api.go

// Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT.

package verifiedpermissions

import (
	"fmt"
	"time"

	"github.com/aws/aws-sdk-go/aws"
	"github.com/aws/aws-sdk-go/aws/awsutil"
	"github.com/aws/aws-sdk-go/aws/request"
	"github.com/aws/aws-sdk-go/private/protocol"
	"github.com/aws/aws-sdk-go/private/protocol/jsonrpc"
)

const opBatchIsAuthorized = "BatchIsAuthorized"

// BatchIsAuthorizedRequest generates a "aws/request.Request" representing the
// client's request for the BatchIsAuthorized operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See BatchIsAuthorized for more information on using the BatchIsAuthorized
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//	// Example sending a request using the BatchIsAuthorizedRequest method.
//	req, resp := client.BatchIsAuthorizedRequest(params)
//
//	err := req.Send()
//	if err == nil { // resp is now filled
//	    fmt.Println(resp)
//	}
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/BatchIsAuthorized
func (c *VerifiedPermissions) BatchIsAuthorizedRequest(input *BatchIsAuthorizedInput) (req *request.Request, output *BatchIsAuthorizedOutput) {
	op := &request.Operation{
		Name:       opBatchIsAuthorized,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &BatchIsAuthorizedInput{}
	}

	output = &BatchIsAuthorizedOutput{}
	req = c.newRequest(op, input, output)
	return
}

// BatchIsAuthorized API operation for Amazon Verified Permissions.
//
// Makes a series of decisions about multiple authorization requests for one
// principal or resource. Each request contains the equivalent content of an
// IsAuthorized request: principal, action, resource, and context. Either the
// principal or the resource parameter must be identical across all requests.
// For example, Verified Permissions won't evaluate a pair of requests where
// bob views photo1 and alice views photo2. Authorization of bob to view photo1
// and photo2, or bob and alice to view photo1, are valid batches.
//
// The request is evaluated against all policies in the specified policy store
// that match the entities that you declare. The result of the decisions is
// a series of Allow or Deny responses, along with the IDs of the policies that
// produced each decision.
//
// The entities of a BatchIsAuthorized API request can contain up to 100 principals
// and up to 100 resources. The requests of a BatchIsAuthorized API request
// can contain up to 30 requests.
//
// The BatchIsAuthorized operation doesn't have its own IAM permission. To authorize
// this operation for Amazon Web Services principals, include the permission
// verifiedpermissions:IsAuthorized in their IAM policies.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for Amazon Verified Permissions's
// API operation BatchIsAuthorized for usage and error information.
//
// Returned Error Types:
//
//   - ValidationException
//     The request failed because one or more input parameters don't satisfy their
//     constraint requirements. The output is provided as a list of fields and a
//     reason for each field that isn't valid.
//
//     The possible reasons include the following:
//
//   - UnrecognizedEntityType The policy includes an entity type that isn't
//     found in the schema.
//
//   - UnrecognizedActionId The policy includes an action id that isn't found
//     in the schema.
//
//   - InvalidActionApplication The policy includes an action that, according
//     to the schema, doesn't support the specified principal and resource.
//
//   - UnexpectedType The policy included an operand that isn't a valid type
//     for the specified operation.
//
//   - IncompatibleTypes The types of elements included in a set, or the types
//     of expressions used in an if...then...else clause aren't compatible in
//     this context.
//
//   - MissingAttribute The policy attempts to access a record or entity attribute
//     that isn't specified in the schema. Test for the existence of the attribute
//     first before attempting to access its value. For more information, see
//     the has (presence of attribute test) operator (https://docs.cedarpolicy.com/policies/syntax-operators.html#has-presence-of-attribute-test)
//     in the Cedar Policy Language Guide.
//
//   - UnsafeOptionalAttributeAccess The policy attempts to access a record
//     or entity attribute that is optional and isn't guaranteed to be present.
//     Test for the existence of the attribute first before attempting to access
//     its value. For more information, see the has (presence of attribute test)
//     operator (https://docs.cedarpolicy.com/policies/syntax-operators.html#has-presence-of-attribute-test)
//     in the Cedar Policy Language Guide.
//
//   - ImpossiblePolicy Cedar has determined that a policy condition always
//     evaluates to false. If the policy is always false, it can never apply
//     to any query, and so it can never affect an authorization decision.
//
//   - WrongNumberArguments The policy references an extension type with the
//     wrong number of arguments.
//
//   - FunctionArgumentValidationError Cedar couldn't parse the argument passed
//     to an extension type. For example, a string that is to be parsed as an
//     IPv4 address can contain only digits and the period character.
//
//   - AccessDeniedException
//     You don't have sufficient access to perform this action.
//
//   - ResourceNotFoundException
//     The request failed because it references a resource that doesn't exist.
//
//   - ThrottlingException
//     The request failed because it exceeded a throttling quota.
//
//   - InternalServerException
//     The request failed because of an internal error. Try your request again later
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/BatchIsAuthorized
func (c *VerifiedPermissions) BatchIsAuthorized(input *BatchIsAuthorizedInput) (*BatchIsAuthorizedOutput, error) {
	req, out := c.BatchIsAuthorizedRequest(input)
	return out, req.Send()
}

// BatchIsAuthorizedWithContext is the same as BatchIsAuthorized with the addition of
// the ability to pass a context and additional request options.
//
// See BatchIsAuthorized for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *VerifiedPermissions) BatchIsAuthorizedWithContext(ctx aws.Context, input *BatchIsAuthorizedInput, opts ...request.Option) (*BatchIsAuthorizedOutput, error) {
	req, out := c.BatchIsAuthorizedRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

const opCreateIdentitySource = "CreateIdentitySource"

// CreateIdentitySourceRequest generates a "aws/request.Request" representing the
// client's request for the CreateIdentitySource operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See CreateIdentitySource for more information on using the CreateIdentitySource
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//	// Example sending a request using the CreateIdentitySourceRequest method.
//	req, resp := client.CreateIdentitySourceRequest(params)
//
//	err := req.Send()
//	if err == nil { // resp is now filled
//	    fmt.Println(resp)
//	}
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/CreateIdentitySource
func (c *VerifiedPermissions) CreateIdentitySourceRequest(input *CreateIdentitySourceInput) (req *request.Request, output *CreateIdentitySourceOutput) {
	op := &request.Operation{
		Name:       opCreateIdentitySource,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &CreateIdentitySourceInput{}
	}

	output = &CreateIdentitySourceOutput{}
	req = c.newRequest(op, input, output)
	return
}

// CreateIdentitySource API operation for Amazon Verified Permissions.
//
// Creates a reference to an Amazon Cognito user pool as an external identity
// provider (IdP).
//
// After you create an identity source, you can use the identities provided
// by the IdP as proxies for the principal in authorization queries that use
// the IsAuthorizedWithToken (https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_IsAuthorizedWithToken.html)
// operation. These identities take the form of tokens that contain claims about
// the user, such as IDs, attributes and group memberships. Amazon Cognito provides
// both identity tokens and access tokens, and Verified Permissions can use
// either or both. Any combination of identity and access tokens results in
// the same Cedar principal. Verified Permissions automatically translates the
// information about the identities into the standard Cedar attributes that
// can be evaluated by your policies. Because the Amazon Cognito identity and
// access tokens can contain different information, the tokens you choose to
// use determine which principal attributes are available to access when evaluating
// Cedar policies.
//
// If you delete a Amazon Cognito user pool or user, tokens from that deleted
// pool or that deleted user continue to be usable until they expire.
//
// To reference a user from this identity source in your Cedar policies, use
// the following syntax.
//
// IdentityType::"<CognitoUserPoolIdentifier>|<CognitoClientId>
//
// Where IdentityType is the string that you provide to the PrincipalEntityType
// parameter for this operation. The CognitoUserPoolId and CognitoClientId are
// defined by the Amazon Cognito user pool.
//
// Verified Permissions is eventually consistent (https://wikipedia.org/wiki/Eventual_consistency)
// . It can take a few seconds for a new or changed element to be propagate
// through the service and be visible in the results of other Verified Permissions
// operations.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for Amazon Verified Permissions's
// API operation CreateIdentitySource for usage and error information.
//
// Returned Error Types:
//
//   - ValidationException
//     The request failed because one or more input parameters don't satisfy their
//     constraint requirements. The output is provided as a list of fields and a
//     reason for each field that isn't valid.
//
//     The possible reasons include the following:
//
//   - UnrecognizedEntityType The policy includes an entity type that isn't
//     found in the schema.
//
//   - UnrecognizedActionId The policy includes an action id that isn't found
//     in the schema.
//
//   - InvalidActionApplication The policy includes an action that, according
//     to the schema, doesn't support the specified principal and resource.
//
//   - UnexpectedType The policy included an operand that isn't a valid type
//     for the specified operation.
//
//   - IncompatibleTypes The types of elements included in a set, or the types
//     of expressions used in an if...then...else clause aren't compatible in
//     this context.
//
//   - MissingAttribute The policy attempts to access a record or entity attribute
//     that isn't specified in the schema. Test for the existence of the attribute
//     first before attempting to access its value. For more information, see
//     the has (presence of attribute test) operator (https://docs.cedarpolicy.com/policies/syntax-operators.html#has-presence-of-attribute-test)
//     in the Cedar Policy Language Guide.
//
//   - UnsafeOptionalAttributeAccess The policy attempts to access a record
//     or entity attribute that is optional and isn't guaranteed to be present.
//     Test for the existence of the attribute first before attempting to access
//     its value. For more information, see the has (presence of attribute test)
//     operator (https://docs.cedarpolicy.com/policies/syntax-operators.html#has-presence-of-attribute-test)
//     in the Cedar Policy Language Guide.
//
//   - ImpossiblePolicy Cedar has determined that a policy condition always
//     evaluates to false. If the policy is always false, it can never apply
//     to any query, and so it can never affect an authorization decision.
//
//   - WrongNumberArguments The policy references an extension type with the
//     wrong number of arguments.
//
//   - FunctionArgumentValidationError Cedar couldn't parse the argument passed
//     to an extension type. For example, a string that is to be parsed as an
//     IPv4 address can contain only digits and the period character.
//
//   - ServiceQuotaExceededException
//     The request failed because it would cause a service quota to be exceeded.
//
//   - ConflictException
//     The request failed because another request to modify a resource occurred
//     at the same.
//
//   - AccessDeniedException
//     You don't have sufficient access to perform this action.
//
//   - ResourceNotFoundException
//     The request failed because it references a resource that doesn't exist.
//
//   - ThrottlingException
//     The request failed because it exceeded a throttling quota.
//
//   - InternalServerException
//     The request failed because of an internal error. Try your request again later
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/CreateIdentitySource
func (c *VerifiedPermissions) CreateIdentitySource(input *CreateIdentitySourceInput) (*CreateIdentitySourceOutput, error) {
	req, out := c.CreateIdentitySourceRequest(input)
	return out, req.Send()
}

// CreateIdentitySourceWithContext is the same as CreateIdentitySource with the addition of
// the ability to pass a context and additional request options.
//
// See CreateIdentitySource for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *VerifiedPermissions) CreateIdentitySourceWithContext(ctx aws.Context, input *CreateIdentitySourceInput, opts ...request.Option) (*CreateIdentitySourceOutput, error) {
	req, out := c.CreateIdentitySourceRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

const opCreatePolicy = "CreatePolicy"

// CreatePolicyRequest generates a "aws/request.Request" representing the
// client's request for the CreatePolicy operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See CreatePolicy for more information on using the CreatePolicy
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//	// Example sending a request using the CreatePolicyRequest method.
//	req, resp := client.CreatePolicyRequest(params)
//
//	err := req.Send()
//	if err == nil { // resp is now filled
//	    fmt.Println(resp)
//	}
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/CreatePolicy
func (c *VerifiedPermissions) CreatePolicyRequest(input *CreatePolicyInput) (req *request.Request, output *CreatePolicyOutput) {
	op := &request.Operation{
		Name:       opCreatePolicy,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &CreatePolicyInput{}
	}

	output = &CreatePolicyOutput{}
	req = c.newRequest(op, input, output)
	return
}

// CreatePolicy API operation for Amazon Verified Permissions.
//
// Creates a Cedar policy and saves it in the specified policy store. You can
// create either a static policy or a policy linked to a policy template.
//
//   - To create a static policy, provide the Cedar policy text in the StaticPolicy
//     section of the PolicyDefinition.
//
//   - To create a policy that is dynamically linked to a policy template,
//     specify the policy template ID and the principal and resource to associate
//     with this policy in the templateLinked section of the PolicyDefinition.
//     If the policy template is ever updated, any policies linked to the policy
//     template automatically use the updated template.
//
// Creating a policy causes it to be validated against the schema in the policy
// store. If the policy doesn't pass validation, the operation fails and the
// policy isn't stored.
//
// Verified Permissions is eventually consistent (https://wikipedia.org/wiki/Eventual_consistency)
// . It can take a few seconds for a new or changed element to be propagate
// through the service and be visible in the results of other Verified Permissions
// operations.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for Amazon Verified Permissions's
// API operation CreatePolicy for usage and error information.
//
// Returned Error Types:
//
//   - ValidationException
//     The request failed because one or more input parameters don't satisfy their
//     constraint requirements. The output is provided as a list of fields and a
//     reason for each field that isn't valid.
//
//     The possible reasons include the following:
//
//   - UnrecognizedEntityType The policy includes an entity type that isn't
//     found in the schema.
//
//   - UnrecognizedActionId The policy includes an action id that isn't found
//     in the schema.
//
//   - InvalidActionApplication The policy includes an action that, according
//     to the schema, doesn't support the specified principal and resource.
//
//   - UnexpectedType The policy included an operand that isn't a valid type
//     for the specified operation.
//
//   - IncompatibleTypes The types of elements included in a set, or the types
//     of expressions used in an if...then...else clause aren't compatible in
//     this context.
//
//   - MissingAttribute The policy attempts to access a record or entity attribute
//     that isn't specified in the schema. Test for the existence of the attribute
//     first before attempting to access its value. For more information, see
//     the has (presence of attribute test) operator (https://docs.cedarpolicy.com/policies/syntax-operators.html#has-presence-of-attribute-test)
//     in the Cedar Policy Language Guide.
//
//   - UnsafeOptionalAttributeAccess The policy attempts to access a record
//     or entity attribute that is optional and isn't guaranteed to be present.
//     Test for the existence of the attribute first before attempting to access
//     its value. For more information, see the has (presence of attribute test)
//     operator (https://docs.cedarpolicy.com/policies/syntax-operators.html#has-presence-of-attribute-test)
//     in the Cedar Policy Language Guide.
//
//   - ImpossiblePolicy Cedar has determined that a policy condition always
//     evaluates to false. If the policy is always false, it can never apply
//     to any query, and so it can never affect an authorization decision.
//
//   - WrongNumberArguments The policy references an extension type with the
//     wrong number of arguments.
//
//   - FunctionArgumentValidationError Cedar couldn't parse the argument passed
//     to an extension type. For example, a string that is to be parsed as an
//     IPv4 address can contain only digits and the period character.
//
//   - ServiceQuotaExceededException
//     The request failed because it would cause a service quota to be exceeded.
//
//   - ConflictException
//     The request failed because another request to modify a resource occurred
//     at the same.
//
//   - AccessDeniedException
//     You don't have sufficient access to perform this action.
//
//   - ResourceNotFoundException
//     The request failed because it references a resource that doesn't exist.
//
//   - ThrottlingException
//     The request failed because it exceeded a throttling quota.
//
//   - InternalServerException
//     The request failed because of an internal error. Try your request again later
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/CreatePolicy
func (c *VerifiedPermissions) CreatePolicy(input *CreatePolicyInput) (*CreatePolicyOutput, error) {
	req, out := c.CreatePolicyRequest(input)
	return out, req.Send()
}

// CreatePolicyWithContext is the same as CreatePolicy with the addition of
// the ability to pass a context and additional request options.
//
// See CreatePolicy for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *VerifiedPermissions) CreatePolicyWithContext(ctx aws.Context, input *CreatePolicyInput, opts ...request.Option) (*CreatePolicyOutput, error) {
	req, out := c.CreatePolicyRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

const opCreatePolicyStore = "CreatePolicyStore"

// CreatePolicyStoreRequest generates a "aws/request.Request" representing the
// client's request for the CreatePolicyStore operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See CreatePolicyStore for more information on using the CreatePolicyStore
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//	// Example sending a request using the CreatePolicyStoreRequest method.
//	req, resp := client.CreatePolicyStoreRequest(params)
//
//	err := req.Send()
//	if err == nil { // resp is now filled
//	    fmt.Println(resp)
//	}
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/CreatePolicyStore
func (c *VerifiedPermissions) CreatePolicyStoreRequest(input *CreatePolicyStoreInput) (req *request.Request, output *CreatePolicyStoreOutput) {
	op := &request.Operation{
		Name:       opCreatePolicyStore,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &CreatePolicyStoreInput{}
	}

	output = &CreatePolicyStoreOutput{}
	req = c.newRequest(op, input, output)
	return
}

// CreatePolicyStore API operation for Amazon Verified Permissions.
//
// Creates a policy store. A policy store is a container for policy resources.
//
// Although Cedar supports multiple namespaces (https://docs.cedarpolicy.com/schema/schema.html#namespace),
// Verified Permissions currently supports only one namespace per policy store.
//
// Verified Permissions is eventually consistent (https://wikipedia.org/wiki/Eventual_consistency)
// . It can take a few seconds for a new or changed element to be propagate
// through the service and be visible in the results of other Verified Permissions
// operations.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for Amazon Verified Permissions's
// API operation CreatePolicyStore for usage and error information.
//
// Returned Error Types:
//
//   - ValidationException
//     The request failed because one or more input parameters don't satisfy their
//     constraint requirements. The output is provided as a list of fields and a
//     reason for each field that isn't valid.
//
//     The possible reasons include the following:
//
//   - UnrecognizedEntityType The policy includes an entity type that isn't
//     found in the schema.
//
//   - UnrecognizedActionId The policy includes an action id that isn't found
//     in the schema.
//
//   - InvalidActionApplication The policy includes an action that, according
//     to the schema, doesn't support the specified principal and resource.
//
//   - UnexpectedType The policy included an operand that isn't a valid type
//     for the specified operation.
//
//   - IncompatibleTypes The types of elements included in a set, or the types
//     of expressions used in an if...then...else clause aren't compatible in
//     this context.
//
//   - MissingAttribute The policy attempts to access a record or entity attribute
//     that isn't specified in the schema. Test for the existence of the attribute
//     first before attempting to access its value. For more information, see
//     the has (presence of attribute test) operator (https://docs.cedarpolicy.com/policies/syntax-operators.html#has-presence-of-attribute-test)
//     in the Cedar Policy Language Guide.
//
//   - UnsafeOptionalAttributeAccess The policy attempts to access a record
//     or entity attribute that is optional and isn't guaranteed to be present.
//     Test for the existence of the attribute first before attempting to access
//     its value. For more information, see the has (presence of attribute test)
//     operator (https://docs.cedarpolicy.com/policies/syntax-operators.html#has-presence-of-attribute-test)
//     in the Cedar Policy Language Guide.
//
//   - ImpossiblePolicy Cedar has determined that a policy condition always
//     evaluates to false. If the policy is always false, it can never apply
//     to any query, and so it can never affect an authorization decision.
//
//   - WrongNumberArguments The policy references an extension type with the
//     wrong number of arguments.
//
//   - FunctionArgumentValidationError Cedar couldn't parse the argument passed
//     to an extension type. For example, a string that is to be parsed as an
//     IPv4 address can contain only digits and the period character.
//
//   - ServiceQuotaExceededException
//     The request failed because it would cause a service quota to be exceeded.
//
//   - ConflictException
//     The request failed because another request to modify a resource occurred
//     at the same.
//
//   - AccessDeniedException
//     You don't have sufficient access to perform this action.
//
//   - ThrottlingException
//     The request failed because it exceeded a throttling quota.
//
//   - InternalServerException
//     The request failed because of an internal error. Try your request again later
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/CreatePolicyStore
func (c *VerifiedPermissions) CreatePolicyStore(input *CreatePolicyStoreInput) (*CreatePolicyStoreOutput, error) {
	req, out := c.CreatePolicyStoreRequest(input)
	return out, req.Send()
}

// CreatePolicyStoreWithContext is the same as CreatePolicyStore with the addition of
// the ability to pass a context and additional request options.
//
// See CreatePolicyStore for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *VerifiedPermissions) CreatePolicyStoreWithContext(ctx aws.Context, input *CreatePolicyStoreInput, opts ...request.Option) (*CreatePolicyStoreOutput, error) {
	req, out := c.CreatePolicyStoreRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

const opCreatePolicyTemplate = "CreatePolicyTemplate"

// CreatePolicyTemplateRequest generates a "aws/request.Request" representing the
// client's request for the CreatePolicyTemplate operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See CreatePolicyTemplate for more information on using the CreatePolicyTemplate
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//	// Example sending a request using the CreatePolicyTemplateRequest method.
//	req, resp := client.CreatePolicyTemplateRequest(params)
//
//	err := req.Send()
//	if err == nil { // resp is now filled
//	    fmt.Println(resp)
//	}
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/CreatePolicyTemplate
func (c *VerifiedPermissions) CreatePolicyTemplateRequest(input *CreatePolicyTemplateInput) (req *request.Request, output *CreatePolicyTemplateOutput) {
	op := &request.Operation{
		Name:       opCreatePolicyTemplate,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &CreatePolicyTemplateInput{}
	}

	output = &CreatePolicyTemplateOutput{}
	req = c.newRequest(op, input, output)
	return
}

// CreatePolicyTemplate API operation for Amazon Verified Permissions.
//
// Creates a policy template. A template can use placeholders for the principal
// and resource. A template must be instantiated into a policy by associating
// it with specific principals and resources to use for the placeholders. That
// instantiated policy can then be considered in authorization decisions. The
// instantiated policy works identically to any other policy, except that it
// is dynamically linked to the template. If the template changes, then any
// policies that are linked to that template are immediately updated as well.
//
// Verified Permissions is eventually consistent (https://wikipedia.org/wiki/Eventual_consistency)
// . It can take a few seconds for a new or changed element to be propagate
// through the service and be visible in the results of other Verified Permissions
// operations.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for Amazon Verified Permissions's
// API operation CreatePolicyTemplate for usage and error information.
//
// Returned Error Types:
//
//   - ValidationException
//     The request failed because one or more input parameters don't satisfy their
//     constraint requirements. The output is provided as a list of fields and a
//     reason for each field that isn't valid.
//
//     The possible reasons include the following:
//
//   - UnrecognizedEntityType The policy includes an entity type that isn't
//     found in the schema.
//
//   - UnrecognizedActionId The policy includes an action id that isn't found
//     in the schema.
//
//   - InvalidActionApplication The policy includes an action that, according
//     to the schema, doesn't support the specified principal and resource.
//
//   - UnexpectedType The policy included an operand that isn't a valid type
//     for the specified operation.
//
//   - IncompatibleTypes The types of elements included in a set, or the types
//     of expressions used in an if...then...else clause aren't compatible in
//     this context.
//
//   - MissingAttribute The policy attempts to access a record or entity attribute
//     that isn't specified in the schema. Test for the existence of the attribute
//     first before attempting to access its value. For more information, see
//     the has (presence of attribute test) operator (https://docs.cedarpolicy.com/policies/syntax-operators.html#has-presence-of-attribute-test)
//     in the Cedar Policy Language Guide.
//
//   - UnsafeOptionalAttributeAccess The policy attempts to access a record
//     or entity attribute that is optional and isn't guaranteed to be present.
//     Test for the existence of the attribute first before attempting to access
//     its value. For more information, see the has (presence of attribute test)
//     operator (https://docs.cedarpolicy.com/policies/syntax-operators.html#has-presence-of-attribute-test)
//     in the Cedar Policy Language Guide.
//
//   - ImpossiblePolicy Cedar has determined that a policy condition always
//     evaluates to false. If the policy is always false, it can never apply
//     to any query, and so it can never affect an authorization decision.
//
//   - WrongNumberArguments The policy references an extension type with the
//     wrong number of arguments.
//
//   - FunctionArgumentValidationError Cedar couldn't parse the argument passed
//     to an extension type. For example, a string that is to be parsed as an
//     IPv4 address can contain only digits and the period character.
//
//   - ServiceQuotaExceededException
//     The request failed because it would cause a service quota to be exceeded.
//
//   - ConflictException
//     The request failed because another request to modify a resource occurred
//     at the same.
//
//   - AccessDeniedException
//     You don't have sufficient access to perform this action.
//
//   - ResourceNotFoundException
//     The request failed because it references a resource that doesn't exist.
//
//   - ThrottlingException
//     The request failed because it exceeded a throttling quota.
//
//   - InternalServerException
//     The request failed because of an internal error. Try your request again later
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/CreatePolicyTemplate
func (c *VerifiedPermissions) CreatePolicyTemplate(input *CreatePolicyTemplateInput) (*CreatePolicyTemplateOutput, error) {
	req, out := c.CreatePolicyTemplateRequest(input)
	return out, req.Send()
}

// CreatePolicyTemplateWithContext is the same as CreatePolicyTemplate with the addition of
// the ability to pass a context and additional request options.
//
// See CreatePolicyTemplate for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *VerifiedPermissions) CreatePolicyTemplateWithContext(ctx aws.Context, input *CreatePolicyTemplateInput, opts ...request.Option) (*CreatePolicyTemplateOutput, error) {
	req, out := c.CreatePolicyTemplateRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

const opDeleteIdentitySource = "DeleteIdentitySource"

// DeleteIdentitySourceRequest generates a "aws/request.Request" representing the
// client's request for the DeleteIdentitySource operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See DeleteIdentitySource for more information on using the DeleteIdentitySource
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//	// Example sending a request using the DeleteIdentitySourceRequest method.
//	req, resp := client.DeleteIdentitySourceRequest(params)
//
//	err := req.Send()
//	if err == nil { // resp is now filled
//	    fmt.Println(resp)
//	}
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/DeleteIdentitySource
func (c *VerifiedPermissions) DeleteIdentitySourceRequest(input *DeleteIdentitySourceInput) (req *request.Request, output *DeleteIdentitySourceOutput) {
	op := &request.Operation{
		Name:       opDeleteIdentitySource,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &DeleteIdentitySourceInput{}
	}

	output = &DeleteIdentitySourceOutput{}
	req = c.newRequest(op, input, output)
	req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
	return
}

// DeleteIdentitySource API operation for Amazon Verified Permissions.
//
// Deletes an identity source that references an identity provider (IdP) such
// as Amazon Cognito. After you delete the identity source, you can no longer
// use tokens for identities from that identity source to represent principals
// in authorization queries made using IsAuthorizedWithToken (https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_IsAuthorizedWithToken.html).
// operations.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for Amazon Verified Permissions's
// API operation DeleteIdentitySource for usage and error information.
//
// Returned Error Types:
//
//   - ValidationException
//     The request failed because one or more input parameters don't satisfy their
//     constraint requirements. The output is provided as a list of fields and a
//     reason for each field that isn't valid.
//
//     The possible reasons include the following:
//
//   - UnrecognizedEntityType The policy includes an entity type that isn't
//     found in the schema.
//
//   - UnrecognizedActionId The policy includes an action id that isn't found
//     in the schema.
//
//   - InvalidActionApplication The policy includes an action that, according
//     to the schema, doesn't support the specified principal and resource.
//
//   - UnexpectedType The policy included an operand that isn't a valid type
//     for the specified operation.
//
//   - IncompatibleTypes The types of elements included in a set, or the types
//     of expressions used in an if...then...else clause aren't compatible in
//     this context.
//
//   - MissingAttribute The policy attempts to access a record or entity attribute
//     that isn't specified in the schema. Test for the existence of the attribute
//     first before attempting to access its value. For more information, see
//     the has (presence of attribute test) operator (https://docs.cedarpolicy.com/policies/syntax-operators.html#has-presence-of-attribute-test)
//     in the Cedar Policy Language Guide.
//
//   - UnsafeOptionalAttributeAccess The policy attempts to access a record
//     or entity attribute that is optional and isn't guaranteed to be present.
//     Test for the existence of the attribute first before attempting to access
//     its value. For more information, see the has (presence of attribute test)
//     operator (https://docs.cedarpolicy.com/policies/syntax-operators.html#has-presence-of-attribute-test)
//     in the Cedar Policy Language Guide.
//
//   - ImpossiblePolicy Cedar has determined that a policy condition always
//     evaluates to false. If the policy is always false, it can never apply
//     to any query, and so it can never affect an authorization decision.
//
//   - WrongNumberArguments The policy references an extension type with the
//     wrong number of arguments.
//
//   - FunctionArgumentValidationError Cedar couldn't parse the argument passed
//     to an extension type. For example, a string that is to be parsed as an
//     IPv4 address can contain only digits and the period character.
//
//   - ConflictException
//     The request failed because another request to modify a resource occurred
//     at the same.
//
//   - AccessDeniedException
//     You don't have sufficient access to perform this action.
//
//   - ResourceNotFoundException
//     The request failed because it references a resource that doesn't exist.
//
//   - ThrottlingException
//     The request failed because it exceeded a throttling quota.
//
//   - InternalServerException
//     The request failed because of an internal error. Try your request again later
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/DeleteIdentitySource
func (c *VerifiedPermissions) DeleteIdentitySource(input *DeleteIdentitySourceInput) (*DeleteIdentitySourceOutput, error) {
	req, out := c.DeleteIdentitySourceRequest(input)
	return out, req.Send()
}

// DeleteIdentitySourceWithContext is the same as DeleteIdentitySource with the addition of
// the ability to pass a context and additional request options.
//
// See DeleteIdentitySource for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *VerifiedPermissions) DeleteIdentitySourceWithContext(ctx aws.Context, input *DeleteIdentitySourceInput, opts ...request.Option) (*DeleteIdentitySourceOutput, error) {
	req, out := c.DeleteIdentitySourceRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

const opDeletePolicy = "DeletePolicy"

// DeletePolicyRequest generates a "aws/request.Request" representing the
// client's request for the DeletePolicy operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See DeletePolicy for more information on using the DeletePolicy
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//	// Example sending a request using the DeletePolicyRequest method.
//	req, resp := client.DeletePolicyRequest(params)
//
//	err := req.Send()
//	if err == nil { // resp is now filled
//	    fmt.Println(resp)
//	}
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/DeletePolicy
func (c *VerifiedPermissions) DeletePolicyRequest(input *DeletePolicyInput) (req *request.Request, output *DeletePolicyOutput) {
	op := &request.Operation{
		Name:       opDeletePolicy,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &DeletePolicyInput{}
	}

	output = &DeletePolicyOutput{}
	req = c.newRequest(op, input, output)
	req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
	return
}

// DeletePolicy API operation for Amazon Verified Permissions.
//
// Deletes the specified policy from the policy store.
//
// This operation is idempotent; if you specify a policy that doesn't exist,
// the request response returns a successful HTTP 200 status code.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for Amazon Verified Permissions's
// API operation DeletePolicy for usage and error information.
//
// Returned Error Types:
//
//   - ValidationException
//     The request failed because one or more input parameters don't satisfy their
//     constraint requirements. The output is provided as a list of fields and a
//     reason for each field that isn't valid.
//
//     The possible reasons include the following:
//
//   - UnrecognizedEntityType The policy includes an entity type that isn't
//     found in the schema.
//
//   - UnrecognizedActionId The policy includes an action id that isn't found
//     in the schema.
//
//   - InvalidActionApplication The policy includes an action that, according
//     to the schema, doesn't support the specified principal and resource.
//
//   - UnexpectedType The policy included an operand that isn't a valid type
//     for the specified operation.
//
//   - IncompatibleTypes The types of elements included in a set, or the types
//     of expressions used in an if...then...else clause aren't compatible in
//     this context.
//
//   - MissingAttribute The policy attempts to access a record or entity attribute
//     that isn't specified in the schema. Test for the existence of the attribute
//     first before attempting to access its value. For more information, see
//     the has (presence of attribute test) operator (https://docs.cedarpolicy.com/policies/syntax-operators.html#has-presence-of-attribute-test)
//     in the Cedar Policy Language Guide.
//
//   - UnsafeOptionalAttributeAccess The policy attempts to access a record
//     or entity attribute that is optional and isn't guaranteed to be present.
//     Test for the existence of the attribute first before attempting to access
//     its value. For more information, see the has (presence of attribute test)
//     operator (https://docs.cedarpolicy.com/policies/syntax-operators.html#has-presence-of-attribute-test)
//     in the Cedar Policy Language Guide.
//
//   - ImpossiblePolicy Cedar has determined that a policy condition always
//     evaluates to false. If the policy is always false, it can never apply
//     to any query, and so it can never affect an authorization decision.
//
//   - WrongNumberArguments The policy references an extension type with the
//     wrong number of arguments.
//
//   - FunctionArgumentValidationError Cedar couldn't parse the argument passed
//     to an extension type. For example, a string that is to be parsed as an
//     IPv4 address can contain only digits and the period character.
//
//   - ConflictException
//     The request failed because another request to modify a resource occurred
//     at the same.
//
//   - AccessDeniedException
//     You don't have sufficient access to perform this action.
//
//   - ResourceNotFoundException
//     The request failed because it references a resource that doesn't exist.
//
//   - ThrottlingException
//     The request failed because it exceeded a throttling quota.
//
//   - InternalServerException
//     The request failed because of an internal error. Try your request again later
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/DeletePolicy
func (c *VerifiedPermissions) DeletePolicy(input *DeletePolicyInput) (*DeletePolicyOutput, error) {
	req, out := c.DeletePolicyRequest(input)
	return out, req.Send()
}

// DeletePolicyWithContext is the same as DeletePolicy with the addition of
// the ability to pass a context and additional request options.
//
// See DeletePolicy for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *VerifiedPermissions) DeletePolicyWithContext(ctx aws.Context, input *DeletePolicyInput, opts ...request.Option) (*DeletePolicyOutput, error) {
	req, out := c.DeletePolicyRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

const opDeletePolicyStore = "DeletePolicyStore"

// DeletePolicyStoreRequest generates a "aws/request.Request" representing the
// client's request for the DeletePolicyStore operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See DeletePolicyStore for more information on using the DeletePolicyStore
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//	// Example sending a request using the DeletePolicyStoreRequest method.
//	req, resp := client.DeletePolicyStoreRequest(params)
//
//	err := req.Send()
//	if err == nil { // resp is now filled
//	    fmt.Println(resp)
//	}
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/DeletePolicyStore
func (c *VerifiedPermissions) DeletePolicyStoreRequest(input *DeletePolicyStoreInput) (req *request.Request, output *DeletePolicyStoreOutput) {
	op := &request.Operation{
		Name:       opDeletePolicyStore,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &DeletePolicyStoreInput{}
	}

	output = &DeletePolicyStoreOutput{}
	req = c.newRequest(op, input, output)
	req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
	return
}

// DeletePolicyStore API operation for Amazon Verified Permissions.
//
// Deletes the specified policy store.
//
// This operation is idempotent. If you specify a policy store that does not
// exist, the request response will still return a successful HTTP 200 status
// code.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for Amazon Verified Permissions's
// API operation DeletePolicyStore for usage and error information.
//
// Returned Error Types:
//
//   - ValidationException
//     The request failed because one or more input parameters don't satisfy their
//     constraint requirements. The output is provided as a list of fields and a
//     reason for each field that isn't valid.
//
//     The possible reasons include the following:
//
//   - UnrecognizedEntityType The policy includes an entity type that isn't
//     found in the schema.
//
//   - UnrecognizedActionId The policy includes an action id that isn't found
//     in the schema.
//
//   - InvalidActionApplication The policy includes an action that, according
//     to the schema, doesn't support the specified principal and resource.
//
//   - UnexpectedType The policy included an operand that isn't a valid type
//     for the specified operation.
//
//   - IncompatibleTypes The types of elements included in a set, or the types
//     of expressions used in an if...then...else clause aren't compatible in
//     this context.
//
//   - MissingAttribute The policy attempts to access a record or entity attribute
//     that isn't specified in the schema. Test for the existence of the attribute
//     first before attempting to access its value. For more information, see
//     the has (presence of attribute test) operator (https://docs.cedarpolicy.com/policies/syntax-operators.html#has-presence-of-attribute-test)
//     in the Cedar Policy Language Guide.
//
//   - UnsafeOptionalAttributeAccess The policy attempts to access a record
//     or entity attribute that is optional and isn't guaranteed to be present.
//     Test for the existence of the attribute first before attempting to access
//     its value. For more information, see the has (presence of attribute test)
//     operator (https://docs.cedarpolicy.com/policies/syntax-operators.html#has-presence-of-attribute-test)
//     in the Cedar Policy Language Guide.
//
//   - ImpossiblePolicy Cedar has determined that a policy condition always
//     evaluates to false. If the policy is always false, it can never apply
//     to any query, and so it can never affect an authorization decision.
//
//   - WrongNumberArguments The policy references an extension type with the
//     wrong number of arguments.
//
//   - FunctionArgumentValidationError Cedar couldn't parse the argument passed
//     to an extension type. For example, a string that is to be parsed as an
//     IPv4 address can contain only digits and the period character.
//
//   - AccessDeniedException
//     You don't have sufficient access to perform this action.
//
//   - ThrottlingException
//     The request failed because it exceeded a throttling quota.
//
//   - InternalServerException
//     The request failed because of an internal error. Try your request again later
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/DeletePolicyStore
func (c *VerifiedPermissions) DeletePolicyStore(input *DeletePolicyStoreInput) (*DeletePolicyStoreOutput, error) {
	req, out := c.DeletePolicyStoreRequest(input)
	return out, req.Send()
}

