types

package
v1.20.5 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 9, 2025 License: Apache-2.0 Imports: 4 Imported by: 4

Documentation

Index

Examples

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type AccessDeniedException 

type AccessDeniedException struct {
	Message *string

	ErrorCodeOverride *string
	// contains filtered or unexported fields
}

You don't have sufficient access to perform this action.

func (*AccessDeniedException) Error 

func (e *AccessDeniedException) Error() string

func (*AccessDeniedException) ErrorCode 

func (e *AccessDeniedException) ErrorCode() string

func (*AccessDeniedException) ErrorFault 

func (e *AccessDeniedException) ErrorFault() smithy.ErrorFault

func (*AccessDeniedException) ErrorMessage 

func (e *AccessDeniedException) ErrorMessage() string

type ActionIdentifier 

type ActionIdentifier struct {

	// The ID of an action.
	//
	// This member is required.
	ActionId *string

	// The type of an action.
	//
	// This member is required.
	ActionType *string
	// contains filtered or unexported fields
}

Contains information about an action for a request for which an authorization decision is made.

This data type is used as a request parameter to the IsAuthorized, BatchIsAuthorized, and IsAuthorizedWithToken operations.

Example: { "actionId": "<action name>", "actionType": "Action" }

type AttributeValue 

type AttributeValue interface {
	// contains filtered or unexported methods
}

The value of an attribute.

Contains information about the runtime context for a request for which an authorization decision is made.

This data type is used as a member of the ContextDefinition structure which is uses as a request parameter for the IsAuthorized, BatchIsAuthorized, and IsAuthorizedWithToken operations.

The following types satisfy this interface: 

AttributeValueMemberBoolean
AttributeValueMemberDecimal
AttributeValueMemberEntityIdentifier
AttributeValueMemberIpaddr
AttributeValueMemberLong
AttributeValueMemberRecord
AttributeValueMemberSet
AttributeValueMemberString
Example (OutputUsage) 
package main

import (
	"fmt"
	"github.com/aws/aws-sdk-go-v2/service/verifiedpermissions/types"
)

func main() {
	var union types.AttributeValue
	// type switches can be used to check the union value
	switch v := union.(type) {
	case *types.AttributeValueMemberBoolean:
		_ = v.Value // Value is bool

	case *types.AttributeValueMemberDecimal:
		_ = v.Value // Value is string

	case *types.AttributeValueMemberEntityIdentifier:
		_ = v.Value // Value is types.EntityIdentifier

	case *types.AttributeValueMemberIpaddr:
		_ = v.Value // Value is string

	case *types.AttributeValueMemberLong:
		_ = v.Value // Value is int64

	case *types.AttributeValueMemberRecord:
		_ = v.Value // Value is map[string]types.AttributeValue

	case *types.AttributeValueMemberSet:
		_ = v.Value // Value is []types.AttributeValue

	case *types.AttributeValueMemberString:
		_ = v.Value // Value is string

	case *types.UnknownUnionMember:
		fmt.Println("unknown tag:", v.Tag)

	default:
		fmt.Println("union is nil or unknown type")

	}
}

Output:

type AttributeValueMemberBoolean 

type AttributeValueMemberBoolean struct {
	Value bool
	// contains filtered or unexported fields
}

An attribute value of Boolean type.

Example: {"boolean": true}

type AttributeValueMemberDecimal added in v1.20.0 

type AttributeValueMemberDecimal struct {
	Value string
	// contains filtered or unexported fields
}

An attribute value of decimal type.

Example: {"decimal": "1.1"}

type AttributeValueMemberEntityIdentifier 

type AttributeValueMemberEntityIdentifier struct {
	Value EntityIdentifier
	// contains filtered or unexported fields
}

An attribute value of type EntityIdentifier.

Example: "entityIdentifier": { "entityId": "<id>", "entityType": "<entity type>"}

type AttributeValueMemberIpaddr added in v1.20.0 

type AttributeValueMemberIpaddr struct {
	Value string
	// contains filtered or unexported fields
}

An attribute value of ipaddr type.

Example: {"ip": "192.168.1.100"}

type AttributeValueMemberLong 

type AttributeValueMemberLong struct {
	Value int64
	// contains filtered or unexported fields
}

An attribute value of Long type.

Example: {"long": 0}

type AttributeValueMemberRecord 

type AttributeValueMemberRecord struct {
	Value map[string]AttributeValue
	// contains filtered or unexported fields
}

An attribute value of Record type.

Example: {"record": { "keyName": {} } }

type AttributeValueMemberSet 

type AttributeValueMemberSet struct {
	Value []AttributeValue
	// contains filtered or unexported fields
}

An attribute value of Set type.

Example: {"set": [ {} ] }

type AttributeValueMemberString 

type AttributeValueMemberString struct {
	Value string
	// contains filtered or unexported fields
}

An attribute value of String type.

Example: {"string": "abc"}

type BatchGetPolicyErrorCode added in v1.20.0 

type BatchGetPolicyErrorCode string
const (
	BatchGetPolicyErrorCodePolicyStoreNotFound BatchGetPolicyErrorCode = "POLICY_STORE_NOT_FOUND"
	BatchGetPolicyErrorCodePolicyNotFound      BatchGetPolicyErrorCode = "POLICY_NOT_FOUND"
)

Enum values for BatchGetPolicyErrorCode

func (BatchGetPolicyErrorCode) Values added in v1.20.0 

func (BatchGetPolicyErrorCode) Values() []BatchGetPolicyErrorCode

Values returns all known values for BatchGetPolicyErrorCode. Note that this can be expanded in the future, and so it is only as up to date as the client.

The ordering of this slice is not guaranteed to be stable across updates.

type BatchGetPolicyErrorItem added in v1.20.0 

type BatchGetPolicyErrorItem struct {

	// The error code that was returned.
	//
	// This member is required.
	Code BatchGetPolicyErrorCode

	// A detailed error message.
	//
	// This member is required.
	Message *string

	// The identifier of the policy associated with the failed request.
	//
	// This member is required.
	PolicyId *string

	// The identifier of the policy store associated with the failed request.
	//
	// This member is required.
	PolicyStoreId *string
	// contains filtered or unexported fields
}

Contains the information about an error resulting from a BatchGetPolicy API call.

type BatchGetPolicyInputItem added in v1.20.0 

type BatchGetPolicyInputItem struct {

	// The identifier of the policy you want information about.
	//
	// This member is required.
	PolicyId *string

	// The identifier of the policy store where the policy you want information about
	// is stored.
	//
	// This member is required.
	PolicyStoreId *string
	// contains filtered or unexported fields
}

Information about a policy that you include in a BatchGetPolicy API request.

type BatchGetPolicyOutputItem added in v1.20.0 

type BatchGetPolicyOutputItem struct {

	// The date and time the policy was created.
	//
	// This member is required.
	CreatedDate *time.Time

	// The policy definition of an item in the list of policies returned.
	//
	// This member is required.
	Definition PolicyDefinitionDetail

	// The date and time the policy was most recently updated.
	//
	// This member is required.
	LastUpdatedDate *time.Time

	// The identifier of the policy you want information about.
	//
	// This member is required.
	PolicyId *string

	// The identifier of the policy store where the policy you want information about
	// is stored.
	//
	// This member is required.
	PolicyStoreId *string

	// The type of the policy. This is one of the following values:
	//
	//   - STATIC
	//
	//   - TEMPLATE_LINKED
	//
	// This member is required.
	PolicyType PolicyType
	// contains filtered or unexported fields
}

Contains information about a policy returned from a BatchGetPolicy API request.

type BatchIsAuthorizedInputItem added in v1.6.0 

type BatchIsAuthorizedInputItem struct {

	// Specifies the requested action to be authorized. For example,
	// PhotoFlash::ReadPhoto .
	Action *ActionIdentifier

	// Specifies additional context that can be used to make more granular
	// authorization decisions.
	Context ContextDefinition

	// Specifies the principal for which the authorization decision is to be made.
	Principal *EntityIdentifier

	// Specifies the resource that you want an authorization decision for. For
	// example, PhotoFlash::Photo .
	Resource *EntityIdentifier
	// contains filtered or unexported fields
}

An authorization request that you include in a BatchIsAuthorized API request.

type BatchIsAuthorizedOutputItem added in v1.6.0 

type BatchIsAuthorizedOutputItem struct {

	// An authorization decision that indicates if the authorization request should be
	// allowed or denied.
	//
	// This member is required.
	Decision Decision

	// The list of determining policies used to make the authorization decision. For
	// example, if there are two matching policies, where one is a forbid and the other
	// is a permit, then the forbid policy will be the determining policy. In the case
	// of multiple matching permit policies then there would be multiple determining
	// policies. In the case that no policies match, and hence the response is DENY,
	// there would be no determining policies.
	//
	// This member is required.
	DeterminingPolicies []DeterminingPolicyItem

	// Errors that occurred while making an authorization decision. For example, a
	// policy might reference an entity or attribute that doesn't exist in the request.
	//
	// This member is required.
	Errors []EvaluationErrorItem

	// The authorization request that initiated the decision.
	//
	// This member is required.
	Request *BatchIsAuthorizedInputItem
	// contains filtered or unexported fields
}

The decision, based on policy evaluation, from an individual authorization request in a BatchIsAuthorized API request.

type BatchIsAuthorizedWithTokenInputItem added in v1.13.0 

type BatchIsAuthorizedWithTokenInputItem struct {

	// Specifies the requested action to be authorized. For example,
	// PhotoFlash::ReadPhoto .
	Action *ActionIdentifier

	// Specifies additional context that can be used to make more granular
	// authorization decisions.
	Context ContextDefinition

	// Specifies the resource that you want an authorization decision for. For
	// example, PhotoFlash::Photo .
	Resource *EntityIdentifier
	// contains filtered or unexported fields
}

An authorization request that you include in a BatchIsAuthorizedWithToken API request.

type BatchIsAuthorizedWithTokenOutputItem added in v1.13.0 

type BatchIsAuthorizedWithTokenOutputItem struct {

	// An authorization decision that indicates if the authorization request should be
	// allowed or denied.
	//
	// This member is required.
	Decision Decision

	// The list of determining policies used to make the authorization decision. For
	// example, if there are two matching policies, where one is a forbid and the other
	// is a permit, then the forbid policy will be the determining policy. In the case
	// of multiple matching permit policies then there would be multiple determining
	// policies. In the case that no policies match, and hence the response is DENY,
	// there would be no determining policies.
	//
	// This member is required.
	DeterminingPolicies []DeterminingPolicyItem

	// Errors that occurred while making an authorization decision. For example, a
	// policy might reference an entity or attribute that doesn't exist in the request.
	//
	// This member is required.
	Errors []EvaluationErrorItem

	// The authorization request that initiated the decision.
	//
	// This member is required.
	Request *BatchIsAuthorizedWithTokenInputItem
	// contains filtered or unexported fields
}

The decision, based on policy evaluation, from an individual authorization request in a BatchIsAuthorizedWithToken API request.

type CognitoGroupConfiguration added in v1.12.0 

type CognitoGroupConfiguration struct {

	// The name of the schema entity type that's mapped to the user pool group.
	// Defaults to AWS::CognitoGroup .
	//
	// This member is required.
	GroupEntityType *string
	// contains filtered or unexported fields
}

The type of entity that a policy store maps to groups from an Amazon Cognito user pool identity source.

