
com.amazonaws.services.verifiedpermissions.AmazonVerifiedPermissionsClient Maven / Gradle / Ivy
/*
* Copyright 2019-2024 Amazon.com, Inc. or its affiliates. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance with
* the License. A copy of the License is located at
*
* http://aws.amazon.com/apache2.0
*
* or in the "license" file accompanying this file. This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
* CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions
* and limitations under the License.
*/
package com.amazonaws.services.verifiedpermissions;
import org.w3c.dom.*;
import java.net.*;
import java.util.*;
import javax.annotation.Generated;
import org.apache.commons.logging.*;
import com.amazonaws.*;
import com.amazonaws.annotation.SdkInternalApi;
import com.amazonaws.auth.*;
import com.amazonaws.handlers.*;
import com.amazonaws.http.*;
import com.amazonaws.internal.*;
import com.amazonaws.internal.auth.*;
import com.amazonaws.metrics.*;
import com.amazonaws.regions.*;
import com.amazonaws.transform.*;
import com.amazonaws.util.*;
import com.amazonaws.protocol.json.*;
import com.amazonaws.util.AWSRequestMetrics.Field;
import com.amazonaws.annotation.ThreadSafe;
import com.amazonaws.client.AwsSyncClientParams;
import com.amazonaws.client.builder.AdvancedConfig;
import com.amazonaws.services.verifiedpermissions.AmazonVerifiedPermissionsClientBuilder;
import com.amazonaws.AmazonServiceException;
import com.amazonaws.services.verifiedpermissions.model.*;
import com.amazonaws.services.verifiedpermissions.model.transform.*;
/**
* Client for accessing Amazon Verified Permissions. All service calls made using this client are blocking, and will not
* return until the service call completes.
*
*
* Amazon Verified Permissions is a permissions management service from Amazon Web Services. You can use Verified
* Permissions to manage permissions for your application, and authorize user access based on those permissions. Using
* Verified Permissions, application developers can grant access based on information about the users, resources, and
* requested actions. You can also evaluate additional information like group membership, attributes of the resources,
* and session context, such as time of request and IP addresses. Verified Permissions manages these permissions by
* letting you create and store authorization policies for your applications, such as consumer-facing web sites and
* enterprise business systems.
*
*
* Verified Permissions uses Cedar as the policy language to express your permission requirements. Cedar supports both
* role-based access control (RBAC) and attribute-based access control (ABAC) authorization models.
*
*
* For more information about configuring, administering, and using Amazon Verified Permissions in your applications,
* see the Amazon Verified Permissions User
* Guide.
*
*
* For more information about the Cedar policy language, see the Cedar Policy
* Language Guide.
*
*
*
* When you write Cedar policies that reference principals, resources and actions, you can define the unique identifiers
* used for each of those elements. We strongly recommend that you follow these best practices:
*
*
* -
*
* Use values like universally unique identifiers (UUIDs) for all principal and resource identifiers.
*
*
* For example, if user jane
leaves the company, and you later let someone else use the name
* jane
, then that new user automatically gets access to everything granted by policies that still
* reference User::"jane"
. Cedar can’t distinguish between the new user and the old. This applies to both
* principal and resource identifiers. Always use identifiers that are guaranteed unique and never reused to ensure that
* you don’t unintentionally grant access because of the presence of an old identifier in a policy.
*
*
* Where you use a UUID for an entity, we recommend that you follow it with the // comment specifier and the ‘friendly’
* name of your entity. This helps to make your policies easier to understand. For example: principal ==
* User::"a1b2c3d4-e5f6-a1b2-c3d4-EXAMPLE11111", // alice
*
*
* -
*
* Do not include personally identifying, confidential, or sensitive information as part of the unique identifier for
* your principals or resources. These identifiers are included in log entries shared in CloudTrail trails.
*
*
*
*
*
* Several operations return structures that appear similar, but have different purposes. As new functionality is added
* to the product, the structure used in a parameter of one operation might need to change in a way that wouldn't make
* sense for the same parameter in a different operation. To help you understand the purpose of each, the following
* naming convention is used for the structures:
*
*
* -
*
* Parameter type structures that end in Detail
are used in Get
operations.
*
*
* -
*
* Parameter type structures that end in Item
are used in List
operations.
*
*
* -
*
* Parameter type structures that use neither suffix are used in the mutating (create and update) operations.
*
*
*
*/
@ThreadSafe
@Generated("com.amazonaws:aws-java-sdk-code-generator")
public class AmazonVerifiedPermissionsClient extends AmazonWebServiceClient implements AmazonVerifiedPermissions {
/** Provider for AWS credentials. */
private final AWSCredentialsProvider awsCredentialsProvider;
private static final Log log = LogFactory.getLog(AmazonVerifiedPermissions.class);
/** Default signing name for the service. */
private static final String DEFAULT_SIGNING_NAME = "verifiedpermissions";
/** Client configuration factory providing ClientConfigurations tailored to this client */
protected static final ClientConfigurationFactory configFactory = new ClientConfigurationFactory();
private final AdvancedConfig advancedConfig;
private static final com.amazonaws.protocol.json.SdkJsonProtocolFactory protocolFactory = new com.amazonaws.protocol.json.SdkJsonProtocolFactory(
new JsonClientMetadata()
.withProtocolVersion("1.0")
.withSupportsCbor(false)
.withSupportsIon(false)
.addErrorMetadata(
new JsonErrorShapeMetadata().withErrorCode("ThrottlingException").withExceptionUnmarshaller(
com.amazonaws.services.verifiedpermissions.model.transform.ThrottlingExceptionUnmarshaller.getInstance()))
.addErrorMetadata(
new JsonErrorShapeMetadata().withErrorCode("ServiceQuotaExceededException").withExceptionUnmarshaller(
com.amazonaws.services.verifiedpermissions.model.transform.ServiceQuotaExceededExceptionUnmarshaller.getInstance()))
.addErrorMetadata(
new JsonErrorShapeMetadata().withErrorCode("InternalServerException").withExceptionUnmarshaller(
com.amazonaws.services.verifiedpermissions.model.transform.InternalServerExceptionUnmarshaller.getInstance()))
.addErrorMetadata(
new JsonErrorShapeMetadata().withErrorCode("AccessDeniedException").withExceptionUnmarshaller(
com.amazonaws.services.verifiedpermissions.model.transform.AccessDeniedExceptionUnmarshaller.getInstance()))
.addErrorMetadata(
new JsonErrorShapeMetadata().withErrorCode("ConflictException").withExceptionUnmarshaller(
com.amazonaws.services.verifiedpermissions.model.transform.ConflictExceptionUnmarshaller.getInstance()))
.addErrorMetadata(
new JsonErrorShapeMetadata().withErrorCode("ResourceNotFoundException").withExceptionUnmarshaller(
com.amazonaws.services.verifiedpermissions.model.transform.ResourceNotFoundExceptionUnmarshaller.getInstance()))
.addErrorMetadata(
new JsonErrorShapeMetadata().withErrorCode("ValidationException").withExceptionUnmarshaller(
com.amazonaws.services.verifiedpermissions.model.transform.ValidationExceptionUnmarshaller.getInstance()))
.withBaseServiceExceptionClass(com.amazonaws.services.verifiedpermissions.model.AmazonVerifiedPermissionsException.class));
public static AmazonVerifiedPermissionsClientBuilder builder() {
return AmazonVerifiedPermissionsClientBuilder.standard();
}
/**
* Constructs a new client to invoke service methods on Amazon Verified Permissions using the specified parameters.
*
*
* All service calls made using this new client object are blocking, and will not return until the service call
* completes.
*
* @param clientParams
* Object providing client parameters.
*/
AmazonVerifiedPermissionsClient(AwsSyncClientParams clientParams) {
this(clientParams, false);
}
/**
* Constructs a new client to invoke service methods on Amazon Verified Permissions using the specified parameters.
*
*
* All service calls made using this new client object are blocking, and will not return until the service call
* completes.
*
* @param clientParams
* Object providing client parameters.
*/
AmazonVerifiedPermissionsClient(AwsSyncClientParams clientParams, boolean endpointDiscoveryEnabled) {
super(clientParams);
this.awsCredentialsProvider = clientParams.getCredentialsProvider();
this.advancedConfig = clientParams.getAdvancedConfig();
init();
}
private void init() {
setServiceNameIntern(DEFAULT_SIGNING_NAME);
setEndpointPrefix(ENDPOINT_PREFIX);
// calling this.setEndPoint(...) will also modify the signer accordingly
setEndpoint("verifiedpermissions.us-east-1.amazonaws.com");
HandlerChainFactory chainFactory = new HandlerChainFactory();
requestHandler2s.addAll(chainFactory.newRequestHandlerChain("/com/amazonaws/services/verifiedpermissions/request.handlers"));
requestHandler2s.addAll(chainFactory.newRequestHandler2Chain("/com/amazonaws/services/verifiedpermissions/request.handler2s"));
requestHandler2s.addAll(chainFactory.getGlobalHandlers());
}
/**
*
* Makes a series of decisions about multiple authorization requests for one principal or resource. Each request
* contains the equivalent content of an IsAuthorized
request: principal, action, resource, and
* context. Either the principal
or the resource
parameter must be identical across all
* requests. For example, Verified Permissions won't evaluate a pair of requests where bob
views
* photo1
and alice
views photo2
. Authorization of bob
to view
* photo1
and photo2
, or bob
and alice
to view
* photo1
, are valid batches.
*
*
* The request is evaluated against all policies in the specified policy store that match the entities that you
* declare. The result of the decisions is a series of Allow
or Deny
responses, along with
* the IDs of the policies that produced each decision.
*
*
* The entities
of a BatchIsAuthorized
API request can contain up to 100 principals and up
* to 100 resources. The requests
of a BatchIsAuthorized
API request can contain up to 30
* requests.
*
*
*
* The BatchIsAuthorized
operation doesn't have its own IAM permission. To authorize this operation for
* Amazon Web Services principals, include the permission verifiedpermissions:IsAuthorized
in their IAM
* policies.
*
*
*
* @param batchIsAuthorizedRequest
* @return Result of the BatchIsAuthorized operation returned by the service.
* @throws ValidationException
* The request failed because one or more input parameters don't satisfy their constraint requirements. The
* output is provided as a list of fields and a reason for each field that isn't valid.
*
* The possible reasons include the following:
*
*
* -
*
* UnrecognizedEntityType
*
*
* The policy includes an entity type that isn't found in the schema.
*
*
* -
*
* UnrecognizedActionId
*
*
* The policy includes an action id that isn't found in the schema.
*
*
* -
*
* InvalidActionApplication
*
*
* The policy includes an action that, according to the schema, doesn't support the specified principal and
* resource.
*
*
* -
*
* UnexpectedType
*
*
* The policy included an operand that isn't a valid type for the specified operation.
*
*
* -
*
* IncompatibleTypes
*
*
* The types of elements included in a set
, or the types of expressions used in an
* if...then...else
clause aren't compatible in this context.
*
*
* -
*
* MissingAttribute
*
*
* The policy attempts to access a record or entity attribute that isn't specified in the schema. Test for
* the existence of the attribute first before attempting to access its value. For more information, see the
* has
* (presence of attribute test) operator in the Cedar Policy Language Guide.
*
*
* -
*
* UnsafeOptionalAttributeAccess
*
*
* The policy attempts to access a record or entity attribute that is optional and isn't guaranteed to be
* present. Test for the existence of the attribute first before attempting to access its value. For more
* information, see the has
* (presence of attribute test) operator in the Cedar Policy Language Guide.
*
*
* -
*
* ImpossiblePolicy
*
*
* Cedar has determined that a policy condition always evaluates to false. If the policy is always false, it
* can never apply to any query, and so it can never affect an authorization decision.
*
*
* -
*
* WrongNumberArguments
*
*
* The policy references an extension type with the wrong number of arguments.
*
*
* -
*
* FunctionArgumentValidationError
*
*
* Cedar couldn't parse the argument passed to an extension type. For example, a string that is to be parsed
* as an IPv4 address can contain only digits and the period character.
*
*
* @throws AccessDeniedException
* You don't have sufficient access to perform this action.
* @throws ResourceNotFoundException
* The request failed because it references a resource that doesn't exist.
* @throws ThrottlingException
* The request failed because it exceeded a throttling quota.
* @throws InternalServerException
* The request failed because of an internal error. Try your request again later
* @sample AmazonVerifiedPermissions.BatchIsAuthorized
* @see AWS API Documentation
*/
@Override
public BatchIsAuthorizedResult batchIsAuthorized(BatchIsAuthorizedRequest request) {
request = beforeClientExecution(request);
return executeBatchIsAuthorized(request);
}
@SdkInternalApi
final BatchIsAuthorizedResult executeBatchIsAuthorized(BatchIsAuthorizedRequest batchIsAuthorizedRequest) {
ExecutionContext executionContext = createExecutionContext(batchIsAuthorizedRequest);
AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics();
awsRequestMetrics.startEvent(Field.ClientExecuteTime);
Request request = null;
Response response = null;
try {
awsRequestMetrics.startEvent(Field.RequestMarshallTime);
try {
request = new BatchIsAuthorizedRequestProtocolMarshaller(protocolFactory).marshall(super.beforeMarshalling(batchIsAuthorizedRequest));
// Binds the request metrics to the current request.
request.setAWSRequestMetrics(awsRequestMetrics);
request.addHandlerContext(HandlerContextKey.CLIENT_ENDPOINT, endpoint);
request.addHandlerContext(HandlerContextKey.ENDPOINT_OVERRIDDEN, isEndpointOverridden());
request.addHandlerContext(HandlerContextKey.SIGNING_REGION, getSigningRegion());
request.addHandlerContext(HandlerContextKey.SERVICE_ID, "VerifiedPermissions");
request.addHandlerContext(HandlerContextKey.OPERATION_NAME, "BatchIsAuthorized");
request.addHandlerContext(HandlerContextKey.ADVANCED_CONFIG, advancedConfig);
} finally {
awsRequestMetrics.endEvent(Field.RequestMarshallTime);
}
HttpResponseHandler> responseHandler = protocolFactory.createResponseHandler(
new JsonOperationMetadata().withPayloadJson(true).withHasStreamingSuccessResponse(false), new BatchIsAuthorizedResultJsonUnmarshaller());
response = invoke(request, responseHandler, executionContext);
return response.getAwsResponse();
} finally {
endClientExecution(awsRequestMetrics, request, response);
}
}
/**
*
* Makes a series of decisions about multiple authorization requests for one token. The principal in this request
* comes from an external identity source in the form of an identity or access token, formatted as a JSON web token (JWT). The information in the parameters can
* also define additional context that Verified Permissions can include in the evaluations.
*
*
* The request is evaluated against all policies in the specified policy store that match the entities that you
* provide in the entities declaration and in the token. The result of the decisions is a series of
* Allow
or Deny
responses, along with the IDs of the policies that produced each
* decision.
*
*
* The entities
of a BatchIsAuthorizedWithToken
API request can contain up to 100
* resources and up to 99 user groups. The requests
of a BatchIsAuthorizedWithToken
API
* request can contain up to 30 requests.
*
*
*
* The BatchIsAuthorizedWithToken
operation doesn't have its own IAM permission. To authorize this
* operation for Amazon Web Services principals, include the permission
* verifiedpermissions:IsAuthorizedWithToken
in their IAM policies.
*
*
*
* @param batchIsAuthorizedWithTokenRequest
* @return Result of the BatchIsAuthorizedWithToken operation returned by the service.
* @throws ValidationException
* The request failed because one or more input parameters don't satisfy their constraint requirements. The
* output is provided as a list of fields and a reason for each field that isn't valid.
*
* The possible reasons include the following:
*
*
* -
*
* UnrecognizedEntityType
*
*
* The policy includes an entity type that isn't found in the schema.
*
*
* -
*
* UnrecognizedActionId
*
*
* The policy includes an action id that isn't found in the schema.
*
*
* -
*
* InvalidActionApplication
*
*
* The policy includes an action that, according to the schema, doesn't support the specified principal and
* resource.
*
*
* -
*
* UnexpectedType
*
*
* The policy included an operand that isn't a valid type for the specified operation.
*
*
* -
*
* IncompatibleTypes
*
*
* The types of elements included in a set
, or the types of expressions used in an
* if...then...else
clause aren't compatible in this context.
*
*
* -
*
* MissingAttribute
*
*
* The policy attempts to access a record or entity attribute that isn't specified in the schema. Test for
* the existence of the attribute first before attempting to access its value. For more information, see the
* has
* (presence of attribute test) operator in the Cedar Policy Language Guide.
*
*
* -
*
* UnsafeOptionalAttributeAccess
*
*
* The policy attempts to access a record or entity attribute that is optional and isn't guaranteed to be
* present. Test for the existence of the attribute first before attempting to access its value. For more
* information, see the has
* (presence of attribute test) operator in the Cedar Policy Language Guide.
*
*
* -
*
* ImpossiblePolicy
*
*
* Cedar has determined that a policy condition always evaluates to false. If the policy is always false, it
* can never apply to any query, and so it can never affect an authorization decision.
*
*
* -
*
* WrongNumberArguments
*
*
* The policy references an extension type with the wrong number of arguments.
