingException * The request failed because it exceeded a throttling quota. * @throws InternalServerException * The request failed because of an internal error. Try your request again later * @sample AmazonVerifiedPermissions.UpdatePolicyStore * @see AWS API Documentation */ @Override public UpdatePolicyStoreResult updatePolicyStore(UpdatePolicyStoreRequest request) { request = beforeClientExecution(request); return executeUpdatePolicyStore(request); } @SdkInternalApi final UpdatePolicyStoreResult executeUpdatePolicyStore(UpdatePolicyStoreRequest updatePolicyStoreRequest) { ExecutionContext executionContext = createExecutionContext(updatePolicyStoreRequest); AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics(); awsRequestMetrics.startEvent(Field.ClientExecuteTime); Request request = null; Response response = null; try { awsRequestMetrics.startEvent(Field.RequestMarshallTime); try { request = new UpdatePolicyStoreRequestProtocolMarshaller(protocolFactory).marshall(super.beforeMarshalling(updatePolicyStoreRequest)); // Binds the request metrics to the current request. request.setAWSRequestMetrics(awsRequestMetrics); request.addHandlerContext(HandlerContextKey.CLIENT_ENDPOINT, endpoint); request.addHandlerContext(HandlerContextKey.ENDPOINT_OVERRIDDEN, isEndpointOverridden()); request.addHandlerContext(HandlerContextKey.SIGNING_REGION, getSigningRegion()); request.addHandlerContext(HandlerContextKey.SERVICE_ID, "VerifiedPermissions"); request.addHandlerContext(HandlerContextKey.OPERATION_NAME, "UpdatePolicyStore"); request.addHandlerContext(HandlerContextKey.ADVANCED_CONFIG, advancedConfig); } finally { awsRequestMetrics.endEvent(Field.RequestMarshallTime); } HttpResponseHandler> responseHandler = protocolFactory.createResponseHandler( new JsonOperationMetadata().withPayloadJson(true).withHasStreamingSuccessResponse(false), new UpdatePolicyStoreResultJsonUnmarshaller()); response = invoke(request, responseHandler, executionContext); return response.getAwsResponse(); } finally { endClientExecution(awsRequestMetrics, request, response); } } /** *

                                                    * Updates the specified policy template. You can update only the description and the some elements of the policyBody. *

                                                    * *

                                                    * Changes you make to the policy template content are immediately (within the constraints of eventual consistency) * reflected in authorization decisions that involve all template-linked policies instantiated from this template. *

                                                    *
                                                    *

                                                    * Verified Permissions is eventually consistent * . It can take a few seconds for a new or changed element to propagate through the service and be visible in * the results of other Verified Permissions operations. *

                                                    *
                                                    * * @param updatePolicyTemplateRequest * @return Result of the UpdatePolicyTemplate operation returned by the service. * @throws ValidationException * The request failed because one or more input parameters don't satisfy their constraint requirements. The * output is provided as a list of fields and a reason for each field that isn't valid.

                                                    *

                                                    * The possible reasons include the following: *

                                                    *
                                                      *
                                                    • *

                                                      * UnrecognizedEntityType *

                                                      *

                                                      * The policy includes an entity type that isn't found in the schema. *

                                                      *
                                                    • *
                                                    • *

                                                      * UnrecognizedActionId *

                                                      *

                                                      * The policy includes an action id that isn't found in the schema. *

                                                      *
                                                    • *
                                                    • *

                                                      * InvalidActionApplication *

                                                      *

                                                      * The policy includes an action that, according to the schema, doesn't support the specified principal and * resource. *

                                                      *
                                                    • *
                                                    • *

                                                      * UnexpectedType *

                                                      *

                                                      * The policy included an operand that isn't a valid type for the specified operation. *

                                                      *
                                                    • *
                                                    • *

                                                      * IncompatibleTypes *

                                                      *

                                                      * The types of elements included in a set, or the types of expressions used in an * if...then...else clause aren't compatible in this context. *

                                                      *
                                                    • *
                                                    • *

                                                      * MissingAttribute *

                                                      *

                                                      * The policy attempts to access a record or entity attribute that isn't specified in the schema. Test for * the existence of the attribute first before attempting to access its value. For more information, see the * has * (presence of attribute test) operator in the Cedar Policy Language Guide. *

                                                      *
                                                    • *
                                                    • *

                                                      * UnsafeOptionalAttributeAccess *

                                                      *

                                                      * The policy attempts to access a record or entity attribute that is optional and isn't guaranteed to be * present. Test for the existence of the attribute first before attempting to access its value. For more * information, see the has * (presence of attribute test) operator in the Cedar Policy Language Guide. *

                                                      *
                                                    • *
                                                    • *

                                                      * ImpossiblePolicy *

                                                      *

                                                      * Cedar has determined that a policy condition always evaluates to false. If the policy is always false, it * can never apply to any query, and so it can never affect an authorization decision. *

                                                      *
                                                    • *
                                                    • *

                                                      * WrongNumberArguments *

                                                      *

                                                      * The policy references an extension type with the wrong number of arguments. *

                                                      *
                                                    • *
                                                    • *

                                                      * FunctionArgumentValidationError *

                                                      *

                                                      * Cedar couldn't parse the argument passed to an extension type. For example, a string that is to be parsed * as an IPv4 address can contain only digits and the period character. *

