Struct Client

pub struct Client { /* private fields */ }

Client for Amazon Verified Permissions

Client for invoking operations on Amazon Verified Permissions. Each operation on Amazon Verified Permissions is a method on this this struct. .send() MUST be invoked on the generated operations to dispatch the request to the service.

Constructing a Client

A Config is required to construct a client. For most use cases, the aws-config crate should be used to automatically resolve this config using aws_config::load_from_env(), since this will resolve an SdkConfig which can be shared across multiple different AWS SDK clients. This config resolution process can be customized by calling aws_config::from_env() instead, which returns a ConfigLoader that uses the builder pattern to customize the default config.

In the simplest case, creating a client looks as follows:

let config = aws_config::load_from_env().await;
let client = aws_sdk_verifiedpermissions::Client::new(&config);

Occasionally, SDKs may have additional service-specific values that can be set on the Config that is absent from SdkConfig, or slightly different settings for a specific client may be desired. The Builder struct implements From<&SdkConfig>, so setting these specific settings can be done as follows:

let sdk_config = ::aws_config::load_from_env().await;
let config = aws_sdk_verifiedpermissions::config::Builder::from(&sdk_config)
    .some_service_specific_setting("value")
    .build();

See the aws-config docs and Config for more information on customizing configuration.

Note: Client construction is expensive due to connection thread pool initialization, and should be done once at application start-up.

Implementations

impl Client

pub fn batch_get_policy(&self) -> BatchGetPolicyFluentBuilder

Constructs a fluent builder for the BatchGetPolicy operation.

• The fluent builder is configurable:
  • requests(BatchGetPolicyInputItem) / set_requests(Option<Vec::<BatchGetPolicyInputItem>>):
    required: true
    

    An array of up to 100 policies you want information about.

    
    
• On success, responds with BatchGetPolicyOutput with field(s):
  • results(Vec::<BatchGetPolicyOutputItem>):

    Information about the policies listed in the request that were successfully returned. These results are returned in the order they were requested.

  • errors(Vec::<BatchGetPolicyErrorItem>):

    Information about the policies from the request that resulted in an error. These results are returned in the order they were requested.

• On failure, responds with SdkError<BatchGetPolicyError>

impl Client

pub fn batch_is_authorized(&self) -> BatchIsAuthorizedFluentBuilder

Constructs a fluent builder for the BatchIsAuthorized operation.

• The fluent builder is configurable:
  • policy_store_id(impl Into<String>) / set_policy_store_id(Option<String>):
    required: true
    

    Specifies the ID of the policy store. Policies in this policy store will be used to make the authorization decisions for the input.

    
    
  • entities(EntitiesDefinition) / set_entities(Option<EntitiesDefinition>):
    required: false
    

    Specifies the list of resources and principals and their associated attributes that Verified Permissions can examine when evaluating the policies.

    You can include only principal and resource entities in this parameter; you can’t include actions. You must specify actions in the schema.

    
    
  • requests(BatchIsAuthorizedInputItem) / set_requests(Option<Vec::<BatchIsAuthorizedInputItem>>):
    required: true
    

    An array of up to 30 requests that you want Verified Permissions to evaluate.

    
    
• On success, responds with BatchIsAuthorizedOutput with field(s):
  • results(Vec::<BatchIsAuthorizedOutputItem>):

    A series of Allow or Deny decisions for each request, and the policies that produced them. These results are returned in the order they were requested.

• On failure, responds with SdkError<BatchIsAuthorizedError>

impl Client

pub fn batch_is_authorized_with_token( &self, ) -> BatchIsAuthorizedWithTokenFluentBuilder

Constructs a fluent builder for the BatchIsAuthorizedWithToken operation.

• The fluent builder is configurable:
  • policy_store_id(impl Into<String>) / set_policy_store_id(Option<String>):
    required: true
    

    Specifies the ID of the policy store. Policies in this policy store will be used to make an authorization decision for the input.

    
    
  • identity_token(impl Into<String>) / set_identity_token(Option<String>):
    required: false
    

    Specifies an identity (ID) token for the principal that you want to authorize in each request. This token is provided to you by the identity provider (IdP) associated with the specified identity source. You must specify either an accessToken, an identityToken, or both.

    Must be an ID token. Verified Permissions returns an error if the token_use claim in the submitted token isn’t id.

    
    
  • access_token(impl Into<String>) / set_access_token(Option<String>):
    required: false
    

    Specifies an access token for the principal that you want to authorize in each request. This token is provided to you by the identity provider (IdP) associated with the specified identity source. You must specify either an accessToken, an identityToken, or both.

    Must be an access token. Verified Permissions returns an error if the token_use claim in the submitted token isn’t access.

    
    
  • entities(EntitiesDefinition) / set_entities(Option<EntitiesDefinition>):
    required: false
    

    Specifies the list of resources and their associated attributes that Verified Permissions can examine when evaluating the policies.

    You can’t include principals in this parameter, only resource and action entities. This parameter can’t include any entities of a type that matches the user or group entity types that you defined in your identity source.

    • The BatchIsAuthorizedWithToken operation takes principal attributes from only the identityToken or accessToken passed to the operation.

    • For action entities, you can include only their Identifier and EntityType.

    
    
  • requests(BatchIsAuthorizedWithTokenInputItem) / set_requests(Option<Vec::<BatchIsAuthorizedWithTokenInputItem>>):
    required: true
    

    An array of up to 30 requests that you want Verified Permissions to evaluate.