// DeletePolicyStoreWithContext is the same as DeletePolicyStore with the addition of
// the ability to pass a context and additional request options.
//
// See DeletePolicyStore for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *VerifiedPermissions) DeletePolicyStoreWithContext(ctx aws.Context, input *DeletePolicyStoreInput, opts ...request.Option) (*DeletePolicyStoreOutput, error) {
	req, out := c.DeletePolicyStoreRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

const opDeletePolicyTemplate = "DeletePolicyTemplate"

// DeletePolicyTemplateRequest generates a "aws/request.Request" representing the
// client's request for the DeletePolicyTemplate operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See DeletePolicyTemplate for more information on using the DeletePolicyTemplate
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//	// Example sending a request using the DeletePolicyTemplateRequest method.
//	req, resp := client.DeletePolicyTemplateRequest(params)
//
//	err := req.Send()
//	if err == nil { // resp is now filled
//	    fmt.Println(resp)
//	}
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/DeletePolicyTemplate
func (c *VerifiedPermissions) DeletePolicyTemplateRequest(input *DeletePolicyTemplateInput) (req *request.Request, output *DeletePolicyTemplateOutput) {
	op := &request.Operation{
		Name:       opDeletePolicyTemplate,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &DeletePolicyTemplateInput{}
	}

	output = &DeletePolicyTemplateOutput{}
	req = c.newRequest(op, input, output)
	req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
	return
}

// DeletePolicyTemplate API operation for Amazon Verified Permissions.
//
// Deletes the specified policy template from the policy store.
//
// This operation also deletes any policies that were created from the specified
// policy template. Those policies are immediately removed from all future API
// responses, and are asynchronously deleted from the policy store.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for Amazon Verified Permissions's
// API operation DeletePolicyTemplate for usage and error information.
//
// Returned Error Types:
//
//   - ValidationException
//     The request failed because one or more input parameters don't satisfy their
//     constraint requirements. The output is provided as a list of fields and a
//     reason for each field that isn't valid.
//
//     The possible reasons include the following:
//
//   - UnrecognizedEntityType The policy includes an entity type that isn't
//     found in the schema.
//
//   - UnrecognizedActionId The policy includes an action id that isn't found
//     in the schema.
//
//   - InvalidActionApplication The policy includes an action that, according
//     to the schema, doesn't support the specified principal and resource.
//
//   - UnexpectedType The policy included an operand that isn't a valid type
//     for the specified operation.
//
//   - IncompatibleTypes The types of elements included in a set, or the types
//     of expressions used in an if...then...else clause aren't compatible in
//     this context.
//
//   - MissingAttribute The policy attempts to access a record or entity attribute
//     that isn't specified in the schema. Test for the existence of the attribute
//     first before attempting to access its value. For more information, see
//     the has (presence of attribute test) operator (https://docs.cedarpolicy.com/policies/syntax-operators.html#has-presence-of-attribute-test)
//     in the Cedar Policy Language Guide.
//
//   - UnsafeOptionalAttributeAccess The policy attempts to access a record
//     or entity attribute that is optional and isn't guaranteed to be present.
//     Test for the existence of the attribute first before attempting to access
//     its value. For more information, see the has (presence of attribute test)
//     operator (https://docs.cedarpolicy.com/policies/syntax-operators.html#has-presence-of-attribute-test)
//     in the Cedar Policy Language Guide.
//
//   - ImpossiblePolicy Cedar has determined that a policy condition always
//     evaluates to false. If the policy is always false, it can never apply
//     to any query, and so it can never affect an authorization decision.
//
//   - WrongNumberArguments The policy references an extension type with the
//     wrong number of arguments.
//
//   - FunctionArgumentValidationError Cedar couldn't parse the argument passed
//     to an extension type. For example, a string that is to be parsed as an
//     IPv4 address can contain only digits and the period character.
//
//   - ConflictException
//     The request failed because another request to modify a resource occurred
//     at the same.
//
//   - AccessDeniedException
//     You don't have sufficient access to perform this action.
//
//   - ResourceNotFoundException
//     The request failed because it references a resource that doesn't exist.
//
//   - ThrottlingException
//     The request failed because it exceeded a throttling quota.
//
//   - InternalServerException
//     The request failed because of an internal error. Try your request again later
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/DeletePolicyTemplate
func (c *VerifiedPermissions) DeletePolicyTemplate(input *DeletePolicyTemplateInput) (*DeletePolicyTemplateOutput, error) {
	req, out := c.DeletePolicyTemplateRequest(input)
	return out, req.Send()
}

// DeletePolicyTemplateWithContext is the same as DeletePolicyTemplate with the addition of
// the ability to pass a context and additional request options.
//
// See DeletePolicyTemplate for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *VerifiedPermissions) DeletePolicyTemplateWithContext(ctx aws.Context, input *DeletePolicyTemplateInput, opts ...request.Option) (*DeletePolicyTemplateOutput, error) {
	req, out := c.DeletePolicyTemplateRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

const opGetIdentitySource = "GetIdentitySource"

// GetIdentitySourceRequest generates a "aws/request.Request" representing the
// client's request for the GetIdentitySource operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See GetIdentitySource for more information on using the GetIdentitySource
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//	// Example sending a request using the GetIdentitySourceRequest method.
//	req, resp := client.GetIdentitySourceRequest(params)
//
//	err := req.Send()
//	if err == nil { // resp is now filled
//	    fmt.Println(resp)
//	}
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/GetIdentitySource
func (c *VerifiedPermissions) GetIdentitySourceRequest(input *GetIdentitySourceInput) (req *request.Request, output *GetIdentitySourceOutput) {
	op := &request.Operation{
		Name:       opGetIdentitySource,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &GetIdentitySourceInput{}
	}

	output = &GetIdentitySourceOutput{}
	req = c.newRequest(op, input, output)
	return
}

// GetIdentitySource API operation for Amazon Verified Permissions.
//
// Retrieves the details about the specified identity source.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for Amazon Verified Permissions's
// API operation GetIdentitySource for usage and error information.
//
// Returned Error Types:
//
//   - ValidationException
//     The request failed because one or more input parameters don't satisfy their
//     constraint requirements. The output is provided as a list of fields and a
//     reason for each field that isn't valid.
//
//     The possible reasons include the following:
//
//   - UnrecognizedEntityType The policy includes an entity type that isn't
//     found in the schema.
//
//   - UnrecognizedActionId The policy includes an action id that isn't found
//     in the schema.
//
//   - InvalidActionApplication The policy includes an action that, according
//     to the schema, doesn't support the specified principal and resource.
//
//   - UnexpectedType The policy included an operand that isn't a valid type
//     for the specified operation.
//
//   - IncompatibleTypes The types of elements included in a set, or the types
//     of expressions used in an if...then...else clause aren't compatible in
//     this context.
//
//   - MissingAttribute The policy attempts to access a record or entity attribute
//     that isn't specified in the schema. Test for the existence of the attribute
//     first before attempting to access its value. For more information, see
//     the has (presence of attribute test) operator (https://docs.cedarpolicy.com/policies/syntax-operators.html#has-presence-of-attribute-test)
//     in the Cedar Policy Language Guide.
//
//   - UnsafeOptionalAttributeAccess The policy attempts to access a record
//     or entity attribute that is optional and isn't guaranteed to be present.
//     Test for the existence of the attribute first before attempting to access
//     its value. For more information, see the has (presence of attribute test)
//     operator (https://docs.cedarpolicy.com/policies/syntax-operators.html#has-presence-of-attribute-test)
//     in the Cedar Policy Language Guide.
//
//   - ImpossiblePolicy Cedar has determined that a policy condition always
//     evaluates to false. If the policy is always false, it can never apply
//     to any query, and so it can never affect an authorization decision.
//
//   - WrongNumberArguments The policy references an extension type with the
//     wrong number of arguments.
//
//   - FunctionArgumentValidationError Cedar couldn't parse the argument passed
//     to an extension type. For example, a string that is to be parsed as an
//     IPv4 address can contain only digits and the period character.
//
//   - AccessDeniedException
//     You don't have sufficient access to perform this action.
//
//   - ResourceNotFoundException
//     The request failed because it references a resource that doesn't exist.
//
//   - ThrottlingException
//     The request failed because it exceeded a throttling quota.
//
//   - InternalServerException
//     The request failed because of an internal error. Try your request again later
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/GetIdentitySource
func (c *VerifiedPermissions) GetIdentitySource(input *GetIdentitySourceInput) (*GetIdentitySourceOutput, error) {
	req, out := c.GetIdentitySourceRequest(input)
	return out, req.Send()
}

// GetIdentitySourceWithContext is the same as GetIdentitySource with the addition of
// the ability to pass a context and additional request options.
//
// See GetIdentitySource for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *VerifiedPermissions) GetIdentitySourceWithContext(ctx aws.Context, input *GetIdentitySourceInput, opts ...request.Option) (*GetIdentitySourceOutput, error) {
	req, out := c.GetIdentitySourceRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

const opGetPolicy = "GetPolicy"

// GetPolicyRequest generates a "aws/request.Request" representing the
// client's request for the GetPolicy operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See GetPolicy for more information on using the GetPolicy
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//	// Example sending a request using the GetPolicyRequest method.
//	req, resp := client.GetPolicyRequest(params)
//
//	err := req.Send()
//	if err == nil { // resp is now filled
//	    fmt.Println(resp)
//	}
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/GetPolicy
func (c *VerifiedPermissions) GetPolicyRequest(input *GetPolicyInput) (req *request.Request, output *GetPolicyOutput) {
	op := &request.Operation{
		Name:       opGetPolicy,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &GetPolicyInput{}
	}

	output = &GetPolicyOutput{}
	req = c.newRequest(op, input, output)
	return
}

// GetPolicy API operation for Amazon Verified Permissions.
//
// Retrieves information about the specified policy.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for Amazon Verified Permissions's
// API operation GetPolicy for usage and error information.
//
// Returned Error Types:
//
//   - ValidationException
//     The request failed because one or more input parameters don't satisfy their
//     constraint requirements. The output is provided as a list of fields and a
//     reason for each field that isn't valid.
//
//     The possible reasons include the following:
//
//   - UnrecognizedEntityType The policy includes an entity type that isn't
//     found in the schema.
//
//   - UnrecognizedActionId The policy includes an action id that isn't found
//     in the schema.
//
//   - InvalidActionApplication The policy includes an action that, according
//     to the schema, doesn't support the specified principal and resource.
//
//   - UnexpectedType The policy included an operand that isn't a valid type
//     for the specified operation.
//
//   - IncompatibleTypes The types of elements included in a set, or the types
//     of expressions used in an if...then...else clause aren't compatible in
//     this context.
//
//   - MissingAttribute The policy attempts to access a record or entity attribute
//     that isn't specified in the schema. Test for the existence of the attribute
//     first before attempting to access its value. For more information, see
//     the has (presence of attribute test) operator (https://docs.cedarpolicy.com/policies/syntax-operators.html#has-presence-of-attribute-test)
//     in the Cedar Policy Language Guide.
//
//   - UnsafeOptionalAttributeAccess The policy attempts to access a record
//     or entity attribute that is optional and isn't guaranteed to be present.
//     Test for the existence of the attribute first before attempting to access
//     its value. For more information, see the has (presence of attribute test)
//     operator (https://docs.cedarpolicy.com/policies/syntax-operators.html#has-presence-of-attribute-test)
//     in the Cedar Policy Language Guide.
//
//   - ImpossiblePolicy Cedar has determined that a policy condition always
//     evaluates to false. If the policy is always false, it can never apply
//     to any query, and so it can never affect an authorization decision.
//
//   - WrongNumberArguments The policy references an extension type with the
//     wrong number of arguments.
//
//   - FunctionArgumentValidationError Cedar couldn't parse the argument passed
//     to an extension type. For example, a string that is to be parsed as an
//     IPv4 address can contain only digits and the period character.
//
//   - AccessDeniedException
//     You don't have sufficient access to perform this action.
//
//   - ResourceNotFoundException
//     The request failed because it references a resource that doesn't exist.
//
//   - ThrottlingException
//     The request failed because it exceeded a throttling quota.
//
//   - InternalServerException
//     The request failed because of an internal error. Try your request again later
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/GetPolicy
func (c *VerifiedPermissions) GetPolicy(input *GetPolicyInput) (*GetPolicyOutput, error) {
	req, out := c.GetPolicyRequest(input)
	return out, req.Send()
}

// GetPolicyWithContext is the same as GetPolicy with the addition of
// the ability to pass a context and additional request options.
//
// See GetPolicy for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *VerifiedPermissions) GetPolicyWithContext(ctx aws.Context, input *GetPolicyInput, opts ...request.Option) (*GetPolicyOutput, error) {
	req, out := c.GetPolicyRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

const opGetPolicyStore = "GetPolicyStore"

// GetPolicyStoreRequest generates a "aws/request.Request" representing the
// client's request for the GetPolicyStore operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See GetPolicyStore for more information on using the GetPolicyStore
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//	// Example sending a request using the GetPolicyStoreRequest method.
//	req, resp := client.GetPolicyStoreRequest(params)
//
//	err := req.Send()
//	if err == nil { // resp is now filled
//	    fmt.Println(resp)
//	}
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/GetPolicyStore
func (c *VerifiedPermissions) GetPolicyStoreRequest(input *GetPolicyStoreInput) (req *request.Request, output *GetPolicyStoreOutput) {
	op := &request.Operation{
		Name:       opGetPolicyStore,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &GetPolicyStoreInput{}
	}

	output = &GetPolicyStoreOutput{}
	req = c.newRequest(op, input, output)
	return
}

// GetPolicyStore API operation for Amazon Verified Permissions.
//
// Retrieves details about a policy store.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for Amazon Verified Permissions's
// API operation GetPolicyStore for usage and error information.
//
// Returned Error Types:
//
//   - ValidationException
//     The request failed because one or more input parameters don't satisfy their
//     constraint requirements. The output is provided as a list of fields and a
//     reason for each field that isn't valid.
//
//     The possible reasons include the following:
//
//   - UnrecognizedEntityType The policy includes an entity type that isn't
//     found in the schema.
//
//   - UnrecognizedActionId The policy includes an action id that isn't found
//     in the schema.
//
//   - InvalidActionApplication The policy includes an action that, according
//     to the schema, doesn't support the specified principal and resource.
//
//   - UnexpectedType The policy included an operand that isn't a valid type
//     for the specified operation.
//
//   - IncompatibleTypes The types of elements included in a set, or the types
//     of expressions used in an if...then...else clause aren't compatible in
//     this context.
//
//   - MissingAttribute The policy attempts to access a record or entity attribute
//     that isn't specified in the schema. Test for the existence of the attribute
//     first before attempting to access its value. For more information, see
//     the has (presence of attribute test) operator (https://docs.cedarpolicy.com/policies/syntax-operators.html#has-presence-of-attribute-test)
//     in the Cedar Policy Language Guide.
//
//   - UnsafeOptionalAttributeAccess The policy attempts to access a record
//     or entity attribute that is optional and isn't guaranteed to be present.
//     Test for the existence of the attribute first before attempting to access
//     its value. For more information, see the has (presence of attribute test)
//     operator (https://docs.cedarpolicy.com/policies/syntax-operators.html#has-presence-of-attribute-test)
//     in the Cedar Policy Language Guide.
//
//   - ImpossiblePolicy Cedar has determined that a policy condition always
//     evaluates to false. If the policy is always false, it can never apply
//     to any query, and so it can never affect an authorization decision.
//
//   - WrongNumberArguments The policy references an extension type with the
//     wrong number of arguments.
//
//   - FunctionArgumentValidationError Cedar couldn't parse the argument passed
//     to an extension type. For example, a string that is to be parsed as an
//     IPv4 address can contain only digits and the period character.
//
//   - AccessDeniedException
//     You don't have sufficient access to perform this action.
//
//   - ResourceNotFoundException
//     The request failed because it references a resource that doesn't exist.
//
//   - ThrottlingException
//     The request failed because it exceeded a throttling quota.
//
//   - InternalServerException
//     The request failed because of an internal error. Try your request again later
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/GetPolicyStore
func (c *VerifiedPermissions) GetPolicyStore(input *GetPolicyStoreInput) (*GetPolicyStoreOutput, error) {
	req, out := c.GetPolicyStoreRequest(input)
	return out, req.Send()
}

// GetPolicyStoreWithContext is the same as GetPolicyStore with the addition of
// the ability to pass a context and additional request options.
//
// See GetPolicyStore for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *VerifiedPermissions) GetPolicyStoreWithContext(ctx aws.Context, input *GetPolicyStoreInput, opts ...request.Option) (*GetPolicyStoreOutput, error) {
	req, out := c.GetPolicyStoreRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

const opGetPolicyTemplate = "GetPolicyTemplate"

// GetPolicyTemplateRequest generates a "aws/request.Request" representing the
// client's request for the GetPolicyTemplate operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See GetPolicyTemplate for more information on using the GetPolicyTemplate
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//	// Example sending a request using the GetPolicyTemplateRequest method.
//	req, resp := client.GetPolicyTemplateRequest(params)
//
//	err := req.Send()
//	if err == nil { // resp is now filled
//	    fmt.Println(resp)
//	}
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/GetPolicyTemplate
func (c *VerifiedPermissions) GetPolicyTemplateRequest(input *GetPolicyTemplateInput) (req *request.Request, output *GetPolicyTemplateOutput) {
	op := &request.Operation{
		Name:       opGetPolicyTemplate,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &GetPolicyTemplateInput{}
	}

	output = &GetPolicyTemplateOutput{}
	req = c.newRequest(op, input, output)
	return
}

// GetPolicyTemplate API operation for Amazon Verified Permissions.
//
// Retrieve the details for the specified policy template in the specified policy
// store.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for Amazon Verified Permissions's
// API operation GetPolicyTemplate for usage and error information.
//
// Returned Error Types:
//
//   - ValidationException
//     The request failed because one or more input parameters don't satisfy their
//     constraint requirements. The output is provided as a list of fields and a
//     reason for each field that isn't valid.
//
//     The possible reasons include the following:
//
//   - UnrecognizedEntityType The policy includes an entity type that isn't
//     found in the schema.
//
//   - UnrecognizedActionId The policy includes an action id that isn't found
//     in the schema.
//
//   - InvalidActionApplication The policy includes an action that, according
//     to the schema, doesn't support the specified principal and resource.
//
//   - UnexpectedType The policy included an operand that isn't a valid type
//     for the specified operation.
//
//   - IncompatibleTypes The types of elements included in a set, or the types
//     of expressions used in an if...then...else clause aren't compatible in
//     this context.
//
//   - MissingAttribute The policy attempts to access a record or entity attribute
//     that isn't specified in the schema. Test for the existence of the attribute
//     first before attempting to access its value. For more information, see
//     the has (presence of attribute test) operator (https://docs.cedarpolicy.com/policies/syntax-operators.html#has-presence-of-attribute-test)
//     in the Cedar Policy Language Guide.
//
//   - UnsafeOptionalAttributeAccess The policy attempts to access a record
//     or entity attribute that is optional and isn't guaranteed to be present.
//     Test for the existence of the attribute first before attempting to access
//     its value. For more information, see the has (presence of attribute test)
//     operator (https://docs.cedarpolicy.com/policies/syntax-operators.html#has-presence-of-attribute-test)
//     in the Cedar Policy Language Guide.
//
//   - ImpossiblePolicy Cedar has determined that a policy condition always
//     evaluates to false. If the policy is always false, it can never apply
//     to any query, and so it can never affect an authorization decision.
//
//   - WrongNumberArguments The policy references an extension type with the
//     wrong number of arguments.
//
//   - FunctionArgumentValidationError Cedar couldn't parse the argument passed
//     to an extension type. For example, a string that is to be parsed as an
//     IPv4 address can contain only digits and the period character.
//
//   - AccessDeniedException
//     You don't have sufficient access to perform this action.
//
//   - ResourceNotFoundException
//     The request failed because it references a resource that doesn't exist.
//
//   - ThrottlingException
//     The request failed because it exceeded a throttling quota.
//
//   - InternalServerException
//     The request failed because of an internal error. Try your request again later
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/GetPolicyTemplate
func (c *VerifiedPermissions) GetPolicyTemplate(input *GetPolicyTemplateInput) (*GetPolicyTemplateOutput, error) {
	req, out := c.GetPolicyTemplateRequest(input)
	return out, req.Send()
}

// GetPolicyTemplateWithContext is the same as GetPolicyTemplate with the addition of
// the ability to pass a context and additional request options.
//
// See GetPolicyTemplate for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *VerifiedPermissions) GetPolicyTemplateWithContext(ctx aws.Context, input *GetPolicyTemplateInput, opts ...request.Option) (*GetPolicyTemplateOutput, error) {
	req, out := c.GetPolicyTemplateRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

const opGetSchema = "GetSchema"

// GetSchemaRequest generates a "aws/request.Request" representing the
// client's request for the GetSchema operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See GetSchema for more information on using the GetSchema
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//	// Example sending a request using the GetSchemaRequest method.
//	req, resp := client.GetSchemaRequest(params)
//
//	err := req.Send()
//	if err == nil { // resp is now filled
//	    fmt.Println(resp)
//	}
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/GetSchema
func (c *VerifiedPermissions) GetSchemaRequest(input *GetSchemaInput) (req *request.Request, output *GetSchemaOutput) {
	op := &request.Operation{
		Name:       opGetSchema,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &GetSchemaInput{}
	}

	output = &GetSchemaOutput{}
	req = c.newRequest(op, input, output)
	return
}

// GetSchema API operation for Amazon Verified Permissions.
//
// Retrieve the details for the specified schema in the specified policy store.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for Amazon Verified Permissions's
// API operation GetSchema for usage and error information.
//
// Returned Error Types:
//
//   - ValidationException
//     The request failed because one or more input parameters don't satisfy their
//     constraint requirements. The output is provided as a list of fields and a
//     reason for each field that isn't valid.
//
//     The possible reasons include the following:
//
//   - UnrecognizedEntityType The policy includes an entity type that isn't
//     found in the schema.
//
//   - UnrecognizedActionId The policy includes an action id that isn't found
//     in the schema.
//
//   - InvalidActionApplication The policy includes an action that, according
//     to the schema, doesn't support the specified principal and resource.
//
//   - UnexpectedType The policy included an operand that isn't a valid type
//     for the specified operation.
//
//   - IncompatibleTypes The types of elements included in a set, or the types
//     of expressions used in an if...then...else clause aren't compatible in
//     this context.
//
//   - MissingAttribute The policy attempts to access a record or entity attribute
//     that isn't specified in the schema. Test for the existence of the attribute
//     first before attempting to access its value. For more information, see
//     the has (presence of attribute test) operator (https://docs.cedarpolicy.com/policies/syntax-operators.html#has-presence-of-attribute-test)
//     in the Cedar Policy Language Guide.
//
//   - UnsafeOptionalAttributeAccess The policy attempts to access a record
//     or entity attribute that is optional and isn't guaranteed to be present.
//     Test for the existence of the attribute first before attempting to access
//     its value. For more information, see the has (presence of attribute test)
//     operator (https://docs.cedarpolicy.com/policies/syntax-operators.html#has-presence-of-attribute-test)
//     in the Cedar Policy Language Guide.
//
//   - ImpossiblePolicy Cedar has determined that a policy condition always
//     evaluates to false. If the policy is always false, it can never apply
//     to any query, and so it can never affect an authorization decision.
//
//   - WrongNumberArguments The policy references an extension type with the
//     wrong number of arguments.
//
//   - FunctionArgumentValidationError Cedar couldn't parse the argument passed
//     to an extension type. For example, a string that is to be parsed as an
//     IPv4 address can contain only digits and the period character.
//
//   - AccessDeniedException
//     You don't have sufficient access to perform this action.
//
//   - ResourceNotFoundException
//     The request failed because it references a resource that doesn't exist.
//
//   - ThrottlingException
//     The request failed because it exceeded a throttling quota.
//
//   - InternalServerException
//     The request failed because of an internal error. Try your request again later
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/GetSchema
func (c *VerifiedPermissions) GetSchema(input *GetSchemaInput) (*GetSchemaOutput, error) {
	req, out := c.GetSchemaRequest(input)
	return out, req.Send()
}

// GetSchemaWithContext is the same as GetSchema with the addition of
// the ability to pass a context and additional request options.
//
// See GetSchema for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *VerifiedPermissions) GetSchemaWithContext(ctx aws.Context, input *GetSchemaInput, opts ...request.Option) (*GetSchemaOutput, error) {
	req, out := c.GetSchemaRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

const opIsAuthorized = "IsAuthorized"

// IsAuthorizedRequest generates a "aws/request.Request" representing the
// client's request for the IsAuthorized operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See IsAuthorized for more information on using the IsAuthorized
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//	// Example sending a request using the IsAuthorizedRequest method.
//	req, resp := client.IsAuthorizedRequest(params)
//
//	err := req.Send()
//	if err == nil { // resp is now filled
//	    fmt.Println(resp)
//	}
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/IsAuthorized
func (c *VerifiedPermissions) IsAuthorizedRequest(input *IsAuthorizedInput) (req *request.Request, output *IsAuthorizedOutput) {
	op := &request.Operation{
		Name:       opIsAuthorized,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &IsAuthorizedInput{}
	}

	output = &IsAuthorizedOutput{}
	req = c.newRequest(op, input, output)
	return
}

// IsAuthorized API operation for Amazon Verified Permissions.
//
// Makes an authorization decision about a service request described in the
// parameters. The information in the parameters can also define additional
// context that Verified Permissions can include in the evaluation. The request
// is evaluated against all matching policies in the specified policy store.
// The result of the decision is either Allow or Deny, along with a list of
// the policies that resulted in the decision.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for Amazon Verified Permissions's
// API operation IsAuthorized for usage and error information.
//
// Returned Error Types:
//
//   - ValidationException
//     The request failed because one or more input parameters don't satisfy their
//     constraint requirements. The output is provided as a list of fields and a
//     reason for each field that isn't valid.
//
//     The possible reasons include the following:
//
//   - UnrecognizedEntityType The policy includes an entity type that isn't
//     found in the schema.
//
//   - UnrecognizedActionId The policy includes an action id that isn't found
//     in the schema.
//
//   - InvalidActionApplication The policy includes an action that, according
//     to the schema, doesn't support the specified principal and resource.
//
//   - UnexpectedType The policy included an operand that isn't a valid type
//     for the specified operation.
//
//   - IncompatibleTypes The types of elements included in a set, or the types
//     of expressions used in an if...then...else clause aren't compatible in
//     this context.
//
//   - MissingAttribute The policy attempts to access a record or entity attribute
//     that isn't specified in the schema. Test for the existence of the attribute
//     first before attempting to access its value. For more information, see
//     the has (presence of attribute test) operator (https://docs.cedarpolicy.com/policies/syntax-operators.html#has-presence-of-attribute-test)
//     in the Cedar Policy Language Guide.
//
//   - UnsafeOptionalAttributeAccess The policy attempts to access a record
//     or entity attribute that is optional and isn't guaranteed to be present.
//     Test for the existence of the attribute first before attempting to access
//     its value. For more information, see the has (presence of attribute test)
//     operator (https://docs.cedarpolicy.com/policies/syntax-operators.html#has-presence-of-attribute-test)
//     in the Cedar Policy Language Guide.
//
//   - ImpossiblePolicy Cedar has determined that a policy condition always
//     evaluates to false. If the policy is always false, it can never apply
//     to any query, and so it can never affect an authorization decision.
//
//   - WrongNumberArguments The policy references an extension type with the
//     wrong number of arguments.
//
//   - FunctionArgumentValidationError Cedar couldn't parse the argument passed
//     to an extension type. For example, a string that is to be parsed as an
//     IPv4 address can contain only digits and the period character.
//
//   - AccessDeniedException
//     You don't have sufficient access to perform this action.
//
//   - ResourceNotFoundException
//     The request failed because it references a resource that doesn't exist.
//
//   - ThrottlingException
//     The request failed because it exceeded a throttling quota.
//
//   - InternalServerException
//     The request failed because of an internal error. Try your request again later
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/IsAuthorized
func (c *VerifiedPermissions) IsAuthorized(input *IsAuthorizedInput) (*IsAuthorizedOutput, error) {
	req, out := c.IsAuthorizedRequest(input)
	return out, req.Send()
}

// IsAuthorizedWithContext is the same as IsAuthorized with the addition of
// the ability to pass a context and additional request options.
//
// See IsAuthorized for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *VerifiedPermissions) IsAuthorizedWithContext(ctx aws.Context, input *IsAuthorizedInput, opts ...request.Option) (*IsAuthorizedOutput, error) {
	req, out := c.IsAuthorizedRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

const opIsAuthorizedWithToken = "IsAuthorizedWithToken"

// IsAuthorizedWithTokenRequest generates a "aws/request.Request" representing the
// client's request for the IsAuthorizedWithToken operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See IsAuthorizedWithToken for more information on using the IsAuthorizedWithToken
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//	// Example sending a request using the IsAuthorizedWithTokenRequest method.
//	req, resp := client.IsAuthorizedWithTokenRequest(params)
//
//	err := req.Send()
//	if err == nil { // resp is now filled
//	    fmt.Println(resp)
//	}
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/IsAuthorizedWithToken
func (c *VerifiedPermissions) IsAuthorizedWithTokenRequest(input *IsAuthorizedWithTokenInput) (req *request.Request, output *IsAuthorizedWithTokenOutput) {
	op := &request.Operation{
		Name:       opIsAuthorizedWithToken,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &IsAuthorizedWithTokenInput{}
	}

	output = &IsAuthorizedWithTokenOutput{}
	req = c.newRequest(op, input, output)
	return
}

// IsAuthorizedWithToken API operation for Amazon Verified Permissions.
//
// Makes an authorization decision about a service request described in the
// parameters. The principal in this request comes from an external identity
// source in the form of an identity token formatted as a JSON web token (JWT)
// (https://wikipedia.org/wiki/JSON_Web_Token). The information in the parameters
// can also define additional context that Verified Permissions can include
// in the evaluation. The request is evaluated against all matching policies
// in the specified policy store. The result of the decision is either Allow
// or Deny, along with a list of the policies that resulted in the decision.
//
// If you specify the identityToken parameter, then this operation derives the
// principal from that token. You must not also include that principal in the
// entities parameter or the operation fails and reports a conflict between
// the two entity sources.
//
// If you provide only an accessToken, then you can include the entity as part
// of the entities parameter to provide additional attributes.
//
// At this time, Verified Permissions accepts tokens from only Amazon Cognito.
//
// Verified Permissions validates each token that is specified in a request
// by checking its expiration date and its signature.
//
// If you delete a Amazon Cognito user pool or user, tokens from that deleted
// pool or that deleted user continue to be usable until they expire.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for Amazon Verified Permissions's
// API operation IsAuthorizedWithToken for usage and error information.
//
// Returned Error Types:
//
//   - ValidationException
//     The request failed because one or more input parameters don't satisfy their
//     constraint requirements. The output is provided as a list of fields and a
//     reason for each field that isn't valid.
//
//     The possible reasons include the following:
//
//   - UnrecognizedEntityType The policy includes an entity type that isn't
//     found in the schema.
//
//   - UnrecognizedActionId The policy includes an action id that isn't found
//     in the schema.
//
//   - InvalidActionApplication The policy includes an action that, according
//     to the schema, doesn't support the specified principal and resource.
//
//   - UnexpectedType The policy included an operand that isn't a valid type
//     for the specified operation.
//
//   - IncompatibleTypes The types of elements included in a set, or the types
//     of expressions used in an if...then...else clause aren't compatible in
//     this context.
//
//   - MissingAttribute The policy attempts to access a record or entity attribute
//     that isn't specified in the schema. Test for the existence of the attribute
//     first before attempting to access its value. For more information, see
//     the has (presence of attribute test) operator (https://docs.cedarpolicy.com/policies/syntax-operators.html#has-presence-of-attribute-test)
//     in the Cedar Policy Language Guide.
//
//   - UnsafeOptionalAttributeAccess The policy attempts to access a record
//     or entity attribute that is optional and isn't guaranteed to be present.
//     Test for the existence of the attribute first before attempting to access
//     its value. For more information, see the has (presence of attribute test)
//     operator (https://docs.cedarpolicy.com/policies/syntax-operators.html#has-presence-of-attribute-test)
//     in the Cedar Policy Language Guide.
//
//   - ImpossiblePolicy Cedar has determined that a policy condition always
//     evaluates to false. If the policy is always false, it can never apply
//     to any query, and so it can never affect an authorization decision.
//
//   - WrongNumberArguments The policy references an extension type with the
//     wrong number of arguments.
//
//   - FunctionArgumentValidationError Cedar couldn't parse the argument passed
//     to an extension type. For example, a string that is to be parsed as an
//     IPv4 address can contain only digits and the period character.
//
//   - AccessDeniedException
//     You don't have sufficient access to perform this action.
//
//   - ResourceNotFoundException
//     The request failed because it references a resource that doesn't exist.
//
//   - ThrottlingException
//     The request failed because it exceeded a throttling quota.
//
//   - InternalServerException
//     The request failed because of an internal error. Try your request again later
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/IsAuthorizedWithToken
func (c *VerifiedPermissions) IsAuthorizedWithToken(input *IsAuthorizedWithTokenInput) (*IsAuthorizedWithTokenOutput, error) {
	req, out := c.IsAuthorizedWithTokenRequest(input)
	return out, req.Send()
}

// IsAuthorizedWithTokenWithContext is the same as IsAuthorizedWithToken with the addition of
// the ability to pass a context and additional request options.
//
// See IsAuthorizedWithToken for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *VerifiedPermissions) IsAuthorizedWithTokenWithContext(ctx aws.Context, input *IsAuthorizedWithTokenInput, opts ...request.Option) (*IsAuthorizedWithTokenOutput, error) {
	req, out := c.IsAuthorizedWithTokenRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

const opListIdentitySources = "ListIdentitySources"

// ListIdentitySourcesRequest generates a "aws/request.Request" representing the
// client's request for the ListIdentitySources operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See ListIdentitySources for more information on using the ListIdentitySources
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//	// Example sending a request using the ListIdentitySourcesRequest method.
//	req, resp := client.ListIdentitySourcesRequest(params)
//
//	err := req.Send()
//	if err == nil { // resp is now filled
//	    fmt.Println(resp)
//	}
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/ListIdentitySources
func (c *VerifiedPermissions) ListIdentitySourcesRequest(input *ListIdentitySourcesInput) (req *request.Request, output *ListIdentitySourcesOutput) {
	op := &request.Operation{
		Name:       opListIdentitySources,
		HTTPMethod: "POST",
		HTTPPath:   "/",
		Paginator: &request.Paginator{
			InputTokens:     []string{"nextToken"},
			OutputTokens:    []string{"nextToken"},
			LimitToken:      "maxResults",
			TruncationToken: "",
		},
	}

	if input == nil {
		input = &ListIdentitySourcesInput{}
	}

	output = &ListIdentitySourcesOutput{}
	req = c.newRequest(op, input, output)
	return
}

// ListIdentitySources API operation for Amazon Verified Permissions.
//
// Returns a paginated list of all of the identity sources defined in the specified
// policy store.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for Amazon Verified Permissions's
// API operation ListIdentitySources for usage and error information.
//
// Returned Error Types:
//
//   - ValidationException
//     The request failed because one or more input parameters don't satisfy their
//     constraint requirements. The output is provided as a list of fields and a
//     reason for each field that isn't valid.
//
//     The possible reasons include the following:
//
//   - UnrecognizedEntityType The policy includes an entity type that isn't
//     found in the schema.
//
//   - UnrecognizedActionId The policy includes an action id that isn't found
//     in the schema.
//
//   - InvalidActionApplication The policy includes an action that, according
//     to the schema, doesn't support the specified principal and resource.
//
//   - UnexpectedType The policy included an operand that isn't a valid type
//     for the specified operation.
//
//   - IncompatibleTypes The types of elements included in a set, or the types
//     of expressions used in an if...then...else clause aren't compatible in
//     this context.
//
//   - MissingAttribute The policy attempts to access a record or entity attribute
//     that isn't specified in the schema. Test for the existence of the attribute
//     first before attempting to access its value. For more information, see
//     the has (presence of attribute test) operator (https://docs.cedarpolicy.com/policies/syntax-operators.html#has-presence-of-attribute-test)
//     in the Cedar Policy Language Guide.
//
//   - UnsafeOptionalAttributeAccess The policy attempts to access a record
//     or entity attribute that is optional and isn't guaranteed to be present.
//     Test for the existence of the attribute first before attempting to access
//     its value. For more information, see the has (presence of attribute test)
//     operator (https://docs.cedarpolicy.com/policies/syntax-operators.html#has-presence-of-attribute-test)
//     in the Cedar Policy Language Guide.
//
//   - ImpossiblePolicy Cedar has determined that a policy condition always
//     evaluates to false. If the policy is always false, it can never apply
//     to any query, and so it can never affect an authorization decision.
//
//   - WrongNumberArguments The policy references an extension type with the
//     wrong number of arguments.
//
//   - FunctionArgumentValidationError Cedar couldn't parse the argument passed
//     to an extension type. For example, a string that is to be parsed as an
//     IPv4 address can contain only digits and the period character.
//
//   - AccessDeniedException
//     You don't have sufficient access to perform this action.
//
//   - ResourceNotFoundException
//     The request failed because it references a resource that doesn't exist.
//
//   - ThrottlingException
//     The request failed because it exceeded a throttling quota.
//
//   - InternalServerException
//     The request failed because of an internal error. Try your request again later
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/ListIdentitySources
func (c *VerifiedPermissions) ListIdentitySources(input *ListIdentitySourcesInput) (*ListIdentitySourcesOutput, error) {
	req, out := c.ListIdentitySourcesRequest(input)
	return out, req.Send()
}

