Amazon Verified Permissions

2023/12/01 - Amazon Verified Permissions - 5 updated api methods

Changes  Adds description field to PolicyStore API's and namespaces field to GetSchema.

CreatePolicyStore (updated) Link ¶
Changes (request)
{'description': 'string'}

Creates a policy store. A policy store is a container for policy resources.

Note

Although Cedar supports multiple namespaces , Verified Permissions currently supports only one namespace per policy store.

Note

Verified Permissions is * eventually consistent * . It can take a few seconds for a new or changed element to be propagate through the service and be visible in the results of other Verified Permissions operations.

See also: AWS API Documentation

Request Syntax

client.create_policy_store(
    clientToken='string',
    validationSettings={
        'mode': 'OFF'|'STRICT'
    },
    description='string'
)
type clientToken

string

param clientToken

Specifies a unique, case-sensitive ID that you provide to ensure the idempotency of the request. This lets you safely retry the request without accidentally performing the same operation a second time. Passing the same value to a later call to an operation requires that you also pass the same value for all other parameters. We recommend that you use a UUID type of value. .

If you don't provide this value, then Amazon Web Services generates a random one for you.

If you retry the operation with the same ClientToken , but with different parameters, the retry fails with an IdempotentParameterMismatch error.

This field is autopopulated if not provided.

type validationSettings

dict

param validationSettings

[REQUIRED]

Specifies the validation setting for this policy store.

Currently, the only valid and required value is Mode .

Warning

We recommend that you turn on STRICT mode only after you define a schema. If a schema doesn't exist, then STRICT mode causes any policy to fail validation, and Verified Permissions rejects the policy. You can turn off validation by using the UpdatePolicyStore . Then, when you have a schema defined, use UpdatePolicyStore again to turn validation back on.

  • mode (string) -- [REQUIRED]

    The validation mode currently configured for this policy store. The valid values are:

    • OFF – Neither Verified Permissions nor Cedar perform any validation on policies. No validation errors are reported by either service.

    • STRICT – Requires a schema to be present in the policy store. Cedar performs validation on all submitted new or updated static policies and policy templates. Any that fail validation are rejected and Cedar doesn't store them in the policy store.

    Warning

    If Mode=STRICT and the policy store doesn't contain a schema, Verified Permissions rejects all static policies and policy templates because there is no schema to validate against.

    To submit a static policy or policy template without a schema, you must turn off validation.

type description

string

param description

Descriptive text that you can provide to help with identification of the current policy store.

rtype

dict

returns

Response Syntax

{
    'policyStoreId': 'string',
    'arn': 'string',
    'createdDate': datetime(2015, 1, 1),
    'lastUpdatedDate': datetime(2015, 1, 1)
}

Response Structure

  • (dict) --

    • policyStoreId (string) --

      The unique ID of the new policy store.

    • arn (string) --

      The Amazon Resource Name (ARN) of the new policy store.

    • createdDate (datetime) --

      The date and time the policy store was originally created.

    • lastUpdatedDate (datetime) --

      The date and time the policy store was last updated.

GetPolicyStore (updated) Link ¶
Changes (response)
{'description': 'string'}

Retrieves details about a policy store.

See also: AWS API Documentation

Request Syntax

client.get_policy_store(
    policyStoreId='string'
)
type policyStoreId

string

param policyStoreId

[REQUIRED]

Specifies the ID of the policy store that you want information about.

rtype

dict

returns

Response Syntax

{
    'policyStoreId': 'string',
    'arn': 'string',
    'validationSettings': {
        'mode': 'OFF'|'STRICT'
    },
    'createdDate': datetime(2015, 1, 1),
    'lastUpdatedDate': datetime(2015, 1, 1),
    'description': 'string'
}

Response Structure

  • (dict) --

    • policyStoreId (string) --

      The ID of the policy store;

    • arn (string) --

      The Amazon Resource Name (ARN) of the policy store.

    • validationSettings (dict) --

      The current validation settings for the policy store.

      • mode (string) --

        The validation mode currently configured for this policy store. The valid values are:

        • OFF – Neither Verified Permissions nor Cedar perform any validation on policies. No validation errors are reported by either service.

        • STRICT – Requires a schema to be present in the policy store. Cedar performs validation on all submitted new or updated static policies and policy templates. Any that fail validation are rejected and Cedar doesn't store them in the policy store.

        Warning

        If Mode=STRICT and the policy store doesn't contain a schema, Verified Permissions rejects all static policies and policy templates because there is no schema to validate against.

        To submit a static policy or policy template without a schema, you must turn off validation.

    • createdDate (datetime) --

      The date and time that the policy store was originally created.

    • lastUpdatedDate (datetime) --

      The date and time that the policy store was last updated.

    • description (string) --

      Descriptive text that you can provide to help with identification of the current policy store.

GetSchema (updated) Link ¶
Changes (response)
{'namespaces': ['string']}

Retrieve the details for the specified schema in the specified policy store.

