From e6fbf506c42b9a31ac8d3ddddd45196c5f9bdcbb Mon Sep 17 00:00:00 2001 From: awstools Date: Tue, 27 Jun 2023 18:25:31 +0000 Subject: [PATCH] docs(client-verifiedpermissions): This update fixes several broken links to the Cedar documentation. --- clients/client-verifiedpermissions/README.md | 2 +- .../src/VerifiedPermissions.ts | 2 +- .../src/VerifiedPermissionsClient.ts | 2 +- .../commands/CreateIdentitySourceCommand.ts | 4 +-- .../src/commands/CreatePolicyCommand.ts | 4 +-- .../src/commands/CreatePolicyStoreCommand.ts | 4 +-- .../commands/CreatePolicyTemplateCommand.ts | 4 +-- .../commands/DeleteIdentitySourceCommand.ts | 4 +-- .../src/commands/DeletePolicyCommand.ts | 4 +-- .../src/commands/DeletePolicyStoreCommand.ts | 4 +-- .../commands/DeletePolicyTemplateCommand.ts | 4 +-- .../src/commands/GetIdentitySourceCommand.ts | 4 +-- .../src/commands/GetPolicyCommand.ts | 4 +-- .../src/commands/GetPolicyStoreCommand.ts | 4 +-- .../src/commands/GetPolicyTemplateCommand.ts | 4 +-- .../src/commands/GetSchemaCommand.ts | 4 +-- .../src/commands/IsAuthorizedCommand.ts | 4 +-- .../commands/IsAuthorizedWithTokenCommand.ts | 4 +-- .../commands/ListIdentitySourcesCommand.ts | 4 +-- .../src/commands/ListPoliciesCommand.ts | 4 +-- .../src/commands/ListPolicyStoresCommand.ts | 4 +-- .../commands/ListPolicyTemplatesCommand.ts | 4 +-- .../src/commands/PutSchemaCommand.ts | 4 +-- .../commands/UpdateIdentitySourceCommand.ts | 4 +-- .../src/commands/UpdatePolicyCommand.ts | 4 +-- .../src/commands/UpdatePolicyStoreCommand.ts | 4 +-- .../commands/UpdatePolicyTemplateCommand.ts | 4 +-- .../client-verifiedpermissions/src/index.ts | 2 +- .../src/models/models_0.ts | 30 +++++++------------ .../aws-models/verifiedpermissions.json | 16 +++++----- 30 files changed, 70 insertions(+), 80 deletions(-) diff --git a/clients/client-verifiedpermissions/README.md b/clients/client-verifiedpermissions/README.md index f05bfda9146a..d98a1938b4ae 100644 --- a/clients/client-verifiedpermissions/README.md +++ b/clients/client-verifiedpermissions/README.md @@ -19,7 +19,7 @@ Cedar supports both role-based access control (RBAC) and attribute-based access control (ABAC) authorization models.

For more information about configuring, administering, and using Amazon Verified Permissions in your applications, see the Amazon Verified Permissions User Guide.

-

For more information about the Cedar policy language, see the Cedar Policy Language Guide.

+

For more information about the Cedar policy language, see the Cedar Policy Language Guide.

When you write Cedar policies that reference principals, resources and actions, you can define the unique identifiers used for each of those elements. We strongly diff --git a/clients/client-verifiedpermissions/src/VerifiedPermissions.ts b/clients/client-verifiedpermissions/src/VerifiedPermissions.ts index a9c3862ce661..978ac0ca1397 100644 --- a/clients/client-verifiedpermissions/src/VerifiedPermissions.ts +++ b/clients/client-verifiedpermissions/src/VerifiedPermissions.ts @@ -513,7 +513,7 @@ export interface VerifiedPermissions { * control (ABAC) authorization models.

*

For more information about configuring, administering, and using Amazon Verified Permissions in your * applications, see the Amazon Verified Permissions User Guide.

- *

For more information about the Cedar policy language, see the Cedar Policy Language Guide.

+ *

For more information about the Cedar policy language, see the Cedar Policy Language Guide.

* *

When you write Cedar policies that reference principals, resources and actions, * you can define the unique identifiers used for each of those elements. We strongly diff --git a/clients/client-verifiedpermissions/src/VerifiedPermissionsClient.ts b/clients/client-verifiedpermissions/src/VerifiedPermissionsClient.ts index 8965ac5cd0d5..e303ac942b0e 100644 --- a/clients/client-verifiedpermissions/src/VerifiedPermissionsClient.ts +++ b/clients/client-verifiedpermissions/src/VerifiedPermissionsClient.ts @@ -347,7 +347,7 @@ export interface VerifiedPermissionsClientResolvedConfig extends VerifiedPermiss * control (ABAC) authorization models.

*

For more information about configuring, administering, and using Amazon Verified Permissions in your * applications, see the Amazon Verified Permissions User Guide.

- *

For more information about the Cedar policy language, see the Cedar Policy Language Guide.

+ *

For more information about the Cedar policy language, see the Cedar Policy Language Guide.

* *

When you write Cedar policies that reference principals, resources and actions, * you can define the unique identifiers used for each of those elements. We strongly diff --git a/clients/client-verifiedpermissions/src/commands/CreateIdentitySourceCommand.ts b/clients/client-verifiedpermissions/src/commands/CreateIdentitySourceCommand.ts index 5e985fd594bd..bb8202d89b39 100644 --- a/clients/client-verifiedpermissions/src/commands/CreateIdentitySourceCommand.ts +++ b/clients/client-verifiedpermissions/src/commands/CreateIdentitySourceCommand.ts @@ -163,7 +163,7 @@ export interface CreateIdentitySourceCommandOutput extends CreateIdentitySourceO *

*

The policy attempts to access a record or entity attribute that isn't * specified in the schema. Test for the existence of the attribute first before - * attempting to access its value. For more information, see the has (presence of attribute test) operator in the + * attempting to access its value. For more information, see the has (presence of attribute test) operator in the * Cedar Policy Language Guide.

* *
  • @@ -173,7 +173,7 @@ export interface CreateIdentitySourceCommandOutput extends CreateIdentitySourceO *

    The policy attempts to access a record or entity attribute that is optional * and isn't guaranteed to be present. Test for the existence of the attribute * first before attempting to access its value. For more information, see the - * has (presence of attribute test) operator in the + * has (presence of attribute test) operator in the * Cedar Policy Language Guide.

