diff --git a/clients/client-verifiedpermissions/src/commands/BatchIsAuthorizedCommand.ts b/clients/client-verifiedpermissions/src/commands/BatchIsAuthorizedCommand.ts
index ae22e1a7d7ef0..7650dded5a5a2 100644
--- a/clients/client-verifiedpermissions/src/commands/BatchIsAuthorizedCommand.ts
+++ b/clients/client-verifiedpermissions/src/commands/BatchIsAuthorizedCommand.ts
@@ -59,9 +59,14 @@ export interface BatchIsAuthorizedCommandOutput extends BatchIsAuthorizedOutput,
* entities that you declare. The result of the decisions is a series of Allow
* or Deny
responses, along with the IDs of the policies that produced each
* decision.
The entities
of a BatchIsAuthorized
API request can contain up to 100 principals and up
- * to 100 resources. The requests
of a BatchIsAuthorized
API request can contain up to 30
- * requests.
The entities
of a BatchIsAuthorized
API request can contain
+ * up to 100 principals and up to 100 resources. The requests
of a
+ * BatchIsAuthorized
API request can contain up to 30 requests.
The BatchIsAuthorized
operation doesn't have its own IAM
+ * permission. To authorize this operation for Amazon Web Services principals, include the permission
+ * verifiedpermissions:IsAuthorized
in their IAM policies.
Descriptive text that you can provide to help with identification + * of the current policy store.
+ */ + description?: string; } /** @@ -1487,6 +1494,13 @@ export interface GetPolicyStoreOutput { *The date and time that the policy store was last updated.
*/ lastUpdatedDate: Date | undefined; + + /** + * @public + *Descriptive text that you can provide to help with identification + * of the current policy store.
+ */ + description?: string; } /** @@ -1586,6 +1600,12 @@ export interface GetSchemaOutput { *The date and time that the schema was most recently updated.
*/ lastUpdatedDate: Date | undefined; + + /** + * @public + *The namespaces of the entities referenced by this schema.
+ */ + namespaces?: string[]; } /** @@ -2269,6 +2289,19 @@ export interface PolicyStoreItem { *The date and time the policy was created.
*/ createdDate: Date | undefined; + + /** + * @public + *The date and time the policy store was most recently updated.
+ */ + lastUpdatedDate?: Date; + + /** + * @public + *Descriptive text that you can provide to help with identification + * of the current policy store.
+ */ + description?: string; } /** @@ -2760,6 +2793,13 @@ export interface UpdatePolicyStoreInput { * policy store. */ validationSettings: ValidationSettings | undefined; + + /** + * @public + *Descriptive text that you can provide to help with identification + * of the current policy store.
+ */ + description?: string; } /** @@ -3408,6 +3448,14 @@ export const CreatePolicyOutputFilterSensitiveLog = (obj: CreatePolicyOutput): a ...(obj.resource && { resource: EntityIdentifierFilterSensitiveLog(obj.resource) }), }); +/** + * @internal + */ +export const CreatePolicyStoreInputFilterSensitiveLog = (obj: CreatePolicyStoreInput): any => ({ + ...obj, + ...(obj.description && { description: SENSITIVE_STRING }), +}); + /** * @internal */ @@ -3483,6 +3531,14 @@ export const GetPolicyOutputFilterSensitiveLog = (obj: GetPolicyOutput): any => ...(obj.definition && { definition: PolicyDefinitionDetailFilterSensitiveLog(obj.definition) }), }); +/** + * @internal + */ +export const GetPolicyStoreOutputFilterSensitiveLog = (obj: GetPolicyStoreOutput): any => ({ + ...obj, + ...(obj.description && { description: SENSITIVE_STRING }), +}); + /** * @internal */ @@ -3498,6 +3554,7 @@ export const GetPolicyTemplateOutputFilterSensitiveLog = (obj: GetPolicyTemplate export const GetSchemaOutputFilterSensitiveLog = (obj: GetSchemaOutput): any => ({ ...obj, ...(obj.schema && { schema: SENSITIVE_STRING }), + ...(obj.namespaces && { namespaces: SENSITIVE_STRING }), }); /** @@ -3653,6 +3710,22 @@ export const ListPoliciesOutputFilterSensitiveLog = (obj: ListPoliciesOutput): a ...