    
    
• On success, responds with BatchIsAuthorizedWithTokenOutput with field(s):
  • principal(Option<EntityIdentifier>):

    The identifier of the principal in the ID or access token.

  • results(Vec::<BatchIsAuthorizedWithTokenOutputItem>):

    A series of Allow or Deny decisions for each request, and the policies that produced them. These results are returned in the order they were requested.

• On failure, responds with SdkError<BatchIsAuthorizedWithTokenError>

impl Client

pub fn create_identity_source(&self) -> CreateIdentitySourceFluentBuilder

Constructs a fluent builder for the CreateIdentitySource operation.

• The fluent builder is configurable:
  • client_token(impl Into<String>) / set_client_token(Option<String>):
    required: false
    

    Specifies a unique, case-sensitive ID that you provide to ensure the idempotency of the request. This lets you safely retry the request without accidentally performing the same operation a second time. Passing the same value to a later call to an operation requires that you also pass the same value for all other parameters. We recommend that you use a UUID type of value..

    If you don’t provide this value, then Amazon Web Services generates a random one for you.

    If you retry the operation with the same ClientToken, but with different parameters, the retry fails with an ConflictException error.

    Verified Permissions recognizes a ClientToken for eight hours. After eight hours, the next request with the same parameters performs the operation again regardless of the value of ClientToken.

    
    
  • policy_store_id(impl Into<String>) / set_policy_store_id(Option<String>):
    required: true
    

    Specifies the ID of the policy store in which you want to store this identity source. Only policies and requests made using this policy store can reference identities from the identity provider configured in the new identity source.

    
    
  • configuration(Configuration) / set_configuration(Option<Configuration>):
    required: true
    

    Specifies the details required to communicate with the identity provider (IdP) associated with this identity source.

    
    
  • principal_entity_type(impl Into<String>) / set_principal_entity_type(Option<String>):
    required: false
    

    Specifies the namespace and data type of the principals generated for identities authenticated by the new identity source.

    
    
• On success, responds with CreateIdentitySourceOutput with field(s):
  • created_date(DateTime):

    The date and time the identity source was originally created.

  • identity_source_id(String):

    The unique ID of the new identity source.

  • last_updated_date(DateTime):

    The date and time the identity source was most recently updated.

  • policy_store_id(String):

    The ID of the policy store that contains the identity source.

• On failure, responds with SdkError<CreateIdentitySourceError>

impl Client

pub fn create_policy(&self) -> CreatePolicyFluentBuilder

Constructs a fluent builder for the CreatePolicy operation.

• The fluent builder is configurable:
  • client_token(impl Into<String>) / set_client_token(Option<String>):
    required: false
    

    Specifies a unique, case-sensitive ID that you provide to ensure the idempotency of the request. This lets you safely retry the request without accidentally performing the same operation a second time. Passing the same value to a later call to an operation requires that you also pass the same value for all other parameters. We recommend that you use a UUID type of value..

    If you don’t provide this value, then Amazon Web Services generates a random one for you.

    If you retry the operation with the same ClientToken, but with different parameters, the retry fails with an ConflictException error.

    Verified Permissions recognizes a ClientToken for eight hours. After eight hours, the next request with the same parameters performs the operation again regardless of the value of ClientToken.

    
    
  • policy_store_id(impl Into<String>) / set_policy_store_id(Option<String>):
    required: true
    

    Specifies the PolicyStoreId of the policy store you want to store the policy in.

    
    
  • definition(PolicyDefinition) / set_definition(Option<PolicyDefinition>):
    required: true
    

    A structure that specifies the policy type and content to use for the new policy. You must include either a static or a templateLinked element. The policy content must be written in the Cedar policy language.

    
    
• On success, responds with CreatePolicyOutput with field(s):
  • policy_store_id(String):

    The ID of the policy store that contains the new policy.

  • policy_id(String):

    The unique ID of the new policy.

  • policy_type(PolicyType):

    The policy type of the new policy.

  • principal(Option<EntityIdentifier>):

    The principal specified in the new policy’s scope. This response element isn’t present when principal isn’t specified in the policy content.

  • resource(Option<EntityIdentifier>):

    The resource specified in the new policy’s scope. This response element isn’t present when the resource isn’t specified in the policy content.

  • actions(Option<Vec::<ActionIdentifier>>):

    The action that a policy permits or forbids. For example, {“actions”: [{“actionId”: “ViewPhoto”, “actionType”: “PhotoFlash::Action”}, {“entityID”: “SharePhoto”, “entityType”: “PhotoFlash::Action”}]}.

  • created_date(DateTime):

    The date and time the policy was originally created.

  • last_updated_date(DateTime):

    The date and time the policy was last updated.

  • effect(Option<PolicyEffect>):

    The effect of the decision that a policy returns to an authorization request. For example, “effect”: “Permit”.

• On failure, responds with SdkError<CreatePolicyError>

impl Client

pub fn create_policy_store(&self) -> CreatePolicyStoreFluentBuilder

Constructs a fluent builder for the CreatePolicyStore operation.

• The fluent builder is configurable:
  • client_token(impl Into<String>) / set_client_token(Option<String>):
    required: false
    

    Specifies a unique, case-sensitive ID that you provide to ensure the idempotency of the request. This lets you safely retry the request without accidentally performing the same operation a second time. Passing the same value to a later call to an operation requires that you also pass the same value for all other parameters. We recommend that you use a UUID type of value..