// ListIdentitySourcesWithContext is the same as ListIdentitySources with the addition of
// the ability to pass a context and additional request options.
//
// See ListIdentitySources for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *VerifiedPermissions) ListIdentitySourcesWithContext(ctx aws.Context, input *ListIdentitySourcesInput, opts ...request.Option) (*ListIdentitySourcesOutput, error) {
	req, out := c.ListIdentitySourcesRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

// ListIdentitySourcesPages iterates over the pages of a ListIdentitySources operation,
// calling the "fn" function with the response data for each page. To stop
// iterating, return false from the fn function.
//
// See ListIdentitySources method for more information on how to use this operation.
//
// Note: This operation can generate multiple requests to a service.
//
//	// Example iterating over at most 3 pages of a ListIdentitySources operation.
//	pageNum := 0
//	err := client.ListIdentitySourcesPages(params,
//	    func(page *verifiedpermissions.ListIdentitySourcesOutput, lastPage bool) bool {
//	        pageNum++
//	        fmt.Println(page)
//	        return pageNum <= 3
//	    })
func (c *VerifiedPermissions) ListIdentitySourcesPages(input *ListIdentitySourcesInput, fn func(*ListIdentitySourcesOutput, bool) bool) error {
	return c.ListIdentitySourcesPagesWithContext(aws.BackgroundContext(), input, fn)
}

// ListIdentitySourcesPagesWithContext same as ListIdentitySourcesPages except
// it takes a Context and allows setting request options on the pages.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *VerifiedPermissions) ListIdentitySourcesPagesWithContext(ctx aws.Context, input *ListIdentitySourcesInput, fn func(*ListIdentitySourcesOutput, bool) bool, opts ...request.Option) error {
	p := request.Pagination{
		NewRequest: func() (*request.Request, error) {
			var inCpy *ListIdentitySourcesInput
			if input != nil {
				tmp := *input
				inCpy = &tmp
			}
			req, _ := c.ListIdentitySourcesRequest(inCpy)
			req.SetContext(ctx)
			req.ApplyOptions(opts...)
			return req, nil
		},
	}

	for p.Next() {
		if !fn(p.Page().(*ListIdentitySourcesOutput), !p.HasNextPage()) {
			break
		}
	}

	return p.Err()
}

const opListPolicies = "ListPolicies"

// ListPoliciesRequest generates a "aws/request.Request" representing the
// client's request for the ListPolicies operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See ListPolicies for more information on using the ListPolicies
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//	// Example sending a request using the ListPoliciesRequest method.
//	req, resp := client.ListPoliciesRequest(params)
//
//	err := req.Send()
//	if err == nil { // resp is now filled
//	    fmt.Println(resp)
//	}
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/ListPolicies
func (c *VerifiedPermissions) ListPoliciesRequest(input *ListPoliciesInput) (req *request.Request, output *ListPoliciesOutput) {
	op := &request.Operation{
		Name:       opListPolicies,
		HTTPMethod: "POST",
		HTTPPath:   "/",
		Paginator: &request.Paginator{
			InputTokens:     []string{"nextToken"},
			OutputTokens:    []string{"nextToken"},
			LimitToken:      "maxResults",
			TruncationToken: "",
		},
	}

	if input == nil {
		input = &ListPoliciesInput{}
	}

	output = &ListPoliciesOutput{}
	req = c.newRequest(op, input, output)
	return
}

// ListPolicies API operation for Amazon Verified Permissions.
//
// Returns a paginated list of all policies stored in the specified policy store.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for Amazon Verified Permissions's
// API operation ListPolicies for usage and error information.
//
// Returned Error Types:
//
//   - ValidationException
//     The request failed because one or more input parameters don't satisfy their
//     constraint requirements. The output is provided as a list of fields and a
//     reason for each field that isn't valid.
//
//     The possible reasons include the following:
//
//   - UnrecognizedEntityType The policy includes an entity type that isn't
//     found in the schema.
//
//   - UnrecognizedActionId The policy includes an action id that isn't found
//     in the schema.
//
//   - InvalidActionApplication The policy includes an action that, according
//     to the schema, doesn't support the specified principal and resource.
//
//   - UnexpectedType The policy included an operand that isn't a valid type
//     for the specified operation.
//
//   - IncompatibleTypes The types of elements included in a set, or the types
//     of expressions used in an if...then...else clause aren't compatible in
//     this context.
//
//   - MissingAttribute The policy attempts to access a record or entity attribute
//     that isn't specified in the schema. Test for the existence of the attribute
//     first before attempting to access its value. For more information, see
//     the has (presence of attribute test) operator (https://docs.cedarpolicy.com/policies/syntax-operators.html#has-presence-of-attribute-test)
//     in the Cedar Policy Language Guide.
//
//   - UnsafeOptionalAttributeAccess The policy attempts to access a record
//     or entity attribute that is optional and isn't guaranteed to be present.
//     Test for the existence of the attribute first before attempting to access
//     its value. For more information, see the has (presence of attribute test)
//     operator (https://docs.cedarpolicy.com/policies/syntax-operators.html#has-presence-of-attribute-test)
//     in the Cedar Policy Language Guide.
//
//   - ImpossiblePolicy Cedar has determined that a policy condition always
//     evaluates to false. If the policy is always false, it can never apply
//     to any query, and so it can never affect an authorization decision.
//
//   - WrongNumberArguments The policy references an extension type with the
//     wrong number of arguments.
//
//   - FunctionArgumentValidationError Cedar couldn't parse the argument passed
//     to an extension type. For example, a string that is to be parsed as an
//     IPv4 address can contain only digits and the period character.
//
//   - AccessDeniedException
//     You don't have sufficient access to perform this action.
//
//   - ResourceNotFoundException
//     The request failed because it references a resource that doesn't exist.
//
//   - ThrottlingException
//     The request failed because it exceeded a throttling quota.
//
//   - InternalServerException
//     The request failed because of an internal error. Try your request again later
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/ListPolicies
func (c *VerifiedPermissions) ListPolicies(input *ListPoliciesInput) (*ListPoliciesOutput, error) {
	req, out := c.ListPoliciesRequest(input)
	return out, req.Send()
}

// ListPoliciesWithContext is the same as ListPolicies with the addition of
// the ability to pass a context and additional request options.
//
// See ListPolicies for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *VerifiedPermissions) ListPoliciesWithContext(ctx aws.Context, input *ListPoliciesInput, opts ...request.Option) (*ListPoliciesOutput, error) {
	req, out := c.ListPoliciesRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

// ListPoliciesPages iterates over the pages of a ListPolicies operation,
// calling the "fn" function with the response data for each page. To stop
// iterating, return false from the fn function.
//
// See ListPolicies method for more information on how to use this operation.
//
// Note: This operation can generate multiple requests to a service.
//
//	// Example iterating over at most 3 pages of a ListPolicies operation.
//	pageNum := 0
//	err := client.ListPoliciesPages(params,
//	    func(page *verifiedpermissions.ListPoliciesOutput, lastPage bool) bool {
//	        pageNum++
//	        fmt.Println(page)
//	        return pageNum <= 3
//	    })
func (c *VerifiedPermissions) ListPoliciesPages(input *ListPoliciesInput, fn func(*ListPoliciesOutput, bool) bool) error {
	return c.ListPoliciesPagesWithContext(aws.BackgroundContext(), input, fn)
}

// ListPoliciesPagesWithContext same as ListPoliciesPages except
// it takes a Context and allows setting request options on the pages.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *VerifiedPermissions) ListPoliciesPagesWithContext(ctx aws.Context, input *ListPoliciesInput, fn func(*ListPoliciesOutput, bool) bool, opts ...request.Option) error {
	p := request.Pagination{
		NewRequest: func() (*request.Request, error) {
			var inCpy *ListPoliciesInput
			if input != nil {
				tmp := *input
				inCpy = &tmp
			}
			req, _ := c.ListPoliciesRequest(inCpy)
			req.SetContext(ctx)
			req.ApplyOptions(opts...)
			return req, nil
		},
	}

	for p.Next() {
		if !fn(p.Page().(*ListPoliciesOutput), !p.HasNextPage()) {
			break
		}
	}

	return p.Err()
}

const opListPolicyStores = "ListPolicyStores"

// ListPolicyStoresRequest generates a "aws/request.Request" representing the
// client's request for the ListPolicyStores operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See ListPolicyStores for more information on using the ListPolicyStores
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//	// Example sending a request using the ListPolicyStoresRequest method.
//	req, resp := client.ListPolicyStoresRequest(params)
//
//	err := req.Send()
//	if err == nil { // resp is now filled
//	    fmt.Println(resp)
//	}
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/ListPolicyStores
func (c *VerifiedPermissions) ListPolicyStoresRequest(input *ListPolicyStoresInput) (req *request.Request, output *ListPolicyStoresOutput) {
	op := &request.Operation{
		Name:       opListPolicyStores,
		HTTPMethod: "POST",
		HTTPPath:   "/",
		Paginator: &request.Paginator{
			InputTokens:     []string{"nextToken"},
			OutputTokens:    []string{"nextToken"},
			LimitToken:      "maxResults",
			TruncationToken: "",
		},
	}

	if input == nil {
		input = &ListPolicyStoresInput{}
	}

	output = &ListPolicyStoresOutput{}
	req = c.newRequest(op, input, output)
	return
}

// ListPolicyStores API operation for Amazon Verified Permissions.
//
// Returns a paginated list of all policy stores in the calling Amazon Web Services
// account.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for Amazon Verified Permissions's
// API operation ListPolicyStores for usage and error information.
//
// Returned Error Types:
//
//   - ValidationException
//     The request failed because one or more input parameters don't satisfy their
//     constraint requirements. The output is provided as a list of fields and a
//     reason for each field that isn't valid.
//
//     The possible reasons include the following:
//
//   - UnrecognizedEntityType The policy includes an entity type that isn't
//     found in the schema.
//
//   - UnrecognizedActionId The policy includes an action id that isn't found
//     in the schema.
//
//   - InvalidActionApplication The policy includes an action that, according
//     to the schema, doesn't support the specified principal and resource.
//
//   - UnexpectedType The policy included an operand that isn't a valid type
//     for the specified operation.
//
//   - IncompatibleTypes The types of elements included in a set, or the types
//     of expressions used in an if...then...else clause aren't compatible in
//     this context.
//
//   - MissingAttribute The policy attempts to access a record or entity attribute
//     that isn't specified in the schema. Test for the existence of the attribute
//     first before attempting to access its value. For more information, see
//     the has (presence of attribute test) operator (https://docs.cedarpolicy.com/policies/syntax-operators.html#has-presence-of-attribute-test)
//     in the Cedar Policy Language Guide.
//
//   - UnsafeOptionalAttributeAccess The policy attempts to access a record
//     or entity attribute that is optional and isn't guaranteed to be present.
//     Test for the existence of the attribute first before attempting to access
//     its value. For more information, see the has (presence of attribute test)
//     operator (https://docs.cedarpolicy.com/policies/syntax-operators.html#has-presence-of-attribute-test)
//     in the Cedar Policy Language Guide.
//
//   - ImpossiblePolicy Cedar has determined that a policy condition always
//     evaluates to false. If the policy is always false, it can never apply
//     to any query, and so it can never affect an authorization decision.
//
//   - WrongNumberArguments The policy references an extension type with the
//     wrong number of arguments.
//
//   - FunctionArgumentValidationError Cedar couldn't parse the argument passed
//     to an extension type. For example, a string that is to be parsed as an
//     IPv4 address can contain only digits and the period character.
//
//   - AccessDeniedException
//     You don't have sufficient access to perform this action.
//
//   - ThrottlingException
//     The request failed because it exceeded a throttling quota.
//
//   - InternalServerException
//     The request failed because of an internal error. Try your request again later
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/ListPolicyStores
func (c *VerifiedPermissions) ListPolicyStores(input *ListPolicyStoresInput) (*ListPolicyStoresOutput, error) {
	req, out := c.ListPolicyStoresRequest(input)
	return out, req.Send()
}

// ListPolicyStoresWithContext is the same as ListPolicyStores with the addition of
// the ability to pass a context and additional request options.
//
// See ListPolicyStores for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *VerifiedPermissions) ListPolicyStoresWithContext(ctx aws.Context, input *ListPolicyStoresInput, opts ...request.Option) (*ListPolicyStoresOutput, error) {
	req, out := c.ListPolicyStoresRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

// ListPolicyStoresPages iterates over the pages of a ListPolicyStores operation,
// calling the "fn" function with the response data for each page. To stop
// iterating, return false from the fn function.
//
// See ListPolicyStores method for more information on how to use this operation.
//
// Note: This operation can generate multiple requests to a service.
//
//	// Example iterating over at most 3 pages of a ListPolicyStores operation.
//	pageNum := 0
//	err := client.ListPolicyStoresPages(params,
//	    func(page *verifiedpermissions.ListPolicyStoresOutput, lastPage bool) bool {
//	        pageNum++
//	        fmt.Println(page)
//	        return pageNum <= 3
//	    })
func (c *VerifiedPermissions) ListPolicyStoresPages(input *ListPolicyStoresInput, fn func(*ListPolicyStoresOutput, bool) bool) error {
	return c.ListPolicyStoresPagesWithContext(aws.BackgroundContext(), input, fn)
}

// ListPolicyStoresPagesWithContext same as ListPolicyStoresPages except
// it takes a Context and allows setting request options on the pages.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *VerifiedPermissions) ListPolicyStoresPagesWithContext(ctx aws.Context, input *ListPolicyStoresInput, fn func(*ListPolicyStoresOutput, bool) bool, opts ...request.Option) error {
	p := request.Pagination{
		NewRequest: func() (*request.Request, error) {
			var inCpy *ListPolicyStoresInput
			if input != nil {
				tmp := *input
				inCpy = &tmp
			}
			req, _ := c.ListPolicyStoresRequest(inCpy)
			req.SetContext(ctx)
			req.ApplyOptions(opts...)
			return req, nil
		},
	}

	for p.Next() {
		if !fn(p.Page().(*ListPolicyStoresOutput), !p.HasNextPage()) {
			break
		}
	}

	return p.Err()
}

const opListPolicyTemplates = "ListPolicyTemplates"

// ListPolicyTemplatesRequest generates a "aws/request.Request" representing the
// client's request for the ListPolicyTemplates operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See ListPolicyTemplates for more information on using the ListPolicyTemplates
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//	// Example sending a request using the ListPolicyTemplatesRequest method.
//	req, resp := client.ListPolicyTemplatesRequest(params)
//
//	err := req.Send()
//	if err == nil { // resp is now filled
//	    fmt.Println(resp)
//	}
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/ListPolicyTemplates
func (c *VerifiedPermissions) ListPolicyTemplatesRequest(input *ListPolicyTemplatesInput) (req *request.Request, output *ListPolicyTemplatesOutput) {
	op := &request.Operation{
		Name:       opListPolicyTemplates,
		HTTPMethod: "POST",
		HTTPPath:   "/",
		Paginator: &request.Paginator{
			InputTokens:     []string{"nextToken"},
			OutputTokens:    []string{"nextToken"},
			LimitToken:      "maxResults",
			TruncationToken: "",
		},
	}

	if input == nil {
		input = &ListPolicyTemplatesInput{}
	}

	output = &ListPolicyTemplatesOutput{}
	req = c.newRequest(op, input, output)
	return
}

// ListPolicyTemplates API operation for Amazon Verified Permissions.
//
// Returns a paginated list of all policy templates in the specified policy
// store.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for Amazon Verified Permissions's
// API operation ListPolicyTemplates for usage and error information.
//
// Returned Error Types:
//
//   - ValidationException
//     The request failed because one or more input parameters don't satisfy their
//     constraint requirements. The output is provided as a list of fields and a
//     reason for each field that isn't valid.
//
//     The possible reasons include the following:
//
//   - UnrecognizedEntityType The policy includes an entity type that isn't
//     found in the schema.
//
//   - UnrecognizedActionId The policy includes an action id that isn't found
//     in the schema.
//
//   - InvalidActionApplication The policy includes an action that, according
//     to the schema, doesn't support the specified principal and resource.
//
//   - UnexpectedType The policy included an operand that isn't a valid type
//     for the specified operation.
//
//   - IncompatibleTypes The types of elements included in a set, or the types
//     of expressions used in an if...then...else clause aren't compatible in
//     this context.
//
//   - MissingAttribute The policy attempts to access a record or entity attribute
//     that isn't specified in the schema. Test for the existence of the attribute
//     first before attempting to access its value. For more information, see
//     the has (presence of attribute test) operator (https://docs.cedarpolicy.com/policies/syntax-operators.html#has-presence-of-attribute-test)
//     in the Cedar Policy Language Guide.
//
//   - UnsafeOptionalAttributeAccess The policy attempts to access a record
//     or entity attribute that is optional and isn't guaranteed to be present.
//     Test for the existence of the attribute first before attempting to access
//     its value. For more information, see the has (presence of attribute test)
//     operator (https://docs.cedarpolicy.com/policies/syntax-operators.html#has-presence-of-attribute-test)
//     in the Cedar Policy Language Guide.
//
//   - ImpossiblePolicy Cedar has determined that a policy condition always
//     evaluates to false. If the policy is always false, it can never apply
//     to any query, and so it can never affect an authorization decision.
//
//   - WrongNumberArguments The policy references an extension type with the
//     wrong number of arguments.
//
//   - FunctionArgumentValidationError Cedar couldn't parse the argument passed
//     to an extension type. For example, a string that is to be parsed as an
//     IPv4 address can contain only digits and the period character.
//
//   - AccessDeniedException
//     You don't have sufficient access to perform this action.
//
//   - ResourceNotFoundException
//     The request failed because it references a resource that doesn't exist.
//
//   - ThrottlingException
//     The request failed because it exceeded a throttling quota.
//
//   - InternalServerException
//     The request failed because of an internal error. Try your request again later
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/ListPolicyTemplates
func (c *VerifiedPermissions) ListPolicyTemplates(input *ListPolicyTemplatesInput) (*ListPolicyTemplatesOutput, error) {
	req, out := c.ListPolicyTemplatesRequest(input)
	return out, req.Send()
}

// ListPolicyTemplatesWithContext is the same as ListPolicyTemplates with the addition of
// the ability to pass a context and additional request options.
//
// See ListPolicyTemplates for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *VerifiedPermissions) ListPolicyTemplatesWithContext(ctx aws.Context, input *ListPolicyTemplatesInput, opts ...request.Option) (*ListPolicyTemplatesOutput, error) {
	req, out := c.ListPolicyTemplatesRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

// ListPolicyTemplatesPages iterates over the pages of a ListPolicyTemplates operation,
// calling the "fn" function with the response data for each page. To stop
// iterating, return false from the fn function.
//
// See ListPolicyTemplates method for more information on how to use this operation.
//
// Note: This operation can generate multiple requests to a service.
//
//	// Example iterating over at most 3 pages of a ListPolicyTemplates operation.
//	pageNum := 0
//	err := client.ListPolicyTemplatesPages(params,
//	    func(page *verifiedpermissions.ListPolicyTemplatesOutput, lastPage bool) bool {
//	        pageNum++
//	        fmt.Println(page)
//	        return pageNum <= 3
//	    })
func (c *VerifiedPermissions) ListPolicyTemplatesPages(input *ListPolicyTemplatesInput, fn func(*ListPolicyTemplatesOutput, bool) bool) error {
	return c.ListPolicyTemplatesPagesWithContext(aws.BackgroundContext(), input, fn)
}

// ListPolicyTemplatesPagesWithContext same as ListPolicyTemplatesPages except
// it takes a Context and allows setting request options on the pages.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *VerifiedPermissions) ListPolicyTemplatesPagesWithContext(ctx aws.Context, input *ListPolicyTemplatesInput, fn func(*ListPolicyTemplatesOutput, bool) bool, opts ...request.Option) error {
	p := request.Pagination{
		NewRequest: func() (*request.Request, error) {
			var inCpy *ListPolicyTemplatesInput
			if input != nil {
				tmp := *input
				inCpy = &tmp
			}
			req, _ := c.ListPolicyTemplatesRequest(inCpy)
			req.SetContext(ctx)
			req.ApplyOptions(opts...)
			return req, nil
		},
	}

	for p.Next() {
		if !fn(p.Page().(*ListPolicyTemplatesOutput), !p.HasNextPage()) {
			break
		}
	}

	return p.Err()
}

const opPutSchema = "PutSchema"

// PutSchemaRequest generates a "aws/request.Request" representing the
// client's request for the PutSchema operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See PutSchema for more information on using the PutSchema
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//	// Example sending a request using the PutSchemaRequest method.
//	req, resp := client.PutSchemaRequest(params)
//
//	err := req.Send()
//	if err == nil { // resp is now filled
//	    fmt.Println(resp)
//	}
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/PutSchema
func (c *VerifiedPermissions) PutSchemaRequest(input *PutSchemaInput) (req *request.Request, output *PutSchemaOutput) {
	op := &request.Operation{
		Name:       opPutSchema,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &PutSchemaInput{}
	}

	output = &PutSchemaOutput{}
	req = c.newRequest(op, input, output)
	return
}

// PutSchema API operation for Amazon Verified Permissions.
//
// Creates or updates the policy schema in the specified policy store. The schema
// is used to validate any Cedar policies and policy templates submitted to
// the policy store. Any changes to the schema validate only policies and templates
// submitted after the schema change. Existing policies and templates are not
// re-evaluated against the changed schema. If you later update a policy, then
// it is evaluated against the new schema at that time.
//
// Verified Permissions is eventually consistent (https://wikipedia.org/wiki/Eventual_consistency)
// . It can take a few seconds for a new or changed element to be propagate
// through the service and be visible in the results of other Verified Permissions
// operations.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for Amazon Verified Permissions's
// API operation PutSchema for usage and error information.
//
// Returned Error Types:
//
//   - ValidationException
//     The request failed because one or more input parameters don't satisfy their
//     constraint requirements. The output is provided as a list of fields and a
//     reason for each field that isn't valid.
//
//     The possible reasons include the following:
//
//   - UnrecognizedEntityType The policy includes an entity type that isn't
//     found in the schema.
//
//   - UnrecognizedActionId The policy includes an action id that isn't found
//     in the schema.
//
//   - InvalidActionApplication The policy includes an action that, according
//     to the schema, doesn't support the specified principal and resource.
//
//   - UnexpectedType The policy included an operand that isn't a valid type
//     for the specified operation.
//
//   - IncompatibleTypes The types of elements included in a set, or the types
//     of expressions used in an if...then...else clause aren't compatible in
//     this context.
//
//   - MissingAttribute The policy attempts to access a record or entity attribute
//     that isn't specified in the schema. Test for the existence of the attribute
//     first before attempting to access its value. For more information, see
//     the has (presence of attribute test) operator (https://docs.cedarpolicy.com/policies/syntax-operators.html#has-presence-of-attribute-test)
//     in the Cedar Policy Language Guide.
//
//   - UnsafeOptionalAttributeAccess The policy attempts to access a record
//     or entity attribute that is optional and isn't guaranteed to be present.
//     Test for the existence of the attribute first before attempting to access
//     its value. For more information, see the has (presence of attribute test)
//     operator (https://docs.cedarpolicy.com/policies/syntax-operators.html#has-presence-of-attribute-test)
//     in the Cedar Policy Language Guide.
//
//   - ImpossiblePolicy Cedar has determined that a policy condition always
//     evaluates to false. If the policy is always false, it can never apply
//     to any query, and so it can never affect an authorization decision.
//
//   - WrongNumberArguments The policy references an extension type with the
//     wrong number of arguments.
//
//   - FunctionArgumentValidationError Cedar couldn't parse the argument passed
//     to an extension type. For example, a string that is to be parsed as an
//     IPv4 address can contain only digits and the period character.
//
//   - ServiceQuotaExceededException
//     The request failed because it would cause a service quota to be exceeded.
//
//   - ConflictException
//     The request failed because another request to modify a resource occurred
//     at the same.
//
//   - AccessDeniedException
//     You don't have sufficient access to perform this action.
//
//   - ResourceNotFoundException
//     The request failed because it references a resource that doesn't exist.
//
//   - ThrottlingException
//     The request failed because it exceeded a throttling quota.
//
//   - InternalServerException
//     The request failed because of an internal error. Try your request again later
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/PutSchema
func (c *VerifiedPermissions) PutSchema(input *PutSchemaInput) (*PutSchemaOutput, error) {
	req, out := c.PutSchemaRequest(input)
	return out, req.Send()
}

// PutSchemaWithContext is the same as PutSchema with the addition of
// the ability to pass a context and additional request options.
//
// See PutSchema for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *VerifiedPermissions) PutSchemaWithContext(ctx aws.Context, input *PutSchemaInput, opts ...request.Option) (*PutSchemaOutput, error) {
	req, out := c.PutSchemaRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

const opUpdateIdentitySource = "UpdateIdentitySource"

// UpdateIdentitySourceRequest generates a "aws/request.Request" representing the
// client's request for the UpdateIdentitySource operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See UpdateIdentitySource for more information on using the UpdateIdentitySource
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//	// Example sending a request using the UpdateIdentitySourceRequest method.
//	req, resp := client.UpdateIdentitySourceRequest(params)
//
//	err := req.Send()
//	if err == nil { // resp is now filled
//	    fmt.Println(resp)
//	}
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/UpdateIdentitySource
func (c *VerifiedPermissions) UpdateIdentitySourceRequest(input *UpdateIdentitySourceInput) (req *request.Request, output *UpdateIdentitySourceOutput) {
	op := &request.Operation{
		Name:       opUpdateIdentitySource,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &UpdateIdentitySourceInput{}
	}

	output = &UpdateIdentitySourceOutput{}
	req = c.newRequest(op, input, output)
	return
}

// UpdateIdentitySource API operation for Amazon Verified Permissions.
//
// Updates the specified identity source to use a new identity provider (IdP)
// source, or to change the mapping of identities from the IdP to a different
// principal entity type.
//
// Verified Permissions is eventually consistent (https://wikipedia.org/wiki/Eventual_consistency)
// . It can take a few seconds for a new or changed element to be propagate
// through the service and be visible in the results of other Verified Permissions
// operations.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for Amazon Verified Permissions's
// API operation UpdateIdentitySource for usage and error information.
//
// Returned Error Types:
//
//   - ValidationException
//     The request failed because one or more input parameters don't satisfy their
//     constraint requirements. The output is provided as a list of fields and a
//     reason for each field that isn't valid.
//
//     The possible reasons include the following:
//
//   - UnrecognizedEntityType The policy includes an entity type that isn't
//     found in the schema.
//
//   - UnrecognizedActionId The policy includes an action id that isn't found
//     in the schema.
//
//   - InvalidActionApplication The policy includes an action that, according
//     to the schema, doesn't support the specified principal and resource.
//
//   - UnexpectedType The policy included an operand that isn't a valid type
//     for the specified operation.
//
//   - IncompatibleTypes The types of elements included in a set, or the types
//     of expressions used in an if...then...else clause aren't compatible in
//     this context.
//
//   - MissingAttribute The policy attempts to access a record or entity attribute
//     that isn't specified in the schema. Test for the existence of the attribute
//     first before attempting to access its value. For more information, see
//     the has (presence of attribute test) operator (https://docs.cedarpolicy.com/policies/syntax-operators.html#has-presence-of-attribute-test)
//     in the Cedar Policy Language Guide.
//
//   - UnsafeOptionalAttributeAccess The policy attempts to access a record
//     or entity attribute that is optional and isn't guaranteed to be present.
//     Test for the existence of the attribute first before attempting to access
//     its value. For more information, see the has (presence of attribute test)
//     operator (https://docs.cedarpolicy.com/policies/syntax-operators.html#has-presence-of-attribute-test)
//     in the Cedar Policy Language Guide.
//
//   - ImpossiblePolicy Cedar has determined that a policy condition always
//     evaluates to false. If the policy is always false, it can never apply
//     to any query, and so it can never affect an authorization decision.
//
//   - WrongNumberArguments The policy references an extension type with the
//     wrong number of arguments.
//
//   - FunctionArgumentValidationError Cedar couldn't parse the argument passed
//     to an extension type. For example, a string that is to be parsed as an
//     IPv4 address can contain only digits and the period character.
//
//   - ConflictException
//     The request failed because another request to modify a resource occurred
//     at the same.
//
//   - AccessDeniedException
//     You don't have sufficient access to perform this action.
//
//   - ResourceNotFoundException
//     The request failed because it references a resource that doesn't exist.
//
//   - ThrottlingException
//     The request failed because it exceeded a throttling quota.
//
//   - InternalServerException
//     The request failed because of an internal error. Try your request again later
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/UpdateIdentitySource
func (c *VerifiedPermissions) UpdateIdentitySource(input *UpdateIdentitySourceInput) (*UpdateIdentitySourceOutput, error) {
	req, out := c.UpdateIdentitySourceRequest(input)
	return out, req.Send()
}

// UpdateIdentitySourceWithContext is the same as UpdateIdentitySource with the addition of
// the ability to pass a context and additional request options.
//
// See UpdateIdentitySource for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *VerifiedPermissions) UpdateIdentitySourceWithContext(ctx aws.Context, input *UpdateIdentitySourceInput, opts ...request.Option) (*UpdateIdentitySourceOutput, error) {
	req, out := c.UpdateIdentitySourceRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

const opUpdatePolicy = "UpdatePolicy"

// UpdatePolicyRequest generates a "aws/request.Request" representing the
// client's request for the UpdatePolicy operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See UpdatePolicy for more information on using the UpdatePolicy
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//	// Example sending a request using the UpdatePolicyRequest method.
//	req, resp := client.UpdatePolicyRequest(params)
//
//	err := req.Send()
//	if err == nil { // resp is now filled
//	    fmt.Println(resp)
//	}
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/UpdatePolicy
func (c *VerifiedPermissions) UpdatePolicyRequest(input *UpdatePolicyInput) (req *request.Request, output *UpdatePolicyOutput) {
	op := &request.Operation{
		Name:       opUpdatePolicy,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &UpdatePolicyInput{}
	}

	output = &UpdatePolicyOutput{}
	req = c.newRequest(op, input, output)
	return
}

// UpdatePolicy API operation for Amazon Verified Permissions.
//
// Modifies a Cedar static policy in the specified policy store. You can change
// only certain elements of the UpdatePolicyDefinition (https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_UpdatePolicyInput.html#amazonverifiedpermissions-UpdatePolicy-request-UpdatePolicyDefinition)
// parameter. You can directly update only static policies. To change a template-linked
// policy, you must update the template instead, using UpdatePolicyTemplate
// (https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_UpdatePolicyTemplate.html).
//
//   - If policy validation is enabled in the policy store, then updating a
//     static policy causes Verified Permissions to validate the policy against
//     the schema in the policy store. If the updated static policy doesn't pass
//     validation, the operation fails and the update isn't stored.
//
//   - When you edit a static policy, You can change only certain elements
//     of a static policy: The action referenced by the policy. A condition clause,
//     such as when and unless. You can't change these elements of a static policy:
//     Changing a policy from a static policy to a template-linked policy. Changing
//     the effect of a static policy from permit or forbid. The principal referenced
//     by a static policy. The resource referenced by a static policy.
//
//   - To update a template-linked policy, you must update the template instead.
//
// Verified Permissions is eventually consistent (https://wikipedia.org/wiki/Eventual_consistency)
// . It can take a few seconds for a new or changed element to be propagate
// through the service and be visible in the results of other Verified Permissions
// operations.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for Amazon Verified Permissions's
// API operation UpdatePolicy for usage and error information.
//
// Returned Error Types:
//
//   - ValidationException
//     The request failed because one or more input parameters don't satisfy their
//     constraint requirements. The output is provided as a list of fields and a
//     reason for each field that isn't valid.
//
//     The possible reasons include the following:
//
//   - UnrecognizedEntityType The policy includes an entity type that isn't
//     found in the schema.
//
//   - UnrecognizedActionId The policy includes an action id that isn't found
//     in the schema.
//
//   - InvalidActionApplication The policy includes an action that, according
//     to the schema, doesn't support the specified principal and resource.
//
//   - UnexpectedType The policy included an operand that isn't a valid type
//     for the specified operation.
//
//   - IncompatibleTypes The types of elements included in a set, or the types
//     of expressions used in an if...then...else clause aren't compatible in
//     this context.
//
//   - MissingAttribute The policy attempts to access a record or entity attribute
//     that isn't specified in the schema. Test for the existence of the attribute
//     first before attempting to access its value. For more information, see
//     the has (presence of attribute test) operator (https://docs.cedarpolicy.com/policies/syntax-operators.html#has-presence-of-attribute-test)
//     in the Cedar Policy Language Guide.
//
//   - UnsafeOptionalAttributeAccess The policy attempts to access a record
//     or entity attribute that is optional and isn't guaranteed to be present.
//     Test for the existence of the attribute first before attempting to access
//     its value. For more information, see the has (presence of attribute test)
//     operator (https://docs.cedarpolicy.com/policies/syntax-operators.html#has-presence-of-attribute-test)
//     in the Cedar Policy Language Guide.
//
//   - ImpossiblePolicy Cedar has determined that a policy condition always
//     evaluates to false. If the policy is always false, it can never apply
//     to any query, and so it can never affect an authorization decision.
//
//   - WrongNumberArguments The policy references an extension type with the
//     wrong number of arguments.
//
//   - FunctionArgumentValidationError Cedar couldn't parse the argument passed
//     to an extension type. For example, a string that is to be parsed as an
//     IPv4 address can contain only digits and the period character.
//
//   - ServiceQuotaExceededException
//     The request failed because it would cause a service quota to be exceeded.
//
//   - ConflictException
//     The request failed because another request to modify a resource occurred
//     at the same.
//
//   - AccessDeniedException
//     You don't have sufficient access to perform this action.
//
//   - ResourceNotFoundException
//     The request failed because it references a resource that doesn't exist.
//
//   - ThrottlingException
//     The request failed because it exceeded a throttling quota.
//
//   - InternalServerException
//     The request failed because of an internal error. Try your request again later
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/UpdatePolicy
func (c *VerifiedPermissions) UpdatePolicy(input *UpdatePolicyInput) (*UpdatePolicyOutput, error) {
	req, out := c.UpdatePolicyRequest(input)
	return out, req.Send()
}

// UpdatePolicyWithContext is the same as UpdatePolicy with the addition of
// the ability to pass a context and additional request options.
//
// See UpdatePolicy for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *VerifiedPermissions) UpdatePolicyWithContext(ctx aws.Context, input *UpdatePolicyInput, opts ...request.Option) (*UpdatePolicyOutput, error) {
	req, out := c.UpdatePolicyRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

const opUpdatePolicyStore = "UpdatePolicyStore"

// UpdatePolicyStoreRequest generates a "aws/request.Request" representing the
// client's request for the UpdatePolicyStore operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See UpdatePolicyStore for more information on using the UpdatePolicyStore
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//	// Example sending a request using the UpdatePolicyStoreRequest method.
//	req, resp := client.UpdatePolicyStoreRequest(params)
//
//	err := req.Send()
//	if err == nil { // resp is now filled
//	    fmt.Println(resp)
//	}
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/UpdatePolicyStore
func (c *VerifiedPermissions) UpdatePolicyStoreRequest(input *UpdatePolicyStoreInput) (req *request.Request, output *UpdatePolicyStoreOutput) {
	op := &request.Operation{
		Name:       opUpdatePolicyStore,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &UpdatePolicyStoreInput{}
	}

	output = &UpdatePolicyStoreOutput{}
	req = c.newRequest(op, input, output)
	return
}

