func Decision_Values() []string
Decision_Values returns all elements of the Decision enum
func OpenIdIssuer_Values() []string
OpenIdIssuer_Values returns all elements of the OpenIdIssuer enum
func PolicyEffect_Values() []string
PolicyEffect_Values returns all elements of the PolicyEffect enum
func PolicyType_Values() []string
PolicyType_Values returns all elements of the PolicyType enum
func ResourceType_Values() []string
ResourceType_Values returns all elements of the ResourceType enum
func ValidationMode_Values() []string
ValidationMode_Values returns all elements of the ValidationMode enum
type AccessDeniedException struct { RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` Message_ *string `locationName:"message" type:"string"` // contains filtered or unexported fields }
You don't have sufficient access to perform this action.
func (s *AccessDeniedException) Code() string
Code returns the exception type name.
func (s *AccessDeniedException) Error() string
func (s AccessDeniedException) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *AccessDeniedException) Message() string
Message returns the exception's message.
func (s *AccessDeniedException) OrigErr() error
OrigErr always returns nil, satisfies awserr.Error interface.
func (s *AccessDeniedException) RequestID() string
RequestID returns the service's response RequestID for request.
func (s *AccessDeniedException) StatusCode() int
Status code returns the HTTP status code for the request's response error.
func (s AccessDeniedException) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type ActionIdentifier struct { // The ID of an action. // // ActionId is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by ActionIdentifier's // String and GoString methods. // // ActionId is a required field ActionId *string `locationName:"actionId" min:"1" type:"string" required:"true" sensitive:"true"` // The type of an action. // // ActionType is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by ActionIdentifier's // String and GoString methods. // // ActionType is a required field ActionType *string `locationName:"actionType" min:"1" type:"string" required:"true" sensitive:"true"` // contains filtered or unexported fields }
Contains information about an action for a request for which an authorization decision is made.
This data type is used as a request parameter to the IsAuthorized (https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_IsAuthorized.html), BatchIsAuthorized (https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_BatchIsAuthorized.html), and IsAuthorizedWithToken (https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_IsAuthorizedWithToken.html) operations.
Example: { "actionId": "<action name>", "actionType": "Action" }
func (s ActionIdentifier) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *ActionIdentifier) SetActionId(v string) *ActionIdentifier
SetActionId sets the ActionId field's value.
func (s *ActionIdentifier) SetActionType(v string) *ActionIdentifier
SetActionType sets the ActionType field's value.
func (s ActionIdentifier) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *ActionIdentifier) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type AttributeValue struct { // An attribute value of Boolean (https://docs.cedarpolicy.com/policies/syntax-datatypes.html#boolean) // type. // // Example: {"boolean": true} // // Boolean is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by AttributeValue's // String and GoString methods. Boolean *bool `locationName:"boolean" type:"boolean" sensitive:"true"` // An attribute value of type EntityIdentifier (https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_EntityIdentifier.html). // // Example: "entityIdentifier": { "entityId": "<id>", "entityType": "<entity // type>"} EntityIdentifier *EntityIdentifier `locationName:"entityIdentifier" type:"structure"` // An attribute value of Long (https://docs.cedarpolicy.com/policies/syntax-datatypes.html#long) // type. // // Example: {"long": 0} // // Long is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by AttributeValue's // String and GoString methods. Long *int64 `locationName:"long" type:"long" sensitive:"true"` // An attribute value of Record (https://docs.cedarpolicy.com/policies/syntax-datatypes.html#record) // type. // // Example: {"record": { "keyName": {} } } Record map[string]*AttributeValue `locationName:"record" type:"map"` // An attribute value of Set (https://docs.cedarpolicy.com/policies/syntax-datatypes.html#set) // type. // // Example: {"set": [ {} ] } Set []*AttributeValue `locationName:"set" type:"list"` // An attribute value of String (https://docs.cedarpolicy.com/policies/syntax-datatypes.html#string) // type. // // Example: {"string": "abc"} // // String_ is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by AttributeValue's // String and GoString methods. String_ *string `locationName:"string" type:"string" sensitive:"true"` // contains filtered or unexported fields }
The value of an attribute.
Contains information about the runtime context for a request for which an authorization decision is made.
This data type is used as a member of the ContextDefinition (https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_ContextDefinition.html) structure which is uses as a request parameter for the IsAuthorized (https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_IsAuthorized.html), BatchIsAuthorized (https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_BatchIsAuthorized.html), and IsAuthorizedWithToken (https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_IsAuthorizedWithToken.html) operations.
func (s AttributeValue) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *AttributeValue) SetBoolean(v bool) *AttributeValue
SetBoolean sets the Boolean field's value.
func (s *AttributeValue) SetEntityIdentifier(v *EntityIdentifier) *AttributeValue
SetEntityIdentifier sets the EntityIdentifier field's value.
func (s *AttributeValue) SetLong(v int64) *AttributeValue
SetLong sets the Long field's value.
func (s *AttributeValue) SetRecord(v map[string]*AttributeValue) *AttributeValue
SetRecord sets the Record field's value.
func (s *AttributeValue) SetSet(v []*AttributeValue) *AttributeValue
SetSet sets the Set field's value.
func (s *AttributeValue) SetString_(v string) *AttributeValue
SetString_ sets the String_ field's value.
func (s AttributeValue) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *AttributeValue) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type BatchIsAuthorizedInput struct { // Specifies the list of resources and principals and their associated attributes // that Verified Permissions can examine when evaluating the policies. // // You can include only principal and resource entities in this parameter; you // can't include actions. You must specify actions in the schema. Entities *EntitiesDefinition `locationName:"entities" type:"structure"` // Specifies the ID of the policy store. Policies in this policy store will // be used to make the authorization decisions for the input. // // PolicyStoreId is a required field PolicyStoreId *string `locationName:"policyStoreId" min:"1" type:"string" required:"true"` // An array of up to 30 requests that you want Verified Permissions to evaluate. // // Requests is a required field Requests []*BatchIsAuthorizedInputItem `locationName:"requests" min:"1" type:"list" required:"true"` // contains filtered or unexported fields }
func (s BatchIsAuthorizedInput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *BatchIsAuthorizedInput) SetEntities(v *EntitiesDefinition) *BatchIsAuthorizedInput
SetEntities sets the Entities field's value.
func (s *BatchIsAuthorizedInput) SetPolicyStoreId(v string) *BatchIsAuthorizedInput
SetPolicyStoreId sets the PolicyStoreId field's value.
func (s *BatchIsAuthorizedInput) SetRequests(v []*BatchIsAuthorizedInputItem) *BatchIsAuthorizedInput
SetRequests sets the Requests field's value.
func (s BatchIsAuthorizedInput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *BatchIsAuthorizedInput) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type BatchIsAuthorizedInputItem struct { // Specifies the requested action to be authorized. For example, PhotoFlash::ReadPhoto. Action *ActionIdentifier `locationName:"action" type:"structure"` // Specifies additional context that can be used to make more granular authorization // decisions. Context *ContextDefinition `locationName:"context" type:"structure"` // Specifies the principal for which the authorization decision is to be made. Principal *EntityIdentifier `locationName:"principal" type:"structure"` // Specifies the resource that you want an authorization decision for. For example, // PhotoFlash::Photo. Resource *EntityIdentifier `locationName:"resource" type:"structure"` // contains filtered or unexported fields }
An authorization request that you include in a BatchIsAuthorized API request.
func (s BatchIsAuthorizedInputItem) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *BatchIsAuthorizedInputItem) SetAction(v *ActionIdentifier) *BatchIsAuthorizedInputItem
SetAction sets the Action field's value.
func (s *BatchIsAuthorizedInputItem) SetContext(v *ContextDefinition) *BatchIsAuthorizedInputItem
SetContext sets the Context field's value.
func (s *BatchIsAuthorizedInputItem) SetPrincipal(v *EntityIdentifier) *BatchIsAuthorizedInputItem
SetPrincipal sets the Principal field's value.
func (s *BatchIsAuthorizedInputItem) SetResource(v *EntityIdentifier) *BatchIsAuthorizedInputItem
SetResource sets the Resource field's value.
func (s BatchIsAuthorizedInputItem) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *BatchIsAuthorizedInputItem) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type BatchIsAuthorizedOutput struct { // A series of Allow or Deny decisions for each request, and the policies that // produced them. // // Results is a required field Results []*BatchIsAuthorizedOutputItem `locationName:"results" type:"list" required:"true"` // contains filtered or unexported fields }
func (s BatchIsAuthorizedOutput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *BatchIsAuthorizedOutput) SetResults(v []*BatchIsAuthorizedOutputItem) *BatchIsAuthorizedOutput
SetResults sets the Results field's value.
func (s BatchIsAuthorizedOutput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type BatchIsAuthorizedOutputItem struct { // An authorization decision that indicates if the authorization request should // be allowed or denied. // // Decision is a required field Decision *string `locationName:"decision" type:"string" required:"true" enum:"Decision"` // The list of determining policies used to make the authorization decision. // For example, if there are two matching policies, where one is a forbid and // the other is a permit, then the forbid policy will be the determining policy. // In the case of multiple matching permit policies then there would be multiple // determining policies. In the case that no policies match, and hence the response // is DENY, there would be no determining policies. // // DeterminingPolicies is a required field DeterminingPolicies []*DeterminingPolicyItem `locationName:"determiningPolicies" type:"list" required:"true"` // Errors that occurred while making an authorization decision. For example, // a policy might reference an entity or attribute that doesn't exist in the // request. // // Errors is a required field Errors []*EvaluationErrorItem `locationName:"errors" type:"list" required:"true" sensitive:"true"` // The authorization request that initiated the decision. // // Request is a required field Request *BatchIsAuthorizedInputItem `locationName:"request" type:"structure" required:"true"` // contains filtered or unexported fields }
The decision, based on policy evaluation, from an individual authorization request in a BatchIsAuthorized API request.
func (s BatchIsAuthorizedOutputItem) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *BatchIsAuthorizedOutputItem) SetDecision(v string) *BatchIsAuthorizedOutputItem
SetDecision sets the Decision field's value.
func (s *BatchIsAuthorizedOutputItem) SetDeterminingPolicies(v []*DeterminingPolicyItem) *BatchIsAuthorizedOutputItem
SetDeterminingPolicies sets the DeterminingPolicies field's value.
func (s *BatchIsAuthorizedOutputItem) SetErrors(v []*EvaluationErrorItem) *BatchIsAuthorizedOutputItem
SetErrors sets the Errors field's value.
func (s *BatchIsAuthorizedOutputItem) SetRequest(v *BatchIsAuthorizedInputItem) *BatchIsAuthorizedOutputItem
SetRequest sets the Request field's value.
func (s BatchIsAuthorizedOutputItem) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type BatchIsAuthorizedWithTokenInput struct { // Specifies an access token for the principal that you want to authorize in // each request. This token is provided to you by the identity provider (IdP) // associated with the specified identity source. You must specify either an // accessToken, an identityToken, or both. // // Must be an access token. Verified Permissions returns an error if the token_use // claim in the submitted token isn't access. // // AccessToken is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by BatchIsAuthorizedWithTokenInput's // String and GoString methods. AccessToken *string `locationName:"accessToken" min:"1" type:"string" sensitive:"true"` // Specifies the list of resources and their associated attributes that Verified // Permissions can examine when evaluating the policies. // // You can't include principals in this parameter, only resource and action // entities. This parameter can't include any entities of a type that matches // the user or group entity types that you defined in your identity source. // // * The BatchIsAuthorizedWithToken operation takes principal attributes // from only the identityToken or accessToken passed to the operation. // // * For action entities, you can include only their Identifier and EntityType. Entities *EntitiesDefinition `locationName:"entities" type:"structure"` // Specifies an identity (ID) token for the principal that you want to authorize // in each request. This token is provided to you by the identity provider (IdP) // associated with the specified identity source. You must specify either an // accessToken, an identityToken, or both. // // Must be an ID token. Verified Permissions returns an error if the token_use // claim in the submitted token isn't id. // // IdentityToken is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by BatchIsAuthorizedWithTokenInput's // String and GoString methods. IdentityToken *string `locationName:"identityToken" min:"1" type:"string" sensitive:"true"` // Specifies the ID of the policy store. Policies in this policy store will // be used to make an authorization decision for the input. // // PolicyStoreId is a required field PolicyStoreId *string `locationName:"policyStoreId" min:"1" type:"string" required:"true"` // An array of up to 30 requests that you want Verified Permissions to evaluate. // // Requests is a required field Requests []*BatchIsAuthorizedWithTokenInputItem `locationName:"requests" min:"1" type:"list" required:"true"` // contains filtered or unexported fields }
func (s BatchIsAuthorizedWithTokenInput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *BatchIsAuthorizedWithTokenInput) SetAccessToken(v string) *BatchIsAuthorizedWithTokenInput
SetAccessToken sets the AccessToken field's value.
func (s *BatchIsAuthorizedWithTokenInput) SetEntities(v *EntitiesDefinition) *BatchIsAuthorizedWithTokenInput
SetEntities sets the Entities field's value.
func (s *BatchIsAuthorizedWithTokenInput) SetIdentityToken(v string) *BatchIsAuthorizedWithTokenInput
SetIdentityToken sets the IdentityToken field's value.
func (s *BatchIsAuthorizedWithTokenInput) SetPolicyStoreId(v string) *BatchIsAuthorizedWithTokenInput
SetPolicyStoreId sets the PolicyStoreId field's value.
func (s *BatchIsAuthorizedWithTokenInput) SetRequests(v []*BatchIsAuthorizedWithTokenInputItem) *BatchIsAuthorizedWithTokenInput
SetRequests sets the Requests field's value.
func (s BatchIsAuthorizedWithTokenInput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *BatchIsAuthorizedWithTokenInput) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type BatchIsAuthorizedWithTokenInputItem struct { // Specifies the requested action to be authorized. For example, PhotoFlash::ReadPhoto. Action *ActionIdentifier `locationName:"action" type:"structure"` // Specifies additional context that can be used to make more granular authorization // decisions. Context *ContextDefinition `locationName:"context" type:"structure"` // Specifies the resource that you want an authorization decision for. For example, // PhotoFlash::Photo. Resource *EntityIdentifier `locationName:"resource" type:"structure"` // contains filtered or unexported fields }
An authorization request that you include in a BatchIsAuthorizedWithToken API request.
func (s BatchIsAuthorizedWithTokenInputItem) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *BatchIsAuthorizedWithTokenInputItem) SetAction(v *ActionIdentifier) *BatchIsAuthorizedWithTokenInputItem
SetAction sets the Action field's value.
func (s *BatchIsAuthorizedWithTokenInputItem) SetContext(v *ContextDefinition) *BatchIsAuthorizedWithTokenInputItem
SetContext sets the Context field's value.
func (s *BatchIsAuthorizedWithTokenInputItem) SetResource(v *EntityIdentifier) *BatchIsAuthorizedWithTokenInputItem
SetResource sets the Resource field's value.
func (s BatchIsAuthorizedWithTokenInputItem) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *BatchIsAuthorizedWithTokenInputItem) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type BatchIsAuthorizedWithTokenOutput struct { // The identifier of the principal in the ID or access token. Principal *EntityIdentifier `locationName:"principal" type:"structure"` // A series of Allow or Deny decisions for each request, and the policies that // produced them. // // Results is a required field Results []*BatchIsAuthorizedWithTokenOutputItem `locationName:"results" type:"list" required:"true"` // contains filtered or unexported fields }
func (s BatchIsAuthorizedWithTokenOutput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *BatchIsAuthorizedWithTokenOutput) SetPrincipal(v *EntityIdentifier) *BatchIsAuthorizedWithTokenOutput
SetPrincipal sets the Principal field's value.
func (s *BatchIsAuthorizedWithTokenOutput) SetResults(v []*BatchIsAuthorizedWithTokenOutputItem) *BatchIsAuthorizedWithTokenOutput
SetResults sets the Results field's value.
func (s BatchIsAuthorizedWithTokenOutput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type BatchIsAuthorizedWithTokenOutputItem struct { // An authorization decision that indicates if the authorization request should // be allowed or denied. // // Decision is a required field Decision *string `locationName:"decision" type:"string" required:"true" enum:"Decision"` // The list of determining policies used to make the authorization decision. // For example, if there are two matching policies, where one is a forbid and // the other is a permit, then the forbid policy will be the determining policy. // In the case of multiple matching permit policies then there would be multiple // determining policies. In the case that no policies match, and hence the response // is DENY, there would be no determining policies. // // DeterminingPolicies is a required field DeterminingPolicies []*DeterminingPolicyItem `locationName:"determiningPolicies" type:"list" required:"true"` // Errors that occurred while making an authorization decision. For example, // a policy might reference an entity or attribute that doesn't exist in the // request. // // Errors is a required field Errors []*EvaluationErrorItem `locationName:"errors" type:"list" required:"true" sensitive:"true"` // The authorization request that initiated the decision. // // Request is a required field Request *BatchIsAuthorizedWithTokenInputItem `locationName:"request" type:"structure" required:"true"` // contains filtered or unexported fields }
The decision, based on policy evaluation, from an individual authorization request in a BatchIsAuthorizedWithToken API request.
func (s BatchIsAuthorizedWithTokenOutputItem) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *BatchIsAuthorizedWithTokenOutputItem) SetDecision(v string) *BatchIsAuthorizedWithTokenOutputItem
SetDecision sets the Decision field's value.
func (s *BatchIsAuthorizedWithTokenOutputItem) SetDeterminingPolicies(v []*DeterminingPolicyItem) *BatchIsAuthorizedWithTokenOutputItem
SetDeterminingPolicies sets the DeterminingPolicies field's value.
func (s *BatchIsAuthorizedWithTokenOutputItem) SetErrors(v []*EvaluationErrorItem) *BatchIsAuthorizedWithTokenOutputItem
SetErrors sets the Errors field's value.
func (s *BatchIsAuthorizedWithTokenOutputItem) SetRequest(v *BatchIsAuthorizedWithTokenInputItem) *BatchIsAuthorizedWithTokenOutputItem
SetRequest sets the Request field's value.
func (s BatchIsAuthorizedWithTokenOutputItem) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type CognitoGroupConfiguration struct { // The name of the schema entity type that's mapped to the user pool group. // Defaults to AWS::CognitoGroup. // // GroupEntityType is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by CognitoGroupConfiguration's // String and GoString methods. // // GroupEntityType is a required field GroupEntityType *string `locationName:"groupEntityType" min:"1" type:"string" required:"true" sensitive:"true"` // contains filtered or unexported fields }
The type of entity that a policy store maps to groups from an Amazon Cognito user pool identity source.
This data type is part of a CognitoUserPoolConfiguration (https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_CognitoUserPoolConfiguration.html) structure and is a request parameter in CreateIdentitySource (https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_CreateIdentitySource.html).
func (s CognitoGroupConfiguration) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *CognitoGroupConfiguration) SetGroupEntityType(v string) *CognitoGroupConfiguration
SetGroupEntityType sets the GroupEntityType field's value.
func (s CognitoGroupConfiguration) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *CognitoGroupConfiguration) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type CognitoGroupConfigurationDetail struct { // The name of the schema entity type that's mapped to the user pool group. // Defaults to AWS::CognitoGroup. // // GroupEntityType is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by CognitoGroupConfigurationDetail's // String and GoString methods. GroupEntityType *string `locationName:"groupEntityType" min:"1" type:"string" sensitive:"true"` // contains filtered or unexported fields }
The type of entity that a policy store maps to groups from an Amazon Cognito user pool identity source.
This data type is part of an CognitoUserPoolConfigurationDetail (https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_CognitoUserPoolConfigurationItem.html) structure and is a response parameter to GetIdentitySource (https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_GetIdentitySource.html).
func (s CognitoGroupConfigurationDetail) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *CognitoGroupConfigurationDetail) SetGroupEntityType(v string) *CognitoGroupConfigurationDetail
SetGroupEntityType sets the GroupEntityType field's value.
func (s CognitoGroupConfigurationDetail) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type CognitoGroupConfigurationItem struct { // The name of the schema entity type that's mapped to the user pool group. // Defaults to AWS::CognitoGroup. // // GroupEntityType is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by CognitoGroupConfigurationItem's // String and GoString methods. GroupEntityType *string `locationName:"groupEntityType" min:"1" type:"string" sensitive:"true"` // contains filtered or unexported fields }
The type of entity that a policy store maps to groups from an Amazon Cognito user pool identity source.
This data type is part of an CognitoUserPoolConfigurationItem (https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_CognitoUserPoolConfigurationDetail.html) structure and is a response parameter to ListIdentitySources (http://forums.aws.amazon.com/verifiedpermissions/latest/apireference/API_ListIdentitySources.html).
func (s CognitoGroupConfigurationItem) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *CognitoGroupConfigurationItem) SetGroupEntityType(v string) *CognitoGroupConfigurationItem
SetGroupEntityType sets the GroupEntityType field's value.
func (s CognitoGroupConfigurationItem) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type CognitoUserPoolConfiguration struct { // The unique application client IDs that are associated with the specified // Amazon Cognito user pool. // // Example: "ClientIds": ["&ExampleCogClientId;"] ClientIds []*string `locationName:"clientIds" type:"list" sensitive:"true"` // The type of entity that a policy store maps to groups from an Amazon Cognito // user pool identity source. GroupConfiguration *CognitoGroupConfiguration `locationName:"groupConfiguration" type:"structure"` // The Amazon Resource Name (ARN) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) // of the Amazon Cognito user pool that contains the identities to be authorized. // // Example: "UserPoolArn": "arn:aws:cognito-idp:us-east-1:123456789012:userpool/us-east-1_1a2b3c4d5" // // UserPoolArn is a required field UserPoolArn *string `locationName:"userPoolArn" min:"1" type:"string" required:"true"` // contains filtered or unexported fields }
The configuration for an identity source that represents a connection to an Amazon Cognito user pool used as an identity provider for Verified Permissions.
This data type part of a Configuration (https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_Configuration.html) structure that is used as a parameter to CreateIdentitySource (https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_CreateIdentitySource.html).
Example:"CognitoUserPoolConfiguration":{"UserPoolArn":"arn:aws:cognito-idp:us-east-1:123456789012:userpool/us-east-1_1a2b3c4d5","ClientIds": ["a1b2c3d4e5f6g7h8i9j0kalbmc"],"groupConfiguration": {"groupEntityType": "MyCorp::Group"}}
func (s CognitoUserPoolConfiguration) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *CognitoUserPoolConfiguration) SetClientIds(v []*string) *CognitoUserPoolConfiguration
SetClientIds sets the ClientIds field's value.
func (s *CognitoUserPoolConfiguration) SetGroupConfiguration(v *CognitoGroupConfiguration) *CognitoUserPoolConfiguration
SetGroupConfiguration sets the GroupConfiguration field's value.
func (s *CognitoUserPoolConfiguration) SetUserPoolArn(v string) *CognitoUserPoolConfiguration
SetUserPoolArn sets the UserPoolArn field's value.
func (s CognitoUserPoolConfiguration) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *CognitoUserPoolConfiguration) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type CognitoUserPoolConfigurationDetail struct { // The unique application client IDs that are associated with the specified // Amazon Cognito user pool. // // Example: "clientIds": ["&ExampleCogClientId;"] // // ClientIds is a required field ClientIds []*string `locationName:"clientIds" type:"list" required:"true" sensitive:"true"` // The type of entity that a policy store maps to groups from an Amazon Cognito // user pool identity source. GroupConfiguration *CognitoGroupConfigurationDetail `locationName:"groupConfiguration" type:"structure"` // The OpenID Connect (OIDC) issuer ID of the Amazon Cognito user pool that // contains the identities to be authorized. // // Example: "issuer": "https://cognito-idp.us-east-1.amazonaws.com/us-east-1_1a2b3c4d5" // // Issuer is a required field Issuer *string `locationName:"issuer" min:"1" type:"string" required:"true"` // The Amazon Resource Name (ARN) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) // of the Amazon Cognito user pool that contains the identities to be authorized. // // Example: "userPoolArn": "arn:aws:cognito-idp:us-east-1:123456789012:userpool/us-east-1_1a2b3c4d5" // // UserPoolArn is a required field UserPoolArn *string `locationName:"userPoolArn" min:"1" type:"string" required:"true"` // contains filtered or unexported fields }
The configuration for an identity source that represents a connection to an Amazon Cognito user pool used as an identity provider for Verified Permissions.
This data type is used as a field that is part of an ConfigurationDetail (https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_ConfigurationDetail.html) structure that is part of the response to GetIdentitySource (https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_GetIdentitySource.html).
Example:"CognitoUserPoolConfiguration":{"UserPoolArn":"arn:aws:cognito-idp:us-east-1:123456789012:userpool/us-east-1_1a2b3c4d5","ClientIds": ["a1b2c3d4e5f6g7h8i9j0kalbmc"],"groupConfiguration": {"groupEntityType": "MyCorp::Group"}}
func (s CognitoUserPoolConfigurationDetail) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *CognitoUserPoolConfigurationDetail) SetClientIds(v []*string) *CognitoUserPoolConfigurationDetail
SetClientIds sets the ClientIds field's value.
func (s *CognitoUserPoolConfigurationDetail) SetGroupConfiguration(v *CognitoGroupConfigurationDetail) *CognitoUserPoolConfigurationDetail
SetGroupConfiguration sets the GroupConfiguration field's value.
func (s *CognitoUserPoolConfigurationDetail) SetIssuer(v string) *CognitoUserPoolConfigurationDetail
SetIssuer sets the Issuer field's value.
func (s *CognitoUserPoolConfigurationDetail) SetUserPoolArn(v string) *CognitoUserPoolConfigurationDetail
SetUserPoolArn sets the UserPoolArn field's value.
func (s CognitoUserPoolConfigurationDetail) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type CognitoUserPoolConfigurationItem struct { // The unique application client IDs that are associated with the specified // Amazon Cognito user pool. // // Example: "clientIds": ["&ExampleCogClientId;"] // // ClientIds is a required field ClientIds []*string `locationName:"clientIds" type:"list" required:"true" sensitive:"true"` // The type of entity that a policy store maps to groups from an Amazon Cognito // user pool identity source. GroupConfiguration *CognitoGroupConfigurationItem `locationName:"groupConfiguration" type:"structure"` // The OpenID Connect (OIDC) issuer ID of the Amazon Cognito user pool that // contains the identities to be authorized. // // Example: "issuer": "https://cognito-idp.us-east-1.amazonaws.com/us-east-1_1a2b3c4d5" // // Issuer is a required field Issuer *string `locationName:"issuer" min:"1" type:"string" required:"true"` // The Amazon Resource Name (ARN) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) // of the Amazon Cognito user pool that contains the identities to be authorized. // // Example: "userPoolArn": "arn:aws:cognito-idp:us-east-1:123456789012:userpool/us-east-1_1a2b3c4d5" // // UserPoolArn is a required field UserPoolArn *string `locationName:"userPoolArn" min:"1" type:"string" required:"true"` // contains filtered or unexported fields }
The configuration for an identity source that represents a connection to an Amazon Cognito user pool used as an identity provider for Verified Permissions.
This data type is used as a field that is part of the ConfigurationItem (https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_ConfigurationItem.html) structure that is part of the response to ListIdentitySources (https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_ListIdentitySources.html).
Example:"CognitoUserPoolConfiguration":{"UserPoolArn":"arn:aws:cognito-idp:us-east-1:123456789012:userpool/us-east-1_1a2b3c4d5","ClientIds": ["a1b2c3d4e5f6g7h8i9j0kalbmc"],"groupConfiguration": {"groupEntityType": "MyCorp::Group"}}
func (s CognitoUserPoolConfigurationItem) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *CognitoUserPoolConfigurationItem) SetClientIds(v []*string) *CognitoUserPoolConfigurationItem
SetClientIds sets the ClientIds field's value.
func (s *CognitoUserPoolConfigurationItem) SetGroupConfiguration(v *CognitoGroupConfigurationItem) *CognitoUserPoolConfigurationItem
SetGroupConfiguration sets the GroupConfiguration field's value.
func (s *CognitoUserPoolConfigurationItem) SetIssuer(v string) *CognitoUserPoolConfigurationItem
SetIssuer sets the Issuer field's value.
func (s *CognitoUserPoolConfigurationItem) SetUserPoolArn(v string) *CognitoUserPoolConfigurationItem
SetUserPoolArn sets the UserPoolArn field's value.
func (s CognitoUserPoolConfigurationItem) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type Configuration struct { // Contains configuration details of a Amazon Cognito user pool that Verified // Permissions can use as a source of authenticated identities as entities. // It specifies the Amazon Resource Name (ARN) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) // of a Amazon Cognito user pool and one or more application client IDs. // // Example: "configuration":{"cognitoUserPoolConfiguration":{"userPoolArn":"arn:aws:cognito-idp:us-east-1:123456789012:userpool/us-east-1_1a2b3c4d5","clientIds": // ["a1b2c3d4e5f6g7h8i9j0kalbmc"],"groupConfiguration": {"groupEntityType": // "MyCorp::Group"}}} CognitoUserPoolConfiguration *CognitoUserPoolConfiguration `locationName:"cognitoUserPoolConfiguration" type:"structure"` // Contains configuration details of an OpenID Connect (OIDC) identity provider, // or identity source, that Verified Permissions can use to generate entities // from authenticated identities. It specifies the issuer URL, token type that // you want to use, and policy store entity details. // // Example:"configuration":{"openIdConnectConfiguration":{"issuer":"https://auth.example.com","tokenSelection":{"accessTokenOnly":{"audiences":["https://myapp.example.com","https://myapp2.example.com"],"principalIdClaim":"sub"}},"entityIdPrefix":"MyOIDCProvider","groupConfiguration":{"groupClaim":"groups","groupEntityType":"MyCorp::UserGroup"}}} OpenIdConnectConfiguration *OpenIdConnectConfiguration `locationName:"openIdConnectConfiguration" type:"structure"` // contains filtered or unexported fields }
Contains configuration information used when creating a new identity source.
This data type is used as a request parameter for the CreateIdentitySource (https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_CreateIdentitySource.html) operation.
func (s Configuration) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *Configuration) SetCognitoUserPoolConfiguration(v *CognitoUserPoolConfiguration) *Configuration
SetCognitoUserPoolConfiguration sets the CognitoUserPoolConfiguration field's value.
func (s *Configuration) SetOpenIdConnectConfiguration(v *OpenIdConnectConfiguration) *Configuration
SetOpenIdConnectConfiguration sets the OpenIdConnectConfiguration field's value.
func (s Configuration) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *Configuration) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type ConfigurationDetail struct { // Contains configuration details of a Amazon Cognito user pool that Verified // Permissions can use as a source of authenticated identities as entities. // It specifies the Amazon Resource Name (ARN) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) // of a Amazon Cognito user pool, the policy store entity that you want to assign // to user groups, and one or more application client IDs. // // Example: "configuration":{"cognitoUserPoolConfiguration":{"userPoolArn":"arn:aws:cognito-idp:us-east-1:123456789012:userpool/us-east-1_1a2b3c4d5","clientIds": // ["a1b2c3d4e5f6g7h8i9j0kalbmc"],"groupConfiguration": {"groupEntityType": // "MyCorp::Group"}}} CognitoUserPoolConfiguration *CognitoUserPoolConfigurationDetail `locationName:"cognitoUserPoolConfiguration" type:"structure"` // Contains configuration details of an OpenID Connect (OIDC) identity provider, // or identity source, that Verified Permissions can use to generate entities // from authenticated identities. It specifies the issuer URL, token type that // you want to use, and policy store entity details. // // Example:"configuration":{"openIdConnectConfiguration":{"issuer":"https://auth.example.com","tokenSelection":{"accessTokenOnly":{"audiences":["https://myapp.example.com","https://myapp2.example.com"],"principalIdClaim":"sub"}},"entityIdPrefix":"MyOIDCProvider","groupConfiguration":{"groupClaim":"groups","groupEntityType":"MyCorp::UserGroup"}}} OpenIdConnectConfiguration *OpenIdConnectConfigurationDetail `locationName:"openIdConnectConfiguration" type:"structure"` // contains filtered or unexported fields }
Contains configuration information about an identity source.
This data type is a response parameter to the GetIdentitySource (https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_GetIdentitySource.html) operation.
func (s ConfigurationDetail) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *ConfigurationDetail) SetCognitoUserPoolConfiguration(v *CognitoUserPoolConfigurationDetail) *ConfigurationDetail
SetCognitoUserPoolConfiguration sets the CognitoUserPoolConfiguration field's value.
func (s *ConfigurationDetail) SetOpenIdConnectConfiguration(v *OpenIdConnectConfigurationDetail) *ConfigurationDetail
SetOpenIdConnectConfiguration sets the OpenIdConnectConfiguration field's value.
func (s ConfigurationDetail) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type ConfigurationItem struct { // Contains configuration details of a Amazon Cognito user pool that Verified // Permissions can use as a source of authenticated identities as entities. // It specifies the Amazon Resource Name (ARN) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) // of a Amazon Cognito user pool, the policy store entity that you want to assign // to user groups, and one or more application client IDs. // // Example: "configuration":{"cognitoUserPoolConfiguration":{"userPoolArn":"arn:aws:cognito-idp:us-east-1:123456789012:userpool/us-east-1_1a2b3c4d5","clientIds": // ["a1b2c3d4e5f6g7h8i9j0kalbmc"],"groupConfiguration": {"groupEntityType": // "MyCorp::Group"}}} CognitoUserPoolConfiguration *CognitoUserPoolConfigurationItem `locationName:"cognitoUserPoolConfiguration" type:"structure"` // Contains configuration details of an OpenID Connect (OIDC) identity provider, // or identity source, that Verified Permissions can use to generate entities // from authenticated identities. It specifies the issuer URL, token type that // you want to use, and policy store entity details. // // Example:"configuration":{"openIdConnectConfiguration":{"issuer":"https://auth.example.com","tokenSelection":{"accessTokenOnly":{"audiences":["https://myapp.example.com","https://myapp2.example.com"],"principalIdClaim":"sub"}},"entityIdPrefix":"MyOIDCProvider","groupConfiguration":{"groupClaim":"groups","groupEntityType":"MyCorp::UserGroup"}}} OpenIdConnectConfiguration *OpenIdConnectConfigurationItem `locationName:"openIdConnectConfiguration" type:"structure"` // contains filtered or unexported fields }
Contains configuration information about an identity source.
This data type is a response parameter to the ListIdentitySources (https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_ListIdentitySources.html) operation.
func (s ConfigurationItem) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *ConfigurationItem) SetCognitoUserPoolConfiguration(v *CognitoUserPoolConfigurationItem) *ConfigurationItem
SetCognitoUserPoolConfiguration sets the CognitoUserPoolConfiguration field's value.
func (s *ConfigurationItem) SetOpenIdConnectConfiguration(v *OpenIdConnectConfigurationItem) *ConfigurationItem
SetOpenIdConnectConfiguration sets the OpenIdConnectConfiguration field's value.
func (s ConfigurationItem) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type ConflictException struct { RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` Message_ *string `locationName:"message" type:"string"` // The list of resources referenced with this failed request. // // Resources is a required field Resources []*ResourceConflict `locationName:"resources" type:"list" required:"true"` // contains filtered or unexported fields }
The request failed because another request to modify a resource occurred at the same.
func (s *ConflictException) Code() string
Code returns the exception type name.
func (s *ConflictException) Error() string
func (s ConflictException) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *ConflictException) Message() string
Message returns the exception's message.
func (s *ConflictException) OrigErr() error
OrigErr always returns nil, satisfies awserr.Error interface.
func (s *ConflictException) RequestID() string
RequestID returns the service's response RequestID for request.
func (s *ConflictException) StatusCode() int
Status code returns the HTTP status code for the request's response error.
func (s ConflictException) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type ContextDefinition struct { // An list of attributes that are needed to successfully evaluate an authorization // request. Each attribute in this array must include a map of a data type and // its value. // // Example: "contextMap":{"<KeyName1>":{"boolean":true},"<KeyName2>":{"long":1234}} // // ContextMap is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by ContextDefinition's // String and GoString methods. ContextMap map[string]*AttributeValue `locationName:"contextMap" type:"map" sensitive:"true"` // contains filtered or unexported fields }
Contains additional details about the context of the request. Verified Permissions evaluates this information in an authorization request as part of the when and unless clauses in a policy.
This data type is used as a request parameter for the IsAuthorized (https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_IsAuthorized.html), BatchIsAuthorized (https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_BatchIsAuthorized.html), and IsAuthorizedWithToken (https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_IsAuthorizedWithToken.html) operations.