    *
    • *
  • diff --git a/clients/client-verifiedpermissions/src/commands/CreatePolicyCommand.ts b/clients/client-verifiedpermissions/src/commands/CreatePolicyCommand.ts index d02e46adef09..3e68c4758987 100644 --- a/clients/client-verifiedpermissions/src/commands/CreatePolicyCommand.ts +++ b/clients/client-verifiedpermissions/src/commands/CreatePolicyCommand.ts @@ -175,7 +175,7 @@ export interface CreatePolicyCommandOutput extends CreatePolicyOutput, __Metadat *

    *

    The policy attempts to access a record or entity attribute that isn't * specified in the schema. Test for the existence of the attribute first before - * attempting to access its value. For more information, see the has (presence of attribute test) operator in the + * attempting to access its value. For more information, see the has (presence of attribute test) operator in the * Cedar Policy Language Guide.

    *
    • *
  • @@ -185,7 +185,7 @@ export interface CreatePolicyCommandOutput extends CreatePolicyOutput, __Metadat *

    The policy attempts to access a record or entity attribute that is optional * and isn't guaranteed to be present. Test for the existence of the attribute * first before attempting to access its value. For more information, see the - * has (presence of attribute test) operator in the + * has (presence of attribute test) operator in the * Cedar Policy Language Guide.

    *
    • *
  • diff --git a/clients/client-verifiedpermissions/src/commands/CreatePolicyStoreCommand.ts b/clients/client-verifiedpermissions/src/commands/CreatePolicyStoreCommand.ts index 9ef7145f57fc..b906a81cf711 100644 --- a/clients/client-verifiedpermissions/src/commands/CreatePolicyStoreCommand.ts +++ b/clients/client-verifiedpermissions/src/commands/CreatePolicyStoreCommand.ts @@ -133,7 +133,7 @@ export interface CreatePolicyStoreCommandOutput extends CreatePolicyStoreOutput, *

    *

    The policy attempts to access a record or entity attribute that isn't * specified in the schema. Test for the existence of the attribute first before - * attempting to access its value. For more information, see the has (presence of attribute test) operator in the + * attempting to access its value. For more information, see the has (presence of attribute test) operator in the * Cedar Policy Language Guide.

    *
    • *
  • @@ -143,7 +143,7 @@ export interface CreatePolicyStoreCommandOutput extends CreatePolicyStoreOutput, *

    The policy attempts to access a record or entity attribute that is optional * and isn't guaranteed to be present. Test for the existence of the attribute * first before attempting to access its value. For more information, see the - * has (presence of attribute test) operator in the + * has (presence of attribute test) operator in the * Cedar Policy Language Guide.

    *
    • *
  • diff --git a/clients/client-verifiedpermissions/src/commands/CreatePolicyTemplateCommand.ts b/clients/client-verifiedpermissions/src/commands/CreatePolicyTemplateCommand.ts index 06f6c2ff6d69..04120b043c6a 100644 --- a/clients/client-verifiedpermissions/src/commands/CreatePolicyTemplateCommand.ts +++ b/clients/client-verifiedpermissions/src/commands/CreatePolicyTemplateCommand.ts @@ -137,7 +137,7 @@ export interface CreatePolicyTemplateCommandOutput extends CreatePolicyTemplateO *

    *

    The policy attempts to access a record or entity attribute that isn't * specified in the schema. Test for the existence of the attribute first before - * attempting to access its value. For more information, see the has (presence of attribute test) operator in the + * attempting to access its value. For more information, see the has (presence of attribute test) operator in the * Cedar Policy Language Guide.

    *
    • *
  • @@ -147,7 +147,7 @@ export interface CreatePolicyTemplateCommandOutput extends CreatePolicyTemplateO *

    The policy attempts to access a record or entity attribute that is optional * and isn't guaranteed to be present. Test for the existence of the attribute * first before attempting to access its value. For more information, see the - * has (presence of attribute test) operator in the + * has (presence of attribute test) operator in the * Cedar Policy Language Guide.

    *
    • *
  • diff --git a/clients/client-verifiedpermissions/src/commands/DeleteIdentitySourceCommand.ts b/clients/client-verifiedpermissions/src/commands/DeleteIdentitySourceCommand.ts index 7ccad7c0c9fa..b0e5f02ae9fa 100644 --- a/clients/client-verifiedpermissions/src/commands/DeleteIdentitySourceCommand.ts +++ b/clients/client-verifiedpermissions/src/commands/DeleteIdentitySourceCommand.ts @@ -128,7 +128,7 @@ export interface DeleteIdentitySourceCommandOutput extends DeleteIdentitySourceO *

    *

    The policy attempts to access a record or entity attribute that isn't * specified in the schema. Test for the existence of the attribute first before - * attempting to access its value. For more information, see the has (presence of attribute test) operator in the + * attempting to access its value. For more information, see the has (presence of attribute test) operator in the * Cedar Policy Language Guide.

    *
    • *
  • @@ -138,7 +138,7 @@ export interface DeleteIdentitySourceCommandOutput extends DeleteIdentitySourceO *

    The policy attempts to access a record or entity attribute that is optional * and isn't guaranteed to be present. Test for the existence of the attribute * first before attempting to access its value. For more information, see the - * has (presence of attribute test) operator in the + * has (presence of attribute test) operator in the * Cedar Policy Language Guide.

    *
    • *
  • diff --git a/clients/client-verifiedpermissions/src/commands/DeletePolicyCommand.ts b/clients/client-verifiedpermissions/src/commands/DeletePolicyCommand.ts index af3f65fdf96b..30dbe5abc1d6 100644 --- a/clients/client-verifiedpermissions/src/commands/DeletePolicyCommand.ts +++ b/clients/client-verifiedpermissions/src/commands/DeletePolicyCommand.ts @@ -127,7 +127,7 @@ export interface DeletePolicyCommandOutput extends DeletePolicyOutput, __Metadat *

    *

    The policy attempts to access a record or entity attribute that isn't * specified in the schema. Test for the existence of the attribute first before - * attempting to access its value. For more information, see the has (presence of attribute test) operator in the + * attempting to access its value. For more information, see the has (presence of attribute test) operator in the * Cedar Policy Language Guide.

    *
    • *
  • @@ -137,7 +137,7 @@ export interface DeletePolicyCommandOutput extends DeletePolicyOutput, __Metadat *

    The policy attempts to access a record or entity attribute that is optional * and isn't guaranteed to be present. Test for the existence of the attribute * first before attempting to access its value. For more information, see the - * has (presence of attribute test) operator in the + * has (presence of attribute test) operator in the * Cedar Policy Language Guide.