// UpdatePolicyStore API operation for Amazon Verified Permissions.
//
// Modifies the validation setting for a policy store.
//
// Verified Permissions is eventually consistent (https://wikipedia.org/wiki/Eventual_consistency)
// . It can take a few seconds for a new or changed element to be propagate
// through the service and be visible in the results of other Verified Permissions
// operations.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for Amazon Verified Permissions's
// API operation UpdatePolicyStore for usage and error information.
//
// Returned Error Types:
//
//   - ValidationException
//     The request failed because one or more input parameters don't satisfy their
//     constraint requirements. The output is provided as a list of fields and a
//     reason for each field that isn't valid.
//
//     The possible reasons include the following:
//
//   - UnrecognizedEntityType The policy includes an entity type that isn't
//     found in the schema.
//
//   - UnrecognizedActionId The policy includes an action id that isn't found
//     in the schema.
//
//   - InvalidActionApplication The policy includes an action that, according
//     to the schema, doesn't support the specified principal and resource.
//
//   - UnexpectedType The policy included an operand that isn't a valid type
//     for the specified operation.
//
//   - IncompatibleTypes The types of elements included in a set, or the types
//     of expressions used in an if...then...else clause aren't compatible in
//     this context.
//
//   - MissingAttribute The policy attempts to access a record or entity attribute
//     that isn't specified in the schema. Test for the existence of the attribute
//     first before attempting to access its value. For more information, see
//     the has (presence of attribute test) operator (https://docs.cedarpolicy.com/policies/syntax-operators.html#has-presence-of-attribute-test)
//     in the Cedar Policy Language Guide.
//
//   - UnsafeOptionalAttributeAccess The policy attempts to access a record
//     or entity attribute that is optional and isn't guaranteed to be present.
//     Test for the existence of the attribute first before attempting to access
//     its value. For more information, see the has (presence of attribute test)
//     operator (https://docs.cedarpolicy.com/policies/syntax-operators.html#has-presence-of-attribute-test)
//     in the Cedar Policy Language Guide.
//
//   - ImpossiblePolicy Cedar has determined that a policy condition always
//     evaluates to false. If the policy is always false, it can never apply
//     to any query, and so it can never affect an authorization decision.
//
//   - WrongNumberArguments The policy references an extension type with the
//     wrong number of arguments.
//
//   - FunctionArgumentValidationError Cedar couldn't parse the argument passed
//     to an extension type. For example, a string that is to be parsed as an
//     IPv4 address can contain only digits and the period character.
//
//   - ConflictException
//     The request failed because another request to modify a resource occurred
//     at the same.
//
//   - AccessDeniedException
//     You don't have sufficient access to perform this action.
//
//   - ResourceNotFoundException
//     The request failed because it references a resource that doesn't exist.
//
//   - ThrottlingException
//     The request failed because it exceeded a throttling quota.
//
//   - InternalServerException
//     The request failed because of an internal error. Try your request again later
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/UpdatePolicyStore
func (c *VerifiedPermissions) UpdatePolicyStore(input *UpdatePolicyStoreInput) (*UpdatePolicyStoreOutput, error) {
	req, out := c.UpdatePolicyStoreRequest(input)
	return out, req.Send()
}

// UpdatePolicyStoreWithContext is the same as UpdatePolicyStore with the addition of
// the ability to pass a context and additional request options.
//
// See UpdatePolicyStore for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *VerifiedPermissions) UpdatePolicyStoreWithContext(ctx aws.Context, input *UpdatePolicyStoreInput, opts ...request.Option) (*UpdatePolicyStoreOutput, error) {
	req, out := c.UpdatePolicyStoreRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

const opUpdatePolicyTemplate = "UpdatePolicyTemplate"

// UpdatePolicyTemplateRequest generates a "aws/request.Request" representing the
// client's request for the UpdatePolicyTemplate operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See UpdatePolicyTemplate for more information on using the UpdatePolicyTemplate
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//	// Example sending a request using the UpdatePolicyTemplateRequest method.
//	req, resp := client.UpdatePolicyTemplateRequest(params)
//
//	err := req.Send()
//	if err == nil { // resp is now filled
//	    fmt.Println(resp)
//	}
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/UpdatePolicyTemplate
func (c *VerifiedPermissions) UpdatePolicyTemplateRequest(input *UpdatePolicyTemplateInput) (req *request.Request, output *UpdatePolicyTemplateOutput) {
	op := &request.Operation{
		Name:       opUpdatePolicyTemplate,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &UpdatePolicyTemplateInput{}
	}

	output = &UpdatePolicyTemplateOutput{}
	req = c.newRequest(op, input, output)
	return
}

// UpdatePolicyTemplate API operation for Amazon Verified Permissions.
//
// Updates the specified policy template. You can update only the description
// and the some elements of the policyBody (https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_UpdatePolicyTemplate.html#amazonverifiedpermissions-UpdatePolicyTemplate-request-policyBody).
//
// Changes you make to the policy template content are immediately (within the
// constraints of eventual consistency) reflected in authorization decisions
// that involve all template-linked policies instantiated from this template.
//
// Verified Permissions is eventually consistent (https://wikipedia.org/wiki/Eventual_consistency)
// . It can take a few seconds for a new or changed element to be propagate
// through the service and be visible in the results of other Verified Permissions
// operations.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for Amazon Verified Permissions's
// API operation UpdatePolicyTemplate for usage and error information.
//
// Returned Error Types:
//
//   - ValidationException
//     The request failed because one or more input parameters don't satisfy their
//     constraint requirements. The output is provided as a list of fields and a
//     reason for each field that isn't valid.
//
//     The possible reasons include the following:
//
//   - UnrecognizedEntityType The policy includes an entity type that isn't
//     found in the schema.
//
//   - UnrecognizedActionId The policy includes an action id that isn't found
//     in the schema.
//
//   - InvalidActionApplication The policy includes an action that, according
//     to the schema, doesn't support the specified principal and resource.
//
//   - UnexpectedType The policy included an operand that isn't a valid type
//     for the specified operation.
//
//   - IncompatibleTypes The types of elements included in a set, or the types
//     of expressions used in an if...then...else clause aren't compatible in
//     this context.
//
//   - MissingAttribute The policy attempts to access a record or entity attribute
//     that isn't specified in the schema. Test for the existence of the attribute
//     first before attempting to access its value. For more information, see
//     the has (presence of attribute test) operator (https://docs.cedarpolicy.com/policies/syntax-operators.html#has-presence-of-attribute-test)
//     in the Cedar Policy Language Guide.
//
//   - UnsafeOptionalAttributeAccess The policy attempts to access a record
//     or entity attribute that is optional and isn't guaranteed to be present.
//     Test for the existence of the attribute first before attempting to access
//     its value. For more information, see the has (presence of attribute test)
//     operator (https://docs.cedarpolicy.com/policies/syntax-operators.html#has-presence-of-attribute-test)
//     in the Cedar Policy Language Guide.
//
//   - ImpossiblePolicy Cedar has determined that a policy condition always
//     evaluates to false. If the policy is always false, it can never apply
//     to any query, and so it can never affect an authorization decision.
//
//   - WrongNumberArguments The policy references an extension type with the
//     wrong number of arguments.
//
//   - FunctionArgumentValidationError Cedar couldn't parse the argument passed
//     to an extension type. For example, a string that is to be parsed as an
//     IPv4 address can contain only digits and the period character.
//
//   - ConflictException
//     The request failed because another request to modify a resource occurred
//     at the same.
//
//   - AccessDeniedException
//     You don't have sufficient access to perform this action.
//
//   - ResourceNotFoundException
//     The request failed because it references a resource that doesn't exist.
//
//   - ThrottlingException
//     The request failed because it exceeded a throttling quota.
//
//   - InternalServerException
//     The request failed because of an internal error. Try your request again later
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/UpdatePolicyTemplate
func (c *VerifiedPermissions) UpdatePolicyTemplate(input *UpdatePolicyTemplateInput) (*UpdatePolicyTemplateOutput, error) {
	req, out := c.UpdatePolicyTemplateRequest(input)
	return out, req.Send()
}

// UpdatePolicyTemplateWithContext is the same as UpdatePolicyTemplate with the addition of
// the ability to pass a context and additional request options.
//
// See UpdatePolicyTemplate for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *VerifiedPermissions) UpdatePolicyTemplateWithContext(ctx aws.Context, input *UpdatePolicyTemplateInput, opts ...request.Option) (*UpdatePolicyTemplateOutput, error) {
	req, out := c.UpdatePolicyTemplateRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

// You don't have sufficient access to perform this action.
type AccessDeniedException struct {
	_            struct{}                  `type:"structure"`
	RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`

	Message_ *string `locationName:"message" type:"string"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s AccessDeniedException) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s AccessDeniedException) GoString() string {
	return s.String()
}

func newErrorAccessDeniedException(v protocol.ResponseMetadata) error {
	return &AccessDeniedException{
		RespMetadata: v,
	}
}

// Code returns the exception type name.
func (s *AccessDeniedException) Code() string {
	return "AccessDeniedException"
}

// Message returns the exception's message.
func (s *AccessDeniedException) Message() string {
	if s.Message_ != nil {
		return *s.Message_
	}
	return ""
}

// OrigErr always returns nil, satisfies awserr.Error interface.
func (s *AccessDeniedException) OrigErr() error {
	return nil
}

func (s *AccessDeniedException) Error() string {
	return fmt.Sprintf("%s: %s", s.Code(), s.Message())
}

// Status code returns the HTTP status code for the request's response error.
func (s *AccessDeniedException) StatusCode() int {
	return s.RespMetadata.StatusCode
}

// RequestID returns the service's response RequestID for request.
func (s *AccessDeniedException) RequestID() string {
	return s.RespMetadata.RequestID
}

// Contains information about an action for a request for which an authorization
// decision is made.
//
// This data type is used as a request parameter to the IsAuthorized (https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_IsAuthorized.html),
// BatchIsAuthorized (https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_BatchIsAuthorized.html),
// and IsAuthorizedWithToken (https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_IsAuthorizedWithToken.html)
// operations.
//
// Example: { "actionId": "<action name>", "actionType": "Action" }
type ActionIdentifier struct {
	_ struct{} `type:"structure"`

	// The ID of an action.
	//
	// ActionId is a sensitive parameter and its value will be
	// replaced with "sensitive" in string returned by ActionIdentifier's
	// String and GoString methods.
	//
	// ActionId is a required field
	ActionId *string `locationName:"actionId" min:"1" type:"string" required:"true" sensitive:"true"`

	// The type of an action.
	//
	// ActionType is a sensitive parameter and its value will be
	// replaced with "sensitive" in string returned by ActionIdentifier's
	// String and GoString methods.
	//
	// ActionType is a required field
	ActionType *string `locationName:"actionType" min:"1" type:"string" required:"true" sensitive:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ActionIdentifier) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ActionIdentifier) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *ActionIdentifier) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "ActionIdentifier"}
	if s.ActionId == nil {
		invalidParams.Add(request.NewErrParamRequired("ActionId"))
	}
	if s.ActionId != nil && len(*s.ActionId) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("ActionId", 1))
	}
	if s.ActionType == nil {
		invalidParams.Add(request.NewErrParamRequired("ActionType"))
	}
	if s.ActionType != nil && len(*s.ActionType) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("ActionType", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetActionId sets the ActionId field's value.
func (s *ActionIdentifier) SetActionId(v string) *ActionIdentifier {
	s.ActionId = &v
	return s
}

// SetActionType sets the ActionType field's value.
func (s *ActionIdentifier) SetActionType(v string) *ActionIdentifier {
	s.ActionType = &v
	return s
}

// The value of an attribute.
//
// Contains information about the runtime context for a request for which an
// authorization decision is made.
//
// This data type is used as a member of the ContextDefinition (https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_ContextDefinition.html)
// structure which is uses as a request parameter for the IsAuthorized (https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_IsAuthorized.html),
// BatchIsAuthorized (https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_BatchIsAuthorized.html),
// and IsAuthorizedWithToken (https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_IsAuthorizedWithToken.html)
// operations.
type AttributeValue struct {
	_ struct{} `type:"structure"`

	// An attribute value of Boolean (https://docs.cedarpolicy.com/policies/syntax-datatypes.html#boolean)
	// type.
	//
	// Example: {"boolean": true}
	//
	// Boolean is a sensitive parameter and its value will be
	// replaced with "sensitive" in string returned by AttributeValue's
	// String and GoString methods.
	Boolean *bool `locationName:"boolean" type:"boolean" sensitive:"true"`

	// An attribute value of type EntityIdentifier (https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_EntityIdentifier.html).
	//
	// Example: "entityIdentifier": { "entityId": "<id>", "entityType": "<entity
	// type>"}
	EntityIdentifier *EntityIdentifier `locationName:"entityIdentifier" type:"structure"`

	// An attribute value of Long (https://docs.cedarpolicy.com/policies/syntax-datatypes.html#long)
	// type.
	//
	// Example: {"long": 0}
	//
	// Long is a sensitive parameter and its value will be
	// replaced with "sensitive" in string returned by AttributeValue's
	// String and GoString methods.
	Long *int64 `locationName:"long" type:"long" sensitive:"true"`

	// An attribute value of Record (https://docs.cedarpolicy.com/policies/syntax-datatypes.html#record)
	// type.
	//
	// Example: {"record": { "keyName": {} } }
	Record map[string]*AttributeValue `locationName:"record" type:"map"`

	// An attribute value of Set (https://docs.cedarpolicy.com/policies/syntax-datatypes.html#set)
	// type.
	//
	// Example: {"set": [ {} ] }
	Set []*AttributeValue `locationName:"set" type:"list"`

	// An attribute value of String (https://docs.cedarpolicy.com/policies/syntax-datatypes.html#string)
	// type.
	//
	// Example: {"string": "abc"}
	//
	// String_ is a sensitive parameter and its value will be
	// replaced with "sensitive" in string returned by AttributeValue's
	// String and GoString methods.
	String_ *string `locationName:"string" type:"string" sensitive:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s AttributeValue) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s AttributeValue) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *AttributeValue) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "AttributeValue"}
	if s.EntityIdentifier != nil {
		if err := s.EntityIdentifier.Validate(); err != nil {
			invalidParams.AddNested("EntityIdentifier", err.(request.ErrInvalidParams))
		}
	}
	if s.Record != nil {
		for i, v := range s.Record {
			if v == nil {
				continue
			}
			if err := v.Validate(); err != nil {
				invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Record", i), err.(request.ErrInvalidParams))
			}
		}
	}
	if s.Set != nil {
		for i, v := range s.Set {
			if v == nil {
				continue
			}
			if err := v.Validate(); err != nil {
				invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Set", i), err.(request.ErrInvalidParams))
			}
		}
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetBoolean sets the Boolean field's value.
func (s *AttributeValue) SetBoolean(v bool) *AttributeValue {
	s.Boolean = &v
	return s
}

// SetEntityIdentifier sets the EntityIdentifier field's value.
func (s *AttributeValue) SetEntityIdentifier(v *EntityIdentifier) *AttributeValue {
	s.EntityIdentifier = v
	return s
}

// SetLong sets the Long field's value.
func (s *AttributeValue) SetLong(v int64) *AttributeValue {
	s.Long = &v
	return s
}

// SetRecord sets the Record field's value.
func (s *AttributeValue) SetRecord(v map[string]*AttributeValue) *AttributeValue {
	s.Record = v
	return s
}

// SetSet sets the Set field's value.
func (s *AttributeValue) SetSet(v []*AttributeValue) *AttributeValue {
	s.Set = v
	return s
}

// SetString_ sets the String_ field's value.
func (s *AttributeValue) SetString_(v string) *AttributeValue {
	s.String_ = &v
	return s
}

type BatchIsAuthorizedInput struct {
	_ struct{} `type:"structure"`

	// Specifies the list of resources and principals and their associated attributes
	// that Verified Permissions can examine when evaluating the policies.
	//
	// You can include only principal and resource entities in this parameter; you
	// can't include actions. You must specify actions in the schema.
	Entities *EntitiesDefinition `locationName:"entities" type:"structure"`

	// Specifies the ID of the policy store. Policies in this policy store will
	// be used to make the authorization decisions for the input.
	//
	// PolicyStoreId is a required field
	PolicyStoreId *string `locationName:"policyStoreId" min:"1" type:"string" required:"true"`

	// An array of up to 30 requests that you want Verified Permissions to evaluate.
	//
	// Requests is a required field
	Requests []*BatchIsAuthorizedInputItem `locationName:"requests" min:"1" type:"list" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s BatchIsAuthorizedInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s BatchIsAuthorizedInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *BatchIsAuthorizedInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "BatchIsAuthorizedInput"}
	if s.PolicyStoreId == nil {
		invalidParams.Add(request.NewErrParamRequired("PolicyStoreId"))
	}
	if s.PolicyStoreId != nil && len(*s.PolicyStoreId) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("PolicyStoreId", 1))
	}
	if s.Requests == nil {
		invalidParams.Add(request.NewErrParamRequired("Requests"))
	}
	if s.Requests != nil && len(s.Requests) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("Requests", 1))
	}
	if s.Entities != nil {
		if err := s.Entities.Validate(); err != nil {
			invalidParams.AddNested("Entities", err.(request.ErrInvalidParams))
		}
	}
	if s.Requests != nil {
		for i, v := range s.Requests {
			if v == nil {
				continue
			}
			if err := v.Validate(); err != nil {
				invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Requests", i), err.(request.ErrInvalidParams))
			}
		}
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetEntities sets the Entities field's value.
func (s *BatchIsAuthorizedInput) SetEntities(v *EntitiesDefinition) *BatchIsAuthorizedInput {
	s.Entities = v
	return s
}

// SetPolicyStoreId sets the PolicyStoreId field's value.
func (s *BatchIsAuthorizedInput) SetPolicyStoreId(v string) *BatchIsAuthorizedInput {
	s.PolicyStoreId = &v
	return s
}

// SetRequests sets the Requests field's value.
func (s *BatchIsAuthorizedInput) SetRequests(v []*BatchIsAuthorizedInputItem) *BatchIsAuthorizedInput {
	s.Requests = v
	return s
}

// An authorization request that you include in a BatchIsAuthorized API request.
type BatchIsAuthorizedInputItem struct {
	_ struct{} `type:"structure"`

	// Specifies the requested action to be authorized. For example, is the principal
	// authorized to perform this action on the resource?
	Action *ActionIdentifier `locationName:"action" type:"structure"`

	// Specifies additional context that can be used to make more granular authorization
	// decisions.
	Context *ContextDefinition `locationName:"context" type:"structure"`

	// Specifies the principal for which the authorization decision is to be made.
	Principal *EntityIdentifier `locationName:"principal" type:"structure"`

	// Specifies the resource for which the authorization decision is to be made.
	Resource *EntityIdentifier `locationName:"resource" type:"structure"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s BatchIsAuthorizedInputItem) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s BatchIsAuthorizedInputItem) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *BatchIsAuthorizedInputItem) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "BatchIsAuthorizedInputItem"}
	if s.Action != nil {
		if err := s.Action.Validate(); err != nil {
			invalidParams.AddNested("Action", err.(request.ErrInvalidParams))
		}
	}
	if s.Context != nil {
		if err := s.Context.Validate(); err != nil {
			invalidParams.AddNested("Context", err.(request.ErrInvalidParams))
		}
	}
	if s.Principal != nil {
		if err := s.Principal.Validate(); err != nil {
			invalidParams.AddNested("Principal", err.(request.ErrInvalidParams))
		}
	}
	if s.Resource != nil {
		if err := s.Resource.Validate(); err != nil {
			invalidParams.AddNested("Resource", err.(request.ErrInvalidParams))
		}
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetAction sets the Action field's value.
func (s *BatchIsAuthorizedInputItem) SetAction(v *ActionIdentifier) *BatchIsAuthorizedInputItem {
	s.Action = v
	return s
}

// SetContext sets the Context field's value.
func (s *BatchIsAuthorizedInputItem) SetContext(v *ContextDefinition) *BatchIsAuthorizedInputItem {
	s.Context = v
	return s
}

// SetPrincipal sets the Principal field's value.
func (s *BatchIsAuthorizedInputItem) SetPrincipal(v *EntityIdentifier) *BatchIsAuthorizedInputItem {
	s.Principal = v
	return s
}

// SetResource sets the Resource field's value.
func (s *BatchIsAuthorizedInputItem) SetResource(v *EntityIdentifier) *BatchIsAuthorizedInputItem {
	s.Resource = v
	return s
}

type BatchIsAuthorizedOutput struct {
	_ struct{} `type:"structure"`

	// A series of Allow or Deny decisions for each request, and the policies that
	// produced them.
	//
	// Results is a required field
	Results []*BatchIsAuthorizedOutputItem `locationName:"results" type:"list" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s BatchIsAuthorizedOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s BatchIsAuthorizedOutput) GoString() string {
	return s.String()
}

// SetResults sets the Results field's value.
func (s *BatchIsAuthorizedOutput) SetResults(v []*BatchIsAuthorizedOutputItem) *BatchIsAuthorizedOutput {
	s.Results = v
	return s
}

// The decision, based on policy evaluation, from an individual authorization
// request in a BatchIsAuthorized API request.
type BatchIsAuthorizedOutputItem struct {
	_ struct{} `type:"structure"`

	// An authorization decision that indicates if the authorization request should
	// be allowed or denied.
	//
	// Decision is a required field
	Decision *string `locationName:"decision" type:"string" required:"true" enum:"Decision"`

	// The list of determining policies used to make the authorization decision.
	// For example, if there are two matching policies, where one is a forbid and
	// the other is a permit, then the forbid policy will be the determining policy.
	// In the case of multiple matching permit policies then there would be multiple
	// determining policies. In the case that no policies match, and hence the response
	// is DENY, there would be no determining policies.
	//
	// DeterminingPolicies is a required field
	DeterminingPolicies []*DeterminingPolicyItem `locationName:"determiningPolicies" type:"list" required:"true"`

	// Errors that occurred while making an authorization decision, for example,
	// a policy references an Entity or entity Attribute that does not exist in
	// the slice.
	//
	// Errors is a required field
	Errors []*EvaluationErrorItem `locationName:"errors" type:"list" required:"true"`

	// The authorization request that initiated the decision.
	//
	// Request is a required field
	Request *BatchIsAuthorizedInputItem `locationName:"request" type:"structure" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s BatchIsAuthorizedOutputItem) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s BatchIsAuthorizedOutputItem) GoString() string {
	return s.String()
}

// SetDecision sets the Decision field's value.
func (s *BatchIsAuthorizedOutputItem) SetDecision(v string) *BatchIsAuthorizedOutputItem {
	s.Decision = &v
	return s
}

// SetDeterminingPolicies sets the DeterminingPolicies field's value.
func (s *BatchIsAuthorizedOutputItem) SetDeterminingPolicies(v []*DeterminingPolicyItem) *BatchIsAuthorizedOutputItem {
	s.DeterminingPolicies = v
	return s
}

// SetErrors sets the Errors field's value.
func (s *BatchIsAuthorizedOutputItem) SetErrors(v []*EvaluationErrorItem) *BatchIsAuthorizedOutputItem {
	s.Errors = v
	return s
}

// SetRequest sets the Request field's value.
func (s *BatchIsAuthorizedOutputItem) SetRequest(v *BatchIsAuthorizedInputItem) *BatchIsAuthorizedOutputItem {
	s.Request = v
	return s
}

// The configuration for an identity source that represents a connection to
// an Amazon Cognito user pool used as an identity provider for Verified Permissions.
//
// This data type is used as a field that is part of an Configuration (https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_Configuration.html)
// structure that is used as a parameter to the Configuration (https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_Configuration.html).
//
// Example:"CognitoUserPoolConfiguration":{"UserPoolArn":"arn:aws:cognito-idp:us-east-1:123456789012:userpool/us-east-1_1a2b3c4d5","ClientIds":
// ["a1b2c3d4e5f6g7h8i9j0kalbmc"]}
type CognitoUserPoolConfiguration struct {
	_ struct{} `type:"structure"`

	// The unique application client IDs that are associated with the specified
	// Amazon Cognito user pool.
	//
	// Example: "ClientIds": ["&ExampleCogClientId;"]
	ClientIds []*string `locationName:"clientIds" type:"list"`

	// The Amazon Resource Name (ARN) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
	// of the Amazon Cognito user pool that contains the identities to be authorized.
	//
	// Example: "UserPoolArn": "arn:aws:cognito-idp:us-east-1:123456789012:userpool/us-east-1_1a2b3c4d5"
	//
	// UserPoolArn is a required field
	UserPoolArn *string `locationName:"userPoolArn" min:"1" type:"string" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s CognitoUserPoolConfiguration) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s CognitoUserPoolConfiguration) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *CognitoUserPoolConfiguration) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "CognitoUserPoolConfiguration"}
	if s.UserPoolArn == nil {
		invalidParams.Add(request.NewErrParamRequired("UserPoolArn"))
	}
	if s.UserPoolArn != nil && len(*s.UserPoolArn) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("UserPoolArn", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetClientIds sets the ClientIds field's value.
func (s *CognitoUserPoolConfiguration) SetClientIds(v []*string) *CognitoUserPoolConfiguration {
	s.ClientIds = v
	return s
}

// SetUserPoolArn sets the UserPoolArn field's value.
func (s *CognitoUserPoolConfiguration) SetUserPoolArn(v string) *CognitoUserPoolConfiguration {
	s.UserPoolArn = &v
	return s
}

// Contains configuration information used when creating a new identity source.
//
// At this time, the only valid member of this structure is a Amazon Cognito
// user pool configuration.
//
// You must specify a userPoolArn, and optionally, a ClientId.
//
// This data type is used as a request parameter for the CreateIdentitySource
// (https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_CreateIdentitySource.html)
// operation.
type Configuration struct {
	_ struct{} `type:"structure"`

	// Contains configuration details of a Amazon Cognito user pool that Verified
	// Permissions can use as a source of authenticated identities as entities.
	// It specifies the Amazon Resource Name (ARN) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
	// of a Amazon Cognito user pool and one or more application client IDs.
	//
	// Example: "configuration":{"cognitoUserPoolConfiguration":{"userPoolArn":"arn:aws:cognito-idp:us-east-1:123456789012:userpool/us-east-1_1a2b3c4d5","clientIds":
	// ["a1b2c3d4e5f6g7h8i9j0kalbmc"]}}
	CognitoUserPoolConfiguration *CognitoUserPoolConfiguration `locationName:"cognitoUserPoolConfiguration" type:"structure"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s Configuration) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s Configuration) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *Configuration) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "Configuration"}
	if s.CognitoUserPoolConfiguration != nil {
		if err := s.CognitoUserPoolConfiguration.Validate(); err != nil {
			invalidParams.AddNested("CognitoUserPoolConfiguration", err.(request.ErrInvalidParams))
		}
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetCognitoUserPoolConfiguration sets the CognitoUserPoolConfiguration field's value.
func (s *Configuration) SetCognitoUserPoolConfiguration(v *CognitoUserPoolConfiguration) *Configuration {
	s.CognitoUserPoolConfiguration = v
	return s
}

// The request failed because another request to modify a resource occurred
// at the same.
type ConflictException struct {
	_            struct{}                  `type:"structure"`
	RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`

	Message_ *string `locationName:"message" type:"string"`

	// The list of resources referenced with this failed request.
	//
	// Resources is a required field
	Resources []*ResourceConflict `locationName:"resources" type:"list" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ConflictException) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ConflictException) GoString() string {
	return s.String()
}

func newErrorConflictException(v protocol.ResponseMetadata) error {
	return &ConflictException{
		RespMetadata: v,
	}
}

// Code returns the exception type name.
func (s *ConflictException) Code() string {
	return "ConflictException"
}

// Message returns the exception's message.
func (s *ConflictException) Message() string {
	if s.Message_ != nil {
		return *s.Message_
	}
	return ""
}

// OrigErr always returns nil, satisfies awserr.Error interface.
func (s *ConflictException) OrigErr() error {
	return nil
}

func (s *ConflictException) Error() string {
	return fmt.Sprintf("%s: %s\n%s", s.Code(), s.Message(), s.String())
}

// Status code returns the HTTP status code for the request's response error.
func (s *ConflictException) StatusCode() int {
	return s.RespMetadata.StatusCode
}

// RequestID returns the service's response RequestID for request.
func (s *ConflictException) RequestID() string {
	return s.RespMetadata.RequestID
}

// Contains additional details about the context of the request. Verified Permissions
// evaluates this information in an authorization request as part of the when
// and unless clauses in a policy.
//
// This data type is used as a request parameter for the IsAuthorized (https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_IsAuthorized.html),
// BatchIsAuthorized (https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_BatchIsAuthorized.html),
// and IsAuthorizedWithToken (https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_IsAuthorizedWithToken.html)
// operations.
//
// Example: "context":{"contextMap":{"<KeyName1>":{"boolean":true},"<KeyName2>":{"long":1234}}}
type ContextDefinition struct {
	_ struct{} `type:"structure"`

	// An list of attributes that are needed to successfully evaluate an authorization
	// request. Each attribute in this array must include a map of a data type and
	// its value.
	//
	// Example: "contextMap":{"<KeyName1>":{"boolean":true},"<KeyName2>":{"long":1234}}
	ContextMap map[string]*AttributeValue `locationName:"contextMap" type:"map"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ContextDefinition) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ContextDefinition) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *ContextDefinition) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "ContextDefinition"}
	if s.ContextMap != nil {
		for i, v := range s.ContextMap {
			if v == nil {
				continue
			}
			if err := v.Validate(); err != nil {
				invalidParams.AddNested(fmt.Sprintf("%s[%v]", "ContextMap", i), err.(request.ErrInvalidParams))
			}
		}
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetContextMap sets the ContextMap field's value.
func (s *ContextDefinition) SetContextMap(v map[string]*AttributeValue) *ContextDefinition {
	s.ContextMap = v
	return s
}

type CreateIdentitySourceInput struct {
	_ struct{} `type:"structure"`

	// Specifies a unique, case-sensitive ID that you provide to ensure the idempotency
	// of the request. This lets you safely retry the request without accidentally
	// performing the same operation a second time. Passing the same value to a
	// later call to an operation requires that you also pass the same value for
	// all other parameters. We recommend that you use a UUID type of value. (https://wikipedia.org/wiki/Universally_unique_identifier).
	//
	// If you don't provide this value, then Amazon Web Services generates a random
	// one for you.
	//
	// If you retry the operation with the same ClientToken, but with different
	// parameters, the retry fails with an IdempotentParameterMismatch error.
	ClientToken *string `locationName:"clientToken" min:"1" type:"string" idempotencyToken:"true"`

	// Specifies the details required to communicate with the identity provider
	// (IdP) associated with this identity source.
	//
	// At this time, the only valid member of this structure is a Amazon Cognito
	// user pool configuration.
	//
	// You must specify a UserPoolArn, and optionally, a ClientId.
	//
	// Configuration is a required field
	Configuration *Configuration `locationName:"configuration" type:"structure" required:"true"`

	// Specifies the ID of the policy store in which you want to store this identity
	// source. Only policies and requests made using this policy store can reference
	// identities from the identity provider configured in the new identity source.
	//
	// PolicyStoreId is a required field
	PolicyStoreId *string `locationName:"policyStoreId" min:"1" type:"string" required:"true"`

	// Specifies the namespace and data type of the principals generated for identities
	// authenticated by the new identity source.
	//
	// PrincipalEntityType is a sensitive parameter and its value will be
	// replaced with "sensitive" in string returned by CreateIdentitySourceInput's
	// String and GoString methods.
	PrincipalEntityType *string `locationName:"principalEntityType" min:"1" type:"string" sensitive:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s CreateIdentitySourceInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s CreateIdentitySourceInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *CreateIdentitySourceInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "CreateIdentitySourceInput"}
	if s.ClientToken != nil && len(*s.ClientToken) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("ClientToken", 1))
	}
	if s.Configuration == nil {
		invalidParams.Add(request.NewErrParamRequired("Configuration"))
	}
	if s.PolicyStoreId == nil {
		invalidParams.Add(request.NewErrParamRequired("PolicyStoreId"))
	}
	if s.PolicyStoreId != nil && len(*s.PolicyStoreId) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("PolicyStoreId", 1))
	}
	if s.PrincipalEntityType != nil && len(*s.PrincipalEntityType) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("PrincipalEntityType", 1))
	}
	if s.Configuration != nil {
		if err := s.Configuration.Validate(); err != nil {
			invalidParams.AddNested("Configuration", err.(request.ErrInvalidParams))
		}
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetClientToken sets the ClientToken field's value.
func (s *CreateIdentitySourceInput) SetClientToken(v string) *CreateIdentitySourceInput {
	s.ClientToken = &v
	return s
}

// SetConfiguration sets the Configuration field's value.
func (s *CreateIdentitySourceInput) SetConfiguration(v *Configuration) *CreateIdentitySourceInput {
	s.Configuration = v
	return s
}

// SetPolicyStoreId sets the PolicyStoreId field's value.
func (s *CreateIdentitySourceInput) SetPolicyStoreId(v string) *CreateIdentitySourceInput {
	s.PolicyStoreId = &v
	return s
}

// SetPrincipalEntityType sets the PrincipalEntityType field's value.
func (s *CreateIdentitySourceInput) SetPrincipalEntityType(v string) *CreateIdentitySourceInput {
	s.PrincipalEntityType = &v
	return s
}

type CreateIdentitySourceOutput struct {
	_ struct{} `type:"structure"`

	// The date and time the identity source was originally created.
	//
	// CreatedDate is a required field
	CreatedDate *time.Time `locationName:"createdDate" type:"timestamp" timestampFormat:"iso8601" required:"true"`

	// The unique ID of the new identity source.
	//
	// IdentitySourceId is a required field
	IdentitySourceId *string `locationName:"identitySourceId" min:"1" type:"string" required:"true"`

	// The date and time the identity source was most recently updated.
	//
	// LastUpdatedDate is a required field
	LastUpdatedDate *time.Time `locationName:"lastUpdatedDate" type:"timestamp" timestampFormat:"iso8601" required:"true"`

	// The ID of the policy store that contains the identity source.
	//
	// PolicyStoreId is a required field
	PolicyStoreId *string `locationName:"policyStoreId" min:"1" type:"string" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s CreateIdentitySourceOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s CreateIdentitySourceOutput) GoString() string {
	return s.String()
}

// SetCreatedDate sets the CreatedDate field's value.
func (s *CreateIdentitySourceOutput) SetCreatedDate(v time.Time) *CreateIdentitySourceOutput {
	s.CreatedDate = &v
	return s
}

// SetIdentitySourceId sets the IdentitySourceId field's value.
func (s *CreateIdentitySourceOutput) SetIdentitySourceId(v string) *CreateIdentitySourceOutput {
	s.IdentitySourceId = &v
	return s
}

// SetLastUpdatedDate sets the LastUpdatedDate field's value.
func (s *CreateIdentitySourceOutput) SetLastUpdatedDate(v time.Time) *CreateIdentitySourceOutput {
	s.LastUpdatedDate = &v
	return s
}

// SetPolicyStoreId sets the PolicyStoreId field's value.
func (s *CreateIdentitySourceOutput) SetPolicyStoreId(v string) *CreateIdentitySourceOutput {
	s.PolicyStoreId = &v
	return s
}

type CreatePolicyInput struct {
	_ struct{} `type:"structure"`

	// Specifies a unique, case-sensitive ID that you provide to ensure the idempotency
	// of the request. This lets you safely retry the request without accidentally
	// performing the same operation a second time. Passing the same value to a
	// later call to an operation requires that you also pass the same value for
	// all other parameters. We recommend that you use a UUID type of value. (https://wikipedia.org/wiki/Universally_unique_identifier).
	//
	// If you don't provide this value, then Amazon Web Services generates a random
	// one for you.
	//
	// If you retry the operation with the same ClientToken, but with different
	// parameters, the retry fails with an IdempotentParameterMismatch error.
	ClientToken *string `locationName:"clientToken" min:"1" type:"string" idempotencyToken:"true"`

	// A structure that specifies the policy type and content to use for the new
	// policy. You must include either a static or a templateLinked element. The
	// policy content must be written in the Cedar policy language.
	//
	// Definition is a required field
	Definition *PolicyDefinition `locationName:"definition" type:"structure" required:"true"`

	// Specifies the PolicyStoreId of the policy store you want to store the policy
	// in.
	//
	// PolicyStoreId is a required field
	PolicyStoreId *string `locationName:"policyStoreId" min:"1" type:"string" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s CreatePolicyInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s CreatePolicyInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *CreatePolicyInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "CreatePolicyInput"}
	if s.ClientToken != nil && len(*s.ClientToken) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("ClientToken", 1))
	}
	if s.Definition == nil {
		invalidParams.Add(request.NewErrParamRequired("Definition"))
	}
	if s.PolicyStoreId == nil {
		invalidParams.Add(request.NewErrParamRequired("PolicyStoreId"))
	}
	if s.PolicyStoreId != nil && len(*s.PolicyStoreId) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("PolicyStoreId", 1))
	}
	if s.Definition != nil {
		if err := s.Definition.Validate(); err != nil {
			invalidParams.AddNested("Definition", err.(request.ErrInvalidParams))
		}
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetClientToken sets the ClientToken field's value.
func (s *CreatePolicyInput) SetClientToken(v string) *CreatePolicyInput {
	s.ClientToken = &v
	return s
}

// SetDefinition sets the Definition field's value.
func (s *CreatePolicyInput) SetDefinition(v *PolicyDefinition) *CreatePolicyInput {
	s.Definition = v
	return s
}

// SetPolicyStoreId sets the PolicyStoreId field's value.
func (s *CreatePolicyInput) SetPolicyStoreId(v string) *CreatePolicyInput {
	s.PolicyStoreId = &v
	return s
}

type CreatePolicyOutput struct {
	_ struct{} `type:"structure"`

	// The date and time the policy was originally created.
	//
	// CreatedDate is a required field
	CreatedDate *time.Time `locationName:"createdDate" type:"timestamp" timestampFormat:"iso8601" required:"true"`

	// The date and time the policy was last updated.
	//
	// LastUpdatedDate is a required field
	LastUpdatedDate *time.Time `locationName:"lastUpdatedDate" type:"timestamp" timestampFormat:"iso8601" required:"true"`

	// The unique ID of the new policy.
	//
	// PolicyId is a required field
	PolicyId *string `locationName:"policyId" min:"1" type:"string" required:"true"`