Example: "context":{"contextMap":{"<KeyName1>":{"boolean":true},"<KeyName2>":{"long":1234}}}
func (s ContextDefinition) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *ContextDefinition) SetContextMap(v map[string]*AttributeValue) *ContextDefinition
SetContextMap sets the ContextMap field's value.
func (s ContextDefinition) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *ContextDefinition) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type CreateIdentitySourceInput struct { // Specifies a unique, case-sensitive ID that you provide to ensure the idempotency // of the request. This lets you safely retry the request without accidentally // performing the same operation a second time. Passing the same value to a // later call to an operation requires that you also pass the same value for // all other parameters. We recommend that you use a UUID type of value. (https://wikipedia.org/wiki/Universally_unique_identifier). // // If you don't provide this value, then Amazon Web Services generates a random // one for you. // // If you retry the operation with the same ClientToken, but with different // parameters, the retry fails with an ConflictException error. // // Verified Permissions recognizes a ClientToken for eight hours. After eight // hours, the next request with the same parameters performs the operation again // regardless of the value of ClientToken. ClientToken *string `locationName:"clientToken" min:"1" type:"string" idempotencyToken:"true"` // Specifies the details required to communicate with the identity provider // (IdP) associated with this identity source. // // Configuration is a required field Configuration *Configuration `locationName:"configuration" type:"structure" required:"true"` // Specifies the ID of the policy store in which you want to store this identity // source. Only policies and requests made using this policy store can reference // identities from the identity provider configured in the new identity source. // // PolicyStoreId is a required field PolicyStoreId *string `locationName:"policyStoreId" min:"1" type:"string" required:"true"` // Specifies the namespace and data type of the principals generated for identities // authenticated by the new identity source. // // PrincipalEntityType is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by CreateIdentitySourceInput's // String and GoString methods. PrincipalEntityType *string `locationName:"principalEntityType" min:"1" type:"string" sensitive:"true"` // contains filtered or unexported fields }
func (s CreateIdentitySourceInput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *CreateIdentitySourceInput) SetClientToken(v string) *CreateIdentitySourceInput
SetClientToken sets the ClientToken field's value.
func (s *CreateIdentitySourceInput) SetConfiguration(v *Configuration) *CreateIdentitySourceInput
SetConfiguration sets the Configuration field's value.
func (s *CreateIdentitySourceInput) SetPolicyStoreId(v string) *CreateIdentitySourceInput
SetPolicyStoreId sets the PolicyStoreId field's value.
func (s *CreateIdentitySourceInput) SetPrincipalEntityType(v string) *CreateIdentitySourceInput
SetPrincipalEntityType sets the PrincipalEntityType field's value.
func (s CreateIdentitySourceInput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *CreateIdentitySourceInput) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type CreateIdentitySourceOutput struct { // The date and time the identity source was originally created. // // CreatedDate is a required field CreatedDate *time.Time `locationName:"createdDate" type:"timestamp" timestampFormat:"iso8601" required:"true"` // The unique ID of the new identity source. // // IdentitySourceId is a required field IdentitySourceId *string `locationName:"identitySourceId" min:"1" type:"string" required:"true"` // The date and time the identity source was most recently updated. // // LastUpdatedDate is a required field LastUpdatedDate *time.Time `locationName:"lastUpdatedDate" type:"timestamp" timestampFormat:"iso8601" required:"true"` // The ID of the policy store that contains the identity source. // // PolicyStoreId is a required field PolicyStoreId *string `locationName:"policyStoreId" min:"1" type:"string" required:"true"` // contains filtered or unexported fields }
func (s CreateIdentitySourceOutput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *CreateIdentitySourceOutput) SetCreatedDate(v time.Time) *CreateIdentitySourceOutput
SetCreatedDate sets the CreatedDate field's value.
func (s *CreateIdentitySourceOutput) SetIdentitySourceId(v string) *CreateIdentitySourceOutput
SetIdentitySourceId sets the IdentitySourceId field's value.
func (s *CreateIdentitySourceOutput) SetLastUpdatedDate(v time.Time) *CreateIdentitySourceOutput
SetLastUpdatedDate sets the LastUpdatedDate field's value.
func (s *CreateIdentitySourceOutput) SetPolicyStoreId(v string) *CreateIdentitySourceOutput
SetPolicyStoreId sets the PolicyStoreId field's value.
func (s CreateIdentitySourceOutput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type CreatePolicyInput struct { // Specifies a unique, case-sensitive ID that you provide to ensure the idempotency // of the request. This lets you safely retry the request without accidentally // performing the same operation a second time. Passing the same value to a // later call to an operation requires that you also pass the same value for // all other parameters. We recommend that you use a UUID type of value. (https://wikipedia.org/wiki/Universally_unique_identifier). // // If you don't provide this value, then Amazon Web Services generates a random // one for you. // // If you retry the operation with the same ClientToken, but with different // parameters, the retry fails with an ConflictException error. // // Verified Permissions recognizes a ClientToken for eight hours. After eight // hours, the next request with the same parameters performs the operation again // regardless of the value of ClientToken. ClientToken *string `locationName:"clientToken" min:"1" type:"string" idempotencyToken:"true"` // A structure that specifies the policy type and content to use for the new // policy. You must include either a static or a templateLinked element. The // policy content must be written in the Cedar policy language. // // Definition is a required field Definition *PolicyDefinition `locationName:"definition" type:"structure" required:"true"` // Specifies the PolicyStoreId of the policy store you want to store the policy // in. // // PolicyStoreId is a required field PolicyStoreId *string `locationName:"policyStoreId" min:"1" type:"string" required:"true"` // contains filtered or unexported fields }
func (s CreatePolicyInput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *CreatePolicyInput) SetClientToken(v string) *CreatePolicyInput
SetClientToken sets the ClientToken field's value.
func (s *CreatePolicyInput) SetDefinition(v *PolicyDefinition) *CreatePolicyInput
SetDefinition sets the Definition field's value.
func (s *CreatePolicyInput) SetPolicyStoreId(v string) *CreatePolicyInput
SetPolicyStoreId sets the PolicyStoreId field's value.
func (s CreatePolicyInput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *CreatePolicyInput) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type CreatePolicyOutput struct { // The action that a policy permits or forbids. For example, {"actions": [{"actionId": // "ViewPhoto", "actionType": "PhotoFlash::Action"}, {"entityID": "SharePhoto", // "entityType": "PhotoFlash::Action"}]}. Actions []*ActionIdentifier `locationName:"actions" type:"list"` // The date and time the policy was originally created. // // CreatedDate is a required field CreatedDate *time.Time `locationName:"createdDate" type:"timestamp" timestampFormat:"iso8601" required:"true"` // The effect of the decision that a policy returns to an authorization request. // For example, "effect": "Permit". Effect *string `locationName:"effect" type:"string" enum:"PolicyEffect"` // The date and time the policy was last updated. // // LastUpdatedDate is a required field LastUpdatedDate *time.Time `locationName:"lastUpdatedDate" type:"timestamp" timestampFormat:"iso8601" required:"true"` // The unique ID of the new policy. // // PolicyId is a required field PolicyId *string `locationName:"policyId" min:"1" type:"string" required:"true"` // The ID of the policy store that contains the new policy. // // PolicyStoreId is a required field PolicyStoreId *string `locationName:"policyStoreId" min:"1" type:"string" required:"true"` // The policy type of the new policy. // // PolicyType is a required field PolicyType *string `locationName:"policyType" type:"string" required:"true" enum:"PolicyType"` // The principal specified in the new policy's scope. This response element // isn't present when principal isn't specified in the policy content. Principal *EntityIdentifier `locationName:"principal" type:"structure"` // The resource specified in the new policy's scope. This response element isn't // present when the resource isn't specified in the policy content. Resource *EntityIdentifier `locationName:"resource" type:"structure"` // contains filtered or unexported fields }
func (s CreatePolicyOutput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *CreatePolicyOutput) SetActions(v []*ActionIdentifier) *CreatePolicyOutput
SetActions sets the Actions field's value.
func (s *CreatePolicyOutput) SetCreatedDate(v time.Time) *CreatePolicyOutput
SetCreatedDate sets the CreatedDate field's value.
func (s *CreatePolicyOutput) SetEffect(v string) *CreatePolicyOutput
SetEffect sets the Effect field's value.
func (s *CreatePolicyOutput) SetLastUpdatedDate(v time.Time) *CreatePolicyOutput
SetLastUpdatedDate sets the LastUpdatedDate field's value.
func (s *CreatePolicyOutput) SetPolicyId(v string) *CreatePolicyOutput
SetPolicyId sets the PolicyId field's value.
func (s *CreatePolicyOutput) SetPolicyStoreId(v string) *CreatePolicyOutput
SetPolicyStoreId sets the PolicyStoreId field's value.
func (s *CreatePolicyOutput) SetPolicyType(v string) *CreatePolicyOutput
SetPolicyType sets the PolicyType field's value.
func (s *CreatePolicyOutput) SetPrincipal(v *EntityIdentifier) *CreatePolicyOutput
SetPrincipal sets the Principal field's value.
func (s *CreatePolicyOutput) SetResource(v *EntityIdentifier) *CreatePolicyOutput
SetResource sets the Resource field's value.
func (s CreatePolicyOutput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type CreatePolicyStoreInput struct { // Specifies a unique, case-sensitive ID that you provide to ensure the idempotency // of the request. This lets you safely retry the request without accidentally // performing the same operation a second time. Passing the same value to a // later call to an operation requires that you also pass the same value for // all other parameters. We recommend that you use a UUID type of value. (https://wikipedia.org/wiki/Universally_unique_identifier). // // If you don't provide this value, then Amazon Web Services generates a random // one for you. // // If you retry the operation with the same ClientToken, but with different // parameters, the retry fails with an ConflictException error. // // Verified Permissions recognizes a ClientToken for eight hours. After eight // hours, the next request with the same parameters performs the operation again // regardless of the value of ClientToken. ClientToken *string `locationName:"clientToken" min:"1" type:"string" idempotencyToken:"true"` // Descriptive text that you can provide to help with identification of the // current policy store. // // Description is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by CreatePolicyStoreInput's // String and GoString methods. Description *string `locationName:"description" type:"string" sensitive:"true"` // Specifies the validation setting for this policy store. // // Currently, the only valid and required value is Mode. // // We recommend that you turn on STRICT mode only after you define a schema. // If a schema doesn't exist, then STRICT mode causes any policy to fail validation, // and Verified Permissions rejects the policy. You can turn off validation // by using the UpdatePolicyStore (https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_UpdatePolicyStore). // Then, when you have a schema defined, use UpdatePolicyStore (https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_UpdatePolicyStore) // again to turn validation back on. // // ValidationSettings is a required field ValidationSettings *ValidationSettings `locationName:"validationSettings" type:"structure" required:"true"` // contains filtered or unexported fields }
func (s CreatePolicyStoreInput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *CreatePolicyStoreInput) SetClientToken(v string) *CreatePolicyStoreInput
SetClientToken sets the ClientToken field's value.
func (s *CreatePolicyStoreInput) SetDescription(v string) *CreatePolicyStoreInput
SetDescription sets the Description field's value.
func (s *CreatePolicyStoreInput) SetValidationSettings(v *ValidationSettings) *CreatePolicyStoreInput
SetValidationSettings sets the ValidationSettings field's value.
func (s CreatePolicyStoreInput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *CreatePolicyStoreInput) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type CreatePolicyStoreOutput struct { // The Amazon Resource Name (ARN) of the new policy store. // // Arn is a required field Arn *string `locationName:"arn" min:"1" type:"string" required:"true"` // The date and time the policy store was originally created. // // CreatedDate is a required field CreatedDate *time.Time `locationName:"createdDate" type:"timestamp" timestampFormat:"iso8601" required:"true"` // The date and time the policy store was last updated. // // LastUpdatedDate is a required field LastUpdatedDate *time.Time `locationName:"lastUpdatedDate" type:"timestamp" timestampFormat:"iso8601" required:"true"` // The unique ID of the new policy store. // // PolicyStoreId is a required field PolicyStoreId *string `locationName:"policyStoreId" min:"1" type:"string" required:"true"` // contains filtered or unexported fields }
func (s CreatePolicyStoreOutput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *CreatePolicyStoreOutput) SetArn(v string) *CreatePolicyStoreOutput
SetArn sets the Arn field's value.
func (s *CreatePolicyStoreOutput) SetCreatedDate(v time.Time) *CreatePolicyStoreOutput
SetCreatedDate sets the CreatedDate field's value.
func (s *CreatePolicyStoreOutput) SetLastUpdatedDate(v time.Time) *CreatePolicyStoreOutput
SetLastUpdatedDate sets the LastUpdatedDate field's value.
func (s *CreatePolicyStoreOutput) SetPolicyStoreId(v string) *CreatePolicyStoreOutput
SetPolicyStoreId sets the PolicyStoreId field's value.
func (s CreatePolicyStoreOutput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type CreatePolicyTemplateInput struct { // Specifies a unique, case-sensitive ID that you provide to ensure the idempotency // of the request. This lets you safely retry the request without accidentally // performing the same operation a second time. Passing the same value to a // later call to an operation requires that you also pass the same value for // all other parameters. We recommend that you use a UUID type of value. (https://wikipedia.org/wiki/Universally_unique_identifier). // // If you don't provide this value, then Amazon Web Services generates a random // one for you. // // If you retry the operation with the same ClientToken, but with different // parameters, the retry fails with an ConflictException error. // // Verified Permissions recognizes a ClientToken for eight hours. After eight // hours, the next request with the same parameters performs the operation again // regardless of the value of ClientToken. ClientToken *string `locationName:"clientToken" min:"1" type:"string" idempotencyToken:"true"` // Specifies a description for the policy template. // // Description is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by CreatePolicyTemplateInput's // String and GoString methods. Description *string `locationName:"description" type:"string" sensitive:"true"` // The ID of the policy store in which to create the policy template. // // PolicyStoreId is a required field PolicyStoreId *string `locationName:"policyStoreId" min:"1" type:"string" required:"true"` // Specifies the content that you want to use for the new policy template, written // in the Cedar policy language. // // Statement is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by CreatePolicyTemplateInput's // String and GoString methods. // // Statement is a required field Statement *string `locationName:"statement" min:"1" type:"string" required:"true" sensitive:"true"` // contains filtered or unexported fields }
func (s CreatePolicyTemplateInput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *CreatePolicyTemplateInput) SetClientToken(v string) *CreatePolicyTemplateInput
SetClientToken sets the ClientToken field's value.
func (s *CreatePolicyTemplateInput) SetDescription(v string) *CreatePolicyTemplateInput
SetDescription sets the Description field's value.
func (s *CreatePolicyTemplateInput) SetPolicyStoreId(v string) *CreatePolicyTemplateInput
SetPolicyStoreId sets the PolicyStoreId field's value.
func (s *CreatePolicyTemplateInput) SetStatement(v string) *CreatePolicyTemplateInput
SetStatement sets the Statement field's value.
func (s CreatePolicyTemplateInput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *CreatePolicyTemplateInput) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type CreatePolicyTemplateOutput struct { // The date and time the policy template was originally created. // // CreatedDate is a required field CreatedDate *time.Time `locationName:"createdDate" type:"timestamp" timestampFormat:"iso8601" required:"true"` // The date and time the policy template was most recently updated. // // LastUpdatedDate is a required field LastUpdatedDate *time.Time `locationName:"lastUpdatedDate" type:"timestamp" timestampFormat:"iso8601" required:"true"` // The ID of the policy store that contains the policy template. // // PolicyStoreId is a required field PolicyStoreId *string `locationName:"policyStoreId" min:"1" type:"string" required:"true"` // The unique ID of the new policy template. // // PolicyTemplateId is a required field PolicyTemplateId *string `locationName:"policyTemplateId" min:"1" type:"string" required:"true"` // contains filtered or unexported fields }
func (s CreatePolicyTemplateOutput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *CreatePolicyTemplateOutput) SetCreatedDate(v time.Time) *CreatePolicyTemplateOutput
SetCreatedDate sets the CreatedDate field's value.
func (s *CreatePolicyTemplateOutput) SetLastUpdatedDate(v time.Time) *CreatePolicyTemplateOutput
SetLastUpdatedDate sets the LastUpdatedDate field's value.
func (s *CreatePolicyTemplateOutput) SetPolicyStoreId(v string) *CreatePolicyTemplateOutput
SetPolicyStoreId sets the PolicyStoreId field's value.
func (s *CreatePolicyTemplateOutput) SetPolicyTemplateId(v string) *CreatePolicyTemplateOutput
SetPolicyTemplateId sets the PolicyTemplateId field's value.
func (s CreatePolicyTemplateOutput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type DeleteIdentitySourceInput struct { // Specifies the ID of the identity source that you want to delete. // // IdentitySourceId is a required field IdentitySourceId *string `locationName:"identitySourceId" min:"1" type:"string" required:"true"` // Specifies the ID of the policy store that contains the identity source that // you want to delete. // // PolicyStoreId is a required field PolicyStoreId *string `locationName:"policyStoreId" min:"1" type:"string" required:"true"` // contains filtered or unexported fields }
func (s DeleteIdentitySourceInput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *DeleteIdentitySourceInput) SetIdentitySourceId(v string) *DeleteIdentitySourceInput
SetIdentitySourceId sets the IdentitySourceId field's value.
func (s *DeleteIdentitySourceInput) SetPolicyStoreId(v string) *DeleteIdentitySourceInput
SetPolicyStoreId sets the PolicyStoreId field's value.
func (s DeleteIdentitySourceInput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *DeleteIdentitySourceInput) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type DeleteIdentitySourceOutput struct {
// contains filtered or unexported fields
}
func (s DeleteIdentitySourceOutput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s DeleteIdentitySourceOutput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type DeletePolicyInput struct { // Specifies the ID of the policy that you want to delete. // // PolicyId is a required field PolicyId *string `locationName:"policyId" min:"1" type:"string" required:"true"` // Specifies the ID of the policy store that contains the policy that you want // to delete. // // PolicyStoreId is a required field PolicyStoreId *string `locationName:"policyStoreId" min:"1" type:"string" required:"true"` // contains filtered or unexported fields }
func (s DeletePolicyInput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *DeletePolicyInput) SetPolicyId(v string) *DeletePolicyInput
SetPolicyId sets the PolicyId field's value.
func (s *DeletePolicyInput) SetPolicyStoreId(v string) *DeletePolicyInput
SetPolicyStoreId sets the PolicyStoreId field's value.
func (s DeletePolicyInput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *DeletePolicyInput) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type DeletePolicyOutput struct {
// contains filtered or unexported fields
}
func (s DeletePolicyOutput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s DeletePolicyOutput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type DeletePolicyStoreInput struct { // Specifies the ID of the policy store that you want to delete. // // PolicyStoreId is a required field PolicyStoreId *string `locationName:"policyStoreId" min:"1" type:"string" required:"true"` // contains filtered or unexported fields }
func (s DeletePolicyStoreInput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *DeletePolicyStoreInput) SetPolicyStoreId(v string) *DeletePolicyStoreInput
SetPolicyStoreId sets the PolicyStoreId field's value.
func (s DeletePolicyStoreInput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *DeletePolicyStoreInput) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type DeletePolicyStoreOutput struct {
// contains filtered or unexported fields
}
func (s DeletePolicyStoreOutput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s DeletePolicyStoreOutput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type DeletePolicyTemplateInput struct { // Specifies the ID of the policy store that contains the policy template that // you want to delete. // // PolicyStoreId is a required field PolicyStoreId *string `locationName:"policyStoreId" min:"1" type:"string" required:"true"` // Specifies the ID of the policy template that you want to delete. // // PolicyTemplateId is a required field PolicyTemplateId *string `locationName:"policyTemplateId" min:"1" type:"string" required:"true"` // contains filtered or unexported fields }
func (s DeletePolicyTemplateInput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *DeletePolicyTemplateInput) SetPolicyStoreId(v string) *DeletePolicyTemplateInput
SetPolicyStoreId sets the PolicyStoreId field's value.
func (s *DeletePolicyTemplateInput) SetPolicyTemplateId(v string) *DeletePolicyTemplateInput
SetPolicyTemplateId sets the PolicyTemplateId field's value.
func (s DeletePolicyTemplateInput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *DeletePolicyTemplateInput) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type DeletePolicyTemplateOutput struct {
// contains filtered or unexported fields
}
func (s DeletePolicyTemplateOutput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s DeletePolicyTemplateOutput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type DeterminingPolicyItem struct { // The Id of a policy that determined to an authorization decision. // // Example: "policyId":"SPEXAMPLEabcdefg111111" // // PolicyId is a required field PolicyId *string `locationName:"policyId" min:"1" type:"string" required:"true"` // contains filtered or unexported fields }
Contains information about one of the policies that determined an authorization decision.
This data type is used as an element in a response parameter for the IsAuthorized (https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_IsAuthorized.html), BatchIsAuthorized (https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_BatchIsAuthorized.html), and IsAuthorizedWithToken (https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_IsAuthorizedWithToken.html) operations.
Example: "determiningPolicies":[{"policyId":"SPEXAMPLEabcdefg111111"}]
func (s DeterminingPolicyItem) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *DeterminingPolicyItem) SetPolicyId(v string) *DeterminingPolicyItem
SetPolicyId sets the PolicyId field's value.
func (s DeterminingPolicyItem) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type EntitiesDefinition struct { // An array of entities that are needed to successfully evaluate an authorization // request. Each entity in this array must include an identifier for the entity, // the attributes of the entity, and a list of any parent entities. EntityList []*EntityItem `locationName:"entityList" type:"list"` // contains filtered or unexported fields }
Contains the list of entities to be considered during an authorization request. This includes all principals, resources, and actions required to successfully evaluate the request.
This data type is used as a field in the response parameter for the IsAuthorized (https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_IsAuthorized.html) and IsAuthorizedWithToken (https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_IsAuthorizedWithToken.html) operations.
func (s EntitiesDefinition) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *EntitiesDefinition) SetEntityList(v []*EntityItem) *EntitiesDefinition
SetEntityList sets the EntityList field's value.
func (s EntitiesDefinition) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *EntitiesDefinition) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type EntityIdentifier struct { // The identifier of an entity. // // "entityId":"identifier" // // EntityId is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by EntityIdentifier's // String and GoString methods. // // EntityId is a required field EntityId *string `locationName:"entityId" min:"1" type:"string" required:"true" sensitive:"true"` // The type of an entity. // // Example: "entityType":"typeName" // // EntityType is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by EntityIdentifier's // String and GoString methods. // // EntityType is a required field EntityType *string `locationName:"entityType" min:"1" type:"string" required:"true" sensitive:"true"` // contains filtered or unexported fields }
Contains the identifier of an entity, including its ID and type.
This data type is used as a request parameter for IsAuthorized (https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_IsAuthorized.html) operation, and as a response parameter for the CreatePolicy (https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_CreatePolicy.html), GetPolicy (https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_GetPolicy.html), and UpdatePolicy (https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_UpdatePolicy.html) operations.
Example: {"entityId":"string","entityType":"string"}
func (s EntityIdentifier) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *EntityIdentifier) SetEntityId(v string) *EntityIdentifier
SetEntityId sets the EntityId field's value.
func (s *EntityIdentifier) SetEntityType(v string) *EntityIdentifier
SetEntityType sets the EntityType field's value.
func (s EntityIdentifier) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *EntityIdentifier) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type EntityItem struct { // A list of attributes for the entity. Attributes map[string]*AttributeValue `locationName:"attributes" type:"map"` // The identifier of the entity. // // Identifier is a required field Identifier *EntityIdentifier `locationName:"identifier" type:"structure" required:"true"` // The parent entities in the hierarchy that contains the entity. A principal // or resource entity can be defined with at most 99 transitive parents per // authorization request. // // A transitive parent is an entity in the hierarchy of entities including all // direct parents, and parents of parents. For example, a user can be a member // of 91 groups if one of those groups is a member of eight groups, for a total // of 100: one entity, 91 entity parents, and eight parents of parents. Parents []*EntityIdentifier `locationName:"parents" type:"list"` // contains filtered or unexported fields }
Contains information about an entity that can be referenced in a Cedar policy.
This data type is used as one of the fields in the EntitiesDefinition (https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_EntitiesDefinition.html) structure.
{ "identifier": { "entityType": "Photo", "entityId": "VacationPhoto94.jpg" }, "attributes": {}, "parents": [ { "entityType": "Album", "entityId": "alice_folder" } ] }
func (s EntityItem) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *EntityItem) SetAttributes(v map[string]*AttributeValue) *EntityItem
SetAttributes sets the Attributes field's value.
func (s *EntityItem) SetIdentifier(v *EntityIdentifier) *EntityItem
SetIdentifier sets the Identifier field's value.
func (s *EntityItem) SetParents(v []*EntityIdentifier) *EntityItem
SetParents sets the Parents field's value.
func (s EntityItem) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *EntityItem) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type EntityReference struct { // The identifier of the entity. It can consist of either an EntityType and // EntityId, a principal, or a resource. Identifier *EntityIdentifier `locationName:"identifier" type:"structure"` // Used to indicate that a principal or resource is not specified. This can // be used to search for policies that are not associated with a specific principal // or resource. Unspecified *bool `locationName:"unspecified" type:"boolean"` // contains filtered or unexported fields }
Contains information about a principal or resource that can be referenced in a Cedar policy.
This data type is used as part of the PolicyFilter (https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_PolicyFilter.html) structure that is used as a request parameter for the ListPolicies (https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_ListPolicies.html) operation..
func (s EntityReference) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *EntityReference) SetIdentifier(v *EntityIdentifier) *EntityReference
SetIdentifier sets the Identifier field's value.
func (s *EntityReference) SetUnspecified(v bool) *EntityReference
SetUnspecified sets the Unspecified field's value.
func (s EntityReference) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *EntityReference) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type EvaluationErrorItem struct { // The error description. // // ErrorDescription is a required field ErrorDescription *string `locationName:"errorDescription" type:"string" required:"true"` // contains filtered or unexported fields }
Contains a description of an evaluation error.
This data type is a response parameter of the IsAuthorized (https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_IsAuthorized.html), BatchIsAuthorized (https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_BatchIsAuthorized.html), and IsAuthorizedWithToken (https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_IsAuthorizedWithToken.html) operations.
func (s EvaluationErrorItem) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *EvaluationErrorItem) SetErrorDescription(v string) *EvaluationErrorItem
SetErrorDescription sets the ErrorDescription field's value.
func (s EvaluationErrorItem) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type GetIdentitySourceInput struct { // Specifies the ID of the identity source you want information about. // // IdentitySourceId is a required field IdentitySourceId *string `locationName:"identitySourceId" min:"1" type:"string" required:"true"` // Specifies the ID of the policy store that contains the identity source you // want information about. // // PolicyStoreId is a required field PolicyStoreId *string `locationName:"policyStoreId" min:"1" type:"string" required:"true"` // contains filtered or unexported fields }
func (s GetIdentitySourceInput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *GetIdentitySourceInput) SetIdentitySourceId(v string) *GetIdentitySourceInput
SetIdentitySourceId sets the IdentitySourceId field's value.
func (s *GetIdentitySourceInput) SetPolicyStoreId(v string) *GetIdentitySourceInput
SetPolicyStoreId sets the PolicyStoreId field's value.
func (s GetIdentitySourceInput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *GetIdentitySourceInput) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type GetIdentitySourceOutput struct { // Contains configuration information about an identity source. Configuration *ConfigurationDetail `locationName:"configuration" type:"structure"` // The date and time that the identity source was originally created. // // CreatedDate is a required field CreatedDate *time.Time `locationName:"createdDate" type:"timestamp" timestampFormat:"iso8601" required:"true"` // A structure that describes the configuration of the identity source. // // Deprecated: This attribute has been replaced by configuration.cognitoUserPoolConfiguration Details *IdentitySourceDetails `locationName:"details" deprecated:"true" type:"structure"` // The ID of the identity source. // // IdentitySourceId is a required field IdentitySourceId *string `locationName:"identitySourceId" min:"1" type:"string" required:"true"` // The date and time that the identity source was most recently updated. // // LastUpdatedDate is a required field LastUpdatedDate *time.Time `locationName:"lastUpdatedDate" type:"timestamp" timestampFormat:"iso8601" required:"true"` // The ID of the policy store that contains the identity source. // // PolicyStoreId is a required field PolicyStoreId *string `locationName:"policyStoreId" min:"1" type:"string" required:"true"` // The data type of principals generated for identities authenticated by this // identity source. // // PrincipalEntityType is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by GetIdentitySourceOutput's // String and GoString methods. // // PrincipalEntityType is a required field PrincipalEntityType *string `locationName:"principalEntityType" min:"1" type:"string" required:"true" sensitive:"true"` // contains filtered or unexported fields }
func (s GetIdentitySourceOutput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *GetIdentitySourceOutput) SetConfiguration(v *ConfigurationDetail) *GetIdentitySourceOutput
SetConfiguration sets the Configuration field's value.
func (s *GetIdentitySourceOutput) SetCreatedDate(v time.Time) *GetIdentitySourceOutput
SetCreatedDate sets the CreatedDate field's value.
func (s *GetIdentitySourceOutput) SetDetails(v *IdentitySourceDetails) *GetIdentitySourceOutput
SetDetails sets the Details field's value.
func (s *GetIdentitySourceOutput) SetIdentitySourceId(v string) *GetIdentitySourceOutput
SetIdentitySourceId sets the IdentitySourceId field's value.
func (s *GetIdentitySourceOutput) SetLastUpdatedDate(v time.Time) *GetIdentitySourceOutput
SetLastUpdatedDate sets the LastUpdatedDate field's value.
func (s *GetIdentitySourceOutput) SetPolicyStoreId(v string) *GetIdentitySourceOutput
SetPolicyStoreId sets the PolicyStoreId field's value.
func (s *GetIdentitySourceOutput) SetPrincipalEntityType(v string) *GetIdentitySourceOutput
SetPrincipalEntityType sets the PrincipalEntityType field's value.
func (s GetIdentitySourceOutput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type GetPolicyInput struct { // Specifies the ID of the policy you want information about. // // PolicyId is a required field PolicyId *string `locationName:"policyId" min:"1" type:"string" required:"true"` // Specifies the ID of the policy store that contains the policy that you want // information about. // // PolicyStoreId is a required field PolicyStoreId *string `locationName:"policyStoreId" min:"1" type:"string" required:"true"` // contains filtered or unexported fields }
func (s GetPolicyInput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *GetPolicyInput) SetPolicyId(v string) *GetPolicyInput
SetPolicyId sets the PolicyId field's value.
func (s *GetPolicyInput) SetPolicyStoreId(v string) *GetPolicyInput
SetPolicyStoreId sets the PolicyStoreId field's value.
func (s GetPolicyInput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *GetPolicyInput) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type GetPolicyOutput struct { // The action that a policy permits or forbids. For example, {"actions": [{"actionId": // "ViewPhoto", "actionType": "PhotoFlash::Action"}, {"entityID": "SharePhoto", // "entityType": "PhotoFlash::Action"}]}. Actions []*ActionIdentifier `locationName:"actions" type:"list"` // The date and time that the policy was originally created. // // CreatedDate is a required field CreatedDate *time.Time `locationName:"createdDate" type:"timestamp" timestampFormat:"iso8601" required:"true"` // The definition of the requested policy. // // Definition is a required field Definition *PolicyDefinitionDetail `locationName:"definition" type:"structure" required:"true"` // The effect of the decision that a policy returns to an authorization request. // For example, "effect": "Permit". Effect *string `locationName:"effect" type:"string" enum:"PolicyEffect"` // The date and time that the policy was last updated. // // LastUpdatedDate is a required field LastUpdatedDate *time.Time `locationName:"lastUpdatedDate" type:"timestamp" timestampFormat:"iso8601" required:"true"` // The unique ID of the policy that you want information about. // // PolicyId is a required field PolicyId *string `locationName:"policyId" min:"1" type:"string" required:"true"` // The ID of the policy store that contains the policy that you want information // about. // // PolicyStoreId is a required field PolicyStoreId *string `locationName:"policyStoreId" min:"1" type:"string" required:"true"` // The type of the policy. // // PolicyType is a required field PolicyType *string `locationName:"policyType" type:"string" required:"true" enum:"PolicyType"` // The principal specified in the policy's scope. This element isn't included // in the response when Principal isn't present in the policy content. Principal *EntityIdentifier `locationName:"principal" type:"structure"` // The resource specified in the policy's scope. This element isn't included // in the response when Resource isn't present in the policy content. Resource *EntityIdentifier `locationName:"resource" type:"structure"` // contains filtered or unexported fields }
func (s GetPolicyOutput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *GetPolicyOutput) SetActions(v []*ActionIdentifier) *GetPolicyOutput
SetActions sets the Actions field's value.
func (s *GetPolicyOutput) SetCreatedDate(v time.Time) *GetPolicyOutput
SetCreatedDate sets the CreatedDate field's value.
func (s *GetPolicyOutput) SetDefinition(v *PolicyDefinitionDetail) *GetPolicyOutput
SetDefinition sets the Definition field's value.
func (s *GetPolicyOutput) SetEffect(v string) *GetPolicyOutput
SetEffect sets the Effect field's value.
func (s *GetPolicyOutput) SetLastUpdatedDate(v time.Time) *GetPolicyOutput
SetLastUpdatedDate sets the LastUpdatedDate field's value.
func (s *GetPolicyOutput) SetPolicyId(v string) *GetPolicyOutput
SetPolicyId sets the PolicyId field's value.
func (s *GetPolicyOutput) SetPolicyStoreId(v string) *GetPolicyOutput
SetPolicyStoreId sets the PolicyStoreId field's value.
func (s *GetPolicyOutput) SetPolicyType(v string) *GetPolicyOutput
SetPolicyType sets the PolicyType field's value.
func (s *GetPolicyOutput) SetPrincipal(v *EntityIdentifier) *GetPolicyOutput
SetPrincipal sets the Principal field's value.
func (s *GetPolicyOutput) SetResource(v *EntityIdentifier) *GetPolicyOutput
SetResource sets the Resource field's value.
func (s GetPolicyOutput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type GetPolicyStoreInput struct { // Specifies the ID of the policy store that you want information about. // // PolicyStoreId is a required field PolicyStoreId *string `locationName:"policyStoreId" min:"1" type:"string" required:"true"` // contains filtered or unexported fields }
func (s GetPolicyStoreInput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *GetPolicyStoreInput) SetPolicyStoreId(v string) *GetPolicyStoreInput
SetPolicyStoreId sets the PolicyStoreId field's value.
func (s GetPolicyStoreInput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *GetPolicyStoreInput) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type GetPolicyStoreOutput struct { // The Amazon Resource Name (ARN) of the policy store. // // Arn is a required field Arn *string `locationName:"arn" min:"1" type:"string" required:"true"` // The date and time that the policy store was originally created. // // CreatedDate is a required field CreatedDate *time.Time `locationName:"createdDate" type:"timestamp" timestampFormat:"iso8601" required:"true"` // Descriptive text that you can provide to help with identification of the // current policy store. // // Description is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by GetPolicyStoreOutput's // String and GoString methods. Description *string `locationName:"description" type:"string" sensitive:"true"` // The date and time that the policy store was last updated. // // LastUpdatedDate is a required field LastUpdatedDate *time.Time `locationName:"lastUpdatedDate" type:"timestamp" timestampFormat:"iso8601" required:"true"` // The ID of the policy store; // // PolicyStoreId is a required field PolicyStoreId *string `locationName:"policyStoreId" min:"1" type:"string" required:"true"` // The current validation settings for the policy store. // // ValidationSettings is a required field ValidationSettings *ValidationSettings `locationName:"validationSettings" type:"structure" required:"true"` // contains filtered or unexported fields }
func (s GetPolicyStoreOutput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *GetPolicyStoreOutput) SetArn(v string) *GetPolicyStoreOutput
SetArn sets the Arn field's value.
func (s *GetPolicyStoreOutput) SetCreatedDate(v time.Time) *GetPolicyStoreOutput
SetCreatedDate sets the CreatedDate field's value.
func (s *GetPolicyStoreOutput) SetDescription(v string) *GetPolicyStoreOutput
SetDescription sets the Description field's value.
func (s *GetPolicyStoreOutput) SetLastUpdatedDate(v time.Time) *GetPolicyStoreOutput
SetLastUpdatedDate sets the LastUpdatedDate field's value.
func (s *GetPolicyStoreOutput) SetPolicyStoreId(v string) *GetPolicyStoreOutput
SetPolicyStoreId sets the PolicyStoreId field's value.
func (s *GetPolicyStoreOutput) SetValidationSettings(v *ValidationSettings) *GetPolicyStoreOutput
SetValidationSettings sets the ValidationSettings field's value.
func (s GetPolicyStoreOutput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type GetPolicyTemplateInput struct { // Specifies the ID of the policy store that contains the policy template that // you want information about. // // PolicyStoreId is a required field PolicyStoreId *string `locationName:"policyStoreId" min:"1" type:"string" required:"true"` // Specifies the ID of the policy template that you want information about. // // PolicyTemplateId is a required field PolicyTemplateId *string `locationName:"policyTemplateId" min:"1" type:"string" required:"true"` // contains filtered or unexported fields }
func (s GetPolicyTemplateInput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *GetPolicyTemplateInput) SetPolicyStoreId(v string) *GetPolicyTemplateInput
SetPolicyStoreId sets the PolicyStoreId field's value.
func (s *GetPolicyTemplateInput) SetPolicyTemplateId(v string) *GetPolicyTemplateInput
SetPolicyTemplateId sets the PolicyTemplateId field's value.
func (s GetPolicyTemplateInput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *GetPolicyTemplateInput) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type GetPolicyTemplateOutput struct { // The date and time that the policy template was originally created. // // CreatedDate is a required field CreatedDate *time.Time `locationName:"createdDate" type:"timestamp" timestampFormat:"iso8601" required:"true"` // The description of the policy template. // // Description is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by GetPolicyTemplateOutput's // String and GoString methods. Description *string `locationName:"description" type:"string" sensitive:"true"` // The date and time that the policy template was most recently updated. // // LastUpdatedDate is a required field LastUpdatedDate *time.Time `locationName:"lastUpdatedDate" type:"timestamp" timestampFormat:"iso8601" required:"true"` // The ID of the policy store that contains the policy template. // // PolicyStoreId is a required field PolicyStoreId *string `locationName:"policyStoreId" min:"1" type:"string" required:"true"` // The ID of the policy template. // // PolicyTemplateId is a required field PolicyTemplateId *string `locationName:"policyTemplateId" min:"1" type:"string" required:"true"` // The content of the body of the policy template written in the Cedar policy // language. // // Statement is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by GetPolicyTemplateOutput's // String and GoString methods. // // Statement is a required field Statement *string `locationName:"statement" min:"1" type:"string" required:"true" sensitive:"true"` // contains filtered or unexported fields }
func (s GetPolicyTemplateOutput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *GetPolicyTemplateOutput) SetCreatedDate(v time.Time) *GetPolicyTemplateOutput
SetCreatedDate sets the CreatedDate field's value.
func (s *GetPolicyTemplateOutput) SetDescription(v string) *GetPolicyTemplateOutput
SetDescription sets the Description field's value.
func (s *GetPolicyTemplateOutput) SetLastUpdatedDate(v time.Time) *GetPolicyTemplateOutput
SetLastUpdatedDate sets the LastUpdatedDate field's value.
func (s *GetPolicyTemplateOutput) SetPolicyStoreId(v string) *GetPolicyTemplateOutput
SetPolicyStoreId sets the PolicyStoreId field's value.
func (s *GetPolicyTemplateOutput) SetPolicyTemplateId(v string) *GetPolicyTemplateOutput
SetPolicyTemplateId sets the PolicyTemplateId field's value.
func (s *GetPolicyTemplateOutput) SetStatement(v string) *GetPolicyTemplateOutput
SetStatement sets the Statement field's value.
func (s GetPolicyTemplateOutput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type GetSchemaInput struct { // Specifies the ID of the policy store that contains the schema. // // PolicyStoreId is a required field PolicyStoreId *string `locationName:"policyStoreId" min:"1" type:"string" required:"true"` // contains filtered or unexported fields }
func (s GetSchemaInput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *GetSchemaInput) SetPolicyStoreId(v string) *GetSchemaInput
SetPolicyStoreId sets the PolicyStoreId field's value.
func (s GetSchemaInput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *GetSchemaInput) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type GetSchemaOutput struct { // The date and time that the schema was originally created. // // CreatedDate is a required field CreatedDate *time.Time `locationName:"createdDate" type:"timestamp" timestampFormat:"iso8601" required:"true"` // The date and time that the schema was most recently updated. // // LastUpdatedDate is a required field LastUpdatedDate *time.Time `locationName:"lastUpdatedDate" type:"timestamp" timestampFormat:"iso8601" required:"true"` // The namespaces of the entities referenced by this schema. Namespaces []*string `locationName:"namespaces" type:"list" sensitive:"true"` // The ID of the policy store that contains the schema. // // PolicyStoreId is a required field PolicyStoreId *string `locationName:"policyStoreId" min:"1" type:"string" required:"true"` // The body of the schema, written in Cedar schema JSON. // // Schema is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by GetSchemaOutput's // String and GoString methods. // // Schema is a required field Schema *string `locationName:"schema" min:"1" type:"string" required:"true" sensitive:"true"` // contains filtered or unexported fields }
func (s GetSchemaOutput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *GetSchemaOutput) SetCreatedDate(v time.Time) *GetSchemaOutput
SetCreatedDate sets the CreatedDate field's value.
func (s *GetSchemaOutput) SetLastUpdatedDate(v time.Time) *GetSchemaOutput
SetLastUpdatedDate sets the LastUpdatedDate field's value.
func (s *GetSchemaOutput) SetNamespaces(v []*string) *GetSchemaOutput
SetNamespaces sets the Namespaces field's value.
func (s *GetSchemaOutput) SetPolicyStoreId(v string) *GetSchemaOutput
SetPolicyStoreId sets the PolicyStoreId field's value.
func (s *GetSchemaOutput) SetSchema(v string) *GetSchemaOutput
SetSchema sets the Schema field's value.
func (s GetSchemaOutput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type IdentitySourceDetails struct { // The application client IDs associated with the specified Amazon Cognito user // pool that are enabled for this identity source. // // Deprecated: This attribute has been replaced by configuration.cognitoUserPoolConfiguration.clientIds ClientIds []*string `locationName:"clientIds" deprecated:"true" type:"list" sensitive:"true"` // The well-known URL that points to this user pool's OIDC discovery endpoint. // This is a URL string in the following format. This URL replaces the placeholders // for both the Amazon Web Services Region and the user pool identifier with // those appropriate for this user pool. // // https://cognito-idp.<region>.amazonaws.com/<user-pool-id>/.well-known/openid-configuration // // Deprecated: This attribute has been replaced by configuration.cognitoUserPoolConfiguration.issuer DiscoveryUrl *string `locationName:"discoveryUrl" min:"1" deprecated:"true" type:"string"` // A string that identifies the type of OIDC service represented by this identity // source. // // At this time, the only valid value is cognito. // // Deprecated: This attribute has been replaced by configuration OpenIdIssuer *string `locationName:"openIdIssuer" deprecated:"true" type:"string" enum:"OpenIdIssuer"` // The Amazon Resource Name (ARN) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) // of the Amazon Cognito user pool whose identities are accessible to this Verified // Permissions policy store. // // Deprecated: This attribute has been replaced by configuration.cognitoUserPoolConfiguration.userPoolArn UserPoolArn *string `locationName:"userPoolArn" min:"1" deprecated:"true" type:"string"` // contains filtered or unexported fields }
A structure that contains configuration of the identity source.