    *
    • *
  • diff --git a/clients/client-verifiedpermissions/src/commands/DeletePolicyStoreCommand.ts b/clients/client-verifiedpermissions/src/commands/DeletePolicyStoreCommand.ts index 3953331b304c..65dc37a0d417 100644 --- a/clients/client-verifiedpermissions/src/commands/DeletePolicyStoreCommand.ts +++ b/clients/client-verifiedpermissions/src/commands/DeletePolicyStoreCommand.ts @@ -119,7 +119,7 @@ export interface DeletePolicyStoreCommandOutput extends DeletePolicyStoreOutput, *

    *

    The policy attempts to access a record or entity attribute that isn't * specified in the schema. Test for the existence of the attribute first before - * attempting to access its value. For more information, see the has (presence of attribute test) operator in the + * attempting to access its value. For more information, see the has (presence of attribute test) operator in the * Cedar Policy Language Guide.

    *
    • *
  • @@ -129,7 +129,7 @@ export interface DeletePolicyStoreCommandOutput extends DeletePolicyStoreOutput, *

    The policy attempts to access a record or entity attribute that is optional * and isn't guaranteed to be present. Test for the existence of the attribute * first before attempting to access its value. For more information, see the - * has (presence of attribute test) operator in the + * has (presence of attribute test) operator in the * Cedar Policy Language Guide.

    *
    • *
  • diff --git a/clients/client-verifiedpermissions/src/commands/DeletePolicyTemplateCommand.ts b/clients/client-verifiedpermissions/src/commands/DeletePolicyTemplateCommand.ts index f18ffc24532e..64211d6756f7 100644 --- a/clients/client-verifiedpermissions/src/commands/DeletePolicyTemplateCommand.ts +++ b/clients/client-verifiedpermissions/src/commands/DeletePolicyTemplateCommand.ts @@ -130,7 +130,7 @@ export interface DeletePolicyTemplateCommandOutput extends DeletePolicyTemplateO *

    *

    The policy attempts to access a record or entity attribute that isn't * specified in the schema. Test for the existence of the attribute first before - * attempting to access its value. For more information, see the has (presence of attribute test) operator in the + * attempting to access its value. For more information, see the has (presence of attribute test) operator in the * Cedar Policy Language Guide.

    *
    • *
  • @@ -140,7 +140,7 @@ export interface DeletePolicyTemplateCommandOutput extends DeletePolicyTemplateO *

    The policy attempts to access a record or entity attribute that is optional * and isn't guaranteed to be present. Test for the existence of the attribute * first before attempting to access its value. For more information, see the - * has (presence of attribute test) operator in the + * has (presence of attribute test) operator in the * Cedar Policy Language Guide.

    *
    • *
  • diff --git a/clients/client-verifiedpermissions/src/commands/GetIdentitySourceCommand.ts b/clients/client-verifiedpermissions/src/commands/GetIdentitySourceCommand.ts index 97a5d63b850e..71dded9e1e28 100644 --- a/clients/client-verifiedpermissions/src/commands/GetIdentitySourceCommand.ts +++ b/clients/client-verifiedpermissions/src/commands/GetIdentitySourceCommand.ts @@ -135,7 +135,7 @@ export interface GetIdentitySourceCommandOutput extends GetIdentitySourceOutput, *

    *

    The policy attempts to access a record or entity attribute that isn't * specified in the schema. Test for the existence of the attribute first before - * attempting to access its value. For more information, see the has (presence of attribute test) operator in the + * attempting to access its value. For more information, see the has (presence of attribute test) operator in the * Cedar Policy Language Guide.

    *
    • *
  • @@ -145,7 +145,7 @@ export interface GetIdentitySourceCommandOutput extends GetIdentitySourceOutput, *

    The policy attempts to access a record or entity attribute that is optional * and isn't guaranteed to be present. Test for the existence of the attribute * first before attempting to access its value. For more information, see the - * has (presence of attribute test) operator in the + * has (presence of attribute test) operator in the * Cedar Policy Language Guide.

    *
    • *
  • diff --git a/clients/client-verifiedpermissions/src/commands/GetPolicyCommand.ts b/clients/client-verifiedpermissions/src/commands/GetPolicyCommand.ts index 81970cf67237..88506219bc52 100644 --- a/clients/client-verifiedpermissions/src/commands/GetPolicyCommand.ts +++ b/clients/client-verifiedpermissions/src/commands/GetPolicyCommand.ts @@ -152,7 +152,7 @@ export interface GetPolicyCommandOutput extends GetPolicyOutput, __MetadataBeare *

    *

    The policy attempts to access a record or entity attribute that isn't * specified in the schema. Test for the existence of the attribute first before - * attempting to access its value. For more information, see the has (presence of attribute test) operator in the + * attempting to access its value. For more information, see the has (presence of attribute test) operator in the * Cedar Policy Language Guide.

    *
    • *
  • @@ -162,7 +162,7 @@ export interface GetPolicyCommandOutput extends GetPolicyOutput, __MetadataBeare *

    The policy attempts to access a record or entity attribute that is optional * and isn't guaranteed to be present. Test for the existence of the attribute * first before attempting to access its value. For more information, see the - * has (presence of attribute test) operator in the + * has (presence of attribute test) operator in the * Cedar Policy Language Guide.

    *
    • *
  • diff --git a/clients/client-verifiedpermissions/src/commands/GetPolicyStoreCommand.ts b/clients/client-verifiedpermissions/src/commands/GetPolicyStoreCommand.ts index c279a70b0b13..abad43874bf8 100644 --- a/clients/client-verifiedpermissions/src/commands/GetPolicyStoreCommand.ts +++ b/clients/client-verifiedpermissions/src/commands/GetPolicyStoreCommand.ts @@ -128,7 +128,7 @@ export interface GetPolicyStoreCommandOutput extends GetPolicyStoreOutput, __Met *

    *

    The policy attempts to access a record or entity attribute that isn't * specified in the schema. Test for the existence of the attribute first before - * attempting to access its value. For more information, see the has (presence of attribute test) operator in the + * attempting to access its value. For more information, see the has (presence of attribute test) operator in the * Cedar Policy Language Guide.