	// The ID of the policy store that contains the new policy.
	//
	// PolicyStoreId is a required field
	PolicyStoreId *string `locationName:"policyStoreId" min:"1" type:"string" required:"true"`

	// The policy type of the new policy.
	//
	// PolicyType is a required field
	PolicyType *string `locationName:"policyType" type:"string" required:"true" enum:"PolicyType"`

	// The principal specified in the new policy's scope. This response element
	// isn't present when principal isn't specified in the policy content.
	Principal *EntityIdentifier `locationName:"principal" type:"structure"`

	// The resource specified in the new policy's scope. This response element isn't
	// present when the resource isn't specified in the policy content.
	Resource *EntityIdentifier `locationName:"resource" type:"structure"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s CreatePolicyOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s CreatePolicyOutput) GoString() string {
	return s.String()
}

// SetCreatedDate sets the CreatedDate field's value.
func (s *CreatePolicyOutput) SetCreatedDate(v time.Time) *CreatePolicyOutput {
	s.CreatedDate = &v
	return s
}

// SetLastUpdatedDate sets the LastUpdatedDate field's value.
func (s *CreatePolicyOutput) SetLastUpdatedDate(v time.Time) *CreatePolicyOutput {
	s.LastUpdatedDate = &v
	return s
}

// SetPolicyId sets the PolicyId field's value.
func (s *CreatePolicyOutput) SetPolicyId(v string) *CreatePolicyOutput {
	s.PolicyId = &v
	return s
}

// SetPolicyStoreId sets the PolicyStoreId field's value.
func (s *CreatePolicyOutput) SetPolicyStoreId(v string) *CreatePolicyOutput {
	s.PolicyStoreId = &v
	return s
}

// SetPolicyType sets the PolicyType field's value.
func (s *CreatePolicyOutput) SetPolicyType(v string) *CreatePolicyOutput {
	s.PolicyType = &v
	return s
}

// SetPrincipal sets the Principal field's value.
func (s *CreatePolicyOutput) SetPrincipal(v *EntityIdentifier) *CreatePolicyOutput {
	s.Principal = v
	return s
}

// SetResource sets the Resource field's value.
func (s *CreatePolicyOutput) SetResource(v *EntityIdentifier) *CreatePolicyOutput {
	s.Resource = v
	return s
}

type CreatePolicyStoreInput struct {
	_ struct{} `type:"structure"`

	// Specifies a unique, case-sensitive ID that you provide to ensure the idempotency
	// of the request. This lets you safely retry the request without accidentally
	// performing the same operation a second time. Passing the same value to a
	// later call to an operation requires that you also pass the same value for
	// all other parameters. We recommend that you use a UUID type of value. (https://wikipedia.org/wiki/Universally_unique_identifier).
	//
	// If you don't provide this value, then Amazon Web Services generates a random
	// one for you.
	//
	// If you retry the operation with the same ClientToken, but with different
	// parameters, the retry fails with an IdempotentParameterMismatch error.
	ClientToken *string `locationName:"clientToken" min:"1" type:"string" idempotencyToken:"true"`

	// Descriptive text that you can provide to help with identification of the
	// current policy store.
	//
	// Description is a sensitive parameter and its value will be
	// replaced with "sensitive" in string returned by CreatePolicyStoreInput's
	// String and GoString methods.
	Description *string `locationName:"description" type:"string" sensitive:"true"`

	// Specifies the validation setting for this policy store.
	//
	// Currently, the only valid and required value is Mode.
	//
	// We recommend that you turn on STRICT mode only after you define a schema.
	// If a schema doesn't exist, then STRICT mode causes any policy to fail validation,
	// and Verified Permissions rejects the policy. You can turn off validation
	// by using the UpdatePolicyStore (https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_UpdatePolicyStore).
	// Then, when you have a schema defined, use UpdatePolicyStore (https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_UpdatePolicyStore)
	// again to turn validation back on.
	//
	// ValidationSettings is a required field
	ValidationSettings *ValidationSettings `locationName:"validationSettings" type:"structure" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s CreatePolicyStoreInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s CreatePolicyStoreInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *CreatePolicyStoreInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "CreatePolicyStoreInput"}
	if s.ClientToken != nil && len(*s.ClientToken) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("ClientToken", 1))
	}
	if s.ValidationSettings == nil {
		invalidParams.Add(request.NewErrParamRequired("ValidationSettings"))
	}
	if s.ValidationSettings != nil {
		if err := s.ValidationSettings.Validate(); err != nil {
			invalidParams.AddNested("ValidationSettings", err.(request.ErrInvalidParams))
		}
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetClientToken sets the ClientToken field's value.
func (s *CreatePolicyStoreInput) SetClientToken(v string) *CreatePolicyStoreInput {
	s.ClientToken = &v
	return s
}

// SetDescription sets the Description field's value.
func (s *CreatePolicyStoreInput) SetDescription(v string) *CreatePolicyStoreInput {
	s.Description = &v
	return s
}

// SetValidationSettings sets the ValidationSettings field's value.
func (s *CreatePolicyStoreInput) SetValidationSettings(v *ValidationSettings) *CreatePolicyStoreInput {
	s.ValidationSettings = v
	return s
}

type CreatePolicyStoreOutput struct {
	_ struct{} `type:"structure"`

	// The Amazon Resource Name (ARN) of the new policy store.
	//
	// Arn is a required field
	Arn *string `locationName:"arn" min:"1" type:"string" required:"true"`

	// The date and time the policy store was originally created.
	//
	// CreatedDate is a required field
	CreatedDate *time.Time `locationName:"createdDate" type:"timestamp" timestampFormat:"iso8601" required:"true"`

	// The date and time the policy store was last updated.
	//
	// LastUpdatedDate is a required field
	LastUpdatedDate *time.Time `locationName:"lastUpdatedDate" type:"timestamp" timestampFormat:"iso8601" required:"true"`

	// The unique ID of the new policy store.
	//
	// PolicyStoreId is a required field
	PolicyStoreId *string `locationName:"policyStoreId" min:"1" type:"string" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s CreatePolicyStoreOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s CreatePolicyStoreOutput) GoString() string {
	return s.String()
}

// SetArn sets the Arn field's value.
func (s *CreatePolicyStoreOutput) SetArn(v string) *CreatePolicyStoreOutput {
	s.Arn = &v
	return s
}

// SetCreatedDate sets the CreatedDate field's value.
func (s *CreatePolicyStoreOutput) SetCreatedDate(v time.Time) *CreatePolicyStoreOutput {
	s.CreatedDate = &v
	return s
}

// SetLastUpdatedDate sets the LastUpdatedDate field's value.
func (s *CreatePolicyStoreOutput) SetLastUpdatedDate(v time.Time) *CreatePolicyStoreOutput {
	s.LastUpdatedDate = &v
	return s
}

// SetPolicyStoreId sets the PolicyStoreId field's value.
func (s *CreatePolicyStoreOutput) SetPolicyStoreId(v string) *CreatePolicyStoreOutput {
	s.PolicyStoreId = &v
	return s
}

type CreatePolicyTemplateInput struct {
	_ struct{} `type:"structure"`

	// Specifies a unique, case-sensitive ID that you provide to ensure the idempotency
	// of the request. This lets you safely retry the request without accidentally
	// performing the same operation a second time. Passing the same value to a
	// later call to an operation requires that you also pass the same value for
	// all other parameters. We recommend that you use a UUID type of value. (https://wikipedia.org/wiki/Universally_unique_identifier).
	//
	// If you don't provide this value, then Amazon Web Services generates a random
	// one for you.
	//
	// If you retry the operation with the same ClientToken, but with different
	// parameters, the retry fails with an IdempotentParameterMismatch error.
	ClientToken *string `locationName:"clientToken" min:"1" type:"string" idempotencyToken:"true"`

	// Specifies a description for the policy template.
	//
	// Description is a sensitive parameter and its value will be
	// replaced with "sensitive" in string returned by CreatePolicyTemplateInput's
	// String and GoString methods.
	Description *string `locationName:"description" type:"string" sensitive:"true"`

	// The ID of the policy store in which to create the policy template.
	//
	// PolicyStoreId is a required field
	PolicyStoreId *string `locationName:"policyStoreId" min:"1" type:"string" required:"true"`

	// Specifies the content that you want to use for the new policy template, written
	// in the Cedar policy language.
	//
	// Statement is a sensitive parameter and its value will be
	// replaced with "sensitive" in string returned by CreatePolicyTemplateInput's
	// String and GoString methods.
	//
	// Statement is a required field
	Statement *string `locationName:"statement" min:"1" type:"string" required:"true" sensitive:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s CreatePolicyTemplateInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s CreatePolicyTemplateInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *CreatePolicyTemplateInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "CreatePolicyTemplateInput"}
	if s.ClientToken != nil && len(*s.ClientToken) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("ClientToken", 1))
	}
	if s.PolicyStoreId == nil {
		invalidParams.Add(request.NewErrParamRequired("PolicyStoreId"))
	}
	if s.PolicyStoreId != nil && len(*s.PolicyStoreId) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("PolicyStoreId", 1))
	}
	if s.Statement == nil {
		invalidParams.Add(request.NewErrParamRequired("Statement"))
	}
	if s.Statement != nil && len(*s.Statement) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("Statement", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetClientToken sets the ClientToken field's value.
func (s *CreatePolicyTemplateInput) SetClientToken(v string) *CreatePolicyTemplateInput {
	s.ClientToken = &v
	return s
}

// SetDescription sets the Description field's value.
func (s *CreatePolicyTemplateInput) SetDescription(v string) *CreatePolicyTemplateInput {
	s.Description = &v
	return s
}

// SetPolicyStoreId sets the PolicyStoreId field's value.
func (s *CreatePolicyTemplateInput) SetPolicyStoreId(v string) *CreatePolicyTemplateInput {
	s.PolicyStoreId = &v
	return s
}

// SetStatement sets the Statement field's value.
func (s *CreatePolicyTemplateInput) SetStatement(v string) *CreatePolicyTemplateInput {
	s.Statement = &v
	return s
}

type CreatePolicyTemplateOutput struct {
	_ struct{} `type:"structure"`

	// The date and time the policy template was originally created.
	//
	// CreatedDate is a required field
	CreatedDate *time.Time `locationName:"createdDate" type:"timestamp" timestampFormat:"iso8601" required:"true"`

	// The date and time the policy template was most recently updated.
	//
	// LastUpdatedDate is a required field
	LastUpdatedDate *time.Time `locationName:"lastUpdatedDate" type:"timestamp" timestampFormat:"iso8601" required:"true"`

	// The ID of the policy store that contains the policy template.
	//
	// PolicyStoreId is a required field
	PolicyStoreId *string `locationName:"policyStoreId" min:"1" type:"string" required:"true"`

	// The unique ID of the new policy template.
	//
	// PolicyTemplateId is a required field
	PolicyTemplateId *string `locationName:"policyTemplateId" min:"1" type:"string" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s CreatePolicyTemplateOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s CreatePolicyTemplateOutput) GoString() string {
	return s.String()
}

// SetCreatedDate sets the CreatedDate field's value.
func (s *CreatePolicyTemplateOutput) SetCreatedDate(v time.Time) *CreatePolicyTemplateOutput {
	s.CreatedDate = &v
	return s
}

// SetLastUpdatedDate sets the LastUpdatedDate field's value.
func (s *CreatePolicyTemplateOutput) SetLastUpdatedDate(v time.Time) *CreatePolicyTemplateOutput {
	s.LastUpdatedDate = &v
	return s
}

// SetPolicyStoreId sets the PolicyStoreId field's value.
func (s *CreatePolicyTemplateOutput) SetPolicyStoreId(v string) *CreatePolicyTemplateOutput {
	s.PolicyStoreId = &v
	return s
}

// SetPolicyTemplateId sets the PolicyTemplateId field's value.
func (s *CreatePolicyTemplateOutput) SetPolicyTemplateId(v string) *CreatePolicyTemplateOutput {
	s.PolicyTemplateId = &v
	return s
}

type DeleteIdentitySourceInput struct {
	_ struct{} `type:"structure"`

	// Specifies the ID of the identity source that you want to delete.
	//
	// IdentitySourceId is a required field
	IdentitySourceId *string `locationName:"identitySourceId" min:"1" type:"string" required:"true"`

	// Specifies the ID of the policy store that contains the identity source that
	// you want to delete.
	//
	// PolicyStoreId is a required field
	PolicyStoreId *string `locationName:"policyStoreId" min:"1" type:"string" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DeleteIdentitySourceInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DeleteIdentitySourceInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *DeleteIdentitySourceInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "DeleteIdentitySourceInput"}
	if s.IdentitySourceId == nil {
		invalidParams.Add(request.NewErrParamRequired("IdentitySourceId"))
	}
	if s.IdentitySourceId != nil && len(*s.IdentitySourceId) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("IdentitySourceId", 1))
	}
	if s.PolicyStoreId == nil {
		invalidParams.Add(request.NewErrParamRequired("PolicyStoreId"))
	}
	if s.PolicyStoreId != nil && len(*s.PolicyStoreId) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("PolicyStoreId", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetIdentitySourceId sets the IdentitySourceId field's value.
func (s *DeleteIdentitySourceInput) SetIdentitySourceId(v string) *DeleteIdentitySourceInput {
	s.IdentitySourceId = &v
	return s
}

// SetPolicyStoreId sets the PolicyStoreId field's value.
func (s *DeleteIdentitySourceInput) SetPolicyStoreId(v string) *DeleteIdentitySourceInput {
	s.PolicyStoreId = &v
	return s
}

type DeleteIdentitySourceOutput struct {
	_ struct{} `type:"structure"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DeleteIdentitySourceOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DeleteIdentitySourceOutput) GoString() string {
	return s.String()
}

type DeletePolicyInput struct {
	_ struct{} `type:"structure"`

	// Specifies the ID of the policy that you want to delete.
	//
	// PolicyId is a required field
	PolicyId *string `locationName:"policyId" min:"1" type:"string" required:"true"`

	// Specifies the ID of the policy store that contains the policy that you want
	// to delete.
	//
	// PolicyStoreId is a required field
	PolicyStoreId *string `locationName:"policyStoreId" min:"1" type:"string" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DeletePolicyInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DeletePolicyInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *DeletePolicyInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "DeletePolicyInput"}
	if s.PolicyId == nil {
		invalidParams.Add(request.NewErrParamRequired("PolicyId"))
	}
	if s.PolicyId != nil && len(*s.PolicyId) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("PolicyId", 1))
	}
	if s.PolicyStoreId == nil {
		invalidParams.Add(request.NewErrParamRequired("PolicyStoreId"))
	}
	if s.PolicyStoreId != nil && len(*s.PolicyStoreId) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("PolicyStoreId", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetPolicyId sets the PolicyId field's value.
func (s *DeletePolicyInput) SetPolicyId(v string) *DeletePolicyInput {
	s.PolicyId = &v
	return s
}

// SetPolicyStoreId sets the PolicyStoreId field's value.
func (s *DeletePolicyInput) SetPolicyStoreId(v string) *DeletePolicyInput {
	s.PolicyStoreId = &v
	return s
}

type DeletePolicyOutput struct {
	_ struct{} `type:"structure"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DeletePolicyOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DeletePolicyOutput) GoString() string {
	return s.String()
}

type DeletePolicyStoreInput struct {
	_ struct{} `type:"structure"`

	// Specifies the ID of the policy store that you want to delete.
	//
	// PolicyStoreId is a required field
	PolicyStoreId *string `locationName:"policyStoreId" min:"1" type:"string" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DeletePolicyStoreInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DeletePolicyStoreInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *DeletePolicyStoreInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "DeletePolicyStoreInput"}
	if s.PolicyStoreId == nil {
		invalidParams.Add(request.NewErrParamRequired("PolicyStoreId"))
	}
	if s.PolicyStoreId != nil && len(*s.PolicyStoreId) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("PolicyStoreId", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetPolicyStoreId sets the PolicyStoreId field's value.
func (s *DeletePolicyStoreInput) SetPolicyStoreId(v string) *DeletePolicyStoreInput {
	s.PolicyStoreId = &v
	return s
}

type DeletePolicyStoreOutput struct {
	_ struct{} `type:"structure"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DeletePolicyStoreOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DeletePolicyStoreOutput) GoString() string {
	return s.String()
}

type DeletePolicyTemplateInput struct {
	_ struct{} `type:"structure"`

	// Specifies the ID of the policy store that contains the policy template that
	// you want to delete.
	//
	// PolicyStoreId is a required field
	PolicyStoreId *string `locationName:"policyStoreId" min:"1" type:"string" required:"true"`

	// Specifies the ID of the policy template that you want to delete.
	//
	// PolicyTemplateId is a required field
	PolicyTemplateId *string `locationName:"policyTemplateId" min:"1" type:"string" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DeletePolicyTemplateInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DeletePolicyTemplateInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *DeletePolicyTemplateInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "DeletePolicyTemplateInput"}
	if s.PolicyStoreId == nil {
		invalidParams.Add(request.NewErrParamRequired("PolicyStoreId"))
	}
	if s.PolicyStoreId != nil && len(*s.PolicyStoreId) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("PolicyStoreId", 1))
	}
	if s.PolicyTemplateId == nil {
		invalidParams.Add(request.NewErrParamRequired("PolicyTemplateId"))
	}
	if s.PolicyTemplateId != nil && len(*s.PolicyTemplateId) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("PolicyTemplateId", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetPolicyStoreId sets the PolicyStoreId field's value.
func (s *DeletePolicyTemplateInput) SetPolicyStoreId(v string) *DeletePolicyTemplateInput {
	s.PolicyStoreId = &v
	return s
}

// SetPolicyTemplateId sets the PolicyTemplateId field's value.
func (s *DeletePolicyTemplateInput) SetPolicyTemplateId(v string) *DeletePolicyTemplateInput {
	s.PolicyTemplateId = &v
	return s
}

type DeletePolicyTemplateOutput struct {
	_ struct{} `type:"structure"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DeletePolicyTemplateOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DeletePolicyTemplateOutput) GoString() string {
	return s.String()
}

// Contains information about one of the policies that determined an authorization
// decision.
//
// This data type is used as an element in a response parameter for the IsAuthorized
// (https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_IsAuthorized.html),
// BatchIsAuthorized (https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_BatchIsAuthorized.html),
// and IsAuthorizedWithToken (https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_IsAuthorizedWithToken.html)
// operations.
//
// Example: "determiningPolicies":[{"policyId":"SPEXAMPLEabcdefg111111"}]
type DeterminingPolicyItem struct {
	_ struct{} `type:"structure"`

	// The Id of a policy that determined to an authorization decision.
	//
	// Example: "policyId":"SPEXAMPLEabcdefg111111"
	//
	// PolicyId is a required field
	PolicyId *string `locationName:"policyId" min:"1" type:"string" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DeterminingPolicyItem) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DeterminingPolicyItem) GoString() string {
	return s.String()
}

// SetPolicyId sets the PolicyId field's value.
func (s *DeterminingPolicyItem) SetPolicyId(v string) *DeterminingPolicyItem {
	s.PolicyId = &v
	return s
}

// Contains the list of entities to be considered during an authorization request.
// This includes all principals, resources, and actions required to successfully
// evaluate the request.
//
// This data type is used as a field in the response parameter for the IsAuthorized
// (https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_IsAuthorized.html)
// and IsAuthorizedWithToken (https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_IsAuthorizedWithToken.html)
// operations.
type EntitiesDefinition struct {
	_ struct{} `type:"structure"`

	// An array of entities that are needed to successfully evaluate an authorization
	// request. Each entity in this array must include an identifier for the entity,
	// the attributes of the entity, and a list of any parent entities.
	EntityList []*EntityItem `locationName:"entityList" type:"list"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s EntitiesDefinition) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s EntitiesDefinition) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *EntitiesDefinition) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "EntitiesDefinition"}
	if s.EntityList != nil {
		for i, v := range s.EntityList {
			if v == nil {
				continue
			}
			if err := v.Validate(); err != nil {
				invalidParams.AddNested(fmt.Sprintf("%s[%v]", "EntityList", i), err.(request.ErrInvalidParams))
			}
		}
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetEntityList sets the EntityList field's value.
func (s *EntitiesDefinition) SetEntityList(v []*EntityItem) *EntitiesDefinition {
	s.EntityList = v
	return s
}

// Contains the identifier of an entity, including its ID and type.
//
// This data type is used as a request parameter for IsAuthorized (https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_IsAuthorized.html)
// operation, and as a response parameter for the CreatePolicy (https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_CreatePolicy.html),
// GetPolicy (https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_GetPolicy.html),
// and UpdatePolicy (https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_UpdatePolicy.html)
// operations.
//
// Example: {"entityId":"string","entityType":"string"}
type EntityIdentifier struct {
	_ struct{} `type:"structure"`

	// The identifier of an entity.
	//
	// "entityId":"identifier"
	//
	// EntityId is a sensitive parameter and its value will be
	// replaced with "sensitive" in string returned by EntityIdentifier's
	// String and GoString methods.
	//
	// EntityId is a required field
	EntityId *string `locationName:"entityId" min:"1" type:"string" required:"true" sensitive:"true"`

	// The type of an entity.
	//
	// Example: "entityType":"typeName"
	//
	// EntityType is a sensitive parameter and its value will be
	// replaced with "sensitive" in string returned by EntityIdentifier's
	// String and GoString methods.
	//
	// EntityType is a required field
	EntityType *string `locationName:"entityType" min:"1" type:"string" required:"true" sensitive:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s EntityIdentifier) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s EntityIdentifier) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *EntityIdentifier) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "EntityIdentifier"}
	if s.EntityId == nil {
		invalidParams.Add(request.NewErrParamRequired("EntityId"))
	}
	if s.EntityId != nil && len(*s.EntityId) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("EntityId", 1))
	}
	if s.EntityType == nil {
		invalidParams.Add(request.NewErrParamRequired("EntityType"))
	}
	if s.EntityType != nil && len(*s.EntityType) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("EntityType", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetEntityId sets the EntityId field's value.
func (s *EntityIdentifier) SetEntityId(v string) *EntityIdentifier {
	s.EntityId = &v
	return s
}

// SetEntityType sets the EntityType field's value.
func (s *EntityIdentifier) SetEntityType(v string) *EntityIdentifier {
	s.EntityType = &v
	return s
}

// Contains information about an entity that can be referenced in a Cedar policy.
//
// This data type is used as one of the fields in the EntitiesDefinition (https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_EntitiesDefinition.html)
// structure.
//
// { "identifier": { "entityType": "Photo", "entityId": "VacationPhoto94.jpg"
// }, "attributes": {}, "parents": [ { "entityType": "Album", "entityId": "alice_folder"
// } ] }
type EntityItem struct {
	_ struct{} `type:"structure"`

	// A list of attributes for the entity.
	Attributes map[string]*AttributeValue `locationName:"attributes" type:"map"`

	// The identifier of the entity.
	//
	// Identifier is a required field
	Identifier *EntityIdentifier `locationName:"identifier" type:"structure" required:"true"`

	// The parents in the hierarchy that contains the entity.
	Parents []*EntityIdentifier `locationName:"parents" type:"list"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s EntityItem) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s EntityItem) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *EntityItem) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "EntityItem"}
	if s.Identifier == nil {
		invalidParams.Add(request.NewErrParamRequired("Identifier"))
	}
	if s.Attributes != nil {
		for i, v := range s.Attributes {
			if v == nil {
				continue
			}
			if err := v.Validate(); err != nil {
				invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Attributes", i), err.(request.ErrInvalidParams))
			}
		}
	}
	if s.Identifier != nil {
		if err := s.Identifier.Validate(); err != nil {
			invalidParams.AddNested("Identifier", err.(request.ErrInvalidParams))
		}
	}
	if s.Parents != nil {
		for i, v := range s.Parents {
			if v == nil {
				continue
			}
			if err := v.Validate(); err != nil {
				invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Parents", i), err.(request.ErrInvalidParams))
			}
		}
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetAttributes sets the Attributes field's value.
func (s *EntityItem) SetAttributes(v map[string]*AttributeValue) *EntityItem {
	s.Attributes = v
	return s
}

// SetIdentifier sets the Identifier field's value.
func (s *EntityItem) SetIdentifier(v *EntityIdentifier) *EntityItem {
	s.Identifier = v
	return s
}

// SetParents sets the Parents field's value.
func (s *EntityItem) SetParents(v []*EntityIdentifier) *EntityItem {
	s.Parents = v
	return s
}

// Contains information about a principal or resource that can be referenced
// in a Cedar policy.
//
// This data type is used as part of the PolicyFilter (https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_PolicyFilter.html)
// structure that is used as a request parameter for the ListPolicies (https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_ListPolicies.html)
// operation..
type EntityReference struct {
	_ struct{} `type:"structure"`

	// The identifier of the entity. It can consist of either an EntityType and
	// EntityId, a principal, or a resource.
	Identifier *EntityIdentifier `locationName:"identifier" type:"structure"`

	// Used to indicate that a principal or resource is not specified. This can
	// be used to search for policies that are not associated with a specific principal
	// or resource.
	Unspecified *bool `locationName:"unspecified" type:"boolean"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s EntityReference) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s EntityReference) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *EntityReference) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "EntityReference"}
	if s.Identifier != nil {
		if err := s.Identifier.Validate(); err != nil {
			invalidParams.AddNested("Identifier", err.(request.ErrInvalidParams))
		}
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetIdentifier sets the Identifier field's value.
func (s *EntityReference) SetIdentifier(v *EntityIdentifier) *EntityReference {
	s.Identifier = v
	return s
}

// SetUnspecified sets the Unspecified field's value.
func (s *EntityReference) SetUnspecified(v bool) *EntityReference {
	s.Unspecified = &v
	return s
}

// Contains a description of an evaluation error.
//
// This data type is a response parameter of the IsAuthorized (https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_IsAuthorized.html),
// BatchIsAuthorized (https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_BatchIsAuthorized.html),
// and IsAuthorizedWithToken (https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_IsAuthorizedWithToken.html)
// operations.
type EvaluationErrorItem struct {
	_ struct{} `type:"structure" sensitive:"true"`

	// The error description.
	//
	// ErrorDescription is a required field
	ErrorDescription *string `locationName:"errorDescription" type:"string" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s EvaluationErrorItem) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s EvaluationErrorItem) GoString() string {
	return s.String()
}

// SetErrorDescription sets the ErrorDescription field's value.
func (s *EvaluationErrorItem) SetErrorDescription(v string) *EvaluationErrorItem {
	s.ErrorDescription = &v
	return s
}

type GetIdentitySourceInput struct {
	_ struct{} `type:"structure"`

	// Specifies the ID of the identity source you want information about.
	//
	// IdentitySourceId is a required field
	IdentitySourceId *string `locationName:"identitySourceId" min:"1" type:"string" required:"true"`

	// Specifies the ID of the policy store that contains the identity source you
	// want information about.
	//
	// PolicyStoreId is a required field
	PolicyStoreId *string `locationName:"policyStoreId" min:"1" type:"string" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s GetIdentitySourceInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s GetIdentitySourceInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *GetIdentitySourceInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "GetIdentitySourceInput"}
	if s.IdentitySourceId == nil {
		invalidParams.Add(request.NewErrParamRequired("IdentitySourceId"))
	}
	if s.IdentitySourceId != nil && len(*s.IdentitySourceId) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("IdentitySourceId", 1))
	}
	if s.PolicyStoreId == nil {
		invalidParams.Add(request.NewErrParamRequired("PolicyStoreId"))
	}
	if s.PolicyStoreId != nil && len(*s.PolicyStoreId) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("PolicyStoreId", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetIdentitySourceId sets the IdentitySourceId field's value.
func (s *GetIdentitySourceInput) SetIdentitySourceId(v string) *GetIdentitySourceInput {
	s.IdentitySourceId = &v
	return s
}

// SetPolicyStoreId sets the PolicyStoreId field's value.
func (s *GetIdentitySourceInput) SetPolicyStoreId(v string) *GetIdentitySourceInput {
	s.PolicyStoreId = &v
	return s
}

type GetIdentitySourceOutput struct {
	_ struct{} `type:"structure"`

	// The date and time that the identity source was originally created.
	//
	// CreatedDate is a required field
	CreatedDate *time.Time `locationName:"createdDate" type:"timestamp" timestampFormat:"iso8601" required:"true"`

	// A structure that describes the configuration of the identity source.
	//
	// Details is a required field
	Details *IdentitySourceDetails `locationName:"details" type:"structure" required:"true"`

	// The ID of the identity source.
	//
	// IdentitySourceId is a required field
	IdentitySourceId *string `locationName:"identitySourceId" min:"1" type:"string" required:"true"`

	// The date and time that the identity source was most recently updated.
	//
	// LastUpdatedDate is a required field
	LastUpdatedDate *time.Time `locationName:"lastUpdatedDate" type:"timestamp" timestampFormat:"iso8601" required:"true"`

	// The ID of the policy store that contains the identity source.
	//
	// PolicyStoreId is a required field
	PolicyStoreId *string `locationName:"policyStoreId" min:"1" type:"string" required:"true"`

	// The data type of principals generated for identities authenticated by this
	// identity source.
	//
	// PrincipalEntityType is a sensitive parameter and its value will be
	// replaced with "sensitive" in string returned by GetIdentitySourceOutput's
	// String and GoString methods.
	//
	// PrincipalEntityType is a required field
	PrincipalEntityType *string `locationName:"principalEntityType" min:"1" type:"string" required:"true" sensitive:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s GetIdentitySourceOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s GetIdentitySourceOutput) GoString() string {
	return s.String()
}

// SetCreatedDate sets the CreatedDate field's value.
func (s *GetIdentitySourceOutput) SetCreatedDate(v time.Time) *GetIdentitySourceOutput {
	s.CreatedDate = &v
	return s
}

// SetDetails sets the Details field's value.
func (s *GetIdentitySourceOutput) SetDetails(v *IdentitySourceDetails) *GetIdentitySourceOutput {
	s.Details = v
	return s
}

// SetIdentitySourceId sets the IdentitySourceId field's value.
func (s *GetIdentitySourceOutput) SetIdentitySourceId(v string) *GetIdentitySourceOutput {
	s.IdentitySourceId = &v
	return s
}

// SetLastUpdatedDate sets the LastUpdatedDate field's value.
func (s *GetIdentitySourceOutput) SetLastUpdatedDate(v time.Time) *GetIdentitySourceOutput {
	s.LastUpdatedDate = &v
	return s
}

// SetPolicyStoreId sets the PolicyStoreId field's value.
func (s *GetIdentitySourceOutput) SetPolicyStoreId(v string) *GetIdentitySourceOutput {
	s.PolicyStoreId = &v
	return s
}

// SetPrincipalEntityType sets the PrincipalEntityType field's value.
func (s *GetIdentitySourceOutput) SetPrincipalEntityType(v string) *GetIdentitySourceOutput {
	s.PrincipalEntityType = &v
	return s
}

type GetPolicyInput struct {
	_ struct{} `type:"structure"`

	// Specifies the ID of the policy you want information about.
	//
	// PolicyId is a required field
	PolicyId *string `locationName:"policyId" min:"1" type:"string" required:"true"`

	// Specifies the ID of the policy store that contains the policy that you want
	// information about.
	//
	// PolicyStoreId is a required field
	PolicyStoreId *string `locationName:"policyStoreId" min:"1" type:"string" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s GetPolicyInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s GetPolicyInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *GetPolicyInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "GetPolicyInput"}
	if s.PolicyId == nil {
		invalidParams.Add(request.NewErrParamRequired("PolicyId"))
	}
	if s.PolicyId != nil && len(*s.PolicyId) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("PolicyId", 1))
	}
	if s.PolicyStoreId == nil {
		invalidParams.Add(request.NewErrParamRequired("PolicyStoreId"))
	}
	if s.PolicyStoreId != nil && len(*s.PolicyStoreId) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("PolicyStoreId", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetPolicyId sets the PolicyId field's value.
func (s *GetPolicyInput) SetPolicyId(v string) *GetPolicyInput {
	s.PolicyId = &v
	return s
}

// SetPolicyStoreId sets the PolicyStoreId field's value.
func (s *GetPolicyInput) SetPolicyStoreId(v string) *GetPolicyInput {
	s.PolicyStoreId = &v
	return s
}

type GetPolicyOutput struct {
	_ struct{} `type:"structure"`

	// The date and time that the policy was originally created.
	//
	// CreatedDate is a required field
	CreatedDate *time.Time `locationName:"createdDate" type:"timestamp" timestampFormat:"iso8601" required:"true"`

	// The definition of the requested policy.
	//
	// Definition is a required field
	Definition *PolicyDefinitionDetail `locationName:"definition" type:"structure" required:"true"`

	// The date and time that the policy was last updated.
	//
	// LastUpdatedDate is a required field
	LastUpdatedDate *time.Time `locationName:"lastUpdatedDate" type:"timestamp" timestampFormat:"iso8601" required:"true"`

	// The unique ID of the policy that you want information about.
	//
	// PolicyId is a required field
	PolicyId *string `locationName:"policyId" min:"1" type:"string" required:"true"`

	// The ID of the policy store that contains the policy that you want information
	// about.
	//
	// PolicyStoreId is a required field
	PolicyStoreId *string `locationName:"policyStoreId" min:"1" type:"string" required:"true"`

	// The type of the policy.
	//
	// PolicyType is a required field
	PolicyType *string `locationName:"policyType" type:"string" required:"true" enum:"PolicyType"`

	// The principal specified in the policy's scope. This element isn't included
	// in the response when Principal isn't present in the policy content.
	Principal *EntityIdentifier `locationName:"principal" type:"structure"`

	// The resource specified in the policy's scope. This element isn't included
	// in the response when Resource isn't present in the policy content.
	Resource *EntityIdentifier `locationName:"resource" type:"structure"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s GetPolicyOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s GetPolicyOutput) GoString() string {
	return s.String()
}

// SetCreatedDate sets the CreatedDate field's value.
func (s *GetPolicyOutput) SetCreatedDate(v time.Time) *GetPolicyOutput {
	s.CreatedDate = &v
	return s
}

// SetDefinition sets the Definition field's value.
func (s *GetPolicyOutput) SetDefinition(v *PolicyDefinitionDetail) *GetPolicyOutput {
	s.Definition = v
	return s
}

// SetLastUpdatedDate sets the LastUpdatedDate field's value.
func (s *GetPolicyOutput) SetLastUpdatedDate(v time.Time) *GetPolicyOutput {
	s.LastUpdatedDate = &v
	return s
}

// SetPolicyId sets the PolicyId field's value.
func (s *GetPolicyOutput) SetPolicyId(v string) *GetPolicyOutput {
	s.PolicyId = &v
	return s
}

// SetPolicyStoreId sets the PolicyStoreId field's value.
func (s *GetPolicyOutput) SetPolicyStoreId(v string) *GetPolicyOutput {
	s.PolicyStoreId = &v
	return s
}

// SetPolicyType sets the PolicyType field's value.
func (s *GetPolicyOutput) SetPolicyType(v string) *GetPolicyOutput {
	s.PolicyType = &v
	return s
}

// SetPrincipal sets the Principal field's value.
func (s *GetPolicyOutput) SetPrincipal(v *EntityIdentifier) *GetPolicyOutput {
	s.Principal = v
	return s
}

// SetResource sets the Resource field's value.
func (s *GetPolicyOutput) SetResource(v *EntityIdentifier) *GetPolicyOutput {
	s.Resource = v
	return s
}

type GetPolicyStoreInput struct {
	_ struct{} `type:"structure"`

	// Specifies the ID of the policy store that you want information about.
	//
	// PolicyStoreId is a required field
	PolicyStoreId *string `locationName:"policyStoreId" min:"1" type:"string" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s GetPolicyStoreInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s GetPolicyStoreInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *GetPolicyStoreInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "GetPolicyStoreInput"}
	if s.PolicyStoreId == nil {
		invalidParams.Add(request.NewErrParamRequired("PolicyStoreId"))
	}
	if s.PolicyStoreId != nil && len(*s.PolicyStoreId) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("PolicyStoreId", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetPolicyStoreId sets the PolicyStoreId field's value.
func (s *GetPolicyStoreInput) SetPolicyStoreId(v string) *GetPolicyStoreInput {
	s.PolicyStoreId = &v
	return s
}

type GetPolicyStoreOutput struct {
	_ struct{} `type:"structure"`

	// The Amazon Resource Name (ARN) of the policy store.
	//
	// Arn is a required field
	Arn *string `locationName:"arn" min:"1" type:"string" required:"true"`

	// The date and time that the policy store was originally created.
	//
	// CreatedDate is a required field
	CreatedDate *time.Time `locationName:"createdDate" type:"timestamp" timestampFormat:"iso8601" required:"true"`

	// Descriptive text that you can provide to help with identification of the
	// current policy store.
	//
	// Description is a sensitive parameter and its value will be
	// replaced with "sensitive" in string returned by GetPolicyStoreOutput's
	// String and GoString methods.
	Description *string `locationName:"description" type:"string" sensitive:"true"`

	// The date and time that the policy store was last updated.
	//
	// LastUpdatedDate is a required field
	LastUpdatedDate *time.Time `locationName:"lastUpdatedDate" type:"timestamp" timestampFormat:"iso8601" required:"true"`