This data type was a response parameter for the GetIdentitySource (https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_GetIdentitySource.html) operation. Replaced by ConfigurationDetail (https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_ConfigurationDetail.html).
Deprecated: This shape has been replaced by ConfigurationDetail
func (s IdentitySourceDetails) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *IdentitySourceDetails) SetClientIds(v []*string) *IdentitySourceDetails
SetClientIds sets the ClientIds field's value.
func (s *IdentitySourceDetails) SetDiscoveryUrl(v string) *IdentitySourceDetails
SetDiscoveryUrl sets the DiscoveryUrl field's value.
func (s *IdentitySourceDetails) SetOpenIdIssuer(v string) *IdentitySourceDetails
SetOpenIdIssuer sets the OpenIdIssuer field's value.
func (s *IdentitySourceDetails) SetUserPoolArn(v string) *IdentitySourceDetails
SetUserPoolArn sets the UserPoolArn field's value.
func (s IdentitySourceDetails) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type IdentitySourceFilter struct { // The Cedar entity type of the principals returned by the identity provider // (IdP) associated with this identity source. // // PrincipalEntityType is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by IdentitySourceFilter's // String and GoString methods. PrincipalEntityType *string `locationName:"principalEntityType" min:"1" type:"string" sensitive:"true"` // contains filtered or unexported fields }
A structure that defines characteristics of an identity source that you can use to filter.
This data type is a request parameter for the ListIdentityStores (https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_ListIdentityStores.html) operation.
func (s IdentitySourceFilter) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *IdentitySourceFilter) SetPrincipalEntityType(v string) *IdentitySourceFilter
SetPrincipalEntityType sets the PrincipalEntityType field's value.
func (s IdentitySourceFilter) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *IdentitySourceFilter) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type IdentitySourceItem struct { // Contains configuration information about an identity source. Configuration *ConfigurationItem `locationName:"configuration" type:"structure"` // The date and time the identity source was originally created. // // CreatedDate is a required field CreatedDate *time.Time `locationName:"createdDate" type:"timestamp" timestampFormat:"iso8601" required:"true"` // A structure that contains the details of the associated identity provider // (IdP). // // Deprecated: This attribute has been replaced by configuration.cognitoUserPoolConfiguration Details *IdentitySourceItemDetails `locationName:"details" deprecated:"true" type:"structure"` // The unique identifier of the identity source. // // IdentitySourceId is a required field IdentitySourceId *string `locationName:"identitySourceId" min:"1" type:"string" required:"true"` // The date and time the identity source was most recently updated. // // LastUpdatedDate is a required field LastUpdatedDate *time.Time `locationName:"lastUpdatedDate" type:"timestamp" timestampFormat:"iso8601" required:"true"` // The identifier of the policy store that contains the identity source. // // PolicyStoreId is a required field PolicyStoreId *string `locationName:"policyStoreId" min:"1" type:"string" required:"true"` // The Cedar entity type of the principals returned from the IdP associated // with this identity source. // // PrincipalEntityType is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by IdentitySourceItem's // String and GoString methods. // // PrincipalEntityType is a required field PrincipalEntityType *string `locationName:"principalEntityType" min:"1" type:"string" required:"true" sensitive:"true"` // contains filtered or unexported fields }
A structure that defines an identity source.
This data type is a response parameter to the ListIdentitySources (https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_ListIdentitySources.html) operation.
func (s IdentitySourceItem) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *IdentitySourceItem) SetConfiguration(v *ConfigurationItem) *IdentitySourceItem
SetConfiguration sets the Configuration field's value.
func (s *IdentitySourceItem) SetCreatedDate(v time.Time) *IdentitySourceItem
SetCreatedDate sets the CreatedDate field's value.
func (s *IdentitySourceItem) SetDetails(v *IdentitySourceItemDetails) *IdentitySourceItem
SetDetails sets the Details field's value.
func (s *IdentitySourceItem) SetIdentitySourceId(v string) *IdentitySourceItem
SetIdentitySourceId sets the IdentitySourceId field's value.
func (s *IdentitySourceItem) SetLastUpdatedDate(v time.Time) *IdentitySourceItem
SetLastUpdatedDate sets the LastUpdatedDate field's value.
func (s *IdentitySourceItem) SetPolicyStoreId(v string) *IdentitySourceItem
SetPolicyStoreId sets the PolicyStoreId field's value.
func (s *IdentitySourceItem) SetPrincipalEntityType(v string) *IdentitySourceItem
SetPrincipalEntityType sets the PrincipalEntityType field's value.
func (s IdentitySourceItem) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type IdentitySourceItemDetails struct { // The application client IDs associated with the specified Amazon Cognito user // pool that are enabled for this identity source. // // Deprecated: This attribute has been replaced by configuration.cognitoUserPoolConfiguration.clientIds ClientIds []*string `locationName:"clientIds" deprecated:"true" type:"list" sensitive:"true"` // The well-known URL that points to this user pool's OIDC discovery endpoint. // This is a URL string in the following format. This URL replaces the placeholders // for both the Amazon Web Services Region and the user pool identifier with // those appropriate for this user pool. // // https://cognito-idp.<region>.amazonaws.com/<user-pool-id>/.well-known/openid-configuration // // Deprecated: This attribute has been replaced by configuration.cognitoUserPoolConfiguration.issuer DiscoveryUrl *string `locationName:"discoveryUrl" min:"1" deprecated:"true" type:"string"` // A string that identifies the type of OIDC service represented by this identity // source. // // At this time, the only valid value is cognito. // // Deprecated: This attribute has been replaced by configuration OpenIdIssuer *string `locationName:"openIdIssuer" deprecated:"true" type:"string" enum:"OpenIdIssuer"` // The Amazon Cognito user pool whose identities are accessible to this Verified // Permissions policy store. // // Deprecated: This attribute has been replaced by configuration.cognitoUserPoolConfiguration.userPoolArn UserPoolArn *string `locationName:"userPoolArn" min:"1" deprecated:"true" type:"string"` // contains filtered or unexported fields }
A structure that contains configuration of the identity source.
This data type was a response parameter for the ListIdentitySources (https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_ListIdentitySources.html) operation. Replaced by ConfigurationItem (https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_ConfigurationItem.html).
Deprecated: This shape has been replaced by ConfigurationItem
func (s IdentitySourceItemDetails) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *IdentitySourceItemDetails) SetClientIds(v []*string) *IdentitySourceItemDetails
SetClientIds sets the ClientIds field's value.
func (s *IdentitySourceItemDetails) SetDiscoveryUrl(v string) *IdentitySourceItemDetails
SetDiscoveryUrl sets the DiscoveryUrl field's value.
func (s *IdentitySourceItemDetails) SetOpenIdIssuer(v string) *IdentitySourceItemDetails
SetOpenIdIssuer sets the OpenIdIssuer field's value.
func (s *IdentitySourceItemDetails) SetUserPoolArn(v string) *IdentitySourceItemDetails
SetUserPoolArn sets the UserPoolArn field's value.
func (s IdentitySourceItemDetails) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type InternalServerException struct { RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` Message_ *string `locationName:"message" type:"string"` // contains filtered or unexported fields }
The request failed because of an internal error. Try your request again later
func (s *InternalServerException) Code() string
Code returns the exception type name.
func (s *InternalServerException) Error() string
func (s InternalServerException) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *InternalServerException) Message() string
Message returns the exception's message.
func (s *InternalServerException) OrigErr() error
OrigErr always returns nil, satisfies awserr.Error interface.
func (s *InternalServerException) RequestID() string
RequestID returns the service's response RequestID for request.
func (s *InternalServerException) StatusCode() int
Status code returns the HTTP status code for the request's response error.
func (s InternalServerException) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type IsAuthorizedInput struct { // Specifies the requested action to be authorized. For example, is the principal // authorized to perform this action on the resource? Action *ActionIdentifier `locationName:"action" type:"structure"` // Specifies additional context that can be used to make more granular authorization // decisions. Context *ContextDefinition `locationName:"context" type:"structure"` // Specifies the list of resources and principals and their associated attributes // that Verified Permissions can examine when evaluating the policies. // // You can include only principal and resource entities in this parameter; you // can't include actions. You must specify actions in the schema. Entities *EntitiesDefinition `locationName:"entities" type:"structure"` // Specifies the ID of the policy store. Policies in this policy store will // be used to make an authorization decision for the input. // // PolicyStoreId is a required field PolicyStoreId *string `locationName:"policyStoreId" min:"1" type:"string" required:"true"` // Specifies the principal for which the authorization decision is to be made. Principal *EntityIdentifier `locationName:"principal" type:"structure"` // Specifies the resource for which the authorization decision is to be made. Resource *EntityIdentifier `locationName:"resource" type:"structure"` // contains filtered or unexported fields }
func (s IsAuthorizedInput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *IsAuthorizedInput) SetAction(v *ActionIdentifier) *IsAuthorizedInput
SetAction sets the Action field's value.
func (s *IsAuthorizedInput) SetContext(v *ContextDefinition) *IsAuthorizedInput
SetContext sets the Context field's value.
func (s *IsAuthorizedInput) SetEntities(v *EntitiesDefinition) *IsAuthorizedInput
SetEntities sets the Entities field's value.
func (s *IsAuthorizedInput) SetPolicyStoreId(v string) *IsAuthorizedInput
SetPolicyStoreId sets the PolicyStoreId field's value.
func (s *IsAuthorizedInput) SetPrincipal(v *EntityIdentifier) *IsAuthorizedInput
SetPrincipal sets the Principal field's value.
func (s *IsAuthorizedInput) SetResource(v *EntityIdentifier) *IsAuthorizedInput
SetResource sets the Resource field's value.
func (s IsAuthorizedInput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *IsAuthorizedInput) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type IsAuthorizedOutput struct { // An authorization decision that indicates if the authorization request should // be allowed or denied. // // Decision is a required field Decision *string `locationName:"decision" type:"string" required:"true" enum:"Decision"` // The list of determining policies used to make the authorization decision. // For example, if there are two matching policies, where one is a forbid and // the other is a permit, then the forbid policy will be the determining policy. // In the case of multiple matching permit policies then there would be multiple // determining policies. In the case that no policies match, and hence the response // is DENY, there would be no determining policies. // // DeterminingPolicies is a required field DeterminingPolicies []*DeterminingPolicyItem `locationName:"determiningPolicies" type:"list" required:"true"` // Errors that occurred while making an authorization decision, for example, // a policy references an Entity or entity Attribute that does not exist in // the slice. // // Errors is a required field Errors []*EvaluationErrorItem `locationName:"errors" type:"list" required:"true" sensitive:"true"` // contains filtered or unexported fields }
func (s IsAuthorizedOutput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *IsAuthorizedOutput) SetDecision(v string) *IsAuthorizedOutput
SetDecision sets the Decision field's value.
func (s *IsAuthorizedOutput) SetDeterminingPolicies(v []*DeterminingPolicyItem) *IsAuthorizedOutput
SetDeterminingPolicies sets the DeterminingPolicies field's value.
func (s *IsAuthorizedOutput) SetErrors(v []*EvaluationErrorItem) *IsAuthorizedOutput
SetErrors sets the Errors field's value.
func (s IsAuthorizedOutput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type IsAuthorizedWithTokenInput struct { // Specifies an access token for the principal to be authorized. This token // is provided to you by the identity provider (IdP) associated with the specified // identity source. You must specify either an accessToken, an identityToken, // or both. // // Must be an access token. Verified Permissions returns an error if the token_use // claim in the submitted token isn't access. // // AccessToken is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by IsAuthorizedWithTokenInput's // String and GoString methods. AccessToken *string `locationName:"accessToken" min:"1" type:"string" sensitive:"true"` // Specifies the requested action to be authorized. Is the specified principal // authorized to perform this action on the specified resource. Action *ActionIdentifier `locationName:"action" type:"structure"` // Specifies additional context that can be used to make more granular authorization // decisions. Context *ContextDefinition `locationName:"context" type:"structure"` // Specifies the list of resources and their associated attributes that Verified // Permissions can examine when evaluating the policies. // // You can't include principals in this parameter, only resource and action // entities. This parameter can't include any entities of a type that matches // the user or group entity types that you defined in your identity source. // // * The IsAuthorizedWithToken operation takes principal attributes from // only the identityToken or accessToken passed to the operation. // // * For action entities, you can include only their Identifier and EntityType. Entities *EntitiesDefinition `locationName:"entities" type:"structure"` // Specifies an identity token for the principal to be authorized. This token // is provided to you by the identity provider (IdP) associated with the specified // identity source. You must specify either an accessToken, an identityToken, // or both. // // Must be an ID token. Verified Permissions returns an error if the token_use // claim in the submitted token isn't id. // // IdentityToken is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by IsAuthorizedWithTokenInput's // String and GoString methods. IdentityToken *string `locationName:"identityToken" min:"1" type:"string" sensitive:"true"` // Specifies the ID of the policy store. Policies in this policy store will // be used to make an authorization decision for the input. // // PolicyStoreId is a required field PolicyStoreId *string `locationName:"policyStoreId" min:"1" type:"string" required:"true"` // Specifies the resource for which the authorization decision is made. For // example, is the principal allowed to perform the action on the resource? Resource *EntityIdentifier `locationName:"resource" type:"structure"` // contains filtered or unexported fields }
func (s IsAuthorizedWithTokenInput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *IsAuthorizedWithTokenInput) SetAccessToken(v string) *IsAuthorizedWithTokenInput
SetAccessToken sets the AccessToken field's value.
func (s *IsAuthorizedWithTokenInput) SetAction(v *ActionIdentifier) *IsAuthorizedWithTokenInput
SetAction sets the Action field's value.
func (s *IsAuthorizedWithTokenInput) SetContext(v *ContextDefinition) *IsAuthorizedWithTokenInput
SetContext sets the Context field's value.
func (s *IsAuthorizedWithTokenInput) SetEntities(v *EntitiesDefinition) *IsAuthorizedWithTokenInput
SetEntities sets the Entities field's value.
func (s *IsAuthorizedWithTokenInput) SetIdentityToken(v string) *IsAuthorizedWithTokenInput
SetIdentityToken sets the IdentityToken field's value.
func (s *IsAuthorizedWithTokenInput) SetPolicyStoreId(v string) *IsAuthorizedWithTokenInput
SetPolicyStoreId sets the PolicyStoreId field's value.
func (s *IsAuthorizedWithTokenInput) SetResource(v *EntityIdentifier) *IsAuthorizedWithTokenInput
SetResource sets the Resource field's value.
func (s IsAuthorizedWithTokenInput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *IsAuthorizedWithTokenInput) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type IsAuthorizedWithTokenOutput struct { // An authorization decision that indicates if the authorization request should // be allowed or denied. // // Decision is a required field Decision *string `locationName:"decision" type:"string" required:"true" enum:"Decision"` // The list of determining policies used to make the authorization decision. // For example, if there are multiple matching policies, where at least one // is a forbid policy, then because forbid always overrides permit the forbid // policies are the determining policies. If all matching policies are permit // policies, then those policies are the determining policies. When no policies // match and the response is the default DENY, there are no determining policies. // // DeterminingPolicies is a required field DeterminingPolicies []*DeterminingPolicyItem `locationName:"determiningPolicies" type:"list" required:"true"` // Errors that occurred while making an authorization decision. For example, // a policy references an entity or entity attribute that does not exist in // the slice. // // Errors is a required field Errors []*EvaluationErrorItem `locationName:"errors" type:"list" required:"true" sensitive:"true"` // The identifier of the principal in the ID or access token. Principal *EntityIdentifier `locationName:"principal" type:"structure"` // contains filtered or unexported fields }
func (s IsAuthorizedWithTokenOutput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *IsAuthorizedWithTokenOutput) SetDecision(v string) *IsAuthorizedWithTokenOutput
SetDecision sets the Decision field's value.
func (s *IsAuthorizedWithTokenOutput) SetDeterminingPolicies(v []*DeterminingPolicyItem) *IsAuthorizedWithTokenOutput
SetDeterminingPolicies sets the DeterminingPolicies field's value.
func (s *IsAuthorizedWithTokenOutput) SetErrors(v []*EvaluationErrorItem) *IsAuthorizedWithTokenOutput
SetErrors sets the Errors field's value.
func (s *IsAuthorizedWithTokenOutput) SetPrincipal(v *EntityIdentifier) *IsAuthorizedWithTokenOutput
SetPrincipal sets the Principal field's value.
func (s IsAuthorizedWithTokenOutput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type ListIdentitySourcesInput struct { // Specifies characteristics of an identity source that you can use to limit // the output to matching identity sources. Filters []*IdentitySourceFilter `locationName:"filters" type:"list"` // Specifies the total number of results that you want included in each response. // If additional items exist beyond the number you specify, the NextToken response // element is returned with a value (not null). Include the specified value // as the NextToken request parameter in the next call to the operation to get // the next set of results. Note that the service might return fewer results // than the maximum even when there are more results available. You should check // NextToken after every operation to ensure that you receive all of the results. // // If you do not specify this parameter, the operation defaults to 10 identity // sources per response. You can specify a maximum of 50 identity sources per // response. MaxResults *int64 `locationName:"maxResults" min:"1" type:"integer"` // Specifies that you want to receive the next page of results. Valid only if // you received a NextToken response in the previous request. If you did, it // indicates that more output is available. Set this parameter to the value // provided by the previous call's NextToken response to request the next page // of results. NextToken *string `locationName:"nextToken" min:"1" type:"string"` // Specifies the ID of the policy store that contains the identity sources that // you want to list. // // PolicyStoreId is a required field PolicyStoreId *string `locationName:"policyStoreId" min:"1" type:"string" required:"true"` // contains filtered or unexported fields }
func (s ListIdentitySourcesInput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *ListIdentitySourcesInput) SetFilters(v []*IdentitySourceFilter) *ListIdentitySourcesInput
SetFilters sets the Filters field's value.
func (s *ListIdentitySourcesInput) SetMaxResults(v int64) *ListIdentitySourcesInput
SetMaxResults sets the MaxResults field's value.
func (s *ListIdentitySourcesInput) SetNextToken(v string) *ListIdentitySourcesInput
SetNextToken sets the NextToken field's value.
func (s *ListIdentitySourcesInput) SetPolicyStoreId(v string) *ListIdentitySourcesInput
SetPolicyStoreId sets the PolicyStoreId field's value.
func (s ListIdentitySourcesInput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *ListIdentitySourcesInput) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type ListIdentitySourcesOutput struct { // The list of identity sources stored in the specified policy store. // // IdentitySources is a required field IdentitySources []*IdentitySourceItem `locationName:"identitySources" type:"list" required:"true"` // If present, this value indicates that more output is available than is included // in the current response. Use this value in the NextToken request parameter // in a subsequent call to the operation to get the next part of the output. // You should repeat this until the NextToken response element comes back as // null. This indicates that this is the last page of results. NextToken *string `locationName:"nextToken" min:"1" type:"string"` // contains filtered or unexported fields }
func (s ListIdentitySourcesOutput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *ListIdentitySourcesOutput) SetIdentitySources(v []*IdentitySourceItem) *ListIdentitySourcesOutput
SetIdentitySources sets the IdentitySources field's value.
func (s *ListIdentitySourcesOutput) SetNextToken(v string) *ListIdentitySourcesOutput
SetNextToken sets the NextToken field's value.
func (s ListIdentitySourcesOutput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type ListPoliciesInput struct { // Specifies a filter that limits the response to only policies that match the // specified criteria. For example, you list only the policies that reference // a specified principal. Filter *PolicyFilter `locationName:"filter" type:"structure"` // Specifies the total number of results that you want included in each response. // If additional items exist beyond the number you specify, the NextToken response // element is returned with a value (not null). Include the specified value // as the NextToken request parameter in the next call to the operation to get // the next set of results. Note that the service might return fewer results // than the maximum even when there are more results available. You should check // NextToken after every operation to ensure that you receive all of the results. // // If you do not specify this parameter, the operation defaults to 10 policies // per response. You can specify a maximum of 50 policies per response. MaxResults *int64 `locationName:"maxResults" min:"1" type:"integer"` // Specifies that you want to receive the next page of results. Valid only if // you received a NextToken response in the previous request. If you did, it // indicates that more output is available. Set this parameter to the value // provided by the previous call's NextToken response to request the next page // of results. NextToken *string `locationName:"nextToken" min:"1" type:"string"` // Specifies the ID of the policy store you want to list policies from. // // PolicyStoreId is a required field PolicyStoreId *string `locationName:"policyStoreId" min:"1" type:"string" required:"true"` // contains filtered or unexported fields }
func (s ListPoliciesInput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *ListPoliciesInput) SetFilter(v *PolicyFilter) *ListPoliciesInput
SetFilter sets the Filter field's value.
func (s *ListPoliciesInput) SetMaxResults(v int64) *ListPoliciesInput
SetMaxResults sets the MaxResults field's value.
func (s *ListPoliciesInput) SetNextToken(v string) *ListPoliciesInput
SetNextToken sets the NextToken field's value.
func (s *ListPoliciesInput) SetPolicyStoreId(v string) *ListPoliciesInput
SetPolicyStoreId sets the PolicyStoreId field's value.
func (s ListPoliciesInput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *ListPoliciesInput) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type ListPoliciesOutput struct { // If present, this value indicates that more output is available than is included // in the current response. Use this value in the NextToken request parameter // in a subsequent call to the operation to get the next part of the output. // You should repeat this until the NextToken response element comes back as // null. This indicates that this is the last page of results. NextToken *string `locationName:"nextToken" min:"1" type:"string"` // Lists all policies that are available in the specified policy store. // // Policies is a required field Policies []*PolicyItem `locationName:"policies" type:"list" required:"true"` // contains filtered or unexported fields }
func (s ListPoliciesOutput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *ListPoliciesOutput) SetNextToken(v string) *ListPoliciesOutput
SetNextToken sets the NextToken field's value.
func (s *ListPoliciesOutput) SetPolicies(v []*PolicyItem) *ListPoliciesOutput
SetPolicies sets the Policies field's value.
func (s ListPoliciesOutput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type ListPolicyStoresInput struct { // Specifies the total number of results that you want included in each response. // If additional items exist beyond the number you specify, the NextToken response // element is returned with a value (not null). Include the specified value // as the NextToken request parameter in the next call to the operation to get // the next set of results. Note that the service might return fewer results // than the maximum even when there are more results available. You should check // NextToken after every operation to ensure that you receive all of the results. // // If you do not specify this parameter, the operation defaults to 10 policy // stores per response. You can specify a maximum of 50 policy stores per response. MaxResults *int64 `locationName:"maxResults" min:"1" type:"integer"` // Specifies that you want to receive the next page of results. Valid only if // you received a NextToken response in the previous request. If you did, it // indicates that more output is available. Set this parameter to the value // provided by the previous call's NextToken response to request the next page // of results. NextToken *string `locationName:"nextToken" min:"1" type:"string"` // contains filtered or unexported fields }
func (s ListPolicyStoresInput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *ListPolicyStoresInput) SetMaxResults(v int64) *ListPolicyStoresInput
SetMaxResults sets the MaxResults field's value.
func (s *ListPolicyStoresInput) SetNextToken(v string) *ListPolicyStoresInput
SetNextToken sets the NextToken field's value.
func (s ListPolicyStoresInput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *ListPolicyStoresInput) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type ListPolicyStoresOutput struct { // If present, this value indicates that more output is available than is included // in the current response. Use this value in the NextToken request parameter // in a subsequent call to the operation to get the next part of the output. // You should repeat this until the NextToken response element comes back as // null. This indicates that this is the last page of results. NextToken *string `locationName:"nextToken" min:"1" type:"string"` // The list of policy stores in the account. // // PolicyStores is a required field PolicyStores []*PolicyStoreItem `locationName:"policyStores" type:"list" required:"true"` // contains filtered or unexported fields }
func (s ListPolicyStoresOutput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *ListPolicyStoresOutput) SetNextToken(v string) *ListPolicyStoresOutput
SetNextToken sets the NextToken field's value.
func (s *ListPolicyStoresOutput) SetPolicyStores(v []*PolicyStoreItem) *ListPolicyStoresOutput
SetPolicyStores sets the PolicyStores field's value.
func (s ListPolicyStoresOutput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type ListPolicyTemplatesInput struct { // Specifies the total number of results that you want included in each response. // If additional items exist beyond the number you specify, the NextToken response // element is returned with a value (not null). Include the specified value // as the NextToken request parameter in the next call to the operation to get // the next set of results. Note that the service might return fewer results // than the maximum even when there are more results available. You should check // NextToken after every operation to ensure that you receive all of the results. // // If you do not specify this parameter, the operation defaults to 10 policy // templates per response. You can specify a maximum of 50 policy templates // per response. MaxResults *int64 `locationName:"maxResults" min:"1" type:"integer"` // Specifies that you want to receive the next page of results. Valid only if // you received a NextToken response in the previous request. If you did, it // indicates that more output is available. Set this parameter to the value // provided by the previous call's NextToken response to request the next page // of results. NextToken *string `locationName:"nextToken" min:"1" type:"string"` // Specifies the ID of the policy store that contains the policy templates you // want to list. // // PolicyStoreId is a required field PolicyStoreId *string `locationName:"policyStoreId" min:"1" type:"string" required:"true"` // contains filtered or unexported fields }
func (s ListPolicyTemplatesInput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *ListPolicyTemplatesInput) SetMaxResults(v int64) *ListPolicyTemplatesInput
SetMaxResults sets the MaxResults field's value.
func (s *ListPolicyTemplatesInput) SetNextToken(v string) *ListPolicyTemplatesInput
SetNextToken sets the NextToken field's value.
func (s *ListPolicyTemplatesInput) SetPolicyStoreId(v string) *ListPolicyTemplatesInput
SetPolicyStoreId sets the PolicyStoreId field's value.
func (s ListPolicyTemplatesInput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *ListPolicyTemplatesInput) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type ListPolicyTemplatesOutput struct { // If present, this value indicates that more output is available than is included // in the current response. Use this value in the NextToken request parameter // in a subsequent call to the operation to get the next part of the output. // You should repeat this until the NextToken response element comes back as // null. This indicates that this is the last page of results. NextToken *string `locationName:"nextToken" min:"1" type:"string"` // The list of the policy templates in the specified policy store. // // PolicyTemplates is a required field PolicyTemplates []*PolicyTemplateItem `locationName:"policyTemplates" type:"list" required:"true"` // contains filtered or unexported fields }
func (s ListPolicyTemplatesOutput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *ListPolicyTemplatesOutput) SetNextToken(v string) *ListPolicyTemplatesOutput
SetNextToken sets the NextToken field's value.
func (s *ListPolicyTemplatesOutput) SetPolicyTemplates(v []*PolicyTemplateItem) *ListPolicyTemplatesOutput
SetPolicyTemplates sets the PolicyTemplates field's value.
func (s ListPolicyTemplatesOutput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type OpenIdConnectAccessTokenConfiguration struct { // The access token aud claim values that you want to accept in your policy // store. For example, https://myapp.example.com, https://myapp2.example.com. Audiences []*string `locationName:"audiences" min:"1" type:"list"` // The claim that determines the principal in OIDC access tokens. For example, // sub. // // PrincipalIdClaim is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by OpenIdConnectAccessTokenConfiguration's // String and GoString methods. PrincipalIdClaim *string `locationName:"principalIdClaim" min:"1" type:"string" sensitive:"true"` // contains filtered or unexported fields }
The configuration of an OpenID Connect (OIDC) identity source for handling access token claims. Contains the claim that you want to identify as the principal in an authorization request, and the values of the aud claim, or audiences, that you want to accept.
This data type is part of a OpenIdConnectTokenSelection (https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_OpenIdConnectTokenSelection.html) structure, which is a parameter of CreateIdentitySource (https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_CreateIdentitySource.html).
func (s OpenIdConnectAccessTokenConfiguration) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *OpenIdConnectAccessTokenConfiguration) SetAudiences(v []*string) *OpenIdConnectAccessTokenConfiguration
SetAudiences sets the Audiences field's value.
func (s *OpenIdConnectAccessTokenConfiguration) SetPrincipalIdClaim(v string) *OpenIdConnectAccessTokenConfiguration
SetPrincipalIdClaim sets the PrincipalIdClaim field's value.
func (s OpenIdConnectAccessTokenConfiguration) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *OpenIdConnectAccessTokenConfiguration) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type OpenIdConnectAccessTokenConfigurationDetail struct { // The access token aud claim values that you want to accept in your policy // store. For example, https://myapp.example.com, https://myapp2.example.com. Audiences []*string `locationName:"audiences" min:"1" type:"list"` // The claim that determines the principal in OIDC access tokens. For example, // sub. // // PrincipalIdClaim is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by OpenIdConnectAccessTokenConfigurationDetail's // String and GoString methods. PrincipalIdClaim *string `locationName:"principalIdClaim" min:"1" type:"string" sensitive:"true"` // contains filtered or unexported fields }
The configuration of an OpenID Connect (OIDC) identity source for handling access token claims. Contains the claim that you want to identify as the principal in an authorization request, and the values of the aud claim, or audiences, that you want to accept.
This data type is part of a OpenIdConnectTokenSelectionDetail (https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_OpenIdConnectTokenSelectionDetail.html) structure, which is a parameter of GetIdentitySource (https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_GetIdentitySource.html).
func (s OpenIdConnectAccessTokenConfigurationDetail) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *OpenIdConnectAccessTokenConfigurationDetail) SetAudiences(v []*string) *OpenIdConnectAccessTokenConfigurationDetail
SetAudiences sets the Audiences field's value.
func (s *OpenIdConnectAccessTokenConfigurationDetail) SetPrincipalIdClaim(v string) *OpenIdConnectAccessTokenConfigurationDetail
SetPrincipalIdClaim sets the PrincipalIdClaim field's value.
func (s OpenIdConnectAccessTokenConfigurationDetail) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type OpenIdConnectAccessTokenConfigurationItem struct { // The access token aud claim values that you want to accept in your policy // store. For example, https://myapp.example.com, https://myapp2.example.com. Audiences []*string `locationName:"audiences" min:"1" type:"list"` // The claim that determines the principal in OIDC access tokens. For example, // sub. // // PrincipalIdClaim is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by OpenIdConnectAccessTokenConfigurationItem's // String and GoString methods. PrincipalIdClaim *string `locationName:"principalIdClaim" min:"1" type:"string" sensitive:"true"` // contains filtered or unexported fields }
The configuration of an OpenID Connect (OIDC) identity source for handling access token claims. Contains the claim that you want to identify as the principal in an authorization request, and the values of the aud claim, or audiences, that you want to accept.
This data type is part of a OpenIdConnectTokenSelectionItem (https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_OpenIdConnectTokenSelectionItem.html) structure, which is a parameter of ListIdentitySources (https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_ListIdentitySources.html).
func (s OpenIdConnectAccessTokenConfigurationItem) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *OpenIdConnectAccessTokenConfigurationItem) SetAudiences(v []*string) *OpenIdConnectAccessTokenConfigurationItem
SetAudiences sets the Audiences field's value.
func (s *OpenIdConnectAccessTokenConfigurationItem) SetPrincipalIdClaim(v string) *OpenIdConnectAccessTokenConfigurationItem
SetPrincipalIdClaim sets the PrincipalIdClaim field's value.
func (s OpenIdConnectAccessTokenConfigurationItem) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type OpenIdConnectConfiguration struct { // A descriptive string that you want to prefix to user entities from your OIDC // identity provider. For example, if you set an entityIdPrefix of MyOIDCProvider, // you can reference principals in your policies in the format MyCorp::User::MyOIDCProvider|Carlos. // // EntityIdPrefix is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by OpenIdConnectConfiguration's // String and GoString methods. EntityIdPrefix *string `locationName:"entityIdPrefix" min:"1" type:"string" sensitive:"true"` // The claim in OIDC identity provider tokens that indicates a user's group // membership, and the entity type that you want to map it to. For example, // this object can map the contents of a groups claim to MyCorp::UserGroup. GroupConfiguration *OpenIdConnectGroupConfiguration `locationName:"groupConfiguration" type:"structure"` // The issuer URL of an OIDC identity provider. This URL must have an OIDC discovery // endpoint at the path .well-known/openid-configuration. // // Issuer is a required field Issuer *string `locationName:"issuer" min:"1" type:"string" required:"true"` // The token type that you want to process from your OIDC identity provider. // Your policy store can process either identity (ID) or access tokens from // a given OIDC identity source. // // TokenSelection is a required field TokenSelection *OpenIdConnectTokenSelection `locationName:"tokenSelection" type:"structure" required:"true"` // contains filtered or unexported fields }
Contains configuration details of an OpenID Connect (OIDC) identity provider, or identity source, that Verified Permissions can use to generate entities from authenticated identities. It specifies the issuer URL, token type that you want to use, and policy store entity details.
This data type is part of a Configuration (https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_Configuration.html) structure, which is a parameter to CreateIdentitySource (https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_CreateIdentitySource.html).
func (s OpenIdConnectConfiguration) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *OpenIdConnectConfiguration) SetEntityIdPrefix(v string) *OpenIdConnectConfiguration
SetEntityIdPrefix sets the EntityIdPrefix field's value.
func (s *OpenIdConnectConfiguration) SetGroupConfiguration(v *OpenIdConnectGroupConfiguration) *OpenIdConnectConfiguration
SetGroupConfiguration sets the GroupConfiguration field's value.
func (s *OpenIdConnectConfiguration) SetIssuer(v string) *OpenIdConnectConfiguration
SetIssuer sets the Issuer field's value.
func (s *OpenIdConnectConfiguration) SetTokenSelection(v *OpenIdConnectTokenSelection) *OpenIdConnectConfiguration
SetTokenSelection sets the TokenSelection field's value.
func (s OpenIdConnectConfiguration) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *OpenIdConnectConfiguration) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type OpenIdConnectConfigurationDetail struct { // A descriptive string that you want to prefix to user entities from your OIDC // identity provider. For example, if you set an entityIdPrefix of MyOIDCProvider, // you can reference principals in your policies in the format MyCorp::User::MyOIDCProvider|Carlos. // // EntityIdPrefix is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by OpenIdConnectConfigurationDetail's // String and GoString methods. EntityIdPrefix *string `locationName:"entityIdPrefix" min:"1" type:"string" sensitive:"true"` // The claim in OIDC identity provider tokens that indicates a user's group // membership, and the entity type that you want to map it to. For example, // this object can map the contents of a groups claim to MyCorp::UserGroup. GroupConfiguration *OpenIdConnectGroupConfigurationDetail `locationName:"groupConfiguration" type:"structure"` // The issuer URL of an OIDC identity provider. This URL must have an OIDC discovery // endpoint at the path .well-known/openid-configuration. // // Issuer is a required field Issuer *string `locationName:"issuer" min:"1" type:"string" required:"true"` // The token type that you want to process from your OIDC identity provider. // Your policy store can process either identity (ID) or access tokens from // a given OIDC identity source. // // TokenSelection is a required field TokenSelection *OpenIdConnectTokenSelectionDetail `locationName:"tokenSelection" type:"structure" required:"true"` // contains filtered or unexported fields }
Contains configuration details of an OpenID Connect (OIDC) identity provider, or identity source, that Verified Permissions can use to generate entities from authenticated identities. It specifies the issuer URL, token type that you want to use, and policy store entity details.