    *
    • *
  • @@ -138,7 +138,7 @@ export interface GetPolicyStoreCommandOutput extends GetPolicyStoreOutput, __Met *

    The policy attempts to access a record or entity attribute that is optional * and isn't guaranteed to be present. Test for the existence of the attribute * first before attempting to access its value. For more information, see the - * has (presence of attribute test) operator in the + * has (presence of attribute test) operator in the * Cedar Policy Language Guide.

    *
    • *
  • diff --git a/clients/client-verifiedpermissions/src/commands/GetPolicyTemplateCommand.ts b/clients/client-verifiedpermissions/src/commands/GetPolicyTemplateCommand.ts index 38461fa08d4a..cf89a7ebc702 100644 --- a/clients/client-verifiedpermissions/src/commands/GetPolicyTemplateCommand.ts +++ b/clients/client-verifiedpermissions/src/commands/GetPolicyTemplateCommand.ts @@ -128,7 +128,7 @@ export interface GetPolicyTemplateCommandOutput extends GetPolicyTemplateOutput, *

    *

    The policy attempts to access a record or entity attribute that isn't * specified in the schema. Test for the existence of the attribute first before - * attempting to access its value. For more information, see the has (presence of attribute test) operator in the + * attempting to access its value. For more information, see the has (presence of attribute test) operator in the * Cedar Policy Language Guide.

    *
    • *
  • @@ -138,7 +138,7 @@ export interface GetPolicyTemplateCommandOutput extends GetPolicyTemplateOutput, *

    The policy attempts to access a record or entity attribute that is optional * and isn't guaranteed to be present. Test for the existence of the attribute * first before attempting to access its value. For more information, see the - * has (presence of attribute test) operator in the + * has (presence of attribute test) operator in the * Cedar Policy Language Guide.

    *
    • *
  • diff --git a/clients/client-verifiedpermissions/src/commands/GetSchemaCommand.ts b/clients/client-verifiedpermissions/src/commands/GetSchemaCommand.ts index 7f2db1f3ac16..c55edc6f8dd4 100644 --- a/clients/client-verifiedpermissions/src/commands/GetSchemaCommand.ts +++ b/clients/client-verifiedpermissions/src/commands/GetSchemaCommand.ts @@ -125,7 +125,7 @@ export interface GetSchemaCommandOutput extends GetSchemaOutput, __MetadataBeare *

    *

    The policy attempts to access a record or entity attribute that isn't * specified in the schema. Test for the existence of the attribute first before - * attempting to access its value. For more information, see the has (presence of attribute test) operator in the + * attempting to access its value. For more information, see the has (presence of attribute test) operator in the * Cedar Policy Language Guide.

    *
    • *
  • @@ -135,7 +135,7 @@ export interface GetSchemaCommandOutput extends GetSchemaOutput, __MetadataBeare *

    The policy attempts to access a record or entity attribute that is optional * and isn't guaranteed to be present. Test for the existence of the attribute * first before attempting to access its value. For more information, see the - * has (presence of attribute test) operator in the + * has (presence of attribute test) operator in the * Cedar Policy Language Guide.

    *
    • *
  • diff --git a/clients/client-verifiedpermissions/src/commands/IsAuthorizedCommand.ts b/clients/client-verifiedpermissions/src/commands/IsAuthorizedCommand.ts index 3a6673d7acd2..7be17377d892 100644 --- a/clients/client-verifiedpermissions/src/commands/IsAuthorizedCommand.ts +++ b/clients/client-verifiedpermissions/src/commands/IsAuthorizedCommand.ts @@ -192,7 +192,7 @@ export interface IsAuthorizedCommandOutput extends IsAuthorizedOutput, __Metadat *

    *

    The policy attempts to access a record or entity attribute that isn't * specified in the schema. Test for the existence of the attribute first before - * attempting to access its value. For more information, see the has (presence of attribute test) operator in the + * attempting to access its value. For more information, see the has (presence of attribute test) operator in the * Cedar Policy Language Guide.

    *
    • *
  • @@ -202,7 +202,7 @@ export interface IsAuthorizedCommandOutput extends IsAuthorizedOutput, __Metadat *

    The policy attempts to access a record or entity attribute that is optional * and isn't guaranteed to be present. Test for the existence of the attribute * first before attempting to access its value. For more information, see the - * has (presence of attribute test) operator in the + * has (presence of attribute test) operator in the * Cedar Policy Language Guide.

    *
    • *
  • diff --git a/clients/client-verifiedpermissions/src/commands/IsAuthorizedWithTokenCommand.ts b/clients/client-verifiedpermissions/src/commands/IsAuthorizedWithTokenCommand.ts index d90630bf0d8c..75b7930150c3 100644 --- a/clients/client-verifiedpermissions/src/commands/IsAuthorizedWithTokenCommand.ts +++ b/clients/client-verifiedpermissions/src/commands/IsAuthorizedWithTokenCommand.ts @@ -193,7 +193,7 @@ export interface IsAuthorizedWithTokenCommandOutput extends IsAuthorizedWithToke *

    *

    The policy attempts to access a record or entity attribute that isn't * specified in the schema. Test for the existence of the attribute first before - * attempting to access its value. For more information, see the has (presence of attribute test) operator in the + * attempting to access its value. For more information, see the has (presence of attribute test) operator in the * Cedar Policy Language Guide.

    *
    • *
  • @@ -203,7 +203,7 @@ export interface IsAuthorizedWithTokenCommandOutput extends IsAuthorizedWithToke *

    The policy attempts to access a record or entity attribute that is optional * and isn't guaranteed to be present. Test for the existence of the attribute * first before attempting to access its value. For more information, see the - * has (presence of attribute test) operator in the + * has (presence of attribute test) operator in the * Cedar Policy Language Guide.

    *
    • *
  • diff --git a/clients/client-verifiedpermissions/src/commands/ListIdentitySourcesCommand.ts b/clients/client-verifiedpermissions/src/commands/ListIdentitySourcesCommand.ts index 3e6e2a224cb9..4386f552a408 100644 --- a/clients/client-verifiedpermissions/src/commands/ListIdentitySourcesCommand.ts +++ b/clients/client-verifiedpermissions/src/commands/ListIdentitySourcesCommand.ts @@ -146,7 +146,7 @@ export interface ListIdentitySourcesCommandOutput extends ListIdentitySourcesOut *

    *

    The policy attempts to access a record or entity attribute that isn't * specified in the schema. Test for the existence of the attribute first before - * attempting to access its value. For more information, see the has (presence of attribute test) operator in the + * attempting to access its value. For more information, see the has (presence of attribute test) operator in the * Cedar Policy Language Guide.