(obj.policies && { policies: obj.policies.map((item) => PolicyItemFilterSensitiveLog(item)) }), }); +/** + * @internal + */ +export const PolicyStoreItemFilterSensitiveLog = (obj: PolicyStoreItem): any => ({ + ...obj, + ...(obj.description && { description: SENSITIVE_STRING }), +}); + +/** + * @internal + */ +export const ListPolicyStoresOutputFilterSensitiveLog = (obj: ListPolicyStoresOutput): any => ({ + ...obj, + ...(obj.policyStores && { policyStores: obj.policyStores.map((item) => PolicyStoreItemFilterSensitiveLog(item)) }), +}); + /** * @internal */ @@ -3738,6 +3811,14 @@ export const PutSchemaOutputFilterSensitiveLog = (obj: PutSchemaOutput): any => ...(obj.namespaces && { namespaces: SENSITIVE_STRING }), }); +/** + * @internal + */ +export const UpdatePolicyStoreInputFilterSensitiveLog = (obj: UpdatePolicyStoreInput): any => ({ + ...obj, + ...(obj.description && { description: SENSITIVE_STRING }), +}); + /** * @internal */ diff --git a/clients/client-verifiedpermissions/src/protocols/Aws_json1_0.ts b/clients/client-verifiedpermissions/src/protocols/Aws_json1_0.ts index 2baa22ff89eed..ee8de5e681c86 100644 --- a/clients/client-verifiedpermissions/src/protocols/Aws_json1_0.ts +++ b/clients/client-verifiedpermissions/src/protocols/Aws_json1_0.ts @@ -2186,6 +2186,7 @@ const se_CreatePolicyInput = (input: CreatePolicyInput, context: __SerdeContext) const se_CreatePolicyStoreInput = (input: CreatePolicyStoreInput, context: __SerdeContext): any => { return take(input, { clientToken: [true, (_) => _ ?? generateIdempotencyToken()], + description: [], validationSettings: _json, }); }; @@ -2581,6 +2582,7 @@ const de_GetPolicyStoreOutput = (output: any, context: __SerdeContext): GetPolic return take(output, { arn: __expectString, createdDate: (_: any) => __expectNonNull(__parseRfc3339DateTimeWithOffset(_)), + description: __expectString, lastUpdatedDate: (_: any) => __expectNonNull(__parseRfc3339DateTimeWithOffset(_)), policyStoreId: __expectString, validationSettings: _json, @@ -2608,6 +2610,7 @@ const de_GetSchemaOutput = (output: any, context: __SerdeContext): GetSchemaOutp return take(output, { createdDate: (_: any) => __expectNonNull(__parseRfc3339DateTimeWithOffset(_)), lastUpdatedDate: (_: any) => __expectNonNull(__parseRfc3339DateTimeWithOffset(_)), + namespaces: _json, policyStoreId: __expectString, schema: __expectString, }) as any; @@ -2730,6 +2733,8 @@ const de_PolicyStoreItem = (output: any, context: __SerdeContext): PolicyStoreIt return take(output, { arn: __expectString, createdDate: (_: any) => __expectNonNull(__parseRfc3339DateTimeWithOffset(_)), + description: __expectString, + lastUpdatedDate: (_: any) => __expectNonNull(__parseRfc3339DateTimeWithOffset(_)), policyStoreId: __expectString, }) as any; }; diff --git a/codegen/sdk-codegen/aws-models/verifiedpermissions.json b/codegen/sdk-codegen/aws-models/verifiedpermissions.json index 717db380ee9ee..e84f2bbaf523b 100644 --- a/codegen/sdk-codegen/aws-models/verifiedpermissions.json +++ b/codegen/sdk-codegen/aws-models/verifiedpermissions.json @@ -121,7 +121,7 @@ "traits": { "aws.iam#actionName": "IsAuthorized", "aws.iam#actionPermissionDescription": "Grants permission to make a batch authorization decision about a service request described in the parameters", - "smithy.api#documentation": "Makes a series of decisions about multiple authorization requests for one principal or\n resource. Each request contains the equivalent content of an IsAuthorized
\n request: principal, action, resource, and context. Either the principal
or\n the resource
parameter must be identical across all requests. For example,\n Verified Permissions won't evaluate a pair of requests where bob
views\n photo1
and alice
views photo2
. Authorization\n of bob
to view photo1
and photo2
, or\n bob
and alice
to view photo1
, are valid\n batches.