*
*
* -
*
* FunctionArgumentValidationError
*
*
* Cedar couldn't parse the argument passed to an extension type. For example, a string that is to be parsed
* as an IPv4 address can contain only digits and the period character.
*
*
* @throws AccessDeniedException
* You don't have sufficient access to perform this action.
* @throws ResourceNotFoundException
* The request failed because it references a resource that doesn't exist.
* @throws ThrottlingException
* The request failed because it exceeded a throttling quota.
* @throws InternalServerException
* The request failed because of an internal error. Try your request again later
* @sample AmazonVerifiedPermissions.BatchIsAuthorizedWithToken
* @see AWS API Documentation
*/
@Override
public BatchIsAuthorizedWithTokenResult batchIsAuthorizedWithToken(BatchIsAuthorizedWithTokenRequest request) {
request = beforeClientExecution(request);
return executeBatchIsAuthorizedWithToken(request);
}
@SdkInternalApi
final BatchIsAuthorizedWithTokenResult executeBatchIsAuthorizedWithToken(BatchIsAuthorizedWithTokenRequest batchIsAuthorizedWithTokenRequest) {
ExecutionContext executionContext = createExecutionContext(batchIsAuthorizedWithTokenRequest);
AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics();
awsRequestMetrics.startEvent(Field.ClientExecuteTime);
Request request = null;
Response response = null;
try {
awsRequestMetrics.startEvent(Field.RequestMarshallTime);
try {
request = new BatchIsAuthorizedWithTokenRequestProtocolMarshaller(protocolFactory).marshall(super
.beforeMarshalling(batchIsAuthorizedWithTokenRequest));
// Binds the request metrics to the current request.
request.setAWSRequestMetrics(awsRequestMetrics);
request.addHandlerContext(HandlerContextKey.CLIENT_ENDPOINT, endpoint);
request.addHandlerContext(HandlerContextKey.ENDPOINT_OVERRIDDEN, isEndpointOverridden());
request.addHandlerContext(HandlerContextKey.SIGNING_REGION, getSigningRegion());
request.addHandlerContext(HandlerContextKey.SERVICE_ID, "VerifiedPermissions");
request.addHandlerContext(HandlerContextKey.OPERATION_NAME, "BatchIsAuthorizedWithToken");
request.addHandlerContext(HandlerContextKey.ADVANCED_CONFIG, advancedConfig);
} finally {
awsRequestMetrics.endEvent(Field.RequestMarshallTime);
}
HttpResponseHandler> responseHandler = protocolFactory.createResponseHandler(
new JsonOperationMetadata().withPayloadJson(true).withHasStreamingSuccessResponse(false),
new BatchIsAuthorizedWithTokenResultJsonUnmarshaller());
response = invoke(request, responseHandler, executionContext);
return response.getAwsResponse();
} finally {
endClientExecution(awsRequestMetrics, request, response);
}
}
/**
*
* Adds an identity source to a policy store–an Amazon Cognito user pool or OpenID Connect (OIDC) identity provider
* (IdP).
*
*
* After you create an identity source, you can use the identities provided by the IdP as proxies for the principal
* in authorization queries that use the IsAuthorizedWithToken or BatchIsAuthorizedWithToken API operations. These identities take the form of tokens that contain claims
* about the user, such as IDs, attributes and group memberships. Identity sources provide identity (ID) tokens and
* access tokens. Verified Permissions derives information about your user and session from token claims. Access
* tokens provide action context
to your policies, and ID tokens provide principal
* Attributes
.
*
*
*
* Tokens from an identity source user continue to be usable until they expire. Token revocation and resource
* deletion have no effect on the validity of a token in your policy store
*
*
*
* To reference a user from this identity source in your Cedar policies, refer to the following syntax examples.
*
*
* -
*
* Amazon Cognito user pool: Namespace::[Entity type]::[User pool ID]|[user principal attribute]
, for
* example MyCorp::User::us-east-1_EXAMPLE|a1b2c3d4-5678-90ab-cdef-EXAMPLE11111
.
*
*
* -
*
* OpenID Connect (OIDC) provider:
* Namespace::[Entity type]::[principalIdClaim]|[user principal attribute]
, for example
* MyCorp::User::MyOIDCProvider|a1b2c3d4-5678-90ab-cdef-EXAMPLE22222
.
*
*
*
*
*
* Verified Permissions is eventually consistent
* . It can take a few seconds for a new or changed element to propagate through the service and be visible in
* the results of other Verified Permissions operations.
*
*
*
* @param createIdentitySourceRequest
* @return Result of the CreateIdentitySource operation returned by the service.
* @throws ValidationException
* The request failed because one or more input parameters don't satisfy their constraint requirements. The
* output is provided as a list of fields and a reason for each field that isn't valid.
*
* The possible reasons include the following:
*
*
* -
*
* UnrecognizedEntityType
*
*
* The policy includes an entity type that isn't found in the schema.
*
*
* -
*
* UnrecognizedActionId
*
*
* The policy includes an action id that isn't found in the schema.
*
*
* -
*
* InvalidActionApplication
*
*
* The policy includes an action that, according to the schema, doesn't support the specified principal and
* resource.
*
*
* -
*
* UnexpectedType
*
*
* The policy included an operand that isn't a valid type for the specified operation.
*
*
* -
*
* IncompatibleTypes
*
*
* The types of elements included in a set
, or the types of expressions used in an
* if...then...else
clause aren't compatible in this context.
*
*
* -
*
* MissingAttribute
*
*
* The policy attempts to access a record or entity attribute that isn't specified in the schema. Test for
* the existence of the attribute first before attempting to access its value. For more information, see the
* has
* (presence of attribute test) operator in the Cedar Policy Language Guide.
*
*
* -
*
* UnsafeOptionalAttributeAccess
*
*
* The policy attempts to access a record or entity attribute that is optional and isn't guaranteed to be
* present. Test for the existence of the attribute first before attempting to access its value. For more
* information, see the has
* (presence of attribute test) operator in the Cedar Policy Language Guide.
*
*
* -
*
* ImpossiblePolicy
*
*
* Cedar has determined that a policy condition always evaluates to false. If the policy is always false, it
* can never apply to any query, and so it can never affect an authorization decision.
*
*
* -
*
* WrongNumberArguments
*
*
* The policy references an extension type with the wrong number of arguments.
*
*
* -
*
* FunctionArgumentValidationError
*
*
* Cedar couldn't parse the argument passed to an extension type. For example, a string that is to be parsed
* as an IPv4 address can contain only digits and the period character.
*
*
* @throws ServiceQuotaExceededException
* The request failed because it would cause a service quota to be exceeded.
* @throws ConflictException
* The request failed because another request to modify a resource occurred at the same.
* @throws AccessDeniedException
* You don't have sufficient access to perform this action.
* @throws ResourceNotFoundException
* The request failed because it references a resource that doesn't exist.
* @throws ThrottlingException
* The request failed because it exceeded a throttling quota.
* @throws InternalServerException
* The request failed because of an internal error. Try your request again later
* @sample AmazonVerifiedPermissions.CreateIdentitySource
* @see AWS API Documentation
*/
@Override
public CreateIdentitySourceResult createIdentitySource(CreateIdentitySourceRequest request) {
request = beforeClientExecution(request);
return executeCreateIdentitySource(request);
}
@SdkInternalApi
final CreateIdentitySourceResult executeCreateIdentitySource(CreateIdentitySourceRequest createIdentitySourceRequest) {
ExecutionContext executionContext = createExecutionContext(createIdentitySourceRequest);
AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics();
awsRequestMetrics.startEvent(Field.ClientExecuteTime);
Request request = null;
Response response = null;
try {
awsRequestMetrics.startEvent(Field.RequestMarshallTime);
try {
request = new CreateIdentitySourceRequestProtocolMarshaller(protocolFactory).marshall(super.beforeMarshalling(createIdentitySourceRequest));
// Binds the request metrics to the current request.
request.setAWSRequestMetrics(awsRequestMetrics);
request.addHandlerContext(HandlerContextKey.CLIENT_ENDPOINT, endpoint);
request.addHandlerContext(HandlerContextKey.ENDPOINT_OVERRIDDEN, isEndpointOverridden());
request.addHandlerContext(HandlerContextKey.SIGNING_REGION, getSigningRegion());
request.addHandlerContext(HandlerContextKey.SERVICE_ID, "VerifiedPermissions");
request.addHandlerContext(HandlerContextKey.OPERATION_NAME, "CreateIdentitySource");
request.addHandlerContext(HandlerContextKey.ADVANCED_CONFIG, advancedConfig);
} finally {
awsRequestMetrics.endEvent(Field.RequestMarshallTime);
}
HttpResponseHandler> responseHandler = protocolFactory.createResponseHandler(
new JsonOperationMetadata().withPayloadJson(true).withHasStreamingSuccessResponse(false), new CreateIdentitySourceResultJsonUnmarshaller());
response = invoke(request, responseHandler, executionContext);
return response.getAwsResponse();
} finally {
endClientExecution(awsRequestMetrics, request, response);
}
}
/**
*
* Creates a Cedar policy and saves it in the specified policy store. You can create either a static policy or a
* policy linked to a policy template.
*
*
* -
*
* To create a static policy, provide the Cedar policy text in the StaticPolicy
section of the
* PolicyDefinition
.
*
*
* -
*
* To create a policy that is dynamically linked to a policy template, specify the policy template ID and the
* principal and resource to associate with this policy in the templateLinked
section of the
* PolicyDefinition
. If the policy template is ever updated, any policies linked to the policy template
* automatically use the updated template.
*
*
*
*
*
* Creating a policy causes it to be validated against the schema in the policy store. If the policy doesn't pass
* validation, the operation fails and the policy isn't stored.
*
*
*
* Verified Permissions is eventually consistent
* . It can take a few seconds for a new or changed element to propagate through the service and be visible in
* the results of other Verified Permissions operations.
*
*
*
* @param createPolicyRequest
* @return Result of the CreatePolicy operation returned by the service.
* @throws ValidationException
* The request failed because one or more input parameters don't satisfy their constraint requirements. The
* output is provided as a list of fields and a reason for each field that isn't valid.
*
* The possible reasons include the following:
*
*
* -
*
* UnrecognizedEntityType
*
*
* The policy includes an entity type that isn't found in the schema.
*
*
* -
*
* UnrecognizedActionId
*
*
* The policy includes an action id that isn't found in the schema.
*
*
* -
*
* InvalidActionApplication
*
*
* The policy includes an action that, according to the schema, doesn't support the specified principal and
* resource.
*
*
* -
*
* UnexpectedType
*
*
* The policy included an operand that isn't a valid type for the specified operation.
*
*
* -
*
* IncompatibleTypes
*
*
* The types of elements included in a set
, or the types of expressions used in an
* if...then...else
clause aren't compatible in this context.
*
*
* -
*
* MissingAttribute
*
*
* The policy attempts to access a record or entity attribute that isn't specified in the schema. Test for
* the existence of the attribute first before attempting to access its value. For more information, see the
* has
* (presence of attribute test) operator in the Cedar Policy Language Guide.
*
*
* -
*
* UnsafeOptionalAttributeAccess
*
*
* The policy attempts to access a record or entity attribute that is optional and isn't guaranteed to be
* present. Test for the existence of the attribute first before attempting to access its value. For more
* information, see the has
* (presence of attribute test) operator in the Cedar Policy Language Guide.
*
*
* -
*
* ImpossiblePolicy
*
*
* Cedar has determined that a policy condition always evaluates to false. If the policy is always false, it
* can never apply to any query, and so it can never affect an authorization decision.
*
*
* -
*
* WrongNumberArguments
*
*
* The policy references an extension type with the wrong number of arguments.
*
*
* -
*
* FunctionArgumentValidationError
*
*
* Cedar couldn't parse the argument passed to an extension type. For example, a string that is to be parsed
* as an IPv4 address can contain only digits and the period character.
*
*
* @throws ServiceQuotaExceededException
* The request failed because it would cause a service quota to be exceeded.
* @throws ConflictException
* The request failed because another request to modify a resource occurred at the same.
* @throws AccessDeniedException
* You don't have sufficient access to perform this action.
* @throws ResourceNotFoundException
* The request failed because it references a resource that doesn't exist.
* @throws ThrottlingException
* The request failed because it exceeded a throttling quota.
* @throws InternalServerException
* The request failed because of an internal error. Try your request again later
* @sample AmazonVerifiedPermissions.CreatePolicy
* @see AWS API Documentation
*/
@Override
public CreatePolicyResult createPolicy(CreatePolicyRequest request) {
request = beforeClientExecution(request);
return executeCreatePolicy(request);
}
@SdkInternalApi
final CreatePolicyResult executeCreatePolicy(CreatePolicyRequest createPolicyRequest) {
ExecutionContext executionContext = createExecutionContext(createPolicyRequest);
AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics();
awsRequestMetrics.startEvent(Field.ClientExecuteTime);
Request request = null;
Response response = null;
try {
awsRequestMetrics.startEvent(Field.RequestMarshallTime);
try {
request = new CreatePolicyRequestProtocolMarshaller(protocolFactory).marshall(super.beforeMarshalling(createPolicyRequest));
// Binds the request metrics to the current request.
request.setAWSRequestMetrics(awsRequestMetrics);
request.addHandlerContext(HandlerContextKey.CLIENT_ENDPOINT, endpoint);
request.addHandlerContext(HandlerContextKey.ENDPOINT_OVERRIDDEN, isEndpointOverridden());
request.addHandlerContext(HandlerContextKey.SIGNING_REGION, getSigningRegion());
request.addHandlerContext(HandlerContextKey.SERVICE_ID, "VerifiedPermissions");
request.addHandlerContext(HandlerContextKey.OPERATION_NAME, "CreatePolicy");
request.addHandlerContext(HandlerContextKey.ADVANCED_CONFIG, advancedConfig);
} finally {
awsRequestMetrics.endEvent(Field.RequestMarshallTime);
}
HttpResponseHandler> responseHandler = protocolFactory.createResponseHandler(
new JsonOperationMetadata().withPayloadJson(true).withHasStreamingSuccessResponse(false), new CreatePolicyResultJsonUnmarshaller());
response = invoke(request, responseHandler, executionContext);
return response.getAwsResponse();
} finally {
endClientExecution(awsRequestMetrics, request, response);
}
}
/**
*
* Creates a policy store. A policy store is a container for policy resources.
*
*
*
* Although Cedar supports multiple
* namespaces, Verified Permissions currently supports only one namespace per policy store.
*
*
*
* Verified Permissions is eventually consistent
* . It can take a few seconds for a new or changed element to propagate through the service and be visible in
* the results of other Verified Permissions operations.
*
*
*
* @param createPolicyStoreRequest
* @return Result of the CreatePolicyStore operation returned by the service.
* @throws ValidationException
* The request failed because one or more input parameters don't satisfy their constraint requirements. The
* output is provided as a list of fields and a reason for each field that isn't valid.
*
* The possible reasons include the following:
*
*
* -
*
* UnrecognizedEntityType
*
*
* The policy includes an entity type that isn't found in the schema.
*
*
* -
*
* UnrecognizedActionId
*
*
* The policy includes an action id that isn't found in the schema.
*
*
* -
*
* InvalidActionApplication
*
*
* The policy includes an action that, according to the schema, doesn't support the specified principal and
* resource.
*
*
* -
*
* UnexpectedType
*
*
* The policy included an operand that isn't a valid type for the specified operation.
*
*
* -
*
* IncompatibleTypes
*
*
* The types of elements included in a set
, or the types of expressions used in an
* if...then...else
clause aren't compatible in this context.
*
*
* -
*
* MissingAttribute
*
*
* The policy attempts to access a record or entity attribute that isn't specified in the schema. Test for
* the existence of the attribute first before attempting to access its value. For more information, see the
* has
* (presence of attribute test) operator in the Cedar Policy Language Guide.
*
*
* -
*
* UnsafeOptionalAttributeAccess
*
*
* The policy attempts to access a record or entity attribute that is optional and isn't guaranteed to be
* present. Test for the existence of the attribute first before attempting to access its value. For more
* information, see the has
* (presence of attribute test) operator in the Cedar Policy Language Guide.
*
*
* -
*
* ImpossiblePolicy
*
*
* Cedar has determined that a policy condition always evaluates to false. If the policy is always false, it
* can never apply to any query, and so it can never affect an authorization decision.
*
*
* -
*
* WrongNumberArguments
*
*
* The policy references an extension type with the wrong number of arguments.
*
*
* -
*
* FunctionArgumentValidationError
*
*
* Cedar couldn't parse the argument passed to an extension type. For example, a string that is to be parsed
* as an IPv4 address can contain only digits and the period character.
*
*
* @throws ServiceQuotaExceededException
* The request failed because it would cause a service quota to be exceeded.
* @throws ConflictException
* The request failed because another request to modify a resource occurred at the same.
* @throws AccessDeniedException
* You don't have sufficient access to perform this action.
* @throws ThrottlingException
* The request failed because it exceeded a throttling quota.