    *
    • *
  • @@ -156,7 +156,7 @@ export interface ListIdentitySourcesCommandOutput extends ListIdentitySourcesOut *

    The policy attempts to access a record or entity attribute that is optional * and isn't guaranteed to be present. Test for the existence of the attribute * first before attempting to access its value. For more information, see the - * has (presence of attribute test) operator in the + * has (presence of attribute test) operator in the * Cedar Policy Language Guide.

    *
    • *
  • diff --git a/clients/client-verifiedpermissions/src/commands/ListPoliciesCommand.ts b/clients/client-verifiedpermissions/src/commands/ListPoliciesCommand.ts index 11bb1cdc8b16..133432c124ba 100644 --- a/clients/client-verifiedpermissions/src/commands/ListPoliciesCommand.ts +++ b/clients/client-verifiedpermissions/src/commands/ListPoliciesCommand.ts @@ -175,7 +175,7 @@ export interface ListPoliciesCommandOutput extends ListPoliciesOutput, __Metadat *

    *

    The policy attempts to access a record or entity attribute that isn't * specified in the schema. Test for the existence of the attribute first before - * attempting to access its value. For more information, see the has (presence of attribute test) operator in the + * attempting to access its value. For more information, see the has (presence of attribute test) operator in the * Cedar Policy Language Guide.

    *
    • *
  • @@ -185,7 +185,7 @@ export interface ListPoliciesCommandOutput extends ListPoliciesOutput, __Metadat *

    The policy attempts to access a record or entity attribute that is optional * and isn't guaranteed to be present. Test for the existence of the attribute * first before attempting to access its value. For more information, see the - * has (presence of attribute test) operator in the + * has (presence of attribute test) operator in the * Cedar Policy Language Guide.

    *
    • *
  • diff --git a/clients/client-verifiedpermissions/src/commands/ListPolicyStoresCommand.ts b/clients/client-verifiedpermissions/src/commands/ListPolicyStoresCommand.ts index f4729472b133..e0677c20dbd8 100644 --- a/clients/client-verifiedpermissions/src/commands/ListPolicyStoresCommand.ts +++ b/clients/client-verifiedpermissions/src/commands/ListPolicyStoresCommand.ts @@ -127,7 +127,7 @@ export interface ListPolicyStoresCommandOutput extends ListPolicyStoresOutput, _ *

    *

    The policy attempts to access a record or entity attribute that isn't * specified in the schema. Test for the existence of the attribute first before - * attempting to access its value. For more information, see the has (presence of attribute test) operator in the + * attempting to access its value. For more information, see the has (presence of attribute test) operator in the * Cedar Policy Language Guide.

    *
    • *
  • @@ -137,7 +137,7 @@ export interface ListPolicyStoresCommandOutput extends ListPolicyStoresOutput, _ *

    The policy attempts to access a record or entity attribute that is optional * and isn't guaranteed to be present. Test for the existence of the attribute * first before attempting to access its value. For more information, see the - * has (presence of attribute test) operator in the + * has (presence of attribute test) operator in the * Cedar Policy Language Guide.

    *
    • *
  • diff --git a/clients/client-verifiedpermissions/src/commands/ListPolicyTemplatesCommand.ts b/clients/client-verifiedpermissions/src/commands/ListPolicyTemplatesCommand.ts index fec0f6d4218c..9b2ea36b6072 100644 --- a/clients/client-verifiedpermissions/src/commands/ListPolicyTemplatesCommand.ts +++ b/clients/client-verifiedpermissions/src/commands/ListPolicyTemplatesCommand.ts @@ -133,7 +133,7 @@ export interface ListPolicyTemplatesCommandOutput extends ListPolicyTemplatesOut *

    *

    The policy attempts to access a record or entity attribute that isn't * specified in the schema. Test for the existence of the attribute first before - * attempting to access its value. For more information, see the has (presence of attribute test) operator in the + * attempting to access its value. For more information, see the has (presence of attribute test) operator in the * Cedar Policy Language Guide.

    *
    • *
  • @@ -143,7 +143,7 @@ export interface ListPolicyTemplatesCommandOutput extends ListPolicyTemplatesOut *

    The policy attempts to access a record or entity attribute that is optional * and isn't guaranteed to be present. Test for the existence of the attribute * first before attempting to access its value. For more information, see the - * has (presence of attribute test) operator in the + * has (presence of attribute test) operator in the * Cedar Policy Language Guide.

    *
    • *
  • diff --git a/clients/client-verifiedpermissions/src/commands/PutSchemaCommand.ts b/clients/client-verifiedpermissions/src/commands/PutSchemaCommand.ts index 4c4365d4e356..c03d3c2b7eb0 100644 --- a/clients/client-verifiedpermissions/src/commands/PutSchemaCommand.ts +++ b/clients/client-verifiedpermissions/src/commands/PutSchemaCommand.ts @@ -141,7 +141,7 @@ export interface PutSchemaCommandOutput extends PutSchemaOutput, __MetadataBeare *

    *

    The policy attempts to access a record or entity attribute that isn't * specified in the schema. Test for the existence of the attribute first before - * attempting to access its value. For more information, see the has (presence of attribute test) operator in the + * attempting to access its value. For more information, see the has (presence of attribute test) operator in the * Cedar Policy Language Guide.

    *
    • *
  • @@ -151,7 +151,7 @@ export interface PutSchemaCommandOutput extends PutSchemaOutput, __MetadataBeare *

    The policy attempts to access a record or entity attribute that is optional * and isn't guaranteed to be present. Test for the existence of the attribute * first before attempting to access its value. For more information, see the - * has (presence of attribute test) operator in the + * has (presence of attribute test) operator in the * Cedar Policy Language Guide.

    *
    • *
  • diff --git a/clients/client-verifiedpermissions/src/commands/UpdateIdentitySourceCommand.ts b/clients/client-verifiedpermissions/src/commands/UpdateIdentitySourceCommand.ts index 1b84ba9ccdb9..15a3bf25edd0 100644 --- a/clients/client-verifiedpermissions/src/commands/UpdateIdentitySourceCommand.ts +++ b/clients/client-verifiedpermissions/src/commands/UpdateIdentitySourceCommand.ts @@ -140,7 +140,7 @@ export interface UpdateIdentitySourceCommandOutput extends UpdateIdentitySourceO *

    *

    The policy attempts to access a record or entity attribute that isn't * specified in the schema. Test for the existence of the attribute first before - * attempting to access its value. For more information, see the has (presence of attribute test) operator in the + * attempting to access its value. For more information, see the has (presence of attribute test) operator in the * Cedar Policy Language Guide.