The request is evaluated against all policies in the specified policy store that match the\n entities that you declare. The result of the decisions is a series of Allow
\n or Deny
responses, along with the IDs of the policies that produced each\n decision.
The entities
of a BatchIsAuthorized
API request can contain up to 100 principals and up\n to 100 resources. The requests
of a BatchIsAuthorized
API request can contain up to 30\n requests.
Makes a series of decisions about multiple authorization requests for one principal or\n resource. Each request contains the equivalent content of an IsAuthorized
\n request: principal, action, resource, and context. Either the principal
or\n the resource
parameter must be identical across all requests. For example,\n Verified Permissions won't evaluate a pair of requests where bob
views\n photo1
and alice
views photo2
. Authorization\n of bob
to view photo1
and photo2
, or\n bob
and alice
to view photo1
, are valid\n batches.
The request is evaluated against all policies in the specified policy store that match the\n entities that you declare. The result of the decisions is a series of Allow
\n or Deny
responses, along with the IDs of the policies that produced each\n decision.
The entities
of a BatchIsAuthorized
API request can contain\n up to 100 principals and up to 100 resources. The requests
of a\n BatchIsAuthorized
API request can contain up to 30 requests.
The BatchIsAuthorized
operation doesn't have its own IAM\n permission. To authorize this operation for Amazon Web Services principals, include the permission\n verifiedpermissions:IsAuthorized
in their IAM policies.
Specifies the validation setting for this policy store.
\nCurrently, the only valid and required value is Mode
.
We recommend that you turn on STRICT
mode only after you define a\n schema. If a schema doesn't exist, then STRICT
mode causes any policy\n to fail validation, and Verified Permissions rejects the policy. You can turn off validation by\n using the UpdatePolicyStore. Then, when you have a schema defined, use UpdatePolicyStore again to turn validation back on.
Descriptive text that you can provide to help with identification \n of the current policy store.
" + } } }, "traits": { @@ -1401,6 +1407,12 @@ "smithy.api#documentation": "The date and time that the policy store was last updated.
", "smithy.api#required": {} } + }, + "description": { + "target": "com.amazonaws.verifiedpermissions#PolicyStoreDescription", + "traits": { + "smithy.api#documentation": "Descriptive text that you can provide to help with identification \n of the current policy store.
" + } } }, "traits": { @@ -1563,6 +1575,12 @@ "smithy.api#documentation": "The date and time that the schema was most recently updated.
", "smithy.api#required": {} } + }, + "namespaces": { + "target": "com.amazonaws.verifiedpermissions#NamespaceList", + "traits": { + "smithy.api#documentation": "The namespaces of the entities referenced by this schema.
" + } } }, "traits": { @@ -2613,6 +2631,16 @@ "smithy.api#documentation": "Represents a policy store that you can place schema, policies, and policy templates in to validate authorization requests" } }, + "com.amazonaws.verifiedpermissions#PolicyStoreDescription": { + "type": "string", + "traits": { + "smithy.api#length": { + "min": 0, + "max": 150 + }, + "smithy.api#sensitive": {} + } + }, "com.amazonaws.verifiedpermissions#PolicyStoreId": { "type": "string", "traits": { @@ -2646,6 +2674,18 @@ "smithy.api#documentation": "The date and time the policy was created.
", "smithy.api#required": {} } + }, + "lastUpdatedDate": { + "target": "com.amazonaws.verifiedpermissions#TimestampFormat", + "traits": { + "smithy.api#documentation": "The date and time the policy store was most recently updated.
" + } + }, + "description": { + "target": "com.amazonaws.verifiedpermissions#PolicyStoreDescription", + "traits": { + "smithy.api#documentation": "Descriptive text that you can provide to help with identification \n of the current policy store.
" + } } }, "traits": { @@ -3542,6 +3582,12 @@ "smithy.api#documentation": "A structure that defines the validation settings that want to enable for the\n policy store.
", "smithy.api#required": {} } + }, + "description": { + "target": "com.amazonaws.verifiedpermissions#PolicyStoreDescription", + "traits": { + "smithy.api#documentation": "Descriptive text that you can provide to help with identification \n of the current policy store.
" + } } }, "traits": {