* @throws InternalServerException
* The request failed because of an internal error. Try your request again later
* @sample AmazonVerifiedPermissions.CreatePolicyStore
* @see AWS API Documentation
*/
@Override
public CreatePolicyStoreResult createPolicyStore(CreatePolicyStoreRequest request) {
request = beforeClientExecution(request);
return executeCreatePolicyStore(request);
}
@SdkInternalApi
final CreatePolicyStoreResult executeCreatePolicyStore(CreatePolicyStoreRequest createPolicyStoreRequest) {
ExecutionContext executionContext = createExecutionContext(createPolicyStoreRequest);
AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics();
awsRequestMetrics.startEvent(Field.ClientExecuteTime);
Request request = null;
Response response = null;
try {
awsRequestMetrics.startEvent(Field.RequestMarshallTime);
try {
request = new CreatePolicyStoreRequestProtocolMarshaller(protocolFactory).marshall(super.beforeMarshalling(createPolicyStoreRequest));
// Binds the request metrics to the current request.
request.setAWSRequestMetrics(awsRequestMetrics);
request.addHandlerContext(HandlerContextKey.CLIENT_ENDPOINT, endpoint);
request.addHandlerContext(HandlerContextKey.ENDPOINT_OVERRIDDEN, isEndpointOverridden());
request.addHandlerContext(HandlerContextKey.SIGNING_REGION, getSigningRegion());
request.addHandlerContext(HandlerContextKey.SERVICE_ID, "VerifiedPermissions");
request.addHandlerContext(HandlerContextKey.OPERATION_NAME, "CreatePolicyStore");
request.addHandlerContext(HandlerContextKey.ADVANCED_CONFIG, advancedConfig);
} finally {
awsRequestMetrics.endEvent(Field.RequestMarshallTime);
}
HttpResponseHandler> responseHandler = protocolFactory.createResponseHandler(
new JsonOperationMetadata().withPayloadJson(true).withHasStreamingSuccessResponse(false), new CreatePolicyStoreResultJsonUnmarshaller());
response = invoke(request, responseHandler, executionContext);
return response.getAwsResponse();
} finally {
endClientExecution(awsRequestMetrics, request, response);
}
}
/**
*
* Creates a policy template. A template can use placeholders for the principal and resource. A template must be
* instantiated into a policy by associating it with specific principals and resources to use for the placeholders.
* That instantiated policy can then be considered in authorization decisions. The instantiated policy works
* identically to any other policy, except that it is dynamically linked to the template. If the template changes,
* then any policies that are linked to that template are immediately updated as well.
*
*
*
* Verified Permissions is eventually consistent
* . It can take a few seconds for a new or changed element to propagate through the service and be visible in
* the results of other Verified Permissions operations.
*
*
*
* @param createPolicyTemplateRequest
* @return Result of the CreatePolicyTemplate operation returned by the service.
* @throws ValidationException
* The request failed because one or more input parameters don't satisfy their constraint requirements. The
* output is provided as a list of fields and a reason for each field that isn't valid.
*
* The possible reasons include the following:
*
*
* -
*
* UnrecognizedEntityType
*
*
* The policy includes an entity type that isn't found in the schema.
*
*
* -
*
* UnrecognizedActionId
*
*
* The policy includes an action id that isn't found in the schema.
*
*
* -
*
* InvalidActionApplication
*
*
* The policy includes an action that, according to the schema, doesn't support the specified principal and
* resource.
*
*
* -
*
* UnexpectedType
*
*
* The policy included an operand that isn't a valid type for the specified operation.
*
*
* -
*
* IncompatibleTypes
*
*
* The types of elements included in a set
, or the types of expressions used in an
* if...then...else
clause aren't compatible in this context.
*
*
* -
*
* MissingAttribute
*
*
* The policy attempts to access a record or entity attribute that isn't specified in the schema. Test for
* the existence of the attribute first before attempting to access its value. For more information, see the
* has
* (presence of attribute test) operator in the Cedar Policy Language Guide.
*
*
* -
*
* UnsafeOptionalAttributeAccess
*
*
* The policy attempts to access a record or entity attribute that is optional and isn't guaranteed to be
* present. Test for the existence of the attribute first before attempting to access its value. For more
* information, see the has
* (presence of attribute test) operator in the Cedar Policy Language Guide.
*
*
* -
*
* ImpossiblePolicy
*
*
* Cedar has determined that a policy condition always evaluates to false. If the policy is always false, it
* can never apply to any query, and so it can never affect an authorization decision.
*
*
* -
*
* WrongNumberArguments
*
*
* The policy references an extension type with the wrong number of arguments.
*
*
* -
*
* FunctionArgumentValidationError
*
*
* Cedar couldn't parse the argument passed to an extension type. For example, a string that is to be parsed
* as an IPv4 address can contain only digits and the period character.
*
*
* @throws ServiceQuotaExceededException
* The request failed because it would cause a service quota to be exceeded.
* @throws ConflictException
* The request failed because another request to modify a resource occurred at the same.
* @throws AccessDeniedException
* You don't have sufficient access to perform this action.
* @throws ResourceNotFoundException
* The request failed because it references a resource that doesn't exist.
* @throws ThrottlingException
* The request failed because it exceeded a throttling quota.
* @throws InternalServerException
* The request failed because of an internal error. Try your request again later
* @sample AmazonVerifiedPermissions.CreatePolicyTemplate
* @see AWS API Documentation
*/
@Override
public CreatePolicyTemplateResult createPolicyTemplate(CreatePolicyTemplateRequest request) {
request = beforeClientExecution(request);
return executeCreatePolicyTemplate(request);
}
@SdkInternalApi
final CreatePolicyTemplateResult executeCreatePolicyTemplate(CreatePolicyTemplateRequest createPolicyTemplateRequest) {
ExecutionContext executionContext = createExecutionContext(createPolicyTemplateRequest);
AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics();
awsRequestMetrics.startEvent(Field.ClientExecuteTime);
Request request = null;
Response response = null;
try {
awsRequestMetrics.startEvent(Field.RequestMarshallTime);
try {
request = new CreatePolicyTemplateRequestProtocolMarshaller(protocolFactory).marshall(super.beforeMarshalling(createPolicyTemplateRequest));
// Binds the request metrics to the current request.
request.setAWSRequestMetrics(awsRequestMetrics);
request.addHandlerContext(HandlerContextKey.CLIENT_ENDPOINT, endpoint);
request.addHandlerContext(HandlerContextKey.ENDPOINT_OVERRIDDEN, isEndpointOverridden());
request.addHandlerContext(HandlerContextKey.SIGNING_REGION, getSigningRegion());
request.addHandlerContext(HandlerContextKey.SERVICE_ID, "VerifiedPermissions");
request.addHandlerContext(HandlerContextKey.OPERATION_NAME, "CreatePolicyTemplate");
request.addHandlerContext(HandlerContextKey.ADVANCED_CONFIG, advancedConfig);
} finally {
awsRequestMetrics.endEvent(Field.RequestMarshallTime);
}
HttpResponseHandler> responseHandler = protocolFactory.createResponseHandler(
new JsonOperationMetadata().withPayloadJson(true).withHasStreamingSuccessResponse(false), new CreatePolicyTemplateResultJsonUnmarshaller());
response = invoke(request, responseHandler, executionContext);
return response.getAwsResponse();
} finally {
endClientExecution(awsRequestMetrics, request, response);
}
}
/**
*
* Deletes an identity source that references an identity provider (IdP) such as Amazon Cognito. After you delete
* the identity source, you can no longer use tokens for identities from that identity source to represent
* principals in authorization queries made using IsAuthorizedWithToken. operations.
*
*
* @param deleteIdentitySourceRequest
* @return Result of the DeleteIdentitySource operation returned by the service.
* @throws ValidationException
* The request failed because one or more input parameters don't satisfy their constraint requirements. The
* output is provided as a list of fields and a reason for each field that isn't valid.
*
* The possible reasons include the following:
*
*
* -
*
* UnrecognizedEntityType
*
*
* The policy includes an entity type that isn't found in the schema.
*
*
* -
*
* UnrecognizedActionId
*
*
* The policy includes an action id that isn't found in the schema.
*
*
* -
*
* InvalidActionApplication
*
*
* The policy includes an action that, according to the schema, doesn't support the specified principal and
* resource.
*
*
* -
*
* UnexpectedType
*
*
* The policy included an operand that isn't a valid type for the specified operation.
*
*
* -
*
* IncompatibleTypes
*
*
* The types of elements included in a set
, or the types of expressions used in an
* if...then...else
clause aren't compatible in this context.
*
*
* -
*
* MissingAttribute
*
*
* The policy attempts to access a record or entity attribute that isn't specified in the schema. Test for
* the existence of the attribute first before attempting to access its value. For more information, see the
* has
* (presence of attribute test) operator in the Cedar Policy Language Guide.
*
*
* -
*
* UnsafeOptionalAttributeAccess
*
*
* The policy attempts to access a record or entity attribute that is optional and isn't guaranteed to be
* present. Test for the existence of the attribute first before attempting to access its value. For more
* information, see the has
* (presence of attribute test) operator in the Cedar Policy Language Guide.
*
*
* -
*
* ImpossiblePolicy
*
*
* Cedar has determined that a policy condition always evaluates to false. If the policy is always false, it
* can never apply to any query, and so it can never affect an authorization decision.
*
*
* -
*
* WrongNumberArguments
*
*
* The policy references an extension type with the wrong number of arguments.
*
*
* -
*
* FunctionArgumentValidationError
*
*
* Cedar couldn't parse the argument passed to an extension type. For example, a string that is to be parsed
* as an IPv4 address can contain only digits and the period character.
*
*
* @throws ConflictException
* The request failed because another request to modify a resource occurred at the same.
* @throws AccessDeniedException
* You don't have sufficient access to perform this action.
* @throws ResourceNotFoundException
* The request failed because it references a resource that doesn't exist.
* @throws ThrottlingException
* The request failed because it exceeded a throttling quota.
* @throws InternalServerException
* The request failed because of an internal error. Try your request again later
* @sample AmazonVerifiedPermissions.DeleteIdentitySource
* @see AWS API Documentation
*/
@Override
public DeleteIdentitySourceResult deleteIdentitySource(DeleteIdentitySourceRequest request) {
request = beforeClientExecution(request);
return executeDeleteIdentitySource(request);
}
@SdkInternalApi
final DeleteIdentitySourceResult executeDeleteIdentitySource(DeleteIdentitySourceRequest deleteIdentitySourceRequest) {
ExecutionContext executionContext = createExecutionContext(deleteIdentitySourceRequest);
AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics();
awsRequestMetrics.startEvent(Field.ClientExecuteTime);
Request request = null;
Response response = null;
try {
awsRequestMetrics.startEvent(Field.RequestMarshallTime);
try {
request = new DeleteIdentitySourceRequestProtocolMarshaller(protocolFactory).marshall(super.beforeMarshalling(deleteIdentitySourceRequest));
// Binds the request metrics to the current request.
request.setAWSRequestMetrics(awsRequestMetrics);
request.addHandlerContext(HandlerContextKey.CLIENT_ENDPOINT, endpoint);
request.addHandlerContext(HandlerContextKey.ENDPOINT_OVERRIDDEN, isEndpointOverridden());
request.addHandlerContext(HandlerContextKey.SIGNING_REGION, getSigningRegion());
request.addHandlerContext(HandlerContextKey.SERVICE_ID, "VerifiedPermissions");
request.addHandlerContext(HandlerContextKey.OPERATION_NAME, "DeleteIdentitySource");
request.addHandlerContext(HandlerContextKey.ADVANCED_CONFIG, advancedConfig);
} finally {
awsRequestMetrics.endEvent(Field.RequestMarshallTime);
}
HttpResponseHandler> responseHandler = protocolFactory.createResponseHandler(
new JsonOperationMetadata().withPayloadJson(true).withHasStreamingSuccessResponse(false), new DeleteIdentitySourceResultJsonUnmarshaller());
response = invoke(request, responseHandler, executionContext);
return response.getAwsResponse();
} finally {
endClientExecution(awsRequestMetrics, request, response);
}
}
/**
*
* Deletes the specified policy from the policy store.
*
*
* This operation is idempotent; if you specify a policy that doesn't exist, the request response returns a
* successful HTTP 200
status code.
*
*
* @param deletePolicyRequest
* @return Result of the DeletePolicy operation returned by the service.
* @throws ValidationException
* The request failed because one or more input parameters don't satisfy their constraint requirements. The
* output is provided as a list of fields and a reason for each field that isn't valid.
*
* The possible reasons include the following:
*
*
* -
*
* UnrecognizedEntityType
*
*
* The policy includes an entity type that isn't found in the schema.
*
*
* -
*
* UnrecognizedActionId
*
*
* The policy includes an action id that isn't found in the schema.
*
*
* -
*
* InvalidActionApplication
*
*
* The policy includes an action that, according to the schema, doesn't support the specified principal and
* resource.
*
*
* -
*
* UnexpectedType
*
*
* The policy included an operand that isn't a valid type for the specified operation.
*
*
* -
*
* IncompatibleTypes
*
*
* The types of elements included in a set
, or the types of expressions used in an
* if...then...else
clause aren't compatible in this context.
*
*
* -
*
* MissingAttribute
*
*
* The policy attempts to access a record or entity attribute that isn't specified in the schema. Test for
* the existence of the attribute first before attempting to access its value. For more information, see the
* has
* (presence of attribute test) operator in the Cedar Policy Language Guide.
*
*
* -
*
* UnsafeOptionalAttributeAccess
*
*
* The policy attempts to access a record or entity attribute that is optional and isn't guaranteed to be
* present. Test for the existence of the attribute first before attempting to access its value. For more
* information, see the has
* (presence of attribute test) operator in the Cedar Policy Language Guide.
*
*
* -
*
* ImpossiblePolicy
*
*
* Cedar has determined that a policy condition always evaluates to false. If the policy is always false, it
* can never apply to any query, and so it can never affect an authorization decision.
*
*
* -
*
* WrongNumberArguments
*
*
* The policy references an extension type with the wrong number of arguments.
*
*
* -
*
* FunctionArgumentValidationError
*
*
* Cedar couldn't parse the argument passed to an extension type. For example, a string that is to be parsed
* as an IPv4 address can contain only digits and the period character.
*
*
* @throws ConflictException
* The request failed because another request to modify a resource occurred at the same.
* @throws AccessDeniedException
* You don't have sufficient access to perform this action.
* @throws ResourceNotFoundException
* The request failed because it references a resource that doesn't exist.
* @throws ThrottlingException
* The request failed because it exceeded a throttling quota.
* @throws InternalServerException
* The request failed because of an internal error. Try your request again later
* @sample AmazonVerifiedPermissions.DeletePolicy
* @see AWS API Documentation
*/
@Override
public DeletePolicyResult deletePolicy(DeletePolicyRequest request) {
request = beforeClientExecution(request);
return executeDeletePolicy(request);
}
@SdkInternalApi
final DeletePolicyResult executeDeletePolicy(DeletePolicyRequest deletePolicyRequest) {
ExecutionContext executionContext = createExecutionContext(deletePolicyRequest);
AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics();
awsRequestMetrics.startEvent(Field.ClientExecuteTime);
Request request = null;
Response response = null;
try {
awsRequestMetrics.startEvent(Field.RequestMarshallTime);
try {
request = new DeletePolicyRequestProtocolMarshaller(protocolFactory).marshall(super.beforeMarshalling(deletePolicyRequest));
// Binds the request metrics to the current request.
request.setAWSRequestMetrics(awsRequestMetrics);
request.addHandlerContext(HandlerContextKey.CLIENT_ENDPOINT, endpoint);
request.addHandlerContext(HandlerContextKey.ENDPOINT_OVERRIDDEN, isEndpointOverridden());
request.addHandlerContext(HandlerContextKey.SIGNING_REGION, getSigningRegion());
request.addHandlerContext(HandlerContextKey.SERVICE_ID, "VerifiedPermissions");
request.addHandlerContext(HandlerContextKey.OPERATION_NAME, "DeletePolicy");
request.addHandlerContext(HandlerContextKey.ADVANCED_CONFIG, advancedConfig);
} finally {
awsRequestMetrics.endEvent(Field.RequestMarshallTime);
}
HttpResponseHandler> responseHandler = protocolFactory.createResponseHandler(
new JsonOperationMetadata().withPayloadJson(true).withHasStreamingSuccessResponse(false), new DeletePolicyResultJsonUnmarshaller());
response = invoke(request, responseHandler, executionContext);
return response.getAwsResponse();
} finally {
endClientExecution(awsRequestMetrics, request, response);
}
}
/**
*
* Deletes the specified policy store.
*
*
* This operation is idempotent. If you specify a policy store that does not exist, the request response will still
* return a successful HTTP 200 status code.
*
*
* @param deletePolicyStoreRequest
* @return Result of the DeletePolicyStore operation returned by the service.
* @throws ValidationException
* The request failed because one or more input parameters don't satisfy their constraint requirements. The
* output is provided as a list of fields and a reason for each field that isn't valid.
*
* The possible reasons include the following:
*
*
* -
*
* UnrecognizedEntityType
*
*
* The policy includes an entity type that isn't found in the schema.
*
*
* -
*
* UnrecognizedActionId
*
*
* The policy includes an action id that isn't found in the schema.
*
*
* -
*
* InvalidActionApplication
*
*
* The policy includes an action that, according to the schema, doesn't support the specified principal and
* resource.