This data type is part of a CognitoUserPoolConfiguration structure and is a request parameter in CreateIdentitySource.

type CognitoGroupConfigurationDetail added in v1.12.0 

type CognitoGroupConfigurationDetail struct {

	// The name of the schema entity type that's mapped to the user pool group.
	// Defaults to AWS::CognitoGroup .
	GroupEntityType *string
	// contains filtered or unexported fields
}

The type of entity that a policy store maps to groups from an Amazon Cognito user pool identity source.

This data type is part of an CognitoUserPoolConfigurationDetail structure and is a response parameter to GetIdentitySource.

type CognitoGroupConfigurationItem added in v1.12.0 

type CognitoGroupConfigurationItem struct {

	// The name of the schema entity type that's mapped to the user pool group.
	// Defaults to AWS::CognitoGroup .
	GroupEntityType *string
	// contains filtered or unexported fields
}

The type of entity that a policy store maps to groups from an Amazon Cognito user pool identity source.

This data type is part of an CognitoUserPoolConfigurationItem structure and is a response parameter to ListIdentitySources.

type CognitoUserPoolConfiguration 

type CognitoUserPoolConfiguration struct {

	// The [Amazon Resource Name (ARN)] of the Amazon Cognito user pool that contains the identities to be
	// authorized.
	//
	// Example: "UserPoolArn":
	// "arn:aws:cognito-idp:us-east-1:123456789012:userpool/us-east-1_1a2b3c4d5"
	//
	// [Amazon Resource Name (ARN)]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html
	//
	// This member is required.
	UserPoolArn *string

	// The unique application client IDs that are associated with the specified Amazon
	// Cognito user pool.
	//
	// Example: "ClientIds": ["&ExampleCogClientId;"]
	ClientIds []string

	// The type of entity that a policy store maps to groups from an Amazon Cognito
	// user pool identity source.
	GroupConfiguration *CognitoGroupConfiguration
	// contains filtered or unexported fields
}

The configuration for an identity source that represents a connection to an Amazon Cognito user pool used as an identity provider for Verified Permissions.

This data type part of a Configuration structure that is used as a parameter to CreateIdentitySource.

Example: "CognitoUserPoolConfiguration":{"UserPoolArn":"arn:aws:cognito-idp:us-east-1:123456789012:userpool/us-east-1_1a2b3c4d5","ClientIds": ["a1b2c3d4e5f6g7h8i9j0kalbmc"],"groupConfiguration": {"groupEntityType": "MyCorp::Group"}}

type CognitoUserPoolConfigurationDetail added in v1.11.0 

type CognitoUserPoolConfigurationDetail struct {

	// The unique application client IDs that are associated with the specified Amazon
	// Cognito user pool.
	//
	// Example: "clientIds": ["&ExampleCogClientId;"]
	//
	// This member is required.
	ClientIds []string

	// The OpenID Connect (OIDC) issuer ID of the Amazon Cognito user pool that
	// contains the identities to be authorized.
	//
	// Example: "issuer":
	// "https://cognito-idp.us-east-1.amazonaws.com/us-east-1_1a2b3c4d5"
	//
	// This member is required.
	Issuer *string

	// The [Amazon Resource Name (ARN)] of the Amazon Cognito user pool that contains the identities to be
	// authorized.
	//
	// Example: "userPoolArn":
	// "arn:aws:cognito-idp:us-east-1:123456789012:userpool/us-east-1_1a2b3c4d5"
	//
	// [Amazon Resource Name (ARN)]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html
	//
	// This member is required.
	UserPoolArn *string

	// The type of entity that a policy store maps to groups from an Amazon Cognito
	// user pool identity source.
	GroupConfiguration *CognitoGroupConfigurationDetail
	// contains filtered or unexported fields
}

The configuration for an identity source that represents a connection to an Amazon Cognito user pool used as an identity provider for Verified Permissions.

This data type is used as a field that is part of an ConfigurationDetail structure that is part of the response to GetIdentitySource.

Example: "CognitoUserPoolConfiguration":{"UserPoolArn":"arn:aws:cognito-idp:us-east-1:123456789012:userpool/us-east-1_1a2b3c4d5","ClientIds": ["a1b2c3d4e5f6g7h8i9j0kalbmc"],"groupConfiguration": {"groupEntityType": "MyCorp::Group"}}

type CognitoUserPoolConfigurationItem added in v1.11.0 

type CognitoUserPoolConfigurationItem struct {

	// The unique application client IDs that are associated with the specified Amazon
	// Cognito user pool.
	//
	// Example: "clientIds": ["&ExampleCogClientId;"]
	//
	// This member is required.
	ClientIds []string

	// The OpenID Connect (OIDC) issuer ID of the Amazon Cognito user pool that
	// contains the identities to be authorized.
	//
	// Example: "issuer":
	// "https://cognito-idp.us-east-1.amazonaws.com/us-east-1_1a2b3c4d5"
	//
	// This member is required.
	Issuer *string

	// The [Amazon Resource Name (ARN)] of the Amazon Cognito user pool that contains the identities to be
	// authorized.
	//
	// Example: "userPoolArn":
	// "arn:aws:cognito-idp:us-east-1:123456789012:userpool/us-east-1_1a2b3c4d5"
	//
	// [Amazon Resource Name (ARN)]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html
	//
	// This member is required.
	UserPoolArn *string

	// The type of entity that a policy store maps to groups from an Amazon Cognito
	// user pool identity source.
	GroupConfiguration *CognitoGroupConfigurationItem
	// contains filtered or unexported fields
}

The configuration for an identity source that represents a connection to an Amazon Cognito user pool used as an identity provider for Verified Permissions.

This data type is used as a field that is part of the ConfigurationItem structure that is part of the response to ListIdentitySources.

Example: "CognitoUserPoolConfiguration":{"UserPoolArn":"arn:aws:cognito-idp:us-east-1:123456789012:userpool/us-east-1_1a2b3c4d5","ClientIds": ["a1b2c3d4e5f6g7h8i9j0kalbmc"],"groupConfiguration": {"groupEntityType": "MyCorp::Group"}}

type Configuration 

type Configuration interface {
	// contains filtered or unexported methods
}

Contains configuration information used when creating a new identity source.

This data type is used as a request parameter for the CreateIdentitySource operation.

The following types satisfy this interface: 

ConfigurationMemberCognitoUserPoolConfiguration
ConfigurationMemberOpenIdConnectConfiguration
Example (OutputUsage) 
package main

import (
	"fmt"
	"github.com/aws/aws-sdk-go-v2/service/verifiedpermissions/types"
)

func main() {
	var union types.Configuration
	// type switches can be used to check the union value
	switch v := union.(type) {
	case *types.ConfigurationMemberCognitoUserPoolConfiguration:
		_ = v.Value // Value is types.CognitoUserPoolConfiguration

	case *types.ConfigurationMemberOpenIdConnectConfiguration:
		_ = v.Value // Value is types.OpenIdConnectConfiguration

	case *types.UnknownUnionMember:
		fmt.Println("unknown tag:", v.Tag)

	default:
		fmt.Println("union is nil or unknown type")

	}
}

Output:

type ConfigurationDetail added in v1.11.0 

type ConfigurationDetail interface {
	// contains filtered or unexported methods
}

Contains configuration information about an identity source.

This data type is a response parameter to the GetIdentitySource operation.

The following types satisfy this interface: 

ConfigurationDetailMemberCognitoUserPoolConfiguration
ConfigurationDetailMemberOpenIdConnectConfiguration
Example (OutputUsage) 
package main

import (
	"fmt"
	"github.com/aws/aws-sdk-go-v2/service/verifiedpermissions/types"
)

func main() {
	var union types.ConfigurationDetail
	// type switches can be used to check the union value
	switch v := union.(type) {
	case *types.ConfigurationDetailMemberCognitoUserPoolConfiguration:
		_ = v.Value // Value is types.CognitoUserPoolConfigurationDetail

	case *types.ConfigurationDetailMemberOpenIdConnectConfiguration:
		_ = v.Value // Value is types.OpenIdConnectConfigurationDetail

	case *types.UnknownUnionMember:
		fmt.Println("unknown tag:", v.Tag)

	default:
		fmt.Println("union is nil or unknown type")

	}
}

Output:

type ConfigurationDetailMemberCognitoUserPoolConfiguration added in v1.11.0 

type ConfigurationDetailMemberCognitoUserPoolConfiguration struct {
	Value CognitoUserPoolConfigurationDetail
	// contains filtered or unexported fields
}

Contains configuration details of a Amazon Cognito user pool that Verified Permissions can use as a source of authenticated identities as entities. It specifies the Amazon Resource Name (ARN)of a Amazon Cognito user pool, the policy store entity that you want to assign to user groups, and one or more application client IDs.

Example: "configuration":{"cognitoUserPoolConfiguration":{"userPoolArn":"arn:aws:cognito-idp:us-east-1:123456789012:userpool/us-east-1_1a2b3c4d5","clientIds": ["a1b2c3d4e5f6g7h8i9j0kalbmc"],"groupConfiguration": {"groupEntityType": "MyCorp::Group"}}}

type ConfigurationDetailMemberOpenIdConnectConfiguration added in v1.15.0 

type ConfigurationDetailMemberOpenIdConnectConfiguration struct {
	Value OpenIdConnectConfigurationDetail
	// contains filtered or unexported fields
}

Contains configuration details of an OpenID Connect (OIDC) identity provider, or identity source, that Verified Permissions can use to generate entities from authenticated identities. It specifies the issuer URL, token type that you want to use, and policy store entity details.

Example: "configuration":{"openIdConnectConfiguration":{"issuer":"https://auth.example.com","tokenSelection":{"accessTokenOnly":{"audiences":["https://myapp.example.com","https://myapp2.example.com"],"principalIdClaim":"sub"}},"entityIdPrefix":"MyOIDCProvider","groupConfiguration":{"groupClaim":"groups","groupEntityType":"MyCorp::UserGroup"}}}

type ConfigurationItem added in v1.11.0 

type ConfigurationItem interface {
	// contains filtered or unexported methods
}

Contains configuration information about an identity source.

This data type is a response parameter to the ListIdentitySources operation.

The following types satisfy this interface: 

ConfigurationItemMemberCognitoUserPoolConfiguration
ConfigurationItemMemberOpenIdConnectConfiguration
Example (OutputUsage) 
package main

import (
	"fmt"
	"github.com/aws/aws-sdk-go-v2/service/verifiedpermissions/types"
)

func main() {
	var union types.ConfigurationItem
	// type switches can be used to check the union value
	switch v := union.(type) {
	case *types.ConfigurationItemMemberCognitoUserPoolConfiguration:
		_ = v.Value // Value is types.CognitoUserPoolConfigurationItem

	case *types.ConfigurationItemMemberOpenIdConnectConfiguration:
		_ = v.Value // Value is types.OpenIdConnectConfigurationItem

	case *types.UnknownUnionMember:
		fmt.Println("unknown tag:", v.Tag)

	default:
		fmt.Println("union is nil or unknown type")

	}
}

Output:

type ConfigurationItemMemberCognitoUserPoolConfiguration added in v1.11.0 

type ConfigurationItemMemberCognitoUserPoolConfiguration struct {
	Value CognitoUserPoolConfigurationItem
	// contains filtered or unexported fields
}

Contains configuration details of a Amazon Cognito user pool that Verified Permissions can use as a source of authenticated identities as entities. It specifies the Amazon Resource Name (ARN)of a Amazon Cognito user pool, the policy store entity that you want to assign to user groups, and one or more application client IDs.