    *
    • *
  • @@ -150,7 +150,7 @@ export interface UpdateIdentitySourceCommandOutput extends UpdateIdentitySourceO *

    The policy attempts to access a record or entity attribute that is optional * and isn't guaranteed to be present. Test for the existence of the attribute * first before attempting to access its value. For more information, see the - * has (presence of attribute test) operator in the + * has (presence of attribute test) operator in the * Cedar Policy Language Guide.

    *
    • *
  • diff --git a/clients/client-verifiedpermissions/src/commands/UpdatePolicyCommand.ts b/clients/client-verifiedpermissions/src/commands/UpdatePolicyCommand.ts index 07b259b5ed8b..900229aa1478 100644 --- a/clients/client-verifiedpermissions/src/commands/UpdatePolicyCommand.ts +++ b/clients/client-verifiedpermissions/src/commands/UpdatePolicyCommand.ts @@ -155,7 +155,7 @@ export interface UpdatePolicyCommandOutput extends UpdatePolicyOutput, __Metadat *

    *

    The policy attempts to access a record or entity attribute that isn't * specified in the schema. Test for the existence of the attribute first before - * attempting to access its value. For more information, see the has (presence of attribute test) operator in the + * attempting to access its value. For more information, see the has (presence of attribute test) operator in the * Cedar Policy Language Guide.

    *
    • *
  • @@ -165,7 +165,7 @@ export interface UpdatePolicyCommandOutput extends UpdatePolicyOutput, __Metadat *

    The policy attempts to access a record or entity attribute that is optional * and isn't guaranteed to be present. Test for the existence of the attribute * first before attempting to access its value. For more information, see the - * has (presence of attribute test) operator in the + * has (presence of attribute test) operator in the * Cedar Policy Language Guide.

    *
    • *
  • diff --git a/clients/client-verifiedpermissions/src/commands/UpdatePolicyStoreCommand.ts b/clients/client-verifiedpermissions/src/commands/UpdatePolicyStoreCommand.ts index 619f644db726..23e02e1a26cc 100644 --- a/clients/client-verifiedpermissions/src/commands/UpdatePolicyStoreCommand.ts +++ b/clients/client-verifiedpermissions/src/commands/UpdatePolicyStoreCommand.ts @@ -132,7 +132,7 @@ export interface UpdatePolicyStoreCommandOutput extends UpdatePolicyStoreOutput, *

    *

    The policy attempts to access a record or entity attribute that isn't * specified in the schema. Test for the existence of the attribute first before - * attempting to access its value. For more information, see the has (presence of attribute test) operator in the + * attempting to access its value. For more information, see the has (presence of attribute test) operator in the * Cedar Policy Language Guide.

    *
    • *
  • @@ -142,7 +142,7 @@ export interface UpdatePolicyStoreCommandOutput extends UpdatePolicyStoreOutput, *

    The policy attempts to access a record or entity attribute that is optional * and isn't guaranteed to be present. Test for the existence of the attribute * first before attempting to access its value. For more information, see the - * has (presence of attribute test) operator in the + * has (presence of attribute test) operator in the * Cedar Policy Language Guide.

    *
    • *
  • diff --git a/clients/client-verifiedpermissions/src/commands/UpdatePolicyTemplateCommand.ts b/clients/client-verifiedpermissions/src/commands/UpdatePolicyTemplateCommand.ts index 0979640aa3e6..f113a5006822 100644 --- a/clients/client-verifiedpermissions/src/commands/UpdatePolicyTemplateCommand.ts +++ b/clients/client-verifiedpermissions/src/commands/UpdatePolicyTemplateCommand.ts @@ -137,7 +137,7 @@ export interface UpdatePolicyTemplateCommandOutput extends UpdatePolicyTemplateO *

    *

    The policy attempts to access a record or entity attribute that isn't * specified in the schema. Test for the existence of the attribute first before - * attempting to access its value. For more information, see the has (presence of attribute test) operator in the + * attempting to access its value. For more information, see the has (presence of attribute test) operator in the * Cedar Policy Language Guide.

    *
    • *
  • @@ -147,7 +147,7 @@ export interface UpdatePolicyTemplateCommandOutput extends UpdatePolicyTemplateO *

    The policy attempts to access a record or entity attribute that is optional * and isn't guaranteed to be present. Test for the existence of the attribute * first before attempting to access its value. For more information, see the - * has (presence of attribute test) operator in the + * has (presence of attribute test) operator in the * Cedar Policy Language Guide.

    *
    • *
  • diff --git a/clients/client-verifiedpermissions/src/index.ts b/clients/client-verifiedpermissions/src/index.ts index 4616a7ba65f6..babcc43c5303 100644 --- a/clients/client-verifiedpermissions/src/index.ts +++ b/clients/client-verifiedpermissions/src/index.ts @@ -14,7 +14,7 @@ * control (ABAC) authorization models.

    *

    For more information about configuring, administering, and using Amazon Verified Permissions in your * applications, see the Amazon Verified Permissions User Guide.

    - *

    For more information about the Cedar policy language, see the Cedar Policy Language Guide.

    + *

    For more information about the Cedar policy language, see the Cedar Policy Language Guide.

    * *

    When you write Cedar policies that reference principals, resources and actions, * you can define the unique identifiers used for each of those elements. We strongly diff --git a/clients/client-verifiedpermissions/src/models/models_0.ts b/clients/client-verifiedpermissions/src/models/models_0.ts index 787cad9f72a9..8504fd3491cd 100644 --- a/clients/client-verifiedpermissions/src/models/models_0.ts +++ b/clients/client-verifiedpermissions/src/models/models_0.ts @@ -474,7 +474,7 @@ export interface ValidationExceptionField { *

    *

    The policy attempts to access a record or entity attribute that isn't * specified in the schema. Test for the existence of the attribute first before - * attempting to access its value. For more information, see the has (presence of attribute test) operator in the + * attempting to access its value. For more information, see the has (presence of attribute test) operator in the * Cedar Policy Language Guide.