    If you don’t provide this value, then Amazon Web Services generates a random one for you.

    If you retry the operation with the same ClientToken, but with different parameters, the retry fails with an ConflictException error.

    Verified Permissions recognizes a ClientToken for eight hours. After eight hours, the next request with the same parameters performs the operation again regardless of the value of ClientToken.

    
    
  • validation_settings(ValidationSettings) / set_validation_settings(Option<ValidationSettings>):
    required: true
    

    Specifies the validation setting for this policy store.

    Currently, the only valid and required value is Mode.

    We recommend that you turn on STRICT mode only after you define a schema. If a schema doesn’t exist, then STRICT mode causes any policy to fail validation, and Verified Permissions rejects the policy. You can turn off validation by using the UpdatePolicyStore. Then, when you have a schema defined, use UpdatePolicyStore again to turn validation back on.

    
    
  • description(impl Into<String>) / set_description(Option<String>):
    required: false
    

    Descriptive text that you can provide to help with identification of the current policy store.

    
    
• On success, responds with CreatePolicyStoreOutput with field(s):
  • policy_store_id(String):

    The unique ID of the new policy store.

  • arn(String):

    The Amazon Resource Name (ARN) of the new policy store.

  • created_date(DateTime):

    The date and time the policy store was originally created.

  • last_updated_date(DateTime):

    The date and time the policy store was last updated.

• On failure, responds with SdkError<CreatePolicyStoreError>

impl Client

pub fn create_policy_template(&self) -> CreatePolicyTemplateFluentBuilder

Constructs a fluent builder for the CreatePolicyTemplate operation.

• The fluent builder is configurable:
  • client_token(impl Into<String>) / set_client_token(Option<String>):
    required: false
    

    Specifies a unique, case-sensitive ID that you provide to ensure the idempotency of the request. This lets you safely retry the request without accidentally performing the same operation a second time. Passing the same value to a later call to an operation requires that you also pass the same value for all other parameters. We recommend that you use a UUID type of value..

    If you don’t provide this value, then Amazon Web Services generates a random one for you.

    If you retry the operation with the same ClientToken, but with different parameters, the retry fails with an ConflictException error.

    Verified Permissions recognizes a ClientToken for eight hours. After eight hours, the next request with the same parameters performs the operation again regardless of the value of ClientToken.

    
    
  • policy_store_id(impl Into<String>) / set_policy_store_id(Option<String>):
    required: true
    

    The ID of the policy store in which to create the policy template.

    
    
  • description(impl Into<String>) / set_description(Option<String>):
    required: false
    

    Specifies a description for the policy template.

    
    
  • statement(impl Into<String>) / set_statement(Option<String>):
    required: true
    

    Specifies the content that you want to use for the new policy template, written in the Cedar policy language.

    
    
• On success, responds with CreatePolicyTemplateOutput with field(s):
  • policy_store_id(String):

    The ID of the policy store that contains the policy template.

  • policy_template_id(String):

    The unique ID of the new policy template.

  • created_date(DateTime):

    The date and time the policy template was originally created.

  • last_updated_date(DateTime):

    The date and time the policy template was most recently updated.

• On failure, responds with SdkError<CreatePolicyTemplateError>

impl Client

pub fn delete_identity_source(&self) -> DeleteIdentitySourceFluentBuilder

Constructs a fluent builder for the DeleteIdentitySource operation.

• The fluent builder is configurable:
  • policy_store_id(impl Into<String>) / set_policy_store_id(Option<String>):
    required: true
    

    Specifies the ID of the policy store that contains the identity source that you want to delete.

    
    
  • identity_source_id(impl Into<String>) / set_identity_source_id(Option<String>):
    required: true
    

    Specifies the ID of the identity source that you want to delete.

    
    
• On success, responds with DeleteIdentitySourceOutput
• On failure, responds with SdkError<DeleteIdentitySourceError>

impl Client

pub fn delete_policy(&self) -> DeletePolicyFluentBuilder

Constructs a fluent builder for the DeletePolicy operation.

• The fluent builder is configurable:
  • policy_store_id(impl Into<String>) / set_policy_store_id(Option<String>):
    required: true
    

    Specifies the ID of the policy store that contains the policy that you want to delete.

    
    
  • policy_id(impl Into<String>) / set_policy_id(Option<String>):
    required: true
    

    Specifies the ID of the policy that you want to delete.

    
    
• On success, responds with DeletePolicyOutput
• On failure, responds with SdkError<DeletePolicyError>

impl Client

pub fn delete_policy_store(&self) -> DeletePolicyStoreFluentBuilder

Constructs a fluent builder for the DeletePolicyStore operation.

• The fluent builder is configurable:
  • policy_store_id(impl Into<String>) / set_policy_store_id(Option<String>):
    required: true
    

    Specifies the ID of the policy store that you want to delete.

    
    
• On success, responds with DeletePolicyStoreOutput
• On failure, responds with SdkError<DeletePolicyStoreError>

impl Client

pub fn delete_policy_template(&self) -> DeletePolicyTemplateFluentBuilder

Constructs a fluent builder for the DeletePolicyTemplate operation.

• The fluent builder is configurable:
  • policy_store_id(impl Into<String>) / set_policy_store_id(Option<String>):
    required: true
    

    Specifies the ID of the policy store that contains the policy template that you want to delete.