*
*
* -
*
* UnexpectedType
*
*
* The policy included an operand that isn't a valid type for the specified operation.
*
*
* -
*
* IncompatibleTypes
*
*
* The types of elements included in a set
, or the types of expressions used in an
* if...then...else
clause aren't compatible in this context.
*
*
* -
*
* MissingAttribute
*
*
* The policy attempts to access a record or entity attribute that isn't specified in the schema. Test for
* the existence of the attribute first before attempting to access its value. For more information, see the
* has
* (presence of attribute test) operator in the Cedar Policy Language Guide.
*
*
* -
*
* UnsafeOptionalAttributeAccess
*
*
* The policy attempts to access a record or entity attribute that is optional and isn't guaranteed to be
* present. Test for the existence of the attribute first before attempting to access its value. For more
* information, see the has
* (presence of attribute test) operator in the Cedar Policy Language Guide.
*
*
* -
*
* ImpossiblePolicy
*
*
* Cedar has determined that a policy condition always evaluates to false. If the policy is always false, it
* can never apply to any query, and so it can never affect an authorization decision.
*
*
* -
*
* WrongNumberArguments
*
*
* The policy references an extension type with the wrong number of arguments.
*
*
* -
*
* FunctionArgumentValidationError
*
*
* Cedar couldn't parse the argument passed to an extension type. For example, a string that is to be parsed
* as an IPv4 address can contain only digits and the period character.
*
*
* @throws AccessDeniedException
* You don't have sufficient access to perform this action.
* @throws ThrottlingException
* The request failed because it exceeded a throttling quota.
* @throws InternalServerException
* The request failed because of an internal error. Try your request again later
* @sample AmazonVerifiedPermissions.DeletePolicyStore
* @see AWS API Documentation
*/
@Override
public DeletePolicyStoreResult deletePolicyStore(DeletePolicyStoreRequest request) {
request = beforeClientExecution(request);
return executeDeletePolicyStore(request);
}
@SdkInternalApi
final DeletePolicyStoreResult executeDeletePolicyStore(DeletePolicyStoreRequest deletePolicyStoreRequest) {
ExecutionContext executionContext = createExecutionContext(deletePolicyStoreRequest);
AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics();
awsRequestMetrics.startEvent(Field.ClientExecuteTime);
Request request = null;
Response response = null;
try {
awsRequestMetrics.startEvent(Field.RequestMarshallTime);
try {
request = new DeletePolicyStoreRequestProtocolMarshaller(protocolFactory).marshall(super.beforeMarshalling(deletePolicyStoreRequest));
// Binds the request metrics to the current request.
request.setAWSRequestMetrics(awsRequestMetrics);
request.addHandlerContext(HandlerContextKey.CLIENT_ENDPOINT, endpoint);
request.addHandlerContext(HandlerContextKey.ENDPOINT_OVERRIDDEN, isEndpointOverridden());
request.addHandlerContext(HandlerContextKey.SIGNING_REGION, getSigningRegion());
request.addHandlerContext(HandlerContextKey.SERVICE_ID, "VerifiedPermissions");
request.addHandlerContext(HandlerContextKey.OPERATION_NAME, "DeletePolicyStore");
request.addHandlerContext(HandlerContextKey.ADVANCED_CONFIG, advancedConfig);
} finally {
awsRequestMetrics.endEvent(Field.RequestMarshallTime);
}
HttpResponseHandler> responseHandler = protocolFactory.createResponseHandler(
new JsonOperationMetadata().withPayloadJson(true).withHasStreamingSuccessResponse(false), new DeletePolicyStoreResultJsonUnmarshaller());
response = invoke(request, responseHandler, executionContext);
return response.getAwsResponse();
} finally {
endClientExecution(awsRequestMetrics, request, response);
}
}
/**
*
* Deletes the specified policy template from the policy store.
*
*
*
* This operation also deletes any policies that were created from the specified policy template. Those policies are
* immediately removed from all future API responses, and are asynchronously deleted from the policy store.
*
*
*
* @param deletePolicyTemplateRequest
* @return Result of the DeletePolicyTemplate operation returned by the service.
* @throws ValidationException
* The request failed because one or more input parameters don't satisfy their constraint requirements. The
* output is provided as a list of fields and a reason for each field that isn't valid.
*
* The possible reasons include the following:
*
*
* -
*
* UnrecognizedEntityType
*
*
* The policy includes an entity type that isn't found in the schema.
*
*
* -
*
* UnrecognizedActionId
*
*
* The policy includes an action id that isn't found in the schema.
*
*
* -
*
* InvalidActionApplication
*
*
* The policy includes an action that, according to the schema, doesn't support the specified principal and
* resource.
*
*
* -
*
* UnexpectedType
*
*
* The policy included an operand that isn't a valid type for the specified operation.
*
*
* -
*
* IncompatibleTypes
*
*
* The types of elements included in a set
, or the types of expressions used in an
* if...then...else
clause aren't compatible in this context.
*
*
* -
*
* MissingAttribute
*
*
* The policy attempts to access a record or entity attribute that isn't specified in the schema. Test for
* the existence of the attribute first before attempting to access its value. For more information, see the
* has
* (presence of attribute test) operator in the Cedar Policy Language Guide.
*
*
* -
*
* UnsafeOptionalAttributeAccess
*
*
* The policy attempts to access a record or entity attribute that is optional and isn't guaranteed to be
* present. Test for the existence of the attribute first before attempting to access its value. For more
* information, see the has
* (presence of attribute test) operator in the Cedar Policy Language Guide.
*
*
* -
*
* ImpossiblePolicy
*
*
* Cedar has determined that a policy condition always evaluates to false. If the policy is always false, it
* can never apply to any query, and so it can never affect an authorization decision.
*
*
* -
*
* WrongNumberArguments
*
*
* The policy references an extension type with the wrong number of arguments.
*
*
* -
*
* FunctionArgumentValidationError
*
*
* Cedar couldn't parse the argument passed to an extension type. For example, a string that is to be parsed
* as an IPv4 address can contain only digits and the period character.
*
*
* @throws ConflictException
* The request failed because another request to modify a resource occurred at the same.
* @throws AccessDeniedException
* You don't have sufficient access to perform this action.
* @throws ResourceNotFoundException
* The request failed because it references a resource that doesn't exist.
* @throws ThrottlingException
* The request failed because it exceeded a throttling quota.
* @throws InternalServerException
* The request failed because of an internal error. Try your request again later
* @sample AmazonVerifiedPermissions.DeletePolicyTemplate
* @see AWS API Documentation
*/
@Override
public DeletePolicyTemplateResult deletePolicyTemplate(DeletePolicyTemplateRequest request) {
request = beforeClientExecution(request);
return executeDeletePolicyTemplate(request);
}
@SdkInternalApi
final DeletePolicyTemplateResult executeDeletePolicyTemplate(DeletePolicyTemplateRequest deletePolicyTemplateRequest) {
ExecutionContext executionContext = createExecutionContext(deletePolicyTemplateRequest);
AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics();
awsRequestMetrics.startEvent(Field.ClientExecuteTime);
Request request = null;
Response response = null;
try {
awsRequestMetrics.startEvent(Field.RequestMarshallTime);
try {
request = new DeletePolicyTemplateRequestProtocolMarshaller(protocolFactory).marshall(super.beforeMarshalling(deletePolicyTemplateRequest));
// Binds the request metrics to the current request.
request.setAWSRequestMetrics(awsRequestMetrics);
request.addHandlerContext(HandlerContextKey.CLIENT_ENDPOINT, endpoint);
request.addHandlerContext(HandlerContextKey.ENDPOINT_OVERRIDDEN, isEndpointOverridden());
request.addHandlerContext(HandlerContextKey.SIGNING_REGION, getSigningRegion());
request.addHandlerContext(HandlerContextKey.SERVICE_ID, "VerifiedPermissions");
request.addHandlerContext(HandlerContextKey.OPERATION_NAME, "DeletePolicyTemplate");
request.addHandlerContext(HandlerContextKey.ADVANCED_CONFIG, advancedConfig);
} finally {
awsRequestMetrics.endEvent(Field.RequestMarshallTime);
}
HttpResponseHandler> responseHandler = protocolFactory.createResponseHandler(
new JsonOperationMetadata().withPayloadJson(true).withHasStreamingSuccessResponse(false), new DeletePolicyTemplateResultJsonUnmarshaller());
response = invoke(request, responseHandler, executionContext);
return response.getAwsResponse();
} finally {
endClientExecution(awsRequestMetrics, request, response);
}
}
/**
*
* Retrieves the details about the specified identity source.
*
*
* @param getIdentitySourceRequest
* @return Result of the GetIdentitySource operation returned by the service.
* @throws ValidationException
* The request failed because one or more input parameters don't satisfy their constraint requirements. The
* output is provided as a list of fields and a reason for each field that isn't valid.
*
* The possible reasons include the following:
*
*
* -
*
* UnrecognizedEntityType
*
*
* The policy includes an entity type that isn't found in the schema.
*
*
* -
*
* UnrecognizedActionId
*
*
* The policy includes an action id that isn't found in the schema.
*
*
* -
*
* InvalidActionApplication
*
*
* The policy includes an action that, according to the schema, doesn't support the specified principal and
* resource.
*
*
* -
*
* UnexpectedType
*
*
* The policy included an operand that isn't a valid type for the specified operation.
*
*
* -
*
* IncompatibleTypes
*
*
* The types of elements included in a set
, or the types of expressions used in an
* if...then...else
clause aren't compatible in this context.
*
*
* -
*
* MissingAttribute
*
*
* The policy attempts to access a record or entity attribute that isn't specified in the schema. Test for
* the existence of the attribute first before attempting to access its value. For more information, see the
* has
* (presence of attribute test) operator in the Cedar Policy Language Guide.
*
*
* -
*
* UnsafeOptionalAttributeAccess
*
*
* The policy attempts to access a record or entity attribute that is optional and isn't guaranteed to be
* present. Test for the existence of the attribute first before attempting to access its value. For more
* information, see the has
* (presence of attribute test) operator in the Cedar Policy Language Guide.
*
*
* -
*
* ImpossiblePolicy
*
*
* Cedar has determined that a policy condition always evaluates to false. If the policy is always false, it
* can never apply to any query, and so it can never affect an authorization decision.
*
*
* -
*
* WrongNumberArguments
*
*
* The policy references an extension type with the wrong number of arguments.
*
*
* -
*
* FunctionArgumentValidationError
*
*
* Cedar couldn't parse the argument passed to an extension type. For example, a string that is to be parsed
* as an IPv4 address can contain only digits and the period character.
*
*
* @throws AccessDeniedException
* You don't have sufficient access to perform this action.
* @throws ResourceNotFoundException
* The request failed because it references a resource that doesn't exist.
* @throws ThrottlingException
* The request failed because it exceeded a throttling quota.
* @throws InternalServerException
* The request failed because of an internal error. Try your request again later
* @sample AmazonVerifiedPermissions.GetIdentitySource
* @see AWS API Documentation
*/
@Override
public GetIdentitySourceResult getIdentitySource(GetIdentitySourceRequest request) {
request = beforeClientExecution(request);
return executeGetIdentitySource(request);
}
@SdkInternalApi
final GetIdentitySourceResult executeGetIdentitySource(GetIdentitySourceRequest getIdentitySourceRequest) {
ExecutionContext executionContext = createExecutionContext(getIdentitySourceRequest);
AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics();
awsRequestMetrics.startEvent(Field.ClientExecuteTime);
Request request = null;
Response response = null;
try {
awsRequestMetrics.startEvent(Field.RequestMarshallTime);
try {
request = new GetIdentitySourceRequestProtocolMarshaller(protocolFactory).marshall(super.beforeMarshalling(getIdentitySourceRequest));
// Binds the request metrics to the current request.
request.setAWSRequestMetrics(awsRequestMetrics);
request.addHandlerContext(HandlerContextKey.CLIENT_ENDPOINT, endpoint);
request.addHandlerContext(HandlerContextKey.ENDPOINT_OVERRIDDEN, isEndpointOverridden());
request.addHandlerContext(HandlerContextKey.SIGNING_REGION, getSigningRegion());
request.addHandlerContext(HandlerContextKey.SERVICE_ID, "VerifiedPermissions");
request.addHandlerContext(HandlerContextKey.OPERATION_NAME, "GetIdentitySource");
request.addHandlerContext(HandlerContextKey.ADVANCED_CONFIG, advancedConfig);
} finally {
awsRequestMetrics.endEvent(Field.RequestMarshallTime);
}
HttpResponseHandler> responseHandler = protocolFactory.createResponseHandler(
new JsonOperationMetadata().withPayloadJson(true).withHasStreamingSuccessResponse(false), new GetIdentitySourceResultJsonUnmarshaller());
response = invoke(request, responseHandler, executionContext);
return response.getAwsResponse();
} finally {
endClientExecution(awsRequestMetrics, request, response);
}
}
/**
*
* Retrieves information about the specified policy.
*
*
* @param getPolicyRequest
* @return Result of the GetPolicy operation returned by the service.
* @throws ValidationException
* The request failed because one or more input parameters don't satisfy their constraint requirements. The
* output is provided as a list of fields and a reason for each field that isn't valid.
*
* The possible reasons include the following:
*
*
* -
*
* UnrecognizedEntityType
*
*
* The policy includes an entity type that isn't found in the schema.
*
*
* -
*
* UnrecognizedActionId
*
*
* The policy includes an action id that isn't found in the schema.
*
*
* -
*
* InvalidActionApplication
*
*
* The policy includes an action that, according to the schema, doesn't support the specified principal and
* resource.
*
*
* -
*
* UnexpectedType
*
*
* The policy included an operand that isn't a valid type for the specified operation.
*
*
* -
*
* IncompatibleTypes
*
*
* The types of elements included in a set
, or the types of expressions used in an
* if...then...else
clause aren't compatible in this context.
*
*
* -
*
* MissingAttribute
*
*
* The policy attempts to access a record or entity attribute that isn't specified in the schema. Test for
* the existence of the attribute first before attempting to access its value. For more information, see the
* has
* (presence of attribute test) operator in the Cedar Policy Language Guide.
*
*
* -
*
* UnsafeOptionalAttributeAccess
*
*
* The policy attempts to access a record or entity attribute that is optional and isn't guaranteed to be
* present. Test for the existence of the attribute first before attempting to access its value. For more
* information, see the has
* (presence of attribute test) operator in the Cedar Policy Language Guide.
*
*
* -
*
* ImpossiblePolicy
*
*
* Cedar has determined that a policy condition always evaluates to false. If the policy is always false, it
* can never apply to any query, and so it can never affect an authorization decision.
*
*
* -
*
* WrongNumberArguments
*
*
* The policy references an extension type with the wrong number of arguments.
*
*
* -
*
* FunctionArgumentValidationError
*
*
* Cedar couldn't parse the argument passed to an extension type. For example, a string that is to be parsed
* as an IPv4 address can contain only digits and the period character.
*
*
* @throws AccessDeniedException
* You don't have sufficient access to perform this action.
* @throws ResourceNotFoundException
* The request failed because it references a resource that doesn't exist.
* @throws ThrottlingException
* The request failed because it exceeded a throttling quota.
* @throws InternalServerException
* The request failed because of an internal error. Try your request again later
* @sample AmazonVerifiedPermissions.GetPolicy
* @see AWS
* API Documentation
*/
@Override
public GetPolicyResult getPolicy(GetPolicyRequest request) {
request = beforeClientExecution(request);
return executeGetPolicy(request);
}
@SdkInternalApi
final GetPolicyResult executeGetPolicy(GetPolicyRequest getPolicyRequest) {
ExecutionContext executionContext = createExecutionContext(getPolicyRequest);
AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics();
awsRequestMetrics.startEvent(Field.ClientExecuteTime);
Request request = null;
Response response = null;
try {
awsRequestMetrics.startEvent(Field.RequestMarshallTime);
try {
request = new GetPolicyRequestProtocolMarshaller(protocolFactory).marshall(super.beforeMarshalling(getPolicyRequest));
// Binds the request metrics to the current request.
request.setAWSRequestMetrics(awsRequestMetrics);
request.addHandlerContext(HandlerContextKey.CLIENT_ENDPOINT, endpoint);
request.addHandlerContext(HandlerContextKey.ENDPOINT_OVERRIDDEN, isEndpointOverridden());
request.addHandlerContext(HandlerContextKey.SIGNING_REGION, getSigningRegion());
request.addHandlerContext(HandlerContextKey.SERVICE_ID, "VerifiedPermissions");
request.addHandlerContext(HandlerContextKey.OPERATION_NAME, "GetPolicy");
request.addHandlerContext(HandlerContextKey.ADVANCED_CONFIG, advancedConfig);
} finally {
awsRequestMetrics.endEvent(Field.RequestMarshallTime);
}
HttpResponseHandler> responseHandler = protocolFactory.createResponseHandler(new JsonOperationMetadata()
.withPayloadJson(true).withHasStreamingSuccessResponse(false), new GetPolicyResultJsonUnmarshaller());
response = invoke(request, responseHandler, executionContext);
return response.getAwsResponse();
} finally {
endClientExecution(awsRequestMetrics, request, response);
}
}
/**
*
* Retrieves details about a policy store.