    *
    • *
  • @@ -484,7 +484,7 @@ export interface ValidationExceptionField { *

    The policy attempts to access a record or entity attribute that is optional * and isn't guaranteed to be present. Test for the existence of the attribute * first before attempting to access its value. For more information, see the - * has (presence of attribute test) operator in the + * has (presence of attribute test) operator in the * Cedar Policy Language Guide.

    *
    • *
  • @@ -2555,7 +2555,7 @@ export type AttributeValue = */ export namespace AttributeValue { /** - *

    An attribute value of Boolean + *

    An attribute value of Boolean * type.

    *

    Example: \{"boolean": true\} *

    @@ -2587,7 +2587,7 @@ export namespace AttributeValue { } /** - *

    An attribute value of Long + *

    An attribute value of Long * type.

    *

    Example: \{"long": 0\} *

    @@ -2603,7 +2603,7 @@ export namespace AttributeValue { } /** - *

    An attribute value of String + *

    An attribute value of String * type.

    *

    Example: \{"string": "abc"\} *

    @@ -2619,7 +2619,7 @@ export namespace AttributeValue { } /** - *

    An attribute value of Set + *

    An attribute value of Set * type.

    *

    Example: \{"set": [ \{\} ] \} *

    @@ -2635,7 +2635,7 @@ export namespace AttributeValue { } /** - *

    An attribute value of Record + *

    An attribute value of Record * type.

    *

    Example: \{"record": \{ "keyName": \{\} \} \} *

    @@ -2733,19 +2733,9 @@ export namespace ContextDefinition { *

    This data type is used as one of the fields in the EntitiesDefinition * structure.

    *

    - * \{ - * "id": \{ - * "entityType": "Photo", - * "entityId": "VacationPhoto94.jpg" - * \}, - * "Attributes": \{\}, - * "Parents": [ - * \{ - * "entityType": "Album", - * "entityId": "alice_folder" - * \} - * ] - * \} + * \{ "id": \{ "entityType": "Photo", "entityId": "VacationPhoto94.jpg" \}, + * "Attributes": \{\}, "Parents": [ \{ "entityType": "Album", "entityId": "alice_folder" \} + * ] \} *

    */ export interface EntityItem { diff --git a/codegen/sdk-codegen/aws-models/verifiedpermissions.json b/codegen/sdk-codegen/aws-models/verifiedpermissions.json index 61814871cdaf..080a1ab75a65 100644 --- a/codegen/sdk-codegen/aws-models/verifiedpermissions.json +++ b/codegen/sdk-codegen/aws-models/verifiedpermissions.json @@ -65,7 +65,7 @@ "boolean": { "target": "com.amazonaws.verifiedpermissions#BooleanAttribute", "traits": { - "smithy.api#documentation": "

    An attribute value of Boolean\n type.

    \n

    Example: {\"boolean\": true}\n

    " + "smithy.api#documentation": "

    An attribute value of Boolean\n type.

    \n

    Example: {\"boolean\": true}\n

    " } }, "entityIdentifier": { @@ -77,25 +77,25 @@ "long": { "target": "com.amazonaws.verifiedpermissions#LongAttribute", "traits": { - "smithy.api#documentation": "

    An attribute value of Long\n type.

    \n

    Example: {\"long\": 0}\n

    " + "smithy.api#documentation": "

    An attribute value of Long\n type.

    \n

    Example: {\"long\": 0}\n

    " } }, "string": { "target": "com.amazonaws.verifiedpermissions#StringAttribute", "traits": { - "smithy.api#documentation": "

    An attribute value of String\n type.

    \n

    Example: {\"string\": \"abc\"}\n

    " + "smithy.api#documentation": "

    An attribute value of String\n type.

    \n

    Example: {\"string\": \"abc\"}\n

    " } }, "set": { "target": "com.amazonaws.verifiedpermissions#SetAttribute", "traits": { - "smithy.api#documentation": "

    An attribute value of Set\n type.

    \n

    Example: {\"set\": [ {} ] }\n

    " + "smithy.api#documentation": "

    An attribute value of Set\n type.

    \n

    Example: {\"set\": [ {} ] }\n

    " } }, "record": { "target": "com.amazonaws.verifiedpermissions#RecordAttribute", "traits": { - "smithy.api#documentation": "

    An attribute value of Record\n type.

    \n

    Example: {\"record\": { \"keyName\": {} } }\n

    " + "smithy.api#documentation": "

    An attribute value of Record\n type.

    \n

    Example: {\"record\": { \"keyName\": {} } }\n

    " } } }, @@ -907,7 +907,7 @@ } }, "traits": { - "smithy.api#documentation": "

    Contains information about an entity that can be referenced in a Cedar\n policy.

    \n

    This data type is used as one of the fields in the EntitiesDefinition\n structure.

    \n

    \n {\n \"id\": {\n \"entityType\": \"Photo\",\n \"entityId\": \"VacationPhoto94.jpg\"\n },\n \"Attributes\": {},\n \"Parents\": [\n {\n \"entityType\": \"Album\",\n \"entityId\": \"alice_folder\"\n }\n ]\n}\n

    " + "smithy.api#documentation": "

    Contains information about an entity that can be referenced in a Cedar\n policy.

    \n

    This data type is used as one of the fields in the EntitiesDefinition\n structure.

    \n

    \n { \"id\": { \"entityType\": \"Photo\", \"entityId\": \"VacationPhoto94.jpg\" },\n \"Attributes\": {}, \"Parents\": [ { \"entityType\": \"Album\", \"entityId\": \"alice_folder\" }\n ] }\n

    " } }, "com.amazonaws.verifiedpermissions#EntityList": { @@ -3556,7 +3556,7 @@ } }, "traits": { - "smithy.api#documentation": "

    The request failed because one or more input parameters don't satisfy their constraint\n requirements. The output is provided as a list of fields and a reason for each field that\n isn't valid.

    \n

    The possible reasons include the following:

    \n
      \n
    • \n

      \n UnrecognizedEntityType\n

      \n

      The policy includes an entity type that isn't found in the schema.

      \n
      • \n
    • \n

      \n UnrecognizedActionId\n

      \n

      The policy includes an action id that isn't found in the schema.

      \n
      • \n
    • \n

      \n InvalidActionApplication\n

      \n

      The policy includes an action that, according to the schema, doesn't support\n the specified principal and resource.

      \n
      • \n
    • \n

      \n UnexpectedType\n

      \n

      The policy included an operand that isn't a valid type for the specified\n operation.