    
    
  • policy_template_id(impl Into<String>) / set_policy_template_id(Option<String>):
    required: true
    

    Specifies the ID of the policy template that you want to delete.

    
    
• On success, responds with DeletePolicyTemplateOutput
• On failure, responds with SdkError<DeletePolicyTemplateError>

impl Client

pub fn get_identity_source(&self) -> GetIdentitySourceFluentBuilder

Constructs a fluent builder for the GetIdentitySource operation.

• The fluent builder is configurable:
  • policy_store_id(impl Into<String>) / set_policy_store_id(Option<String>):
    required: true
    

    Specifies the ID of the policy store that contains the identity source you want information about.

    
    
  • identity_source_id(impl Into<String>) / set_identity_source_id(Option<String>):
    required: true
    

    Specifies the ID of the identity source you want information about.

    
    
• On success, responds with GetIdentitySourceOutput with field(s):
  • created_date(DateTime):

    The date and time that the identity source was originally created.

  • details(Option<IdentitySourceDetails>):

    A structure that describes the configuration of the identity source.

  • identity_source_id(String):

    The ID of the identity source.

  • last_updated_date(DateTime):

    The date and time that the identity source was most recently updated.

  • policy_store_id(String):

    The ID of the policy store that contains the identity source.

  • principal_entity_type(String):

    The data type of principals generated for identities authenticated by this identity source.

  • configuration(Option<ConfigurationDetail>):

    Contains configuration information about an identity source.

• On failure, responds with SdkError<GetIdentitySourceError>

impl Client

pub fn get_policy(&self) -> GetPolicyFluentBuilder

Constructs a fluent builder for the GetPolicy operation.

• The fluent builder is configurable:
  • policy_store_id(impl Into<String>) / set_policy_store_id(Option<String>):
    required: true
    

    Specifies the ID of the policy store that contains the policy that you want information about.

    
    
  • policy_id(impl Into<String>) / set_policy_id(Option<String>):
    required: true
    

    Specifies the ID of the policy you want information about.

    
    
• On success, responds with GetPolicyOutput with field(s):
  • policy_store_id(String):

    The ID of the policy store that contains the policy that you want information about.

  • policy_id(String):

    The unique ID of the policy that you want information about.

  • policy_type(PolicyType):

    The type of the policy.

  • principal(Option<EntityIdentifier>):

    The principal specified in the policy’s scope. This element isn’t included in the response when Principal isn’t present in the policy content.

  • resource(Option<EntityIdentifier>):

    The resource specified in the policy’s scope. This element isn’t included in the response when Resource isn’t present in the policy content.

  • actions(Option<Vec::<ActionIdentifier>>):

    The action that a policy permits or forbids. For example, {“actions”: [{“actionId”: “ViewPhoto”, “actionType”: “PhotoFlash::Action”}, {“entityID”: “SharePhoto”, “entityType”: “PhotoFlash::Action”}]}.

  • definition(Option<PolicyDefinitionDetail>):

    The definition of the requested policy.

  • created_date(DateTime):

    The date and time that the policy was originally created.

  • last_updated_date(DateTime):

    The date and time that the policy was last updated.

  • effect(Option<PolicyEffect>):

    The effect of the decision that a policy returns to an authorization request. For example, “effect”: “Permit”.

• On failure, responds with SdkError<GetPolicyError>

impl Client

pub fn get_policy_store(&self) -> GetPolicyStoreFluentBuilder

Constructs a fluent builder for the GetPolicyStore operation.

• The fluent builder is configurable:
  • policy_store_id(impl Into<String>) / set_policy_store_id(Option<String>):
    required: true
    

    Specifies the ID of the policy store that you want information about.

    
    
• On success, responds with GetPolicyStoreOutput with field(s):
  • policy_store_id(String):

    The ID of the policy store;

  • arn(String):

    The Amazon Resource Name (ARN) of the policy store.

  • validation_settings(Option<ValidationSettings>):

    The current validation settings for the policy store.

  • created_date(DateTime):

    The date and time that the policy store was originally created.

  • last_updated_date(DateTime):

    The date and time that the policy store was last updated.

  • description(Option<String>):

    Descriptive text that you can provide to help with identification of the current policy store.

• On failure, responds with SdkError<GetPolicyStoreError>

impl Client

pub fn get_policy_template(&self) -> GetPolicyTemplateFluentBuilder

Constructs a fluent builder for the GetPolicyTemplate operation.

• The fluent builder is configurable:
  • policy_store_id(impl Into<String>) / set_policy_store_id(Option<String>):
    required: true
    

    Specifies the ID of the policy store that contains the policy template that you want information about.

    
    
  • policy_template_id(impl Into<String>) / set_policy_template_id(Option<String>):
    required: true
    

    Specifies the ID of the policy template that you want information about.

    
    
• On success, responds with GetPolicyTemplateOutput with field(s):
  • policy_store_id(String):

    The ID of the policy store that contains the policy template.

  • policy_template_id(String):

    The ID of the policy template.

  • description(Option<String>):

    The description of the policy template.

  • statement(String):

    The content of the body of the policy template written in the Cedar policy language.

  • created_date(DateTime):

    The date and time that the policy template was originally created.

  • last_updated_date(DateTime):

    The date and time that the policy template was most recently updated.

• On failure, responds with SdkError<GetPolicyTemplateError>

impl Client

pub fn get_schema(&self) -> GetSchemaFluentBuilder

Constructs a fluent builder for the GetSchema operation.