This data type is part of a ConfigurationDetail (https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_ConfigurationDetail.html) structure, which is a parameter to GetIdentitySource (https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_GetIdentitySource.html).
func (s OpenIdConnectConfigurationDetail) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *OpenIdConnectConfigurationDetail) SetEntityIdPrefix(v string) *OpenIdConnectConfigurationDetail
SetEntityIdPrefix sets the EntityIdPrefix field's value.
func (s *OpenIdConnectConfigurationDetail) SetGroupConfiguration(v *OpenIdConnectGroupConfigurationDetail) *OpenIdConnectConfigurationDetail
SetGroupConfiguration sets the GroupConfiguration field's value.
func (s *OpenIdConnectConfigurationDetail) SetIssuer(v string) *OpenIdConnectConfigurationDetail
SetIssuer sets the Issuer field's value.
func (s *OpenIdConnectConfigurationDetail) SetTokenSelection(v *OpenIdConnectTokenSelectionDetail) *OpenIdConnectConfigurationDetail
SetTokenSelection sets the TokenSelection field's value.
func (s OpenIdConnectConfigurationDetail) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type OpenIdConnectConfigurationItem struct { // A descriptive string that you want to prefix to user entities from your OIDC // identity provider. For example, if you set an entityIdPrefix of MyOIDCProvider, // you can reference principals in your policies in the format MyCorp::User::MyOIDCProvider|Carlos. // // EntityIdPrefix is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by OpenIdConnectConfigurationItem's // String and GoString methods. EntityIdPrefix *string `locationName:"entityIdPrefix" min:"1" type:"string" sensitive:"true"` // The claim in OIDC identity provider tokens that indicates a user's group // membership, and the entity type that you want to map it to. For example, // this object can map the contents of a groups claim to MyCorp::UserGroup. GroupConfiguration *OpenIdConnectGroupConfigurationItem `locationName:"groupConfiguration" type:"structure"` // The issuer URL of an OIDC identity provider. This URL must have an OIDC discovery // endpoint at the path .well-known/openid-configuration. // // Issuer is a required field Issuer *string `locationName:"issuer" min:"1" type:"string" required:"true"` // The token type that you want to process from your OIDC identity provider. // Your policy store can process either identity (ID) or access tokens from // a given OIDC identity source. // // TokenSelection is a required field TokenSelection *OpenIdConnectTokenSelectionItem `locationName:"tokenSelection" type:"structure" required:"true"` // contains filtered or unexported fields }
Contains configuration details of an OpenID Connect (OIDC) identity provider, or identity source, that Verified Permissions can use to generate entities from authenticated identities. It specifies the issuer URL, token type that you want to use, and policy store entity details.
This data type is part of a ConfigurationItem (https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_ConfigurationDetail.html) structure, which is a parameter to ListIdentitySources (https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_ListIdentitySources.html).
func (s OpenIdConnectConfigurationItem) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *OpenIdConnectConfigurationItem) SetEntityIdPrefix(v string) *OpenIdConnectConfigurationItem
SetEntityIdPrefix sets the EntityIdPrefix field's value.
func (s *OpenIdConnectConfigurationItem) SetGroupConfiguration(v *OpenIdConnectGroupConfigurationItem) *OpenIdConnectConfigurationItem
SetGroupConfiguration sets the GroupConfiguration field's value.
func (s *OpenIdConnectConfigurationItem) SetIssuer(v string) *OpenIdConnectConfigurationItem
SetIssuer sets the Issuer field's value.
func (s *OpenIdConnectConfigurationItem) SetTokenSelection(v *OpenIdConnectTokenSelectionItem) *OpenIdConnectConfigurationItem
SetTokenSelection sets the TokenSelection field's value.
func (s OpenIdConnectConfigurationItem) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type OpenIdConnectGroupConfiguration struct { // The token claim that you want Verified Permissions to interpret as group // membership. For example, groups. // // GroupClaim is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by OpenIdConnectGroupConfiguration's // String and GoString methods. // // GroupClaim is a required field GroupClaim *string `locationName:"groupClaim" min:"1" type:"string" required:"true" sensitive:"true"` // The policy store entity type that you want to map your users' group claim // to. For example, MyCorp::UserGroup. A group entity type is an entity that // can have a user entity type as a member. // // GroupEntityType is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by OpenIdConnectGroupConfiguration's // String and GoString methods. // // GroupEntityType is a required field GroupEntityType *string `locationName:"groupEntityType" min:"1" type:"string" required:"true" sensitive:"true"` // contains filtered or unexported fields }
The claim in OIDC identity provider tokens that indicates a user's group membership, and the entity type that you want to map it to. For example, this object can map the contents of a groups claim to MyCorp::UserGroup.
This data type is part of a OpenIdConnectConfiguration (https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_OpenIdConnectConfiguration.html) structure, which is a parameter of CreateIdentitySource (https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_CreateIdentitySource.html).
func (s OpenIdConnectGroupConfiguration) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *OpenIdConnectGroupConfiguration) SetGroupClaim(v string) *OpenIdConnectGroupConfiguration
SetGroupClaim sets the GroupClaim field's value.
func (s *OpenIdConnectGroupConfiguration) SetGroupEntityType(v string) *OpenIdConnectGroupConfiguration
SetGroupEntityType sets the GroupEntityType field's value.
func (s OpenIdConnectGroupConfiguration) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *OpenIdConnectGroupConfiguration) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type OpenIdConnectGroupConfigurationDetail struct { // The token claim that you want Verified Permissions to interpret as group // membership. For example, groups. // // GroupClaim is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by OpenIdConnectGroupConfigurationDetail's // String and GoString methods. // // GroupClaim is a required field GroupClaim *string `locationName:"groupClaim" min:"1" type:"string" required:"true" sensitive:"true"` // The policy store entity type that you want to map your users' group claim // to. For example, MyCorp::UserGroup. A group entity type is an entity that // can have a user entity type as a member. // // GroupEntityType is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by OpenIdConnectGroupConfigurationDetail's // String and GoString methods. // // GroupEntityType is a required field GroupEntityType *string `locationName:"groupEntityType" min:"1" type:"string" required:"true" sensitive:"true"` // contains filtered or unexported fields }
The claim in OIDC identity provider tokens that indicates a user's group membership, and the entity type that you want to map it to. For example, this object can map the contents of a groups claim to MyCorp::UserGroup.
This data type is part of a OpenIdConnectConfigurationDetail (https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_OpenIdConnectConfigurationDetail.html) structure, which is a parameter of GetIdentitySource (https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_GetIdentitySource.html).
func (s OpenIdConnectGroupConfigurationDetail) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *OpenIdConnectGroupConfigurationDetail) SetGroupClaim(v string) *OpenIdConnectGroupConfigurationDetail
SetGroupClaim sets the GroupClaim field's value.
func (s *OpenIdConnectGroupConfigurationDetail) SetGroupEntityType(v string) *OpenIdConnectGroupConfigurationDetail
SetGroupEntityType sets the GroupEntityType field's value.
func (s OpenIdConnectGroupConfigurationDetail) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type OpenIdConnectGroupConfigurationItem struct { // The token claim that you want Verified Permissions to interpret as group // membership. For example, groups. // // GroupClaim is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by OpenIdConnectGroupConfigurationItem's // String and GoString methods. // // GroupClaim is a required field GroupClaim *string `locationName:"groupClaim" min:"1" type:"string" required:"true" sensitive:"true"` // The policy store entity type that you want to map your users' group claim // to. For example, MyCorp::UserGroup. A group entity type is an entity that // can have a user entity type as a member. // // GroupEntityType is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by OpenIdConnectGroupConfigurationItem's // String and GoString methods. // // GroupEntityType is a required field GroupEntityType *string `locationName:"groupEntityType" min:"1" type:"string" required:"true" sensitive:"true"` // contains filtered or unexported fields }
The claim in OIDC identity provider tokens that indicates a user's group membership, and the entity type that you want to map it to. For example, this object can map the contents of a groups claim to MyCorp::UserGroup.
This data type is part of a OpenIdConnectConfigurationItem (https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_OpenIdConnectConfigurationItem.html) structure, which is a parameter of ListIdentitySourcea (https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_ListIdentitySources.html).
func (s OpenIdConnectGroupConfigurationItem) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *OpenIdConnectGroupConfigurationItem) SetGroupClaim(v string) *OpenIdConnectGroupConfigurationItem
SetGroupClaim sets the GroupClaim field's value.
func (s *OpenIdConnectGroupConfigurationItem) SetGroupEntityType(v string) *OpenIdConnectGroupConfigurationItem
SetGroupEntityType sets the GroupEntityType field's value.
func (s OpenIdConnectGroupConfigurationItem) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type OpenIdConnectIdentityTokenConfiguration struct { // The ID token audience, or client ID, claim values that you want to accept // in your policy store from an OIDC identity provider. For example, 1example23456789, // 2example10111213. ClientIds []*string `locationName:"clientIds" type:"list" sensitive:"true"` // The claim that determines the principal in OIDC access tokens. For example, // sub. // // PrincipalIdClaim is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by OpenIdConnectIdentityTokenConfiguration's // String and GoString methods. PrincipalIdClaim *string `locationName:"principalIdClaim" min:"1" type:"string" sensitive:"true"` // contains filtered or unexported fields }
The configuration of an OpenID Connect (OIDC) identity source for handling identity (ID) token claims. Contains the claim that you want to identify as the principal in an authorization request, and the values of the aud claim, or audiences, that you want to accept.
This data type is part of a OpenIdConnectTokenSelection (https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_OpenIdConnectTokenSelection.html) structure, which is a parameter of CreateIdentitySource (https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_CreateIdentitySource.html).
func (s OpenIdConnectIdentityTokenConfiguration) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *OpenIdConnectIdentityTokenConfiguration) SetClientIds(v []*string) *OpenIdConnectIdentityTokenConfiguration
SetClientIds sets the ClientIds field's value.
func (s *OpenIdConnectIdentityTokenConfiguration) SetPrincipalIdClaim(v string) *OpenIdConnectIdentityTokenConfiguration
SetPrincipalIdClaim sets the PrincipalIdClaim field's value.
func (s OpenIdConnectIdentityTokenConfiguration) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *OpenIdConnectIdentityTokenConfiguration) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type OpenIdConnectIdentityTokenConfigurationDetail struct { // The ID token audience, or client ID, claim values that you want to accept // in your policy store from an OIDC identity provider. For example, 1example23456789, // 2example10111213. ClientIds []*string `locationName:"clientIds" type:"list" sensitive:"true"` // The claim that determines the principal in OIDC access tokens. For example, // sub. // // PrincipalIdClaim is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by OpenIdConnectIdentityTokenConfigurationDetail's // String and GoString methods. PrincipalIdClaim *string `locationName:"principalIdClaim" min:"1" type:"string" sensitive:"true"` // contains filtered or unexported fields }
The configuration of an OpenID Connect (OIDC) identity source for handling identity (ID) token claims. Contains the claim that you want to identify as the principal in an authorization request, and the values of the aud claim, or audiences, that you want to accept.
This data type is part of a OpenIdConnectTokenSelectionDetail (https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_OpenIdConnectTokenSelectionDetail.html) structure, which is a parameter of GetIdentitySource (https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_GetIdentitySource.html).
func (s OpenIdConnectIdentityTokenConfigurationDetail) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *OpenIdConnectIdentityTokenConfigurationDetail) SetClientIds(v []*string) *OpenIdConnectIdentityTokenConfigurationDetail
SetClientIds sets the ClientIds field's value.
func (s *OpenIdConnectIdentityTokenConfigurationDetail) SetPrincipalIdClaim(v string) *OpenIdConnectIdentityTokenConfigurationDetail
SetPrincipalIdClaim sets the PrincipalIdClaim field's value.
func (s OpenIdConnectIdentityTokenConfigurationDetail) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type OpenIdConnectIdentityTokenConfigurationItem struct { // The ID token audience, or client ID, claim values that you want to accept // in your policy store from an OIDC identity provider. For example, 1example23456789, // 2example10111213. ClientIds []*string `locationName:"clientIds" type:"list" sensitive:"true"` // The claim that determines the principal in OIDC access tokens. For example, // sub. // // PrincipalIdClaim is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by OpenIdConnectIdentityTokenConfigurationItem's // String and GoString methods. PrincipalIdClaim *string `locationName:"principalIdClaim" min:"1" type:"string" sensitive:"true"` // contains filtered or unexported fields }
The configuration of an OpenID Connect (OIDC) identity source for handling identity (ID) token claims. Contains the claim that you want to identify as the principal in an authorization request, and the values of the aud claim, or audiences, that you want to accept.
This data type is part of a OpenIdConnectTokenSelectionItem (https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_OpenIdConnectTokenSelectionItem.html) structure, which is a parameter of ListIdentitySources (https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_ListIdentitySources.html).
func (s OpenIdConnectIdentityTokenConfigurationItem) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *OpenIdConnectIdentityTokenConfigurationItem) SetClientIds(v []*string) *OpenIdConnectIdentityTokenConfigurationItem
SetClientIds sets the ClientIds field's value.
func (s *OpenIdConnectIdentityTokenConfigurationItem) SetPrincipalIdClaim(v string) *OpenIdConnectIdentityTokenConfigurationItem
SetPrincipalIdClaim sets the PrincipalIdClaim field's value.
func (s OpenIdConnectIdentityTokenConfigurationItem) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type OpenIdConnectTokenSelection struct { // The OIDC configuration for processing access tokens. Contains allowed audience // claims, for example https://auth.example.com, and the claim that you want // to map to the principal, for example sub. AccessTokenOnly *OpenIdConnectAccessTokenConfiguration `locationName:"accessTokenOnly" type:"structure"` // The OIDC configuration for processing identity (ID) tokens. Contains allowed // client ID claims, for example 1example23456789, and the claim that you want // to map to the principal, for example sub. IdentityTokenOnly *OpenIdConnectIdentityTokenConfiguration `locationName:"identityTokenOnly" type:"structure"` // contains filtered or unexported fields }
The token type that you want to process from your OIDC identity provider. Your policy store can process either identity (ID) or access tokens from a given OIDC identity source.
This data type is part of a OpenIdConnectConfiguration (https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_OpenIdConnectConfiguration.html) structure, which is a parameter of CreateIdentitySource (https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_CreateIdentitySource.html).
func (s OpenIdConnectTokenSelection) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *OpenIdConnectTokenSelection) SetAccessTokenOnly(v *OpenIdConnectAccessTokenConfiguration) *OpenIdConnectTokenSelection
SetAccessTokenOnly sets the AccessTokenOnly field's value.
func (s *OpenIdConnectTokenSelection) SetIdentityTokenOnly(v *OpenIdConnectIdentityTokenConfiguration) *OpenIdConnectTokenSelection
SetIdentityTokenOnly sets the IdentityTokenOnly field's value.
func (s OpenIdConnectTokenSelection) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *OpenIdConnectTokenSelection) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type OpenIdConnectTokenSelectionDetail struct { // The OIDC configuration for processing access tokens. Contains allowed audience // claims, for example https://auth.example.com, and the claim that you want // to map to the principal, for example sub. AccessTokenOnly *OpenIdConnectAccessTokenConfigurationDetail `locationName:"accessTokenOnly" type:"structure"` // The OIDC configuration for processing identity (ID) tokens. Contains allowed // client ID claims, for example 1example23456789, and the claim that you want // to map to the principal, for example sub. IdentityTokenOnly *OpenIdConnectIdentityTokenConfigurationDetail `locationName:"identityTokenOnly" type:"structure"` // contains filtered or unexported fields }
The token type that you want to process from your OIDC identity provider. Your policy store can process either identity (ID) or access tokens from a given OIDC identity source.
This data type is part of a OpenIdConnectConfigurationDetail (https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_OpenIdConnectConfigurationDetail.html) structure, which is a parameter of GetIdentitySource (https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_GetIdentitySource.html).
func (s OpenIdConnectTokenSelectionDetail) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *OpenIdConnectTokenSelectionDetail) SetAccessTokenOnly(v *OpenIdConnectAccessTokenConfigurationDetail) *OpenIdConnectTokenSelectionDetail
SetAccessTokenOnly sets the AccessTokenOnly field's value.
func (s *OpenIdConnectTokenSelectionDetail) SetIdentityTokenOnly(v *OpenIdConnectIdentityTokenConfigurationDetail) *OpenIdConnectTokenSelectionDetail
SetIdentityTokenOnly sets the IdentityTokenOnly field's value.
func (s OpenIdConnectTokenSelectionDetail) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type OpenIdConnectTokenSelectionItem struct { // The OIDC configuration for processing access tokens. Contains allowed audience // claims, for example https://auth.example.com, and the claim that you want // to map to the principal, for example sub. AccessTokenOnly *OpenIdConnectAccessTokenConfigurationItem `locationName:"accessTokenOnly" type:"structure"` // The OIDC configuration for processing identity (ID) tokens. Contains allowed // client ID claims, for example 1example23456789, and the claim that you want // to map to the principal, for example sub. IdentityTokenOnly *OpenIdConnectIdentityTokenConfigurationItem `locationName:"identityTokenOnly" type:"structure"` // contains filtered or unexported fields }
The token type that you want to process from your OIDC identity provider. Your policy store can process either identity (ID) or access tokens from a given OIDC identity source.
This data type is part of a OpenIdConnectConfigurationItem (https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_OpenIdConnectConfigurationItem.html) structure, which is a parameter of ListIdentitySources (http://amazonaws.com/verifiedpermissions/latest/apireference/API_ListIdentitySources.html).
func (s OpenIdConnectTokenSelectionItem) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *OpenIdConnectTokenSelectionItem) SetAccessTokenOnly(v *OpenIdConnectAccessTokenConfigurationItem) *OpenIdConnectTokenSelectionItem
SetAccessTokenOnly sets the AccessTokenOnly field's value.
func (s *OpenIdConnectTokenSelectionItem) SetIdentityTokenOnly(v *OpenIdConnectIdentityTokenConfigurationItem) *OpenIdConnectTokenSelectionItem
SetIdentityTokenOnly sets the IdentityTokenOnly field's value.
func (s OpenIdConnectTokenSelectionItem) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type PolicyDefinition struct { // A structure that describes a static policy. An static policy doesn't use // a template or allow placeholders for entities. Static *StaticPolicyDefinition `locationName:"static" type:"structure"` // A structure that describes a policy that was instantiated from a template. // The template can specify placeholders for principal and resource. When you // use CreatePolicy (https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_CreatePolicy.html) // to create a policy from a template, you specify the exact principal and resource // to use for the instantiated policy. TemplateLinked *TemplateLinkedPolicyDefinition `locationName:"templateLinked" type:"structure"` // contains filtered or unexported fields }
A structure that contains the details for a Cedar policy definition. It includes the policy type, a description, and a policy body. This is a top level data type used to create a policy.
This data type is used as a request parameter for the CreatePolicy (https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_CreatePolicy.html) operation. This structure must always have either an static or a templateLinked element.
func (s PolicyDefinition) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *PolicyDefinition) SetStatic(v *StaticPolicyDefinition) *PolicyDefinition
SetStatic sets the Static field's value.
func (s *PolicyDefinition) SetTemplateLinked(v *TemplateLinkedPolicyDefinition) *PolicyDefinition
SetTemplateLinked sets the TemplateLinked field's value.
func (s PolicyDefinition) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *PolicyDefinition) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type PolicyDefinitionDetail struct { // Information about a static policy that wasn't created with a policy template. Static *StaticPolicyDefinitionDetail `locationName:"static" type:"structure"` // Information about a template-linked policy that was created by instantiating // a policy template. TemplateLinked *TemplateLinkedPolicyDefinitionDetail `locationName:"templateLinked" type:"structure"` // contains filtered or unexported fields }
A structure that describes a policy definition. It must always have either an static or a templateLinked element.
This data type is used as a response parameter for the GetPolicy (https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_GetPolicy.html) operation.
func (s PolicyDefinitionDetail) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *PolicyDefinitionDetail) SetStatic(v *StaticPolicyDefinitionDetail) *PolicyDefinitionDetail
SetStatic sets the Static field's value.
func (s *PolicyDefinitionDetail) SetTemplateLinked(v *TemplateLinkedPolicyDefinitionDetail) *PolicyDefinitionDetail
SetTemplateLinked sets the TemplateLinked field's value.
func (s PolicyDefinitionDetail) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type PolicyDefinitionItem struct { // Information about a static policy that wasn't created with a policy template. Static *StaticPolicyDefinitionItem `locationName:"static" type:"structure"` // Information about a template-linked policy that was created by instantiating // a policy template. TemplateLinked *TemplateLinkedPolicyDefinitionItem `locationName:"templateLinked" type:"structure"` // contains filtered or unexported fields }
A structure that describes a PolicyDefinintion (https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_PolicyDefinintion.html). It will always have either an StaticPolicy or a TemplateLinkedPolicy element.
This data type is used as a response parameter for the CreatePolicy (https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_CreatePolicy.html) and ListPolicies (https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_ListPolicies.html) operations.
func (s PolicyDefinitionItem) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *PolicyDefinitionItem) SetStatic(v *StaticPolicyDefinitionItem) *PolicyDefinitionItem
SetStatic sets the Static field's value.
func (s *PolicyDefinitionItem) SetTemplateLinked(v *TemplateLinkedPolicyDefinitionItem) *PolicyDefinitionItem
SetTemplateLinked sets the TemplateLinked field's value.
func (s PolicyDefinitionItem) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type PolicyFilter struct { // Filters the output to only template-linked policies that were instantiated // from the specified policy template. PolicyTemplateId *string `locationName:"policyTemplateId" min:"1" type:"string"` // Filters the output to only policies of the specified type. PolicyType *string `locationName:"policyType" type:"string" enum:"PolicyType"` // Filters the output to only policies that reference the specified principal. Principal *EntityReference `locationName:"principal" type:"structure"` // Filters the output to only policies that reference the specified resource. Resource *EntityReference `locationName:"resource" type:"structure"` // contains filtered or unexported fields }
Contains information about a filter to refine policies returned in a query.
This data type is used as a response parameter for the ListPolicies (https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_ListPolicies.html) operation.
func (s PolicyFilter) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *PolicyFilter) SetPolicyTemplateId(v string) *PolicyFilter
SetPolicyTemplateId sets the PolicyTemplateId field's value.
func (s *PolicyFilter) SetPolicyType(v string) *PolicyFilter
SetPolicyType sets the PolicyType field's value.
func (s *PolicyFilter) SetPrincipal(v *EntityReference) *PolicyFilter
SetPrincipal sets the Principal field's value.
func (s *PolicyFilter) SetResource(v *EntityReference) *PolicyFilter
SetResource sets the Resource field's value.
func (s PolicyFilter) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *PolicyFilter) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type PolicyItem struct { // The action that a policy permits or forbids. For example, {"actions": [{"actionId": // "ViewPhoto", "actionType": "PhotoFlash::Action"}, {"entityID": "SharePhoto", // "entityType": "PhotoFlash::Action"}]}. Actions []*ActionIdentifier `locationName:"actions" type:"list"` // The date and time the policy was created. // // CreatedDate is a required field CreatedDate *time.Time `locationName:"createdDate" type:"timestamp" timestampFormat:"iso8601" required:"true"` // The policy definition of an item in the list of policies returned. // // Definition is a required field Definition *PolicyDefinitionItem `locationName:"definition" type:"structure" required:"true"` // The effect of the decision that a policy returns to an authorization request. // For example, "effect": "Permit". Effect *string `locationName:"effect" type:"string" enum:"PolicyEffect"` // The date and time the policy was most recently updated. // // LastUpdatedDate is a required field LastUpdatedDate *time.Time `locationName:"lastUpdatedDate" type:"timestamp" timestampFormat:"iso8601" required:"true"` // The identifier of the policy you want information about. // // PolicyId is a required field PolicyId *string `locationName:"policyId" min:"1" type:"string" required:"true"` // The identifier of the PolicyStore where the policy you want information about // is stored. // // PolicyStoreId is a required field PolicyStoreId *string `locationName:"policyStoreId" min:"1" type:"string" required:"true"` // The type of the policy. This is one of the following values: // // * static // // * templateLinked // // PolicyType is a required field PolicyType *string `locationName:"policyType" type:"string" required:"true" enum:"PolicyType"` // The principal associated with the policy. Principal *EntityIdentifier `locationName:"principal" type:"structure"` // The resource associated with the policy. Resource *EntityIdentifier `locationName:"resource" type:"structure"` // contains filtered or unexported fields }
Contains information about a policy.
This data type is used as a response parameter for the ListPolicies (https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_ListPolicies.html) operation.
func (s PolicyItem) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *PolicyItem) SetActions(v []*ActionIdentifier) *PolicyItem
SetActions sets the Actions field's value.
func (s *PolicyItem) SetCreatedDate(v time.Time) *PolicyItem
SetCreatedDate sets the CreatedDate field's value.
func (s *PolicyItem) SetDefinition(v *PolicyDefinitionItem) *PolicyItem
SetDefinition sets the Definition field's value.
func (s *PolicyItem) SetEffect(v string) *PolicyItem
SetEffect sets the Effect field's value.
func (s *PolicyItem) SetLastUpdatedDate(v time.Time) *PolicyItem
SetLastUpdatedDate sets the LastUpdatedDate field's value.
func (s *PolicyItem) SetPolicyId(v string) *PolicyItem
SetPolicyId sets the PolicyId field's value.
func (s *PolicyItem) SetPolicyStoreId(v string) *PolicyItem
SetPolicyStoreId sets the PolicyStoreId field's value.
func (s *PolicyItem) SetPolicyType(v string) *PolicyItem
SetPolicyType sets the PolicyType field's value.
func (s *PolicyItem) SetPrincipal(v *EntityIdentifier) *PolicyItem
SetPrincipal sets the Principal field's value.
func (s *PolicyItem) SetResource(v *EntityIdentifier) *PolicyItem
SetResource sets the Resource field's value.
func (s PolicyItem) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type PolicyStoreItem struct { // The Amazon Resource Name (ARN) of the policy store. // // Arn is a required field Arn *string `locationName:"arn" min:"1" type:"string" required:"true"` // The date and time the policy was created. // // CreatedDate is a required field CreatedDate *time.Time `locationName:"createdDate" type:"timestamp" timestampFormat:"iso8601" required:"true"` // Descriptive text that you can provide to help with identification of the // current policy store. // // Description is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by PolicyStoreItem's // String and GoString methods. Description *string `locationName:"description" type:"string" sensitive:"true"` // The date and time the policy store was most recently updated. LastUpdatedDate *time.Time `locationName:"lastUpdatedDate" type:"timestamp" timestampFormat:"iso8601"` // The unique identifier of the policy store. // // PolicyStoreId is a required field PolicyStoreId *string `locationName:"policyStoreId" min:"1" type:"string" required:"true"` // contains filtered or unexported fields }
Contains information about a policy store.
This data type is used as a response parameter for the ListPolicyStores (https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_ListPolicyStores.html) operation.
func (s PolicyStoreItem) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *PolicyStoreItem) SetArn(v string) *PolicyStoreItem
SetArn sets the Arn field's value.
func (s *PolicyStoreItem) SetCreatedDate(v time.Time) *PolicyStoreItem
SetCreatedDate sets the CreatedDate field's value.
func (s *PolicyStoreItem) SetDescription(v string) *PolicyStoreItem
SetDescription sets the Description field's value.
func (s *PolicyStoreItem) SetLastUpdatedDate(v time.Time) *PolicyStoreItem
SetLastUpdatedDate sets the LastUpdatedDate field's value.
func (s *PolicyStoreItem) SetPolicyStoreId(v string) *PolicyStoreItem
SetPolicyStoreId sets the PolicyStoreId field's value.
func (s PolicyStoreItem) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type PolicyTemplateItem struct { // The date and time that the policy template was created. // // CreatedDate is a required field CreatedDate *time.Time `locationName:"createdDate" type:"timestamp" timestampFormat:"iso8601" required:"true"` // The description attached to the policy template. // // Description is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by PolicyTemplateItem's // String and GoString methods. Description *string `locationName:"description" type:"string" sensitive:"true"` // The date and time that the policy template was most recently updated. // // LastUpdatedDate is a required field LastUpdatedDate *time.Time `locationName:"lastUpdatedDate" type:"timestamp" timestampFormat:"iso8601" required:"true"` // The unique identifier of the policy store that contains the template. // // PolicyStoreId is a required field PolicyStoreId *string `locationName:"policyStoreId" min:"1" type:"string" required:"true"` // The unique identifier of the policy template. // // PolicyTemplateId is a required field PolicyTemplateId *string `locationName:"policyTemplateId" min:"1" type:"string" required:"true"` // contains filtered or unexported fields }
Contains details about a policy template
This data type is used as a response parameter for the ListPolicyTemplates (https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_ListPolicyTemplates.html) operation.
func (s PolicyTemplateItem) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *PolicyTemplateItem) SetCreatedDate(v time.Time) *PolicyTemplateItem
SetCreatedDate sets the CreatedDate field's value.
func (s *PolicyTemplateItem) SetDescription(v string) *PolicyTemplateItem
SetDescription sets the Description field's value.
func (s *PolicyTemplateItem) SetLastUpdatedDate(v time.Time) *PolicyTemplateItem
SetLastUpdatedDate sets the LastUpdatedDate field's value.
func (s *PolicyTemplateItem) SetPolicyStoreId(v string) *PolicyTemplateItem
SetPolicyStoreId sets the PolicyStoreId field's value.
func (s *PolicyTemplateItem) SetPolicyTemplateId(v string) *PolicyTemplateItem
SetPolicyTemplateId sets the PolicyTemplateId field's value.
func (s PolicyTemplateItem) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type PutSchemaInput struct { // Specifies the definition of the schema to be stored. The schema definition // must be written in Cedar schema JSON. // // Definition is a required field Definition *SchemaDefinition `locationName:"definition" type:"structure" required:"true"` // Specifies the ID of the policy store in which to place the schema. // // PolicyStoreId is a required field PolicyStoreId *string `locationName:"policyStoreId" min:"1" type:"string" required:"true"` // contains filtered or unexported fields }
func (s PutSchemaInput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *PutSchemaInput) SetDefinition(v *SchemaDefinition) *PutSchemaInput
SetDefinition sets the Definition field's value.
func (s *PutSchemaInput) SetPolicyStoreId(v string) *PutSchemaInput
SetPolicyStoreId sets the PolicyStoreId field's value.
func (s PutSchemaInput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *PutSchemaInput) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type PutSchemaOutput struct { // The date and time that the schema was originally created. // // CreatedDate is a required field CreatedDate *time.Time `locationName:"createdDate" type:"timestamp" timestampFormat:"iso8601" required:"true"` // The date and time that the schema was last updated. // // LastUpdatedDate is a required field LastUpdatedDate *time.Time `locationName:"lastUpdatedDate" type:"timestamp" timestampFormat:"iso8601" required:"true"` // Identifies the namespaces of the entities referenced by this schema. // // Namespaces is a required field Namespaces []*string `locationName:"namespaces" type:"list" required:"true" sensitive:"true"` // The unique ID of the policy store that contains the schema. // // PolicyStoreId is a required field PolicyStoreId *string `locationName:"policyStoreId" min:"1" type:"string" required:"true"` // contains filtered or unexported fields }
func (s PutSchemaOutput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *PutSchemaOutput) SetCreatedDate(v time.Time) *PutSchemaOutput
SetCreatedDate sets the CreatedDate field's value.
func (s *PutSchemaOutput) SetLastUpdatedDate(v time.Time) *PutSchemaOutput
SetLastUpdatedDate sets the LastUpdatedDate field's value.
func (s *PutSchemaOutput) SetNamespaces(v []*string) *PutSchemaOutput
SetNamespaces sets the Namespaces field's value.
func (s *PutSchemaOutput) SetPolicyStoreId(v string) *PutSchemaOutput
SetPolicyStoreId sets the PolicyStoreId field's value.
func (s PutSchemaOutput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type ResourceConflict struct { // The unique identifier of the resource involved in a conflict. // // ResourceId is a required field ResourceId *string `locationName:"resourceId" type:"string" required:"true"` // The type of the resource involved in a conflict. // // ResourceType is a required field ResourceType *string `locationName:"resourceType" type:"string" required:"true" enum:"ResourceType"` // contains filtered or unexported fields }
Contains information about a resource conflict.
func (s ResourceConflict) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *ResourceConflict) SetResourceId(v string) *ResourceConflict
SetResourceId sets the ResourceId field's value.
func (s *ResourceConflict) SetResourceType(v string) *ResourceConflict
SetResourceType sets the ResourceType field's value.
func (s ResourceConflict) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type ResourceNotFoundException struct { RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` Message_ *string `locationName:"message" type:"string"` // The unique ID of the resource referenced in the failed request. // // ResourceId is a required field ResourceId *string `locationName:"resourceId" type:"string" required:"true"` // The resource type of the resource referenced in the failed request. // // ResourceType is a required field ResourceType *string `locationName:"resourceType" type:"string" required:"true" enum:"ResourceType"` // contains filtered or unexported fields }
The request failed because it references a resource that doesn't exist.
func (s *ResourceNotFoundException) Code() string
Code returns the exception type name.
func (s *ResourceNotFoundException) Error() string
func (s ResourceNotFoundException) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *ResourceNotFoundException) Message() string
Message returns the exception's message.
func (s *ResourceNotFoundException) OrigErr() error
OrigErr always returns nil, satisfies awserr.Error interface.
func (s *ResourceNotFoundException) RequestID() string
RequestID returns the service's response RequestID for request.
func (s *ResourceNotFoundException) StatusCode() int
Status code returns the HTTP status code for the request's response error.
func (s ResourceNotFoundException) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type SchemaDefinition struct { // A JSON string representation of the schema supported by applications that // use this policy store. For more information, see Policy store schema (https://docs.aws.amazon.com/verifiedpermissions/latest/userguide/schema.html) // in the Amazon Verified Permissions User Guide. // // CedarJson is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by SchemaDefinition's // String and GoString methods. CedarJson *string `locationName:"cedarJson" min:"1" type:"string" sensitive:"true"` // contains filtered or unexported fields }
Contains a list of principal types, resource types, and actions that can be specified in policies stored in the same policy store. If the validation mode for the policy store is set to STRICT, then policies that can't be validated by this schema are rejected by Verified Permissions and can't be stored in the policy store.
func (s SchemaDefinition) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *SchemaDefinition) SetCedarJson(v string) *SchemaDefinition
SetCedarJson sets the CedarJson field's value.
func (s SchemaDefinition) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *SchemaDefinition) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type ServiceQuotaExceededException struct { RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` Message_ *string `locationName:"message" type:"string"` // The quota code recognized by the Amazon Web Services Service Quotas service. QuotaCode *string `locationName:"quotaCode" type:"string"` // The unique ID of the resource referenced in the failed request. ResourceId *string `locationName:"resourceId" type:"string"` // The resource type of the resource referenced in the failed request. // // ResourceType is a required field ResourceType *string `locationName:"resourceType" type:"string" required:"true" enum:"ResourceType"` // The code for the Amazon Web Service that owns the quota. ServiceCode *string `locationName:"serviceCode" type:"string"` // contains filtered or unexported fields }
The request failed because it would cause a service quota to be exceeded.
func (s *ServiceQuotaExceededException) Code() string
Code returns the exception type name.
func (s *ServiceQuotaExceededException) Error() string
func (s ServiceQuotaExceededException) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *ServiceQuotaExceededException) Message() string
Message returns the exception's message.
func (s *ServiceQuotaExceededException) OrigErr() error
OrigErr always returns nil, satisfies awserr.Error interface.
func (s *ServiceQuotaExceededException) RequestID() string
RequestID returns the service's response RequestID for request.
func (s *ServiceQuotaExceededException) StatusCode() int
Status code returns the HTTP status code for the request's response error.
func (s ServiceQuotaExceededException) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type StaticPolicyDefinition struct { // The description of the static policy. // // Description is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by StaticPolicyDefinition's // String and GoString methods. Description *string `locationName:"description" type:"string" sensitive:"true"` // The policy content of the static policy, written in the Cedar policy language. // // Statement is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by StaticPolicyDefinition's // String and GoString methods. // // Statement is a required field Statement *string `locationName:"statement" min:"1" type:"string" required:"true" sensitive:"true"` // contains filtered or unexported fields }
Contains information about a static policy.
This data type is used as a field that is part of the PolicyDefinitionDetail (https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_PolicyDefinitionDetail.html) type.
func (s StaticPolicyDefinition) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *StaticPolicyDefinition) SetDescription(v string) *StaticPolicyDefinition
SetDescription sets the Description field's value.
func (s *StaticPolicyDefinition) SetStatement(v string) *StaticPolicyDefinition
SetStatement sets the Statement field's value.
func (s StaticPolicyDefinition) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *StaticPolicyDefinition) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type StaticPolicyDefinitionDetail struct { // A description of the static policy. // // Description is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by StaticPolicyDefinitionDetail's // String and GoString methods. Description *string `locationName:"description" type:"string" sensitive:"true"` // The content of the static policy written in the Cedar policy language. // // Statement is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by StaticPolicyDefinitionDetail's // String and GoString methods. // // Statement is a required field Statement *string `locationName:"statement" min:"1" type:"string" required:"true" sensitive:"true"` // contains filtered or unexported fields }
A structure that contains details about a static policy. It includes the description and policy body.