Example: "configuration":{"cognitoUserPoolConfiguration":{"userPoolArn":"arn:aws:cognito-idp:us-east-1:123456789012:userpool/us-east-1_1a2b3c4d5","clientIds": ["a1b2c3d4e5f6g7h8i9j0kalbmc"],"groupConfiguration": {"groupEntityType": "MyCorp::Group"}}}

type ConfigurationItemMemberOpenIdConnectConfiguration added in v1.15.0 

type ConfigurationItemMemberOpenIdConnectConfiguration struct {
	Value OpenIdConnectConfigurationItem
	// contains filtered or unexported fields
}

Contains configuration details of an OpenID Connect (OIDC) identity provider, or identity source, that Verified Permissions can use to generate entities from authenticated identities. It specifies the issuer URL, token type that you want to use, and policy store entity details.

Example: "configuration":{"openIdConnectConfiguration":{"issuer":"https://auth.example.com","tokenSelection":{"accessTokenOnly":{"audiences":["https://myapp.example.com","https://myapp2.example.com"],"principalIdClaim":"sub"}},"entityIdPrefix":"MyOIDCProvider","groupConfiguration":{"groupClaim":"groups","groupEntityType":"MyCorp::UserGroup"}}}

type ConfigurationMemberCognitoUserPoolConfiguration 

type ConfigurationMemberCognitoUserPoolConfiguration struct {
	Value CognitoUserPoolConfiguration
	// contains filtered or unexported fields
}

Contains configuration details of a Amazon Cognito user pool that Verified Permissions can use as a source of authenticated identities as entities. It specifies the Amazon Resource Name (ARN)of a Amazon Cognito user pool and one or more application client IDs.

Example: "configuration":{"cognitoUserPoolConfiguration":{"userPoolArn":"arn:aws:cognito-idp:us-east-1:123456789012:userpool/us-east-1_1a2b3c4d5","clientIds": ["a1b2c3d4e5f6g7h8i9j0kalbmc"],"groupConfiguration": {"groupEntityType": "MyCorp::Group"}}}

type ConfigurationMemberOpenIdConnectConfiguration added in v1.15.0 

type ConfigurationMemberOpenIdConnectConfiguration struct {
	Value OpenIdConnectConfiguration
	// contains filtered or unexported fields
}

Contains configuration details of an OpenID Connect (OIDC) identity provider, or identity source, that Verified Permissions can use to generate entities from authenticated identities. It specifies the issuer URL, token type that you want to use, and policy store entity details.

Example: "configuration":{"openIdConnectConfiguration":{"issuer":"https://auth.example.com","tokenSelection":{"accessTokenOnly":{"audiences":["https://myapp.example.com","https://myapp2.example.com"],"principalIdClaim":"sub"}},"entityIdPrefix":"MyOIDCProvider","groupConfiguration":{"groupClaim":"groups","groupEntityType":"MyCorp::UserGroup"}}}

type ConflictException 

type ConflictException struct {
	Message *string

	ErrorCodeOverride *string

	Resources []ResourceConflict
	// contains filtered or unexported fields
}

The request failed because another request to modify a resource occurred at the same.

func (*ConflictException) Error 

func (e *ConflictException) Error() string

func (*ConflictException) ErrorCode 

func (e *ConflictException) ErrorCode() string

func (*ConflictException) ErrorFault 

func (e *ConflictException) ErrorFault() smithy.ErrorFault

func (*ConflictException) ErrorMessage 

func (e *ConflictException) ErrorMessage() string

type ContextDefinition 

type ContextDefinition interface {
	// contains filtered or unexported methods
}

Contains additional details about the context of the request. Verified Permissions evaluates this information in an authorization request as part of the when and unless clauses in a policy.

This data type is used as a request parameter for the IsAuthorized, BatchIsAuthorized, and IsAuthorizedWithToken operations.

Example: "context":{"contextMap":{"<KeyName1>":{"boolean":true},"<KeyName2>":{"long":1234}}}

The following types satisfy this interface: 

ContextDefinitionMemberContextMap
Example (OutputUsage) 
package main

import (
	"fmt"
	"github.com/aws/aws-sdk-go-v2/service/verifiedpermissions/types"
)

func main() {
	var union types.ContextDefinition
	// type switches can be used to check the union value
	switch v := union.(type) {
	case *types.ContextDefinitionMemberContextMap:
		_ = v.Value // Value is map[string]types.AttributeValue

	case *types.UnknownUnionMember:
		fmt.Println("unknown tag:", v.Tag)

	default:
		fmt.Println("union is nil or unknown type")

	}
}

Output:

type ContextDefinitionMemberContextMap 

type ContextDefinitionMemberContextMap struct {
	Value map[string]AttributeValue
	// contains filtered or unexported fields
}

An list of attributes that are needed to successfully evaluate an authorization request. Each attribute in this array must include a map of a data type and its value.

Example: "contextMap":{"<KeyName1>":{"boolean":true},"<KeyName2>":{"long":1234}}

type Decision 

type Decision string
const (
	DecisionAllow Decision = "ALLOW"
	DecisionDeny  Decision = "DENY"
)

Enum values for Decision

func (Decision) Values 

func (Decision) Values() []Decision

Values returns all known values for Decision. Note that this can be expanded in the future, and so it is only as up to date as the client.

The ordering of this slice is not guaranteed to be stable across updates.

type DeterminingPolicyItem 

type DeterminingPolicyItem struct {

	// The Id of a policy that determined to an authorization decision.
	//
	// Example: "policyId":"SPEXAMPLEabcdefg111111"
	//
	// This member is required.
	PolicyId *string
	// contains filtered or unexported fields
}

Contains information about one of the policies that determined an authorization decision.

This data type is used as an element in a response parameter for the IsAuthorized, BatchIsAuthorized, and IsAuthorizedWithToken operations.

Example: "determiningPolicies":[{"policyId":"SPEXAMPLEabcdefg111111"}]

type EntitiesDefinition 

type EntitiesDefinition interface {
	// contains filtered or unexported methods
}

Contains the list of entities to be considered during an authorization request. This includes all principals, resources, and actions required to successfully evaluate the request.

This data type is used as a field in the response parameter for the IsAuthorized and IsAuthorizedWithToken operations.

The following types satisfy this interface: 

EntitiesDefinitionMemberEntityList
Example (OutputUsage) 
package main

import (
	"fmt"
	"github.com/aws/aws-sdk-go-v2/service/verifiedpermissions/types"
)

func main() {
	var union types.EntitiesDefinition
	// type switches can be used to check the union value
	switch v := union.(type) {
	case *types.EntitiesDefinitionMemberEntityList:
		_ = v.Value // Value is []types.EntityItem

	case *types.UnknownUnionMember:
		fmt.Println("unknown tag:", v.Tag)

	default:
		fmt.Println("union is nil or unknown type")

	}
}

Output:

type EntitiesDefinitionMemberEntityList 

type EntitiesDefinitionMemberEntityList struct {
	Value []EntityItem
	// contains filtered or unexported fields
}

An array of entities that are needed to successfully evaluate an authorization request. Each entity in this array must include an identifier for the entity, the attributes of the entity, and a list of any parent entities.

type EntityIdentifier 

type EntityIdentifier struct {

	// The identifier of an entity.
	//
	//     "entityId":"identifier"
	//
	// This member is required.
	EntityId *string

	// The type of an entity.
	//
	// Example: "entityType":"typeName"
	//
	// This member is required.
	EntityType *string
	// contains filtered or unexported fields
}

Contains the identifier of an entity, including its ID and type.

This data type is used as a request parameter for IsAuthorized operation, and as a response parameter for the CreatePolicy, GetPolicy, and UpdatePolicy operations.

Example: {"entityId":"string","entityType":"string"}

type EntityItem 

type EntityItem struct {

	// The identifier of the entity.
	//
	// This member is required.
	Identifier *EntityIdentifier

	// A list of attributes for the entity.
	Attributes map[string]AttributeValue

	// The parent entities in the hierarchy that contains the entity. A principal or
	// resource entity can be defined with at most 99 transitive parents per
	// authorization request.
	//
	// A transitive parent is an entity in the hierarchy of entities including all
	// direct parents, and parents of parents. For example, a user can be a member of
	// 91 groups if one of those groups is a member of eight groups, for a total of
	// 100: one entity, 91 entity parents, and eight parents of parents.
	Parents []EntityIdentifier
	// contains filtered or unexported fields
}

Contains information about an entity that can be referenced in a Cedar policy.

This data type is used as one of the fields in the EntitiesDefinition structure. 

{ "identifier": { "entityType": "Photo", "entityId": "VacationPhoto94.jpg" },
"attributes": {}, "parents": [ { "entityType": "Album", "entityId":
"alice_folder" } ] }

type EntityReference 

type EntityReference interface {
	// contains filtered or unexported methods
}

Contains information about a principal or resource that can be referenced in a Cedar policy.

This data type is used as part of the PolicyFilter structure that is used as a request parameter for the ListPoliciesoperation..

The following types satisfy this interface: 

EntityReferenceMemberIdentifier
EntityReferenceMemberUnspecified
Example (OutputUsage) 
package main

import (
	"fmt"
	"github.com/aws/aws-sdk-go-v2/service/verifiedpermissions/types"
)

func main() {
	var union types.EntityReference
	// type switches can be used to check the union value
	switch v := union.(type) {
	case *types.EntityReferenceMemberIdentifier:
		_ = v.Value // Value is types.EntityIdentifier

	case *types.EntityReferenceMemberUnspecified:
		_ = v.Value // Value is bool

	case *types.UnknownUnionMember:
		fmt.Println("unknown tag:", v.Tag)

	default:
		fmt.Println("union is nil or unknown type")

	}
}

Output:

type EntityReferenceMemberIdentifier 

type EntityReferenceMemberIdentifier struct {
	Value EntityIdentifier
	// contains filtered or unexported fields
}

The identifier of the entity. It can consist of either an EntityType and EntityId, a principal, or a resource.

type EntityReferenceMemberUnspecified 

type EntityReferenceMemberUnspecified struct {
	Value bool
	// contains filtered or unexported fields
}

Used to indicate that a principal or resource is not specified. This can be used to search for policies that are not associated with a specific principal or resource.

type EvaluationErrorItem 

type EvaluationErrorItem struct {

	// The error description.
	//
	// This member is required.
	ErrorDescription *string
	// contains filtered or unexported fields
}

Contains a description of an evaluation error.