	// The ID of the policy store;
	//
	// PolicyStoreId is a required field
	PolicyStoreId *string `locationName:"policyStoreId" min:"1" type:"string" required:"true"`

	// The current validation settings for the policy store.
	//
	// ValidationSettings is a required field
	ValidationSettings *ValidationSettings `locationName:"validationSettings" type:"structure" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s GetPolicyStoreOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s GetPolicyStoreOutput) GoString() string {
	return s.String()
}

// SetArn sets the Arn field's value.
func (s *GetPolicyStoreOutput) SetArn(v string) *GetPolicyStoreOutput {
	s.Arn = &v
	return s
}

// SetCreatedDate sets the CreatedDate field's value.
func (s *GetPolicyStoreOutput) SetCreatedDate(v time.Time) *GetPolicyStoreOutput {
	s.CreatedDate = &v
	return s
}

// SetDescription sets the Description field's value.
func (s *GetPolicyStoreOutput) SetDescription(v string) *GetPolicyStoreOutput {
	s.Description = &v
	return s
}

// SetLastUpdatedDate sets the LastUpdatedDate field's value.
func (s *GetPolicyStoreOutput) SetLastUpdatedDate(v time.Time) *GetPolicyStoreOutput {
	s.LastUpdatedDate = &v
	return s
}

// SetPolicyStoreId sets the PolicyStoreId field's value.
func (s *GetPolicyStoreOutput) SetPolicyStoreId(v string) *GetPolicyStoreOutput {
	s.PolicyStoreId = &v
	return s
}

// SetValidationSettings sets the ValidationSettings field's value.
func (s *GetPolicyStoreOutput) SetValidationSettings(v *ValidationSettings) *GetPolicyStoreOutput {
	s.ValidationSettings = v
	return s
}

type GetPolicyTemplateInput struct {
	_ struct{} `type:"structure"`

	// Specifies the ID of the policy store that contains the policy template that
	// you want information about.
	//
	// PolicyStoreId is a required field
	PolicyStoreId *string `locationName:"policyStoreId" min:"1" type:"string" required:"true"`

	// Specifies the ID of the policy template that you want information about.
	//
	// PolicyTemplateId is a required field
	PolicyTemplateId *string `locationName:"policyTemplateId" min:"1" type:"string" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s GetPolicyTemplateInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s GetPolicyTemplateInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *GetPolicyTemplateInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "GetPolicyTemplateInput"}
	if s.PolicyStoreId == nil {
		invalidParams.Add(request.NewErrParamRequired("PolicyStoreId"))
	}
	if s.PolicyStoreId != nil && len(*s.PolicyStoreId) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("PolicyStoreId", 1))
	}
	if s.PolicyTemplateId == nil {
		invalidParams.Add(request.NewErrParamRequired("PolicyTemplateId"))
	}
	if s.PolicyTemplateId != nil && len(*s.PolicyTemplateId) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("PolicyTemplateId", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetPolicyStoreId sets the PolicyStoreId field's value.
func (s *GetPolicyTemplateInput) SetPolicyStoreId(v string) *GetPolicyTemplateInput {
	s.PolicyStoreId = &v
	return s
}

// SetPolicyTemplateId sets the PolicyTemplateId field's value.
func (s *GetPolicyTemplateInput) SetPolicyTemplateId(v string) *GetPolicyTemplateInput {
	s.PolicyTemplateId = &v
	return s
}

type GetPolicyTemplateOutput struct {
	_ struct{} `type:"structure"`

	// The date and time that the policy template was originally created.
	//
	// CreatedDate is a required field
	CreatedDate *time.Time `locationName:"createdDate" type:"timestamp" timestampFormat:"iso8601" required:"true"`

	// The description of the policy template.
	//
	// Description is a sensitive parameter and its value will be
	// replaced with "sensitive" in string returned by GetPolicyTemplateOutput's
	// String and GoString methods.
	Description *string `locationName:"description" type:"string" sensitive:"true"`

	// The date and time that the policy template was most recently updated.
	//
	// LastUpdatedDate is a required field
	LastUpdatedDate *time.Time `locationName:"lastUpdatedDate" type:"timestamp" timestampFormat:"iso8601" required:"true"`

	// The ID of the policy store that contains the policy template.
	//
	// PolicyStoreId is a required field
	PolicyStoreId *string `locationName:"policyStoreId" min:"1" type:"string" required:"true"`

	// The ID of the policy template.
	//
	// PolicyTemplateId is a required field
	PolicyTemplateId *string `locationName:"policyTemplateId" min:"1" type:"string" required:"true"`

	// The content of the body of the policy template written in the Cedar policy
	// language.
	//
	// Statement is a sensitive parameter and its value will be
	// replaced with "sensitive" in string returned by GetPolicyTemplateOutput's
	// String and GoString methods.
	//
	// Statement is a required field
	Statement *string `locationName:"statement" min:"1" type:"string" required:"true" sensitive:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s GetPolicyTemplateOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s GetPolicyTemplateOutput) GoString() string {
	return s.String()
}

// SetCreatedDate sets the CreatedDate field's value.
func (s *GetPolicyTemplateOutput) SetCreatedDate(v time.Time) *GetPolicyTemplateOutput {
	s.CreatedDate = &v
	return s
}

// SetDescription sets the Description field's value.
func (s *GetPolicyTemplateOutput) SetDescription(v string) *GetPolicyTemplateOutput {
	s.Description = &v
	return s
}

// SetLastUpdatedDate sets the LastUpdatedDate field's value.
func (s *GetPolicyTemplateOutput) SetLastUpdatedDate(v time.Time) *GetPolicyTemplateOutput {
	s.LastUpdatedDate = &v
	return s
}

// SetPolicyStoreId sets the PolicyStoreId field's value.
func (s *GetPolicyTemplateOutput) SetPolicyStoreId(v string) *GetPolicyTemplateOutput {
	s.PolicyStoreId = &v
	return s
}

// SetPolicyTemplateId sets the PolicyTemplateId field's value.
func (s *GetPolicyTemplateOutput) SetPolicyTemplateId(v string) *GetPolicyTemplateOutput {
	s.PolicyTemplateId = &v
	return s
}

// SetStatement sets the Statement field's value.
func (s *GetPolicyTemplateOutput) SetStatement(v string) *GetPolicyTemplateOutput {
	s.Statement = &v
	return s
}

type GetSchemaInput struct {
	_ struct{} `type:"structure"`

	// Specifies the ID of the policy store that contains the schema.
	//
	// PolicyStoreId is a required field
	PolicyStoreId *string `locationName:"policyStoreId" min:"1" type:"string" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s GetSchemaInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s GetSchemaInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *GetSchemaInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "GetSchemaInput"}
	if s.PolicyStoreId == nil {
		invalidParams.Add(request.NewErrParamRequired("PolicyStoreId"))
	}
	if s.PolicyStoreId != nil && len(*s.PolicyStoreId) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("PolicyStoreId", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetPolicyStoreId sets the PolicyStoreId field's value.
func (s *GetSchemaInput) SetPolicyStoreId(v string) *GetSchemaInput {
	s.PolicyStoreId = &v
	return s
}

type GetSchemaOutput struct {
	_ struct{} `type:"structure"`

	// The date and time that the schema was originally created.
	//
	// CreatedDate is a required field
	CreatedDate *time.Time `locationName:"createdDate" type:"timestamp" timestampFormat:"iso8601" required:"true"`

	// The date and time that the schema was most recently updated.
	//
	// LastUpdatedDate is a required field
	LastUpdatedDate *time.Time `locationName:"lastUpdatedDate" type:"timestamp" timestampFormat:"iso8601" required:"true"`

	// The namespaces of the entities referenced by this schema.
	Namespaces []*string `locationName:"namespaces" type:"list"`

	// The ID of the policy store that contains the schema.
	//
	// PolicyStoreId is a required field
	PolicyStoreId *string `locationName:"policyStoreId" min:"1" type:"string" required:"true"`

	// The body of the schema, written in Cedar schema JSON.
	//
	// Schema is a sensitive parameter and its value will be
	// replaced with "sensitive" in string returned by GetSchemaOutput's
	// String and GoString methods.
	//
	// Schema is a required field
	Schema *string `locationName:"schema" min:"1" type:"string" required:"true" sensitive:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s GetSchemaOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s GetSchemaOutput) GoString() string {
	return s.String()
}

// SetCreatedDate sets the CreatedDate field's value.
func (s *GetSchemaOutput) SetCreatedDate(v time.Time) *GetSchemaOutput {
	s.CreatedDate = &v
	return s
}

// SetLastUpdatedDate sets the LastUpdatedDate field's value.
func (s *GetSchemaOutput) SetLastUpdatedDate(v time.Time) *GetSchemaOutput {
	s.LastUpdatedDate = &v
	return s
}

// SetNamespaces sets the Namespaces field's value.
func (s *GetSchemaOutput) SetNamespaces(v []*string) *GetSchemaOutput {
	s.Namespaces = v
	return s
}

// SetPolicyStoreId sets the PolicyStoreId field's value.
func (s *GetSchemaOutput) SetPolicyStoreId(v string) *GetSchemaOutput {
	s.PolicyStoreId = &v
	return s
}

// SetSchema sets the Schema field's value.
func (s *GetSchemaOutput) SetSchema(v string) *GetSchemaOutput {
	s.Schema = &v
	return s
}

// A structure that contains configuration of the identity source.
//
// This data type is used as a response parameter for the CreateIdentitySource
// (https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_CreateIdentitySource.html)
// operation.
type IdentitySourceDetails struct {
	_ struct{} `type:"structure"`

	// The application client IDs associated with the specified Amazon Cognito user
	// pool that are enabled for this identity source.
	ClientIds []*string `locationName:"clientIds" type:"list"`

	// The well-known URL that points to this user pool's OIDC discovery endpoint.
	// This is a URL string in the following format. This URL replaces the placeholders
	// for both the Amazon Web Services Region and the user pool identifier with
	// those appropriate for this user pool.
	//
	// https://cognito-idp.<region>.amazonaws.com/<user-pool-id>/.well-known/openid-configuration
	DiscoveryUrl *string `locationName:"discoveryUrl" min:"1" type:"string"`

	// A string that identifies the type of OIDC service represented by this identity
	// source.
	//
	// At this time, the only valid value is cognito.
	OpenIdIssuer *string `locationName:"openIdIssuer" type:"string" enum:"OpenIdIssuer"`

	// The Amazon Resource Name (ARN) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
	// of the Amazon Cognito user pool whose identities are accessible to this Verified
	// Permissions policy store.
	UserPoolArn *string `locationName:"userPoolArn" min:"1" type:"string"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s IdentitySourceDetails) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s IdentitySourceDetails) GoString() string {
	return s.String()
}

// SetClientIds sets the ClientIds field's value.
func (s *IdentitySourceDetails) SetClientIds(v []*string) *IdentitySourceDetails {
	s.ClientIds = v
	return s
}

// SetDiscoveryUrl sets the DiscoveryUrl field's value.
func (s *IdentitySourceDetails) SetDiscoveryUrl(v string) *IdentitySourceDetails {
	s.DiscoveryUrl = &v
	return s
}

// SetOpenIdIssuer sets the OpenIdIssuer field's value.
func (s *IdentitySourceDetails) SetOpenIdIssuer(v string) *IdentitySourceDetails {
	s.OpenIdIssuer = &v
	return s
}

// SetUserPoolArn sets the UserPoolArn field's value.
func (s *IdentitySourceDetails) SetUserPoolArn(v string) *IdentitySourceDetails {
	s.UserPoolArn = &v
	return s
}

// A structure that defines characteristics of an identity source that you can
// use to filter.
//
// This data type is used as a request parameter for the ListIdentityStores
// (https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_ListIdentityStores.html)
// operation.
type IdentitySourceFilter struct {
	_ struct{} `type:"structure"`

	// The Cedar entity type of the principals returned by the identity provider
	// (IdP) associated with this identity source.
	//
	// PrincipalEntityType is a sensitive parameter and its value will be
	// replaced with "sensitive" in string returned by IdentitySourceFilter's
	// String and GoString methods.
	PrincipalEntityType *string `locationName:"principalEntityType" min:"1" type:"string" sensitive:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s IdentitySourceFilter) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s IdentitySourceFilter) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *IdentitySourceFilter) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "IdentitySourceFilter"}
	if s.PrincipalEntityType != nil && len(*s.PrincipalEntityType) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("PrincipalEntityType", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetPrincipalEntityType sets the PrincipalEntityType field's value.
func (s *IdentitySourceFilter) SetPrincipalEntityType(v string) *IdentitySourceFilter {
	s.PrincipalEntityType = &v
	return s
}

// A structure that defines an identity source.
//
// This data type is used as a request parameter for the ListIdentityStores
// (https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_ListIdentityStores.html)
// operation.
type IdentitySourceItem struct {
	_ struct{} `type:"structure"`

	// The date and time the identity source was originally created.
	//
	// CreatedDate is a required field
	CreatedDate *time.Time `locationName:"createdDate" type:"timestamp" timestampFormat:"iso8601" required:"true"`

	// A structure that contains the details of the associated identity provider
	// (IdP).
	//
	// Details is a required field
	Details *IdentitySourceItemDetails `locationName:"details" type:"structure" required:"true"`

	// The unique identifier of the identity source.
	//
	// IdentitySourceId is a required field
	IdentitySourceId *string `locationName:"identitySourceId" min:"1" type:"string" required:"true"`

	// The date and time the identity source was most recently updated.
	//
	// LastUpdatedDate is a required field
	LastUpdatedDate *time.Time `locationName:"lastUpdatedDate" type:"timestamp" timestampFormat:"iso8601" required:"true"`

	// The identifier of the policy store that contains the identity source.
	//
	// PolicyStoreId is a required field
	PolicyStoreId *string `locationName:"policyStoreId" min:"1" type:"string" required:"true"`

	// The Cedar entity type of the principals returned from the IdP associated
	// with this identity source.
	//
	// PrincipalEntityType is a sensitive parameter and its value will be
	// replaced with "sensitive" in string returned by IdentitySourceItem's
	// String and GoString methods.
	//
	// PrincipalEntityType is a required field
	PrincipalEntityType *string `locationName:"principalEntityType" min:"1" type:"string" required:"true" sensitive:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s IdentitySourceItem) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s IdentitySourceItem) GoString() string {
	return s.String()
}

// SetCreatedDate sets the CreatedDate field's value.
func (s *IdentitySourceItem) SetCreatedDate(v time.Time) *IdentitySourceItem {
	s.CreatedDate = &v
	return s
}

// SetDetails sets the Details field's value.
func (s *IdentitySourceItem) SetDetails(v *IdentitySourceItemDetails) *IdentitySourceItem {
	s.Details = v
	return s
}

// SetIdentitySourceId sets the IdentitySourceId field's value.
func (s *IdentitySourceItem) SetIdentitySourceId(v string) *IdentitySourceItem {
	s.IdentitySourceId = &v
	return s
}

// SetLastUpdatedDate sets the LastUpdatedDate field's value.
func (s *IdentitySourceItem) SetLastUpdatedDate(v time.Time) *IdentitySourceItem {
	s.LastUpdatedDate = &v
	return s
}

// SetPolicyStoreId sets the PolicyStoreId field's value.
func (s *IdentitySourceItem) SetPolicyStoreId(v string) *IdentitySourceItem {
	s.PolicyStoreId = &v
	return s
}

// SetPrincipalEntityType sets the PrincipalEntityType field's value.
func (s *IdentitySourceItem) SetPrincipalEntityType(v string) *IdentitySourceItem {
	s.PrincipalEntityType = &v
	return s
}

// A structure that contains configuration of the identity source.
//
// This data type is used as a response parameter for the CreateIdentitySource
// (https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_CreateIdentitySource.html)
// operation.
type IdentitySourceItemDetails struct {
	_ struct{} `type:"structure"`

	// The application client IDs associated with the specified Amazon Cognito user
	// pool that are enabled for this identity source.
	ClientIds []*string `locationName:"clientIds" type:"list"`

	// The well-known URL that points to this user pool's OIDC discovery endpoint.
	// This is a URL string in the following format. This URL replaces the placeholders
	// for both the Amazon Web Services Region and the user pool identifier with
	// those appropriate for this user pool.
	//
	// https://cognito-idp.<region>.amazonaws.com/<user-pool-id>/.well-known/openid-configuration
	DiscoveryUrl *string `locationName:"discoveryUrl" min:"1" type:"string"`

	// A string that identifies the type of OIDC service represented by this identity
	// source.
	//
	// At this time, the only valid value is cognito.
	OpenIdIssuer *string `locationName:"openIdIssuer" type:"string" enum:"OpenIdIssuer"`

	// The Amazon Cognito user pool whose identities are accessible to this Verified
	// Permissions policy store.
	UserPoolArn *string `locationName:"userPoolArn" min:"1" type:"string"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s IdentitySourceItemDetails) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s IdentitySourceItemDetails) GoString() string {
	return s.String()
}

// SetClientIds sets the ClientIds field's value.
func (s *IdentitySourceItemDetails) SetClientIds(v []*string) *IdentitySourceItemDetails {
	s.ClientIds = v
	return s
}

// SetDiscoveryUrl sets the DiscoveryUrl field's value.
func (s *IdentitySourceItemDetails) SetDiscoveryUrl(v string) *IdentitySourceItemDetails {
	s.DiscoveryUrl = &v
	return s
}

// SetOpenIdIssuer sets the OpenIdIssuer field's value.
func (s *IdentitySourceItemDetails) SetOpenIdIssuer(v string) *IdentitySourceItemDetails {
	s.OpenIdIssuer = &v
	return s
}

// SetUserPoolArn sets the UserPoolArn field's value.
func (s *IdentitySourceItemDetails) SetUserPoolArn(v string) *IdentitySourceItemDetails {
	s.UserPoolArn = &v
	return s
}

// The request failed because of an internal error. Try your request again later
type InternalServerException struct {
	_            struct{}                  `type:"structure"`
	RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`

	Message_ *string `locationName:"message" type:"string"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s InternalServerException) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s InternalServerException) GoString() string {
	return s.String()
}

func newErrorInternalServerException(v protocol.ResponseMetadata) error {
	return &InternalServerException{
		RespMetadata: v,
	}
}

// Code returns the exception type name.
func (s *InternalServerException) Code() string {
	return "InternalServerException"
}

// Message returns the exception's message.
func (s *InternalServerException) Message() string {
	if s.Message_ != nil {
		return *s.Message_
	}
	return ""
}

// OrigErr always returns nil, satisfies awserr.Error interface.
func (s *InternalServerException) OrigErr() error {
	return nil
}

func (s *InternalServerException) Error() string {
	return fmt.Sprintf("%s: %s", s.Code(), s.Message())
}

// Status code returns the HTTP status code for the request's response error.
func (s *InternalServerException) StatusCode() int {
	return s.RespMetadata.StatusCode
}

// RequestID returns the service's response RequestID for request.
func (s *InternalServerException) RequestID() string {
	return s.RespMetadata.RequestID
}

type IsAuthorizedInput struct {
	_ struct{} `type:"structure"`

	// Specifies the requested action to be authorized. For example, is the principal
	// authorized to perform this action on the resource?
	Action *ActionIdentifier `locationName:"action" type:"structure"`

	// Specifies additional context that can be used to make more granular authorization
	// decisions.
	Context *ContextDefinition `locationName:"context" type:"structure"`

	// Specifies the list of resources and principals and their associated attributes
	// that Verified Permissions can examine when evaluating the policies.
	//
	// You can include only principal and resource entities in this parameter; you
	// can't include actions. You must specify actions in the schema.
	Entities *EntitiesDefinition `locationName:"entities" type:"structure"`

	// Specifies the ID of the policy store. Policies in this policy store will
	// be used to make an authorization decision for the input.
	//
	// PolicyStoreId is a required field
	PolicyStoreId *string `locationName:"policyStoreId" min:"1" type:"string" required:"true"`

	// Specifies the principal for which the authorization decision is to be made.
	Principal *EntityIdentifier `locationName:"principal" type:"structure"`

	// Specifies the resource for which the authorization decision is to be made.
	Resource *EntityIdentifier `locationName:"resource" type:"structure"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s IsAuthorizedInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s IsAuthorizedInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *IsAuthorizedInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "IsAuthorizedInput"}
	if s.PolicyStoreId == nil {
		invalidParams.Add(request.NewErrParamRequired("PolicyStoreId"))
	}
	if s.PolicyStoreId != nil && len(*s.PolicyStoreId) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("PolicyStoreId", 1))
	}
	if s.Action != nil {
		if err := s.Action.Validate(); err != nil {
			invalidParams.AddNested("Action", err.(request.ErrInvalidParams))
		}
	}
	if s.Context != nil {
		if err := s.Context.Validate(); err != nil {
			invalidParams.AddNested("Context", err.(request.ErrInvalidParams))
		}
	}
	if s.Entities != nil {
		if err := s.Entities.Validate(); err != nil {
			invalidParams.AddNested("Entities", err.(request.ErrInvalidParams))
		}
	}
	if s.Principal != nil {
		if err := s.Principal.Validate(); err != nil {
			invalidParams.AddNested("Principal", err.(request.ErrInvalidParams))
		}
	}
	if s.Resource != nil {
		if err := s.Resource.Validate(); err != nil {
			invalidParams.AddNested("Resource", err.(request.ErrInvalidParams))
		}
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetAction sets the Action field's value.
func (s *IsAuthorizedInput) SetAction(v *ActionIdentifier) *IsAuthorizedInput {
	s.Action = v
	return s
}

// SetContext sets the Context field's value.
func (s *IsAuthorizedInput) SetContext(v *ContextDefinition) *IsAuthorizedInput {
	s.Context = v
	return s
}

// SetEntities sets the Entities field's value.
func (s *IsAuthorizedInput) SetEntities(v *EntitiesDefinition) *IsAuthorizedInput {
	s.Entities = v
	return s
}

// SetPolicyStoreId sets the PolicyStoreId field's value.
func (s *IsAuthorizedInput) SetPolicyStoreId(v string) *IsAuthorizedInput {
	s.PolicyStoreId = &v
	return s
}

// SetPrincipal sets the Principal field's value.
func (s *IsAuthorizedInput) SetPrincipal(v *EntityIdentifier) *IsAuthorizedInput {
	s.Principal = v
	return s
}

// SetResource sets the Resource field's value.
func (s *IsAuthorizedInput) SetResource(v *EntityIdentifier) *IsAuthorizedInput {
	s.Resource = v
	return s
}

type IsAuthorizedOutput struct {
	_ struct{} `type:"structure"`

	// An authorization decision that indicates if the authorization request should
	// be allowed or denied.
	//
	// Decision is a required field
	Decision *string `locationName:"decision" type:"string" required:"true" enum:"Decision"`

	// The list of determining policies used to make the authorization decision.
	// For example, if there are two matching policies, where one is a forbid and
	// the other is a permit, then the forbid policy will be the determining policy.
	// In the case of multiple matching permit policies then there would be multiple
	// determining policies. In the case that no policies match, and hence the response
	// is DENY, there would be no determining policies.
	//
	// DeterminingPolicies is a required field
	DeterminingPolicies []*DeterminingPolicyItem `locationName:"determiningPolicies" type:"list" required:"true"`

	// Errors that occurred while making an authorization decision, for example,
	// a policy references an Entity or entity Attribute that does not exist in
	// the slice.
	//
	// Errors is a required field
	Errors []*EvaluationErrorItem `locationName:"errors" type:"list" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s IsAuthorizedOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s IsAuthorizedOutput) GoString() string {
	return s.String()
}

// SetDecision sets the Decision field's value.
func (s *IsAuthorizedOutput) SetDecision(v string) *IsAuthorizedOutput {
	s.Decision = &v
	return s
}

// SetDeterminingPolicies sets the DeterminingPolicies field's value.
func (s *IsAuthorizedOutput) SetDeterminingPolicies(v []*DeterminingPolicyItem) *IsAuthorizedOutput {
	s.DeterminingPolicies = v
	return s
}

// SetErrors sets the Errors field's value.
func (s *IsAuthorizedOutput) SetErrors(v []*EvaluationErrorItem) *IsAuthorizedOutput {
	s.Errors = v
	return s
}

type IsAuthorizedWithTokenInput struct {
	_ struct{} `type:"structure"`

	// Specifies an access token for the principal to be authorized. This token
	// is provided to you by the identity provider (IdP) associated with the specified
	// identity source. You must specify either an AccessToken, or an IdentityToken,
	// or both.
	//
	// AccessToken is a sensitive parameter and its value will be
	// replaced with "sensitive" in string returned by IsAuthorizedWithTokenInput's
	// String and GoString methods.
	AccessToken *string `locationName:"accessToken" min:"1" type:"string" sensitive:"true"`

	// Specifies the requested action to be authorized. Is the specified principal
	// authorized to perform this action on the specified resource.
	Action *ActionIdentifier `locationName:"action" type:"structure"`

	// Specifies additional context that can be used to make more granular authorization
	// decisions.
	Context *ContextDefinition `locationName:"context" type:"structure"`

	// Specifies the list of resources and their associated attributes that Verified
	// Permissions can examine when evaluating the policies.
	//
	// You can include only resource and action entities in this parameter; you
	// can't include principals.
	//
	//    * The IsAuthorizedWithToken operation takes principal attributes from
	//    only the identityToken or accessToken passed to the operation.
	//
	//    * For action entities, you can include only their Identifier and EntityType.
	Entities *EntitiesDefinition `locationName:"entities" type:"structure"`

	// Specifies an identity token for the principal to be authorized. This token
	// is provided to you by the identity provider (IdP) associated with the specified
	// identity source. You must specify either an AccessToken or an IdentityToken,
	// or both.
	//
	// IdentityToken is a sensitive parameter and its value will be
	// replaced with "sensitive" in string returned by IsAuthorizedWithTokenInput's
	// String and GoString methods.
	IdentityToken *string `locationName:"identityToken" min:"1" type:"string" sensitive:"true"`

	// Specifies the ID of the policy store. Policies in this policy store will
	// be used to make an authorization decision for the input.
	//
	// PolicyStoreId is a required field
	PolicyStoreId *string `locationName:"policyStoreId" min:"1" type:"string" required:"true"`

	// Specifies the resource for which the authorization decision is made. For
	// example, is the principal allowed to perform the action on the resource?
	Resource *EntityIdentifier `locationName:"resource" type:"structure"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s IsAuthorizedWithTokenInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s IsAuthorizedWithTokenInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *IsAuthorizedWithTokenInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "IsAuthorizedWithTokenInput"}
	if s.AccessToken != nil && len(*s.AccessToken) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("AccessToken", 1))
	}
	if s.IdentityToken != nil && len(*s.IdentityToken) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("IdentityToken", 1))
	}
	if s.PolicyStoreId == nil {
		invalidParams.Add(request.NewErrParamRequired("PolicyStoreId"))
	}
	if s.PolicyStoreId != nil && len(*s.PolicyStoreId) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("PolicyStoreId", 1))
	}
	if s.Action != nil {
		if err := s.Action.Validate(); err != nil {
			invalidParams.AddNested("Action", err.(request.ErrInvalidParams))
		}
	}
	if s.Context != nil {
		if err := s.Context.Validate(); err != nil {
			invalidParams.AddNested("Context", err.(request.ErrInvalidParams))
		}
	}
	if s.Entities != nil {
		if err := s.Entities.Validate(); err != nil {
			invalidParams.AddNested("Entities", err.(request.ErrInvalidParams))
		}
	}
	if s.Resource != nil {
		if err := s.Resource.Validate(); err != nil {
			invalidParams.AddNested("Resource", err.(request.ErrInvalidParams))
		}
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetAccessToken sets the AccessToken field's value.
func (s *IsAuthorizedWithTokenInput) SetAccessToken(v string) *IsAuthorizedWithTokenInput {
	s.AccessToken = &v
	return s
}

// SetAction sets the Action field's value.
func (s *IsAuthorizedWithTokenInput) SetAction(v *ActionIdentifier) *IsAuthorizedWithTokenInput {
	s.Action = v
	return s
}

// SetContext sets the Context field's value.
func (s *IsAuthorizedWithTokenInput) SetContext(v *ContextDefinition) *IsAuthorizedWithTokenInput {
	s.Context = v
	return s
}

// SetEntities sets the Entities field's value.
func (s *IsAuthorizedWithTokenInput) SetEntities(v *EntitiesDefinition) *IsAuthorizedWithTokenInput {
	s.Entities = v
	return s
}

// SetIdentityToken sets the IdentityToken field's value.
func (s *IsAuthorizedWithTokenInput) SetIdentityToken(v string) *IsAuthorizedWithTokenInput {
	s.IdentityToken = &v
	return s
}

// SetPolicyStoreId sets the PolicyStoreId field's value.
func (s *IsAuthorizedWithTokenInput) SetPolicyStoreId(v string) *IsAuthorizedWithTokenInput {
	s.PolicyStoreId = &v
	return s
}

// SetResource sets the Resource field's value.
func (s *IsAuthorizedWithTokenInput) SetResource(v *EntityIdentifier) *IsAuthorizedWithTokenInput {
	s.Resource = v
	return s
}

type IsAuthorizedWithTokenOutput struct {
	_ struct{} `type:"structure"`

	// An authorization decision that indicates if the authorization request should
	// be allowed or denied.
	//
	// Decision is a required field
	Decision *string `locationName:"decision" type:"string" required:"true" enum:"Decision"`

	// The list of determining policies used to make the authorization decision.
	// For example, if there are multiple matching policies, where at least one
	// is a forbid policy, then because forbid always overrides permit the forbid
	// policies are the determining policies. If all matching policies are permit
	// policies, then those policies are the determining policies. When no policies
	// match and the response is the default DENY, there are no determining policies.
	//
	// DeterminingPolicies is a required field
	DeterminingPolicies []*DeterminingPolicyItem `locationName:"determiningPolicies" type:"list" required:"true"`

	// Errors that occurred while making an authorization decision. For example,
	// a policy references an entity or entity attribute that does not exist in
	// the slice.
	//
	// Errors is a required field
	Errors []*EvaluationErrorItem `locationName:"errors" type:"list" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s IsAuthorizedWithTokenOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s IsAuthorizedWithTokenOutput) GoString() string {
	return s.String()
}

// SetDecision sets the Decision field's value.
func (s *IsAuthorizedWithTokenOutput) SetDecision(v string) *IsAuthorizedWithTokenOutput {
	s.Decision = &v
	return s
}

// SetDeterminingPolicies sets the DeterminingPolicies field's value.
func (s *IsAuthorizedWithTokenOutput) SetDeterminingPolicies(v []*DeterminingPolicyItem) *IsAuthorizedWithTokenOutput {
	s.DeterminingPolicies = v
	return s
}

// SetErrors sets the Errors field's value.
func (s *IsAuthorizedWithTokenOutput) SetErrors(v []*EvaluationErrorItem) *IsAuthorizedWithTokenOutput {
	s.Errors = v
	return s
}

type ListIdentitySourcesInput struct {
	_ struct{} `type:"structure"`

	// Specifies characteristics of an identity source that you can use to limit
	// the output to matching identity sources.
	Filters []*IdentitySourceFilter `locationName:"filters" type:"list"`

	// Specifies the total number of results that you want included in each response.
	// If additional items exist beyond the number you specify, the NextToken response
	// element is returned with a value (not null). Include the specified value
	// as the NextToken request parameter in the next call to the operation to get
	// the next set of results. Note that the service might return fewer results
	// than the maximum even when there are more results available. You should check
	// NextToken after every operation to ensure that you receive all of the results.
	//
	// If you do not specify this parameter, the operation defaults to 10 identity
	// sources per response. You can specify a maximum of 200 identity sources per
	// response.
	MaxResults *int64 `locationName:"maxResults" min:"1" type:"integer"`

	// Specifies that you want to receive the next page of results. Valid only if
	// you received a NextToken response in the previous request. If you did, it
	// indicates that more output is available. Set this parameter to the value
	// provided by the previous call's NextToken response to request the next page
	// of results.
	NextToken *string `locationName:"nextToken" min:"1" type:"string"`

	// Specifies the ID of the policy store that contains the identity sources that
	// you want to list.
	//
	// PolicyStoreId is a required field
	PolicyStoreId *string `locationName:"policyStoreId" min:"1" type:"string" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListIdentitySourcesInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListIdentitySourcesInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *ListIdentitySourcesInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "ListIdentitySourcesInput"}
	if s.MaxResults != nil && *s.MaxResults < 1 {
		invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1))
	}
	if s.NextToken != nil && len(*s.NextToken) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("NextToken", 1))
	}
	if s.PolicyStoreId == nil {
		invalidParams.Add(request.NewErrParamRequired("PolicyStoreId"))
	}
	if s.PolicyStoreId != nil && len(*s.PolicyStoreId) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("PolicyStoreId", 1))
	}
	if s.Filters != nil {
		for i, v := range s.Filters {
			if v == nil {
				continue
			}
			if err := v.Validate(); err != nil {
				invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Filters", i), err.(request.ErrInvalidParams))
			}
		}
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetFilters sets the Filters field's value.
func (s *ListIdentitySourcesInput) SetFilters(v []*IdentitySourceFilter) *ListIdentitySourcesInput {
	s.Filters = v
	return s
}

// SetMaxResults sets the MaxResults field's value.
func (s *ListIdentitySourcesInput) SetMaxResults(v int64) *ListIdentitySourcesInput {
	s.MaxResults = &v
	return s
}

// SetNextToken sets the NextToken field's value.
func (s *ListIdentitySourcesInput) SetNextToken(v string) *ListIdentitySourcesInput {
	s.NextToken = &v
	return s
}

// SetPolicyStoreId sets the PolicyStoreId field's value.
func (s *ListIdentitySourcesInput) SetPolicyStoreId(v string) *ListIdentitySourcesInput {
	s.PolicyStoreId = &v
	return s
}

type ListIdentitySourcesOutput struct {
	_ struct{} `type:"structure"`

	// The list of identity sources stored in the specified policy store.
	//
	// IdentitySources is a required field
	IdentitySources []*IdentitySourceItem `locationName:"identitySources" type:"list" required:"true"`

	// If present, this value indicates that more output is available than is included
	// in the current response. Use this value in the NextToken request parameter
	// in a subsequent call to the operation to get the next part of the output.
	// You should repeat this until the NextToken response element comes back as
	// null. This indicates that this is the last page of results.
	NextToken *string `locationName:"nextToken" min:"1" type:"string"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListIdentitySourcesOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListIdentitySourcesOutput) GoString() string {
	return s.String()
}

// SetIdentitySources sets the IdentitySources field's value.
func (s *ListIdentitySourcesOutput) SetIdentitySources(v []*IdentitySourceItem) *ListIdentitySourcesOutput {
	s.IdentitySources = v
	return s
}

// SetNextToken sets the NextToken field's value.
func (s *ListIdentitySourcesOutput) SetNextToken(v string) *ListIdentitySourcesOutput {
	s.NextToken = &v
	return s
}

type ListPoliciesInput struct {
	_ struct{} `type:"structure"`

	// Specifies a filter that limits the response to only policies that match the
	// specified criteria. For example, you list only the policies that reference
	// a specified principal.
	Filter *PolicyFilter `locationName:"filter" type:"structure"`

	// Specifies the total number of results that you want included in each response.
	// If additional items exist beyond the number you specify, the NextToken response
	// element is returned with a value (not null). Include the specified value
	// as the NextToken request parameter in the next call to the operation to get
	// the next set of results. Note that the service might return fewer results
	// than the maximum even when there are more results available. You should check
	// NextToken after every operation to ensure that you receive all of the results.
	//
	// If you do not specify this parameter, the operation defaults to 10 policies
	// per response. You can specify a maximum of 50 policies per response.
	MaxResults *int64 `locationName:"maxResults" min:"1" type:"integer"`

	// Specifies that you want to receive the next page of results. Valid only if
	// you received a NextToken response in the previous request. If you did, it
	// indicates that more output is available. Set this parameter to the value
	// provided by the previous call's NextToken response to request the next page
	// of results.
	NextToken *string `locationName:"nextToken" min:"1" type:"string"`

	// Specifies the ID of the policy store you want to list policies from.
	//
	// PolicyStoreId is a required field
	PolicyStoreId *string `locationName:"policyStoreId" min:"1" type:"string" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListPoliciesInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListPoliciesInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *ListPoliciesInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "ListPoliciesInput"}
	if s.MaxResults != nil && *s.MaxResults < 1 {
		invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1))
	}
	if s.NextToken != nil && len(*s.NextToken) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("NextToken", 1))
	}
	if s.PolicyStoreId == nil {
		invalidParams.Add(request.NewErrParamRequired("PolicyStoreId"))
	}
	if s.PolicyStoreId != nil && len(*s.PolicyStoreId) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("PolicyStoreId", 1))
	}
	if s.Filter != nil {
		if err := s.Filter.Validate(); err != nil {
			invalidParams.AddNested("Filter", err.(request.ErrInvalidParams))
		}
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetFilter sets the Filter field's value.
func (s *ListPoliciesInput) SetFilter(v *PolicyFilter) *ListPoliciesInput {
	s.Filter = v
	return s
}

// SetMaxResults sets the MaxResults field's value.
func (s *ListPoliciesInput) SetMaxResults(v int64) *ListPoliciesInput {
	s.MaxResults = &v
	return s
}