*
*
* @param getPolicyStoreRequest
* @return Result of the GetPolicyStore operation returned by the service.
* @throws ValidationException
* The request failed because one or more input parameters don't satisfy their constraint requirements. The
* output is provided as a list of fields and a reason for each field that isn't valid.
*
* The possible reasons include the following:
*
*
* -
*
* UnrecognizedEntityType
*
*
* The policy includes an entity type that isn't found in the schema.
*
*
* -
*
* UnrecognizedActionId
*
*
* The policy includes an action id that isn't found in the schema.
*
*
* -
*
* InvalidActionApplication
*
*
* The policy includes an action that, according to the schema, doesn't support the specified principal and
* resource.
*
*
* -
*
* UnexpectedType
*
*
* The policy included an operand that isn't a valid type for the specified operation.
*
*
* -
*
* IncompatibleTypes
*
*
* The types of elements included in a set
, or the types of expressions used in an
* if...then...else
clause aren't compatible in this context.
*
*
* -
*
* MissingAttribute
*
*
* The policy attempts to access a record or entity attribute that isn't specified in the schema. Test for
* the existence of the attribute first before attempting to access its value. For more information, see the
* has
* (presence of attribute test) operator in the Cedar Policy Language Guide.
*
*
* -
*
* UnsafeOptionalAttributeAccess
*
*
* The policy attempts to access a record or entity attribute that is optional and isn't guaranteed to be
* present. Test for the existence of the attribute first before attempting to access its value. For more
* information, see the has
* (presence of attribute test) operator in the Cedar Policy Language Guide.
*
*
* -
*
* ImpossiblePolicy
*
*
* Cedar has determined that a policy condition always evaluates to false. If the policy is always false, it
* can never apply to any query, and so it can never affect an authorization decision.
*
*
* -
*
* WrongNumberArguments
*
*
* The policy references an extension type with the wrong number of arguments.
*
*
* -
*
* FunctionArgumentValidationError
*
*
* Cedar couldn't parse the argument passed to an extension type. For example, a string that is to be parsed
* as an IPv4 address can contain only digits and the period character.
*
*
* @throws AccessDeniedException
* You don't have sufficient access to perform this action.
* @throws ResourceNotFoundException
* The request failed because it references a resource that doesn't exist.
* @throws ThrottlingException
* The request failed because it exceeded a throttling quota.
* @throws InternalServerException
* The request failed because of an internal error. Try your request again later
* @sample AmazonVerifiedPermissions.GetPolicyStore
* @see AWS API Documentation
*/
@Override
public GetPolicyStoreResult getPolicyStore(GetPolicyStoreRequest request) {
request = beforeClientExecution(request);
return executeGetPolicyStore(request);
}
@SdkInternalApi
final GetPolicyStoreResult executeGetPolicyStore(GetPolicyStoreRequest getPolicyStoreRequest) {
ExecutionContext executionContext = createExecutionContext(getPolicyStoreRequest);
AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics();
awsRequestMetrics.startEvent(Field.ClientExecuteTime);
Request request = null;
Response response = null;
try {
awsRequestMetrics.startEvent(Field.RequestMarshallTime);
try {
request = new GetPolicyStoreRequestProtocolMarshaller(protocolFactory).marshall(super.beforeMarshalling(getPolicyStoreRequest));
// Binds the request metrics to the current request.
request.setAWSRequestMetrics(awsRequestMetrics);
request.addHandlerContext(HandlerContextKey.CLIENT_ENDPOINT, endpoint);
request.addHandlerContext(HandlerContextKey.ENDPOINT_OVERRIDDEN, isEndpointOverridden());
request.addHandlerContext(HandlerContextKey.SIGNING_REGION, getSigningRegion());
request.addHandlerContext(HandlerContextKey.SERVICE_ID, "VerifiedPermissions");
request.addHandlerContext(HandlerContextKey.OPERATION_NAME, "GetPolicyStore");
request.addHandlerContext(HandlerContextKey.ADVANCED_CONFIG, advancedConfig);
} finally {
awsRequestMetrics.endEvent(Field.RequestMarshallTime);
}
HttpResponseHandler> responseHandler = protocolFactory.createResponseHandler(
new JsonOperationMetadata().withPayloadJson(true).withHasStreamingSuccessResponse(false), new GetPolicyStoreResultJsonUnmarshaller());
response = invoke(request, responseHandler, executionContext);
return response.getAwsResponse();
} finally {
endClientExecution(awsRequestMetrics, request, response);
}
}
/**
*
* Retrieve the details for the specified policy template in the specified policy store.
*
*
* @param getPolicyTemplateRequest
* @return Result of the GetPolicyTemplate operation returned by the service.
* @throws ValidationException
* The request failed because one or more input parameters don't satisfy their constraint requirements. The
* output is provided as a list of fields and a reason for each field that isn't valid.
*
* The possible reasons include the following:
*
*
* -
*
* UnrecognizedEntityType
*
*
* The policy includes an entity type that isn't found in the schema.
*
*
* -
*
* UnrecognizedActionId
*
*
* The policy includes an action id that isn't found in the schema.
*
*
* -
*
* InvalidActionApplication
*
*
* The policy includes an action that, according to the schema, doesn't support the specified principal and
* resource.
*
*
* -
*
* UnexpectedType
*
*
* The policy included an operand that isn't a valid type for the specified operation.
*
*
* -
*
* IncompatibleTypes
*
*
* The types of elements included in a set
, or the types of expressions used in an
* if...then...else
clause aren't compatible in this context.
*
*
* -
*
* MissingAttribute
*
*
* The policy attempts to access a record or entity attribute that isn't specified in the schema. Test for
* the existence of the attribute first before attempting to access its value. For more information, see the
* has
* (presence of attribute test) operator in the Cedar Policy Language Guide.
*
*
* -
*
* UnsafeOptionalAttributeAccess
*
*
* The policy attempts to access a record or entity attribute that is optional and isn't guaranteed to be
* present. Test for the existence of the attribute first before attempting to access its value. For more
* information, see the has
* (presence of attribute test) operator in the Cedar Policy Language Guide.
*
*
* -
*
* ImpossiblePolicy
*
*
* Cedar has determined that a policy condition always evaluates to false. If the policy is always false, it
* can never apply to any query, and so it can never affect an authorization decision.
*
*
* -
*
* WrongNumberArguments
*
*
* The policy references an extension type with the wrong number of arguments.
*
*
* -
*
* FunctionArgumentValidationError
*
*
* Cedar couldn't parse the argument passed to an extension type. For example, a string that is to be parsed
* as an IPv4 address can contain only digits and the period character.
*
*
* @throws AccessDeniedException
* You don't have sufficient access to perform this action.
* @throws ResourceNotFoundException
* The request failed because it references a resource that doesn't exist.
* @throws ThrottlingException
* The request failed because it exceeded a throttling quota.
* @throws InternalServerException
* The request failed because of an internal error. Try your request again later
* @sample AmazonVerifiedPermissions.GetPolicyTemplate
* @see AWS API Documentation
*/
@Override
public GetPolicyTemplateResult getPolicyTemplate(GetPolicyTemplateRequest request) {
request = beforeClientExecution(request);
return executeGetPolicyTemplate(request);
}
@SdkInternalApi
final GetPolicyTemplateResult executeGetPolicyTemplate(GetPolicyTemplateRequest getPolicyTemplateRequest) {
ExecutionContext executionContext = createExecutionContext(getPolicyTemplateRequest);
AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics();
awsRequestMetrics.startEvent(Field.ClientExecuteTime);
Request request = null;
Response response = null;
try {
awsRequestMetrics.startEvent(Field.RequestMarshallTime);
try {
request = new GetPolicyTemplateRequestProtocolMarshaller(protocolFactory).marshall(super.beforeMarshalling(getPolicyTemplateRequest));
// Binds the request metrics to the current request.
request.setAWSRequestMetrics(awsRequestMetrics);
request.addHandlerContext(HandlerContextKey.CLIENT_ENDPOINT, endpoint);
request.addHandlerContext(HandlerContextKey.ENDPOINT_OVERRIDDEN, isEndpointOverridden());
request.addHandlerContext(HandlerContextKey.SIGNING_REGION, getSigningRegion());
request.addHandlerContext(HandlerContextKey.SERVICE_ID, "VerifiedPermissions");
request.addHandlerContext(HandlerContextKey.OPERATION_NAME, "GetPolicyTemplate");
request.addHandlerContext(HandlerContextKey.ADVANCED_CONFIG, advancedConfig);
} finally {
awsRequestMetrics.endEvent(Field.RequestMarshallTime);
}
HttpResponseHandler> responseHandler = protocolFactory.createResponseHandler(
new JsonOperationMetadata().withPayloadJson(true).withHasStreamingSuccessResponse(false), new GetPolicyTemplateResultJsonUnmarshaller());
response = invoke(request, responseHandler, executionContext);
return response.getAwsResponse();
} finally {
endClientExecution(awsRequestMetrics, request, response);
}
}
/**
*
* Retrieve the details for the specified schema in the specified policy store.
*
*
* @param getSchemaRequest
* @return Result of the GetSchema operation returned by the service.
* @throws ValidationException
* The request failed because one or more input parameters don't satisfy their constraint requirements. The
* output is provided as a list of fields and a reason for each field that isn't valid.
*
* The possible reasons include the following:
*
*
* -
*
* UnrecognizedEntityType
*
*
* The policy includes an entity type that isn't found in the schema.
*
*
* -
*
* UnrecognizedActionId
*
*
* The policy includes an action id that isn't found in the schema.
*
*
* -
*
* InvalidActionApplication
*
*
* The policy includes an action that, according to the schema, doesn't support the specified principal and
* resource.
*
*
* -
*
* UnexpectedType
*
*
* The policy included an operand that isn't a valid type for the specified operation.
*
*
* -
*
* IncompatibleTypes
*
*
* The types of elements included in a set
, or the types of expressions used in an
* if...then...else
clause aren't compatible in this context.
*
*
* -
*
* MissingAttribute
*
*
* The policy attempts to access a record or entity attribute that isn't specified in the schema. Test for
* the existence of the attribute first before attempting to access its value. For more information, see the
* has
* (presence of attribute test) operator in the Cedar Policy Language Guide.
*
*
* -
*
* UnsafeOptionalAttributeAccess
*
*
* The policy attempts to access a record or entity attribute that is optional and isn't guaranteed to be
* present. Test for the existence of the attribute first before attempting to access its value. For more
* information, see the has
* (presence of attribute test) operator in the Cedar Policy Language Guide.
*
*
* -
*
* ImpossiblePolicy
*
*
* Cedar has determined that a policy condition always evaluates to false. If the policy is always false, it
* can never apply to any query, and so it can never affect an authorization decision.
*
*
* -
*
* WrongNumberArguments
*
*
* The policy references an extension type with the wrong number of arguments.
*
*
* -
*
* FunctionArgumentValidationError
*
*
* Cedar couldn't parse the argument passed to an extension type. For example, a string that is to be parsed
* as an IPv4 address can contain only digits and the period character.
*
*
* @throws AccessDeniedException
* You don't have sufficient access to perform this action.
* @throws ResourceNotFoundException
* The request failed because it references a resource that doesn't exist.
* @throws ThrottlingException
* The request failed because it exceeded a throttling quota.
* @throws InternalServerException
* The request failed because of an internal error. Try your request again later
* @sample AmazonVerifiedPermissions.GetSchema
* @see AWS
* API Documentation
*/
@Override
public GetSchemaResult getSchema(GetSchemaRequest request) {
request = beforeClientExecution(request);
return executeGetSchema(request);
}
@SdkInternalApi
final GetSchemaResult executeGetSchema(GetSchemaRequest getSchemaRequest) {
ExecutionContext executionContext = createExecutionContext(getSchemaRequest);
AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics();
awsRequestMetrics.startEvent(Field.ClientExecuteTime);
Request request = null;
Response response = null;
try {
awsRequestMetrics.startEvent(Field.RequestMarshallTime);
try {
request = new GetSchemaRequestProtocolMarshaller(protocolFactory).marshall(super.beforeMarshalling(getSchemaRequest));
// Binds the request metrics to the current request.
request.setAWSRequestMetrics(awsRequestMetrics);
request.addHandlerContext(HandlerContextKey.CLIENT_ENDPOINT, endpoint);
request.addHandlerContext(HandlerContextKey.ENDPOINT_OVERRIDDEN, isEndpointOverridden());
request.addHandlerContext(HandlerContextKey.SIGNING_REGION, getSigningRegion());
request.addHandlerContext(HandlerContextKey.SERVICE_ID, "VerifiedPermissions");
request.addHandlerContext(HandlerContextKey.OPERATION_NAME, "GetSchema");
request.addHandlerContext(HandlerContextKey.ADVANCED_CONFIG, advancedConfig);
} finally {
awsRequestMetrics.endEvent(Field.RequestMarshallTime);
}
HttpResponseHandler> responseHandler = protocolFactory.createResponseHandler(new JsonOperationMetadata()
.withPayloadJson(true).withHasStreamingSuccessResponse(false), new GetSchemaResultJsonUnmarshaller());
response = invoke(request, responseHandler, executionContext);
return response.getAwsResponse();
} finally {
endClientExecution(awsRequestMetrics, request, response);
}
}
/**
*
* Makes an authorization decision about a service request described in the parameters. The information in the
* parameters can also define additional context that Verified Permissions can include in the evaluation. The
* request is evaluated against all matching policies in the specified policy store. The result of the decision is
* either Allow
or Deny
, along with a list of the policies that resulted in the decision.
*
*
* @param isAuthorizedRequest
* @return Result of the IsAuthorized operation returned by the service.
* @throws ValidationException
* The request failed because one or more input parameters don't satisfy their constraint requirements. The
* output is provided as a list of fields and a reason for each field that isn't valid.
*
* The possible reasons include the following:
*
*
* -
*
* UnrecognizedEntityType
*
*
* The policy includes an entity type that isn't found in the schema.
*
*
* -
*
* UnrecognizedActionId
*
*
* The policy includes an action id that isn't found in the schema.
*
*
* -
*
* InvalidActionApplication
*
*
* The policy includes an action that, according to the schema, doesn't support the specified principal and
* resource.
*
*
* -
*
* UnexpectedType
*
*
* The policy included an operand that isn't a valid type for the specified operation.
*
*
* -
*
* IncompatibleTypes
*
*
* The types of elements included in a set
, or the types of expressions used in an
* if...then...else
clause aren't compatible in this context.
*
*
* -
*
* MissingAttribute
*
*
* The policy attempts to access a record or entity attribute that isn't specified in the schema. Test for
* the existence of the attribute first before attempting to access its value. For more information, see the
* has
* (presence of attribute test) operator in the Cedar Policy Language Guide.
*
*
* -
*
* UnsafeOptionalAttributeAccess
*
*
* The policy attempts to access a record or entity attribute that is optional and isn't guaranteed to be
* present. Test for the existence of the attribute first before attempting to access its value. For more
* information, see the has
* (presence of attribute test) operator in the Cedar Policy Language Guide.
*
*
* -
*
* ImpossiblePolicy
*
*
* Cedar has determined that a policy condition always evaluates to false. If the policy is always false, it
* can never apply to any query, and so it can never affect an authorization decision.
*
*
* -
*
* WrongNumberArguments
*
*
* The policy references an extension type with the wrong number of arguments.
*
*
* -
*
* FunctionArgumentValidationError
*
*
* Cedar couldn't parse the argument passed to an extension type. For example, a string that is to be parsed
* as an IPv4 address can contain only digits and the period character.
*
*
* @throws AccessDeniedException
* You don't have sufficient access to perform this action.
* @throws ResourceNotFoundException
* The request failed because it references a resource that doesn't exist.
* @throws ThrottlingException
* The request failed because it exceeded a throttling quota.
* @throws InternalServerException
* The request failed because of an internal error. Try your request again later
* @sample AmazonVerifiedPermissions.IsAuthorized
* @see AWS API Documentation
*/
@Override
public IsAuthorizedResult isAuthorized(IsAuthorizedRequest request) {
request = beforeClientExecution(request);
return executeIsAuthorized(request);
}
@SdkInternalApi
final IsAuthorizedResult executeIsAuthorized(IsAuthorizedRequest isAuthorizedRequest) {
ExecutionContext executionContext = createExecutionContext(isAuthorizedRequest);
AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics();
awsRequestMetrics.startEvent(Field.ClientExecuteTime);
Request request = null;
Response response = null;
try {
awsRequestMetrics.startEvent(Field.RequestMarshallTime);
try {
request = new IsAuthorizedRequestProtocolMarshaller(protocolFactory).marshall(super.beforeMarshalling(isAuthorizedRequest));
// Binds the request metrics to the current request.
request.setAWSRequestMetrics(awsRequestMetrics);
request.addHandlerContext(HandlerContextKey.CLIENT_ENDPOINT, endpoint);
request.addHandlerContext(HandlerContextKey.ENDPOINT_OVERRIDDEN, isEndpointOverridden());
request.addHandlerContext(HandlerContextKey.SIGNING_REGION, getSigningRegion());
request.addHandlerContext(HandlerContextKey.SERVICE_ID, "VerifiedPermissions");
request.addHandlerContext(HandlerContextKey.OPERATION_NAME, "IsAuthorized");
request.addHandlerContext(HandlerContextKey.ADVANCED_CONFIG, advancedConfig);
} finally {
awsRequestMetrics.endEvent(Field.RequestMarshallTime);
}
HttpResponseHandler> responseHandler = protocolFactory.createResponseHandler(
new JsonOperationMetadata().withPayloadJson(true).withHasStreamingSuccessResponse(false), new IsAuthorizedResultJsonUnmarshaller());
response = invoke(request, responseHandler, executionContext);
return response.getAwsResponse();
} finally {
endClientExecution(awsRequestMetrics, request, response);
}
}
/**
*
* Makes an authorization decision about a service request described in the parameters. The principal in this
* request comes from an external identity source in the form of an identity token formatted as a JSON web token (JWT). The information in the parameters can
* also define additional context that Verified Permissions can include in the evaluation. The request is evaluated
* against all matching policies in the specified policy store. The result of the decision is either
* Allow
or Deny
, along with a list of the policies that resulted in the decision.