This data type is a response parameter of the IsAuthorized, BatchIsAuthorized, and IsAuthorizedWithToken operations.

type IdentitySourceDetails 

type IdentitySourceDetails struct {

	// The application client IDs associated with the specified Amazon Cognito user
	// pool that are enabled for this identity source.
	//
	// Deprecated: This attribute has been replaced by
	// configuration.cognitoUserPoolConfiguration.clientIds
	ClientIds []string

	// The well-known URL that points to this user pool's OIDC discovery endpoint.
	// This is a URL string in the following format. This URL replaces the placeholders
	// for both the Amazon Web Services Region and the user pool identifier with those
	// appropriate for this user pool.
	//
	//     https://cognito-idp.<region>.amazonaws.com/<user-pool-id>/.well-known/openid-configuration
	//
	// Deprecated: This attribute has been replaced by
	// configuration.cognitoUserPoolConfiguration.issuer
	DiscoveryUrl *string

	// A string that identifies the type of OIDC service represented by this identity
	// source.
	//
	// At this time, the only valid value is cognito .
	//
	// Deprecated: This attribute has been replaced by configuration
	OpenIdIssuer OpenIdIssuer

	// The [Amazon Resource Name (ARN)] of the Amazon Cognito user pool whose identities are accessible to this
	// Verified Permissions policy store.
	//
	// [Amazon Resource Name (ARN)]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html
	//
	// Deprecated: This attribute has been replaced by
	// configuration.cognitoUserPoolConfiguration.userPoolArn
	UserPoolArn *string
	// contains filtered or unexported fields
}

A structure that contains configuration of the identity source.

This data type was a response parameter for the GetIdentitySource operation. Replaced by ConfigurationDetail.

type IdentitySourceFilter 

type IdentitySourceFilter struct {

	// The Cedar entity type of the principals returned by the identity provider (IdP)
	// associated with this identity source.
	PrincipalEntityType *string
	// contains filtered or unexported fields
}

A structure that defines characteristics of an identity source that you can use to filter.

This data type is a request parameter for the ListIdentityStores operation.

type IdentitySourceItem 

type IdentitySourceItem struct {

	// The date and time the identity source was originally created.
	//
	// This member is required.
	CreatedDate *time.Time

	// The unique identifier of the identity source.
	//
	// This member is required.
	IdentitySourceId *string

	// The date and time the identity source was most recently updated.
	//
	// This member is required.
	LastUpdatedDate *time.Time

	// The identifier of the policy store that contains the identity source.
	//
	// This member is required.
	PolicyStoreId *string

	// The Cedar entity type of the principals returned from the IdP associated with
	// this identity source.
	//
	// This member is required.
	PrincipalEntityType *string

	// Contains configuration information about an identity source.
	Configuration ConfigurationItem

	// A structure that contains the details of the associated identity provider (IdP).
	//
	// Deprecated: This attribute has been replaced by
	// configuration.cognitoUserPoolConfiguration
	Details *IdentitySourceItemDetails
	// contains filtered or unexported fields
}

A structure that defines an identity source.

This data type is a response parameter to the ListIdentitySources operation.

type IdentitySourceItemDetails 

type IdentitySourceItemDetails struct {

	// The application client IDs associated with the specified Amazon Cognito user
	// pool that are enabled for this identity source.
	//
	// Deprecated: This attribute has been replaced by
	// configuration.cognitoUserPoolConfiguration.clientIds
	ClientIds []string

	// The well-known URL that points to this user pool's OIDC discovery endpoint.
	// This is a URL string in the following format. This URL replaces the placeholders
	// for both the Amazon Web Services Region and the user pool identifier with those
	// appropriate for this user pool.
	//
	//     https://cognito-idp.<region>.amazonaws.com/<user-pool-id>/.well-known/openid-configuration
	//
	// Deprecated: This attribute has been replaced by
	// configuration.cognitoUserPoolConfiguration.issuer
	DiscoveryUrl *string

	// A string that identifies the type of OIDC service represented by this identity
	// source.
	//
	// At this time, the only valid value is cognito .
	//
	// Deprecated: This attribute has been replaced by configuration
	OpenIdIssuer OpenIdIssuer

	// The Amazon Cognito user pool whose identities are accessible to this Verified
	// Permissions policy store.
	//
	// Deprecated: This attribute has been replaced by
	// configuration.cognitoUserPoolConfiguration.userPoolArn
	UserPoolArn *string
	// contains filtered or unexported fields
}

A structure that contains configuration of the identity source.

This data type was a response parameter for the ListIdentitySources operation. Replaced by ConfigurationItem.

type InternalServerException 

type InternalServerException struct {
	Message *string

	ErrorCodeOverride *string
	// contains filtered or unexported fields
}

The request failed because of an internal error. Try your request again later

func (*InternalServerException) Error 

func (e *InternalServerException) Error() string

func (*InternalServerException) ErrorCode 

func (e *InternalServerException) ErrorCode() string

func (*InternalServerException) ErrorFault 

func (e *InternalServerException) ErrorFault() smithy.ErrorFault

func (*InternalServerException) ErrorMessage 

func (e *InternalServerException) ErrorMessage() string

type OpenIdConnectAccessTokenConfiguration added in v1.15.0 

type OpenIdConnectAccessTokenConfiguration struct {

	// The access token aud claim values that you want to accept in your policy store.
	// For example, https://myapp.example.com, https://myapp2.example.com .
	Audiences []string

	// The claim that determines the principal in OIDC access tokens. For example, sub .
	PrincipalIdClaim *string
	// contains filtered or unexported fields
}

The configuration of an OpenID Connect (OIDC) identity source for handling access token claims. Contains the claim that you want to identify as the principal in an authorization request, and the values of the aud claim, or audiences, that you want to accept.

This data type is part of a OpenIdConnectTokenSelection structure, which is a parameter of CreateIdentitySource.

type OpenIdConnectAccessTokenConfigurationDetail added in v1.15.0 

type OpenIdConnectAccessTokenConfigurationDetail struct {

	// The access token aud claim values that you want to accept in your policy store.
	// For example, https://myapp.example.com, https://myapp2.example.com .
	Audiences []string

	// The claim that determines the principal in OIDC access tokens. For example, sub .
	PrincipalIdClaim *string
	// contains filtered or unexported fields
}

The configuration of an OpenID Connect (OIDC) identity source for handling access token claims. Contains the claim that you want to identify as the principal in an authorization request, and the values of the aud claim, or audiences, that you want to accept.

This data type is part of a OpenIdConnectTokenSelectionDetail structure, which is a parameter of GetIdentitySource.

type OpenIdConnectAccessTokenConfigurationItem added in v1.15.0 

type OpenIdConnectAccessTokenConfigurationItem struct {

	// The access token aud claim values that you want to accept in your policy store.
	// For example, https://myapp.example.com, https://myapp2.example.com .
	Audiences []string

	// The claim that determines the principal in OIDC access tokens. For example, sub .
	PrincipalIdClaim *string
	// contains filtered or unexported fields
}

The configuration of an OpenID Connect (OIDC) identity source for handling access token claims. Contains the claim that you want to identify as the principal in an authorization request, and the values of the aud claim, or audiences, that you want to accept.

This data type is part of a OpenIdConnectTokenSelectionItem structure, which is a parameter of ListIdentitySources.

type OpenIdConnectConfiguration added in v1.15.0 

type OpenIdConnectConfiguration struct {

	// The issuer URL of an OIDC identity provider. This URL must have an OIDC
	// discovery endpoint at the path .well-known/openid-configuration .
	//
	// This member is required.
	Issuer *string

	// The token type that you want to process from your OIDC identity provider. Your
	// policy store can process either identity (ID) or access tokens from a given OIDC
	// identity source.
	//
	// This member is required.
	TokenSelection OpenIdConnectTokenSelection

	// A descriptive string that you want to prefix to user entities from your OIDC
	// identity provider. For example, if you set an entityIdPrefix of MyOIDCProvider ,
	// you can reference principals in your policies in the format
	// MyCorp::User::MyOIDCProvider|Carlos .
	EntityIdPrefix *string

	// The claim in OIDC identity provider tokens that indicates a user's group
	// membership, and the entity type that you want to map it to. For example, this
	// object can map the contents of a groups claim to MyCorp::UserGroup .
	GroupConfiguration *OpenIdConnectGroupConfiguration
	// contains filtered or unexported fields
}

Contains configuration details of an OpenID Connect (OIDC) identity provider, or identity source, that Verified Permissions can use to generate entities from authenticated identities. It specifies the issuer URL, token type that you want to use, and policy store entity details.

This data type is part of a Configuration structure, which is a parameter to CreateIdentitySource.

type OpenIdConnectConfigurationDetail added in v1.15.0 

type OpenIdConnectConfigurationDetail struct {

	// The issuer URL of an OIDC identity provider. This URL must have an OIDC
	// discovery endpoint at the path .well-known/openid-configuration .
	//
	// This member is required.
	Issuer *string

	// The token type that you want to process from your OIDC identity provider. Your
	// policy store can process either identity (ID) or access tokens from a given OIDC
	// identity source.
	//
	// This member is required.
	TokenSelection OpenIdConnectTokenSelectionDetail

	// A descriptive string that you want to prefix to user entities from your OIDC
	// identity provider. For example, if you set an entityIdPrefix of MyOIDCProvider ,
	// you can reference principals in your policies in the format
	// MyCorp::User::MyOIDCProvider|Carlos .
	EntityIdPrefix *string

	// The claim in OIDC identity provider tokens that indicates a user's group
	// membership, and the entity type that you want to map it to. For example, this
	// object can map the contents of a groups claim to MyCorp::UserGroup .
	GroupConfiguration *OpenIdConnectGroupConfigurationDetail
	// contains filtered or unexported fields
}

Contains configuration details of an OpenID Connect (OIDC) identity provider, or identity source, that Verified Permissions can use to generate entities from authenticated identities. It specifies the issuer URL, token type that you want to use, and policy store entity details.

This data type is part of a ConfigurationDetail structure, which is a parameter to GetIdentitySource.

type OpenIdConnectConfigurationItem added in v1.15.0 

type OpenIdConnectConfigurationItem struct {

	// The issuer URL of an OIDC identity provider. This URL must have an OIDC
	// discovery endpoint at the path .well-known/openid-configuration .
	//
	// This member is required.
	Issuer *string

	// The token type that you want to process from your OIDC identity provider. Your
	// policy store can process either identity (ID) or access tokens from a given OIDC
	// identity source.
	//
	// This member is required.
	TokenSelection OpenIdConnectTokenSelectionItem

	// A descriptive string that you want to prefix to user entities from your OIDC
	// identity provider. For example, if you set an entityIdPrefix of MyOIDCProvider ,
	// you can reference principals in your policies in the format
	// MyCorp::User::MyOIDCProvider|Carlos .
	EntityIdPrefix *string

	// The claim in OIDC identity provider tokens that indicates a user's group
	// membership, and the entity type that you want to map it to. For example, this
	// object can map the contents of a groups claim to MyCorp::UserGroup .
	GroupConfiguration *OpenIdConnectGroupConfigurationItem
	// contains filtered or unexported fields
}

Contains configuration details of an OpenID Connect (OIDC) identity provider, or identity source, that Verified Permissions can use to generate entities from authenticated identities. It specifies the issuer URL, token type that you want to use, and policy store entity details.