// SetNextToken sets the NextToken field's value.
func (s *ListPoliciesInput) SetNextToken(v string) *ListPoliciesInput {
	s.NextToken = &v
	return s
}

// SetPolicyStoreId sets the PolicyStoreId field's value.
func (s *ListPoliciesInput) SetPolicyStoreId(v string) *ListPoliciesInput {
	s.PolicyStoreId = &v
	return s
}

type ListPoliciesOutput struct {
	_ struct{} `type:"structure"`

	// If present, this value indicates that more output is available than is included
	// in the current response. Use this value in the NextToken request parameter
	// in a subsequent call to the operation to get the next part of the output.
	// You should repeat this until the NextToken response element comes back as
	// null. This indicates that this is the last page of results.
	NextToken *string `locationName:"nextToken" min:"1" type:"string"`

	// Lists all policies that are available in the specified policy store.
	//
	// Policies is a required field
	Policies []*PolicyItem `locationName:"policies" type:"list" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListPoliciesOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListPoliciesOutput) GoString() string {
	return s.String()
}

// SetNextToken sets the NextToken field's value.
func (s *ListPoliciesOutput) SetNextToken(v string) *ListPoliciesOutput {
	s.NextToken = &v
	return s
}

// SetPolicies sets the Policies field's value.
func (s *ListPoliciesOutput) SetPolicies(v []*PolicyItem) *ListPoliciesOutput {
	s.Policies = v
	return s
}

type ListPolicyStoresInput struct {
	_ struct{} `type:"structure"`

	// Specifies the total number of results that you want included in each response.
	// If additional items exist beyond the number you specify, the NextToken response
	// element is returned with a value (not null). Include the specified value
	// as the NextToken request parameter in the next call to the operation to get
	// the next set of results. Note that the service might return fewer results
	// than the maximum even when there are more results available. You should check
	// NextToken after every operation to ensure that you receive all of the results.
	//
	// If you do not specify this parameter, the operation defaults to 10 policy
	// stores per response. You can specify a maximum of 50 policy stores per response.
	MaxResults *int64 `locationName:"maxResults" min:"1" type:"integer"`

	// Specifies that you want to receive the next page of results. Valid only if
	// you received a NextToken response in the previous request. If you did, it
	// indicates that more output is available. Set this parameter to the value
	// provided by the previous call's NextToken response to request the next page
	// of results.
	NextToken *string `locationName:"nextToken" min:"1" type:"string"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListPolicyStoresInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListPolicyStoresInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *ListPolicyStoresInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "ListPolicyStoresInput"}
	if s.MaxResults != nil && *s.MaxResults < 1 {
		invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1))
	}
	if s.NextToken != nil && len(*s.NextToken) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("NextToken", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetMaxResults sets the MaxResults field's value.
func (s *ListPolicyStoresInput) SetMaxResults(v int64) *ListPolicyStoresInput {
	s.MaxResults = &v
	return s
}

// SetNextToken sets the NextToken field's value.
func (s *ListPolicyStoresInput) SetNextToken(v string) *ListPolicyStoresInput {
	s.NextToken = &v
	return s
}

type ListPolicyStoresOutput struct {
	_ struct{} `type:"structure"`

	// If present, this value indicates that more output is available than is included
	// in the current response. Use this value in the NextToken request parameter
	// in a subsequent call to the operation to get the next part of the output.
	// You should repeat this until the NextToken response element comes back as
	// null. This indicates that this is the last page of results.
	NextToken *string `locationName:"nextToken" min:"1" type:"string"`

	// The list of policy stores in the account.
	//
	// PolicyStores is a required field
	PolicyStores []*PolicyStoreItem `locationName:"policyStores" type:"list" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListPolicyStoresOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListPolicyStoresOutput) GoString() string {
	return s.String()
}

// SetNextToken sets the NextToken field's value.
func (s *ListPolicyStoresOutput) SetNextToken(v string) *ListPolicyStoresOutput {
	s.NextToken = &v
	return s
}

// SetPolicyStores sets the PolicyStores field's value.
func (s *ListPolicyStoresOutput) SetPolicyStores(v []*PolicyStoreItem) *ListPolicyStoresOutput {
	s.PolicyStores = v
	return s
}

type ListPolicyTemplatesInput struct {
	_ struct{} `type:"structure"`

	// Specifies the total number of results that you want included in each response.
	// If additional items exist beyond the number you specify, the NextToken response
	// element is returned with a value (not null). Include the specified value
	// as the NextToken request parameter in the next call to the operation to get
	// the next set of results. Note that the service might return fewer results
	// than the maximum even when there are more results available. You should check
	// NextToken after every operation to ensure that you receive all of the results.
	//
	// If you do not specify this parameter, the operation defaults to 10 policy
	// templates per response. You can specify a maximum of 50 policy templates
	// per response.
	MaxResults *int64 `locationName:"maxResults" min:"1" type:"integer"`

	// Specifies that you want to receive the next page of results. Valid only if
	// you received a NextToken response in the previous request. If you did, it
	// indicates that more output is available. Set this parameter to the value
	// provided by the previous call's NextToken response to request the next page
	// of results.
	NextToken *string `locationName:"nextToken" min:"1" type:"string"`

	// Specifies the ID of the policy store that contains the policy templates you
	// want to list.
	//
	// PolicyStoreId is a required field
	PolicyStoreId *string `locationName:"policyStoreId" min:"1" type:"string" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListPolicyTemplatesInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListPolicyTemplatesInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *ListPolicyTemplatesInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "ListPolicyTemplatesInput"}
	if s.MaxResults != nil && *s.MaxResults < 1 {
		invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1))
	}
	if s.NextToken != nil && len(*s.NextToken) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("NextToken", 1))
	}
	if s.PolicyStoreId == nil {
		invalidParams.Add(request.NewErrParamRequired("PolicyStoreId"))
	}
	if s.PolicyStoreId != nil && len(*s.PolicyStoreId) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("PolicyStoreId", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetMaxResults sets the MaxResults field's value.
func (s *ListPolicyTemplatesInput) SetMaxResults(v int64) *ListPolicyTemplatesInput {
	s.MaxResults = &v
	return s
}

// SetNextToken sets the NextToken field's value.
func (s *ListPolicyTemplatesInput) SetNextToken(v string) *ListPolicyTemplatesInput {
	s.NextToken = &v
	return s
}

// SetPolicyStoreId sets the PolicyStoreId field's value.
func (s *ListPolicyTemplatesInput) SetPolicyStoreId(v string) *ListPolicyTemplatesInput {
	s.PolicyStoreId = &v
	return s
}

type ListPolicyTemplatesOutput struct {
	_ struct{} `type:"structure"`

	// If present, this value indicates that more output is available than is included
	// in the current response. Use this value in the NextToken request parameter
	// in a subsequent call to the operation to get the next part of the output.
	// You should repeat this until the NextToken response element comes back as
	// null. This indicates that this is the last page of results.
	NextToken *string `locationName:"nextToken" min:"1" type:"string"`

	// The list of the policy templates in the specified policy store.
	//
	// PolicyTemplates is a required field
	PolicyTemplates []*PolicyTemplateItem `locationName:"policyTemplates" type:"list" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListPolicyTemplatesOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListPolicyTemplatesOutput) GoString() string {
	return s.String()
}

// SetNextToken sets the NextToken field's value.
func (s *ListPolicyTemplatesOutput) SetNextToken(v string) *ListPolicyTemplatesOutput {
	s.NextToken = &v
	return s
}

// SetPolicyTemplates sets the PolicyTemplates field's value.
func (s *ListPolicyTemplatesOutput) SetPolicyTemplates(v []*PolicyTemplateItem) *ListPolicyTemplatesOutput {
	s.PolicyTemplates = v
	return s
}

// A structure that contains the details for a Cedar policy definition. It includes
// the policy type, a description, and a policy body. This is a top level data
// type used to create a policy.
//
// This data type is used as a request parameter for the CreatePolicy (https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_CreatePolicy.html)
// operation. This structure must always have either an static or a templateLinked
// element.
type PolicyDefinition struct {
	_ struct{} `type:"structure"`

	// A structure that describes a static policy. An static policy doesn't use
	// a template or allow placeholders for entities.
	Static *StaticPolicyDefinition `locationName:"static" type:"structure"`

	// A structure that describes a policy that was instantiated from a template.
	// The template can specify placeholders for principal and resource. When you
	// use CreatePolicy (https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_CreatePolicy.html)
	// to create a policy from a template, you specify the exact principal and resource
	// to use for the instantiated policy.
	TemplateLinked *TemplateLinkedPolicyDefinition `locationName:"templateLinked" type:"structure"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s PolicyDefinition) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s PolicyDefinition) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *PolicyDefinition) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "PolicyDefinition"}
	if s.Static != nil {
		if err := s.Static.Validate(); err != nil {
			invalidParams.AddNested("Static", err.(request.ErrInvalidParams))
		}
	}
	if s.TemplateLinked != nil {
		if err := s.TemplateLinked.Validate(); err != nil {
			invalidParams.AddNested("TemplateLinked", err.(request.ErrInvalidParams))
		}
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetStatic sets the Static field's value.
func (s *PolicyDefinition) SetStatic(v *StaticPolicyDefinition) *PolicyDefinition {
	s.Static = v
	return s
}

// SetTemplateLinked sets the TemplateLinked field's value.
func (s *PolicyDefinition) SetTemplateLinked(v *TemplateLinkedPolicyDefinition) *PolicyDefinition {
	s.TemplateLinked = v
	return s
}

// A structure that describes a policy definition. It must always have either
// an static or a templateLinked element.
//
// This data type is used as a response parameter for the GetPolicy (https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_GetPolicy.html)
// operation.
type PolicyDefinitionDetail struct {
	_ struct{} `type:"structure"`

	// Information about a static policy that wasn't created with a policy template.
	Static *StaticPolicyDefinitionDetail `locationName:"static" type:"structure"`

	// Information about a template-linked policy that was created by instantiating
	// a policy template.
	TemplateLinked *TemplateLinkedPolicyDefinitionDetail `locationName:"templateLinked" type:"structure"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s PolicyDefinitionDetail) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s PolicyDefinitionDetail) GoString() string {
	return s.String()
}

// SetStatic sets the Static field's value.
func (s *PolicyDefinitionDetail) SetStatic(v *StaticPolicyDefinitionDetail) *PolicyDefinitionDetail {
	s.Static = v
	return s
}

// SetTemplateLinked sets the TemplateLinked field's value.
func (s *PolicyDefinitionDetail) SetTemplateLinked(v *TemplateLinkedPolicyDefinitionDetail) *PolicyDefinitionDetail {
	s.TemplateLinked = v
	return s
}

// A structure that describes a PolicyDefinintion (https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_PolicyDefinintion.html).
// It will always have either an StaticPolicy or a TemplateLinkedPolicy element.
//
// This data type is used as a response parameter for the CreatePolicy (https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_CreatePolicy.html)
// and ListPolicies (https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_ListPolicies.html)
// operations.
type PolicyDefinitionItem struct {
	_ struct{} `type:"structure"`

	// Information about a static policy that wasn't created with a policy template.
	Static *StaticPolicyDefinitionItem `locationName:"static" type:"structure"`

	// Information about a template-linked policy that was created by instantiating
	// a policy template.
	TemplateLinked *TemplateLinkedPolicyDefinitionItem `locationName:"templateLinked" type:"structure"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s PolicyDefinitionItem) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s PolicyDefinitionItem) GoString() string {
	return s.String()
}

// SetStatic sets the Static field's value.
func (s *PolicyDefinitionItem) SetStatic(v *StaticPolicyDefinitionItem) *PolicyDefinitionItem {
	s.Static = v
	return s
}

// SetTemplateLinked sets the TemplateLinked field's value.
func (s *PolicyDefinitionItem) SetTemplateLinked(v *TemplateLinkedPolicyDefinitionItem) *PolicyDefinitionItem {
	s.TemplateLinked = v
	return s
}

// Contains information about a filter to refine policies returned in a query.
//
// This data type is used as a response parameter for the ListPolicies (https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_ListPolicies.html)
// operation.
type PolicyFilter struct {
	_ struct{} `type:"structure"`

	// Filters the output to only template-linked policies that were instantiated
	// from the specified policy template.
	PolicyTemplateId *string `locationName:"policyTemplateId" min:"1" type:"string"`

	// Filters the output to only policies of the specified type.
	PolicyType *string `locationName:"policyType" type:"string" enum:"PolicyType"`

	// Filters the output to only policies that reference the specified principal.
	Principal *EntityReference `locationName:"principal" type:"structure"`

	// Filters the output to only policies that reference the specified resource.
	Resource *EntityReference `locationName:"resource" type:"structure"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s PolicyFilter) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s PolicyFilter) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *PolicyFilter) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "PolicyFilter"}
	if s.PolicyTemplateId != nil && len(*s.PolicyTemplateId) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("PolicyTemplateId", 1))
	}
	if s.Principal != nil {
		if err := s.Principal.Validate(); err != nil {
			invalidParams.AddNested("Principal", err.(request.ErrInvalidParams))
		}
	}
	if s.Resource != nil {
		if err := s.Resource.Validate(); err != nil {
			invalidParams.AddNested("Resource", err.(request.ErrInvalidParams))
		}
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetPolicyTemplateId sets the PolicyTemplateId field's value.
func (s *PolicyFilter) SetPolicyTemplateId(v string) *PolicyFilter {
	s.PolicyTemplateId = &v
	return s
}

// SetPolicyType sets the PolicyType field's value.
func (s *PolicyFilter) SetPolicyType(v string) *PolicyFilter {
	s.PolicyType = &v
	return s
}

// SetPrincipal sets the Principal field's value.
func (s *PolicyFilter) SetPrincipal(v *EntityReference) *PolicyFilter {
	s.Principal = v
	return s
}

// SetResource sets the Resource field's value.
func (s *PolicyFilter) SetResource(v *EntityReference) *PolicyFilter {
	s.Resource = v
	return s
}

// Contains information about a policy.
//
// This data type is used as a response parameter for the ListPolicies (https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_ListPolicies.html)
// operation.
type PolicyItem struct {
	_ struct{} `type:"structure"`

	// The date and time the policy was created.
	//
	// CreatedDate is a required field
	CreatedDate *time.Time `locationName:"createdDate" type:"timestamp" timestampFormat:"iso8601" required:"true"`

	// The policy definition of an item in the list of policies returned.
	//
	// Definition is a required field
	Definition *PolicyDefinitionItem `locationName:"definition" type:"structure" required:"true"`

	// The date and time the policy was most recently updated.
	//
	// LastUpdatedDate is a required field
	LastUpdatedDate *time.Time `locationName:"lastUpdatedDate" type:"timestamp" timestampFormat:"iso8601" required:"true"`

	// The identifier of the policy you want information about.
	//
	// PolicyId is a required field
	PolicyId *string `locationName:"policyId" min:"1" type:"string" required:"true"`

	// The identifier of the PolicyStore where the policy you want information about
	// is stored.
	//
	// PolicyStoreId is a required field
	PolicyStoreId *string `locationName:"policyStoreId" min:"1" type:"string" required:"true"`

	// The type of the policy. This is one of the following values:
	//
	//    * static
	//
	//    * templateLinked
	//
	// PolicyType is a required field
	PolicyType *string `locationName:"policyType" type:"string" required:"true" enum:"PolicyType"`

	// The principal associated with the policy.
	Principal *EntityIdentifier `locationName:"principal" type:"structure"`

	// The resource associated with the policy.
	Resource *EntityIdentifier `locationName:"resource" type:"structure"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s PolicyItem) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s PolicyItem) GoString() string {
	return s.String()
}

// SetCreatedDate sets the CreatedDate field's value.
func (s *PolicyItem) SetCreatedDate(v time.Time) *PolicyItem {
	s.CreatedDate = &v
	return s
}

// SetDefinition sets the Definition field's value.
func (s *PolicyItem) SetDefinition(v *PolicyDefinitionItem) *PolicyItem {
	s.Definition = v
	return s
}

// SetLastUpdatedDate sets the LastUpdatedDate field's value.
func (s *PolicyItem) SetLastUpdatedDate(v time.Time) *PolicyItem {
	s.LastUpdatedDate = &v
	return s
}

// SetPolicyId sets the PolicyId field's value.
func (s *PolicyItem) SetPolicyId(v string) *PolicyItem {
	s.PolicyId = &v
	return s
}

// SetPolicyStoreId sets the PolicyStoreId field's value.
func (s *PolicyItem) SetPolicyStoreId(v string) *PolicyItem {
	s.PolicyStoreId = &v
	return s
}

// SetPolicyType sets the PolicyType field's value.
func (s *PolicyItem) SetPolicyType(v string) *PolicyItem {
	s.PolicyType = &v
	return s
}

// SetPrincipal sets the Principal field's value.
func (s *PolicyItem) SetPrincipal(v *EntityIdentifier) *PolicyItem {
	s.Principal = v
	return s
}

// SetResource sets the Resource field's value.
func (s *PolicyItem) SetResource(v *EntityIdentifier) *PolicyItem {
	s.Resource = v
	return s
}

// Contains information about a policy store.
//
// This data type is used as a response parameter for the ListPolicyStores (https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_ListPolicyStores.html)
// operation.
type PolicyStoreItem struct {
	_ struct{} `type:"structure"`

	// The Amazon Resource Name (ARN) of the policy store.
	//
	// Arn is a required field
	Arn *string `locationName:"arn" min:"1" type:"string" required:"true"`

	// The date and time the policy was created.
	//
	// CreatedDate is a required field
	CreatedDate *time.Time `locationName:"createdDate" type:"timestamp" timestampFormat:"iso8601" required:"true"`

	// Descriptive text that you can provide to help with identification of the
	// current policy store.
	//
	// Description is a sensitive parameter and its value will be
	// replaced with "sensitive" in string returned by PolicyStoreItem's
	// String and GoString methods.
	Description *string `locationName:"description" type:"string" sensitive:"true"`

	// The date and time the policy store was most recently updated.
	LastUpdatedDate *time.Time `locationName:"lastUpdatedDate" type:"timestamp" timestampFormat:"iso8601"`

	// The unique identifier of the policy store.
	//
	// PolicyStoreId is a required field
	PolicyStoreId *string `locationName:"policyStoreId" min:"1" type:"string" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s PolicyStoreItem) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s PolicyStoreItem) GoString() string {
	return s.String()
}

// SetArn sets the Arn field's value.
func (s *PolicyStoreItem) SetArn(v string) *PolicyStoreItem {
	s.Arn = &v
	return s
}

// SetCreatedDate sets the CreatedDate field's value.
func (s *PolicyStoreItem) SetCreatedDate(v time.Time) *PolicyStoreItem {
	s.CreatedDate = &v
	return s
}

// SetDescription sets the Description field's value.
func (s *PolicyStoreItem) SetDescription(v string) *PolicyStoreItem {
	s.Description = &v
	return s
}

// SetLastUpdatedDate sets the LastUpdatedDate field's value.
func (s *PolicyStoreItem) SetLastUpdatedDate(v time.Time) *PolicyStoreItem {
	s.LastUpdatedDate = &v
	return s
}

// SetPolicyStoreId sets the PolicyStoreId field's value.
func (s *PolicyStoreItem) SetPolicyStoreId(v string) *PolicyStoreItem {
	s.PolicyStoreId = &v
	return s
}

// Contains details about a policy template
//
// This data type is used as a response parameter for the ListPolicyTemplates
// (https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_ListPolicyTemplates.html)
// operation.
type PolicyTemplateItem struct {
	_ struct{} `type:"structure"`

	// The date and time that the policy template was created.
	//
	// CreatedDate is a required field
	CreatedDate *time.Time `locationName:"createdDate" type:"timestamp" timestampFormat:"iso8601" required:"true"`

	// The description attached to the policy template.
	//
	// Description is a sensitive parameter and its value will be
	// replaced with "sensitive" in string returned by PolicyTemplateItem's
	// String and GoString methods.
	Description *string `locationName:"description" type:"string" sensitive:"true"`

	// The date and time that the policy template was most recently updated.
	//
	// LastUpdatedDate is a required field
	LastUpdatedDate *time.Time `locationName:"lastUpdatedDate" type:"timestamp" timestampFormat:"iso8601" required:"true"`

	// The unique identifier of the policy store that contains the template.
	//
	// PolicyStoreId is a required field
	PolicyStoreId *string `locationName:"policyStoreId" min:"1" type:"string" required:"true"`

	// The unique identifier of the policy template.
	//
	// PolicyTemplateId is a required field
	PolicyTemplateId *string `locationName:"policyTemplateId" min:"1" type:"string" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s PolicyTemplateItem) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s PolicyTemplateItem) GoString() string {
	return s.String()
}

// SetCreatedDate sets the CreatedDate field's value.
func (s *PolicyTemplateItem) SetCreatedDate(v time.Time) *PolicyTemplateItem {
	s.CreatedDate = &v
	return s
}

// SetDescription sets the Description field's value.
func (s *PolicyTemplateItem) SetDescription(v string) *PolicyTemplateItem {
	s.Description = &v
	return s
}

// SetLastUpdatedDate sets the LastUpdatedDate field's value.
func (s *PolicyTemplateItem) SetLastUpdatedDate(v time.Time) *PolicyTemplateItem {
	s.LastUpdatedDate = &v
	return s
}

// SetPolicyStoreId sets the PolicyStoreId field's value.
func (s *PolicyTemplateItem) SetPolicyStoreId(v string) *PolicyTemplateItem {
	s.PolicyStoreId = &v
	return s
}

// SetPolicyTemplateId sets the PolicyTemplateId field's value.
func (s *PolicyTemplateItem) SetPolicyTemplateId(v string) *PolicyTemplateItem {
	s.PolicyTemplateId = &v
	return s
}

type PutSchemaInput struct {
	_ struct{} `type:"structure"`

	// Specifies the definition of the schema to be stored. The schema definition
	// must be written in Cedar schema JSON.
	//
	// Definition is a required field
	Definition *SchemaDefinition `locationName:"definition" type:"structure" required:"true"`

	// Specifies the ID of the policy store in which to place the schema.
	//
	// PolicyStoreId is a required field
	PolicyStoreId *string `locationName:"policyStoreId" min:"1" type:"string" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s PutSchemaInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s PutSchemaInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *PutSchemaInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "PutSchemaInput"}
	if s.Definition == nil {
		invalidParams.Add(request.NewErrParamRequired("Definition"))
	}
	if s.PolicyStoreId == nil {
		invalidParams.Add(request.NewErrParamRequired("PolicyStoreId"))
	}
	if s.PolicyStoreId != nil && len(*s.PolicyStoreId) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("PolicyStoreId", 1))
	}
	if s.Definition != nil {
		if err := s.Definition.Validate(); err != nil {
			invalidParams.AddNested("Definition", err.(request.ErrInvalidParams))
		}
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetDefinition sets the Definition field's value.
func (s *PutSchemaInput) SetDefinition(v *SchemaDefinition) *PutSchemaInput {
	s.Definition = v
	return s
}

// SetPolicyStoreId sets the PolicyStoreId field's value.
func (s *PutSchemaInput) SetPolicyStoreId(v string) *PutSchemaInput {
	s.PolicyStoreId = &v
	return s
}

type PutSchemaOutput struct {
	_ struct{} `type:"structure"`

	// The date and time that the schema was originally created.
	//
	// CreatedDate is a required field
	CreatedDate *time.Time `locationName:"createdDate" type:"timestamp" timestampFormat:"iso8601" required:"true"`

	// The date and time that the schema was last updated.
	//
	// LastUpdatedDate is a required field
	LastUpdatedDate *time.Time `locationName:"lastUpdatedDate" type:"timestamp" timestampFormat:"iso8601" required:"true"`

	// Identifies the namespaces of the entities referenced by this schema.
	//
	// Namespaces is a required field
	Namespaces []*string `locationName:"namespaces" type:"list" required:"true"`

	// The unique ID of the policy store that contains the schema.
	//
	// PolicyStoreId is a required field
	PolicyStoreId *string `locationName:"policyStoreId" min:"1" type:"string" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s PutSchemaOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s PutSchemaOutput) GoString() string {
	return s.String()
}

// SetCreatedDate sets the CreatedDate field's value.
func (s *PutSchemaOutput) SetCreatedDate(v time.Time) *PutSchemaOutput {
	s.CreatedDate = &v
	return s
}

// SetLastUpdatedDate sets the LastUpdatedDate field's value.
func (s *PutSchemaOutput) SetLastUpdatedDate(v time.Time) *PutSchemaOutput {
	s.LastUpdatedDate = &v
	return s
}

// SetNamespaces sets the Namespaces field's value.
func (s *PutSchemaOutput) SetNamespaces(v []*string) *PutSchemaOutput {
	s.Namespaces = v
	return s
}

// SetPolicyStoreId sets the PolicyStoreId field's value.
func (s *PutSchemaOutput) SetPolicyStoreId(v string) *PutSchemaOutput {
	s.PolicyStoreId = &v
	return s
}

// Contains information about a resource conflict.
type ResourceConflict struct {
	_ struct{} `type:"structure"`

	// The unique identifier of the resource involved in a conflict.
	//
	// ResourceId is a required field
	ResourceId *string `locationName:"resourceId" type:"string" required:"true"`

	// The type of the resource involved in a conflict.
	//
	// ResourceType is a required field
	ResourceType *string `locationName:"resourceType" type:"string" required:"true" enum:"ResourceType"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ResourceConflict) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ResourceConflict) GoString() string {
	return s.String()
}

// SetResourceId sets the ResourceId field's value.
func (s *ResourceConflict) SetResourceId(v string) *ResourceConflict {
	s.ResourceId = &v
	return s
}

// SetResourceType sets the ResourceType field's value.
func (s *ResourceConflict) SetResourceType(v string) *ResourceConflict {
	s.ResourceType = &v
	return s
}

// The request failed because it references a resource that doesn't exist.
type ResourceNotFoundException struct {
	_            struct{}                  `type:"structure"`
	RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`

	Message_ *string `locationName:"message" type:"string"`

	// The unique ID of the resource referenced in the failed request.
	//
	// ResourceId is a required field
	ResourceId *string `locationName:"resourceId" type:"string" required:"true"`

	// The resource type of the resource referenced in the failed request.
	//
	// ResourceType is a required field
	ResourceType *string `locationName:"resourceType" type:"string" required:"true" enum:"ResourceType"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ResourceNotFoundException) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ResourceNotFoundException) GoString() string {
	return s.String()
}

func newErrorResourceNotFoundException(v protocol.ResponseMetadata) error {
	return &ResourceNotFoundException{
		RespMetadata: v,
	}
}

// Code returns the exception type name.
func (s *ResourceNotFoundException) Code() string {
	return "ResourceNotFoundException"
}

// Message returns the exception's message.
func (s *ResourceNotFoundException) Message() string {
	if s.Message_ != nil {
		return *s.Message_
	}
	return ""
}

// OrigErr always returns nil, satisfies awserr.Error interface.
func (s *ResourceNotFoundException) OrigErr() error {
	return nil
}

func (s *ResourceNotFoundException) Error() string {
	return fmt.Sprintf("%s: %s\n%s", s.Code(), s.Message(), s.String())
}

// Status code returns the HTTP status code for the request's response error.
func (s *ResourceNotFoundException) StatusCode() int {
	return s.RespMetadata.StatusCode
}

// RequestID returns the service's response RequestID for request.
func (s *ResourceNotFoundException) RequestID() string {
	return s.RespMetadata.RequestID
}

// Contains a list of principal types, resource types, and actions that can
// be specified in policies stored in the same policy store. If the validation
// mode for the policy store is set to STRICT, then policies that can't be validated
// by this schema are rejected by Verified Permissions and can't be stored in
// the policy store.
type SchemaDefinition struct {
	_ struct{} `type:"structure"`

	// A JSON string representation of the schema supported by applications that
	// use this policy store. For more information, see Policy store schema (https://docs.aws.amazon.com/verifiedpermissions/latest/userguide/schema.html)
	// in the Amazon Verified Permissions User Guide.
	//
	// CedarJson is a sensitive parameter and its value will be
	// replaced with "sensitive" in string returned by SchemaDefinition's
	// String and GoString methods.
	CedarJson *string `locationName:"cedarJson" min:"1" type:"string" sensitive:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s SchemaDefinition) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s SchemaDefinition) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *SchemaDefinition) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "SchemaDefinition"}
	if s.CedarJson != nil && len(*s.CedarJson) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("CedarJson", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetCedarJson sets the CedarJson field's value.
func (s *SchemaDefinition) SetCedarJson(v string) *SchemaDefinition {
	s.CedarJson = &v
	return s
}

// The request failed because it would cause a service quota to be exceeded.
type ServiceQuotaExceededException struct {
	_            struct{}                  `type:"structure"`
	RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`

	Message_ *string `locationName:"message" type:"string"`

	// The quota code recognized by the Amazon Web Services Service Quotas service.
	QuotaCode *string `locationName:"quotaCode" type:"string"`

	// The unique ID of the resource referenced in the failed request.
	ResourceId *string `locationName:"resourceId" type:"string"`

	// The resource type of the resource referenced in the failed request.
	//
	// ResourceType is a required field
	ResourceType *string `locationName:"resourceType" type:"string" required:"true" enum:"ResourceType"`

	// The code for the Amazon Web Service that owns the quota.
	ServiceCode *string `locationName:"serviceCode" type:"string"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ServiceQuotaExceededException) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ServiceQuotaExceededException) GoString() string {
	return s.String()
}

func newErrorServiceQuotaExceededException(v protocol.ResponseMetadata) error {
	return &ServiceQuotaExceededException{
		RespMetadata: v,
	}
}

// Code returns the exception type name.
func (s *ServiceQuotaExceededException) Code() string {
	return "ServiceQuotaExceededException"
}

// Message returns the exception's message.
func (s *ServiceQuotaExceededException) Message() string {
	if s.Message_ != nil {
		return *s.Message_
	}
	return ""
}

// OrigErr always returns nil, satisfies awserr.Error interface.
func (s *ServiceQuotaExceededException) OrigErr() error {
	return nil
}

func (s *ServiceQuotaExceededException) Error() string {
	return fmt.Sprintf("%s: %s\n%s", s.Code(), s.Message(), s.String())
}

// Status code returns the HTTP status code for the request's response error.
func (s *ServiceQuotaExceededException) StatusCode() int {
	return s.RespMetadata.StatusCode
}

// RequestID returns the service's response RequestID for request.
func (s *ServiceQuotaExceededException) RequestID() string {
	return s.RespMetadata.RequestID
}

// Contains information about a static policy.
//
// This data type is used as a field that is part of the PolicyDefinitionDetail
// (https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_PolicyDefinitionDetail.html)
// type.
type StaticPolicyDefinition struct {
	_ struct{} `type:"structure"`

	// The description of the static policy.
	//
	// Description is a sensitive parameter and its value will be
	// replaced with "sensitive" in string returned by StaticPolicyDefinition's
	// String and GoString methods.
	Description *string `locationName:"description" type:"string" sensitive:"true"`

	// The policy content of the static policy, written in the Cedar policy language.
	//
	// Statement is a sensitive parameter and its value will be
	// replaced with "sensitive" in string returned by StaticPolicyDefinition's
	// String and GoString methods.
	//
	// Statement is a required field
	Statement *string `locationName:"statement" min:"1" type:"string" required:"true" sensitive:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s StaticPolicyDefinition) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s StaticPolicyDefinition) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *StaticPolicyDefinition) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "StaticPolicyDefinition"}
	if s.Statement == nil {
		invalidParams.Add(request.NewErrParamRequired("Statement"))
	}
	if s.Statement != nil && len(*s.Statement) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("Statement", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetDescription sets the Description field's value.
func (s *StaticPolicyDefinition) SetDescription(v string) *StaticPolicyDefinition {
	s.Description = &v
	return s
}

// SetStatement sets the Statement field's value.
func (s *StaticPolicyDefinition) SetStatement(v string) *StaticPolicyDefinition {
	s.Statement = &v
	return s
}

// A structure that contains details about a static policy. It includes the
// description and policy body.
//
// This data type is used within a PolicyDefinition (https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_PolicyDefinition.html)
// structure as part of a request parameter for the CreatePolicy (https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_CreatePolicy.html)
// operation.
type StaticPolicyDefinitionDetail struct {
	_ struct{} `type:"structure"`

	// A description of the static policy.
	//
	// Description is a sensitive parameter and its value will be
	// replaced with "sensitive" in string returned by StaticPolicyDefinitionDetail's
	// String and GoString methods.
	Description *string `locationName:"description" type:"string" sensitive:"true"`

	// The content of the static policy written in the Cedar policy language.
	//
	// Statement is a sensitive parameter and its value will be
	// replaced with "sensitive" in string returned by StaticPolicyDefinitionDetail's
	// String and GoString methods.
	//
	// Statement is a required field
	Statement *string `locationName:"statement" min:"1" type:"string" required:"true" sensitive:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s StaticPolicyDefinitionDetail) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s StaticPolicyDefinitionDetail) GoString() string {
	return s.String()
}

// SetDescription sets the Description field's value.
func (s *StaticPolicyDefinitionDetail) SetDescription(v string) *StaticPolicyDefinitionDetail {
	s.Description = &v
	return s
}

// SetStatement sets the Statement field's value.
func (s *StaticPolicyDefinitionDetail) SetStatement(v string) *StaticPolicyDefinitionDetail {
	s.Statement = &v
	return s
}

// A structure that contains details about a static policy. It includes the
// description and policy statement.
//
// This data type is used within a PolicyDefinition (https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_PolicyDefinition.html)
// structure as part of a request parameter for the CreatePolicy (https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_CreatePolicy.html)
// operation.
type StaticPolicyDefinitionItem struct {
	_ struct{} `type:"structure"`

	// A description of the static policy.
	//
	// Description is a sensitive parameter and its value will be
	// replaced with "sensitive" in string returned by StaticPolicyDefinitionItem's
	// String and GoString methods.
	Description *string `locationName:"description" type:"string" sensitive:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s StaticPolicyDefinitionItem) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s StaticPolicyDefinitionItem) GoString() string {
	return s.String()
}

// SetDescription sets the Description field's value.
func (s *StaticPolicyDefinitionItem) SetDescription(v string) *StaticPolicyDefinitionItem {
	s.Description = &v
	return s
}

// Contains information about a policy created by instantiating a policy template.
type TemplateLinkedPolicyDefinition struct {
	_ struct{} `type:"structure"`

	// The unique identifier of the policy template used to create this policy.
	//
	// PolicyTemplateId is a required field
	PolicyTemplateId *string `locationName:"policyTemplateId" min:"1" type:"string" required:"true"`

	// The principal associated with this template-linked policy. Verified Permissions
	// substitutes this principal for the ?principal placeholder in the policy template
	// when it evaluates an authorization request.
	Principal *EntityIdentifier `locationName:"principal" type:"structure"`

	// The resource associated with this template-linked policy. Verified Permissions
	// substitutes this resource for the ?resource placeholder in the policy template
	// when it evaluates an authorization request.
	Resource *EntityIdentifier `locationName:"resource" type:"structure"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s TemplateLinkedPolicyDefinition) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s TemplateLinkedPolicyDefinition) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *TemplateLinkedPolicyDefinition) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "TemplateLinkedPolicyDefinition"}
	if s.PolicyTemplateId == nil {
		invalidParams.Add(request.NewErrParamRequired("PolicyTemplateId"))
	}
	if s.PolicyTemplateId != nil && len(*s.PolicyTemplateId) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("PolicyTemplateId", 1))
	}
	if s.Principal != nil {
		if err := s.Principal.Validate(); err != nil {
			invalidParams.AddNested("Principal", err.(request.ErrInvalidParams))
		}
	}
	if s.Resource != nil {
		if err := s.Resource.Validate(); err != nil {
			invalidParams.AddNested("Resource", err.(request.ErrInvalidParams))
		}
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetPolicyTemplateId sets the PolicyTemplateId field's value.
func (s *TemplateLinkedPolicyDefinition) SetPolicyTemplateId(v string) *TemplateLinkedPolicyDefinition {
	s.PolicyTemplateId = &v
	return s
}

// SetPrincipal sets the Principal field's value.
func (s *TemplateLinkedPolicyDefinition) SetPrincipal(v *EntityIdentifier) *TemplateLinkedPolicyDefinition {
	s.Principal = v
	return s
}

// SetResource sets the Resource field's value.
func (s *TemplateLinkedPolicyDefinition) SetResource(v *EntityIdentifier) *TemplateLinkedPolicyDefinition {
	s.Resource = v
	return s
}

// Contains information about a policy that was
//
// created by instantiating a policy template.
//
// This
type TemplateLinkedPolicyDefinitionDetail struct {
	_ struct{} `type:"structure"`

	// The unique identifier of the policy template used to create this policy.
	//
	// PolicyTemplateId is a required field
	PolicyTemplateId *string `locationName:"policyTemplateId" min:"1" type:"string" required:"true"`

	// The principal associated with this template-linked policy. Verified Permissions
	// substitutes this principal for the ?principal placeholder in the policy template
	// when it evaluates an authorization request.
	Principal *EntityIdentifier `locationName:"principal" type:"structure"`