*
*
* At this time, Verified Permissions accepts tokens from only Amazon Cognito.
*
*
* Verified Permissions validates each token that is specified in a request by checking its expiration date and its
* signature.
*
*
*
* Tokens from an identity source user continue to be usable until they expire. Token revocation and resource
* deletion have no effect on the validity of a token in your policy store
*
*
*
* @param isAuthorizedWithTokenRequest
* @return Result of the IsAuthorizedWithToken operation returned by the service.
* @throws ValidationException
* The request failed because one or more input parameters don't satisfy their constraint requirements. The
* output is provided as a list of fields and a reason for each field that isn't valid.
*
* The possible reasons include the following:
*
*
* -
*
* UnrecognizedEntityType
*
*
* The policy includes an entity type that isn't found in the schema.
*
*
* -
*
* UnrecognizedActionId
*
*
* The policy includes an action id that isn't found in the schema.
*
*
* -
*
* InvalidActionApplication
*
*
* The policy includes an action that, according to the schema, doesn't support the specified principal and
* resource.
*
*
* -
*
* UnexpectedType
*
*
* The policy included an operand that isn't a valid type for the specified operation.
*
*
* -
*
* IncompatibleTypes
*
*
* The types of elements included in a set
, or the types of expressions used in an
* if...then...else
clause aren't compatible in this context.
*
*
* -
*
* MissingAttribute
*
*
* The policy attempts to access a record or entity attribute that isn't specified in the schema. Test for
* the existence of the attribute first before attempting to access its value. For more information, see the
* has
* (presence of attribute test) operator in the Cedar Policy Language Guide.
*
*
* -
*
* UnsafeOptionalAttributeAccess
*
*
* The policy attempts to access a record or entity attribute that is optional and isn't guaranteed to be
* present. Test for the existence of the attribute first before attempting to access its value. For more
* information, see the has
* (presence of attribute test) operator in the Cedar Policy Language Guide.
*
*
* -
*
* ImpossiblePolicy
*
*
* Cedar has determined that a policy condition always evaluates to false. If the policy is always false, it
* can never apply to any query, and so it can never affect an authorization decision.
*
*
* -
*
* WrongNumberArguments
*
*
* The policy references an extension type with the wrong number of arguments.
*
*
* -
*
* FunctionArgumentValidationError
*
*
* Cedar couldn't parse the argument passed to an extension type. For example, a string that is to be parsed
* as an IPv4 address can contain only digits and the period character.
*
*
* @throws AccessDeniedException
* You don't have sufficient access to perform this action.
* @throws ResourceNotFoundException
* The request failed because it references a resource that doesn't exist.
* @throws ThrottlingException
* The request failed because it exceeded a throttling quota.
* @throws InternalServerException
* The request failed because of an internal error. Try your request again later
* @sample AmazonVerifiedPermissions.IsAuthorizedWithToken
* @see AWS API Documentation
*/
@Override
public IsAuthorizedWithTokenResult isAuthorizedWithToken(IsAuthorizedWithTokenRequest request) {
request = beforeClientExecution(request);
return executeIsAuthorizedWithToken(request);
}
@SdkInternalApi
final IsAuthorizedWithTokenResult executeIsAuthorizedWithToken(IsAuthorizedWithTokenRequest isAuthorizedWithTokenRequest) {
ExecutionContext executionContext = createExecutionContext(isAuthorizedWithTokenRequest);
AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics();
awsRequestMetrics.startEvent(Field.ClientExecuteTime);
Request request = null;
Response response = null;
try {
awsRequestMetrics.startEvent(Field.RequestMarshallTime);
try {
request = new IsAuthorizedWithTokenRequestProtocolMarshaller(protocolFactory).marshall(super.beforeMarshalling(isAuthorizedWithTokenRequest));
// Binds the request metrics to the current request.
request.setAWSRequestMetrics(awsRequestMetrics);
request.addHandlerContext(HandlerContextKey.CLIENT_ENDPOINT, endpoint);
request.addHandlerContext(HandlerContextKey.ENDPOINT_OVERRIDDEN, isEndpointOverridden());
request.addHandlerContext(HandlerContextKey.SIGNING_REGION, getSigningRegion());
request.addHandlerContext(HandlerContextKey.SERVICE_ID, "VerifiedPermissions");
request.addHandlerContext(HandlerContextKey.OPERATION_NAME, "IsAuthorizedWithToken");
request.addHandlerContext(HandlerContextKey.ADVANCED_CONFIG, advancedConfig);
} finally {
awsRequestMetrics.endEvent(Field.RequestMarshallTime);
}
HttpResponseHandler> responseHandler = protocolFactory
.createResponseHandler(new JsonOperationMetadata().withPayloadJson(true).withHasStreamingSuccessResponse(false),
new IsAuthorizedWithTokenResultJsonUnmarshaller());
response = invoke(request, responseHandler, executionContext);
return response.getAwsResponse();
} finally {
endClientExecution(awsRequestMetrics, request, response);
}
}
/**
*
* Returns a paginated list of all of the identity sources defined in the specified policy store.
*
*
* @param listIdentitySourcesRequest
* @return Result of the ListIdentitySources operation returned by the service.
* @throws ValidationException
* The request failed because one or more input parameters don't satisfy their constraint requirements. The
* output is provided as a list of fields and a reason for each field that isn't valid.
*
* The possible reasons include the following:
*
*
* -
*
* UnrecognizedEntityType
*
*
* The policy includes an entity type that isn't found in the schema.
*
*
* -
*
* UnrecognizedActionId
*
*
* The policy includes an action id that isn't found in the schema.
*
*
* -
*
* InvalidActionApplication
*
*
* The policy includes an action that, according to the schema, doesn't support the specified principal and
* resource.
*
*
* -
*
* UnexpectedType
*
*
* The policy included an operand that isn't a valid type for the specified operation.
*
*
* -
*
* IncompatibleTypes
*
*
* The types of elements included in a set
, or the types of expressions used in an
* if...then...else
clause aren't compatible in this context.
*
*
* -
*
* MissingAttribute
*
*
* The policy attempts to access a record or entity attribute that isn't specified in the schema. Test for
* the existence of the attribute first before attempting to access its value. For more information, see the
* has
* (presence of attribute test) operator in the Cedar Policy Language Guide.
*
*
* -
*
* UnsafeOptionalAttributeAccess
*
*
* The policy attempts to access a record or entity attribute that is optional and isn't guaranteed to be
* present. Test for the existence of the attribute first before attempting to access its value. For more
* information, see the has
* (presence of attribute test) operator in the Cedar Policy Language Guide.
*
*
* -
*
* ImpossiblePolicy
*
*
* Cedar has determined that a policy condition always evaluates to false. If the policy is always false, it
* can never apply to any query, and so it can never affect an authorization decision.
*
*
* -
*
* WrongNumberArguments
*
*
* The policy references an extension type with the wrong number of arguments.
*
*
* -
*
* FunctionArgumentValidationError
*
*
* Cedar couldn't parse the argument passed to an extension type. For example, a string that is to be parsed
* as an IPv4 address can contain only digits and the period character.
*
*
* @throws AccessDeniedException
* You don't have sufficient access to perform this action.
* @throws ResourceNotFoundException
* The request failed because it references a resource that doesn't exist.
* @throws ThrottlingException
* The request failed because it exceeded a throttling quota.
* @throws InternalServerException
* The request failed because of an internal error. Try your request again later
* @sample AmazonVerifiedPermissions.ListIdentitySources
* @see AWS API Documentation
*/
@Override
public ListIdentitySourcesResult listIdentitySources(ListIdentitySourcesRequest request) {
request = beforeClientExecution(request);
return executeListIdentitySources(request);
}
@SdkInternalApi
final ListIdentitySourcesResult executeListIdentitySources(ListIdentitySourcesRequest listIdentitySourcesRequest) {
ExecutionContext executionContext = createExecutionContext(listIdentitySourcesRequest);
AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics();
awsRequestMetrics.startEvent(Field.ClientExecuteTime);
Request request = null;
Response response = null;
try {
awsRequestMetrics.startEvent(Field.RequestMarshallTime);
try {
request = new ListIdentitySourcesRequestProtocolMarshaller(protocolFactory).marshall(super.beforeMarshalling(listIdentitySourcesRequest));
// Binds the request metrics to the current request.
request.setAWSRequestMetrics(awsRequestMetrics);
request.addHandlerContext(HandlerContextKey.CLIENT_ENDPOINT, endpoint);
request.addHandlerContext(HandlerContextKey.ENDPOINT_OVERRIDDEN, isEndpointOverridden());
request.addHandlerContext(HandlerContextKey.SIGNING_REGION, getSigningRegion());
request.addHandlerContext(HandlerContextKey.SERVICE_ID, "VerifiedPermissions");
request.addHandlerContext(HandlerContextKey.OPERATION_NAME, "ListIdentitySources");
request.addHandlerContext(HandlerContextKey.ADVANCED_CONFIG, advancedConfig);
} finally {
awsRequestMetrics.endEvent(Field.RequestMarshallTime);
}
HttpResponseHandler> responseHandler = protocolFactory.createResponseHandler(
new JsonOperationMetadata().withPayloadJson(true).withHasStreamingSuccessResponse(false), new ListIdentitySourcesResultJsonUnmarshaller());
response = invoke(request, responseHandler, executionContext);
return response.getAwsResponse();
} finally {
endClientExecution(awsRequestMetrics, request, response);
}
}
/**
*
* Returns a paginated list of all policies stored in the specified policy store.
*
*
* @param listPoliciesRequest
* @return Result of the ListPolicies operation returned by the service.
* @throws ValidationException
* The request failed because one or more input parameters don't satisfy their constraint requirements. The
* output is provided as a list of fields and a reason for each field that isn't valid.
*
* The possible reasons include the following:
*
*
* -
*
* UnrecognizedEntityType
*
*
* The policy includes an entity type that isn't found in the schema.
*
*
* -
*
* UnrecognizedActionId
*
*
* The policy includes an action id that isn't found in the schema.
*
*
* -
*
* InvalidActionApplication
*
*
* The policy includes an action that, according to the schema, doesn't support the specified principal and
* resource.
*
*
* -
*
* UnexpectedType
*
*
* The policy included an operand that isn't a valid type for the specified operation.
*
*
* -
*
* IncompatibleTypes
*
*
* The types of elements included in a set
, or the types of expressions used in an
* if...then...else
clause aren't compatible in this context.
*
*
* -
*
* MissingAttribute
*
*
* The policy attempts to access a record or entity attribute that isn't specified in the schema. Test for
* the existence of the attribute first before attempting to access its value. For more information, see the
* has
* (presence of attribute test) operator in the Cedar Policy Language Guide.
*
*
* -
*
* UnsafeOptionalAttributeAccess
*
*
* The policy attempts to access a record or entity attribute that is optional and isn't guaranteed to be
* present. Test for the existence of the attribute first before attempting to access its value. For more
* information, see the has
* (presence of attribute test) operator in the Cedar Policy Language Guide.
*
*
* -
*
* ImpossiblePolicy
*
*
* Cedar has determined that a policy condition always evaluates to false. If the policy is always false, it
* can never apply to any query, and so it can never affect an authorization decision.
*
*
* -
*
* WrongNumberArguments
*
*
* The policy references an extension type with the wrong number of arguments.
*
*
* -
*
* FunctionArgumentValidationError
*
*
* Cedar couldn't parse the argument passed to an extension type. For example, a string that is to be parsed
* as an IPv4 address can contain only digits and the period character.
*
*
* @throws AccessDeniedException
* You don't have sufficient access to perform this action.
* @throws ResourceNotFoundException
* The request failed because it references a resource that doesn't exist.
* @throws ThrottlingException
* The request failed because it exceeded a throttling quota.
* @throws InternalServerException
* The request failed because of an internal error. Try your request again later
* @sample AmazonVerifiedPermissions.ListPolicies
* @see AWS API Documentation
*/
@Override
public ListPoliciesResult listPolicies(ListPoliciesRequest request) {
request = beforeClientExecution(request);
return executeListPolicies(request);
}
@SdkInternalApi
final ListPoliciesResult executeListPolicies(ListPoliciesRequest listPoliciesRequest) {
ExecutionContext executionContext = createExecutionContext(listPoliciesRequest);
AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics();
awsRequestMetrics.startEvent(Field.ClientExecuteTime);
Request request = null;
Response response = null;
try {
awsRequestMetrics.startEvent(Field.RequestMarshallTime);
try {
request = new ListPoliciesRequestProtocolMarshaller(protocolFactory).marshall(super.beforeMarshalling(listPoliciesRequest));
// Binds the request metrics to the current request.
request.setAWSRequestMetrics(awsRequestMetrics);
request.addHandlerContext(HandlerContextKey.CLIENT_ENDPOINT, endpoint);
request.addHandlerContext(HandlerContextKey.ENDPOINT_OVERRIDDEN, isEndpointOverridden());
request.addHandlerContext(HandlerContextKey.SIGNING_REGION, getSigningRegion());
request.addHandlerContext(HandlerContextKey.SERVICE_ID, "VerifiedPermissions");
request.addHandlerContext(HandlerContextKey.OPERATION_NAME, "ListPolicies");
request.addHandlerContext(HandlerContextKey.ADVANCED_CONFIG, advancedConfig);
} finally {
awsRequestMetrics.endEvent(Field.RequestMarshallTime);
}
HttpResponseHandler> responseHandler = protocolFactory.createResponseHandler(
new JsonOperationMetadata().withPayloadJson(true).withHasStreamingSuccessResponse(false), new ListPoliciesResultJsonUnmarshaller());
response = invoke(request, responseHandler, executionContext);
return response.getAwsResponse();
} finally {
endClientExecution(awsRequestMetrics, request, response);
}
}
/**
*
* Returns a paginated list of all policy stores in the calling Amazon Web Services account.
*
*
* @param listPolicyStoresRequest
* @return Result of the ListPolicyStores operation returned by the service.
* @throws ValidationException
* The request failed because one or more input parameters don't satisfy their constraint requirements. The
* output is provided as a list of fields and a reason for each field that isn't valid.
*
* The possible reasons include the following:
*
*
* -
*
* UnrecognizedEntityType
*
*
* The policy includes an entity type that isn't found in the schema.
*
*
* -
*
* UnrecognizedActionId
*
*
* The policy includes an action id that isn't found in the schema.
*
*
* -
*
* InvalidActionApplication
*
*
* The policy includes an action that, according to the schema, doesn't support the specified principal and
* resource.
*
*
* -
*
* UnexpectedType
*
*
* The policy included an operand that isn't a valid type for the specified operation.
*
*
* -
*
* IncompatibleTypes
*
*
* The types of elements included in a set
, or the types of expressions used in an
* if...then...else
clause aren't compatible in this context.
*
*
* -
*
* MissingAttribute
*
*
* The policy attempts to access a record or entity attribute that isn't specified in the schema. Test for
* the existence of the attribute first before attempting to access its value. For more information, see the
* has
* (presence of attribute test) operator in the Cedar Policy Language Guide.
*
*
* -
*
* UnsafeOptionalAttributeAccess
*
*
* The policy attempts to access a record or entity attribute that is optional and isn't guaranteed to be
* present. Test for the existence of the attribute first before attempting to access its value. For more
* information, see the has
* (presence of attribute test) operator in the Cedar Policy Language Guide.
*
*
* -
*
* ImpossiblePolicy
*
*
* Cedar has determined that a policy condition always evaluates to false. If the policy is always false, it
* can never apply to any query, and so it can never affect an authorization decision.
*
*
* -
*
* WrongNumberArguments
*
*
* The policy references an extension type with the wrong number of arguments.
*
*
* -
*
* FunctionArgumentValidationError
*
*
* Cedar couldn't parse the argument passed to an extension type. For example, a string that is to be parsed
* as an IPv4 address can contain only digits and the period character.
*
*
* @throws AccessDeniedException
* You don't have sufficient access to perform this action.
* @throws ThrottlingException
* The request failed because it exceeded a throttling quota.