This data type is part of a ConfigurationItem structure, which is a parameter to ListIdentitySources.

type OpenIdConnectGroupConfiguration added in v1.15.0 

type OpenIdConnectGroupConfiguration struct {

	// The token claim that you want Verified Permissions to interpret as group
	// membership. For example, groups .
	//
	// This member is required.
	GroupClaim *string

	// The policy store entity type that you want to map your users' group claim to.
	// For example, MyCorp::UserGroup . A group entity type is an entity that can have
	// a user entity type as a member.
	//
	// This member is required.
	GroupEntityType *string
	// contains filtered or unexported fields
}

The claim in OIDC identity provider tokens that indicates a user's group membership, and the entity type that you want to map it to. For example, this object can map the contents of a groups claim to MyCorp::UserGroup .

This data type is part of a OpenIdConnectConfiguration structure, which is a parameter of CreateIdentitySource.

type OpenIdConnectGroupConfigurationDetail added in v1.15.0 

type OpenIdConnectGroupConfigurationDetail struct {

	// The token claim that you want Verified Permissions to interpret as group
	// membership. For example, groups .
	//
	// This member is required.
	GroupClaim *string

	// The policy store entity type that you want to map your users' group claim to.
	// For example, MyCorp::UserGroup . A group entity type is an entity that can have
	// a user entity type as a member.
	//
	// This member is required.
	GroupEntityType *string
	// contains filtered or unexported fields
}

The claim in OIDC identity provider tokens that indicates a user's group membership, and the entity type that you want to map it to. For example, this object can map the contents of a groups claim to MyCorp::UserGroup .

This data type is part of a OpenIdConnectConfigurationDetail structure, which is a parameter of GetIdentitySource.

type OpenIdConnectGroupConfigurationItem added in v1.15.0 

type OpenIdConnectGroupConfigurationItem struct {

	// The token claim that you want Verified Permissions to interpret as group
	// membership. For example, groups .
	//
	// This member is required.
	GroupClaim *string

	// The policy store entity type that you want to map your users' group claim to.
	// For example, MyCorp::UserGroup . A group entity type is an entity that can have
	// a user entity type as a member.
	//
	// This member is required.
	GroupEntityType *string
	// contains filtered or unexported fields
}

The claim in OIDC identity provider tokens that indicates a user's group membership, and the entity type that you want to map it to. For example, this object can map the contents of a groups claim to MyCorp::UserGroup .

This data type is part of a OpenIdConnectConfigurationItem structure, which is a parameter of ListIdentitySourcea.

type OpenIdConnectIdentityTokenConfiguration added in v1.15.0 

type OpenIdConnectIdentityTokenConfiguration struct {

	// The ID token audience, or client ID, claim values that you want to accept in
	// your policy store from an OIDC identity provider. For example,
	// 1example23456789, 2example10111213 .
	ClientIds []string

	// The claim that determines the principal in OIDC access tokens. For example, sub .
	PrincipalIdClaim *string
	// contains filtered or unexported fields
}

The configuration of an OpenID Connect (OIDC) identity source for handling identity (ID) token claims. Contains the claim that you want to identify as the principal in an authorization request, and the values of the aud claim, or audiences, that you want to accept.

This data type is part of a OpenIdConnectTokenSelection structure, which is a parameter of CreateIdentitySource.

type OpenIdConnectIdentityTokenConfigurationDetail added in v1.15.0 

type OpenIdConnectIdentityTokenConfigurationDetail struct {

	// The ID token audience, or client ID, claim values that you want to accept in
	// your policy store from an OIDC identity provider. For example,
	// 1example23456789, 2example10111213 .
	ClientIds []string

	// The claim that determines the principal in OIDC access tokens. For example, sub .
	PrincipalIdClaim *string
	// contains filtered or unexported fields
}

The configuration of an OpenID Connect (OIDC) identity source for handling identity (ID) token claims. Contains the claim that you want to identify as the principal in an authorization request, and the values of the aud claim, or audiences, that you want to accept.

This data type is part of a OpenIdConnectTokenSelectionDetail structure, which is a parameter of GetIdentitySource.

type OpenIdConnectIdentityTokenConfigurationItem added in v1.15.0 

type OpenIdConnectIdentityTokenConfigurationItem struct {

	// The ID token audience, or client ID, claim values that you want to accept in
	// your policy store from an OIDC identity provider. For example,
	// 1example23456789, 2example10111213 .
	ClientIds []string

	// The claim that determines the principal in OIDC access tokens. For example, sub .
	PrincipalIdClaim *string
	// contains filtered or unexported fields
}

The configuration of an OpenID Connect (OIDC) identity source for handling identity (ID) token claims. Contains the claim that you want to identify as the principal in an authorization request, and the values of the aud claim, or audiences, that you want to accept.

This data type is part of a OpenIdConnectTokenSelectionItem structure, which is a parameter of ListIdentitySources.

type OpenIdConnectTokenSelection added in v1.15.0 

type OpenIdConnectTokenSelection interface {
	// contains filtered or unexported methods
}

The token type that you want to process from your OIDC identity provider. Your policy store can process either identity (ID) or access tokens from a given OIDC identity source.

This data type is part of a OpenIdConnectConfiguration structure, which is a parameter of CreateIdentitySource.

The following types satisfy this interface: 

OpenIdConnectTokenSelectionMemberAccessTokenOnly
OpenIdConnectTokenSelectionMemberIdentityTokenOnly
Example (OutputUsage) 
package main

import (
	"fmt"
	"github.com/aws/aws-sdk-go-v2/service/verifiedpermissions/types"
)

func main() {
	var union types.OpenIdConnectTokenSelection
	// type switches can be used to check the union value
	switch v := union.(type) {
	case *types.OpenIdConnectTokenSelectionMemberAccessTokenOnly:
		_ = v.Value // Value is types.OpenIdConnectAccessTokenConfiguration

	case *types.OpenIdConnectTokenSelectionMemberIdentityTokenOnly:
		_ = v.Value // Value is types.OpenIdConnectIdentityTokenConfiguration

	case *types.UnknownUnionMember:
		fmt.Println("unknown tag:", v.Tag)

	default:
		fmt.Println("union is nil or unknown type")

	}
}

Output:

type OpenIdConnectTokenSelectionDetail added in v1.15.0 

type OpenIdConnectTokenSelectionDetail interface {
	// contains filtered or unexported methods
}

The token type that you want to process from your OIDC identity provider. Your policy store can process either identity (ID) or access tokens from a given OIDC identity source.

This data type is part of a OpenIdConnectConfigurationDetail structure, which is a parameter of GetIdentitySource.

The following types satisfy this interface: 

OpenIdConnectTokenSelectionDetailMemberAccessTokenOnly
OpenIdConnectTokenSelectionDetailMemberIdentityTokenOnly
Example (OutputUsage) 
package main

import (
	"fmt"
	"github.com/aws/aws-sdk-go-v2/service/verifiedpermissions/types"
)

func main() {
	var union types.OpenIdConnectTokenSelectionDetail
	// type switches can be used to check the union value
	switch v := union.(type) {
	case *types.OpenIdConnectTokenSelectionDetailMemberAccessTokenOnly:
		_ = v.Value // Value is types.OpenIdConnectAccessTokenConfigurationDetail

	case *types.OpenIdConnectTokenSelectionDetailMemberIdentityTokenOnly:
		_ = v.Value // Value is types.OpenIdConnectIdentityTokenConfigurationDetail

	case *types.UnknownUnionMember:
		fmt.Println("unknown tag:", v.Tag)

	default:
		fmt.Println("union is nil or unknown type")

	}
}

Output:

type OpenIdConnectTokenSelectionDetailMemberAccessTokenOnly added in v1.15.0 

type OpenIdConnectTokenSelectionDetailMemberAccessTokenOnly struct {
	Value OpenIdConnectAccessTokenConfigurationDetail
	// contains filtered or unexported fields
}

The OIDC configuration for processing access tokens. Contains allowed audience claims, for example https://auth.example.com , and the claim that you want to map to the principal, for example sub .

type OpenIdConnectTokenSelectionDetailMemberIdentityTokenOnly added in v1.15.0 

type OpenIdConnectTokenSelectionDetailMemberIdentityTokenOnly struct {
	Value OpenIdConnectIdentityTokenConfigurationDetail
	// contains filtered or unexported fields
}

The OIDC configuration for processing identity (ID) tokens. Contains allowed client ID claims, for example 1example23456789 , and the claim that you want to map to the principal, for example sub .

type OpenIdConnectTokenSelectionItem added in v1.15.0 

type OpenIdConnectTokenSelectionItem interface {
	// contains filtered or unexported methods
}

The token type that you want to process from your OIDC identity provider. Your policy store can process either identity (ID) or access tokens from a given OIDC identity source.

This data type is part of a OpenIdConnectConfigurationItem structure, which is a parameter of ListIdentitySources.

The following types satisfy this interface: 

OpenIdConnectTokenSelectionItemMemberAccessTokenOnly
OpenIdConnectTokenSelectionItemMemberIdentityTokenOnly
Example (OutputUsage) 
package main

import (
	"fmt"
	"github.com/aws/aws-sdk-go-v2/service/verifiedpermissions/types"
)

func main() {
	var union types.OpenIdConnectTokenSelectionItem
	// type switches can be used to check the union value
	switch v := union.(type) {
	case *types.OpenIdConnectTokenSelectionItemMemberAccessTokenOnly:
		_ = v.Value // Value is types.OpenIdConnectAccessTokenConfigurationItem

	case *types.OpenIdConnectTokenSelectionItemMemberIdentityTokenOnly:
		_ = v.Value // Value is types.OpenIdConnectIdentityTokenConfigurationItem

	case *types.UnknownUnionMember:
		fmt.Println("unknown tag:", v.Tag)

	default:
		fmt.Println("union is nil or unknown type")

	}
}

Output:

type OpenIdConnectTokenSelectionItemMemberAccessTokenOnly added in v1.15.0 

type OpenIdConnectTokenSelectionItemMemberAccessTokenOnly struct {
	Value OpenIdConnectAccessTokenConfigurationItem
	// contains filtered or unexported fields
}

The OIDC configuration for processing access tokens. Contains allowed audience claims, for example https://auth.example.com , and the claim that you want to map to the principal, for example sub .

type OpenIdConnectTokenSelectionItemMemberIdentityTokenOnly added in v1.15.0 

type OpenIdConnectTokenSelectionItemMemberIdentityTokenOnly struct {
	Value OpenIdConnectIdentityTokenConfigurationItem
	// contains filtered or unexported fields
}

The OIDC configuration for processing identity (ID) tokens. Contains allowed client ID claims, for example 1example23456789 , and the claim that you want to map to the principal, for example sub .

type OpenIdConnectTokenSelectionMemberAccessTokenOnly added in v1.15.0 

type OpenIdConnectTokenSelectionMemberAccessTokenOnly struct {
	Value OpenIdConnectAccessTokenConfiguration
	// contains filtered or unexported fields
}

The OIDC configuration for processing access tokens. Contains allowed audience claims, for example https://auth.example.com , and the claim that you want to map to the principal, for example sub .

type OpenIdConnectTokenSelectionMemberIdentityTokenOnly added in v1.15.0 

type OpenIdConnectTokenSelectionMemberIdentityTokenOnly struct {
	Value OpenIdConnectIdentityTokenConfiguration
	// contains filtered or unexported fields
}

The OIDC configuration for processing identity (ID) tokens. Contains allowed client ID claims, for example 1example23456789 , and the claim that you want to map to the principal, for example sub .

type OpenIdIssuer 

type OpenIdIssuer string
const (
	OpenIdIssuerCognito OpenIdIssuer = "COGNITO"
)

Enum values for OpenIdIssuer

func (OpenIdIssuer) Values 

func (OpenIdIssuer) Values() []OpenIdIssuer

Values returns all known values for OpenIdIssuer. Note that this can be expanded in the future, and so it is only as up to date as the client.