This data type is used within a PolicyDefinition (https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_PolicyDefinition.html) structure as part of a request parameter for the CreatePolicy (https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_CreatePolicy.html) operation.
func (s StaticPolicyDefinitionDetail) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *StaticPolicyDefinitionDetail) SetDescription(v string) *StaticPolicyDefinitionDetail
SetDescription sets the Description field's value.
func (s *StaticPolicyDefinitionDetail) SetStatement(v string) *StaticPolicyDefinitionDetail
SetStatement sets the Statement field's value.
func (s StaticPolicyDefinitionDetail) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type StaticPolicyDefinitionItem struct { // A description of the static policy. // // Description is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by StaticPolicyDefinitionItem's // String and GoString methods. Description *string `locationName:"description" type:"string" sensitive:"true"` // contains filtered or unexported fields }
A structure that contains details about a static policy. It includes the description and policy statement.
This data type is used within a PolicyDefinition (https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_PolicyDefinition.html) structure as part of a request parameter for the CreatePolicy (https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_CreatePolicy.html) operation.
func (s StaticPolicyDefinitionItem) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *StaticPolicyDefinitionItem) SetDescription(v string) *StaticPolicyDefinitionItem
SetDescription sets the Description field's value.
func (s StaticPolicyDefinitionItem) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type TemplateLinkedPolicyDefinition struct { // The unique identifier of the policy template used to create this policy. // // PolicyTemplateId is a required field PolicyTemplateId *string `locationName:"policyTemplateId" min:"1" type:"string" required:"true"` // The principal associated with this template-linked policy. Verified Permissions // substitutes this principal for the ?principal placeholder in the policy template // when it evaluates an authorization request. Principal *EntityIdentifier `locationName:"principal" type:"structure"` // The resource associated with this template-linked policy. Verified Permissions // substitutes this resource for the ?resource placeholder in the policy template // when it evaluates an authorization request. Resource *EntityIdentifier `locationName:"resource" type:"structure"` // contains filtered or unexported fields }
Contains information about a policy created by instantiating a policy template.
func (s TemplateLinkedPolicyDefinition) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *TemplateLinkedPolicyDefinition) SetPolicyTemplateId(v string) *TemplateLinkedPolicyDefinition
SetPolicyTemplateId sets the PolicyTemplateId field's value.
func (s *TemplateLinkedPolicyDefinition) SetPrincipal(v *EntityIdentifier) *TemplateLinkedPolicyDefinition
SetPrincipal sets the Principal field's value.
func (s *TemplateLinkedPolicyDefinition) SetResource(v *EntityIdentifier) *TemplateLinkedPolicyDefinition
SetResource sets the Resource field's value.
func (s TemplateLinkedPolicyDefinition) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *TemplateLinkedPolicyDefinition) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type TemplateLinkedPolicyDefinitionDetail struct { // The unique identifier of the policy template used to create this policy. // // PolicyTemplateId is a required field PolicyTemplateId *string `locationName:"policyTemplateId" min:"1" type:"string" required:"true"` // The principal associated with this template-linked policy. Verified Permissions // substitutes this principal for the ?principal placeholder in the policy template // when it evaluates an authorization request. Principal *EntityIdentifier `locationName:"principal" type:"structure"` // The resource associated with this template-linked policy. Verified Permissions // substitutes this resource for the ?resource placeholder in the policy template // when it evaluates an authorization request. Resource *EntityIdentifier `locationName:"resource" type:"structure"` // contains filtered or unexported fields }
Contains information about a policy that was created by instantiating a policy template.
func (s TemplateLinkedPolicyDefinitionDetail) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *TemplateLinkedPolicyDefinitionDetail) SetPolicyTemplateId(v string) *TemplateLinkedPolicyDefinitionDetail
SetPolicyTemplateId sets the PolicyTemplateId field's value.
func (s *TemplateLinkedPolicyDefinitionDetail) SetPrincipal(v *EntityIdentifier) *TemplateLinkedPolicyDefinitionDetail
SetPrincipal sets the Principal field's value.
func (s *TemplateLinkedPolicyDefinitionDetail) SetResource(v *EntityIdentifier) *TemplateLinkedPolicyDefinitionDetail
SetResource sets the Resource field's value.
func (s TemplateLinkedPolicyDefinitionDetail) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type TemplateLinkedPolicyDefinitionItem struct { // The unique identifier of the policy template used to create this policy. // // PolicyTemplateId is a required field PolicyTemplateId *string `locationName:"policyTemplateId" min:"1" type:"string" required:"true"` // The principal associated with this template-linked policy. Verified Permissions // substitutes this principal for the ?principal placeholder in the policy template // when it evaluates an authorization request. Principal *EntityIdentifier `locationName:"principal" type:"structure"` // The resource associated with this template-linked policy. Verified Permissions // substitutes this resource for the ?resource placeholder in the policy template // when it evaluates an authorization request. Resource *EntityIdentifier `locationName:"resource" type:"structure"` // contains filtered or unexported fields }
Contains information about a policy created by instantiating a policy template.
This
func (s TemplateLinkedPolicyDefinitionItem) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *TemplateLinkedPolicyDefinitionItem) SetPolicyTemplateId(v string) *TemplateLinkedPolicyDefinitionItem
SetPolicyTemplateId sets the PolicyTemplateId field's value.
func (s *TemplateLinkedPolicyDefinitionItem) SetPrincipal(v *EntityIdentifier) *TemplateLinkedPolicyDefinitionItem
SetPrincipal sets the Principal field's value.
func (s *TemplateLinkedPolicyDefinitionItem) SetResource(v *EntityIdentifier) *TemplateLinkedPolicyDefinitionItem
SetResource sets the Resource field's value.
func (s TemplateLinkedPolicyDefinitionItem) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type ThrottlingException struct { RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` Message_ *string `locationName:"message" type:"string"` // The quota code recognized by the Amazon Web Services Service Quotas service. QuotaCode *string `locationName:"quotaCode" type:"string"` // The code for the Amazon Web Service that owns the quota. ServiceCode *string `locationName:"serviceCode" type:"string"` // contains filtered or unexported fields }
The request failed because it exceeded a throttling quota.
func (s *ThrottlingException) Code() string
Code returns the exception type name.
func (s *ThrottlingException) Error() string
func (s ThrottlingException) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *ThrottlingException) Message() string
Message returns the exception's message.
func (s *ThrottlingException) OrigErr() error
OrigErr always returns nil, satisfies awserr.Error interface.
func (s *ThrottlingException) RequestID() string
RequestID returns the service's response RequestID for request.
func (s *ThrottlingException) StatusCode() int
Status code returns the HTTP status code for the request's response error.
func (s ThrottlingException) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type UpdateCognitoGroupConfiguration struct { // The name of the schema entity type that's mapped to the user pool group. // Defaults to AWS::CognitoGroup. // // GroupEntityType is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by UpdateCognitoGroupConfiguration's // String and GoString methods. // // GroupEntityType is a required field GroupEntityType *string `locationName:"groupEntityType" min:"1" type:"string" required:"true" sensitive:"true"` // contains filtered or unexported fields }
The user group entities from an Amazon Cognito user pool identity source.
func (s UpdateCognitoGroupConfiguration) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *UpdateCognitoGroupConfiguration) SetGroupEntityType(v string) *UpdateCognitoGroupConfiguration
SetGroupEntityType sets the GroupEntityType field's value.
func (s UpdateCognitoGroupConfiguration) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *UpdateCognitoGroupConfiguration) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type UpdateCognitoUserPoolConfiguration struct { // The client ID of an app client that is configured for the specified Amazon // Cognito user pool. ClientIds []*string `locationName:"clientIds" type:"list" sensitive:"true"` // The configuration of the user groups from an Amazon Cognito user pool identity // source. GroupConfiguration *UpdateCognitoGroupConfiguration `locationName:"groupConfiguration" type:"structure"` // The Amazon Resource Name (ARN) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) // of the Amazon Cognito user pool associated with this identity source. // // UserPoolArn is a required field UserPoolArn *string `locationName:"userPoolArn" min:"1" type:"string" required:"true"` // contains filtered or unexported fields }
Contains configuration details of a Amazon Cognito user pool for use with an identity source.
func (s UpdateCognitoUserPoolConfiguration) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *UpdateCognitoUserPoolConfiguration) SetClientIds(v []*string) *UpdateCognitoUserPoolConfiguration
SetClientIds sets the ClientIds field's value.
func (s *UpdateCognitoUserPoolConfiguration) SetGroupConfiguration(v *UpdateCognitoGroupConfiguration) *UpdateCognitoUserPoolConfiguration
SetGroupConfiguration sets the GroupConfiguration field's value.
func (s *UpdateCognitoUserPoolConfiguration) SetUserPoolArn(v string) *UpdateCognitoUserPoolConfiguration
SetUserPoolArn sets the UserPoolArn field's value.
func (s UpdateCognitoUserPoolConfiguration) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *UpdateCognitoUserPoolConfiguration) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type UpdateConfiguration struct { // Contains configuration details of a Amazon Cognito user pool. CognitoUserPoolConfiguration *UpdateCognitoUserPoolConfiguration `locationName:"cognitoUserPoolConfiguration" type:"structure"` // Contains configuration details of an OpenID Connect (OIDC) identity provider, // or identity source, that Verified Permissions can use to generate entities // from authenticated identities. It specifies the issuer URL, token type that // you want to use, and policy store entity details. OpenIdConnectConfiguration *UpdateOpenIdConnectConfiguration `locationName:"openIdConnectConfiguration" type:"structure"` // contains filtered or unexported fields }
Contains an update to replace the configuration in an existing identity source.
func (s UpdateConfiguration) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *UpdateConfiguration) SetCognitoUserPoolConfiguration(v *UpdateCognitoUserPoolConfiguration) *UpdateConfiguration
SetCognitoUserPoolConfiguration sets the CognitoUserPoolConfiguration field's value.
func (s *UpdateConfiguration) SetOpenIdConnectConfiguration(v *UpdateOpenIdConnectConfiguration) *UpdateConfiguration
SetOpenIdConnectConfiguration sets the OpenIdConnectConfiguration field's value.
func (s UpdateConfiguration) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *UpdateConfiguration) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type UpdateIdentitySourceInput struct { // Specifies the ID of the identity source that you want to update. // // IdentitySourceId is a required field IdentitySourceId *string `locationName:"identitySourceId" min:"1" type:"string" required:"true"` // Specifies the ID of the policy store that contains the identity source that // you want to update. // // PolicyStoreId is a required field PolicyStoreId *string `locationName:"policyStoreId" min:"1" type:"string" required:"true"` // Specifies the data type of principals generated for identities authenticated // by the identity source. // // PrincipalEntityType is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by UpdateIdentitySourceInput's // String and GoString methods. PrincipalEntityType *string `locationName:"principalEntityType" min:"1" type:"string" sensitive:"true"` // Specifies the details required to communicate with the identity provider // (IdP) associated with this identity source. // // At this time, the only valid member of this structure is a Amazon Cognito // user pool configuration. // // You must specify a userPoolArn, and optionally, a ClientId. // // UpdateConfiguration is a required field UpdateConfiguration *UpdateConfiguration `locationName:"updateConfiguration" type:"structure" required:"true"` // contains filtered or unexported fields }
func (s UpdateIdentitySourceInput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *UpdateIdentitySourceInput) SetIdentitySourceId(v string) *UpdateIdentitySourceInput
SetIdentitySourceId sets the IdentitySourceId field's value.
func (s *UpdateIdentitySourceInput) SetPolicyStoreId(v string) *UpdateIdentitySourceInput
SetPolicyStoreId sets the PolicyStoreId field's value.
func (s *UpdateIdentitySourceInput) SetPrincipalEntityType(v string) *UpdateIdentitySourceInput
SetPrincipalEntityType sets the PrincipalEntityType field's value.
func (s *UpdateIdentitySourceInput) SetUpdateConfiguration(v *UpdateConfiguration) *UpdateIdentitySourceInput
SetUpdateConfiguration sets the UpdateConfiguration field's value.
func (s UpdateIdentitySourceInput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *UpdateIdentitySourceInput) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type UpdateIdentitySourceOutput struct { // The date and time that the updated identity source was originally created. // // CreatedDate is a required field CreatedDate *time.Time `locationName:"createdDate" type:"timestamp" timestampFormat:"iso8601" required:"true"` // The ID of the updated identity source. // // IdentitySourceId is a required field IdentitySourceId *string `locationName:"identitySourceId" min:"1" type:"string" required:"true"` // The date and time that the identity source was most recently updated. // // LastUpdatedDate is a required field LastUpdatedDate *time.Time `locationName:"lastUpdatedDate" type:"timestamp" timestampFormat:"iso8601" required:"true"` // The ID of the policy store that contains the updated identity source. // // PolicyStoreId is a required field PolicyStoreId *string `locationName:"policyStoreId" min:"1" type:"string" required:"true"` // contains filtered or unexported fields }
func (s UpdateIdentitySourceOutput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *UpdateIdentitySourceOutput) SetCreatedDate(v time.Time) *UpdateIdentitySourceOutput
SetCreatedDate sets the CreatedDate field's value.
func (s *UpdateIdentitySourceOutput) SetIdentitySourceId(v string) *UpdateIdentitySourceOutput
SetIdentitySourceId sets the IdentitySourceId field's value.
func (s *UpdateIdentitySourceOutput) SetLastUpdatedDate(v time.Time) *UpdateIdentitySourceOutput
SetLastUpdatedDate sets the LastUpdatedDate field's value.
func (s *UpdateIdentitySourceOutput) SetPolicyStoreId(v string) *UpdateIdentitySourceOutput
SetPolicyStoreId sets the PolicyStoreId field's value.
func (s UpdateIdentitySourceOutput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type UpdateOpenIdConnectAccessTokenConfiguration struct { // The access token aud claim values that you want to accept in your policy // store. For example, https://myapp.example.com, https://myapp2.example.com. Audiences []*string `locationName:"audiences" min:"1" type:"list"` // The claim that determines the principal in OIDC access tokens. For example, // sub. // // PrincipalIdClaim is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by UpdateOpenIdConnectAccessTokenConfiguration's // String and GoString methods. PrincipalIdClaim *string `locationName:"principalIdClaim" min:"1" type:"string" sensitive:"true"` // contains filtered or unexported fields }
The configuration of an OpenID Connect (OIDC) identity source for handling access token claims. Contains the claim that you want to identify as the principal in an authorization request, and the values of the aud claim, or audiences, that you want to accept.
This data type is part of a UpdateOpenIdConnectTokenSelection (https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_UpdateOpenIdConnectTokenSelection.html) structure, which is a parameter to UpdateIdentitySource (https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_UpdateIdentitySource.html).
func (s UpdateOpenIdConnectAccessTokenConfiguration) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *UpdateOpenIdConnectAccessTokenConfiguration) SetAudiences(v []*string) *UpdateOpenIdConnectAccessTokenConfiguration
SetAudiences sets the Audiences field's value.
func (s *UpdateOpenIdConnectAccessTokenConfiguration) SetPrincipalIdClaim(v string) *UpdateOpenIdConnectAccessTokenConfiguration
SetPrincipalIdClaim sets the PrincipalIdClaim field's value.
func (s UpdateOpenIdConnectAccessTokenConfiguration) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *UpdateOpenIdConnectAccessTokenConfiguration) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type UpdateOpenIdConnectConfiguration struct { // A descriptive string that you want to prefix to user entities from your OIDC // identity provider. For example, if you set an entityIdPrefix of MyOIDCProvider, // you can reference principals in your policies in the format MyCorp::User::MyOIDCProvider|Carlos. // // EntityIdPrefix is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by UpdateOpenIdConnectConfiguration's // String and GoString methods. EntityIdPrefix *string `locationName:"entityIdPrefix" min:"1" type:"string" sensitive:"true"` // The claim in OIDC identity provider tokens that indicates a user's group // membership, and the entity type that you want to map it to. For example, // this object can map the contents of a groups claim to MyCorp::UserGroup. GroupConfiguration *UpdateOpenIdConnectGroupConfiguration `locationName:"groupConfiguration" type:"structure"` // The issuer URL of an OIDC identity provider. This URL must have an OIDC discovery // endpoint at the path .well-known/openid-configuration. // // Issuer is a required field Issuer *string `locationName:"issuer" min:"1" type:"string" required:"true"` // The token type that you want to process from your OIDC identity provider. // Your policy store can process either identity (ID) or access tokens from // a given OIDC identity source. // // TokenSelection is a required field TokenSelection *UpdateOpenIdConnectTokenSelection `locationName:"tokenSelection" type:"structure" required:"true"` // contains filtered or unexported fields }
Contains configuration details of an OpenID Connect (OIDC) identity provider, or identity source, that Verified Permissions can use to generate entities from authenticated identities. It specifies the issuer URL, token type that you want to use, and policy store entity details.
This data type is part of a UpdateConfiguration (https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_UpdateConfiguration.html) structure, which is a parameter to UpdateIdentitySource (https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_UpdateIdentitySource.html).
func (s UpdateOpenIdConnectConfiguration) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *UpdateOpenIdConnectConfiguration) SetEntityIdPrefix(v string) *UpdateOpenIdConnectConfiguration
SetEntityIdPrefix sets the EntityIdPrefix field's value.
func (s *UpdateOpenIdConnectConfiguration) SetGroupConfiguration(v *UpdateOpenIdConnectGroupConfiguration) *UpdateOpenIdConnectConfiguration
SetGroupConfiguration sets the GroupConfiguration field's value.
func (s *UpdateOpenIdConnectConfiguration) SetIssuer(v string) *UpdateOpenIdConnectConfiguration
SetIssuer sets the Issuer field's value.
func (s *UpdateOpenIdConnectConfiguration) SetTokenSelection(v *UpdateOpenIdConnectTokenSelection) *UpdateOpenIdConnectConfiguration
SetTokenSelection sets the TokenSelection field's value.
func (s UpdateOpenIdConnectConfiguration) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *UpdateOpenIdConnectConfiguration) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type UpdateOpenIdConnectGroupConfiguration struct { // The token claim that you want Verified Permissions to interpret as group // membership. For example, groups. // // GroupClaim is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by UpdateOpenIdConnectGroupConfiguration's // String and GoString methods. // // GroupClaim is a required field GroupClaim *string `locationName:"groupClaim" min:"1" type:"string" required:"true" sensitive:"true"` // The policy store entity type that you want to map your users' group claim // to. For example, MyCorp::UserGroup. A group entity type is an entity that // can have a user entity type as a member. // // GroupEntityType is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by UpdateOpenIdConnectGroupConfiguration's // String and GoString methods. // // GroupEntityType is a required field GroupEntityType *string `locationName:"groupEntityType" min:"1" type:"string" required:"true" sensitive:"true"` // contains filtered or unexported fields }
The claim in OIDC identity provider tokens that indicates a user's group membership, and the entity type that you want to map it to. For example, this object can map the contents of a groups claim to MyCorp::UserGroup.
This data type is part of a UpdateOpenIdConnectConfiguration (https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_UpdateOpenIdConnectConfiguration.html) structure, which is a parameter to UpdateIdentitySource (https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_UpdateIdentitySource.html).
func (s UpdateOpenIdConnectGroupConfiguration) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *UpdateOpenIdConnectGroupConfiguration) SetGroupClaim(v string) *UpdateOpenIdConnectGroupConfiguration
SetGroupClaim sets the GroupClaim field's value.
func (s *UpdateOpenIdConnectGroupConfiguration) SetGroupEntityType(v string) *UpdateOpenIdConnectGroupConfiguration
SetGroupEntityType sets the GroupEntityType field's value.
func (s UpdateOpenIdConnectGroupConfiguration) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *UpdateOpenIdConnectGroupConfiguration) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type UpdateOpenIdConnectIdentityTokenConfiguration struct { // The ID token audience, or client ID, claim values that you want to accept // in your policy store from an OIDC identity provider. For example, 1example23456789, // 2example10111213. ClientIds []*string `locationName:"clientIds" type:"list" sensitive:"true"` // The claim that determines the principal in OIDC access tokens. For example, // sub. // // PrincipalIdClaim is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by UpdateOpenIdConnectIdentityTokenConfiguration's // String and GoString methods. PrincipalIdClaim *string `locationName:"principalIdClaim" min:"1" type:"string" sensitive:"true"` // contains filtered or unexported fields }
The configuration of an OpenID Connect (OIDC) identity source for handling identity (ID) token claims. Contains the claim that you want to identify as the principal in an authorization request, and the values of the aud claim, or audiences, that you want to accept.
This data type is part of a UpdateOpenIdConnectTokenSelection (https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_UpdateOpenIdConnectTokenSelection.html) structure, which is a parameter to UpdateIdentitySource (https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_UpdateIdentitySource.html).
func (s UpdateOpenIdConnectIdentityTokenConfiguration) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *UpdateOpenIdConnectIdentityTokenConfiguration) SetClientIds(v []*string) *UpdateOpenIdConnectIdentityTokenConfiguration
SetClientIds sets the ClientIds field's value.
func (s *UpdateOpenIdConnectIdentityTokenConfiguration) SetPrincipalIdClaim(v string) *UpdateOpenIdConnectIdentityTokenConfiguration
SetPrincipalIdClaim sets the PrincipalIdClaim field's value.
func (s UpdateOpenIdConnectIdentityTokenConfiguration) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *UpdateOpenIdConnectIdentityTokenConfiguration) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type UpdateOpenIdConnectTokenSelection struct { // The OIDC configuration for processing access tokens. Contains allowed audience // claims, for example https://auth.example.com, and the claim that you want // to map to the principal, for example sub. AccessTokenOnly *UpdateOpenIdConnectAccessTokenConfiguration `locationName:"accessTokenOnly" type:"structure"` // The OIDC configuration for processing identity (ID) tokens. Contains allowed // client ID claims, for example 1example23456789, and the claim that you want // to map to the principal, for example sub. IdentityTokenOnly *UpdateOpenIdConnectIdentityTokenConfiguration `locationName:"identityTokenOnly" type:"structure"` // contains filtered or unexported fields }
The token type that you want to process from your OIDC identity provider. Your policy store can process either identity (ID) or access tokens from a given OIDC identity source.
This data type is part of a UpdateOpenIdConnectConfiguration (https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_UpdateOpenIdConnectConfiguration.html) structure, which is a parameter to UpdateIdentitySource (https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_UpdateIdentitySource.html).
func (s UpdateOpenIdConnectTokenSelection) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *UpdateOpenIdConnectTokenSelection) SetAccessTokenOnly(v *UpdateOpenIdConnectAccessTokenConfiguration) *UpdateOpenIdConnectTokenSelection
SetAccessTokenOnly sets the AccessTokenOnly field's value.
func (s *UpdateOpenIdConnectTokenSelection) SetIdentityTokenOnly(v *UpdateOpenIdConnectIdentityTokenConfiguration) *UpdateOpenIdConnectTokenSelection
SetIdentityTokenOnly sets the IdentityTokenOnly field's value.
func (s UpdateOpenIdConnectTokenSelection) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *UpdateOpenIdConnectTokenSelection) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type UpdatePolicyDefinition struct { // Contains details about the updates to be applied to a static policy. Static *UpdateStaticPolicyDefinition `locationName:"static" type:"structure"` // contains filtered or unexported fields }
Contains information about updates to be applied to a policy.
This data type is used as a request parameter in the UpdatePolicy (https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_UpdatePolicy.html) operation.
func (s UpdatePolicyDefinition) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *UpdatePolicyDefinition) SetStatic(v *UpdateStaticPolicyDefinition) *UpdatePolicyDefinition
SetStatic sets the Static field's value.
func (s UpdatePolicyDefinition) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *UpdatePolicyDefinition) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type UpdatePolicyInput struct { // Specifies the updated policy content that you want to replace on the specified // policy. The content must be valid Cedar policy language text. // // You can change only the following elements from the policy definition: // // * The action referenced by the policy. // // * Any conditional clauses, such as when or unless clauses. // // You can't change the following elements: // // * Changing from static to templateLinked. // // * Changing the effect of the policy from permit or forbid. // // * The principal referenced by the policy. // // * The resource referenced by the policy. // // Definition is a required field Definition *UpdatePolicyDefinition `locationName:"definition" type:"structure" required:"true"` // Specifies the ID of the policy that you want to update. To find this value, // you can use ListPolicies (https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_ListPolicies.html). // // PolicyId is a required field PolicyId *string `locationName:"policyId" min:"1" type:"string" required:"true"` // Specifies the ID of the policy store that contains the policy that you want // to update. // // PolicyStoreId is a required field PolicyStoreId *string `locationName:"policyStoreId" min:"1" type:"string" required:"true"` // contains filtered or unexported fields }
func (s UpdatePolicyInput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *UpdatePolicyInput) SetDefinition(v *UpdatePolicyDefinition) *UpdatePolicyInput
SetDefinition sets the Definition field's value.
func (s *UpdatePolicyInput) SetPolicyId(v string) *UpdatePolicyInput
SetPolicyId sets the PolicyId field's value.
func (s *UpdatePolicyInput) SetPolicyStoreId(v string) *UpdatePolicyInput
SetPolicyStoreId sets the PolicyStoreId field's value.
func (s UpdatePolicyInput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *UpdatePolicyInput) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type UpdatePolicyOutput struct { // The action that a policy permits or forbids. For example, {"actions": [{"actionId": // "ViewPhoto", "actionType": "PhotoFlash::Action"}, {"entityID": "SharePhoto", // "entityType": "PhotoFlash::Action"}]}. Actions []*ActionIdentifier `locationName:"actions" type:"list"` // The date and time that the policy was originally created. // // CreatedDate is a required field CreatedDate *time.Time `locationName:"createdDate" type:"timestamp" timestampFormat:"iso8601" required:"true"` // The effect of the decision that a policy returns to an authorization request. // For example, "effect": "Permit". Effect *string `locationName:"effect" type:"string" enum:"PolicyEffect"` // The date and time that the policy was most recently updated. // // LastUpdatedDate is a required field LastUpdatedDate *time.Time `locationName:"lastUpdatedDate" type:"timestamp" timestampFormat:"iso8601" required:"true"` // The ID of the policy that was updated. // // PolicyId is a required field PolicyId *string `locationName:"policyId" min:"1" type:"string" required:"true"` // The ID of the policy store that contains the policy that was updated. // // PolicyStoreId is a required field PolicyStoreId *string `locationName:"policyStoreId" min:"1" type:"string" required:"true"` // The type of the policy that was updated. // // PolicyType is a required field PolicyType *string `locationName:"policyType" type:"string" required:"true" enum:"PolicyType"` // The principal specified in the policy's scope. This element isn't included // in the response when Principal isn't present in the policy content. Principal *EntityIdentifier `locationName:"principal" type:"structure"` // The resource specified in the policy's scope. This element isn't included // in the response when Resource isn't present in the policy content. Resource *EntityIdentifier `locationName:"resource" type:"structure"` // contains filtered or unexported fields }
func (s UpdatePolicyOutput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *UpdatePolicyOutput) SetActions(v []*ActionIdentifier) *UpdatePolicyOutput
SetActions sets the Actions field's value.
func (s *UpdatePolicyOutput) SetCreatedDate(v time.Time) *UpdatePolicyOutput
SetCreatedDate sets the CreatedDate field's value.
func (s *UpdatePolicyOutput) SetEffect(v string) *UpdatePolicyOutput
SetEffect sets the Effect field's value.
func (s *UpdatePolicyOutput) SetLastUpdatedDate(v time.Time) *UpdatePolicyOutput
SetLastUpdatedDate sets the LastUpdatedDate field's value.
func (s *UpdatePolicyOutput) SetPolicyId(v string) *UpdatePolicyOutput
SetPolicyId sets the PolicyId field's value.
func (s *UpdatePolicyOutput) SetPolicyStoreId(v string) *UpdatePolicyOutput
SetPolicyStoreId sets the PolicyStoreId field's value.
func (s *UpdatePolicyOutput) SetPolicyType(v string) *UpdatePolicyOutput
SetPolicyType sets the PolicyType field's value.
func (s *UpdatePolicyOutput) SetPrincipal(v *EntityIdentifier) *UpdatePolicyOutput
SetPrincipal sets the Principal field's value.
func (s *UpdatePolicyOutput) SetResource(v *EntityIdentifier) *UpdatePolicyOutput
SetResource sets the Resource field's value.
func (s UpdatePolicyOutput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type UpdatePolicyStoreInput struct { // Descriptive text that you can provide to help with identification of the // current policy store. // // Description is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by UpdatePolicyStoreInput's // String and GoString methods. Description *string `locationName:"description" type:"string" sensitive:"true"` // Specifies the ID of the policy store that you want to update // // PolicyStoreId is a required field PolicyStoreId *string `locationName:"policyStoreId" min:"1" type:"string" required:"true"` // A structure that defines the validation settings that want to enable for // the policy store. // // ValidationSettings is a required field ValidationSettings *ValidationSettings `locationName:"validationSettings" type:"structure" required:"true"` // contains filtered or unexported fields }
func (s UpdatePolicyStoreInput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *UpdatePolicyStoreInput) SetDescription(v string) *UpdatePolicyStoreInput
SetDescription sets the Description field's value.
func (s *UpdatePolicyStoreInput) SetPolicyStoreId(v string) *UpdatePolicyStoreInput
SetPolicyStoreId sets the PolicyStoreId field's value.
func (s *UpdatePolicyStoreInput) SetValidationSettings(v *ValidationSettings) *UpdatePolicyStoreInput
SetValidationSettings sets the ValidationSettings field's value.
func (s UpdatePolicyStoreInput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *UpdatePolicyStoreInput) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type UpdatePolicyStoreOutput struct { // The Amazon Resource Name (ARN) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) // of the updated policy store. // // Arn is a required field Arn *string `locationName:"arn" min:"1" type:"string" required:"true"` // The date and time that the policy store was originally created. // // CreatedDate is a required field CreatedDate *time.Time `locationName:"createdDate" type:"timestamp" timestampFormat:"iso8601" required:"true"` // The date and time that the policy store was most recently updated. // // LastUpdatedDate is a required field LastUpdatedDate *time.Time `locationName:"lastUpdatedDate" type:"timestamp" timestampFormat:"iso8601" required:"true"` // The ID of the updated policy store. // // PolicyStoreId is a required field PolicyStoreId *string `locationName:"policyStoreId" min:"1" type:"string" required:"true"` // contains filtered or unexported fields }
func (s UpdatePolicyStoreOutput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *UpdatePolicyStoreOutput) SetArn(v string) *UpdatePolicyStoreOutput
SetArn sets the Arn field's value.
func (s *UpdatePolicyStoreOutput) SetCreatedDate(v time.Time) *UpdatePolicyStoreOutput
SetCreatedDate sets the CreatedDate field's value.
func (s *UpdatePolicyStoreOutput) SetLastUpdatedDate(v time.Time) *UpdatePolicyStoreOutput
SetLastUpdatedDate sets the LastUpdatedDate field's value.
func (s *UpdatePolicyStoreOutput) SetPolicyStoreId(v string) *UpdatePolicyStoreOutput
SetPolicyStoreId sets the PolicyStoreId field's value.
func (s UpdatePolicyStoreOutput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type UpdatePolicyTemplateInput struct { // Specifies a new description to apply to the policy template. // // Description is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by UpdatePolicyTemplateInput's // String and GoString methods. Description *string `locationName:"description" type:"string" sensitive:"true"` // Specifies the ID of the policy store that contains the policy template that // you want to update. // // PolicyStoreId is a required field PolicyStoreId *string `locationName:"policyStoreId" min:"1" type:"string" required:"true"` // Specifies the ID of the policy template that you want to update. // // PolicyTemplateId is a required field PolicyTemplateId *string `locationName:"policyTemplateId" min:"1" type:"string" required:"true"` // Specifies new statement content written in Cedar policy language to replace // the current body of the policy template. // // You can change only the following elements of the policy body: // // * The action referenced by the policy template. // // * Any conditional clauses, such as when or unless clauses. // // You can't change the following elements: // // * The effect (permit or forbid) of the policy template. // // * The principal referenced by the policy template. // // * The resource referenced by the policy template. // // Statement is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by UpdatePolicyTemplateInput's // String and GoString methods. // // Statement is a required field Statement *string `locationName:"statement" min:"1" type:"string" required:"true" sensitive:"true"` // contains filtered or unexported fields }
func (s UpdatePolicyTemplateInput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *UpdatePolicyTemplateInput) SetDescription(v string) *UpdatePolicyTemplateInput
SetDescription sets the Description field's value.
func (s *UpdatePolicyTemplateInput) SetPolicyStoreId(v string) *UpdatePolicyTemplateInput
SetPolicyStoreId sets the PolicyStoreId field's value.
func (s *UpdatePolicyTemplateInput) SetPolicyTemplateId(v string) *UpdatePolicyTemplateInput
SetPolicyTemplateId sets the PolicyTemplateId field's value.
func (s *UpdatePolicyTemplateInput) SetStatement(v string) *UpdatePolicyTemplateInput
SetStatement sets the Statement field's value.
func (s UpdatePolicyTemplateInput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *UpdatePolicyTemplateInput) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type UpdatePolicyTemplateOutput struct { // The date and time that the policy template was originally created. // // CreatedDate is a required field CreatedDate *time.Time `locationName:"createdDate" type:"timestamp" timestampFormat:"iso8601" required:"true"` // The date and time that the policy template was most recently updated. // // LastUpdatedDate is a required field LastUpdatedDate *time.Time `locationName:"lastUpdatedDate" type:"timestamp" timestampFormat:"iso8601" required:"true"` // The ID of the policy store that contains the updated policy template. // // PolicyStoreId is a required field PolicyStoreId *string `locationName:"policyStoreId" min:"1" type:"string" required:"true"` // The ID of the updated policy template. // // PolicyTemplateId is a required field PolicyTemplateId *string `locationName:"policyTemplateId" min:"1" type:"string" required:"true"` // contains filtered or unexported fields }
func (s UpdatePolicyTemplateOutput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *UpdatePolicyTemplateOutput) SetCreatedDate(v time.Time) *UpdatePolicyTemplateOutput
SetCreatedDate sets the CreatedDate field's value.
func (s *UpdatePolicyTemplateOutput) SetLastUpdatedDate(v time.Time) *UpdatePolicyTemplateOutput
SetLastUpdatedDate sets the LastUpdatedDate field's value.
func (s *UpdatePolicyTemplateOutput) SetPolicyStoreId(v string) *UpdatePolicyTemplateOutput
SetPolicyStoreId sets the PolicyStoreId field's value.
func (s *UpdatePolicyTemplateOutput) SetPolicyTemplateId(v string) *UpdatePolicyTemplateOutput
SetPolicyTemplateId sets the PolicyTemplateId field's value.
func (s UpdatePolicyTemplateOutput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type UpdateStaticPolicyDefinition struct { // Specifies the description to be added to or replaced on the static policy. // // Description is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by UpdateStaticPolicyDefinition's // String and GoString methods. Description *string `locationName:"description" type:"string" sensitive:"true"` // Specifies the Cedar policy language text to be added to or replaced on the // static policy. // // You can change only the following elements from the original content: // // * The action referenced by the policy. // // * Any conditional clauses, such as when or unless clauses. // // You can't change the following elements: // // * Changing from StaticPolicy to TemplateLinkedPolicy. // // * The effect (permit or forbid) of the policy. // // * The principal referenced by the policy. // // * The resource referenced by the policy. // // Statement is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by UpdateStaticPolicyDefinition's // String and GoString methods. // // Statement is a required field Statement *string `locationName:"statement" min:"1" type:"string" required:"true" sensitive:"true"` // contains filtered or unexported fields }
Contains information about an update to a static policy.
func (s UpdateStaticPolicyDefinition) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *UpdateStaticPolicyDefinition) SetDescription(v string) *UpdateStaticPolicyDefinition
SetDescription sets the Description field's value.
func (s *UpdateStaticPolicyDefinition) SetStatement(v string) *UpdateStaticPolicyDefinition
SetStatement sets the Statement field's value.
func (s UpdateStaticPolicyDefinition) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *UpdateStaticPolicyDefinition) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type ValidationException struct { RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` // The list of fields that aren't valid. FieldList []*ValidationExceptionField `locationName:"fieldList" type:"list"` Message_ *string `locationName:"message" type:"string"` // contains filtered or unexported fields }
The request failed because one or more input parameters don't satisfy their constraint requirements. The output is provided as a list of fields and a reason for each field that isn't valid.
The possible reasons include the following:
UnrecognizedEntityType The policy includes an entity type that isn't found in the schema.
UnrecognizedActionId The policy includes an action id that isn't found in the schema.
InvalidActionApplication The policy includes an action that, according to the schema, doesn't support the specified principal and resource.
UnexpectedType The policy included an operand that isn't a valid type for the specified operation.
IncompatibleTypes The types of elements included in a set, or the types of expressions used in an if...then...else clause aren't compatible in this context.
MissingAttribute The policy attempts to access a record or entity attribute that isn't specified in the schema. Test for the existence of the attribute first before attempting to access its value. For more information, see the has (presence of attribute test) operator (https://docs.cedarpolicy.com/policies/syntax-operators.html#has-presence-of-attribute-test) in the Cedar Policy Language Guide.
UnsafeOptionalAttributeAccess The policy attempts to access a record or entity attribute that is optional and isn't guaranteed to be present. Test for the existence of the attribute first before attempting to access its value. For more information, see the has (presence of attribute test) operator (https://docs.cedarpolicy.com/policies/syntax-operators.html#has-presence-of-attribute-test) in the Cedar Policy Language Guide.
ImpossiblePolicy Cedar has determined that a policy condition always evaluates to false. If the policy is always false, it can never apply to any query, and so it can never affect an authorization decision.
WrongNumberArguments The policy references an extension type with the wrong number of arguments.