* @throws InternalServerException
* The request failed because of an internal error. Try your request again later
* @sample AmazonVerifiedPermissions.ListPolicyStores
* @see AWS API Documentation
*/
@Override
public ListPolicyStoresResult listPolicyStores(ListPolicyStoresRequest request) {
request = beforeClientExecution(request);
return executeListPolicyStores(request);
}
@SdkInternalApi
final ListPolicyStoresResult executeListPolicyStores(ListPolicyStoresRequest listPolicyStoresRequest) {
ExecutionContext executionContext = createExecutionContext(listPolicyStoresRequest);
AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics();
awsRequestMetrics.startEvent(Field.ClientExecuteTime);
Request request = null;
Response response = null;
try {
awsRequestMetrics.startEvent(Field.RequestMarshallTime);
try {
request = new ListPolicyStoresRequestProtocolMarshaller(protocolFactory).marshall(super.beforeMarshalling(listPolicyStoresRequest));
// Binds the request metrics to the current request.
request.setAWSRequestMetrics(awsRequestMetrics);
request.addHandlerContext(HandlerContextKey.CLIENT_ENDPOINT, endpoint);
request.addHandlerContext(HandlerContextKey.ENDPOINT_OVERRIDDEN, isEndpointOverridden());
request.addHandlerContext(HandlerContextKey.SIGNING_REGION, getSigningRegion());
request.addHandlerContext(HandlerContextKey.SERVICE_ID, "VerifiedPermissions");
request.addHandlerContext(HandlerContextKey.OPERATION_NAME, "ListPolicyStores");
request.addHandlerContext(HandlerContextKey.ADVANCED_CONFIG, advancedConfig);
} finally {
awsRequestMetrics.endEvent(Field.RequestMarshallTime);
}
HttpResponseHandler> responseHandler = protocolFactory.createResponseHandler(
new JsonOperationMetadata().withPayloadJson(true).withHasStreamingSuccessResponse(false), new ListPolicyStoresResultJsonUnmarshaller());
response = invoke(request, responseHandler, executionContext);
return response.getAwsResponse();
} finally {
endClientExecution(awsRequestMetrics, request, response);
}
}
/**
*
* Returns a paginated list of all policy templates in the specified policy store.
*
*
* @param listPolicyTemplatesRequest
* @return Result of the ListPolicyTemplates operation returned by the service.
* @throws ValidationException
* The request failed because one or more input parameters don't satisfy their constraint requirements. The
* output is provided as a list of fields and a reason for each field that isn't valid.
*
* The possible reasons include the following:
*
*
* -
*
* UnrecognizedEntityType
*
*
* The policy includes an entity type that isn't found in the schema.
*
*
* -
*
* UnrecognizedActionId
*
*
* The policy includes an action id that isn't found in the schema.
*
*
* -
*
* InvalidActionApplication
*
*
* The policy includes an action that, according to the schema, doesn't support the specified principal and
* resource.
*
*
* -
*
* UnexpectedType
*
*
* The policy included an operand that isn't a valid type for the specified operation.
*
*
* -
*
* IncompatibleTypes
*
*
* The types of elements included in a set
, or the types of expressions used in an
* if...then...else
clause aren't compatible in this context.
*
*
* -
*
* MissingAttribute
*
*
* The policy attempts to access a record or entity attribute that isn't specified in the schema. Test for
* the existence of the attribute first before attempting to access its value. For more information, see the
* has
* (presence of attribute test) operator in the Cedar Policy Language Guide.
*
*
* -
*
* UnsafeOptionalAttributeAccess
*
*
* The policy attempts to access a record or entity attribute that is optional and isn't guaranteed to be
* present. Test for the existence of the attribute first before attempting to access its value. For more
* information, see the has
* (presence of attribute test) operator in the Cedar Policy Language Guide.
*
*
* -
*
* ImpossiblePolicy
*
*
* Cedar has determined that a policy condition always evaluates to false. If the policy is always false, it
* can never apply to any query, and so it can never affect an authorization decision.
*
*
* -
*
* WrongNumberArguments
*
*
* The policy references an extension type with the wrong number of arguments.
*
*
* -
*
* FunctionArgumentValidationError
*
*
* Cedar couldn't parse the argument passed to an extension type. For example, a string that is to be parsed
* as an IPv4 address can contain only digits and the period character.
*
*
* @throws AccessDeniedException
* You don't have sufficient access to perform this action.
* @throws ResourceNotFoundException
* The request failed because it references a resource that doesn't exist.
* @throws ThrottlingException
* The request failed because it exceeded a throttling quota.
* @throws InternalServerException
* The request failed because of an internal error. Try your request again later
* @sample AmazonVerifiedPermissions.ListPolicyTemplates
* @see AWS API Documentation
*/
@Override
public ListPolicyTemplatesResult listPolicyTemplates(ListPolicyTemplatesRequest request) {
request = beforeClientExecution(request);
return executeListPolicyTemplates(request);
}
@SdkInternalApi
final ListPolicyTemplatesResult executeListPolicyTemplates(ListPolicyTemplatesRequest listPolicyTemplatesRequest) {
ExecutionContext executionContext = createExecutionContext(listPolicyTemplatesRequest);
AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics();
awsRequestMetrics.startEvent(Field.ClientExecuteTime);
Request request = null;
Response response = null;
try {
awsRequestMetrics.startEvent(Field.RequestMarshallTime);
try {
request = new ListPolicyTemplatesRequestProtocolMarshaller(protocolFactory).marshall(super.beforeMarshalling(listPolicyTemplatesRequest));
// Binds the request metrics to the current request.
request.setAWSRequestMetrics(awsRequestMetrics);
request.addHandlerContext(HandlerContextKey.CLIENT_ENDPOINT, endpoint);
request.addHandlerContext(HandlerContextKey.ENDPOINT_OVERRIDDEN, isEndpointOverridden());
request.addHandlerContext(HandlerContextKey.SIGNING_REGION, getSigningRegion());
request.addHandlerContext(HandlerContextKey.SERVICE_ID, "VerifiedPermissions");
request.addHandlerContext(HandlerContextKey.OPERATION_NAME, "ListPolicyTemplates");
request.addHandlerContext(HandlerContextKey.ADVANCED_CONFIG, advancedConfig);
} finally {
awsRequestMetrics.endEvent(Field.RequestMarshallTime);
}
HttpResponseHandler> responseHandler = protocolFactory.createResponseHandler(
new JsonOperationMetadata().withPayloadJson(true).withHasStreamingSuccessResponse(false), new ListPolicyTemplatesResultJsonUnmarshaller());
response = invoke(request, responseHandler, executionContext);
return response.getAwsResponse();
} finally {
endClientExecution(awsRequestMetrics, request, response);
}
}
/**
*
* Creates or updates the policy schema in the specified policy store. The schema is used to validate any Cedar
* policies and policy templates submitted to the policy store. Any changes to the schema validate only policies and
* templates submitted after the schema change. Existing policies and templates are not re-evaluated against the
* changed schema. If you later update a policy, then it is evaluated against the new schema at that time.
*
*
*
* Verified Permissions is eventually consistent
* . It can take a few seconds for a new or changed element to propagate through the service and be visible in
* the results of other Verified Permissions operations.
*
*
*
* @param putSchemaRequest
* @return Result of the PutSchema operation returned by the service.
* @throws ValidationException
* The request failed because one or more input parameters don't satisfy their constraint requirements. The
* output is provided as a list of fields and a reason for each field that isn't valid.
*
* The possible reasons include the following:
*
*
* -
*
* UnrecognizedEntityType
*
*
* The policy includes an entity type that isn't found in the schema.
*
*
* -
*
* UnrecognizedActionId
*
*
* The policy includes an action id that isn't found in the schema.
*
*
* -
*
* InvalidActionApplication
*
*
* The policy includes an action that, according to the schema, doesn't support the specified principal and
* resource.
*
*
* -
*
* UnexpectedType
*
*
* The policy included an operand that isn't a valid type for the specified operation.
*
*
* -
*
* IncompatibleTypes
*
*
* The types of elements included in a set
, or the types of expressions used in an
* if...then...else
clause aren't compatible in this context.
*
*
* -
*
* MissingAttribute
*
*
* The policy attempts to access a record or entity attribute that isn't specified in the schema. Test for
* the existence of the attribute first before attempting to access its value. For more information, see the
* has
* (presence of attribute test) operator in the Cedar Policy Language Guide.
*
*
* -
*
* UnsafeOptionalAttributeAccess
*
*
* The policy attempts to access a record or entity attribute that is optional and isn't guaranteed to be
* present. Test for the existence of the attribute first before attempting to access its value. For more
* information, see the has
* (presence of attribute test) operator in the Cedar Policy Language Guide.
*
*
* -
*
* ImpossiblePolicy
*
*
* Cedar has determined that a policy condition always evaluates to false. If the policy is always false, it
* can never apply to any query, and so it can never affect an authorization decision.
*
*
* -
*
* WrongNumberArguments
*
*
* The policy references an extension type with the wrong number of arguments.
*
*
* -
*
* FunctionArgumentValidationError
*
*
* Cedar couldn't parse the argument passed to an extension type. For example, a string that is to be parsed
* as an IPv4 address can contain only digits and the period character.
*
*
* @throws ServiceQuotaExceededException
* The request failed because it would cause a service quota to be exceeded.
* @throws ConflictException
* The request failed because another request to modify a resource occurred at the same.
* @throws AccessDeniedException
* You don't have sufficient access to perform this action.
* @throws ResourceNotFoundException
* The request failed because it references a resource that doesn't exist.
* @throws ThrottlingException
* The request failed because it exceeded a throttling quota.
* @throws InternalServerException
* The request failed because of an internal error. Try your request again later
* @sample AmazonVerifiedPermissions.PutSchema
* @see AWS
* API Documentation
*/
@Override
public PutSchemaResult putSchema(PutSchemaRequest request) {
request = beforeClientExecution(request);
return executePutSchema(request);
}
@SdkInternalApi
final PutSchemaResult executePutSchema(PutSchemaRequest putSchemaRequest) {
ExecutionContext executionContext = createExecutionContext(putSchemaRequest);
AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics();
awsRequestMetrics.startEvent(Field.ClientExecuteTime);
Request request = null;
Response response = null;
try {
awsRequestMetrics.startEvent(Field.RequestMarshallTime);
try {
request = new PutSchemaRequestProtocolMarshaller(protocolFactory).marshall(super.beforeMarshalling(putSchemaRequest));
// Binds the request metrics to the current request.
request.setAWSRequestMetrics(awsRequestMetrics);
request.addHandlerContext(HandlerContextKey.CLIENT_ENDPOINT, endpoint);
request.addHandlerContext(HandlerContextKey.ENDPOINT_OVERRIDDEN, isEndpointOverridden());
request.addHandlerContext(HandlerContextKey.SIGNING_REGION, getSigningRegion());
request.addHandlerContext(HandlerContextKey.SERVICE_ID, "VerifiedPermissions");
request.addHandlerContext(HandlerContextKey.OPERATION_NAME, "PutSchema");
request.addHandlerContext(HandlerContextKey.ADVANCED_CONFIG, advancedConfig);
} finally {
awsRequestMetrics.endEvent(Field.RequestMarshallTime);
}
HttpResponseHandler> responseHandler = protocolFactory.createResponseHandler(new JsonOperationMetadata()
.withPayloadJson(true).withHasStreamingSuccessResponse(false), new PutSchemaResultJsonUnmarshaller());
response = invoke(request, responseHandler, executionContext);
return response.getAwsResponse();
} finally {
endClientExecution(awsRequestMetrics, request, response);
}
}
/**
*
* Updates the specified identity source to use a new identity provider (IdP), or to change the mapping of
* identities from the IdP to a different principal entity type.
*
*
*
* Verified Permissions is eventually consistent
* . It can take a few seconds for a new or changed element to propagate through the service and be visible in
* the results of other Verified Permissions operations.
*
*
*
* @param updateIdentitySourceRequest
* @return Result of the UpdateIdentitySource operation returned by the service.
* @throws ValidationException
* The request failed because one or more input parameters don't satisfy their constraint requirements. The
* output is provided as a list of fields and a reason for each field that isn't valid.
*
* The possible reasons include the following:
*
*
* -
*
* UnrecognizedEntityType
*
*
* The policy includes an entity type that isn't found in the schema.
*
*
* -
*
* UnrecognizedActionId
*
*
* The policy includes an action id that isn't found in the schema.
*
*
* -
*
* InvalidActionApplication
*
*
* The policy includes an action that, according to the schema, doesn't support the specified principal and
* resource.
*
*
* -
*
* UnexpectedType
*
*
* The policy included an operand that isn't a valid type for the specified operation.
*
*
* -
*
* IncompatibleTypes
*
*
* The types of elements included in a set
, or the types of expressions used in an
* if...then...else
clause aren't compatible in this context.
*
*
* -
*
* MissingAttribute
*
*
* The policy attempts to access a record or entity attribute that isn't specified in the schema. Test for
* the existence of the attribute first before attempting to access its value. For more information, see the
* has
* (presence of attribute test) operator in the Cedar Policy Language Guide.
*
*
* -
*
* UnsafeOptionalAttributeAccess
*
*
* The policy attempts to access a record or entity attribute that is optional and isn't guaranteed to be
* present. Test for the existence of the attribute first before attempting to access its value. For more
* information, see the has
* (presence of attribute test) operator in the Cedar Policy Language Guide.
*
*
* -
*
* ImpossiblePolicy
*
*
* Cedar has determined that a policy condition always evaluates to false. If the policy is always false, it
* can never apply to any query, and so it can never affect an authorization decision.
*
*
* -
*
* WrongNumberArguments
*
*
* The policy references an extension type with the wrong number of arguments.
*
*
* -
*
* FunctionArgumentValidationError
*
*
* Cedar couldn't parse the argument passed to an extension type. For example, a string that is to be parsed
* as an IPv4 address can contain only digits and the period character.
*
*
* @throws ConflictException
* The request failed because another request to modify a resource occurred at the same.
* @throws AccessDeniedException
* You don't have sufficient access to perform this action.
* @throws ResourceNotFoundException
* The request failed because it references a resource that doesn't exist.
* @throws ThrottlingException
* The request failed because it exceeded a throttling quota.
* @throws InternalServerException
* The request failed because of an internal error. Try your request again later
* @sample AmazonVerifiedPermissions.UpdateIdentitySource
* @see AWS API Documentation
*/
@Override
public UpdateIdentitySourceResult updateIdentitySource(UpdateIdentitySourceRequest request) {
request = beforeClientExecution(request);
return executeUpdateIdentitySource(request);
}
@SdkInternalApi
final UpdateIdentitySourceResult executeUpdateIdentitySource(UpdateIdentitySourceRequest updateIdentitySourceRequest) {
ExecutionContext executionContext = createExecutionContext(updateIdentitySourceRequest);
AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics();
awsRequestMetrics.startEvent(Field.ClientExecuteTime);
Request request = null;
Response response = null;
try {
awsRequestMetrics.startEvent(Field.RequestMarshallTime);
try {
request = new UpdateIdentitySourceRequestProtocolMarshaller(protocolFactory).marshall(super.beforeMarshalling(updateIdentitySourceRequest));
// Binds the request metrics to the current request.
request.setAWSRequestMetrics(awsRequestMetrics);
request.addHandlerContext(HandlerContextKey.CLIENT_ENDPOINT, endpoint);
request.addHandlerContext(HandlerContextKey.ENDPOINT_OVERRIDDEN, isEndpointOverridden());
request.addHandlerContext(HandlerContextKey.SIGNING_REGION, getSigningRegion());
request.addHandlerContext(HandlerContextKey.SERVICE_ID, "VerifiedPermissions");
request.addHandlerContext(HandlerContextKey.OPERATION_NAME, "UpdateIdentitySource");
request.addHandlerContext(HandlerContextKey.ADVANCED_CONFIG, advancedConfig);
} finally {
awsRequestMetrics.endEvent(Field.RequestMarshallTime);
}
HttpResponseHandler> responseHandler = protocolFactory.createResponseHandler(
new JsonOperationMetadata().withPayloadJson(true).withHasStreamingSuccessResponse(false), new UpdateIdentitySourceResultJsonUnmarshaller());
response = invoke(request, responseHandler, executionContext);
return response.getAwsResponse();
} finally {
endClientExecution(awsRequestMetrics, request, response);
}
}
/**
*
* Modifies a Cedar static policy in the specified policy store. You can change only certain elements of the UpdatePolicyDefinition parameter. You can directly update only static policies. To change a template-linked
* policy, you must update the template instead, using UpdatePolicyTemplate.
*
*
*
* -
*
* If policy validation is enabled in the policy store, then updating a static policy causes Verified Permissions to
* validate the policy against the schema in the policy store. If the updated static policy doesn't pass validation,
* the operation fails and the update isn't stored.
*
*
* -
*
* When you edit a static policy, you can change only certain elements of a static policy:
*
*
* -
*
* The action referenced by the policy.
*
*
* -
*
* A condition clause, such as when and unless.
*
*
*
*
* You can't change these elements of a static policy:
*
*
* -
*
* Changing a policy from a static policy to a template-linked policy.
*
*
* -
*
* Changing the effect of a static policy from permit or forbid.
*
*
* -
*
* The principal referenced by a static policy.
*
*
* -
*
* The resource referenced by a static policy.
*
*
*
*
* -
*
* To update a template-linked policy, you must update the template instead.