The ordering of this slice is not guaranteed to be stable across updates.

type PolicyDefinition 

type PolicyDefinition interface {
	// contains filtered or unexported methods
}

A structure that contains the details for a Cedar policy definition. It includes the policy type, a description, and a policy body. This is a top level data type used to create a policy.

This data type is used as a request parameter for the CreatePolicy operation. This structure must always have either an static or a templateLinked element.

The following types satisfy this interface: 

PolicyDefinitionMemberStatic
PolicyDefinitionMemberTemplateLinked
Example (OutputUsage) 
package main

import (
	"fmt"
	"github.com/aws/aws-sdk-go-v2/service/verifiedpermissions/types"
)

func main() {
	var union types.PolicyDefinition
	// type switches can be used to check the union value
	switch v := union.(type) {
	case *types.PolicyDefinitionMemberStatic:
		_ = v.Value // Value is types.StaticPolicyDefinition

	case *types.PolicyDefinitionMemberTemplateLinked:
		_ = v.Value // Value is types.TemplateLinkedPolicyDefinition

	case *types.UnknownUnionMember:
		fmt.Println("unknown tag:", v.Tag)

	default:
		fmt.Println("union is nil or unknown type")

	}
}

Output:

type PolicyDefinitionDetail 

type PolicyDefinitionDetail interface {
	// contains filtered or unexported methods
}

A structure that describes a policy definition. It must always have either an static or a templateLinked element.

This data type is used as a response parameter for the GetPolicy operation.

The following types satisfy this interface: 

PolicyDefinitionDetailMemberStatic
PolicyDefinitionDetailMemberTemplateLinked
Example (OutputUsage) 
package main

import (
	"fmt"
	"github.com/aws/aws-sdk-go-v2/service/verifiedpermissions/types"
)

func main() {
	var union types.PolicyDefinitionDetail
	// type switches can be used to check the union value
	switch v := union.(type) {
	case *types.PolicyDefinitionDetailMemberStatic:
		_ = v.Value // Value is types.StaticPolicyDefinitionDetail

	case *types.PolicyDefinitionDetailMemberTemplateLinked:
		_ = v.Value // Value is types.TemplateLinkedPolicyDefinitionDetail

	case *types.UnknownUnionMember:
		fmt.Println("unknown tag:", v.Tag)

	default:
		fmt.Println("union is nil or unknown type")

	}
}

Output:

type PolicyDefinitionDetailMemberStatic 

type PolicyDefinitionDetailMemberStatic struct {
	Value StaticPolicyDefinitionDetail
	// contains filtered or unexported fields
}

Information about a static policy that wasn't created with a policy template.

type PolicyDefinitionDetailMemberTemplateLinked 

type PolicyDefinitionDetailMemberTemplateLinked struct {
	Value TemplateLinkedPolicyDefinitionDetail
	// contains filtered or unexported fields
}

Information about a template-linked policy that was created by instantiating a policy template.

type PolicyDefinitionItem 

type PolicyDefinitionItem interface {
	// contains filtered or unexported methods
}

A structure that describes a PolicyDefinintion. It will always have either an StaticPolicy or a TemplateLinkedPolicy element.

This data type is used as a response parameter for the CreatePolicy and ListPolicies operations.

The following types satisfy this interface: 

PolicyDefinitionItemMemberStatic
PolicyDefinitionItemMemberTemplateLinked
Example (OutputUsage) 
package main

import (
	"fmt"
	"github.com/aws/aws-sdk-go-v2/service/verifiedpermissions/types"
)

func main() {
	var union types.PolicyDefinitionItem
	// type switches can be used to check the union value
	switch v := union.(type) {
	case *types.PolicyDefinitionItemMemberStatic:
		_ = v.Value // Value is types.StaticPolicyDefinitionItem

	case *types.PolicyDefinitionItemMemberTemplateLinked:
		_ = v.Value // Value is types.TemplateLinkedPolicyDefinitionItem

	case *types.UnknownUnionMember:
		fmt.Println("unknown tag:", v.Tag)

	default:
		fmt.Println("union is nil or unknown type")

	}
}

Output:

type PolicyDefinitionItemMemberStatic 

type PolicyDefinitionItemMemberStatic struct {
	Value StaticPolicyDefinitionItem
	// contains filtered or unexported fields
}

Information about a static policy that wasn't created with a policy template.

type PolicyDefinitionItemMemberTemplateLinked 

type PolicyDefinitionItemMemberTemplateLinked struct {
	Value TemplateLinkedPolicyDefinitionItem
	// contains filtered or unexported fields
}

Information about a template-linked policy that was created by instantiating a policy template.

type PolicyDefinitionMemberStatic 

type PolicyDefinitionMemberStatic struct {
	Value StaticPolicyDefinition
	// contains filtered or unexported fields
}

A structure that describes a static policy. An static policy doesn't use a template or allow placeholders for entities.

type PolicyDefinitionMemberTemplateLinked 

type PolicyDefinitionMemberTemplateLinked struct {
	Value TemplateLinkedPolicyDefinition
	// contains filtered or unexported fields
}

A structure that describes a policy that was instantiated from a template. The template can specify placeholders for principal and resource . When you use CreatePolicy to create a policy from a template, you specify the exact principal and resource to use for the instantiated policy.

type PolicyEffect added in v1.14.0 

type PolicyEffect string
const (
	PolicyEffectPermit PolicyEffect = "Permit"
	PolicyEffectForbid PolicyEffect = "Forbid"
)

Enum values for PolicyEffect

func (PolicyEffect) Values added in v1.14.0 

func (PolicyEffect) Values() []PolicyEffect

Values returns all known values for PolicyEffect. Note that this can be expanded in the future, and so it is only as up to date as the client.

The ordering of this slice is not guaranteed to be stable across updates.

type PolicyFilter 

type PolicyFilter struct {

	// Filters the output to only template-linked policies that were instantiated from
	// the specified policy template.
	PolicyTemplateId *string

	// Filters the output to only policies of the specified type.
	PolicyType PolicyType

	// Filters the output to only policies that reference the specified principal.
	Principal EntityReference

	// Filters the output to only policies that reference the specified resource.
	Resource EntityReference
	// contains filtered or unexported fields
}

Contains information about a filter to refine policies returned in a query.

This data type is used as a response parameter for the ListPolicies operation.

type PolicyItem 

type PolicyItem struct {

	// The date and time the policy was created.
	//
	// This member is required.
	CreatedDate *time.Time

	// The policy definition of an item in the list of policies returned.
	//
	// This member is required.
	Definition PolicyDefinitionItem

	// The date and time the policy was most recently updated.
	//
	// This member is required.
	LastUpdatedDate *time.Time

	// The identifier of the policy you want information about.
	//
	// This member is required.
	PolicyId *string

	// The identifier of the policy store where the policy you want information about
	// is stored.
	//
	// This member is required.
	PolicyStoreId *string

	// The type of the policy. This is one of the following values:
	//
	//   - STATIC
	//
	//   - TEMPLATE_LINKED
	//
	// This member is required.
	PolicyType PolicyType

	// The action that a policy permits or forbids. For example, {"actions":
	// [{"actionId": "ViewPhoto", "actionType": "PhotoFlash::Action"}, {"entityID":
	// "SharePhoto", "entityType": "PhotoFlash::Action"}]} .
	Actions []ActionIdentifier

	// The effect of the decision that a policy returns to an authorization request.
	// For example, "effect": "Permit" .
	Effect PolicyEffect

	// The principal associated with the policy.
	Principal *EntityIdentifier

	// The resource associated with the policy.
	Resource *EntityIdentifier
	// contains filtered or unexported fields
}

Contains information about a policy.

This data type is used as a response parameter for the ListPolicies operation.

type PolicyStoreItem 

type PolicyStoreItem struct {

	// The Amazon Resource Name (ARN) of the policy store.
	//
	// This member is required.
	Arn *string

	// The date and time the policy was created.
	//
	// This member is required.
	CreatedDate *time.Time

	// The unique identifier of the policy store.
	//
	// This member is required.
	PolicyStoreId *string

	// Descriptive text that you can provide to help with identification of the
	// current policy store.
	Description *string

	// The date and time the policy store was most recently updated.
	LastUpdatedDate *time.Time
	// contains filtered or unexported fields
}

Contains information about a policy store.

This data type is used as a response parameter for the ListPolicyStores operation.

type PolicyTemplateItem 

type PolicyTemplateItem struct {

	// The date and time that the policy template was created.
	//
	// This member is required.
	CreatedDate *time.Time

	// The date and time that the policy template was most recently updated.
	//
	// This member is required.
	LastUpdatedDate *time.Time

	// The unique identifier of the policy store that contains the template.
	//
	// This member is required.
	PolicyStoreId *string

	// The unique identifier of the policy template.
	//
	// This member is required.
	PolicyTemplateId *string

	// The description attached to the policy template.
	Description *string
	// contains filtered or unexported fields
}

Contains details about a policy template

This data type is used as a response parameter for the ListPolicyTemplates operation.

type PolicyType 

type PolicyType string
const (
	PolicyTypeStatic         PolicyType = "STATIC"
	PolicyTypeTemplateLinked PolicyType = "TEMPLATE_LINKED"
)

Enum values for PolicyType

func (PolicyType) Values 

func (PolicyType) Values() []PolicyType

Values returns all known values for PolicyType. Note that this can be expanded in the future, and so it is only as up to date as the client.