FunctionArgumentValidationError Cedar couldn't parse the argument passed to an extension type. For example, a string that is to be parsed as an IPv4 address can contain only digits and the period character.
func (s *ValidationException) Code() string
Code returns the exception type name.
func (s *ValidationException) Error() string
func (s ValidationException) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *ValidationException) Message() string
Message returns the exception's message.
func (s *ValidationException) OrigErr() error
OrigErr always returns nil, satisfies awserr.Error interface.
func (s *ValidationException) RequestID() string
RequestID returns the service's response RequestID for request.
func (s *ValidationException) StatusCode() int
Status code returns the HTTP status code for the request's response error.
func (s ValidationException) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type ValidationExceptionField struct { // Describes the policy validation error. // // Message is a required field Message *string `locationName:"message" type:"string" required:"true"` // The path to the specific element that Verified Permissions found to be not // valid. // // Path is a required field Path *string `locationName:"path" type:"string" required:"true"` // contains filtered or unexported fields }
Details about a field that failed policy validation.
func (s ValidationExceptionField) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *ValidationExceptionField) SetMessage(v string) *ValidationExceptionField
SetMessage sets the Message field's value.
func (s *ValidationExceptionField) SetPath(v string) *ValidationExceptionField
SetPath sets the Path field's value.
func (s ValidationExceptionField) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type ValidationSettings struct { // The validation mode currently configured for this policy store. The valid // values are: // // * OFF – Neither Verified Permissions nor Cedar perform any validation // on policies. No validation errors are reported by either service. // // * STRICT – Requires a schema to be present in the policy store. Cedar // performs validation on all submitted new or updated static policies and // policy templates. Any that fail validation are rejected and Cedar doesn't // store them in the policy store. // // If Mode=STRICT and the policy store doesn't contain a schema, Verified Permissions // rejects all static policies and policy templates because there is no schema // to validate against. // // To submit a static policy or policy template without a schema, you must turn // off validation. // // Mode is a required field Mode *string `locationName:"mode" type:"string" required:"true" enum:"ValidationMode"` // contains filtered or unexported fields }
A structure that contains Cedar policy validation settings for the policy store. The validation mode determines which validation failures that Cedar considers serious enough to block acceptance of a new or edited static policy or policy template.
This data type is used as a request parameter in the CreatePolicyStore (https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_CreatePolicyStore.html) and UpdatePolicyStore (https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_UpdatePolicyStore.html) operations.
func (s ValidationSettings) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *ValidationSettings) SetMode(v string) *ValidationSettings
SetMode sets the Mode field's value.
func (s ValidationSettings) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *ValidationSettings) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type VerifiedPermissions struct { *client.Client }
VerifiedPermissions provides the API operation methods for making requests to Amazon Verified Permissions. See this package's package overview docs for details on the service.
VerifiedPermissions methods are safe to use concurrently. It is not safe to modify mutate any of the struct's properties though.
func New(p client.ConfigProvider, cfgs ...*aws.Config) *VerifiedPermissions
New creates a new instance of the VerifiedPermissions client with a session. If additional configuration is needed for the client instance use the optional aws.Config parameter to add your extra config.
Example:
mySession := session.Must(session.NewSession()) // Create a VerifiedPermissions client from just a session. svc := verifiedpermissions.New(mySession) // Create a VerifiedPermissions client with additional configuration svc := verifiedpermissions.New(mySession, aws.NewConfig().WithRegion("us-west-2"))
func (c *VerifiedPermissions) BatchIsAuthorized(input *BatchIsAuthorizedInput) (*BatchIsAuthorizedOutput, error)
BatchIsAuthorized API operation for Amazon Verified Permissions.
Makes a series of decisions about multiple authorization requests for one principal or resource. Each request contains the equivalent content of an IsAuthorized request: principal, action, resource, and context. Either the principal or the resource parameter must be identical across all requests. For example, Verified Permissions won't evaluate a pair of requests where bob views photo1 and alice views photo2. Authorization of bob to view photo1 and photo2, or bob and alice to view photo1, are valid batches.
The request is evaluated against all policies in the specified policy store that match the entities that you declare. The result of the decisions is a series of Allow or Deny responses, along with the IDs of the policies that produced each decision.
The entities of a BatchIsAuthorized API request can contain up to 100 principals and up to 100 resources. The requests of a BatchIsAuthorized API request can contain up to 30 requests.
The BatchIsAuthorized operation doesn't have its own IAM permission. To authorize this operation for Amazon Web Services principals, include the permission verifiedpermissions:IsAuthorized in their IAM policies.
Returns awserr.Error for service API and SDK errors. Use runtime type assertions with awserr.Error's Code and Message methods to get detailed information about the error.
See the AWS API reference guide for Amazon Verified Permissions's API operation BatchIsAuthorized for usage and error information.
Returned Error Types:
ValidationException The request failed because one or more input parameters don't satisfy their constraint requirements. The output is provided as a list of fields and a reason for each field that isn't valid.
The possible reasons include the following:
UnrecognizedEntityType The policy includes an entity type that isn't found in the schema.
UnrecognizedActionId The policy includes an action id that isn't found in the schema.
InvalidActionApplication The policy includes an action that, according to the schema, doesn't support the specified principal and resource.
UnexpectedType The policy included an operand that isn't a valid type for the specified operation.
IncompatibleTypes The types of elements included in a set, or the types of expressions used in an if...then...else clause aren't compatible in this context.
MissingAttribute The policy attempts to access a record or entity attribute that isn't specified in the schema. Test for the existence of the attribute first before attempting to access its value. For more information, see the has (presence of attribute test) operator (https://docs.cedarpolicy.com/policies/syntax-operators.html#has-presence-of-attribute-test) in the Cedar Policy Language Guide.
UnsafeOptionalAttributeAccess The policy attempts to access a record or entity attribute that is optional and isn't guaranteed to be present. Test for the existence of the attribute first before attempting to access its value. For more information, see the has (presence of attribute test) operator (https://docs.cedarpolicy.com/policies/syntax-operators.html#has-presence-of-attribute-test) in the Cedar Policy Language Guide.
ImpossiblePolicy Cedar has determined that a policy condition always evaluates to false. If the policy is always false, it can never apply to any query, and so it can never affect an authorization decision.
WrongNumberArguments The policy references an extension type with the wrong number of arguments.
FunctionArgumentValidationError Cedar couldn't parse the argument passed to an extension type. For example, a string that is to be parsed as an IPv4 address can contain only digits and the period character.
AccessDeniedException You don't have sufficient access to perform this action.
ResourceNotFoundException The request failed because it references a resource that doesn't exist.
ThrottlingException The request failed because it exceeded a throttling quota.
InternalServerException The request failed because of an internal error. Try your request again later
func (c *VerifiedPermissions) BatchIsAuthorizedRequest(input *BatchIsAuthorizedInput) (req *request.Request, output *BatchIsAuthorizedOutput)
BatchIsAuthorizedRequest generates a "aws/request.Request" representing the client's request for the BatchIsAuthorized operation. The "output" return value will be populated with the request's response once the request completes successfully.
Use "Send" method on the returned Request to send the API call to the service. the "output" return value is not valid until after Send returns without error.
See BatchIsAuthorized for more information on using the BatchIsAuthorized API call, and error handling.
This method is useful when you want to inject custom logic or configuration into the SDK's request lifecycle. Such as custom headers, or retry logic.
// Example sending a request using the BatchIsAuthorizedRequest method. req, resp := client.BatchIsAuthorizedRequest(params) err := req.Send() if err == nil { // resp is now filled fmt.Println(resp) }
func (c *VerifiedPermissions) BatchIsAuthorizedWithContext(ctx aws.Context, input *BatchIsAuthorizedInput, opts ...request.Option) (*BatchIsAuthorizedOutput, error)
BatchIsAuthorizedWithContext is the same as BatchIsAuthorized with the addition of the ability to pass a context and additional request options.
See BatchIsAuthorized for details on how to use this API operation.
The context must be non-nil and will be used for request cancellation. If the context is nil a panic will occur. In the future the SDK may create sub-contexts for http.Requests. See https://golang.org/pkg/context/ for more information on using Contexts.
func (c *VerifiedPermissions) BatchIsAuthorizedWithToken(input *BatchIsAuthorizedWithTokenInput) (*BatchIsAuthorizedWithTokenOutput, error)
BatchIsAuthorizedWithToken API operation for Amazon Verified Permissions.
Makes a series of decisions about multiple authorization requests for one token. The principal in this request comes from an external identity source in the form of an identity or access token, formatted as a JSON web token (JWT) (https://wikipedia.org/wiki/JSON_Web_Token). The information in the parameters can also define additional context that Verified Permissions can include in the evaluations.
The request is evaluated against all policies in the specified policy store that match the entities that you provide in the entities declaration and in the token. The result of the decisions is a series of Allow or Deny responses, along with the IDs of the policies that produced each decision.
The entities of a BatchIsAuthorizedWithToken API request can contain up to 100 resources and up to 99 user groups. The requests of a BatchIsAuthorizedWithToken API request can contain up to 30 requests.
The BatchIsAuthorizedWithToken operation doesn't have its own IAM permission. To authorize this operation for Amazon Web Services principals, include the permission verifiedpermissions:IsAuthorizedWithToken in their IAM policies.
Returns awserr.Error for service API and SDK errors. Use runtime type assertions with awserr.Error's Code and Message methods to get detailed information about the error.
See the AWS API reference guide for Amazon Verified Permissions's API operation BatchIsAuthorizedWithToken for usage and error information.
Returned Error Types:
ValidationException The request failed because one or more input parameters don't satisfy their constraint requirements. The output is provided as a list of fields and a reason for each field that isn't valid.
The possible reasons include the following:
UnrecognizedEntityType The policy includes an entity type that isn't found in the schema.
UnrecognizedActionId The policy includes an action id that isn't found in the schema.
InvalidActionApplication The policy includes an action that, according to the schema, doesn't support the specified principal and resource.
UnexpectedType The policy included an operand that isn't a valid type for the specified operation.
IncompatibleTypes The types of elements included in a set, or the types of expressions used in an if...then...else clause aren't compatible in this context.
MissingAttribute The policy attempts to access a record or entity attribute that isn't specified in the schema. Test for the existence of the attribute first before attempting to access its value. For more information, see the has (presence of attribute test) operator (https://docs.cedarpolicy.com/policies/syntax-operators.html#has-presence-of-attribute-test) in the Cedar Policy Language Guide.
UnsafeOptionalAttributeAccess The policy attempts to access a record or entity attribute that is optional and isn't guaranteed to be present. Test for the existence of the attribute first before attempting to access its value. For more information, see the has (presence of attribute test) operator (https://docs.cedarpolicy.com/policies/syntax-operators.html#has-presence-of-attribute-test) in the Cedar Policy Language Guide.
ImpossiblePolicy Cedar has determined that a policy condition always evaluates to false. If the policy is always false, it can never apply to any query, and so it can never affect an authorization decision.
WrongNumberArguments The policy references an extension type with the wrong number of arguments.
FunctionArgumentValidationError Cedar couldn't parse the argument passed to an extension type. For example, a string that is to be parsed as an IPv4 address can contain only digits and the period character.
AccessDeniedException You don't have sufficient access to perform this action.
ResourceNotFoundException The request failed because it references a resource that doesn't exist.
ThrottlingException The request failed because it exceeded a throttling quota.
InternalServerException The request failed because of an internal error. Try your request again later
func (c *VerifiedPermissions) BatchIsAuthorizedWithTokenRequest(input *BatchIsAuthorizedWithTokenInput) (req *request.Request, output *BatchIsAuthorizedWithTokenOutput)
BatchIsAuthorizedWithTokenRequest generates a "aws/request.Request" representing the client's request for the BatchIsAuthorizedWithToken operation. The "output" return value will be populated with the request's response once the request completes successfully.
Use "Send" method on the returned Request to send the API call to the service. the "output" return value is not valid until after Send returns without error.
See BatchIsAuthorizedWithToken for more information on using the BatchIsAuthorizedWithToken API call, and error handling.
This method is useful when you want to inject custom logic or configuration into the SDK's request lifecycle. Such as custom headers, or retry logic.
// Example sending a request using the BatchIsAuthorizedWithTokenRequest method. req, resp := client.BatchIsAuthorizedWithTokenRequest(params) err := req.Send() if err == nil { // resp is now filled fmt.Println(resp) }
func (c *VerifiedPermissions) BatchIsAuthorizedWithTokenWithContext(ctx aws.Context, input *BatchIsAuthorizedWithTokenInput, opts ...request.Option) (*BatchIsAuthorizedWithTokenOutput, error)
BatchIsAuthorizedWithTokenWithContext is the same as BatchIsAuthorizedWithToken with the addition of the ability to pass a context and additional request options.
See BatchIsAuthorizedWithToken for details on how to use this API operation.
The context must be non-nil and will be used for request cancellation. If the context is nil a panic will occur. In the future the SDK may create sub-contexts for http.Requests. See https://golang.org/pkg/context/ for more information on using Contexts.
func (c *VerifiedPermissions) CreateIdentitySource(input *CreateIdentitySourceInput) (*CreateIdentitySourceOutput, error)
CreateIdentitySource API operation for Amazon Verified Permissions.
Adds an identity source to a policy store–an Amazon Cognito user pool or OpenID Connect (OIDC) identity provider (IdP).
After you create an identity source, you can use the identities provided by the IdP as proxies for the principal in authorization queries that use the IsAuthorizedWithToken (https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_IsAuthorizedWithToken.html) or BatchIsAuthorizedWithToken (https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_BatchIsAuthorizedWithToken.html) API operations. These identities take the form of tokens that contain claims about the user, such as IDs, attributes and group memberships. Identity sources provide identity (ID) tokens and access tokens. Verified Permissions derives information about your user and session from token claims. Access tokens provide action context to your policies, and ID tokens provide principal Attributes.
Tokens from an identity source user continue to be usable until they expire. Token revocation and resource deletion have no effect on the validity of a token in your policy store
To reference a user from this identity source in your Cedar policies, refer to the following syntax examples.
Amazon Cognito user pool: Namespace::[Entity type]::[User pool ID]|[user principal attribute], for example MyCorp::User::us-east-1_EXAMPLE|a1b2c3d4-5678-90ab-cdef-EXAMPLE11111.
OpenID Connect (OIDC) provider: Namespace::[Entity type]::[principalIdClaim]|[user principal attribute], for example MyCorp::User::MyOIDCProvider|a1b2c3d4-5678-90ab-cdef-EXAMPLE22222.
Verified Permissions is eventually consistent (https://wikipedia.org/wiki/Eventual_consistency) . It can take a few seconds for a new or changed element to propagate through the service and be visible in the results of other Verified Permissions operations.
Returns awserr.Error for service API and SDK errors. Use runtime type assertions with awserr.Error's Code and Message methods to get detailed information about the error.
See the AWS API reference guide for Amazon Verified Permissions's API operation CreateIdentitySource for usage and error information.
Returned Error Types:
ValidationException The request failed because one or more input parameters don't satisfy their constraint requirements. The output is provided as a list of fields and a reason for each field that isn't valid.
The possible reasons include the following:
UnrecognizedEntityType The policy includes an entity type that isn't found in the schema.
UnrecognizedActionId The policy includes an action id that isn't found in the schema.
InvalidActionApplication The policy includes an action that, according to the schema, doesn't support the specified principal and resource.
UnexpectedType The policy included an operand that isn't a valid type for the specified operation.
IncompatibleTypes The types of elements included in a set, or the types of expressions used in an if...then...else clause aren't compatible in this context.
MissingAttribute The policy attempts to access a record or entity attribute that isn't specified in the schema. Test for the existence of the attribute first before attempting to access its value. For more information, see the has (presence of attribute test) operator (https://docs.cedarpolicy.com/policies/syntax-operators.html#has-presence-of-attribute-test) in the Cedar Policy Language Guide.
UnsafeOptionalAttributeAccess The policy attempts to access a record or entity attribute that is optional and isn't guaranteed to be present. Test for the existence of the attribute first before attempting to access its value. For more information, see the has (presence of attribute test) operator (https://docs.cedarpolicy.com/policies/syntax-operators.html#has-presence-of-attribute-test) in the Cedar Policy Language Guide.
ImpossiblePolicy Cedar has determined that a policy condition always evaluates to false. If the policy is always false, it can never apply to any query, and so it can never affect an authorization decision.
WrongNumberArguments The policy references an extension type with the wrong number of arguments.
FunctionArgumentValidationError Cedar couldn't parse the argument passed to an extension type. For example, a string that is to be parsed as an IPv4 address can contain only digits and the period character.
ServiceQuotaExceededException The request failed because it would cause a service quota to be exceeded.
ConflictException The request failed because another request to modify a resource occurred at the same.
AccessDeniedException You don't have sufficient access to perform this action.
ResourceNotFoundException The request failed because it references a resource that doesn't exist.
ThrottlingException The request failed because it exceeded a throttling quota.
InternalServerException The request failed because of an internal error. Try your request again later
func (c *VerifiedPermissions) CreateIdentitySourceRequest(input *CreateIdentitySourceInput) (req *request.Request, output *CreateIdentitySourceOutput)
CreateIdentitySourceRequest generates a "aws/request.Request" representing the client's request for the CreateIdentitySource operation. The "output" return value will be populated with the request's response once the request completes successfully.
Use "Send" method on the returned Request to send the API call to the service. the "output" return value is not valid until after Send returns without error.
See CreateIdentitySource for more information on using the CreateIdentitySource API call, and error handling.
This method is useful when you want to inject custom logic or configuration into the SDK's request lifecycle. Such as custom headers, or retry logic.
// Example sending a request using the CreateIdentitySourceRequest method. req, resp := client.CreateIdentitySourceRequest(params) err := req.Send() if err == nil { // resp is now filled fmt.Println(resp) }
func (c *VerifiedPermissions) CreateIdentitySourceWithContext(ctx aws.Context, input *CreateIdentitySourceInput, opts ...request.Option) (*CreateIdentitySourceOutput, error)
CreateIdentitySourceWithContext is the same as CreateIdentitySource with the addition of the ability to pass a context and additional request options.
See CreateIdentitySource for details on how to use this API operation.
The context must be non-nil and will be used for request cancellation. If the context is nil a panic will occur. In the future the SDK may create sub-contexts for http.Requests. See https://golang.org/pkg/context/ for more information on using Contexts.
func (c *VerifiedPermissions) CreatePolicy(input *CreatePolicyInput) (*CreatePolicyOutput, error)
CreatePolicy API operation for Amazon Verified Permissions.
Creates a Cedar policy and saves it in the specified policy store. You can create either a static policy or a policy linked to a policy template.
To create a static policy, provide the Cedar policy text in the StaticPolicy section of the PolicyDefinition.
To create a policy that is dynamically linked to a policy template, specify the policy template ID and the principal and resource to associate with this policy in the templateLinked section of the PolicyDefinition. If the policy template is ever updated, any policies linked to the policy template automatically use the updated template.
Creating a policy causes it to be validated against the schema in the policy store. If the policy doesn't pass validation, the operation fails and the policy isn't stored.
Verified Permissions is eventually consistent (https://wikipedia.org/wiki/Eventual_consistency) . It can take a few seconds for a new or changed element to propagate through the service and be visible in the results of other Verified Permissions operations.
Returns awserr.Error for service API and SDK errors. Use runtime type assertions with awserr.Error's Code and Message methods to get detailed information about the error.
See the AWS API reference guide for Amazon Verified Permissions's API operation CreatePolicy for usage and error information.
Returned Error Types:
ValidationException The request failed because one or more input parameters don't satisfy their constraint requirements. The output is provided as a list of fields and a reason for each field that isn't valid.
The possible reasons include the following:
UnrecognizedEntityType The policy includes an entity type that isn't found in the schema.
UnrecognizedActionId The policy includes an action id that isn't found in the schema.
InvalidActionApplication The policy includes an action that, according to the schema, doesn't support the specified principal and resource.
UnexpectedType The policy included an operand that isn't a valid type for the specified operation.
IncompatibleTypes The types of elements included in a set, or the types of expressions used in an if...then...else clause aren't compatible in this context.
MissingAttribute The policy attempts to access a record or entity attribute that isn't specified in the schema. Test for the existence of the attribute first before attempting to access its value. For more information, see the has (presence of attribute test) operator (https://docs.cedarpolicy.com/policies/syntax-operators.html#has-presence-of-attribute-test) in the Cedar Policy Language Guide.
UnsafeOptionalAttributeAccess The policy attempts to access a record or entity attribute that is optional and isn't guaranteed to be present. Test for the existence of the attribute first before attempting to access its value. For more information, see the has (presence of attribute test) operator (https://docs.cedarpolicy.com/policies/syntax-operators.html#has-presence-of-attribute-test) in the Cedar Policy Language Guide.
ImpossiblePolicy Cedar has determined that a policy condition always evaluates to false. If the policy is always false, it can never apply to any query, and so it can never affect an authorization decision.
WrongNumberArguments The policy references an extension type with the wrong number of arguments.
FunctionArgumentValidationError Cedar couldn't parse the argument passed to an extension type. For example, a string that is to be parsed as an IPv4 address can contain only digits and the period character.
ServiceQuotaExceededException The request failed because it would cause a service quota to be exceeded.
ConflictException The request failed because another request to modify a resource occurred at the same.
AccessDeniedException You don't have sufficient access to perform this action.
ResourceNotFoundException The request failed because it references a resource that doesn't exist.
ThrottlingException The request failed because it exceeded a throttling quota.
InternalServerException The request failed because of an internal error. Try your request again later
func (c *VerifiedPermissions) CreatePolicyRequest(input *CreatePolicyInput) (req *request.Request, output *CreatePolicyOutput)
CreatePolicyRequest generates a "aws/request.Request" representing the client's request for the CreatePolicy operation. The "output" return value will be populated with the request's response once the request completes successfully.
Use "Send" method on the returned Request to send the API call to the service. the "output" return value is not valid until after Send returns without error.
See CreatePolicy for more information on using the CreatePolicy API call, and error handling.
This method is useful when you want to inject custom logic or configuration into the SDK's request lifecycle. Such as custom headers, or retry logic.
// Example sending a request using the CreatePolicyRequest method. req, resp := client.CreatePolicyRequest(params) err := req.Send() if err == nil { // resp is now filled fmt.Println(resp) }
func (c *VerifiedPermissions) CreatePolicyStore(input *CreatePolicyStoreInput) (*CreatePolicyStoreOutput, error)
CreatePolicyStore API operation for Amazon Verified Permissions.
Creates a policy store. A policy store is a container for policy resources.
Although Cedar supports multiple namespaces (https://docs.cedarpolicy.com/schema/schema.html#namespace), Verified Permissions currently supports only one namespace per policy store.
Verified Permissions is eventually consistent (https://wikipedia.org/wiki/Eventual_consistency) . It can take a few seconds for a new or changed element to propagate through the service and be visible in the results of other Verified Permissions operations.
Returns awserr.Error for service API and SDK errors. Use runtime type assertions with awserr.Error's Code and Message methods to get detailed information about the error.
See the AWS API reference guide for Amazon Verified Permissions's API operation CreatePolicyStore for usage and error information.
Returned Error Types:
ValidationException The request failed because one or more input parameters don't satisfy their constraint requirements. The output is provided as a list of fields and a reason for each field that isn't valid.
The possible reasons include the following:
UnrecognizedEntityType The policy includes an entity type that isn't found in the schema.
UnrecognizedActionId The policy includes an action id that isn't found in the schema.
InvalidActionApplication The policy includes an action that, according to the schema, doesn't support the specified principal and resource.
UnexpectedType The policy included an operand that isn't a valid type for the specified operation.
IncompatibleTypes The types of elements included in a set, or the types of expressions used in an if...then...else clause aren't compatible in this context.
MissingAttribute The policy attempts to access a record or entity attribute that isn't specified in the schema. Test for the existence of the attribute first before attempting to access its value. For more information, see the has (presence of attribute test) operator (https://docs.cedarpolicy.com/policies/syntax-operators.html#has-presence-of-attribute-test) in the Cedar Policy Language Guide.
UnsafeOptionalAttributeAccess The policy attempts to access a record or entity attribute that is optional and isn't guaranteed to be present. Test for the existence of the attribute first before attempting to access its value. For more information, see the has (presence of attribute test) operator (https://docs.cedarpolicy.com/policies/syntax-operators.html#has-presence-of-attribute-test) in the Cedar Policy Language Guide.
ImpossiblePolicy Cedar has determined that a policy condition always evaluates to false. If the policy is always false, it can never apply to any query, and so it can never affect an authorization decision.
WrongNumberArguments The policy references an extension type with the wrong number of arguments.
FunctionArgumentValidationError Cedar couldn't parse the argument passed to an extension type. For example, a string that is to be parsed as an IPv4 address can contain only digits and the period character.
ServiceQuotaExceededException The request failed because it would cause a service quota to be exceeded.
ConflictException The request failed because another request to modify a resource occurred at the same.
AccessDeniedException You don't have sufficient access to perform this action.
ThrottlingException The request failed because it exceeded a throttling quota.
InternalServerException The request failed because of an internal error. Try your request again later
func (c *VerifiedPermissions) CreatePolicyStoreRequest(input *CreatePolicyStoreInput) (req *request.Request, output *CreatePolicyStoreOutput)
CreatePolicyStoreRequest generates a "aws/request.Request" representing the client's request for the CreatePolicyStore operation. The "output" return value will be populated with the request's response once the request completes successfully.
Use "Send" method on the returned Request to send the API call to the service. the "output" return value is not valid until after Send returns without error.
See CreatePolicyStore for more information on using the CreatePolicyStore API call, and error handling.
This method is useful when you want to inject custom logic or configuration into the SDK's request lifecycle. Such as custom headers, or retry logic.
// Example sending a request using the CreatePolicyStoreRequest method. req, resp := client.CreatePolicyStoreRequest(params) err := req.Send() if err == nil { // resp is now filled fmt.Println(resp) }
func (c *VerifiedPermissions) CreatePolicyStoreWithContext(ctx aws.Context, input *CreatePolicyStoreInput, opts ...request.Option) (*CreatePolicyStoreOutput, error)
CreatePolicyStoreWithContext is the same as CreatePolicyStore with the addition of the ability to pass a context and additional request options.
See CreatePolicyStore for details on how to use this API operation.
The context must be non-nil and will be used for request cancellation. If the context is nil a panic will occur. In the future the SDK may create sub-contexts for http.Requests. See https://golang.org/pkg/context/ for more information on using Contexts.
func (c *VerifiedPermissions) CreatePolicyTemplate(input *CreatePolicyTemplateInput) (*CreatePolicyTemplateOutput, error)
CreatePolicyTemplate API operation for Amazon Verified Permissions.
Creates a policy template. A template can use placeholders for the principal and resource. A template must be instantiated into a policy by associating it with specific principals and resources to use for the placeholders. That instantiated policy can then be considered in authorization decisions. The instantiated policy works identically to any other policy, except that it is dynamically linked to the template. If the template changes, then any policies that are linked to that template are immediately updated as well.
Verified Permissions is eventually consistent (https://wikipedia.org/wiki/Eventual_consistency) . It can take a few seconds for a new or changed element to propagate through the service and be visible in the results of other Verified Permissions operations.
Returns awserr.Error for service API and SDK errors. Use runtime type assertions with awserr.Error's Code and Message methods to get detailed information about the error.
See the AWS API reference guide for Amazon Verified Permissions's API operation CreatePolicyTemplate for usage and error information.
Returned Error Types:
ValidationException The request failed because one or more input parameters don't satisfy their constraint requirements. The output is provided as a list of fields and a reason for each field that isn't valid.
The possible reasons include the following:
UnrecognizedEntityType The policy includes an entity type that isn't found in the schema.
UnrecognizedActionId The policy includes an action id that isn't found in the schema.
InvalidActionApplication The policy includes an action that, according to the schema, doesn't support the specified principal and resource.
UnexpectedType The policy included an operand that isn't a valid type for the specified operation.
IncompatibleTypes The types of elements included in a set, or the types of expressions used in an if...then...else clause aren't compatible in this context.
MissingAttribute The policy attempts to access a record or entity attribute that isn't specified in the schema. Test for the existence of the attribute first before attempting to access its value. For more information, see the has (presence of attribute test) operator (https://docs.cedarpolicy.com/policies/syntax-operators.html#has-presence-of-attribute-test) in the Cedar Policy Language Guide.
UnsafeOptionalAttributeAccess The policy attempts to access a record or entity attribute that is optional and isn't guaranteed to be present. Test for the existence of the attribute first before attempting to access its value. For more information, see the has (presence of attribute test) operator (https://docs.cedarpolicy.com/policies/syntax-operators.html#has-presence-of-attribute-test) in the Cedar Policy Language Guide.
ImpossiblePolicy Cedar has determined that a policy condition always evaluates to false. If the policy is always false, it can never apply to any query, and so it can never affect an authorization decision.
WrongNumberArguments The policy references an extension type with the wrong number of arguments.
FunctionArgumentValidationError Cedar couldn't parse the argument passed to an extension type. For example, a string that is to be parsed as an IPv4 address can contain only digits and the period character.
ServiceQuotaExceededException The request failed because it would cause a service quota to be exceeded.
ConflictException The request failed because another request to modify a resource occurred at the same.
AccessDeniedException You don't have sufficient access to perform this action.
ResourceNotFoundException The request failed because it references a resource that doesn't exist.
ThrottlingException The request failed because it exceeded a throttling quota.
InternalServerException The request failed because of an internal error. Try your request again later
func (c *VerifiedPermissions) CreatePolicyTemplateRequest(input *CreatePolicyTemplateInput) (req *request.Request, output *CreatePolicyTemplateOutput)
CreatePolicyTemplateRequest generates a "aws/request.Request" representing the client's request for the CreatePolicyTemplate operation. The "output" return value will be populated with the request's response once the request completes successfully.
Use "Send" method on the returned Request to send the API call to the service. the "output" return value is not valid until after Send returns without error.
See CreatePolicyTemplate for more information on using the CreatePolicyTemplate API call, and error handling.
This method is useful when you want to inject custom logic or configuration into the SDK's request lifecycle. Such as custom headers, or retry logic.
// Example sending a request using the CreatePolicyTemplateRequest method. req, resp := client.CreatePolicyTemplateRequest(params) err := req.Send() if err == nil { // resp is now filled fmt.Println(resp) }
func (c *VerifiedPermissions) CreatePolicyTemplateWithContext(ctx aws.Context, input *CreatePolicyTemplateInput, opts ...request.Option) (*CreatePolicyTemplateOutput, error)
CreatePolicyTemplateWithContext is the same as CreatePolicyTemplate with the addition of the ability to pass a context and additional request options.
See CreatePolicyTemplate for details on how to use this API operation.
The context must be non-nil and will be used for request cancellation. If the context is nil a panic will occur. In the future the SDK may create sub-contexts for http.Requests. See https://golang.org/pkg/context/ for more information on using Contexts.
func (c *VerifiedPermissions) CreatePolicyWithContext(ctx aws.Context, input *CreatePolicyInput, opts ...request.Option) (*CreatePolicyOutput, error)
CreatePolicyWithContext is the same as CreatePolicy with the addition of the ability to pass a context and additional request options.
See CreatePolicy for details on how to use this API operation.
The context must be non-nil and will be used for request cancellation. If the context is nil a panic will occur. In the future the SDK may create sub-contexts for http.Requests. See https://golang.org/pkg/context/ for more information on using Contexts.
func (c *VerifiedPermissions) DeleteIdentitySource(input *DeleteIdentitySourceInput) (*DeleteIdentitySourceOutput, error)
DeleteIdentitySource API operation for Amazon Verified Permissions.
Deletes an identity source that references an identity provider (IdP) such as Amazon Cognito. After you delete the identity source, you can no longer use tokens for identities from that identity source to represent principals in authorization queries made using IsAuthorizedWithToken (https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_IsAuthorizedWithToken.html). operations.
Returns awserr.Error for service API and SDK errors. Use runtime type assertions with awserr.Error's Code and Message methods to get detailed information about the error.
See the AWS API reference guide for Amazon Verified Permissions's API operation DeleteIdentitySource for usage and error information.
Returned Error Types:
ValidationException The request failed because one or more input parameters don't satisfy their constraint requirements. The output is provided as a list of fields and a reason for each field that isn't valid.
The possible reasons include the following:
UnrecognizedEntityType The policy includes an entity type that isn't found in the schema.
UnrecognizedActionId The policy includes an action id that isn't found in the schema.
InvalidActionApplication The policy includes an action that, according to the schema, doesn't support the specified principal and resource.
UnexpectedType The policy included an operand that isn't a valid type for the specified operation.
IncompatibleTypes The types of elements included in a set, or the types of expressions used in an if...then...else clause aren't compatible in this context.
MissingAttribute The policy attempts to access a record or entity attribute that isn't specified in the schema. Test for the existence of the attribute first before attempting to access its value. For more information, see the has (presence of attribute test) operator (https://docs.cedarpolicy.com/policies/syntax-operators.html#has-presence-of-attribute-test) in the Cedar Policy Language Guide.
UnsafeOptionalAttributeAccess The policy attempts to access a record or entity attribute that is optional and isn't guaranteed to be present. Test for the existence of the attribute first before attempting to access its value. For more information, see the has (presence of attribute test) operator (https://docs.cedarpolicy.com/policies/syntax-operators.html#has-presence-of-attribute-test) in the Cedar Policy Language Guide.
ImpossiblePolicy Cedar has determined that a policy condition always evaluates to false. If the policy is always false, it can never apply to any query, and so it can never affect an authorization decision.
WrongNumberArguments The policy references an extension type with the wrong number of arguments.
FunctionArgumentValidationError Cedar couldn't parse the argument passed to an extension type. For example, a string that is to be parsed as an IPv4 address can contain only digits and the period character.
ConflictException The request failed because another request to modify a resource occurred at the same.
AccessDeniedException You don't have sufficient access to perform this action.
ResourceNotFoundException The request failed because it references a resource that doesn't exist.
ThrottlingException The request failed because it exceeded a throttling quota.
InternalServerException The request failed because of an internal error. Try your request again later
func (c *VerifiedPermissions) DeleteIdentitySourceRequest(input *DeleteIdentitySourceInput) (req *request.Request, output *DeleteIdentitySourceOutput)
DeleteIdentitySourceRequest generates a "aws/request.Request" representing the client's request for the DeleteIdentitySource operation. The "output" return value will be populated with the request's response once the request completes successfully.
Use "Send" method on the returned Request to send the API call to the service. the "output" return value is not valid until after Send returns without error.
See DeleteIdentitySource for more information on using the DeleteIdentitySource API call, and error handling.
This method is useful when you want to inject custom logic or configuration into the SDK's request lifecycle. Such as custom headers, or retry logic.
// Example sending a request using the DeleteIdentitySourceRequest method. req, resp := client.DeleteIdentitySourceRequest(params) err := req.Send() if err == nil { // resp is now filled fmt.Println(resp) }
func (c *VerifiedPermissions) DeleteIdentitySourceWithContext(ctx aws.Context, input *DeleteIdentitySourceInput, opts ...request.Option) (*DeleteIdentitySourceOutput, error)
DeleteIdentitySourceWithContext is the same as DeleteIdentitySource with the addition of the ability to pass a context and additional request options.
See DeleteIdentitySource for details on how to use this API operation.
The context must be non-nil and will be used for request cancellation. If the context is nil a panic will occur. In the future the SDK may create sub-contexts for http.Requests. See https://golang.org/pkg/context/ for more information on using Contexts.
func (c *VerifiedPermissions) DeletePolicy(input *DeletePolicyInput) (*DeletePolicyOutput, error)
DeletePolicy API operation for Amazon Verified Permissions.
Deletes the specified policy from the policy store.
This operation is idempotent; if you specify a policy that doesn't exist, the request response returns a successful HTTP 200 status code.
Returns awserr.Error for service API and SDK errors. Use runtime type assertions with awserr.Error's Code and Message methods to get detailed information about the error.
See the AWS API reference guide for Amazon Verified Permissions's API operation DeletePolicy for usage and error information.
Returned Error Types:
ValidationException The request failed because one or more input parameters don't satisfy their constraint requirements. The output is provided as a list of fields and a reason for each field that isn't valid.
The possible reasons include the following:
UnrecognizedEntityType The policy includes an entity type that isn't found in the schema.
UnrecognizedActionId The policy includes an action id that isn't found in the schema.
InvalidActionApplication The policy includes an action that, according to the schema, doesn't support the specified principal and resource.
UnexpectedType The policy included an operand that isn't a valid type for the specified operation.
IncompatibleTypes The types of elements included in a set, or the types of expressions used in an if...then...else clause aren't compatible in this context.
MissingAttribute The policy attempts to access a record or entity attribute that isn't specified in the schema. Test for the existence of the attribute first before attempting to access its value. For more information, see the has (presence of attribute test) operator (https://docs.cedarpolicy.com/policies/syntax-operators.html#has-presence-of-attribute-test) in the Cedar Policy Language Guide.
UnsafeOptionalAttributeAccess The policy attempts to access a record or entity attribute that is optional and isn't guaranteed to be present. Test for the existence of the attribute first before attempting to access its value. For more information, see the has (presence of attribute test) operator (https://docs.cedarpolicy.com/policies/syntax-operators.html#has-presence-of-attribute-test) in the Cedar Policy Language Guide.
ImpossiblePolicy Cedar has determined that a policy condition always evaluates to false. If the policy is always false, it can never apply to any query, and so it can never affect an authorization decision.
WrongNumberArguments The policy references an extension type with the wrong number of arguments.
FunctionArgumentValidationError Cedar couldn't parse the argument passed to an extension type. For example, a string that is to be parsed as an IPv4 address can contain only digits and the period character.
ConflictException The request failed because another request to modify a resource occurred at the same.
AccessDeniedException You don't have sufficient access to perform this action.
ResourceNotFoundException The request failed because it references a resource that doesn't exist.
ThrottlingException The request failed because it exceeded a throttling quota.
InternalServerException The request failed because of an internal error. Try your request again later
func (c *VerifiedPermissions) DeletePolicyRequest(input *DeletePolicyInput) (req *request.Request, output *DeletePolicyOutput)
DeletePolicyRequest generates a "aws/request.Request" representing the client's request for the DeletePolicy operation. The "output" return value will be populated with the request's response once the request completes successfully.
Use "Send" method on the returned Request to send the API call to the service. the "output" return value is not valid until after Send returns without error.
See DeletePolicy for more information on using the DeletePolicy API call, and error handling.
This method is useful when you want to inject custom logic or configuration into the SDK's request lifecycle. Such as custom headers, or retry logic.
// Example sending a request using the DeletePolicyRequest method. req, resp := client.DeletePolicyRequest(params) err := req.Send() if err == nil { // resp is now filled fmt.Println(resp) }
func (c *VerifiedPermissions) DeletePolicyStore(input *DeletePolicyStoreInput) (*DeletePolicyStoreOutput, error)
DeletePolicyStore API operation for Amazon Verified Permissions.
Deletes the specified policy store.
This operation is idempotent. If you specify a policy store that does not exist, the request response will still return a successful HTTP 200 status code.