*
*
*
*
*
* Verified Permissions is eventually consistent
* . It can take a few seconds for a new or changed element to propagate through the service and be visible in
* the results of other Verified Permissions operations.
*
*
*
* @param updatePolicyRequest
* @return Result of the UpdatePolicy operation returned by the service.
* @throws ValidationException
* The request failed because one or more input parameters don't satisfy their constraint requirements. The
* output is provided as a list of fields and a reason for each field that isn't valid.
*
* The possible reasons include the following:
*
*
* -
*
* UnrecognizedEntityType
*
*
* The policy includes an entity type that isn't found in the schema.
*
*
* -
*
* UnrecognizedActionId
*
*
* The policy includes an action id that isn't found in the schema.
*
*
* -
*
* InvalidActionApplication
*
*
* The policy includes an action that, according to the schema, doesn't support the specified principal and
* resource.
*
*
* -
*
* UnexpectedType
*
*
* The policy included an operand that isn't a valid type for the specified operation.
*
*
* -
*
* IncompatibleTypes
*
*
* The types of elements included in a set
, or the types of expressions used in an
* if...then...else
clause aren't compatible in this context.
*
*
* -
*
* MissingAttribute
*
*
* The policy attempts to access a record or entity attribute that isn't specified in the schema. Test for
* the existence of the attribute first before attempting to access its value. For more information, see the
* has
* (presence of attribute test) operator in the Cedar Policy Language Guide.
*
*
* -
*
* UnsafeOptionalAttributeAccess
*
*
* The policy attempts to access a record or entity attribute that is optional and isn't guaranteed to be
* present. Test for the existence of the attribute first before attempting to access its value. For more
* information, see the has
* (presence of attribute test) operator in the Cedar Policy Language Guide.
*
*
* -
*
* ImpossiblePolicy
*
*
* Cedar has determined that a policy condition always evaluates to false. If the policy is always false, it
* can never apply to any query, and so it can never affect an authorization decision.
*
*
* -
*
* WrongNumberArguments
*
*
* The policy references an extension type with the wrong number of arguments.
*
*
* -
*
* FunctionArgumentValidationError
*
*
* Cedar couldn't parse the argument passed to an extension type. For example, a string that is to be parsed
* as an IPv4 address can contain only digits and the period character.
*
*
* @throws ServiceQuotaExceededException
* The request failed because it would cause a service quota to be exceeded.
* @throws ConflictException
* The request failed because another request to modify a resource occurred at the same.
* @throws AccessDeniedException
* You don't have sufficient access to perform this action.
* @throws ResourceNotFoundException
* The request failed because it references a resource that doesn't exist.
* @throws ThrottlingException
* The request failed because it exceeded a throttling quota.
* @throws InternalServerException
* The request failed because of an internal error. Try your request again later
* @sample AmazonVerifiedPermissions.UpdatePolicy
* @see AWS API Documentation
*/
@Override
public UpdatePolicyResult updatePolicy(UpdatePolicyRequest request) {
request = beforeClientExecution(request);
return executeUpdatePolicy(request);
}
@SdkInternalApi
final UpdatePolicyResult executeUpdatePolicy(UpdatePolicyRequest updatePolicyRequest) {
ExecutionContext executionContext = createExecutionContext(updatePolicyRequest);
AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics();
awsRequestMetrics.startEvent(Field.ClientExecuteTime);
Request request = null;
Response response = null;
try {
awsRequestMetrics.startEvent(Field.RequestMarshallTime);
try {
request = new UpdatePolicyRequestProtocolMarshaller(protocolFactory).marshall(super.beforeMarshalling(updatePolicyRequest));
// Binds the request metrics to the current request.
request.setAWSRequestMetrics(awsRequestMetrics);
request.addHandlerContext(HandlerContextKey.CLIENT_ENDPOINT, endpoint);
request.addHandlerContext(HandlerContextKey.ENDPOINT_OVERRIDDEN, isEndpointOverridden());
request.addHandlerContext(HandlerContextKey.SIGNING_REGION, getSigningRegion());
request.addHandlerContext(HandlerContextKey.SERVICE_ID, "VerifiedPermissions");
request.addHandlerContext(HandlerContextKey.OPERATION_NAME, "UpdatePolicy");
request.addHandlerContext(HandlerContextKey.ADVANCED_CONFIG, advancedConfig);
} finally {
awsRequestMetrics.endEvent(Field.RequestMarshallTime);
}
HttpResponseHandler> responseHandler = protocolFactory.createResponseHandler(
new JsonOperationMetadata().withPayloadJson(true).withHasStreamingSuccessResponse(false), new UpdatePolicyResultJsonUnmarshaller());
response = invoke(request, responseHandler, executionContext);
return response.getAwsResponse();
} finally {
endClientExecution(awsRequestMetrics, request, response);
}
}
/**
*
* Modifies the validation setting for a policy store.
*
*
*
* Verified Permissions is eventually consistent
* . It can take a few seconds for a new or changed element to propagate through the service and be visible in
* the results of other Verified Permissions operations.
*
*
*
* @param updatePolicyStoreRequest
* @return Result of the UpdatePolicyStore operation returned by the service.
* @throws ValidationException
* The request failed because one or more input parameters don't satisfy their constraint requirements. The
* output is provided as a list of fields and a reason for each field that isn't valid.
*
* The possible reasons include the following:
*
*
* -
*
* UnrecognizedEntityType
*
*
* The policy includes an entity type that isn't found in the schema.
*
*
* -
*
* UnrecognizedActionId
*
*
* The policy includes an action id that isn't found in the schema.
*
*
* -
*
* InvalidActionApplication
*
*
* The policy includes an action that, according to the schema, doesn't support the specified principal and
* resource.
*
*
* -
*
* UnexpectedType
*
*
* The policy included an operand that isn't a valid type for the specified operation.
*
*
* -
*
* IncompatibleTypes
*
*
* The types of elements included in a set
, or the types of expressions used in an
* if...then...else
clause aren't compatible in this context.
*
*
* -
*
* MissingAttribute
*
*
* The policy attempts to access a record or entity attribute that isn't specified in the schema. Test for
* the existence of the attribute first before attempting to access its value. For more information, see the
* has
* (presence of attribute test) operator in the Cedar Policy Language Guide.
*
*
* -
*
* UnsafeOptionalAttributeAccess
*
*
* The policy attempts to access a record or entity attribute that is optional and isn't guaranteed to be
* present. Test for the existence of the attribute first before attempting to access its value. For more
* information, see the has
* (presence of attribute test) operator in the Cedar Policy Language Guide.
*
*
* -
*
* ImpossiblePolicy
*
*
* Cedar has determined that a policy condition always evaluates to false. If the policy is always false, it
* can never apply to any query, and so it can never affect an authorization decision.
*
*
* -
*
* WrongNumberArguments
*
*
* The policy references an extension type with the wrong number of arguments.
*
*
* -
*
* FunctionArgumentValidationError
*
*
* Cedar couldn't parse the argument passed to an extension type. For example, a string that is to be parsed
* as an IPv4 address can contain only digits and the period character.
*
*
* @throws ConflictException
* The request failed because another request to modify a resource occurred at the same.
* @throws AccessDeniedException
* You don't have sufficient access to perform this action.
* @throws ResourceNotFoundException
* The request failed because it references a resource that doesn't exist.
* @throws ThrottlingException
* The request failed because it exceeded a throttling quota.
* @throws InternalServerException
* The request failed because of an internal error. Try your request again later
* @sample AmazonVerifiedPermissions.UpdatePolicyStore
* @see AWS API Documentation
*/
@Override
public UpdatePolicyStoreResult updatePolicyStore(UpdatePolicyStoreRequest request) {
request = beforeClientExecution(request);
return executeUpdatePolicyStore(request);
}
@SdkInternalApi
final UpdatePolicyStoreResult executeUpdatePolicyStore(UpdatePolicyStoreRequest updatePolicyStoreRequest) {
ExecutionContext executionContext = createExecutionContext(updatePolicyStoreRequest);
AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics();
awsRequestMetrics.startEvent(Field.ClientExecuteTime);
Request request = null;
Response response = null;
try {
awsRequestMetrics.startEvent(Field.RequestMarshallTime);
try {
request = new UpdatePolicyStoreRequestProtocolMarshaller(protocolFactory).marshall(super.beforeMarshalling(updatePolicyStoreRequest));
// Binds the request metrics to the current request.
request.setAWSRequestMetrics(awsRequestMetrics);
request.addHandlerContext(HandlerContextKey.CLIENT_ENDPOINT, endpoint);
request.addHandlerContext(HandlerContextKey.ENDPOINT_OVERRIDDEN, isEndpointOverridden());
request.addHandlerContext(HandlerContextKey.SIGNING_REGION, getSigningRegion());
request.addHandlerContext(HandlerContextKey.SERVICE_ID, "VerifiedPermissions");
request.addHandlerContext(HandlerContextKey.OPERATION_NAME, "UpdatePolicyStore");
request.addHandlerContext(HandlerContextKey.ADVANCED_CONFIG, advancedConfig);
} finally {
awsRequestMetrics.endEvent(Field.RequestMarshallTime);
}
HttpResponseHandler> responseHandler = protocolFactory.createResponseHandler(
new JsonOperationMetadata().withPayloadJson(true).withHasStreamingSuccessResponse(false), new UpdatePolicyStoreResultJsonUnmarshaller());
response = invoke(request, responseHandler, executionContext);
return response.getAwsResponse();
} finally {
endClientExecution(awsRequestMetrics, request, response);
}
}
/**
*
* Updates the specified policy template. You can update only the description and the some elements of the policyBody.
*
*
*
* Changes you make to the policy template content are immediately (within the constraints of eventual consistency)
* reflected in authorization decisions that involve all template-linked policies instantiated from this template.
*
*
*
* Verified Permissions is eventually consistent
* . It can take a few seconds for a new or changed element to propagate through the service and be visible in
* the results of other Verified Permissions operations.
*
*
*
* @param updatePolicyTemplateRequest
* @return Result of the UpdatePolicyTemplate operation returned by the service.
* @throws ValidationException
* The request failed because one or more input parameters don't satisfy their constraint requirements. The
* output is provided as a list of fields and a reason for each field that isn't valid.
*
* The possible reasons include the following:
*
*
* -
*
* UnrecognizedEntityType
*
*
* The policy includes an entity type that isn't found in the schema.
*
*
* -
*
* UnrecognizedActionId
*
*
* The policy includes an action id that isn't found in the schema.
*
*
* -
*
* InvalidActionApplication
*
*
* The policy includes an action that, according to the schema, doesn't support the specified principal and
* resource.
*
*
* -
*
* UnexpectedType
*
*
* The policy included an operand that isn't a valid type for the specified operation.
*
*
* -
*
* IncompatibleTypes
*
*
* The types of elements included in a set
, or the types of expressions used in an
* if...then...else
clause aren't compatible in this context.
*
*
* -
*
* MissingAttribute
*
*
* The policy attempts to access a record or entity attribute that isn't specified in the schema. Test for
* the existence of the attribute first before attempting to access its value. For more information, see the
* has
* (presence of attribute test) operator in the Cedar Policy Language Guide.
*
*
* -
*
* UnsafeOptionalAttributeAccess
*
*
* The policy attempts to access a record or entity attribute that is optional and isn't guaranteed to be
* present. Test for the existence of the attribute first before attempting to access its value. For more
* information, see the has
* (presence of attribute test) operator in the Cedar Policy Language Guide.
*
*
* -
*
* ImpossiblePolicy
*
*
* Cedar has determined that a policy condition always evaluates to false. If the policy is always false, it
* can never apply to any query, and so it can never affect an authorization decision.
*
*
* -
*
* WrongNumberArguments
*
*
* The policy references an extension type with the wrong number of arguments.
*
*
* -
*
* FunctionArgumentValidationError
*
*
* Cedar couldn't parse the argument passed to an extension type. For example, a string that is to be parsed
* as an IPv4 address can contain only digits and the period character.
*
*
* @throws ConflictException
* The request failed because another request to modify a resource occurred at the same.
* @throws AccessDeniedException
* You don't have sufficient access to perform this action.
* @throws ResourceNotFoundException
* The request failed because it references a resource that doesn't exist.
* @throws ThrottlingException
* The request failed because it exceeded a throttling quota.
* @throws InternalServerException
* The request failed because of an internal error. Try your request again later
* @sample AmazonVerifiedPermissions.UpdatePolicyTemplate
* @see AWS API Documentation
*/
@Override
public UpdatePolicyTemplateResult updatePolicyTemplate(UpdatePolicyTemplateRequest request) {
request = beforeClientExecution(request);
return executeUpdatePolicyTemplate(request);
}
@SdkInternalApi
final UpdatePolicyTemplateResult executeUpdatePolicyTemplate(UpdatePolicyTemplateRequest updatePolicyTemplateRequest) {
ExecutionContext executionContext = createExecutionContext(updatePolicyTemplateRequest);
AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics();
awsRequestMetrics.startEvent(Field.ClientExecuteTime);
Request request = null;
Response response = null;
try {
awsRequestMetrics.startEvent(Field.RequestMarshallTime);
try {
request = new UpdatePolicyTemplateRequestProtocolMarshaller(protocolFactory).marshall(super.beforeMarshalling(updatePolicyTemplateRequest));
// Binds the request metrics to the current request.
request.setAWSRequestMetrics(awsRequestMetrics);
request.addHandlerContext(HandlerContextKey.CLIENT_ENDPOINT, endpoint);
request.addHandlerContext(HandlerContextKey.ENDPOINT_OVERRIDDEN, isEndpointOverridden());
request.addHandlerContext(HandlerContextKey.SIGNING_REGION, getSigningRegion());
request.addHandlerContext(HandlerContextKey.SERVICE_ID, "VerifiedPermissions");
request.addHandlerContext(HandlerContextKey.OPERATION_NAME, "UpdatePolicyTemplate");
request.addHandlerContext(HandlerContextKey.ADVANCED_CONFIG, advancedConfig);
} finally {
awsRequestMetrics.endEvent(Field.RequestMarshallTime);
}
HttpResponseHandler> responseHandler = protocolFactory.createResponseHandler(
new JsonOperationMetadata().withPayloadJson(true).withHasStreamingSuccessResponse(false), new UpdatePolicyTemplateResultJsonUnmarshaller());
response = invoke(request, responseHandler, executionContext);
return response.getAwsResponse();
} finally {
endClientExecution(awsRequestMetrics, request, response);
}
}
/**
* Returns additional metadata for a previously executed successful, request, typically used for debugging issues
* where a service isn't acting as expected. This data isn't considered part of the result data returned by an
* operation, so it's available through this separate, diagnostic interface.
*
* Response metadata is only cached for a limited period of time, so if you need to access this extra diagnostic
* information for an executed request, you should use this method to retrieve it as soon as possible after
* executing the request.
*
* @param request
* The originally executed request
*
* @return The response metadata for the specified request, or null if none is available.
*/
public ResponseMetadata getCachedResponseMetadata(AmazonWebServiceRequest request) {
return client.getResponseMetadataForRequest(request);
}
/**
* Normal invoke with authentication. Credentials are required and may be overriden at the request level.
**/
private Response invoke(Request request, HttpResponseHandler> responseHandler,
ExecutionContext executionContext) {
return invoke(request, responseHandler, executionContext, null, null);
}
/**
* Normal invoke with authentication. Credentials are required and may be overriden at the request level.
**/
private Response invoke(Request request, HttpResponseHandler> responseHandler,
ExecutionContext executionContext, URI cachedEndpoint, URI uriFromEndpointTrait) {
executionContext.setCredentialsProvider(CredentialUtils.getCredentialsProvider(request.getOriginalRequest(), awsCredentialsProvider));
return doInvoke(request, responseHandler, executionContext, cachedEndpoint, uriFromEndpointTrait);
}
/**
* Invoke with no authentication. Credentials are not required and any credentials set on the client or request will
* be ignored for this operation.
**/
private Response anonymousInvoke(Request request,
HttpResponseHandler> responseHandler, ExecutionContext executionContext) {
return doInvoke(request, responseHandler, executionContext, null, null);
}
/**
* Invoke the request using the http client. Assumes credentials (or lack thereof) have been configured in the
* ExecutionContext beforehand.
**/
private Response doInvoke(Request request, HttpResponseHandler> responseHandler,
ExecutionContext executionContext, URI discoveredEndpoint, URI uriFromEndpointTrait) {
if (discoveredEndpoint != null) {
request.setEndpoint(discoveredEndpoint);
request.getOriginalRequest().getRequestClientOptions().appendUserAgent("endpoint-discovery");
} else if (uriFromEndpointTrait != null) {
request.setEndpoint(uriFromEndpointTrait);
} else {
request.setEndpoint(endpoint);
}
request.setTimeOffset(timeOffset);
HttpResponseHandler errorResponseHandler = protocolFactory.createErrorResponseHandler(new JsonErrorResponseMetadata());
return client.execute(request, responseHandler, errorResponseHandler, executionContext);
}
@com.amazonaws.annotation.SdkInternalApi
static com.amazonaws.protocol.json.SdkJsonProtocolFactory getProtocolFactory() {
return protocolFactory;
}
@Override
public void shutdown() {
super.shutdown();
}
}