The ordering of this slice is not guaranteed to be stable across updates.

type ResourceConflict 

type ResourceConflict struct {

	// The unique identifier of the resource involved in a conflict.
	//
	// This member is required.
	ResourceId *string

	// The type of the resource involved in a conflict.
	//
	// This member is required.
	ResourceType ResourceType
	// contains filtered or unexported fields
}

Contains information about a resource conflict.

type ResourceNotFoundException 

type ResourceNotFoundException struct {
	Message *string

	ErrorCodeOverride *string

	ResourceId   *string
	ResourceType ResourceType
	// contains filtered or unexported fields
}

The request failed because it references a resource that doesn't exist.

func (*ResourceNotFoundException) Error 

func (e *ResourceNotFoundException) Error() string

func (*ResourceNotFoundException) ErrorCode 

func (e *ResourceNotFoundException) ErrorCode() string

func (*ResourceNotFoundException) ErrorFault 

func (e *ResourceNotFoundException) ErrorFault() smithy.ErrorFault

func (*ResourceNotFoundException) ErrorMessage 

func (e *ResourceNotFoundException) ErrorMessage() string

type ResourceType 

type ResourceType string
const (
	ResourceTypeIdentitySource ResourceType = "IDENTITY_SOURCE"
	ResourceTypePolicyStore    ResourceType = "POLICY_STORE"
	ResourceTypePolicy         ResourceType = "POLICY"
	ResourceTypePolicyTemplate ResourceType = "POLICY_TEMPLATE"
	ResourceTypeSchema         ResourceType = "SCHEMA"
)

Enum values for ResourceType

func (ResourceType) Values 

func (ResourceType) Values() []ResourceType

Values returns all known values for ResourceType. Note that this can be expanded in the future, and so it is only as up to date as the client.

The ordering of this slice is not guaranteed to be stable across updates.

type SchemaDefinition 

type SchemaDefinition interface {
	// contains filtered or unexported methods
}

Contains a list of principal types, resource types, and actions that can be specified in policies stored in the same policy store. If the validation mode for the policy store is set to STRICT , then policies that can't be validated by this schema are rejected by Verified Permissions and can't be stored in the policy store.

The following types satisfy this interface: 

SchemaDefinitionMemberCedarJson
Example (OutputUsage) 
package main

import (
	"fmt"
	"github.com/aws/aws-sdk-go-v2/service/verifiedpermissions/types"
)

func main() {
	var union types.SchemaDefinition
	// type switches can be used to check the union value
	switch v := union.(type) {
	case *types.SchemaDefinitionMemberCedarJson:
		_ = v.Value // Value is string

	case *types.UnknownUnionMember:
		fmt.Println("unknown tag:", v.Tag)

	default:
		fmt.Println("union is nil or unknown type")

	}
}

Output:

type SchemaDefinitionMemberCedarJson 

type SchemaDefinitionMemberCedarJson struct {
	Value string
	// contains filtered or unexported fields
}

A JSON string representation of the schema supported by applications that use this policy store. To delete the schema, run PutSchemawith {} for this parameter. For more information, see Policy store schemain the Amazon Verified Permissions User Guide.

type ServiceQuotaExceededException 

type ServiceQuotaExceededException struct {
	Message *string

	ErrorCodeOverride *string

	ResourceId   *string
	ResourceType ResourceType
	ServiceCode  *string
	QuotaCode    *string
	// contains filtered or unexported fields
}

The request failed because it would cause a service quota to be exceeded.

func (*ServiceQuotaExceededException) Error 

func (e *ServiceQuotaExceededException) Error() string

func (*ServiceQuotaExceededException) ErrorCode 

func (e *ServiceQuotaExceededException) ErrorCode() string

func (*ServiceQuotaExceededException) ErrorFault 

func (e *ServiceQuotaExceededException) ErrorFault() smithy.ErrorFault

func (*ServiceQuotaExceededException) ErrorMessage 

func (e *ServiceQuotaExceededException) ErrorMessage() string

type StaticPolicyDefinition 

type StaticPolicyDefinition struct {

	// The policy content of the static policy, written in the Cedar policy language.
	//
	// This member is required.
	Statement *string

	// The description of the static policy.
	Description *string
	// contains filtered or unexported fields
}

Contains information about a static policy.

This data type is used as a field that is part of the PolicyDefinitionDetail type.

type StaticPolicyDefinitionDetail 

type StaticPolicyDefinitionDetail struct {

	// The content of the static policy written in the Cedar policy language.
	//
	// This member is required.
	Statement *string

	// A description of the static policy.
	Description *string
	// contains filtered or unexported fields
}

A structure that contains details about a static policy. It includes the description and policy body.

This data type is used within a PolicyDefinition structure as part of a request parameter for the CreatePolicyoperation.

type StaticPolicyDefinitionItem 

type StaticPolicyDefinitionItem struct {

	// A description of the static policy.
	Description *string
	// contains filtered or unexported fields
}

A structure that contains details about a static policy. It includes the description and policy statement.

This data type is used within a PolicyDefinition structure as part of a request parameter for the CreatePolicyoperation.

type TemplateLinkedPolicyDefinition 

type TemplateLinkedPolicyDefinition struct {

	// The unique identifier of the policy template used to create this policy.
	//
	// This member is required.
	PolicyTemplateId *string

	// The principal associated with this template-linked policy. Verified Permissions
	// substitutes this principal for the ?principal placeholder in the policy
	// template when it evaluates an authorization request.
	Principal *EntityIdentifier

	// The resource associated with this template-linked policy. Verified Permissions
	// substitutes this resource for the ?resource placeholder in the policy template
	// when it evaluates an authorization request.
	Resource *EntityIdentifier
	// contains filtered or unexported fields
}

Contains information about a policy created by instantiating a policy template.

type TemplateLinkedPolicyDefinitionDetail 

type TemplateLinkedPolicyDefinitionDetail struct {

	// The unique identifier of the policy template used to create this policy.
	//
	// This member is required.
	PolicyTemplateId *string

	// The principal associated with this template-linked policy. Verified Permissions
	// substitutes this principal for the ?principal placeholder in the policy
	// template when it evaluates an authorization request.
	Principal *EntityIdentifier

	// The resource associated with this template-linked policy. Verified Permissions
	// substitutes this resource for the ?resource placeholder in the policy template
	// when it evaluates an authorization request.
	Resource *EntityIdentifier
	// contains filtered or unexported fields
}

Contains information about a policy that was created by instantiating a policy template.

type TemplateLinkedPolicyDefinitionItem 

type TemplateLinkedPolicyDefinitionItem struct {

	// The unique identifier of the policy template used to create this policy.
	//
	// This member is required.
	PolicyTemplateId *string

	// The principal associated with this template-linked policy. Verified Permissions
	// substitutes this principal for the ?principal placeholder in the policy
	// template when it evaluates an authorization request.
	Principal *EntityIdentifier

	// The resource associated with this template-linked policy. Verified Permissions
	// substitutes this resource for the ?resource placeholder in the policy template
	// when it evaluates an authorization request.
	Resource *EntityIdentifier
	// contains filtered or unexported fields
}

Contains information about a policy created by instantiating a policy template.

This

type ThrottlingException 

type ThrottlingException struct {
	Message *string

	ErrorCodeOverride *string

	ServiceCode *string
	QuotaCode   *string
	// contains filtered or unexported fields
}

The request failed because it exceeded a throttling quota.

func (*ThrottlingException) Error 

func (e *ThrottlingException) Error() string

func (*ThrottlingException) ErrorCode 

func (e *ThrottlingException) ErrorCode() string

func (*ThrottlingException) ErrorFault 

func (e *ThrottlingException) ErrorFault() smithy.ErrorFault

func (*ThrottlingException) ErrorMessage 

func (e *ThrottlingException) ErrorMessage() string

type UnknownUnionMember 

type UnknownUnionMember struct {
	Tag   string
	Value []byte
	// contains filtered or unexported fields
}

UnknownUnionMember is returned when a union member is returned over the wire, but has an unknown tag.

type UpdateCognitoGroupConfiguration added in v1.12.0 

type UpdateCognitoGroupConfiguration struct {

	// The name of the schema entity type that's mapped to the user pool group.
	// Defaults to AWS::CognitoGroup .
	//
	// This member is required.
	GroupEntityType *string
	// contains filtered or unexported fields
}

The user group entities from an Amazon Cognito user pool identity source.

type UpdateCognitoUserPoolConfiguration 

type UpdateCognitoUserPoolConfiguration struct {

	// The [Amazon Resource Name (ARN)] of the Amazon Cognito user pool associated with this identity source.
	//
	// [Amazon Resource Name (ARN)]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html
	//
	// This member is required.
	UserPoolArn *string

	// The client ID of an app client that is configured for the specified Amazon
	// Cognito user pool.
	ClientIds []string

	// The configuration of the user groups from an Amazon Cognito user pool identity
	// source.
	GroupConfiguration *UpdateCognitoGroupConfiguration
	// contains filtered or unexported fields
}

Contains configuration details of a Amazon Cognito user pool for use with an identity source.

type UpdateConfiguration 

type UpdateConfiguration interface {
	// contains filtered or unexported methods
}

Contains an update to replace the configuration in an existing identity source.

The following types satisfy this interface: 

UpdateConfigurationMemberCognitoUserPoolConfiguration
UpdateConfigurationMemberOpenIdConnectConfiguration
Example (OutputUsage) 
package main

import (
	"fmt"
	"github.com/aws/aws-sdk-go-v2/service/verifiedpermissions/types"
)

func main() {
	var union types.UpdateConfiguration
	// type switches can be used to check the union value
	switch v := union.(type) {
	case *types.UpdateConfigurationMemberCognitoUserPoolConfiguration:
		_ = v.Value // Value is types.UpdateCognitoUserPoolConfiguration

	case *types.UpdateConfigurationMemberOpenIdConnectConfiguration:
		_ = v.Value // Value is types.UpdateOpenIdConnectConfiguration

	case *types.UnknownUnionMember:
		fmt.Println("unknown tag:", v.Tag)

	default:
		fmt.Println("union is nil or unknown type")

	}
}

Output:

type UpdateConfigurationMemberCognitoUserPoolConfiguration 

type UpdateConfigurationMemberCognitoUserPoolConfiguration struct {
	Value UpdateCognitoUserPoolConfiguration
	// contains filtered or unexported fields
}

Contains configuration details of a Amazon Cognito user pool.

type UpdateConfigurationMemberOpenIdConnectConfiguration added in v1.15.0 

type UpdateConfigurationMemberOpenIdConnectConfiguration struct {
	Value UpdateOpenIdConnectConfiguration
	// contains filtered or unexported fields
}

Contains configuration details of an OpenID Connect (OIDC) identity provider, or identity source, that Verified Permissions can use to generate entities from authenticated identities. It specifies the issuer URL, token type that you want to use, and policy store entity details.

type UpdateOpenIdConnectAccessTokenConfiguration added in v1.15.0 

type UpdateOpenIdConnectAccessTokenConfiguration struct {

	// The access token aud claim values that you want to accept in your policy store.
	// For example, https://myapp.example.com, https://myapp2.example.com .
	Audiences []string

	// The claim that determines the principal in OIDC access tokens. For example, sub .
	PrincipalIdClaim *string
	// contains filtered or unexported fields
}

The configuration of an OpenID Connect (OIDC) identity source for handling access token claims. Contains the claim that you want to identify as the principal in an authorization request, and the values of the aud claim, or audiences, that you want to accept.