Returns awserr.Error for service API and SDK errors. Use runtime type assertions with awserr.Error's Code and Message methods to get detailed information about the error.
See the AWS API reference guide for Amazon Verified Permissions's API operation DeletePolicyStore for usage and error information.
Returned Error Types:
ValidationException The request failed because one or more input parameters don't satisfy their constraint requirements. The output is provided as a list of fields and a reason for each field that isn't valid.
The possible reasons include the following:
UnrecognizedEntityType The policy includes an entity type that isn't found in the schema.
UnrecognizedActionId The policy includes an action id that isn't found in the schema.
InvalidActionApplication The policy includes an action that, according to the schema, doesn't support the specified principal and resource.
UnexpectedType The policy included an operand that isn't a valid type for the specified operation.
IncompatibleTypes The types of elements included in a set, or the types of expressions used in an if...then...else clause aren't compatible in this context.
MissingAttribute The policy attempts to access a record or entity attribute that isn't specified in the schema. Test for the existence of the attribute first before attempting to access its value. For more information, see the has (presence of attribute test) operator (https://docs.cedarpolicy.com/policies/syntax-operators.html#has-presence-of-attribute-test) in the Cedar Policy Language Guide.
UnsafeOptionalAttributeAccess The policy attempts to access a record or entity attribute that is optional and isn't guaranteed to be present. Test for the existence of the attribute first before attempting to access its value. For more information, see the has (presence of attribute test) operator (https://docs.cedarpolicy.com/policies/syntax-operators.html#has-presence-of-attribute-test) in the Cedar Policy Language Guide.
ImpossiblePolicy Cedar has determined that a policy condition always evaluates to false. If the policy is always false, it can never apply to any query, and so it can never affect an authorization decision.
WrongNumberArguments The policy references an extension type with the wrong number of arguments.
FunctionArgumentValidationError Cedar couldn't parse the argument passed to an extension type. For example, a string that is to be parsed as an IPv4 address can contain only digits and the period character.
AccessDeniedException You don't have sufficient access to perform this action.
ThrottlingException The request failed because it exceeded a throttling quota.
InternalServerException The request failed because of an internal error. Try your request again later
func (c *VerifiedPermissions) DeletePolicyStoreRequest(input *DeletePolicyStoreInput) (req *request.Request, output *DeletePolicyStoreOutput)
DeletePolicyStoreRequest generates a "aws/request.Request" representing the client's request for the DeletePolicyStore operation. The "output" return value will be populated with the request's response once the request completes successfully.
Use "Send" method on the returned Request to send the API call to the service. the "output" return value is not valid until after Send returns without error.
See DeletePolicyStore for more information on using the DeletePolicyStore API call, and error handling.
This method is useful when you want to inject custom logic or configuration into the SDK's request lifecycle. Such as custom headers, or retry logic.
// Example sending a request using the DeletePolicyStoreRequest method. req, resp := client.DeletePolicyStoreRequest(params) err := req.Send() if err == nil { // resp is now filled fmt.Println(resp) }
func (c *VerifiedPermissions) DeletePolicyStoreWithContext(ctx aws.Context, input *DeletePolicyStoreInput, opts ...request.Option) (*DeletePolicyStoreOutput, error)
DeletePolicyStoreWithContext is the same as DeletePolicyStore with the addition of the ability to pass a context and additional request options.
See DeletePolicyStore for details on how to use this API operation.
The context must be non-nil and will be used for request cancellation. If the context is nil a panic will occur. In the future the SDK may create sub-contexts for http.Requests. See https://golang.org/pkg/context/ for more information on using Contexts.
func (c *VerifiedPermissions) DeletePolicyTemplate(input *DeletePolicyTemplateInput) (*DeletePolicyTemplateOutput, error)
DeletePolicyTemplate API operation for Amazon Verified Permissions.
Deletes the specified policy template from the policy store.
This operation also deletes any policies that were created from the specified policy template. Those policies are immediately removed from all future API responses, and are asynchronously deleted from the policy store.
Returns awserr.Error for service API and SDK errors. Use runtime type assertions with awserr.Error's Code and Message methods to get detailed information about the error.
See the AWS API reference guide for Amazon Verified Permissions's API operation DeletePolicyTemplate for usage and error information.
Returned Error Types:
ValidationException The request failed because one or more input parameters don't satisfy their constraint requirements. The output is provided as a list of fields and a reason for each field that isn't valid.
The possible reasons include the following:
UnrecognizedEntityType The policy includes an entity type that isn't found in the schema.
UnrecognizedActionId The policy includes an action id that isn't found in the schema.
InvalidActionApplication The policy includes an action that, according to the schema, doesn't support the specified principal and resource.
UnexpectedType The policy included an operand that isn't a valid type for the specified operation.
IncompatibleTypes The types of elements included in a set, or the types of expressions used in an if...then...else clause aren't compatible in this context.
MissingAttribute The policy attempts to access a record or entity attribute that isn't specified in the schema. Test for the existence of the attribute first before attempting to access its value. For more information, see the has (presence of attribute test) operator (https://docs.cedarpolicy.com/policies/syntax-operators.html#has-presence-of-attribute-test) in the Cedar Policy Language Guide.
UnsafeOptionalAttributeAccess The policy attempts to access a record or entity attribute that is optional and isn't guaranteed to be present. Test for the existence of the attribute first before attempting to access its value. For more information, see the has (presence of attribute test) operator (https://docs.cedarpolicy.com/policies/syntax-operators.html#has-presence-of-attribute-test) in the Cedar Policy Language Guide.
ImpossiblePolicy Cedar has determined that a policy condition always evaluates to false. If the policy is always false, it can never apply to any query, and so it can never affect an authorization decision.
WrongNumberArguments The policy references an extension type with the wrong number of arguments.
FunctionArgumentValidationError Cedar couldn't parse the argument passed to an extension type. For example, a string that is to be parsed as an IPv4 address can contain only digits and the period character.
ConflictException The request failed because another request to modify a resource occurred at the same.
AccessDeniedException You don't have sufficient access to perform this action.
ResourceNotFoundException The request failed because it references a resource that doesn't exist.
ThrottlingException The request failed because it exceeded a throttling quota.
InternalServerException The request failed because of an internal error. Try your request again later
func (c *VerifiedPermissions) DeletePolicyTemplateRequest(input *DeletePolicyTemplateInput) (req *request.Request, output *DeletePolicyTemplateOutput)
DeletePolicyTemplateRequest generates a "aws/request.Request" representing the client's request for the DeletePolicyTemplate operation. The "output" return value will be populated with the request's response once the request completes successfully.
Use "Send" method on the returned Request to send the API call to the service. the "output" return value is not valid until after Send returns without error.
See DeletePolicyTemplate for more information on using the DeletePolicyTemplate API call, and error handling.
This method is useful when you want to inject custom logic or configuration into the SDK's request lifecycle. Such as custom headers, or retry logic.
// Example sending a request using the DeletePolicyTemplateRequest method. req, resp := client.DeletePolicyTemplateRequest(params) err := req.Send() if err == nil { // resp is now filled fmt.Println(resp) }
func (c *VerifiedPermissions) DeletePolicyTemplateWithContext(ctx aws.Context, input *DeletePolicyTemplateInput, opts ...request.Option) (*DeletePolicyTemplateOutput, error)
DeletePolicyTemplateWithContext is the same as DeletePolicyTemplate with the addition of the ability to pass a context and additional request options.
See DeletePolicyTemplate for details on how to use this API operation.
The context must be non-nil and will be used for request cancellation. If the context is nil a panic will occur. In the future the SDK may create sub-contexts for http.Requests. See https://golang.org/pkg/context/ for more information on using Contexts.
func (c *VerifiedPermissions) DeletePolicyWithContext(ctx aws.Context, input *DeletePolicyInput, opts ...request.Option) (*DeletePolicyOutput, error)
DeletePolicyWithContext is the same as DeletePolicy with the addition of the ability to pass a context and additional request options.
See DeletePolicy for details on how to use this API operation.
The context must be non-nil and will be used for request cancellation. If the context is nil a panic will occur. In the future the SDK may create sub-contexts for http.Requests. See https://golang.org/pkg/context/ for more information on using Contexts.
func (c *VerifiedPermissions) GetIdentitySource(input *GetIdentitySourceInput) (*GetIdentitySourceOutput, error)
GetIdentitySource API operation for Amazon Verified Permissions.
Retrieves the details about the specified identity source.
Returns awserr.Error for service API and SDK errors. Use runtime type assertions with awserr.Error's Code and Message methods to get detailed information about the error.
See the AWS API reference guide for Amazon Verified Permissions's API operation GetIdentitySource for usage and error information.
Returned Error Types:
ValidationException The request failed because one or more input parameters don't satisfy their constraint requirements. The output is provided as a list of fields and a reason for each field that isn't valid.
The possible reasons include the following:
UnrecognizedEntityType The policy includes an entity type that isn't found in the schema.
UnrecognizedActionId The policy includes an action id that isn't found in the schema.
InvalidActionApplication The policy includes an action that, according to the schema, doesn't support the specified principal and resource.
UnexpectedType The policy included an operand that isn't a valid type for the specified operation.
IncompatibleTypes The types of elements included in a set, or the types of expressions used in an if...then...else clause aren't compatible in this context.
MissingAttribute The policy attempts to access a record or entity attribute that isn't specified in the schema. Test for the existence of the attribute first before attempting to access its value. For more information, see the has (presence of attribute test) operator (https://docs.cedarpolicy.com/policies/syntax-operators.html#has-presence-of-attribute-test) in the Cedar Policy Language Guide.
UnsafeOptionalAttributeAccess The policy attempts to access a record or entity attribute that is optional and isn't guaranteed to be present. Test for the existence of the attribute first before attempting to access its value. For more information, see the has (presence of attribute test) operator (https://docs.cedarpolicy.com/policies/syntax-operators.html#has-presence-of-attribute-test) in the Cedar Policy Language Guide.
ImpossiblePolicy Cedar has determined that a policy condition always evaluates to false. If the policy is always false, it can never apply to any query, and so it can never affect an authorization decision.
WrongNumberArguments The policy references an extension type with the wrong number of arguments.
FunctionArgumentValidationError Cedar couldn't parse the argument passed to an extension type. For example, a string that is to be parsed as an IPv4 address can contain only digits and the period character.
AccessDeniedException You don't have sufficient access to perform this action.
ResourceNotFoundException The request failed because it references a resource that doesn't exist.
ThrottlingException The request failed because it exceeded a throttling quota.
InternalServerException The request failed because of an internal error. Try your request again later
func (c *VerifiedPermissions) GetIdentitySourceRequest(input *GetIdentitySourceInput) (req *request.Request, output *GetIdentitySourceOutput)
GetIdentitySourceRequest generates a "aws/request.Request" representing the client's request for the GetIdentitySource operation. The "output" return value will be populated with the request's response once the request completes successfully.
Use "Send" method on the returned Request to send the API call to the service. the "output" return value is not valid until after Send returns without error.
See GetIdentitySource for more information on using the GetIdentitySource API call, and error handling.
This method is useful when you want to inject custom logic or configuration into the SDK's request lifecycle. Such as custom headers, or retry logic.
// Example sending a request using the GetIdentitySourceRequest method. req, resp := client.GetIdentitySourceRequest(params) err := req.Send() if err == nil { // resp is now filled fmt.Println(resp) }
func (c *VerifiedPermissions) GetIdentitySourceWithContext(ctx aws.Context, input *GetIdentitySourceInput, opts ...request.Option) (*GetIdentitySourceOutput, error)
GetIdentitySourceWithContext is the same as GetIdentitySource with the addition of the ability to pass a context and additional request options.
See GetIdentitySource for details on how to use this API operation.
The context must be non-nil and will be used for request cancellation. If the context is nil a panic will occur. In the future the SDK may create sub-contexts for http.Requests. See https://golang.org/pkg/context/ for more information on using Contexts.
func (c *VerifiedPermissions) GetPolicy(input *GetPolicyInput) (*GetPolicyOutput, error)
GetPolicy API operation for Amazon Verified Permissions.
Retrieves information about the specified policy.
Returns awserr.Error for service API and SDK errors. Use runtime type assertions with awserr.Error's Code and Message methods to get detailed information about the error.
See the AWS API reference guide for Amazon Verified Permissions's API operation GetPolicy for usage and error information.
Returned Error Types:
ValidationException The request failed because one or more input parameters don't satisfy their constraint requirements. The output is provided as a list of fields and a reason for each field that isn't valid.
The possible reasons include the following:
UnrecognizedEntityType The policy includes an entity type that isn't found in the schema.
UnrecognizedActionId The policy includes an action id that isn't found in the schema.
InvalidActionApplication The policy includes an action that, according to the schema, doesn't support the specified principal and resource.
UnexpectedType The policy included an operand that isn't a valid type for the specified operation.
IncompatibleTypes The types of elements included in a set, or the types of expressions used in an if...then...else clause aren't compatible in this context.
MissingAttribute The policy attempts to access a record or entity attribute that isn't specified in the schema. Test for the existence of the attribute first before attempting to access its value. For more information, see the has (presence of attribute test) operator (https://docs.cedarpolicy.com/policies/syntax-operators.html#has-presence-of-attribute-test) in the Cedar Policy Language Guide.
UnsafeOptionalAttributeAccess The policy attempts to access a record or entity attribute that is optional and isn't guaranteed to be present. Test for the existence of the attribute first before attempting to access its value. For more information, see the has (presence of attribute test) operator (https://docs.cedarpolicy.com/policies/syntax-operators.html#has-presence-of-attribute-test) in the Cedar Policy Language Guide.
ImpossiblePolicy Cedar has determined that a policy condition always evaluates to false. If the policy is always false, it can never apply to any query, and so it can never affect an authorization decision.
WrongNumberArguments The policy references an extension type with the wrong number of arguments.
FunctionArgumentValidationError Cedar couldn't parse the argument passed to an extension type. For example, a string that is to be parsed as an IPv4 address can contain only digits and the period character.
AccessDeniedException You don't have sufficient access to perform this action.
ResourceNotFoundException The request failed because it references a resource that doesn't exist.
ThrottlingException The request failed because it exceeded a throttling quota.
InternalServerException The request failed because of an internal error. Try your request again later
func (c *VerifiedPermissions) GetPolicyRequest(input *GetPolicyInput) (req *request.Request, output *GetPolicyOutput)
GetPolicyRequest generates a "aws/request.Request" representing the client's request for the GetPolicy operation. The "output" return value will be populated with the request's response once the request completes successfully.
Use "Send" method on the returned Request to send the API call to the service. the "output" return value is not valid until after Send returns without error.
See GetPolicy for more information on using the GetPolicy API call, and error handling.
This method is useful when you want to inject custom logic or configuration into the SDK's request lifecycle. Such as custom headers, or retry logic.
// Example sending a request using the GetPolicyRequest method. req, resp := client.GetPolicyRequest(params) err := req.Send() if err == nil { // resp is now filled fmt.Println(resp) }
func (c *VerifiedPermissions) GetPolicyStore(input *GetPolicyStoreInput) (*GetPolicyStoreOutput, error)
GetPolicyStore API operation for Amazon Verified Permissions.
Retrieves details about a policy store.
Returns awserr.Error for service API and SDK errors. Use runtime type assertions with awserr.Error's Code and Message methods to get detailed information about the error.
See the AWS API reference guide for Amazon Verified Permissions's API operation GetPolicyStore for usage and error information.
Returned Error Types:
ValidationException The request failed because one or more input parameters don't satisfy their constraint requirements. The output is provided as a list of fields and a reason for each field that isn't valid.
The possible reasons include the following:
UnrecognizedEntityType The policy includes an entity type that isn't found in the schema.
UnrecognizedActionId The policy includes an action id that isn't found in the schema.
InvalidActionApplication The policy includes an action that, according to the schema, doesn't support the specified principal and resource.
UnexpectedType The policy included an operand that isn't a valid type for the specified operation.
IncompatibleTypes The types of elements included in a set, or the types of expressions used in an if...then...else clause aren't compatible in this context.
MissingAttribute The policy attempts to access a record or entity attribute that isn't specified in the schema. Test for the existence of the attribute first before attempting to access its value. For more information, see the has (presence of attribute test) operator (https://docs.cedarpolicy.com/policies/syntax-operators.html#has-presence-of-attribute-test) in the Cedar Policy Language Guide.
UnsafeOptionalAttributeAccess The policy attempts to access a record or entity attribute that is optional and isn't guaranteed to be present. Test for the existence of the attribute first before attempting to access its value. For more information, see the has (presence of attribute test) operator (https://docs.cedarpolicy.com/policies/syntax-operators.html#has-presence-of-attribute-test) in the Cedar Policy Language Guide.
ImpossiblePolicy Cedar has determined that a policy condition always evaluates to false. If the policy is always false, it can never apply to any query, and so it can never affect an authorization decision.
WrongNumberArguments The policy references an extension type with the wrong number of arguments.
FunctionArgumentValidationError Cedar couldn't parse the argument passed to an extension type. For example, a string that is to be parsed as an IPv4 address can contain only digits and the period character.
AccessDeniedException You don't have sufficient access to perform this action.
ResourceNotFoundException The request failed because it references a resource that doesn't exist.
ThrottlingException The request failed because it exceeded a throttling quota.
InternalServerException The request failed because of an internal error. Try your request again later
func (c *VerifiedPermissions) GetPolicyStoreRequest(input *GetPolicyStoreInput) (req *request.Request, output *GetPolicyStoreOutput)
GetPolicyStoreRequest generates a "aws/request.Request" representing the client's request for the GetPolicyStore operation. The "output" return value will be populated with the request's response once the request completes successfully.
Use "Send" method on the returned Request to send the API call to the service. the "output" return value is not valid until after Send returns without error.
See GetPolicyStore for more information on using the GetPolicyStore API call, and error handling.
This method is useful when you want to inject custom logic or configuration into the SDK's request lifecycle. Such as custom headers, or retry logic.
// Example sending a request using the GetPolicyStoreRequest method. req, resp := client.GetPolicyStoreRequest(params) err := req.Send() if err == nil { // resp is now filled fmt.Println(resp) }
func (c *VerifiedPermissions) GetPolicyStoreWithContext(ctx aws.Context, input *GetPolicyStoreInput, opts ...request.Option) (*GetPolicyStoreOutput, error)
GetPolicyStoreWithContext is the same as GetPolicyStore with the addition of the ability to pass a context and additional request options.
See GetPolicyStore for details on how to use this API operation.
The context must be non-nil and will be used for request cancellation. If the context is nil a panic will occur. In the future the SDK may create sub-contexts for http.Requests. See https://golang.org/pkg/context/ for more information on using Contexts.
func (c *VerifiedPermissions) GetPolicyTemplate(input *GetPolicyTemplateInput) (*GetPolicyTemplateOutput, error)
GetPolicyTemplate API operation for Amazon Verified Permissions.
Retrieve the details for the specified policy template in the specified policy store.
Returns awserr.Error for service API and SDK errors. Use runtime type assertions with awserr.Error's Code and Message methods to get detailed information about the error.
See the AWS API reference guide for Amazon Verified Permissions's API operation GetPolicyTemplate for usage and error information.
Returned Error Types:
ValidationException The request failed because one or more input parameters don't satisfy their constraint requirements. The output is provided as a list of fields and a reason for each field that isn't valid.
The possible reasons include the following:
UnrecognizedEntityType The policy includes an entity type that isn't found in the schema.
UnrecognizedActionId The policy includes an action id that isn't found in the schema.
InvalidActionApplication The policy includes an action that, according to the schema, doesn't support the specified principal and resource.
UnexpectedType The policy included an operand that isn't a valid type for the specified operation.
IncompatibleTypes The types of elements included in a set, or the types of expressions used in an if...then...else clause aren't compatible in this context.
MissingAttribute The policy attempts to access a record or entity attribute that isn't specified in the schema. Test for the existence of the attribute first before attempting to access its value. For more information, see the has (presence of attribute test) operator (https://docs.cedarpolicy.com/policies/syntax-operators.html#has-presence-of-attribute-test) in the Cedar Policy Language Guide.
UnsafeOptionalAttributeAccess The policy attempts to access a record or entity attribute that is optional and isn't guaranteed to be present. Test for the existence of the attribute first before attempting to access its value. For more information, see the has (presence of attribute test) operator (https://docs.cedarpolicy.com/policies/syntax-operators.html#has-presence-of-attribute-test) in the Cedar Policy Language Guide.
ImpossiblePolicy Cedar has determined that a policy condition always evaluates to false. If the policy is always false, it can never apply to any query, and so it can never affect an authorization decision.
WrongNumberArguments The policy references an extension type with the wrong number of arguments.
FunctionArgumentValidationError Cedar couldn't parse the argument passed to an extension type. For example, a string that is to be parsed as an IPv4 address can contain only digits and the period character.
AccessDeniedException You don't have sufficient access to perform this action.
ResourceNotFoundException The request failed because it references a resource that doesn't exist.
ThrottlingException The request failed because it exceeded a throttling quota.
InternalServerException The request failed because of an internal error. Try your request again later
func (c *VerifiedPermissions) GetPolicyTemplateRequest(input *GetPolicyTemplateInput) (req *request.Request, output *GetPolicyTemplateOutput)
GetPolicyTemplateRequest generates a "aws/request.Request" representing the client's request for the GetPolicyTemplate operation. The "output" return value will be populated with the request's response once the request completes successfully.
Use "Send" method on the returned Request to send the API call to the service. the "output" return value is not valid until after Send returns without error.
See GetPolicyTemplate for more information on using the GetPolicyTemplate API call, and error handling.
This method is useful when you want to inject custom logic or configuration into the SDK's request lifecycle. Such as custom headers, or retry logic.
// Example sending a request using the GetPolicyTemplateRequest method. req, resp := client.GetPolicyTemplateRequest(params) err := req.Send() if err == nil { // resp is now filled fmt.Println(resp) }
func (c *VerifiedPermissions) GetPolicyTemplateWithContext(ctx aws.Context, input *GetPolicyTemplateInput, opts ...request.Option) (*GetPolicyTemplateOutput, error)
GetPolicyTemplateWithContext is the same as GetPolicyTemplate with the addition of the ability to pass a context and additional request options.
See GetPolicyTemplate for details on how to use this API operation.
The context must be non-nil and will be used for request cancellation. If the context is nil a panic will occur. In the future the SDK may create sub-contexts for http.Requests. See https://golang.org/pkg/context/ for more information on using Contexts.
func (c *VerifiedPermissions) GetPolicyWithContext(ctx aws.Context, input *GetPolicyInput, opts ...request.Option) (*GetPolicyOutput, error)
GetPolicyWithContext is the same as GetPolicy with the addition of the ability to pass a context and additional request options.
See GetPolicy for details on how to use this API operation.
The context must be non-nil and will be used for request cancellation. If the context is nil a panic will occur. In the future the SDK may create sub-contexts for http.Requests. See https://golang.org/pkg/context/ for more information on using Contexts.
func (c *VerifiedPermissions) GetSchema(input *GetSchemaInput) (*GetSchemaOutput, error)
GetSchema API operation for Amazon Verified Permissions.
Retrieve the details for the specified schema in the specified policy store.
Returns awserr.Error for service API and SDK errors. Use runtime type assertions with awserr.Error's Code and Message methods to get detailed information about the error.
See the AWS API reference guide for Amazon Verified Permissions's API operation GetSchema for usage and error information.
Returned Error Types:
ValidationException The request failed because one or more input parameters don't satisfy their constraint requirements. The output is provided as a list of fields and a reason for each field that isn't valid.
The possible reasons include the following:
UnrecognizedEntityType The policy includes an entity type that isn't found in the schema.
UnrecognizedActionId The policy includes an action id that isn't found in the schema.
InvalidActionApplication The policy includes an action that, according to the schema, doesn't support the specified principal and resource.
UnexpectedType The policy included an operand that isn't a valid type for the specified operation.
IncompatibleTypes The types of elements included in a set, or the types of expressions used in an if...then...else clause aren't compatible in this context.
MissingAttribute The policy attempts to access a record or entity attribute that isn't specified in the schema. Test for the existence of the attribute first before attempting to access its value. For more information, see the has (presence of attribute test) operator (https://docs.cedarpolicy.com/policies/syntax-operators.html#has-presence-of-attribute-test) in the Cedar Policy Language Guide.
UnsafeOptionalAttributeAccess The policy attempts to access a record or entity attribute that is optional and isn't guaranteed to be present. Test for the existence of the attribute first before attempting to access its value. For more information, see the has (presence of attribute test) operator (https://docs.cedarpolicy.com/policies/syntax-operators.html#has-presence-of-attribute-test) in the Cedar Policy Language Guide.
ImpossiblePolicy Cedar has determined that a policy condition always evaluates to false. If the policy is always false, it can never apply to any query, and so it can never affect an authorization decision.
WrongNumberArguments The policy references an extension type with the wrong number of arguments.
FunctionArgumentValidationError Cedar couldn't parse the argument passed to an extension type. For example, a string that is to be parsed as an IPv4 address can contain only digits and the period character.
AccessDeniedException You don't have sufficient access to perform this action.
ResourceNotFoundException The request failed because it references a resource that doesn't exist.
ThrottlingException The request failed because it exceeded a throttling quota.
InternalServerException The request failed because of an internal error. Try your request again later
func (c *VerifiedPermissions) GetSchemaRequest(input *GetSchemaInput) (req *request.Request, output *GetSchemaOutput)
GetSchemaRequest generates a "aws/request.Request" representing the client's request for the GetSchema operation. The "output" return value will be populated with the request's response once the request completes successfully.
Use "Send" method on the returned Request to send the API call to the service. the "output" return value is not valid until after Send returns without error.
See GetSchema for more information on using the GetSchema API call, and error handling.
This method is useful when you want to inject custom logic or configuration into the SDK's request lifecycle. Such as custom headers, or retry logic.
// Example sending a request using the GetSchemaRequest method. req, resp := client.GetSchemaRequest(params) err := req.Send() if err == nil { // resp is now filled fmt.Println(resp) }
func (c *VerifiedPermissions) GetSchemaWithContext(ctx aws.Context, input *GetSchemaInput, opts ...request.Option) (*GetSchemaOutput, error)
GetSchemaWithContext is the same as GetSchema with the addition of the ability to pass a context and additional request options.
See GetSchema for details on how to use this API operation.
The context must be non-nil and will be used for request cancellation. If the context is nil a panic will occur. In the future the SDK may create sub-contexts for http.Requests. See https://golang.org/pkg/context/ for more information on using Contexts.
func (c *VerifiedPermissions) IsAuthorized(input *IsAuthorizedInput) (*IsAuthorizedOutput, error)
IsAuthorized API operation for Amazon Verified Permissions.
Makes an authorization decision about a service request described in the parameters. The information in the parameters can also define additional context that Verified Permissions can include in the evaluation. The request is evaluated against all matching policies in the specified policy store. The result of the decision is either Allow or Deny, along with a list of the policies that resulted in the decision.
Returns awserr.Error for service API and SDK errors. Use runtime type assertions with awserr.Error's Code and Message methods to get detailed information about the error.
See the AWS API reference guide for Amazon Verified Permissions's API operation IsAuthorized for usage and error information.
Returned Error Types:
ValidationException The request failed because one or more input parameters don't satisfy their constraint requirements. The output is provided as a list of fields and a reason for each field that isn't valid.
The possible reasons include the following:
UnrecognizedEntityType The policy includes an entity type that isn't found in the schema.
UnrecognizedActionId The policy includes an action id that isn't found in the schema.
InvalidActionApplication The policy includes an action that, according to the schema, doesn't support the specified principal and resource.
UnexpectedType The policy included an operand that isn't a valid type for the specified operation.
IncompatibleTypes The types of elements included in a set, or the types of expressions used in an if...then...else clause aren't compatible in this context.
MissingAttribute The policy attempts to access a record or entity attribute that isn't specified in the schema. Test for the existence of the attribute first before attempting to access its value. For more information, see the has (presence of attribute test) operator (https://docs.cedarpolicy.com/policies/syntax-operators.html#has-presence-of-attribute-test) in the Cedar Policy Language Guide.
UnsafeOptionalAttributeAccess The policy attempts to access a record or entity attribute that is optional and isn't guaranteed to be present. Test for the existence of the attribute first before attempting to access its value. For more information, see the has (presence of attribute test) operator (https://docs.cedarpolicy.com/policies/syntax-operators.html#has-presence-of-attribute-test) in the Cedar Policy Language Guide.
ImpossiblePolicy Cedar has determined that a policy condition always evaluates to false. If the policy is always false, it can never apply to any query, and so it can never affect an authorization decision.
WrongNumberArguments The policy references an extension type with the wrong number of arguments.
FunctionArgumentValidationError Cedar couldn't parse the argument passed to an extension type. For example, a string that is to be parsed as an IPv4 address can contain only digits and the period character.
AccessDeniedException You don't have sufficient access to perform this action.
ResourceNotFoundException The request failed because it references a resource that doesn't exist.
ThrottlingException The request failed because it exceeded a throttling quota.
InternalServerException The request failed because of an internal error. Try your request again later
func (c *VerifiedPermissions) IsAuthorizedRequest(input *IsAuthorizedInput) (req *request.Request, output *IsAuthorizedOutput)
IsAuthorizedRequest generates a "aws/request.Request" representing the client's request for the IsAuthorized operation. The "output" return value will be populated with the request's response once the request completes successfully.
Use "Send" method on the returned Request to send the API call to the service. the "output" return value is not valid until after Send returns without error.
See IsAuthorized for more information on using the IsAuthorized API call, and error handling.
This method is useful when you want to inject custom logic or configuration into the SDK's request lifecycle. Such as custom headers, or retry logic.
// Example sending a request using the IsAuthorizedRequest method. req, resp := client.IsAuthorizedRequest(params) err := req.Send() if err == nil { // resp is now filled fmt.Println(resp) }
func (c *VerifiedPermissions) IsAuthorizedWithContext(ctx aws.Context, input *IsAuthorizedInput, opts ...request.Option) (*IsAuthorizedOutput, error)
IsAuthorizedWithContext is the same as IsAuthorized with the addition of the ability to pass a context and additional request options.
See IsAuthorized for details on how to use this API operation.
The context must be non-nil and will be used for request cancellation. If the context is nil a panic will occur. In the future the SDK may create sub-contexts for http.Requests. See https://golang.org/pkg/context/ for more information on using Contexts.
func (c *VerifiedPermissions) IsAuthorizedWithToken(input *IsAuthorizedWithTokenInput) (*IsAuthorizedWithTokenOutput, error)
IsAuthorizedWithToken API operation for Amazon Verified Permissions.
Makes an authorization decision about a service request described in the parameters. The principal in this request comes from an external identity source in the form of an identity token formatted as a JSON web token (JWT) (https://wikipedia.org/wiki/JSON_Web_Token). The information in the parameters can also define additional context that Verified Permissions can include in the evaluation. The request is evaluated against all matching policies in the specified policy store. The result of the decision is either Allow or Deny, along with a list of the policies that resulted in the decision.
At this time, Verified Permissions accepts tokens from only Amazon Cognito.
Verified Permissions validates each token that is specified in a request by checking its expiration date and its signature.
Tokens from an identity source user continue to be usable until they expire. Token revocation and resource deletion have no effect on the validity of a token in your policy store
Returns awserr.Error for service API and SDK errors. Use runtime type assertions with awserr.Error's Code and Message methods to get detailed information about the error.
See the AWS API reference guide for Amazon Verified Permissions's API operation IsAuthorizedWithToken for usage and error information.
Returned Error Types:
ValidationException The request failed because one or more input parameters don't satisfy their constraint requirements. The output is provided as a list of fields and a reason for each field that isn't valid.
The possible reasons include the following:
UnrecognizedEntityType The policy includes an entity type that isn't found in the schema.
UnrecognizedActionId The policy includes an action id that isn't found in the schema.
InvalidActionApplication The policy includes an action that, according to the schema, doesn't support the specified principal and resource.
UnexpectedType The policy included an operand that isn't a valid type for the specified operation.
IncompatibleTypes The types of elements included in a set, or the types of expressions used in an if...then...else clause aren't compatible in this context.
MissingAttribute The policy attempts to access a record or entity attribute that isn't specified in the schema. Test for the existence of the attribute first before attempting to access its value. For more information, see the has (presence of attribute test) operator (https://docs.cedarpolicy.com/policies/syntax-operators.html#has-presence-of-attribute-test) in the Cedar Policy Language Guide.
UnsafeOptionalAttributeAccess The policy attempts to access a record or entity attribute that is optional and isn't guaranteed to be present. Test for the existence of the attribute first before attempting to access its value. For more information, see the has (presence of attribute test) operator (https://docs.cedarpolicy.com/policies/syntax-operators.html#has-presence-of-attribute-test) in the Cedar Policy Language Guide.
ImpossiblePolicy Cedar has determined that a policy condition always evaluates to false. If the policy is always false, it can never apply to any query, and so it can never affect an authorization decision.
WrongNumberArguments The policy references an extension type with the wrong number of arguments.
FunctionArgumentValidationError Cedar couldn't parse the argument passed to an extension type. For example, a string that is to be parsed as an IPv4 address can contain only digits and the period character.
AccessDeniedException You don't have sufficient access to perform this action.
ResourceNotFoundException The request failed because it references a resource that doesn't exist.
ThrottlingException The request failed because it exceeded a throttling quota.
InternalServerException The request failed because of an internal error. Try your request again later
func (c *VerifiedPermissions) IsAuthorizedWithTokenRequest(input *IsAuthorizedWithTokenInput) (req *request.Request, output *IsAuthorizedWithTokenOutput)
IsAuthorizedWithTokenRequest generates a "aws/request.Request" representing the client's request for the IsAuthorizedWithToken operation. The "output" return value will be populated with the request's response once the request completes successfully.
Use "Send" method on the returned Request to send the API call to the service. the "output" return value is not valid until after Send returns without error.
See IsAuthorizedWithToken for more information on using the IsAuthorizedWithToken API call, and error handling.
This method is useful when you want to inject custom logic or configuration into the SDK's request lifecycle. Such as custom headers, or retry logic.
// Example sending a request using the IsAuthorizedWithTokenRequest method. req, resp := client.IsAuthorizedWithTokenRequest(params) err := req.Send() if err == nil { // resp is now filled fmt.Println(resp) }
func (c *VerifiedPermissions) IsAuthorizedWithTokenWithContext(ctx aws.Context, input *IsAuthorizedWithTokenInput, opts ...request.Option) (*IsAuthorizedWithTokenOutput, error)
IsAuthorizedWithTokenWithContext is the same as IsAuthorizedWithToken with the addition of the ability to pass a context and additional request options.
See IsAuthorizedWithToken for details on how to use this API operation.
The context must be non-nil and will be used for request cancellation. If the context is nil a panic will occur. In the future the SDK may create sub-contexts for http.Requests. See https://golang.org/pkg/context/ for more information on using Contexts.
func (c *VerifiedPermissions) ListIdentitySources(input *ListIdentitySourcesInput) (*ListIdentitySourcesOutput, error)
ListIdentitySources API operation for Amazon Verified Permissions.
Returns a paginated list of all of the identity sources defined in the specified policy store.
Returns awserr.Error for service API and SDK errors. Use runtime type assertions with awserr.Error's Code and Message methods to get detailed information about the error.
See the AWS API reference guide for Amazon Verified Permissions's API operation ListIdentitySources for usage and error information.
Returned Error Types:
ValidationException The request failed because one or more input parameters don't satisfy their constraint requirements. The output is provided as a list of fields and a reason for each field that isn't valid.
The possible reasons include the following:
UnrecognizedEntityType The policy includes an entity type that isn't found in the schema.
UnrecognizedActionId The policy includes an action id that isn't found in the schema.
InvalidActionApplication The policy includes an action that, according to the schema, doesn't support the specified principal and resource.
UnexpectedType The policy included an operand that isn't a valid type for the specified operation.
IncompatibleTypes The types of elements included in a set, or the types of expressions used in an if...then...else clause aren't compatible in this context.
MissingAttribute The policy attempts to access a record or entity attribute that isn't specified in the schema. Test for the existence of the attribute first before attempting to access its value. For more information, see the has (presence of attribute test) operator (https://docs.cedarpolicy.com/policies/syntax-operators.html#has-presence-of-attribute-test) in the Cedar Policy Language Guide.
UnsafeOptionalAttributeAccess The policy attempts to access a record or entity attribute that is optional and isn't guaranteed to be present. Test for the existence of the attribute first before attempting to access its value. For more information, see the has (presence of attribute test) operator (https://docs.cedarpolicy.com/policies/syntax-operators.html#has-presence-of-attribute-test) in the Cedar Policy Language Guide.
ImpossiblePolicy Cedar has determined that a policy condition always evaluates to false. If the policy is always false, it can never apply to any query, and so it can never affect an authorization decision.
WrongNumberArguments The policy references an extension type with the wrong number of arguments.
FunctionArgumentValidationError Cedar couldn't parse the argument passed to an extension type. For example, a string that is to be parsed as an IPv4 address can contain only digits and the period character.
AccessDeniedException You don't have sufficient access to perform this action.
ResourceNotFoundException The request failed because it references a resource that doesn't exist.
ThrottlingException The request failed because it exceeded a throttling quota.
InternalServerException The request failed because of an internal error. Try your request again later
func (c *VerifiedPermissions) ListIdentitySourcesPages(input *ListIdentitySourcesInput, fn func(*ListIdentitySourcesOutput, bool) bool) error
ListIdentitySourcesPages iterates over the pages of a ListIdentitySources operation, calling the "fn" function with the response data for each page. To stop iterating, return false from the fn function.
See ListIdentitySources method for more information on how to use this operation.
Note: This operation can generate multiple requests to a service.
// Example iterating over at most 3 pages of a ListIdentitySources operation. pageNum := 0 err := client.ListIdentitySourcesPages(params, func(page *verifiedpermissions.ListIdentitySourcesOutput, lastPage bool) bool { pageNum++ fmt.Println(page) return pageNum <= 3 })
func (c *VerifiedPermissions) ListIdentitySourcesPagesWithContext(ctx aws.Context, input *ListIdentitySourcesInput, fn func(*ListIdentitySourcesOutput, bool) bool, opts ...request.Option) error
ListIdentitySourcesPagesWithContext same as ListIdentitySourcesPages except it takes a Context and allows setting request options on the pages.