• The fluent builder is configurable:
  • policy_store_id(impl Into<String>) / set_policy_store_id(Option<String>):
    required: true
    

    Specifies the ID of the policy store that contains the schema.

    
    
• On success, responds with GetSchemaOutput with field(s):
  • policy_store_id(String):

    The ID of the policy store that contains the schema.

  • schema(String):

    The body of the schema, written in Cedar schema JSON.

  • created_date(DateTime):

    The date and time that the schema was originally created.

  • last_updated_date(DateTime):

    The date and time that the schema was most recently updated.

  • namespaces(Option<Vec::<String>>):

    The namespaces of the entities referenced by this schema.

• On failure, responds with SdkError<GetSchemaError>

impl Client

pub fn is_authorized(&self) -> IsAuthorizedFluentBuilder

Constructs a fluent builder for the IsAuthorized operation.

• The fluent builder is configurable:
  • policy_store_id(impl Into<String>) / set_policy_store_id(Option<String>):
    required: true
    

    Specifies the ID of the policy store. Policies in this policy store will be used to make an authorization decision for the input.

    
    
  • principal(EntityIdentifier) / set_principal(Option<EntityIdentifier>):
    required: false
    

    Specifies the principal for which the authorization decision is to be made.

    
    
  • action(ActionIdentifier) / set_action(Option<ActionIdentifier>):
    required: false
    

    Specifies the requested action to be authorized. For example, is the principal authorized to perform this action on the resource?

    
    
  • resource(EntityIdentifier) / set_resource(Option<EntityIdentifier>):
    required: false
    

    Specifies the resource for which the authorization decision is to be made.

    
    
  • context(ContextDefinition) / set_context(Option<ContextDefinition>):
    required: false
    

    Specifies additional context that can be used to make more granular authorization decisions.

    
    
  • entities(EntitiesDefinition) / set_entities(Option<EntitiesDefinition>):
    required: false
    

    Specifies the list of resources and principals and their associated attributes that Verified Permissions can examine when evaluating the policies.

    You can include only principal and resource entities in this parameter; you can’t include actions. You must specify actions in the schema.

    
    
• On success, responds with IsAuthorizedOutput with field(s):
  • decision(Decision):

    An authorization decision that indicates if the authorization request should be allowed or denied.

  • determining_policies(Vec::<DeterminingPolicyItem>):

    The list of determining policies used to make the authorization decision. For example, if there are two matching policies, where one is a forbid and the other is a permit, then the forbid policy will be the determining policy. In the case of multiple matching permit policies then there would be multiple determining policies. In the case that no policies match, and hence the response is DENY, there would be no determining policies.

  • errors(Vec::<EvaluationErrorItem>):

    Errors that occurred while making an authorization decision, for example, a policy references an Entity or entity Attribute that does not exist in the slice.

• On failure, responds with SdkError<IsAuthorizedError>

impl Client

pub fn is_authorized_with_token(&self) -> IsAuthorizedWithTokenFluentBuilder

Constructs a fluent builder for the IsAuthorizedWithToken operation.

• The fluent builder is configurable:
  • policy_store_id(impl Into<String>) / set_policy_store_id(Option<String>):
    required: true
    

    Specifies the ID of the policy store. Policies in this policy store will be used to make an authorization decision for the input.

    
    
  • identity_token(impl Into<String>) / set_identity_token(Option<String>):
    required: false
    

    Specifies an identity token for the principal to be authorized. This token is provided to you by the identity provider (IdP) associated with the specified identity source. You must specify either an accessToken, an identityToken, or both.

    Must be an ID token. Verified Permissions returns an error if the token_use claim in the submitted token isn’t id.

    
    
  • access_token(impl Into<String>) / set_access_token(Option<String>):
    required: false
    

    Specifies an access token for the principal to be authorized. This token is provided to you by the identity provider (IdP) associated with the specified identity source. You must specify either an accessToken, an identityToken, or both.

    Must be an access token. Verified Permissions returns an error if the token_use claim in the submitted token isn’t access.

    
    
  • action(ActionIdentifier) / set_action(Option<ActionIdentifier>):
    required: false
    

    Specifies the requested action to be authorized. Is the specified principal authorized to perform this action on the specified resource.

    
    
  • resource(EntityIdentifier) / set_resource(Option<EntityIdentifier>):
    required: false
    

    Specifies the resource for which the authorization decision is made. For example, is the principal allowed to perform the action on the resource?

    
    
  • context(ContextDefinition) / set_context(Option<ContextDefinition>):
    required: false
    

    Specifies additional context that can be used to make more granular authorization decisions.

    
    
  • entities(EntitiesDefinition) / set_entities(Option<EntitiesDefinition>):
    required: false
    

    Specifies the list of resources and their associated attributes that Verified Permissions can examine when evaluating the policies.

    You can’t include principals in this parameter, only resource and action entities. This parameter can’t include any entities of a type that matches the user or group entity types that you defined in your identity source.

    • The IsAuthorizedWithToken operation takes principal attributes from only the identityToken or accessToken passed to the operation.

    • For action entities, you can include only their Identifier and EntityType.

    
    
• On success, responds with IsAuthorizedWithTokenOutput with field(s):
  • decision(Decision):

    An authorization decision that indicates if the authorization request should be allowed or denied.