This data type is part of a UpdateOpenIdConnectTokenSelection structure, which is a parameter to UpdateIdentitySource.

type UpdateOpenIdConnectConfiguration added in v1.15.0 

type UpdateOpenIdConnectConfiguration struct {

	// The issuer URL of an OIDC identity provider. This URL must have an OIDC
	// discovery endpoint at the path .well-known/openid-configuration .
	//
	// This member is required.
	Issuer *string

	// The token type that you want to process from your OIDC identity provider. Your
	// policy store can process either identity (ID) or access tokens from a given OIDC
	// identity source.
	//
	// This member is required.
	TokenSelection UpdateOpenIdConnectTokenSelection

	// A descriptive string that you want to prefix to user entities from your OIDC
	// identity provider. For example, if you set an entityIdPrefix of MyOIDCProvider ,
	// you can reference principals in your policies in the format
	// MyCorp::User::MyOIDCProvider|Carlos .
	EntityIdPrefix *string

	// The claim in OIDC identity provider tokens that indicates a user's group
	// membership, and the entity type that you want to map it to. For example, this
	// object can map the contents of a groups claim to MyCorp::UserGroup .
	GroupConfiguration *UpdateOpenIdConnectGroupConfiguration
	// contains filtered or unexported fields
}

Contains configuration details of an OpenID Connect (OIDC) identity provider, or identity source, that Verified Permissions can use to generate entities from authenticated identities. It specifies the issuer URL, token type that you want to use, and policy store entity details.

This data type is part of a UpdateConfiguration structure, which is a parameter to UpdateIdentitySource.

type UpdateOpenIdConnectGroupConfiguration added in v1.15.0 

type UpdateOpenIdConnectGroupConfiguration struct {

	// The token claim that you want Verified Permissions to interpret as group
	// membership. For example, groups .
	//
	// This member is required.
	GroupClaim *string

	// The policy store entity type that you want to map your users' group claim to.
	// For example, MyCorp::UserGroup . A group entity type is an entity that can have
	// a user entity type as a member.
	//
	// This member is required.
	GroupEntityType *string
	// contains filtered or unexported fields
}

The claim in OIDC identity provider tokens that indicates a user's group membership, and the entity type that you want to map it to. For example, this object can map the contents of a groups claim to MyCorp::UserGroup .

This data type is part of a UpdateOpenIdConnectConfiguration structure, which is a parameter to UpdateIdentitySource.

type UpdateOpenIdConnectIdentityTokenConfiguration added in v1.15.0 

type UpdateOpenIdConnectIdentityTokenConfiguration struct {

	// The ID token audience, or client ID, claim values that you want to accept in
	// your policy store from an OIDC identity provider. For example,
	// 1example23456789, 2example10111213 .
	ClientIds []string

	// The claim that determines the principal in OIDC access tokens. For example, sub .
	PrincipalIdClaim *string
	// contains filtered or unexported fields
}

The configuration of an OpenID Connect (OIDC) identity source for handling identity (ID) token claims. Contains the claim that you want to identify as the principal in an authorization request, and the values of the aud claim, or audiences, that you want to accept.

This data type is part of a UpdateOpenIdConnectTokenSelection structure, which is a parameter to UpdateIdentitySource.

type UpdateOpenIdConnectTokenSelection added in v1.15.0 

type UpdateOpenIdConnectTokenSelection interface {
	// contains filtered or unexported methods
}

The token type that you want to process from your OIDC identity provider. Your policy store can process either identity (ID) or access tokens from a given OIDC identity source.

This data type is part of a UpdateOpenIdConnectConfiguration structure, which is a parameter to UpdateIdentitySource.

The following types satisfy this interface: 

UpdateOpenIdConnectTokenSelectionMemberAccessTokenOnly
UpdateOpenIdConnectTokenSelectionMemberIdentityTokenOnly
Example (OutputUsage) 
package main

import (
	"fmt"
	"github.com/aws/aws-sdk-go-v2/service/verifiedpermissions/types"
)

func main() {
	var union types.UpdateOpenIdConnectTokenSelection
	// type switches can be used to check the union value
	switch v := union.(type) {
	case *types.UpdateOpenIdConnectTokenSelectionMemberAccessTokenOnly:
		_ = v.Value // Value is types.UpdateOpenIdConnectAccessTokenConfiguration

	case *types.UpdateOpenIdConnectTokenSelectionMemberIdentityTokenOnly:
		_ = v.Value // Value is types.UpdateOpenIdConnectIdentityTokenConfiguration

	case *types.UnknownUnionMember:
		fmt.Println("unknown tag:", v.Tag)

	default:
		fmt.Println("union is nil or unknown type")

	}
}

Output:

type UpdateOpenIdConnectTokenSelectionMemberAccessTokenOnly added in v1.15.0 

type UpdateOpenIdConnectTokenSelectionMemberAccessTokenOnly struct {
	Value UpdateOpenIdConnectAccessTokenConfiguration
	// contains filtered or unexported fields
}

The OIDC configuration for processing access tokens. Contains allowed audience claims, for example https://auth.example.com , and the claim that you want to map to the principal, for example sub .

type UpdateOpenIdConnectTokenSelectionMemberIdentityTokenOnly added in v1.15.0 

type UpdateOpenIdConnectTokenSelectionMemberIdentityTokenOnly struct {
	Value UpdateOpenIdConnectIdentityTokenConfiguration
	// contains filtered or unexported fields
}

The OIDC configuration for processing identity (ID) tokens. Contains allowed client ID claims, for example 1example23456789 , and the claim that you want to map to the principal, for example sub .

type UpdatePolicyDefinition 

type UpdatePolicyDefinition interface {
	// contains filtered or unexported methods
}

Contains information about updates to be applied to a policy.

This data type is used as a request parameter in the UpdatePolicy operation.

The following types satisfy this interface: 

UpdatePolicyDefinitionMemberStatic
Example (OutputUsage) 
package main

import (
	"fmt"
	"github.com/aws/aws-sdk-go-v2/service/verifiedpermissions/types"
)

func main() {
	var union types.UpdatePolicyDefinition
	// type switches can be used to check the union value
	switch v := union.(type) {
	case *types.UpdatePolicyDefinitionMemberStatic:
		_ = v.Value // Value is types.UpdateStaticPolicyDefinition

	case *types.UnknownUnionMember:
		fmt.Println("unknown tag:", v.Tag)

	default:
		fmt.Println("union is nil or unknown type")

	}
}

Output:

type UpdatePolicyDefinitionMemberStatic 

type UpdatePolicyDefinitionMemberStatic struct {
	Value UpdateStaticPolicyDefinition
	// contains filtered or unexported fields
}

Contains details about the updates to be applied to a static policy.

type UpdateStaticPolicyDefinition 

type UpdateStaticPolicyDefinition struct {

	// Specifies the Cedar policy language text to be added to or replaced on the
	// static policy.
	//
	// You can change only the following elements from the original content:
	//
	//   - The action referenced by the policy.
	//
	//   - Any conditional clauses, such as when or unless clauses.
	//
	// You can't change the following elements:
	//
	//   - Changing from StaticPolicy to TemplateLinkedPolicy .
	//
	//   - The effect ( permit or forbid ) of the policy.
	//
	//   - The principal referenced by the policy.
	//
	//   - The resource referenced by the policy.
	//
	// This member is required.
	Statement *string

	// Specifies the description to be added to or replaced on the static policy.
	Description *string
	// contains filtered or unexported fields
}

Contains information about an update to a static policy.

type ValidationException 

type ValidationException struct {
	Message *string

	ErrorCodeOverride *string

	FieldList []ValidationExceptionField
	// contains filtered or unexported fields
}

The request failed because one or more input parameters don't satisfy their constraint requirements. The output is provided as a list of fields and a reason for each field that isn't valid.

The possible reasons include the following:

  • UnrecognizedEntityType

The policy includes an entity type that isn't found in the schema.

  • UnrecognizedActionId

The policy includes an action id that isn't found in the schema.

  • InvalidActionApplication

The policy includes an action that, according to the schema, doesn't support 

the specified principal and resource.

- UnexpectedType

The policy included an operand that isn't a valid type for the specified 

operation.

- IncompatibleTypes

The types of elements included in a set , or the types of expressions used in an 

if...then...else clause aren't compatible in this context.

- MissingAttribute

The policy attempts to access a record or entity attribute that isn't specified 

in the schema. Test for the existence of the attribute first before attempting
to access its value. For more information, see the [has (presence of attribute test) operator]in the Cedar Policy
Language Guide.

- UnsafeOptionalAttributeAccess

The policy attempts to access a record or entity attribute that is optional and 

isn't guaranteed to be present. Test for the existence of the attribute first
before attempting to access its value. For more information, see the [has (presence of attribute test) operator]in the
Cedar Policy Language Guide.

- ImpossiblePolicy

Cedar has determined that a policy condition always evaluates to false. If the 

policy is always false, it can never apply to any query, and so it can never
affect an authorization decision.

- WrongNumberArguments

The policy references an extension type with the wrong number of arguments.

  • FunctionArgumentValidationError

Cedar couldn't parse the argument passed to an extension type. For example, a 

string that is to be parsed as an IPv4 address can contain only digits and the
period character.

func (*ValidationException) Error 

func (e *ValidationException) Error() string

func (*ValidationException) ErrorCode 

func (e *ValidationException) ErrorCode() string

func (*ValidationException) ErrorFault 

func (e *ValidationException) ErrorFault() smithy.ErrorFault

func (*ValidationException) ErrorMessage 

func (e *ValidationException) ErrorMessage() string

type ValidationExceptionField 

type ValidationExceptionField struct {

	// Describes the policy validation error.
	//
	// This member is required.
	Message *string

	// The path to the specific element that Verified Permissions found to be not
	// valid.
	//
	// This member is required.
	Path *string
	// contains filtered or unexported fields
}

Details about a field that failed policy validation.

type ValidationMode 

type ValidationMode string
const (
	ValidationModeOff    ValidationMode = "OFF"
	ValidationModeStrict ValidationMode = "STRICT"
)

Enum values for ValidationMode

func (ValidationMode) Values 

func (ValidationMode) Values() []ValidationMode

Values returns all known values for ValidationMode. Note that this can be expanded in the future, and so it is only as up to date as the client.

The ordering of this slice is not guaranteed to be stable across updates.

type ValidationSettings 

type ValidationSettings struct {

	// The validation mode currently configured for this policy store. The valid
	// values are:
	//
	//   - OFF – Neither Verified Permissions nor Cedar perform any validation on
	//   policies. No validation errors are reported by either service.
	//
	//   - STRICT – Requires a schema to be present in the policy store. Cedar
	//   performs validation on all submitted new or updated static policies and policy
	//   templates. Any that fail validation are rejected and Cedar doesn't store them in
	//   the policy store.
	//
	// If Mode=STRICT and the policy store doesn't contain a schema, Verified
	// Permissions rejects all static policies and policy templates because there is no
	// schema to validate against.
	//
	// To submit a static policy or policy template without a schema, you must turn
	// off validation.
	//
	// This member is required.
	Mode ValidationMode
	// contains filtered or unexported fields
}

A structure that contains Cedar policy validation settings for the policy store. The validation mode determines which validation failures that Cedar considers serious enough to block acceptance of a new or edited static policy or policy template.

This data type is used as a request parameter in the CreatePolicyStore and UpdatePolicyStore operations.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.