The context must be non-nil and will be used for request cancellation. If the context is nil a panic will occur. In the future the SDK may create sub-contexts for http.Requests. See https://golang.org/pkg/context/ for more information on using Contexts.
func (c *VerifiedPermissions) ListIdentitySourcesRequest(input *ListIdentitySourcesInput) (req *request.Request, output *ListIdentitySourcesOutput)
ListIdentitySourcesRequest generates a "aws/request.Request" representing the client's request for the ListIdentitySources operation. The "output" return value will be populated with the request's response once the request completes successfully.
Use "Send" method on the returned Request to send the API call to the service. the "output" return value is not valid until after Send returns without error.
See ListIdentitySources for more information on using the ListIdentitySources API call, and error handling.
This method is useful when you want to inject custom logic or configuration into the SDK's request lifecycle. Such as custom headers, or retry logic.
// Example sending a request using the ListIdentitySourcesRequest method. req, resp := client.ListIdentitySourcesRequest(params) err := req.Send() if err == nil { // resp is now filled fmt.Println(resp) }
func (c *VerifiedPermissions) ListIdentitySourcesWithContext(ctx aws.Context, input *ListIdentitySourcesInput, opts ...request.Option) (*ListIdentitySourcesOutput, error)
ListIdentitySourcesWithContext is the same as ListIdentitySources with the addition of the ability to pass a context and additional request options.
See ListIdentitySources for details on how to use this API operation.
The context must be non-nil and will be used for request cancellation. If the context is nil a panic will occur. In the future the SDK may create sub-contexts for http.Requests. See https://golang.org/pkg/context/ for more information on using Contexts.
func (c *VerifiedPermissions) ListPolicies(input *ListPoliciesInput) (*ListPoliciesOutput, error)
ListPolicies API operation for Amazon Verified Permissions.
Returns a paginated list of all policies stored in the specified policy store.
Returns awserr.Error for service API and SDK errors. Use runtime type assertions with awserr.Error's Code and Message methods to get detailed information about the error.
See the AWS API reference guide for Amazon Verified Permissions's API operation ListPolicies for usage and error information.
Returned Error Types:
ValidationException The request failed because one or more input parameters don't satisfy their constraint requirements. The output is provided as a list of fields and a reason for each field that isn't valid.
The possible reasons include the following:
UnrecognizedEntityType The policy includes an entity type that isn't found in the schema.
UnrecognizedActionId The policy includes an action id that isn't found in the schema.
InvalidActionApplication The policy includes an action that, according to the schema, doesn't support the specified principal and resource.
UnexpectedType The policy included an operand that isn't a valid type for the specified operation.
IncompatibleTypes The types of elements included in a set, or the types of expressions used in an if...then...else clause aren't compatible in this context.
MissingAttribute The policy attempts to access a record or entity attribute that isn't specified in the schema. Test for the existence of the attribute first before attempting to access its value. For more information, see the has (presence of attribute test) operator (https://docs.cedarpolicy.com/policies/syntax-operators.html#has-presence-of-attribute-test) in the Cedar Policy Language Guide.
UnsafeOptionalAttributeAccess The policy attempts to access a record or entity attribute that is optional and isn't guaranteed to be present. Test for the existence of the attribute first before attempting to access its value. For more information, see the has (presence of attribute test) operator (https://docs.cedarpolicy.com/policies/syntax-operators.html#has-presence-of-attribute-test) in the Cedar Policy Language Guide.
ImpossiblePolicy Cedar has determined that a policy condition always evaluates to false. If the policy is always false, it can never apply to any query, and so it can never affect an authorization decision.
WrongNumberArguments The policy references an extension type with the wrong number of arguments.
FunctionArgumentValidationError Cedar couldn't parse the argument passed to an extension type. For example, a string that is to be parsed as an IPv4 address can contain only digits and the period character.
AccessDeniedException You don't have sufficient access to perform this action.
ResourceNotFoundException The request failed because it references a resource that doesn't exist.
ThrottlingException The request failed because it exceeded a throttling quota.
InternalServerException The request failed because of an internal error. Try your request again later
func (c *VerifiedPermissions) ListPoliciesPages(input *ListPoliciesInput, fn func(*ListPoliciesOutput, bool) bool) error
ListPoliciesPages iterates over the pages of a ListPolicies operation, calling the "fn" function with the response data for each page. To stop iterating, return false from the fn function.
See ListPolicies method for more information on how to use this operation.
Note: This operation can generate multiple requests to a service.
// Example iterating over at most 3 pages of a ListPolicies operation. pageNum := 0 err := client.ListPoliciesPages(params, func(page *verifiedpermissions.ListPoliciesOutput, lastPage bool) bool { pageNum++ fmt.Println(page) return pageNum <= 3 })
func (c *VerifiedPermissions) ListPoliciesPagesWithContext(ctx aws.Context, input *ListPoliciesInput, fn func(*ListPoliciesOutput, bool) bool, opts ...request.Option) error
ListPoliciesPagesWithContext same as ListPoliciesPages except it takes a Context and allows setting request options on the pages.
The context must be non-nil and will be used for request cancellation. If the context is nil a panic will occur. In the future the SDK may create sub-contexts for http.Requests. See https://golang.org/pkg/context/ for more information on using Contexts.
func (c *VerifiedPermissions) ListPoliciesRequest(input *ListPoliciesInput) (req *request.Request, output *ListPoliciesOutput)
ListPoliciesRequest generates a "aws/request.Request" representing the client's request for the ListPolicies operation. The "output" return value will be populated with the request's response once the request completes successfully.
Use "Send" method on the returned Request to send the API call to the service. the "output" return value is not valid until after Send returns without error.
See ListPolicies for more information on using the ListPolicies API call, and error handling.
This method is useful when you want to inject custom logic or configuration into the SDK's request lifecycle. Such as custom headers, or retry logic.
// Example sending a request using the ListPoliciesRequest method. req, resp := client.ListPoliciesRequest(params) err := req.Send() if err == nil { // resp is now filled fmt.Println(resp) }
func (c *VerifiedPermissions) ListPoliciesWithContext(ctx aws.Context, input *ListPoliciesInput, opts ...request.Option) (*ListPoliciesOutput, error)
ListPoliciesWithContext is the same as ListPolicies with the addition of the ability to pass a context and additional request options.
See ListPolicies for details on how to use this API operation.
The context must be non-nil and will be used for request cancellation. If the context is nil a panic will occur. In the future the SDK may create sub-contexts for http.Requests. See https://golang.org/pkg/context/ for more information on using Contexts.
func (c *VerifiedPermissions) ListPolicyStores(input *ListPolicyStoresInput) (*ListPolicyStoresOutput, error)
ListPolicyStores API operation for Amazon Verified Permissions.
Returns a paginated list of all policy stores in the calling Amazon Web Services account.
Returns awserr.Error for service API and SDK errors. Use runtime type assertions with awserr.Error's Code and Message methods to get detailed information about the error.
See the AWS API reference guide for Amazon Verified Permissions's API operation ListPolicyStores for usage and error information.
Returned Error Types:
ValidationException The request failed because one or more input parameters don't satisfy their constraint requirements. The output is provided as a list of fields and a reason for each field that isn't valid.
The possible reasons include the following:
UnrecognizedEntityType The policy includes an entity type that isn't found in the schema.
UnrecognizedActionId The policy includes an action id that isn't found in the schema.
InvalidActionApplication The policy includes an action that, according to the schema, doesn't support the specified principal and resource.
UnexpectedType The policy included an operand that isn't a valid type for the specified operation.
IncompatibleTypes The types of elements included in a set, or the types of expressions used in an if...then...else clause aren't compatible in this context.
MissingAttribute The policy attempts to access a record or entity attribute that isn't specified in the schema. Test for the existence of the attribute first before attempting to access its value. For more information, see the has (presence of attribute test) operator (https://docs.cedarpolicy.com/policies/syntax-operators.html#has-presence-of-attribute-test) in the Cedar Policy Language Guide.
UnsafeOptionalAttributeAccess The policy attempts to access a record or entity attribute that is optional and isn't guaranteed to be present. Test for the existence of the attribute first before attempting to access its value. For more information, see the has (presence of attribute test) operator (https://docs.cedarpolicy.com/policies/syntax-operators.html#has-presence-of-attribute-test) in the Cedar Policy Language Guide.
ImpossiblePolicy Cedar has determined that a policy condition always evaluates to false. If the policy is always false, it can never apply to any query, and so it can never affect an authorization decision.
WrongNumberArguments The policy references an extension type with the wrong number of arguments.
FunctionArgumentValidationError Cedar couldn't parse the argument passed to an extension type. For example, a string that is to be parsed as an IPv4 address can contain only digits and the period character.
AccessDeniedException You don't have sufficient access to perform this action.
ThrottlingException The request failed because it exceeded a throttling quota.
InternalServerException The request failed because of an internal error. Try your request again later
func (c *VerifiedPermissions) ListPolicyStoresPages(input *ListPolicyStoresInput, fn func(*ListPolicyStoresOutput, bool) bool) error
ListPolicyStoresPages iterates over the pages of a ListPolicyStores operation, calling the "fn" function with the response data for each page. To stop iterating, return false from the fn function.
See ListPolicyStores method for more information on how to use this operation.
Note: This operation can generate multiple requests to a service.
// Example iterating over at most 3 pages of a ListPolicyStores operation. pageNum := 0 err := client.ListPolicyStoresPages(params, func(page *verifiedpermissions.ListPolicyStoresOutput, lastPage bool) bool { pageNum++ fmt.Println(page) return pageNum <= 3 })
func (c *VerifiedPermissions) ListPolicyStoresPagesWithContext(ctx aws.Context, input *ListPolicyStoresInput, fn func(*ListPolicyStoresOutput, bool) bool, opts ...request.Option) error
ListPolicyStoresPagesWithContext same as ListPolicyStoresPages except it takes a Context and allows setting request options on the pages.
The context must be non-nil and will be used for request cancellation. If the context is nil a panic will occur. In the future the SDK may create sub-contexts for http.Requests. See https://golang.org/pkg/context/ for more information on using Contexts.
func (c *VerifiedPermissions) ListPolicyStoresRequest(input *ListPolicyStoresInput) (req *request.Request, output *ListPolicyStoresOutput)
ListPolicyStoresRequest generates a "aws/request.Request" representing the client's request for the ListPolicyStores operation. The "output" return value will be populated with the request's response once the request completes successfully.
Use "Send" method on the returned Request to send the API call to the service. the "output" return value is not valid until after Send returns without error.
See ListPolicyStores for more information on using the ListPolicyStores API call, and error handling.
This method is useful when you want to inject custom logic or configuration into the SDK's request lifecycle. Such as custom headers, or retry logic.
// Example sending a request using the ListPolicyStoresRequest method. req, resp := client.ListPolicyStoresRequest(params) err := req.Send() if err == nil { // resp is now filled fmt.Println(resp) }
func (c *VerifiedPermissions) ListPolicyStoresWithContext(ctx aws.Context, input *ListPolicyStoresInput, opts ...request.Option) (*ListPolicyStoresOutput, error)
ListPolicyStoresWithContext is the same as ListPolicyStores with the addition of the ability to pass a context and additional request options.
See ListPolicyStores for details on how to use this API operation.
The context must be non-nil and will be used for request cancellation. If the context is nil a panic will occur. In the future the SDK may create sub-contexts for http.Requests. See https://golang.org/pkg/context/ for more information on using Contexts.
func (c *VerifiedPermissions) ListPolicyTemplates(input *ListPolicyTemplatesInput) (*ListPolicyTemplatesOutput, error)
ListPolicyTemplates API operation for Amazon Verified Permissions.
Returns a paginated list of all policy templates in the specified policy store.
Returns awserr.Error for service API and SDK errors. Use runtime type assertions with awserr.Error's Code and Message methods to get detailed information about the error.
See the AWS API reference guide for Amazon Verified Permissions's API operation ListPolicyTemplates for usage and error information.
Returned Error Types:
ValidationException The request failed because one or more input parameters don't satisfy their constraint requirements. The output is provided as a list of fields and a reason for each field that isn't valid.
The possible reasons include the following:
UnrecognizedEntityType The policy includes an entity type that isn't found in the schema.
UnrecognizedActionId The policy includes an action id that isn't found in the schema.
InvalidActionApplication The policy includes an action that, according to the schema, doesn't support the specified principal and resource.
UnexpectedType The policy included an operand that isn't a valid type for the specified operation.
IncompatibleTypes The types of elements included in a set, or the types of expressions used in an if...then...else clause aren't compatible in this context.
MissingAttribute The policy attempts to access a record or entity attribute that isn't specified in the schema. Test for the existence of the attribute first before attempting to access its value. For more information, see the has (presence of attribute test) operator (https://docs.cedarpolicy.com/policies/syntax-operators.html#has-presence-of-attribute-test) in the Cedar Policy Language Guide.
UnsafeOptionalAttributeAccess The policy attempts to access a record or entity attribute that is optional and isn't guaranteed to be present. Test for the existence of the attribute first before attempting to access its value. For more information, see the has (presence of attribute test) operator (https://docs.cedarpolicy.com/policies/syntax-operators.html#has-presence-of-attribute-test) in the Cedar Policy Language Guide.
ImpossiblePolicy Cedar has determined that a policy condition always evaluates to false. If the policy is always false, it can never apply to any query, and so it can never affect an authorization decision.
WrongNumberArguments The policy references an extension type with the wrong number of arguments.
FunctionArgumentValidationError Cedar couldn't parse the argument passed to an extension type. For example, a string that is to be parsed as an IPv4 address can contain only digits and the period character.
AccessDeniedException You don't have sufficient access to perform this action.
ResourceNotFoundException The request failed because it references a resource that doesn't exist.
ThrottlingException The request failed because it exceeded a throttling quota.
InternalServerException The request failed because of an internal error. Try your request again later
func (c *VerifiedPermissions) ListPolicyTemplatesPages(input *ListPolicyTemplatesInput, fn func(*ListPolicyTemplatesOutput, bool) bool) error
ListPolicyTemplatesPages iterates over the pages of a ListPolicyTemplates operation, calling the "fn" function with the response data for each page. To stop iterating, return false from the fn function.
See ListPolicyTemplates method for more information on how to use this operation.
Note: This operation can generate multiple requests to a service.
// Example iterating over at most 3 pages of a ListPolicyTemplates operation. pageNum := 0 err := client.ListPolicyTemplatesPages(params, func(page *verifiedpermissions.ListPolicyTemplatesOutput, lastPage bool) bool { pageNum++ fmt.Println(page) return pageNum <= 3 })
func (c *VerifiedPermissions) ListPolicyTemplatesPagesWithContext(ctx aws.Context, input *ListPolicyTemplatesInput, fn func(*ListPolicyTemplatesOutput, bool) bool, opts ...request.Option) error
ListPolicyTemplatesPagesWithContext same as ListPolicyTemplatesPages except it takes a Context and allows setting request options on the pages.
The context must be non-nil and will be used for request cancellation. If the context is nil a panic will occur. In the future the SDK may create sub-contexts for http.Requests. See https://golang.org/pkg/context/ for more information on using Contexts.
func (c *VerifiedPermissions) ListPolicyTemplatesRequest(input *ListPolicyTemplatesInput) (req *request.Request, output *ListPolicyTemplatesOutput)
ListPolicyTemplatesRequest generates a "aws/request.Request" representing the client's request for the ListPolicyTemplates operation. The "output" return value will be populated with the request's response once the request completes successfully.
Use "Send" method on the returned Request to send the API call to the service. the "output" return value is not valid until after Send returns without error.
See ListPolicyTemplates for more information on using the ListPolicyTemplates API call, and error handling.
This method is useful when you want to inject custom logic or configuration into the SDK's request lifecycle. Such as custom headers, or retry logic.
// Example sending a request using the ListPolicyTemplatesRequest method. req, resp := client.ListPolicyTemplatesRequest(params) err := req.Send() if err == nil { // resp is now filled fmt.Println(resp) }
func (c *VerifiedPermissions) ListPolicyTemplatesWithContext(ctx aws.Context, input *ListPolicyTemplatesInput, opts ...request.Option) (*ListPolicyTemplatesOutput, error)
ListPolicyTemplatesWithContext is the same as ListPolicyTemplates with the addition of the ability to pass a context and additional request options.
See ListPolicyTemplates for details on how to use this API operation.
The context must be non-nil and will be used for request cancellation. If the context is nil a panic will occur. In the future the SDK may create sub-contexts for http.Requests. See https://golang.org/pkg/context/ for more information on using Contexts.
func (c *VerifiedPermissions) PutSchema(input *PutSchemaInput) (*PutSchemaOutput, error)
PutSchema API operation for Amazon Verified Permissions.
Creates or updates the policy schema in the specified policy store. The schema is used to validate any Cedar policies and policy templates submitted to the policy store. Any changes to the schema validate only policies and templates submitted after the schema change. Existing policies and templates are not re-evaluated against the changed schema. If you later update a policy, then it is evaluated against the new schema at that time.
Verified Permissions is eventually consistent (https://wikipedia.org/wiki/Eventual_consistency) . It can take a few seconds for a new or changed element to propagate through the service and be visible in the results of other Verified Permissions operations.
Returns awserr.Error for service API and SDK errors. Use runtime type assertions with awserr.Error's Code and Message methods to get detailed information about the error.
See the AWS API reference guide for Amazon Verified Permissions's API operation PutSchema for usage and error information.
Returned Error Types:
ValidationException The request failed because one or more input parameters don't satisfy their constraint requirements. The output is provided as a list of fields and a reason for each field that isn't valid.
The possible reasons include the following:
UnrecognizedEntityType The policy includes an entity type that isn't found in the schema.
UnrecognizedActionId The policy includes an action id that isn't found in the schema.
InvalidActionApplication The policy includes an action that, according to the schema, doesn't support the specified principal and resource.
UnexpectedType The policy included an operand that isn't a valid type for the specified operation.
IncompatibleTypes The types of elements included in a set, or the types of expressions used in an if...then...else clause aren't compatible in this context.
MissingAttribute The policy attempts to access a record or entity attribute that isn't specified in the schema. Test for the existence of the attribute first before attempting to access its value. For more information, see the has (presence of attribute test) operator (https://docs.cedarpolicy.com/policies/syntax-operators.html#has-presence-of-attribute-test) in the Cedar Policy Language Guide.
UnsafeOptionalAttributeAccess The policy attempts to access a record or entity attribute that is optional and isn't guaranteed to be present. Test for the existence of the attribute first before attempting to access its value. For more information, see the has (presence of attribute test) operator (https://docs.cedarpolicy.com/policies/syntax-operators.html#has-presence-of-attribute-test) in the Cedar Policy Language Guide.
ImpossiblePolicy Cedar has determined that a policy condition always evaluates to false. If the policy is always false, it can never apply to any query, and so it can never affect an authorization decision.
WrongNumberArguments The policy references an extension type with the wrong number of arguments.
FunctionArgumentValidationError Cedar couldn't parse the argument passed to an extension type. For example, a string that is to be parsed as an IPv4 address can contain only digits and the period character.
ServiceQuotaExceededException The request failed because it would cause a service quota to be exceeded.
ConflictException The request failed because another request to modify a resource occurred at the same.
AccessDeniedException You don't have sufficient access to perform this action.
ResourceNotFoundException The request failed because it references a resource that doesn't exist.
ThrottlingException The request failed because it exceeded a throttling quota.
InternalServerException The request failed because of an internal error. Try your request again later
func (c *VerifiedPermissions) PutSchemaRequest(input *PutSchemaInput) (req *request.Request, output *PutSchemaOutput)
PutSchemaRequest generates a "aws/request.Request" representing the client's request for the PutSchema operation. The "output" return value will be populated with the request's response once the request completes successfully.
Use "Send" method on the returned Request to send the API call to the service. the "output" return value is not valid until after Send returns without error.
See PutSchema for more information on using the PutSchema API call, and error handling.
This method is useful when you want to inject custom logic or configuration into the SDK's request lifecycle. Such as custom headers, or retry logic.
// Example sending a request using the PutSchemaRequest method. req, resp := client.PutSchemaRequest(params) err := req.Send() if err == nil { // resp is now filled fmt.Println(resp) }
func (c *VerifiedPermissions) PutSchemaWithContext(ctx aws.Context, input *PutSchemaInput, opts ...request.Option) (*PutSchemaOutput, error)
PutSchemaWithContext is the same as PutSchema with the addition of the ability to pass a context and additional request options.
See PutSchema for details on how to use this API operation.
The context must be non-nil and will be used for request cancellation. If the context is nil a panic will occur. In the future the SDK may create sub-contexts for http.Requests. See https://golang.org/pkg/context/ for more information on using Contexts.
func (c *VerifiedPermissions) UpdateIdentitySource(input *UpdateIdentitySourceInput) (*UpdateIdentitySourceOutput, error)
UpdateIdentitySource API operation for Amazon Verified Permissions.
Updates the specified identity source to use a new identity provider (IdP), or to change the mapping of identities from the IdP to a different principal entity type.
Verified Permissions is eventually consistent (https://wikipedia.org/wiki/Eventual_consistency) . It can take a few seconds for a new or changed element to propagate through the service and be visible in the results of other Verified Permissions operations.
Returns awserr.Error for service API and SDK errors. Use runtime type assertions with awserr.Error's Code and Message methods to get detailed information about the error.
See the AWS API reference guide for Amazon Verified Permissions's API operation UpdateIdentitySource for usage and error information.
Returned Error Types:
ValidationException The request failed because one or more input parameters don't satisfy their constraint requirements. The output is provided as a list of fields and a reason for each field that isn't valid.
The possible reasons include the following:
UnrecognizedEntityType The policy includes an entity type that isn't found in the schema.
UnrecognizedActionId The policy includes an action id that isn't found in the schema.
InvalidActionApplication The policy includes an action that, according to the schema, doesn't support the specified principal and resource.
UnexpectedType The policy included an operand that isn't a valid type for the specified operation.
IncompatibleTypes The types of elements included in a set, or the types of expressions used in an if...then...else clause aren't compatible in this context.
MissingAttribute The policy attempts to access a record or entity attribute that isn't specified in the schema. Test for the existence of the attribute first before attempting to access its value. For more information, see the has (presence of attribute test) operator (https://docs.cedarpolicy.com/policies/syntax-operators.html#has-presence-of-attribute-test) in the Cedar Policy Language Guide.
UnsafeOptionalAttributeAccess The policy attempts to access a record or entity attribute that is optional and isn't guaranteed to be present. Test for the existence of the attribute first before attempting to access its value. For more information, see the has (presence of attribute test) operator (https://docs.cedarpolicy.com/policies/syntax-operators.html#has-presence-of-attribute-test) in the Cedar Policy Language Guide.
ImpossiblePolicy Cedar has determined that a policy condition always evaluates to false. If the policy is always false, it can never apply to any query, and so it can never affect an authorization decision.
WrongNumberArguments The policy references an extension type with the wrong number of arguments.
FunctionArgumentValidationError Cedar couldn't parse the argument passed to an extension type. For example, a string that is to be parsed as an IPv4 address can contain only digits and the period character.
ConflictException The request failed because another request to modify a resource occurred at the same.
AccessDeniedException You don't have sufficient access to perform this action.
ResourceNotFoundException The request failed because it references a resource that doesn't exist.
ThrottlingException The request failed because it exceeded a throttling quota.
InternalServerException The request failed because of an internal error. Try your request again later
func (c *VerifiedPermissions) UpdateIdentitySourceRequest(input *UpdateIdentitySourceInput) (req *request.Request, output *UpdateIdentitySourceOutput)
UpdateIdentitySourceRequest generates a "aws/request.Request" representing the client's request for the UpdateIdentitySource operation. The "output" return value will be populated with the request's response once the request completes successfully.
Use "Send" method on the returned Request to send the API call to the service. the "output" return value is not valid until after Send returns without error.
See UpdateIdentitySource for more information on using the UpdateIdentitySource API call, and error handling.
This method is useful when you want to inject custom logic or configuration into the SDK's request lifecycle. Such as custom headers, or retry logic.
// Example sending a request using the UpdateIdentitySourceRequest method. req, resp := client.UpdateIdentitySourceRequest(params) err := req.Send() if err == nil { // resp is now filled fmt.Println(resp) }
func (c *VerifiedPermissions) UpdateIdentitySourceWithContext(ctx aws.Context, input *UpdateIdentitySourceInput, opts ...request.Option) (*UpdateIdentitySourceOutput, error)
UpdateIdentitySourceWithContext is the same as UpdateIdentitySource with the addition of the ability to pass a context and additional request options.
See UpdateIdentitySource for details on how to use this API operation.
The context must be non-nil and will be used for request cancellation. If the context is nil a panic will occur. In the future the SDK may create sub-contexts for http.Requests. See https://golang.org/pkg/context/ for more information on using Contexts.
func (c *VerifiedPermissions) UpdatePolicy(input *UpdatePolicyInput) (*UpdatePolicyOutput, error)
UpdatePolicy API operation for Amazon Verified Permissions.
Modifies a Cedar static policy in the specified policy store. You can change only certain elements of the UpdatePolicyDefinition (https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_UpdatePolicyInput.html#amazonverifiedpermissions-UpdatePolicy-request-UpdatePolicyDefinition) parameter. You can directly update only static policies. To change a template-linked policy, you must update the template instead, using UpdatePolicyTemplate (https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_UpdatePolicyTemplate.html).
If policy validation is enabled in the policy store, then updating a static policy causes Verified Permissions to validate the policy against the schema in the policy store. If the updated static policy doesn't pass validation, the operation fails and the update isn't stored.
When you edit a static policy, you can change only certain elements of a static policy: The action referenced by the policy. A condition clause, such as when and unless. You can't change these elements of a static policy: Changing a policy from a static policy to a template-linked policy. Changing the effect of a static policy from permit or forbid. The principal referenced by a static policy. The resource referenced by a static policy.
To update a template-linked policy, you must update the template instead.
Verified Permissions is eventually consistent (https://wikipedia.org/wiki/Eventual_consistency) . It can take a few seconds for a new or changed element to propagate through the service and be visible in the results of other Verified Permissions operations.
Returns awserr.Error for service API and SDK errors. Use runtime type assertions with awserr.Error's Code and Message methods to get detailed information about the error.
See the AWS API reference guide for Amazon Verified Permissions's API operation UpdatePolicy for usage and error information.
Returned Error Types:
ValidationException The request failed because one or more input parameters don't satisfy their constraint requirements. The output is provided as a list of fields and a reason for each field that isn't valid.
The possible reasons include the following:
UnrecognizedEntityType The policy includes an entity type that isn't found in the schema.
UnrecognizedActionId The policy includes an action id that isn't found in the schema.
InvalidActionApplication The policy includes an action that, according to the schema, doesn't support the specified principal and resource.
UnexpectedType The policy included an operand that isn't a valid type for the specified operation.
IncompatibleTypes The types of elements included in a set, or the types of expressions used in an if...then...else clause aren't compatible in this context.
MissingAttribute The policy attempts to access a record or entity attribute that isn't specified in the schema. Test for the existence of the attribute first before attempting to access its value. For more information, see the has (presence of attribute test) operator (https://docs.cedarpolicy.com/policies/syntax-operators.html#has-presence-of-attribute-test) in the Cedar Policy Language Guide.
UnsafeOptionalAttributeAccess The policy attempts to access a record or entity attribute that is optional and isn't guaranteed to be present. Test for the existence of the attribute first before attempting to access its value. For more information, see the has (presence of attribute test) operator (https://docs.cedarpolicy.com/policies/syntax-operators.html#has-presence-of-attribute-test) in the Cedar Policy Language Guide.
ImpossiblePolicy Cedar has determined that a policy condition always evaluates to false. If the policy is always false, it can never apply to any query, and so it can never affect an authorization decision.
WrongNumberArguments The policy references an extension type with the wrong number of arguments.
FunctionArgumentValidationError Cedar couldn't parse the argument passed to an extension type. For example, a string that is to be parsed as an IPv4 address can contain only digits and the period character.
ServiceQuotaExceededException The request failed because it would cause a service quota to be exceeded.
ConflictException The request failed because another request to modify a resource occurred at the same.
AccessDeniedException You don't have sufficient access to perform this action.
ResourceNotFoundException The request failed because it references a resource that doesn't exist.
ThrottlingException The request failed because it exceeded a throttling quota.
InternalServerException The request failed because of an internal error. Try your request again later
func (c *VerifiedPermissions) UpdatePolicyRequest(input *UpdatePolicyInput) (req *request.Request, output *UpdatePolicyOutput)
UpdatePolicyRequest generates a "aws/request.Request" representing the client's request for the UpdatePolicy operation. The "output" return value will be populated with the request's response once the request completes successfully.
Use "Send" method on the returned Request to send the API call to the service. the "output" return value is not valid until after Send returns without error.
See UpdatePolicy for more information on using the UpdatePolicy API call, and error handling.
This method is useful when you want to inject custom logic or configuration into the SDK's request lifecycle. Such as custom headers, or retry logic.
// Example sending a request using the UpdatePolicyRequest method. req, resp := client.UpdatePolicyRequest(params) err := req.Send() if err == nil { // resp is now filled fmt.Println(resp) }
func (c *VerifiedPermissions) UpdatePolicyStore(input *UpdatePolicyStoreInput) (*UpdatePolicyStoreOutput, error)
UpdatePolicyStore API operation for Amazon Verified Permissions.
Modifies the validation setting for a policy store.
Verified Permissions is eventually consistent (https://wikipedia.org/wiki/Eventual_consistency) . It can take a few seconds for a new or changed element to propagate through the service and be visible in the results of other Verified Permissions operations.
Returns awserr.Error for service API and SDK errors. Use runtime type assertions with awserr.Error's Code and Message methods to get detailed information about the error.
See the AWS API reference guide for Amazon Verified Permissions's API operation UpdatePolicyStore for usage and error information.
Returned Error Types:
ValidationException The request failed because one or more input parameters don't satisfy their constraint requirements. The output is provided as a list of fields and a reason for each field that isn't valid.
The possible reasons include the following:
UnrecognizedEntityType The policy includes an entity type that isn't found in the schema.
UnrecognizedActionId The policy includes an action id that isn't found in the schema.
InvalidActionApplication The policy includes an action that, according to the schema, doesn't support the specified principal and resource.
UnexpectedType The policy included an operand that isn't a valid type for the specified operation.
IncompatibleTypes The types of elements included in a set, or the types of expressions used in an if...then...else clause aren't compatible in this context.
MissingAttribute The policy attempts to access a record or entity attribute that isn't specified in the schema. Test for the existence of the attribute first before attempting to access its value. For more information, see the has (presence of attribute test) operator (https://docs.cedarpolicy.com/policies/syntax-operators.html#has-presence-of-attribute-test) in the Cedar Policy Language Guide.
UnsafeOptionalAttributeAccess The policy attempts to access a record or entity attribute that is optional and isn't guaranteed to be present. Test for the existence of the attribute first before attempting to access its value. For more information, see the has (presence of attribute test) operator (https://docs.cedarpolicy.com/policies/syntax-operators.html#has-presence-of-attribute-test) in the Cedar Policy Language Guide.
ImpossiblePolicy Cedar has determined that a policy condition always evaluates to false. If the policy is always false, it can never apply to any query, and so it can never affect an authorization decision.
WrongNumberArguments The policy references an extension type with the wrong number of arguments.
FunctionArgumentValidationError Cedar couldn't parse the argument passed to an extension type. For example, a string that is to be parsed as an IPv4 address can contain only digits and the period character.
ConflictException The request failed because another request to modify a resource occurred at the same.
AccessDeniedException You don't have sufficient access to perform this action.
ResourceNotFoundException The request failed because it references a resource that doesn't exist.
ThrottlingException The request failed because it exceeded a throttling quota.
InternalServerException The request failed because of an internal error. Try your request again later
func (c *VerifiedPermissions) UpdatePolicyStoreRequest(input *UpdatePolicyStoreInput) (req *request.Request, output *UpdatePolicyStoreOutput)
UpdatePolicyStoreRequest generates a "aws/request.Request" representing the client's request for the UpdatePolicyStore operation. The "output" return value will be populated with the request's response once the request completes successfully.
Use "Send" method on the returned Request to send the API call to the service. the "output" return value is not valid until after Send returns without error.
See UpdatePolicyStore for more information on using the UpdatePolicyStore API call, and error handling.
This method is useful when you want to inject custom logic or configuration into the SDK's request lifecycle. Such as custom headers, or retry logic.
// Example sending a request using the UpdatePolicyStoreRequest method. req, resp := client.UpdatePolicyStoreRequest(params) err := req.Send() if err == nil { // resp is now filled fmt.Println(resp) }
func (c *VerifiedPermissions) UpdatePolicyStoreWithContext(ctx aws.Context, input *UpdatePolicyStoreInput, opts ...request.Option) (*UpdatePolicyStoreOutput, error)
UpdatePolicyStoreWithContext is the same as UpdatePolicyStore with the addition of the ability to pass a context and additional request options.
See UpdatePolicyStore for details on how to use this API operation.
The context must be non-nil and will be used for request cancellation. If the context is nil a panic will occur. In the future the SDK may create sub-contexts for http.Requests. See https://golang.org/pkg/context/ for more information on using Contexts.
func (c *VerifiedPermissions) UpdatePolicyTemplate(input *UpdatePolicyTemplateInput) (*UpdatePolicyTemplateOutput, error)
UpdatePolicyTemplate API operation for Amazon Verified Permissions.
Updates the specified policy template. You can update only the description and the some elements of the policyBody (https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_UpdatePolicyTemplate.html#amazonverifiedpermissions-UpdatePolicyTemplate-request-policyBody).
Changes you make to the policy template content are immediately (within the constraints of eventual consistency) reflected in authorization decisions that involve all template-linked policies instantiated from this template.
Verified Permissions is eventually consistent (https://wikipedia.org/wiki/Eventual_consistency) . It can take a few seconds for a new or changed element to propagate through the service and be visible in the results of other Verified Permissions operations.
Returns awserr.Error for service API and SDK errors. Use runtime type assertions with awserr.Error's Code and Message methods to get detailed information about the error.
See the AWS API reference guide for Amazon Verified Permissions's API operation UpdatePolicyTemplate for usage and error information.
Returned Error Types:
ValidationException The request failed because one or more input parameters don't satisfy their constraint requirements. The output is provided as a list of fields and a reason for each field that isn't valid.
The possible reasons include the following:
UnrecognizedEntityType The policy includes an entity type that isn't found in the schema.
UnrecognizedActionId The policy includes an action id that isn't found in the schema.
InvalidActionApplication The policy includes an action that, according to the schema, doesn't support the specified principal and resource.
UnexpectedType The policy included an operand that isn't a valid type for the specified operation.
IncompatibleTypes The types of elements included in a set, or the types of expressions used in an if...then...else clause aren't compatible in this context.
MissingAttribute The policy attempts to access a record or entity attribute that isn't specified in the schema. Test for the existence of the attribute first before attempting to access its value. For more information, see the has (presence of attribute test) operator (https://docs.cedarpolicy.com/policies/syntax-operators.html#has-presence-of-attribute-test) in the Cedar Policy Language Guide.
UnsafeOptionalAttributeAccess The policy attempts to access a record or entity attribute that is optional and isn't guaranteed to be present. Test for the existence of the attribute first before attempting to access its value. For more information, see the has (presence of attribute test) operator (https://docs.cedarpolicy.com/policies/syntax-operators.html#has-presence-of-attribute-test) in the Cedar Policy Language Guide.
ImpossiblePolicy Cedar has determined that a policy condition always evaluates to false. If the policy is always false, it can never apply to any query, and so it can never affect an authorization decision.
WrongNumberArguments The policy references an extension type with the wrong number of arguments.
FunctionArgumentValidationError Cedar couldn't parse the argument passed to an extension type. For example, a string that is to be parsed as an IPv4 address can contain only digits and the period character.
ConflictException The request failed because another request to modify a resource occurred at the same.
AccessDeniedException You don't have sufficient access to perform this action.
ResourceNotFoundException The request failed because it references a resource that doesn't exist.
ThrottlingException The request failed because it exceeded a throttling quota.
InternalServerException The request failed because of an internal error. Try your request again later
func (c *VerifiedPermissions) UpdatePolicyTemplateRequest(input *UpdatePolicyTemplateInput) (req *request.Request, output *UpdatePolicyTemplateOutput)
UpdatePolicyTemplateRequest generates a "aws/request.Request" representing the client's request for the UpdatePolicyTemplate operation. The "output" return value will be populated with the request's response once the request completes successfully.
Use "Send" method on the returned Request to send the API call to the service. the "output" return value is not valid until after Send returns without error.
See UpdatePolicyTemplate for more information on using the UpdatePolicyTemplate API call, and error handling.
This method is useful when you want to inject custom logic or configuration into the SDK's request lifecycle. Such as custom headers, or retry logic.
// Example sending a request using the UpdatePolicyTemplateRequest method. req, resp := client.UpdatePolicyTemplateRequest(params) err := req.Send() if err == nil { // resp is now filled fmt.Println(resp) }
func (c *VerifiedPermissions) UpdatePolicyTemplateWithContext(ctx aws.Context, input *UpdatePolicyTemplateInput, opts ...request.Option) (*UpdatePolicyTemplateOutput, error)
UpdatePolicyTemplateWithContext is the same as UpdatePolicyTemplate with the addition of the ability to pass a context and additional request options.
See UpdatePolicyTemplate for details on how to use this API operation.
The context must be non-nil and will be used for request cancellation. If the context is nil a panic will occur. In the future the SDK may create sub-contexts for http.Requests. See https://golang.org/pkg/context/ for more information on using Contexts.
func (c *VerifiedPermissions) UpdatePolicyWithContext(ctx aws.Context, input *UpdatePolicyInput, opts ...request.Option) (*UpdatePolicyOutput, error)
UpdatePolicyWithContext is the same as UpdatePolicy with the addition of the ability to pass a context and additional request options.
See UpdatePolicy for details on how to use this API operation.
The context must be non-nil and will be used for request cancellation. If the context is nil a panic will occur. In the future the SDK may create sub-contexts for http.Requests. See https://golang.org/pkg/context/ for more information on using Contexts.