	// The resource associated with this template-linked policy. Verified Permissions
	// substitutes this resource for the ?resource placeholder in the policy template
	// when it evaluates an authorization request.
	Resource *EntityIdentifier `locationName:"resource" type:"structure"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s TemplateLinkedPolicyDefinitionDetail) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s TemplateLinkedPolicyDefinitionDetail) GoString() string {
	return s.String()
}

// SetPolicyTemplateId sets the PolicyTemplateId field's value.
func (s *TemplateLinkedPolicyDefinitionDetail) SetPolicyTemplateId(v string) *TemplateLinkedPolicyDefinitionDetail {
	s.PolicyTemplateId = &v
	return s
}

// SetPrincipal sets the Principal field's value.
func (s *TemplateLinkedPolicyDefinitionDetail) SetPrincipal(v *EntityIdentifier) *TemplateLinkedPolicyDefinitionDetail {
	s.Principal = v
	return s
}

// SetResource sets the Resource field's value.
func (s *TemplateLinkedPolicyDefinitionDetail) SetResource(v *EntityIdentifier) *TemplateLinkedPolicyDefinitionDetail {
	s.Resource = v
	return s
}

// Contains information about a policy created by instantiating a policy template.
//
// This
type TemplateLinkedPolicyDefinitionItem struct {
	_ struct{} `type:"structure"`

	// The unique identifier of the policy template used to create this policy.
	//
	// PolicyTemplateId is a required field
	PolicyTemplateId *string `locationName:"policyTemplateId" min:"1" type:"string" required:"true"`

	// The principal associated with this template-linked policy. Verified Permissions
	// substitutes this principal for the ?principal placeholder in the policy template
	// when it evaluates an authorization request.
	Principal *EntityIdentifier `locationName:"principal" type:"structure"`

	// The resource associated with this template-linked policy. Verified Permissions
	// substitutes this resource for the ?resource placeholder in the policy template
	// when it evaluates an authorization request.
	Resource *EntityIdentifier `locationName:"resource" type:"structure"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s TemplateLinkedPolicyDefinitionItem) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s TemplateLinkedPolicyDefinitionItem) GoString() string {
	return s.String()
}

// SetPolicyTemplateId sets the PolicyTemplateId field's value.
func (s *TemplateLinkedPolicyDefinitionItem) SetPolicyTemplateId(v string) *TemplateLinkedPolicyDefinitionItem {
	s.PolicyTemplateId = &v
	return s
}

// SetPrincipal sets the Principal field's value.
func (s *TemplateLinkedPolicyDefinitionItem) SetPrincipal(v *EntityIdentifier) *TemplateLinkedPolicyDefinitionItem {
	s.Principal = v
	return s
}

// SetResource sets the Resource field's value.
func (s *TemplateLinkedPolicyDefinitionItem) SetResource(v *EntityIdentifier) *TemplateLinkedPolicyDefinitionItem {
	s.Resource = v
	return s
}

// The request failed because it exceeded a throttling quota.
type ThrottlingException struct {
	_            struct{}                  `type:"structure"`
	RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`

	Message_ *string `locationName:"message" type:"string"`

	// The quota code recognized by the Amazon Web Services Service Quotas service.
	QuotaCode *string `locationName:"quotaCode" type:"string"`

	// The code for the Amazon Web Service that owns the quota.
	ServiceCode *string `locationName:"serviceCode" type:"string"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ThrottlingException) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ThrottlingException) GoString() string {
	return s.String()
}

func newErrorThrottlingException(v protocol.ResponseMetadata) error {
	return &ThrottlingException{
		RespMetadata: v,
	}
}

// Code returns the exception type name.
func (s *ThrottlingException) Code() string {
	return "ThrottlingException"
}

// Message returns the exception's message.
func (s *ThrottlingException) Message() string {
	if s.Message_ != nil {
		return *s.Message_
	}
	return ""
}

// OrigErr always returns nil, satisfies awserr.Error interface.
func (s *ThrottlingException) OrigErr() error {
	return nil
}

func (s *ThrottlingException) Error() string {
	return fmt.Sprintf("%s: %s\n%s", s.Code(), s.Message(), s.String())
}

// Status code returns the HTTP status code for the request's response error.
func (s *ThrottlingException) StatusCode() int {
	return s.RespMetadata.StatusCode
}

// RequestID returns the service's response RequestID for request.
func (s *ThrottlingException) RequestID() string {
	return s.RespMetadata.RequestID
}

// Contains configuration details of a Amazon Cognito user pool for use with
// an identity source.
type UpdateCognitoUserPoolConfiguration struct {
	_ struct{} `type:"structure"`

	// The client ID of an app client that is configured for the specified Amazon
	// Cognito user pool.
	ClientIds []*string `locationName:"clientIds" type:"list"`

	// The Amazon Resource Name (ARN) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
	// of the Amazon Cognito user pool associated with this identity source.
	//
	// UserPoolArn is a required field
	UserPoolArn *string `locationName:"userPoolArn" min:"1" type:"string" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UpdateCognitoUserPoolConfiguration) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UpdateCognitoUserPoolConfiguration) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *UpdateCognitoUserPoolConfiguration) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "UpdateCognitoUserPoolConfiguration"}
	if s.UserPoolArn == nil {
		invalidParams.Add(request.NewErrParamRequired("UserPoolArn"))
	}
	if s.UserPoolArn != nil && len(*s.UserPoolArn) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("UserPoolArn", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetClientIds sets the ClientIds field's value.
func (s *UpdateCognitoUserPoolConfiguration) SetClientIds(v []*string) *UpdateCognitoUserPoolConfiguration {
	s.ClientIds = v
	return s
}

// SetUserPoolArn sets the UserPoolArn field's value.
func (s *UpdateCognitoUserPoolConfiguration) SetUserPoolArn(v string) *UpdateCognitoUserPoolConfiguration {
	s.UserPoolArn = &v
	return s
}

// Contains an updated configuration to replace the configuration in an existing
// identity source.
//
// At this time, the only valid member of this structure is a Amazon Cognito
// user pool configuration.
//
// You must specify a userPoolArn, and optionally, a ClientId.
type UpdateConfiguration struct {
	_ struct{} `type:"structure"`

	// Contains configuration details of a Amazon Cognito user pool.
	CognitoUserPoolConfiguration *UpdateCognitoUserPoolConfiguration `locationName:"cognitoUserPoolConfiguration" type:"structure"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UpdateConfiguration) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UpdateConfiguration) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *UpdateConfiguration) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "UpdateConfiguration"}
	if s.CognitoUserPoolConfiguration != nil {
		if err := s.CognitoUserPoolConfiguration.Validate(); err != nil {
			invalidParams.AddNested("CognitoUserPoolConfiguration", err.(request.ErrInvalidParams))
		}
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetCognitoUserPoolConfiguration sets the CognitoUserPoolConfiguration field's value.
func (s *UpdateConfiguration) SetCognitoUserPoolConfiguration(v *UpdateCognitoUserPoolConfiguration) *UpdateConfiguration {
	s.CognitoUserPoolConfiguration = v
	return s
}

type UpdateIdentitySourceInput struct {
	_ struct{} `type:"structure"`

	// Specifies the ID of the identity source that you want to update.
	//
	// IdentitySourceId is a required field
	IdentitySourceId *string `locationName:"identitySourceId" min:"1" type:"string" required:"true"`

	// Specifies the ID of the policy store that contains the identity source that
	// you want to update.
	//
	// PolicyStoreId is a required field
	PolicyStoreId *string `locationName:"policyStoreId" min:"1" type:"string" required:"true"`

	// Specifies the data type of principals generated for identities authenticated
	// by the identity source.
	//
	// PrincipalEntityType is a sensitive parameter and its value will be
	// replaced with "sensitive" in string returned by UpdateIdentitySourceInput's
	// String and GoString methods.
	PrincipalEntityType *string `locationName:"principalEntityType" min:"1" type:"string" sensitive:"true"`

	// Specifies the details required to communicate with the identity provider
	// (IdP) associated with this identity source.
	//
	// At this time, the only valid member of this structure is a Amazon Cognito
	// user pool configuration.
	//
	// You must specify a userPoolArn, and optionally, a ClientId.
	//
	// UpdateConfiguration is a required field
	UpdateConfiguration *UpdateConfiguration `locationName:"updateConfiguration" type:"structure" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UpdateIdentitySourceInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UpdateIdentitySourceInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *UpdateIdentitySourceInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "UpdateIdentitySourceInput"}
	if s.IdentitySourceId == nil {
		invalidParams.Add(request.NewErrParamRequired("IdentitySourceId"))
	}
	if s.IdentitySourceId != nil && len(*s.IdentitySourceId) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("IdentitySourceId", 1))
	}
	if s.PolicyStoreId == nil {
		invalidParams.Add(request.NewErrParamRequired("PolicyStoreId"))
	}
	if s.PolicyStoreId != nil && len(*s.PolicyStoreId) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("PolicyStoreId", 1))
	}
	if s.PrincipalEntityType != nil && len(*s.PrincipalEntityType) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("PrincipalEntityType", 1))
	}
	if s.UpdateConfiguration == nil {
		invalidParams.Add(request.NewErrParamRequired("UpdateConfiguration"))
	}
	if s.UpdateConfiguration != nil {
		if err := s.UpdateConfiguration.Validate(); err != nil {
			invalidParams.AddNested("UpdateConfiguration", err.(request.ErrInvalidParams))
		}
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetIdentitySourceId sets the IdentitySourceId field's value.
func (s *UpdateIdentitySourceInput) SetIdentitySourceId(v string) *UpdateIdentitySourceInput {
	s.IdentitySourceId = &v
	return s
}

// SetPolicyStoreId sets the PolicyStoreId field's value.
func (s *UpdateIdentitySourceInput) SetPolicyStoreId(v string) *UpdateIdentitySourceInput {
	s.PolicyStoreId = &v
	return s
}

// SetPrincipalEntityType sets the PrincipalEntityType field's value.
func (s *UpdateIdentitySourceInput) SetPrincipalEntityType(v string) *UpdateIdentitySourceInput {
	s.PrincipalEntityType = &v
	return s
}

// SetUpdateConfiguration sets the UpdateConfiguration field's value.
func (s *UpdateIdentitySourceInput) SetUpdateConfiguration(v *UpdateConfiguration) *UpdateIdentitySourceInput {
	s.UpdateConfiguration = v
	return s
}

type UpdateIdentitySourceOutput struct {
	_ struct{} `type:"structure"`

	// The date and time that the updated identity source was originally created.
	//
	// CreatedDate is a required field
	CreatedDate *time.Time `locationName:"createdDate" type:"timestamp" timestampFormat:"iso8601" required:"true"`

	// The ID of the updated identity source.
	//
	// IdentitySourceId is a required field
	IdentitySourceId *string `locationName:"identitySourceId" min:"1" type:"string" required:"true"`

	// The date and time that the identity source was most recently updated.
	//
	// LastUpdatedDate is a required field
	LastUpdatedDate *time.Time `locationName:"lastUpdatedDate" type:"timestamp" timestampFormat:"iso8601" required:"true"`

	// The ID of the policy store that contains the updated identity source.
	//
	// PolicyStoreId is a required field
	PolicyStoreId *string `locationName:"policyStoreId" min:"1" type:"string" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UpdateIdentitySourceOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UpdateIdentitySourceOutput) GoString() string {
	return s.String()
}

// SetCreatedDate sets the CreatedDate field's value.
func (s *UpdateIdentitySourceOutput) SetCreatedDate(v time.Time) *UpdateIdentitySourceOutput {
	s.CreatedDate = &v
	return s
}

// SetIdentitySourceId sets the IdentitySourceId field's value.
func (s *UpdateIdentitySourceOutput) SetIdentitySourceId(v string) *UpdateIdentitySourceOutput {
	s.IdentitySourceId = &v
	return s
}

// SetLastUpdatedDate sets the LastUpdatedDate field's value.
func (s *UpdateIdentitySourceOutput) SetLastUpdatedDate(v time.Time) *UpdateIdentitySourceOutput {
	s.LastUpdatedDate = &v
	return s
}

// SetPolicyStoreId sets the PolicyStoreId field's value.
func (s *UpdateIdentitySourceOutput) SetPolicyStoreId(v string) *UpdateIdentitySourceOutput {
	s.PolicyStoreId = &v
	return s
}

// Contains information about updates to be applied to a policy.
//
// This data type is used as a request parameter in the UpdatePolicy (https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_UpdatePolicy.html)
// operation.
type UpdatePolicyDefinition struct {
	_ struct{} `type:"structure"`

	// Contains details about the updates to be applied to a static policy.
	Static *UpdateStaticPolicyDefinition `locationName:"static" type:"structure"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UpdatePolicyDefinition) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UpdatePolicyDefinition) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *UpdatePolicyDefinition) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "UpdatePolicyDefinition"}
	if s.Static != nil {
		if err := s.Static.Validate(); err != nil {
			invalidParams.AddNested("Static", err.(request.ErrInvalidParams))
		}
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetStatic sets the Static field's value.
func (s *UpdatePolicyDefinition) SetStatic(v *UpdateStaticPolicyDefinition) *UpdatePolicyDefinition {
	s.Static = v
	return s
}

type UpdatePolicyInput struct {
	_ struct{} `type:"structure"`

	// Specifies the updated policy content that you want to replace on the specified
	// policy. The content must be valid Cedar policy language text.
	//
	// You can change only the following elements from the policy definition:
	//
	//    * The action referenced by the policy.
	//
	//    * Any conditional clauses, such as when or unless clauses.
	//
	// You can't change the following elements:
	//
	//    * Changing from static to templateLinked.
	//
	//    * Changing the effect of the policy from permit or forbid.
	//
	//    * The principal referenced by the policy.
	//
	//    * The resource referenced by the policy.
	//
	// Definition is a required field
	Definition *UpdatePolicyDefinition `locationName:"definition" type:"structure" required:"true"`

	// Specifies the ID of the policy that you want to update. To find this value,
	// you can use ListPolicies (https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_ListPolicies.html).
	//
	// PolicyId is a required field
	PolicyId *string `locationName:"policyId" min:"1" type:"string" required:"true"`

	// Specifies the ID of the policy store that contains the policy that you want
	// to update.
	//
	// PolicyStoreId is a required field
	PolicyStoreId *string `locationName:"policyStoreId" min:"1" type:"string" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UpdatePolicyInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UpdatePolicyInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *UpdatePolicyInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "UpdatePolicyInput"}
	if s.Definition == nil {
		invalidParams.Add(request.NewErrParamRequired("Definition"))
	}
	if s.PolicyId == nil {
		invalidParams.Add(request.NewErrParamRequired("PolicyId"))
	}
	if s.PolicyId != nil && len(*s.PolicyId) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("PolicyId", 1))
	}
	if s.PolicyStoreId == nil {
		invalidParams.Add(request.NewErrParamRequired("PolicyStoreId"))
	}
	if s.PolicyStoreId != nil && len(*s.PolicyStoreId) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("PolicyStoreId", 1))
	}
	if s.Definition != nil {
		if err := s.Definition.Validate(); err != nil {
			invalidParams.AddNested("Definition", err.(request.ErrInvalidParams))
		}
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetDefinition sets the Definition field's value.
func (s *UpdatePolicyInput) SetDefinition(v *UpdatePolicyDefinition) *UpdatePolicyInput {
	s.Definition = v
	return s
}

// SetPolicyId sets the PolicyId field's value.
func (s *UpdatePolicyInput) SetPolicyId(v string) *UpdatePolicyInput {
	s.PolicyId = &v
	return s
}

// SetPolicyStoreId sets the PolicyStoreId field's value.
func (s *UpdatePolicyInput) SetPolicyStoreId(v string) *UpdatePolicyInput {
	s.PolicyStoreId = &v
	return s
}

type UpdatePolicyOutput struct {
	_ struct{} `type:"structure"`

	// The date and time that the policy was originally created.
	//
	// CreatedDate is a required field
	CreatedDate *time.Time `locationName:"createdDate" type:"timestamp" timestampFormat:"iso8601" required:"true"`

	// The date and time that the policy was most recently updated.
	//
	// LastUpdatedDate is a required field
	LastUpdatedDate *time.Time `locationName:"lastUpdatedDate" type:"timestamp" timestampFormat:"iso8601" required:"true"`

	// The ID of the policy that was updated.
	//
	// PolicyId is a required field
	PolicyId *string `locationName:"policyId" min:"1" type:"string" required:"true"`

	// The ID of the policy store that contains the policy that was updated.
	//
	// PolicyStoreId is a required field
	PolicyStoreId *string `locationName:"policyStoreId" min:"1" type:"string" required:"true"`

	// The type of the policy that was updated.
	//
	// PolicyType is a required field
	PolicyType *string `locationName:"policyType" type:"string" required:"true" enum:"PolicyType"`

	// The principal specified in the policy's scope. This element isn't included
	// in the response when Principal isn't present in the policy content.
	Principal *EntityIdentifier `locationName:"principal" type:"structure"`

	// The resource specified in the policy's scope. This element isn't included
	// in the response when Resource isn't present in the policy content.
	Resource *EntityIdentifier `locationName:"resource" type:"structure"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UpdatePolicyOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UpdatePolicyOutput) GoString() string {
	return s.String()
}

// SetCreatedDate sets the CreatedDate field's value.
func (s *UpdatePolicyOutput) SetCreatedDate(v time.Time) *UpdatePolicyOutput {
	s.CreatedDate = &v
	return s
}

// SetLastUpdatedDate sets the LastUpdatedDate field's value.
func (s *UpdatePolicyOutput) SetLastUpdatedDate(v time.Time) *UpdatePolicyOutput {
	s.LastUpdatedDate = &v
	return s
}

// SetPolicyId sets the PolicyId field's value.
func (s *UpdatePolicyOutput) SetPolicyId(v string) *UpdatePolicyOutput {
	s.PolicyId = &v
	return s
}

// SetPolicyStoreId sets the PolicyStoreId field's value.
func (s *UpdatePolicyOutput) SetPolicyStoreId(v string) *UpdatePolicyOutput {
	s.PolicyStoreId = &v
	return s
}

// SetPolicyType sets the PolicyType field's value.
func (s *UpdatePolicyOutput) SetPolicyType(v string) *UpdatePolicyOutput {
	s.PolicyType = &v
	return s
}

// SetPrincipal sets the Principal field's value.
func (s *UpdatePolicyOutput) SetPrincipal(v *EntityIdentifier) *UpdatePolicyOutput {
	s.Principal = v
	return s
}

// SetResource sets the Resource field's value.
func (s *UpdatePolicyOutput) SetResource(v *EntityIdentifier) *UpdatePolicyOutput {
	s.Resource = v
	return s
}

type UpdatePolicyStoreInput struct {
	_ struct{} `type:"structure"`

	// Descriptive text that you can provide to help with identification of the
	// current policy store.
	//
	// Description is a sensitive parameter and its value will be
	// replaced with "sensitive" in string returned by UpdatePolicyStoreInput's
	// String and GoString methods.
	Description *string `locationName:"description" type:"string" sensitive:"true"`

	// Specifies the ID of the policy store that you want to update
	//
	// PolicyStoreId is a required field
	PolicyStoreId *string `locationName:"policyStoreId" min:"1" type:"string" required:"true"`

	// A structure that defines the validation settings that want to enable for
	// the policy store.
	//
	// ValidationSettings is a required field
	ValidationSettings *ValidationSettings `locationName:"validationSettings" type:"structure" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UpdatePolicyStoreInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UpdatePolicyStoreInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *UpdatePolicyStoreInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "UpdatePolicyStoreInput"}
	if s.PolicyStoreId == nil {
		invalidParams.Add(request.NewErrParamRequired("PolicyStoreId"))
	}
	if s.PolicyStoreId != nil && len(*s.PolicyStoreId) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("PolicyStoreId", 1))
	}
	if s.ValidationSettings == nil {
		invalidParams.Add(request.NewErrParamRequired("ValidationSettings"))
	}
	if s.ValidationSettings != nil {
		if err := s.ValidationSettings.Validate(); err != nil {
			invalidParams.AddNested("ValidationSettings", err.(request.ErrInvalidParams))
		}
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetDescription sets the Description field's value.
func (s *UpdatePolicyStoreInput) SetDescription(v string) *UpdatePolicyStoreInput {
	s.Description = &v
	return s
}

// SetPolicyStoreId sets the PolicyStoreId field's value.
func (s *UpdatePolicyStoreInput) SetPolicyStoreId(v string) *UpdatePolicyStoreInput {
	s.PolicyStoreId = &v
	return s
}

// SetValidationSettings sets the ValidationSettings field's value.
func (s *UpdatePolicyStoreInput) SetValidationSettings(v *ValidationSettings) *UpdatePolicyStoreInput {
	s.ValidationSettings = v
	return s
}

type UpdatePolicyStoreOutput struct {
	_ struct{} `type:"structure"`

	// The Amazon Resource Name (ARN) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
	// of the updated policy store.
	//
	// Arn is a required field
	Arn *string `locationName:"arn" min:"1" type:"string" required:"true"`

	// The date and time that the policy store was originally created.
	//
	// CreatedDate is a required field
	CreatedDate *time.Time `locationName:"createdDate" type:"timestamp" timestampFormat:"iso8601" required:"true"`

	// The date and time that the policy store was most recently updated.
	//
	// LastUpdatedDate is a required field
	LastUpdatedDate *time.Time `locationName:"lastUpdatedDate" type:"timestamp" timestampFormat:"iso8601" required:"true"`

	// The ID of the updated policy store.
	//
	// PolicyStoreId is a required field
	PolicyStoreId *string `locationName:"policyStoreId" min:"1" type:"string" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UpdatePolicyStoreOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UpdatePolicyStoreOutput) GoString() string {
	return s.String()
}

// SetArn sets the Arn field's value.
func (s *UpdatePolicyStoreOutput) SetArn(v string) *UpdatePolicyStoreOutput {
	s.Arn = &v
	return s
}

// SetCreatedDate sets the CreatedDate field's value.
func (s *UpdatePolicyStoreOutput) SetCreatedDate(v time.Time) *UpdatePolicyStoreOutput {
	s.CreatedDate = &v
	return s
}

// SetLastUpdatedDate sets the LastUpdatedDate field's value.
func (s *UpdatePolicyStoreOutput) SetLastUpdatedDate(v time.Time) *UpdatePolicyStoreOutput {
	s.LastUpdatedDate = &v
	return s
}

// SetPolicyStoreId sets the PolicyStoreId field's value.
func (s *UpdatePolicyStoreOutput) SetPolicyStoreId(v string) *UpdatePolicyStoreOutput {
	s.PolicyStoreId = &v
	return s
}

type UpdatePolicyTemplateInput struct {
	_ struct{} `type:"structure"`

	// Specifies a new description to apply to the policy template.
	//
	// Description is a sensitive parameter and its value will be
	// replaced with "sensitive" in string returned by UpdatePolicyTemplateInput's
	// String and GoString methods.
	Description *string `locationName:"description" type:"string" sensitive:"true"`

	// Specifies the ID of the policy store that contains the policy template that
	// you want to update.
	//
	// PolicyStoreId is a required field
	PolicyStoreId *string `locationName:"policyStoreId" min:"1" type:"string" required:"true"`

	// Specifies the ID of the policy template that you want to update.
	//
	// PolicyTemplateId is a required field
	PolicyTemplateId *string `locationName:"policyTemplateId" min:"1" type:"string" required:"true"`

	// Specifies new statement content written in Cedar policy language to replace
	// the current body of the policy template.
	//
	// You can change only the following elements of the policy body:
	//
	//    * The action referenced by the policy template.
	//
	//    * Any conditional clauses, such as when or unless clauses.
	//
	// You can't change the following elements:
	//
	//    * The effect (permit or forbid) of the policy template.
	//
	//    * The principal referenced by the policy template.
	//
	//    * The resource referenced by the policy template.
	//
	// Statement is a sensitive parameter and its value will be
	// replaced with "sensitive" in string returned by UpdatePolicyTemplateInput's
	// String and GoString methods.
	//
	// Statement is a required field
	Statement *string `locationName:"statement" min:"1" type:"string" required:"true" sensitive:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UpdatePolicyTemplateInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UpdatePolicyTemplateInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *UpdatePolicyTemplateInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "UpdatePolicyTemplateInput"}
	if s.PolicyStoreId == nil {
		invalidParams.Add(request.NewErrParamRequired("PolicyStoreId"))
	}
	if s.PolicyStoreId != nil && len(*s.PolicyStoreId) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("PolicyStoreId", 1))
	}
	if s.PolicyTemplateId == nil {
		invalidParams.Add(request.NewErrParamRequired("PolicyTemplateId"))
	}
	if s.PolicyTemplateId != nil && len(*s.PolicyTemplateId) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("PolicyTemplateId", 1))
	}
	if s.Statement == nil {
		invalidParams.Add(request.NewErrParamRequired("Statement"))
	}
	if s.Statement != nil && len(*s.Statement) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("Statement", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetDescription sets the Description field's value.
func (s *UpdatePolicyTemplateInput) SetDescription(v string) *UpdatePolicyTemplateInput {
	s.Description = &v
	return s
}

// SetPolicyStoreId sets the PolicyStoreId field's value.
func (s *UpdatePolicyTemplateInput) SetPolicyStoreId(v string) *UpdatePolicyTemplateInput {
	s.PolicyStoreId = &v
	return s
}

// SetPolicyTemplateId sets the PolicyTemplateId field's value.
func (s *UpdatePolicyTemplateInput) SetPolicyTemplateId(v string) *UpdatePolicyTemplateInput {
	s.PolicyTemplateId = &v
	return s
}

// SetStatement sets the Statement field's value.
func (s *UpdatePolicyTemplateInput) SetStatement(v string) *UpdatePolicyTemplateInput {
	s.Statement = &v
	return s
}

type UpdatePolicyTemplateOutput struct {
	_ struct{} `type:"structure"`

	// The date and time that the policy template was originally created.
	//
	// CreatedDate is a required field
	CreatedDate *time.Time `locationName:"createdDate" type:"timestamp" timestampFormat:"iso8601" required:"true"`

	// The date and time that the policy template was most recently updated.
	//
	// LastUpdatedDate is a required field
	LastUpdatedDate *time.Time `locationName:"lastUpdatedDate" type:"timestamp" timestampFormat:"iso8601" required:"true"`

	// The ID of the policy store that contains the updated policy template.
	//
	// PolicyStoreId is a required field
	PolicyStoreId *string `locationName:"policyStoreId" min:"1" type:"string" required:"true"`

	// The ID of the updated policy template.
	//
	// PolicyTemplateId is a required field
	PolicyTemplateId *string `locationName:"policyTemplateId" min:"1" type:"string" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UpdatePolicyTemplateOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UpdatePolicyTemplateOutput) GoString() string {
	return s.String()
}

// SetCreatedDate sets the CreatedDate field's value.
func (s *UpdatePolicyTemplateOutput) SetCreatedDate(v time.Time) *UpdatePolicyTemplateOutput {
	s.CreatedDate = &v
	return s
}

// SetLastUpdatedDate sets the LastUpdatedDate field's value.
func (s *UpdatePolicyTemplateOutput) SetLastUpdatedDate(v time.Time) *UpdatePolicyTemplateOutput {
	s.LastUpdatedDate = &v
	return s
}

// SetPolicyStoreId sets the PolicyStoreId field's value.
func (s *UpdatePolicyTemplateOutput) SetPolicyStoreId(v string) *UpdatePolicyTemplateOutput {
	s.PolicyStoreId = &v
	return s
}

// SetPolicyTemplateId sets the PolicyTemplateId field's value.
func (s *UpdatePolicyTemplateOutput) SetPolicyTemplateId(v string) *UpdatePolicyTemplateOutput {
	s.PolicyTemplateId = &v
	return s
}

// Contains information about an update to a static policy.
type UpdateStaticPolicyDefinition struct {
	_ struct{} `type:"structure"`

	// Specifies the description to be added to or replaced on the static policy.
	//
	// Description is a sensitive parameter and its value will be
	// replaced with "sensitive" in string returned by UpdateStaticPolicyDefinition's
	// String and GoString methods.
	Description *string `locationName:"description" type:"string" sensitive:"true"`

	// Specifies the Cedar policy language text to be added to or replaced on the
	// static policy.
	//
	// You can change only the following elements from the original content:
	//
	//    * The action referenced by the policy.
	//
	//    * Any conditional clauses, such as when or unless clauses.
	//
	// You can't change the following elements:
	//
	//    * Changing from StaticPolicy to TemplateLinkedPolicy.
	//
	//    * The effect (permit or forbid) of the policy.
	//
	//    * The principal referenced by the policy.
	//
	//    * The resource referenced by the policy.
	//
	// Statement is a sensitive parameter and its value will be
	// replaced with "sensitive" in string returned by UpdateStaticPolicyDefinition's
	// String and GoString methods.
	//
	// Statement is a required field
	Statement *string `locationName:"statement" min:"1" type:"string" required:"true" sensitive:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UpdateStaticPolicyDefinition) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UpdateStaticPolicyDefinition) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *UpdateStaticPolicyDefinition) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "UpdateStaticPolicyDefinition"}
	if s.Statement == nil {
		invalidParams.Add(request.NewErrParamRequired("Statement"))
	}
	if s.Statement != nil && len(*s.Statement) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("Statement", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetDescription sets the Description field's value.
func (s *UpdateStaticPolicyDefinition) SetDescription(v string) *UpdateStaticPolicyDefinition {
	s.Description = &v
	return s
}

// SetStatement sets the Statement field's value.
func (s *UpdateStaticPolicyDefinition) SetStatement(v string) *UpdateStaticPolicyDefinition {
	s.Statement = &v
	return s
}

// The request failed because one or more input parameters don't satisfy their
// constraint requirements. The output is provided as a list of fields and a
// reason for each field that isn't valid.
//
// The possible reasons include the following:
//
//   - UnrecognizedEntityType The policy includes an entity type that isn't
//     found in the schema.
//
//   - UnrecognizedActionId The policy includes an action id that isn't found
//     in the schema.
//
//   - InvalidActionApplication The policy includes an action that, according
//     to the schema, doesn't support the specified principal and resource.
//
//   - UnexpectedType The policy included an operand that isn't a valid type
//     for the specified operation.
//
//   - IncompatibleTypes The types of elements included in a set, or the types
//     of expressions used in an if...then...else clause aren't compatible in
//     this context.
//
//   - MissingAttribute The policy attempts to access a record or entity attribute
//     that isn't specified in the schema. Test for the existence of the attribute
//     first before attempting to access its value. For more information, see
//     the has (presence of attribute test) operator (https://docs.cedarpolicy.com/policies/syntax-operators.html#has-presence-of-attribute-test)
//     in the Cedar Policy Language Guide.
//
//   - UnsafeOptionalAttributeAccess The policy attempts to access a record
//     or entity attribute that is optional and isn't guaranteed to be present.
//     Test for the existence of the attribute first before attempting to access
//     its value. For more information, see the has (presence of attribute test)
//     operator (https://docs.cedarpolicy.com/policies/syntax-operators.html#has-presence-of-attribute-test)
//     in the Cedar Policy Language Guide.
//
//   - ImpossiblePolicy Cedar has determined that a policy condition always
//     evaluates to false. If the policy is always false, it can never apply
//     to any query, and so it can never affect an authorization decision.
//
//   - WrongNumberArguments The policy references an extension type with the
//     wrong number of arguments.
//
//   - FunctionArgumentValidationError Cedar couldn't parse the argument passed
//     to an extension type. For example, a string that is to be parsed as an
//     IPv4 address can contain only digits and the period character.
type ValidationException struct {
	_            struct{}                  `type:"structure"`
	RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`

	// The list of fields that aren't valid.
	FieldList []*ValidationExceptionField `locationName:"fieldList" type:"list"`

	Message_ *string `locationName:"message" type:"string"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ValidationException) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ValidationException) GoString() string {
	return s.String()
}

func newErrorValidationException(v protocol.ResponseMetadata) error {
	return &ValidationException{
		RespMetadata: v,
	}
}

// Code returns the exception type name.
func (s *ValidationException) Code() string {
	return "ValidationException"
}

// Message returns the exception's message.
func (s *ValidationException) Message() string {
	if s.Message_ != nil {
		return *s.Message_
	}
	return ""
}

// OrigErr always returns nil, satisfies awserr.Error interface.
func (s *ValidationException) OrigErr() error {
	return nil
}

func (s *ValidationException) Error() string {
	return fmt.Sprintf("%s: %s\n%s", s.Code(), s.Message(), s.String())
}

// Status code returns the HTTP status code for the request's response error.
func (s *ValidationException) StatusCode() int {
	return s.RespMetadata.StatusCode
}

// RequestID returns the service's response RequestID for request.
func (s *ValidationException) RequestID() string {
	return s.RespMetadata.RequestID
}

// Details about a field that failed policy validation.
type ValidationExceptionField struct {
	_ struct{} `type:"structure"`

	// Describes the policy validation error.
	//
	// Message is a required field
	Message *string `locationName:"message" type:"string" required:"true"`

	// The path to the specific element that Verified Permissions found to be not
	// valid.
	//
	// Path is a required field
	Path *string `locationName:"path" type:"string" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ValidationExceptionField) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ValidationExceptionField) GoString() string {
	return s.String()
}

// SetMessage sets the Message field's value.
func (s *ValidationExceptionField) SetMessage(v string) *ValidationExceptionField {
	s.Message = &v
	return s
}

// SetPath sets the Path field's value.
func (s *ValidationExceptionField) SetPath(v string) *ValidationExceptionField {
	s.Path = &v
	return s
}

// A structure that contains Cedar policy validation settings for the policy
// store. The validation mode determines which validation failures that Cedar
// considers serious enough to block acceptance of a new or edited static policy
// or policy template.
//
// This data type is used as a request parameter in the CreatePolicyStore (https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_CreatePolicyStore.html)
// and UpdatePolicyStore (https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_UpdatePolicyStore.html)
// operations.
type ValidationSettings struct {
	_ struct{} `type:"structure"`

	// The validation mode currently configured for this policy store. The valid
	// values are:
	//
	//    * OFF – Neither Verified Permissions nor Cedar perform any validation
	//    on policies. No validation errors are reported by either service.
	//
	//    * STRICT – Requires a schema to be present in the policy store. Cedar
	//    performs validation on all submitted new or updated static policies and
	//    policy templates. Any that fail validation are rejected and Cedar doesn't
	//    store them in the policy store.
	//
	// If Mode=STRICT and the policy store doesn't contain a schema, Verified Permissions
	// rejects all static policies and policy templates because there is no schema
	// to validate against.
	//
	// To submit a static policy or policy template without a schema, you must turn
	// off validation.
	//
	// Mode is a required field
	Mode *string `locationName:"mode" type:"string" required:"true" enum:"ValidationMode"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ValidationSettings) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ValidationSettings) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *ValidationSettings) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "ValidationSettings"}
	if s.Mode == nil {
		invalidParams.Add(request.NewErrParamRequired("Mode"))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetMode sets the Mode field's value.
func (s *ValidationSettings) SetMode(v string) *ValidationSettings {
	s.Mode = &v
	return s
}

const (
	// DecisionAllow is a Decision enum value
	DecisionAllow = "ALLOW"

	// DecisionDeny is a Decision enum value
	DecisionDeny = "DENY"
)

// Decision_Values returns all elements of the Decision enum
func Decision_Values() []string {
	return []string{
		DecisionAllow,
		DecisionDeny,
	}
}

const (
	// OpenIdIssuerCognito is a OpenIdIssuer enum value
	OpenIdIssuerCognito = "COGNITO"
)

// OpenIdIssuer_Values returns all elements of the OpenIdIssuer enum
func OpenIdIssuer_Values() []string {
	return []string{
		OpenIdIssuerCognito,
	}
}

const (
	// PolicyTypeStatic is a PolicyType enum value
	PolicyTypeStatic = "STATIC"

	// PolicyTypeTemplateLinked is a PolicyType enum value
	PolicyTypeTemplateLinked = "TEMPLATE_LINKED"
)

// PolicyType_Values returns all elements of the PolicyType enum
func PolicyType_Values() []string {
	return []string{
		PolicyTypeStatic,
		PolicyTypeTemplateLinked,
	}
}

const (
	// ResourceTypeIdentitySource is a ResourceType enum value
	ResourceTypeIdentitySource = "IDENTITY_SOURCE"

	// ResourceTypePolicyStore is a ResourceType enum value
	ResourceTypePolicyStore = "POLICY_STORE"

	// ResourceTypePolicy is a ResourceType enum value
	ResourceTypePolicy = "POLICY"

	// ResourceTypePolicyTemplate is a ResourceType enum value
	ResourceTypePolicyTemplate = "POLICY_TEMPLATE"

	// ResourceTypeSchema is a ResourceType enum value
	ResourceTypeSchema = "SCHEMA"
)

// ResourceType_Values returns all elements of the ResourceType enum
func ResourceType_Values() []string {
	return []string{
		ResourceTypeIdentitySource,
		ResourceTypePolicyStore,
		ResourceTypePolicy,
		ResourceTypePolicyTemplate,
		ResourceTypeSchema,
	}
}

const (
	// ValidationModeOff is a ValidationMode enum value
	ValidationModeOff = "OFF"

	// ValidationModeStrict is a ValidationMode enum value
	ValidationModeStrict = "STRICT"
)

// ValidationMode_Values returns all elements of the ValidationMode enum
func ValidationMode_Values() []string {
	return []string{
		ValidationModeOff,
		ValidationModeStrict,
	}
}