  • determining_policies(Vec::<DeterminingPolicyItem>):

    The list of determining policies used to make the authorization decision. For example, if there are multiple matching policies, where at least one is a forbid policy, then because forbid always overrides permit the forbid policies are the determining policies. If all matching policies are permit policies, then those policies are the determining policies. When no policies match and the response is the default DENY, there are no determining policies.

  • errors(Vec::<EvaluationErrorItem>):

    Errors that occurred while making an authorization decision. For example, a policy references an entity or entity attribute that does not exist in the slice.

  • principal(Option<EntityIdentifier>):

    The identifier of the principal in the ID or access token.

• On failure, responds with SdkError<IsAuthorizedWithTokenError>

impl Client

pub fn list_identity_sources(&self) -> ListIdentitySourcesFluentBuilder

Constructs a fluent builder for the ListIdentitySources operation. This operation supports pagination; See into_paginator().

• The fluent builder is configurable:
  • policy_store_id(impl Into<String>) / set_policy_store_id(Option<String>):
    required: true
    

    Specifies the ID of the policy store that contains the identity sources that you want to list.

    
    
  • next_token(impl Into<String>) / set_next_token(Option<String>):
    required: false
    

    Specifies that you want to receive the next page of results. Valid only if you received a NextToken response in the previous request. If you did, it indicates that more output is available. Set this parameter to the value provided by the previous call’s NextToken response to request the next page of results.

    
    
  • max_results(i32) / set_max_results(Option<i32>):
    required: false
    

    Specifies the total number of results that you want included in each response. If additional items exist beyond the number you specify, the NextToken response element is returned with a value (not null). Include the specified value as the NextToken request parameter in the next call to the operation to get the next set of results. Note that the service might return fewer results than the maximum even when there are more results available. You should check NextToken after every operation to ensure that you receive all of the results.

    If you do not specify this parameter, the operation defaults to 10 identity sources per response. You can specify a maximum of 50 identity sources per response.

    
    
  • filters(IdentitySourceFilter) / set_filters(Option<Vec::<IdentitySourceFilter>>):
    required: false
    

    Specifies characteristics of an identity source that you can use to limit the output to matching identity sources.

    
    
• On success, responds with ListIdentitySourcesOutput with field(s):
  • next_token(Option<String>):

    If present, this value indicates that more output is available than is included in the current response. Use this value in the NextToken request parameter in a subsequent call to the operation to get the next part of the output. You should repeat this until the NextToken response element comes back as null. This indicates that this is the last page of results.

  • identity_sources(Vec::<IdentitySourceItem>):

    The list of identity sources stored in the specified policy store.

• On failure, responds with SdkError<ListIdentitySourcesError>

impl Client

pub fn list_policies(&self) -> ListPoliciesFluentBuilder

Constructs a fluent builder for the ListPolicies operation. This operation supports pagination; See into_paginator().

• The fluent builder is configurable:
  • policy_store_id(impl Into<String>) / set_policy_store_id(Option<String>):
    required: true
    

    Specifies the ID of the policy store you want to list policies from.

    
    
  • next_token(impl Into<String>) / set_next_token(Option<String>):
    required: false
    

    Specifies that you want to receive the next page of results. Valid only if you received a NextToken response in the previous request. If you did, it indicates that more output is available. Set this parameter to the value provided by the previous call’s NextToken response to request the next page of results.

    
    
  • max_results(i32) / set_max_results(Option<i32>):
    required: false
    

    Specifies the total number of results that you want included in each response. If additional items exist beyond the number you specify, the NextToken response element is returned with a value (not null). Include the specified value as the NextToken request parameter in the next call to the operation to get the next set of results. Note that the service might return fewer results than the maximum even when there are more results available. You should check NextToken after every operation to ensure that you receive all of the results.

    If you do not specify this parameter, the operation defaults to 10 policies per response. You can specify a maximum of 50 policies per response.

    
    
  • filter(PolicyFilter) / set_filter(Option<PolicyFilter>):
    required: false
    

    Specifies a filter that limits the response to only policies that match the specified criteria. For example, you list only the policies that reference a specified principal.

    
    
• On success, responds with ListPoliciesOutput with field(s):
  • next_token(Option<String>):

    If present, this value indicates that more output is available than is included in the current response. Use this value in the NextToken request parameter in a subsequent call to the operation to get the next part of the output. You should repeat this until the NextToken response element comes back as null. This indicates that this is the last page of results.

  • policies(Vec::<PolicyItem>):

    Lists all policies that are available in the specified policy store.

• On failure, responds with SdkError<ListPoliciesError>

impl Client

pub fn list_policy_stores(&self) -> ListPolicyStoresFluentBuilder

Constructs a fluent builder for the ListPolicyStores operation. This operation supports pagination; See into_paginator().

• The fluent builder is configurable:
  • next_token(impl Into<String>) / set_next_token(Option<String>):
    required: false
    

    Specifies that you want to receive the next page of results. Valid only if you received a NextToken response in the previous request. If you did, it indicates that more output is available. Set this parameter to the value provided by the previous call’s NextToken response to request the next page of results.

    
    
  • max_results(i32) / set_max_results(Option<i32>):
    required: false
    

    Specifies the total number of results that you want included in each response. If additional items exist beyond the number you specify, the NextToken response element is returned with a value (not null). Include the specified value as the NextToken request parameter in the next call to the operation to get the next set of results. Note that the service might return fewer results than the maximum even when there are more results available. You should check NextToken after every operation to ensure that you receive all of the results.