                                                      *
                                                    • * @throws ConflictException * The request failed because another request to modify a resource occurred at the same. * @throws AccessDeniedException * You don't have sufficient access to perform this action. * @throws ResourceNotFoundException * The request failed because it references a resource that doesn't exist. * @throws ThrottlingException * The request failed because it exceeded a throttling quota. * @throws InternalServerException * The request failed because of an internal error. Try your request again later * @sample AmazonVerifiedPermissions.UpdatePolicyTemplate * @see AWS API Documentation */ @Override public UpdatePolicyTemplateResult updatePolicyTemplate(UpdatePolicyTemplateRequest request) { request = beforeClientExecution(request); return executeUpdatePolicyTemplate(request); } @SdkInternalApi final UpdatePolicyTemplateResult executeUpdatePolicyTemplate(UpdatePolicyTemplateRequest updatePolicyTemplateRequest) { ExecutionContext executionContext = createExecutionContext(updatePolicyTemplateRequest); AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics(); awsRequestMetrics.startEvent(Field.ClientExecuteTime); Request request = null; Response response = null; try { awsRequestMetrics.startEvent(Field.RequestMarshallTime); try { request = new UpdatePolicyTemplateRequestProtocolMarshaller(protocolFactory).marshall(super.beforeMarshalling(updatePolicyTemplateRequest)); // Binds the request metrics to the current request. request.setAWSRequestMetrics(awsRequestMetrics); request.addHandlerContext(HandlerContextKey.CLIENT_ENDPOINT, endpoint); request.addHandlerContext(HandlerContextKey.ENDPOINT_OVERRIDDEN, isEndpointOverridden()); request.addHandlerContext(HandlerContextKey.SIGNING_REGION, getSigningRegion()); request.addHandlerContext(HandlerContextKey.SERVICE_ID, "VerifiedPermissions"); request.addHandlerContext(HandlerContextKey.OPERATION_NAME, "UpdatePolicyTemplate"); request.addHandlerContext(HandlerContextKey.ADVANCED_CONFIG, advancedConfig); } finally { awsRequestMetrics.endEvent(Field.RequestMarshallTime); } HttpResponseHandler> responseHandler = protocolFactory.createResponseHandler( new JsonOperationMetadata().withPayloadJson(true).withHasStreamingSuccessResponse(false), new UpdatePolicyTemplateResultJsonUnmarshaller()); response = invoke(request, responseHandler, executionContext); return response.getAwsResponse(); } finally { endClientExecution(awsRequestMetrics, request, response); } } /** * Returns additional metadata for a previously executed successful, request, typically used for debugging issues * where a service isn't acting as expected. This data isn't considered part of the result data returned by an * operation, so it's available through this separate, diagnostic interface. *

                                                      * Response metadata is only cached for a limited period of time, so if you need to access this extra diagnostic * information for an executed request, you should use this method to retrieve it as soon as possible after * executing the request. * * @param request * The originally executed request * * @return The response metadata for the specified request, or null if none is available. */ public ResponseMetadata getCachedResponseMetadata(AmazonWebServiceRequest request) { return client.getResponseMetadataForRequest(request); } /** * Normal invoke with authentication. Credentials are required and may be overriden at the request level. **/ private Response invoke(Request request, HttpResponseHandler> responseHandler, ExecutionContext executionContext) { return invoke(request, responseHandler, executionContext, null, null); } /** * Normal invoke with authentication. Credentials are required and may be overriden at the request level. **/ private Response invoke(Request request, HttpResponseHandler> responseHandler, ExecutionContext executionContext, URI cachedEndpoint, URI uriFromEndpointTrait) { executionContext.setCredentialsProvider(CredentialUtils.getCredentialsProvider(request.getOriginalRequest(), awsCredentialsProvider)); return doInvoke(request, responseHandler, executionContext, cachedEndpoint, uriFromEndpointTrait); } /** * Invoke with no authentication. Credentials are not required and any credentials set on the client or request will * be ignored for this operation. **/ private Response anonymousInvoke(Request request, HttpResponseHandler> responseHandler, ExecutionContext executionContext) { return doInvoke(request, responseHandler, executionContext, null, null); } /** * Invoke the request using the http client. Assumes credentials (or lack thereof) have been configured in the * ExecutionContext beforehand. **/ private Response doInvoke(Request request, HttpResponseHandler> responseHandler, ExecutionContext executionContext, URI discoveredEndpoint, URI uriFromEndpointTrait) { if (discoveredEndpoint != null) { request.setEndpoint(discoveredEndpoint); request.getOriginalRequest().getRequestClientOptions().appendUserAgent("endpoint-discovery"); } else if (uriFromEndpointTrait != null) { request.setEndpoint(uriFromEndpointTrait); } else { request.setEndpoint(endpoint); } request.setTimeOffset(timeOffset); HttpResponseHandler errorResponseHandler = protocolFactory.createErrorResponseHandler(new JsonErrorResponseMetadata()); return client.execute(request, responseHandler, errorResponseHandler, executionContext); } @com.amazonaws.annotation.SdkInternalApi static com.amazonaws.protocol.json.SdkJsonProtocolFactory getProtocolFactory() { return protocolFactory; } @Override public void shutdown() { super.shutdown(); } }





© 2015 - 2025 Weber Informatics LLC | Privacy Policy