See also: AWS API Documentation

Request Syntax

client.get_schema(
    policyStoreId='string'
)
type policyStoreId

string

param policyStoreId

[REQUIRED]

Specifies the ID of the policy store that contains the schema.

rtype

dict

returns

Response Syntax

{
    'policyStoreId': 'string',
    'schema': 'string',
    'createdDate': datetime(2015, 1, 1),
    'lastUpdatedDate': datetime(2015, 1, 1),
    'namespaces': [
        'string',
    ]
}

Response Structure

  • (dict) --

    • policyStoreId (string) --

      The ID of the policy store that contains the schema.

    • schema (string) --

      The body of the schema, written in Cedar schema JSON.

    • createdDate (datetime) --

      The date and time that the schema was originally created.

    • lastUpdatedDate (datetime) --

      The date and time that the schema was most recently updated.

    • namespaces (list) --

      The namespaces of the entities referenced by this schema.

      • (string) --

ListPolicyStores (updated) Link ¶
Changes (response)
{'policyStores': {'description': 'string', 'lastUpdatedDate': 'timestamp'}}

Returns a paginated list of all policy stores in the calling Amazon Web Services account.

See also: AWS API Documentation

Request Syntax

client.list_policy_stores(
    nextToken='string',
    maxResults=123
)
type nextToken

string

param nextToken

Specifies that you want to receive the next page of results. Valid only if you received a NextToken response in the previous request. If you did, it indicates that more output is available. Set this parameter to the value provided by the previous call's NextToken response to request the next page of results.

type maxResults

integer

param maxResults

Specifies the total number of results that you want included in each response. If additional items exist beyond the number you specify, the NextToken response element is returned with a value (not null). Include the specified value as the NextToken request parameter in the next call to the operation to get the next set of results. Note that the service might return fewer results than the maximum even when there are more results available. You should check NextToken after every operation to ensure that you receive all of the results.

If you do not specify this parameter, the operation defaults to 10 policy stores per response. You can specify a maximum of 50 policy stores per response.

rtype

dict

returns

Response Syntax

{
    'nextToken': 'string',
    'policyStores': [
        {
            'policyStoreId': 'string',
            'arn': 'string',
            'createdDate': datetime(2015, 1, 1),
            'lastUpdatedDate': datetime(2015, 1, 1),
            'description': 'string'
        },
    ]
}

Response Structure

  • (dict) --

    • nextToken (string) --

      If present, this value indicates that more output is available than is included in the current response. Use this value in the NextToken request parameter in a subsequent call to the operation to get the next part of the output. You should repeat this until the NextToken response element comes back as null . This indicates that this is the last page of results.

    • policyStores (list) --

      The list of policy stores in the account.

      • (dict) --

        Contains information about a policy store.

        This data type is used as a response parameter for the ListPolicyStores operation.

        • policyStoreId (string) --

          The unique identifier of the policy store.

        • arn (string) --

          The Amazon Resource Name (ARN) of the policy store.

        • createdDate (datetime) --

          The date and time the policy was created.

        • lastUpdatedDate (datetime) --

          The date and time the policy store was most recently updated.

        • description (string) --

          Descriptive text that you can provide to help with identification of the current policy store.

UpdatePolicyStore (updated) Link ¶
Changes (request)
{'description': 'string'}

Modifies the validation setting for a policy store.

Note

Verified Permissions is * eventually consistent * . It can take a few seconds for a new or changed element to be propagate through the service and be visible in the results of other Verified Permissions operations.

See also: AWS API Documentation

Request Syntax

client.update_policy_store(
    policyStoreId='string',
    validationSettings={
        'mode': 'OFF'|'STRICT'
    },
    description='string'
)
type policyStoreId

string

param policyStoreId

[REQUIRED]

Specifies the ID of the policy store that you want to update

type validationSettings

dict

param validationSettings

[REQUIRED]

A structure that defines the validation settings that want to enable for the policy store.

  • mode (string) -- [REQUIRED]

    The validation mode currently configured for this policy store. The valid values are:

    • OFF – Neither Verified Permissions nor Cedar perform any validation on policies. No validation errors are reported by either service.

    • STRICT – Requires a schema to be present in the policy store. Cedar performs validation on all submitted new or updated static policies and policy templates. Any that fail validation are rejected and Cedar doesn't store them in the policy store.

    Warning

    If Mode=STRICT and the policy store doesn't contain a schema, Verified Permissions rejects all static policies and policy templates because there is no schema to validate against.

    To submit a static policy or policy template without a schema, you must turn off validation.

type description

string

param description

Descriptive text that you can provide to help with identification of the current policy store.

rtype

dict

returns

Response Syntax

{
    'policyStoreId': 'string',
    'arn': 'string',
    'createdDate': datetime(2015, 1, 1),
    'lastUpdatedDate': datetime(2015, 1, 1)
}

Response Structure

  • (dict) --

    • policyStoreId (string) --

      The ID of the updated policy store.

    • arn (string) --

      The Amazon Resource Name (ARN) of the updated policy store.

    • createdDate (datetime) --

      The date and time that the policy store was originally created.

    • lastUpdatedDate (datetime) --

      The date and time that the policy store was most recently updated.