    If you do not specify this parameter, the operation defaults to 10 policy stores per response. You can specify a maximum of 50 policy stores per response.

    
    
• On success, responds with ListPolicyStoresOutput with field(s):
  • next_token(Option<String>):

    If present, this value indicates that more output is available than is included in the current response. Use this value in the NextToken request parameter in a subsequent call to the operation to get the next part of the output. You should repeat this until the NextToken response element comes back as null. This indicates that this is the last page of results.

  • policy_stores(Vec::<PolicyStoreItem>):

    The list of policy stores in the account.

• On failure, responds with SdkError<ListPolicyStoresError>

impl Client

pub fn list_policy_templates(&self) -> ListPolicyTemplatesFluentBuilder

Constructs a fluent builder for the ListPolicyTemplates operation. This operation supports pagination; See into_paginator().

• The fluent builder is configurable:
  • policy_store_id(impl Into<String>) / set_policy_store_id(Option<String>):
    required: true
    

    Specifies the ID of the policy store that contains the policy templates you want to list.

    
    
  • next_token(impl Into<String>) / set_next_token(Option<String>):
    required: false
    

    Specifies that you want to receive the next page of results. Valid only if you received a NextToken response in the previous request. If you did, it indicates that more output is available. Set this parameter to the value provided by the previous call’s NextToken response to request the next page of results.

    
    
  • max_results(i32) / set_max_results(Option<i32>):
    required: false
    

    Specifies the total number of results that you want included in each response. If additional items exist beyond the number you specify, the NextToken response element is returned with a value (not null). Include the specified value as the NextToken request parameter in the next call to the operation to get the next set of results. Note that the service might return fewer results than the maximum even when there are more results available. You should check NextToken after every operation to ensure that you receive all of the results.

    If you do not specify this parameter, the operation defaults to 10 policy templates per response. You can specify a maximum of 50 policy templates per response.

    
    
• On success, responds with ListPolicyTemplatesOutput with field(s):
  • next_token(Option<String>):

    If present, this value indicates that more output is available than is included in the current response. Use this value in the NextToken request parameter in a subsequent call to the operation to get the next part of the output. You should repeat this until the NextToken response element comes back as null. This indicates that this is the last page of results.

  • policy_templates(Vec::<PolicyTemplateItem>):

    The list of the policy templates in the specified policy store.

• On failure, responds with SdkError<ListPolicyTemplatesError>

impl Client

pub fn put_schema(&self) -> PutSchemaFluentBuilder

Constructs a fluent builder for the PutSchema operation.

• The fluent builder is configurable:
  • policy_store_id(impl Into<String>) / set_policy_store_id(Option<String>):
    required: true
    

    Specifies the ID of the policy store in which to place the schema.

    
    
  • definition(SchemaDefinition) / set_definition(Option<SchemaDefinition>):
    required: true
    

    Specifies the definition of the schema to be stored. The schema definition must be written in Cedar schema JSON.

    
    
• On success, responds with PutSchemaOutput with field(s):
  • policy_store_id(String):

    The unique ID of the policy store that contains the schema.

  • namespaces(Vec::<String>):

    Identifies the namespaces of the entities referenced by this schema.

  • created_date(DateTime):

    The date and time that the schema was originally created.

  • last_updated_date(DateTime):

    The date and time that the schema was last updated.

• On failure, responds with SdkError<PutSchemaError>

impl Client

pub fn update_identity_source(&self) -> UpdateIdentitySourceFluentBuilder

Constructs a fluent builder for the UpdateIdentitySource operation.

• The fluent builder is configurable:
  • policy_store_id(impl Into<String>) / set_policy_store_id(Option<String>):
    required: true
    

    Specifies the ID of the policy store that contains the identity source that you want to update.

    
    
  • identity_source_id(impl Into<String>) / set_identity_source_id(Option<String>):
    required: true
    

    Specifies the ID of the identity source that you want to update.

    
    
  • update_configuration(UpdateConfiguration) / set_update_configuration(Option<UpdateConfiguration>):
    required: true
    

    Specifies the details required to communicate with the identity provider (IdP) associated with this identity source.

    
    
  • principal_entity_type(impl Into<String>) / set_principal_entity_type(Option<String>):
    required: false
    

    Specifies the data type of principals generated for identities authenticated by the identity source.

    
    
• On success, responds with UpdateIdentitySourceOutput with field(s):
  • created_date(DateTime):

    The date and time that the updated identity source was originally created.

  • identity_source_id(String):

    The ID of the updated identity source.

  • last_updated_date(DateTime):

    The date and time that the identity source was most recently updated.

  • policy_store_id(String):

    The ID of the policy store that contains the updated identity source.

• On failure, responds with SdkError<UpdateIdentitySourceError>

impl Client

pub fn update_policy(&self) -> UpdatePolicyFluentBuilder

Constructs a fluent builder for the UpdatePolicy operation.

• The fluent builder is configurable:
  • policy_store_id(impl Into<String>) / set_policy_store_id(Option<String>):
    required: true
    

    Specifies the ID of the policy store that contains the policy that you want to update.

    
    
  • policy_id(impl Into<String>) / set_policy_id(Option<String>):
    required: true
    

    Specifies the ID of the policy that you want to update. To find this value, you can use ListPolicies.

    
    
  • definition(UpdatePolicyDefinition) / set_definition(Option<UpdatePolicyDefinition>):
    required: true
    

    Specifies the updated policy content that you want to replace on the specified policy. The content must be valid Cedar policy language text.

    You can change only the following elements from the policy definition:

    • The action referenced by the policy.

    • Any conditional clauses, such as when or unless clauses.

    You can’t change the following elements:

    • Changing from static to templateLinked.

    • Changing the effect of the policy from permit or forbid.

    • The principal referenced by the policy.

    • The resource referenced by the policy.

    
    
• On success, responds with UpdatePolicyOutput with field(s):
  • policy_store_id(String):

    The ID of the policy store that contains the policy that was updated.

  • policy_id(String):

    The ID of the policy that was updated.

  • policy_type(PolicyType):

    The type of the policy that was updated.

  • principal(Option<EntityIdentifier>):

    The principal specified in the policy’s scope. This element isn’t included in the response when Principal isn’t present in the policy content.

  • resource(Option<EntityIdentifier>):

    The resource specified in the policy’s scope. This element isn’t included in the response when Resource isn’t present in the policy content.

  • actions(Option<Vec::<ActionIdentifier>>):

    The action that a policy permits or forbids. For example, {“actions”: [{“actionId”: “ViewPhoto”, “actionType”: “PhotoFlash::Action”}, {“entityID”: “SharePhoto”, “entityType”: “PhotoFlash::Action”}]}.

  • created_date(DateTime):

    The date and time that the policy was originally created.

  • last_updated_date(DateTime):

    The date and time that the policy was most recently updated.

  • effect(Option<PolicyEffect>):

    The effect of the decision that a policy returns to an authorization request. For example, “effect”: “Permit”.

• On failure, responds with SdkError<UpdatePolicyError>

impl Client

pub fn update_policy_store(&self) -> UpdatePolicyStoreFluentBuilder

Constructs a fluent builder for the UpdatePolicyStore operation.

• The fluent builder is configurable:
  • policy_store_id(impl Into<String>) / set_policy_store_id(Option<String>):
    required: true
    

    Specifies the ID of the policy store that you want to update

    
    
  • validation_settings(ValidationSettings) / set_validation_settings(Option<ValidationSettings>):
    required: true
    

    A structure that defines the validation settings that want to enable for the policy store.

    
    
  • description(impl Into<String>) / set_description(Option<String>):
    required: false
    

    Descriptive text that you can provide to help with identification of the current policy store.

    
    
• On success, responds with UpdatePolicyStoreOutput with field(s):
  • policy_store_id(String):

    The ID of the updated policy store.

  • arn(String):

    The Amazon Resource Name (ARN) of the updated policy store.

  • created_date(DateTime):

    The date and time that the policy store was originally created.

  • last_updated_date(DateTime):

    The date and time that the policy store was most recently updated.

• On failure, responds with SdkError<UpdatePolicyStoreError>

impl Client

pub fn update_policy_template(&self) -> UpdatePolicyTemplateFluentBuilder

Constructs a fluent builder for the UpdatePolicyTemplate operation.

• The fluent builder is configurable:
  • policy_store_id(impl Into<String>) / set_policy_store_id(Option<String>):
    required: true
    

    Specifies the ID of the policy store that contains the policy template that you want to update.

    
    
  • policy_template_id(impl Into<String>) / set_policy_template_id(Option<String>):
    required: true
    

    Specifies the ID of the policy template that you want to update.

    
    
  • description(impl Into<String>) / set_description(Option<String>):
    required: false
    

    Specifies a new description to apply to the policy template.

    
    
  • statement(impl Into<String>) / set_statement(Option<String>):
    required: true
    

    Specifies new statement content written in Cedar policy language to replace the current body of the policy template.

    You can change only the following elements of the policy body:

    • The action referenced by the policy template.

    • Any conditional clauses, such as when or unless clauses.

    You can’t change the following elements:

    • The effect (permit or forbid) of the policy template.

    • The principal referenced by the policy template.

    • The resource referenced by the policy template.

    
    
• On success, responds with UpdatePolicyTemplateOutput with field(s):
  • policy_store_id(String):

    The ID of the policy store that contains the updated policy template.

  • policy_template_id(String):

    The ID of the updated policy template.

  • created_date(DateTime):

    The date and time that the policy template was originally created.

  • last_updated_date(DateTime):

    The date and time that the policy template was most recently updated.

• On failure, responds with SdkError<UpdatePolicyTemplateError>

impl Client

pub fn from_conf(conf: Config) -> Self

Creates a new client from the service Config.

Panics

This method will panic in the following cases:

• Retries or timeouts are enabled without a sleep_impl configured.
• Identity caching is enabled without a sleep_impl and time_source configured.
• No behavior_version is provided.

The panic message for each of these will have instructions on how to resolve them.

pub fn config(&self) -> &Config

Returns the client’s configuration.

impl Client

pub fn new(sdk_config: &SdkConfig) -> Self

Creates a new client from an SDK Config.

Panics

• This method will panic if the sdk_config is missing an async sleep implementation. If you experience this panic, set the sleep_impl on the Config passed into this function to fix it.
• This method will panic if the sdk_config is missing an HTTP connector. If you experience this panic, set the http_connector on the Config passed into this function to fix it.
• This method will panic if no BehaviorVersion is provided. If you experience this panic, set behavior_version on the Config or enable the behavior-version-latest Cargo feature.

Trait Implementations

impl Clone for Client

fn clone(&self) -> Client

Returns a copy of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl Debug for Client

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.