      \n
      • \n
    • \n

      \n IncompatibleTypes\n

      \n

      The types of elements included in a set, or the types of\n expressions used in an if...then...else clause aren't compatible in\n this context.

      \n
      • \n
    • \n

      \n MissingAttribute\n

      \n

      The policy attempts to access a record or entity attribute that isn't\n specified in the schema. Test for the existence of the attribute first before\n attempting to access its value. For more information, see the has (presence of attribute test) operator in the\n Cedar Policy Language Guide.

      \n
      • \n
    • \n

      \n UnsafeOptionalAttributeAccess\n

      \n

      The policy attempts to access a record or entity attribute that is optional\n and isn't guaranteed to be present. Test for the existence of the attribute\n first before attempting to access its value. For more information, see the\n has (presence of attribute test) operator in the\n Cedar Policy Language Guide.

      \n
      • \n
    • \n

      \n ImpossiblePolicy\n

      \n

      Cedar has determined that a policy condition always evaluates to false. If\n the policy is always false, it can never apply to any query, and so it can never\n affect an authorization decision.

      \n
      • \n
    • \n

      \n WrongNumberArguments\n

      \n

      The policy references an extension type with the wrong number of\n arguments.

      \n
      • \n
    • \n

      \n FunctionArgumentValidationError\n

      \n

      Cedar couldn't parse the argument passed to an extension type. For example,\n a string that is to be parsed as an IPv4 address can contain only digits and the\n period character.

      \n
      • \n
    ", + "smithy.api#documentation": "

    The request failed because one or more input parameters don't satisfy their constraint\n requirements. The output is provided as a list of fields and a reason for each field that\n isn't valid.

    \n

    The possible reasons include the following:

    \n
      \n
    • \n

      \n UnrecognizedEntityType\n

      \n

      The policy includes an entity type that isn't found in the schema.

      \n
      • \n
    • \n

      \n UnrecognizedActionId\n

      \n

      The policy includes an action id that isn't found in the schema.

      \n
      • \n
    • \n

      \n InvalidActionApplication\n

      \n

      The policy includes an action that, according to the schema, doesn't support\n the specified principal and resource.

      \n
      • \n
    • \n

      \n UnexpectedType\n

      \n

      The policy included an operand that isn't a valid type for the specified\n operation.

      \n
      • \n
    • \n

      \n IncompatibleTypes\n

      \n

      The types of elements included in a set, or the types of\n expressions used in an if...then...else clause aren't compatible in\n this context.

      \n
      • \n
    • \n

      \n MissingAttribute\n

      \n

      The policy attempts to access a record or entity attribute that isn't\n specified in the schema. Test for the existence of the attribute first before\n attempting to access its value. For more information, see the has (presence of attribute test) operator in the\n Cedar Policy Language Guide.

      \n
      • \n
    • \n

      \n UnsafeOptionalAttributeAccess\n

      \n

      The policy attempts to access a record or entity attribute that is optional\n and isn't guaranteed to be present. Test for the existence of the attribute\n first before attempting to access its value. For more information, see the\n has (presence of attribute test) operator in the\n Cedar Policy Language Guide.

      \n
      • \n
    • \n

      \n ImpossiblePolicy\n

      \n

      Cedar has determined that a policy condition always evaluates to false. If\n the policy is always false, it can never apply to any query, and so it can never\n affect an authorization decision.

      \n
      • \n
    • \n

      \n WrongNumberArguments\n

      \n

      The policy references an extension type with the wrong number of\n arguments.

      \n
      • \n
    • \n

      \n FunctionArgumentValidationError\n

      \n

      Cedar couldn't parse the argument passed to an extension type. For example,\n a string that is to be parsed as an IPv4 address can contain only digits and the\n period character.

      \n
      • \n
    ", "smithy.api#error": "client" } }, @@ -3656,7 +3656,7 @@ }, "aws.iam#supportedPrincipalTypes": ["Root", "IAMUser", "IAMRole", "FederatedUser"], "aws.protocols#awsJson1_0": {}, - "smithy.api#documentation": "

    Amazon Verified Permissions is a permissions management service from Amazon Web Services. You can use Verified Permissions to manage\n permissions for your application, and authorize user access based on those permissions.\n Using Verified Permissions, application developers can grant access based on information about the\n users, resources, and requested actions. You can also evaluate additional information\n like group membership, attributes of the resources, and session context, such as time of\n request and IP addresses. Verified Permissions manages these permissions by letting you create and\n store authorization policies for your applications, such as consumer-facing web sites\n and enterprise business systems.

    \n

    Verified Permissions uses Cedar as the policy language to express your permission requirements.\n Cedar supports both role-based access control (RBAC) and attribute-based access\n control (ABAC) authorization models.

    \n

    For more information about configuring, administering, and using Amazon Verified Permissions in your\n applications, see the Amazon Verified Permissions User Guide.

    \n

    For more information about the Cedar policy language, see the Cedar Policy Language Guide.

    \n \n

    When you write Cedar policies that reference principals, resources and actions,\n you can define the unique identifiers used for each of those elements. We strongly\n recommend that you follow these best practices:

    \n
      \n
    • \n

      \n Use values like universally unique identifiers\n (UUIDs) for all principal and resource identifiers.\n

      \n

      For example, if user jane leaves the company, and you later\n let someone else use the name jane, then that new user\n automatically gets access to everything granted by policies that still\n reference User::\"jane\". Cedar can’t distinguish between the\n new user and the old. This applies to both principal and resource\n identifiers. Always use identifiers that are guaranteed unique and never\n reused to ensure that you don’t unintentionally grant access because of the\n presence of an old identifier in a policy.

      \n

      Where you use a UUID for an entity, we recommend that you follow it with\n the // comment specifier and the ‘friendly’ name of your entity. This helps\n to make your policies easier to understand. For example: principal ==\n User::\"a1b2c3d4-e5f6-a1b2-c3d4-EXAMPLE11111\", // alice

      \n
      • \n
    • \n

      \n Do not include personally identifying, confidential,\n or sensitive information as part of the unique identifier for your\n principals or resources. These identifiers are included in\n log entries shared in CloudTrail trails.

      \n
      • \n
    \n     \n

    Several operations return structures that appear similar, but have different purposes.\n As new functionality is added to the product, the structure used in a parameter of one\n operation might need to change in a way that wouldn't make sense for the same parameter\n in a different operation. To help you understand the purpose of each, the following\n naming convention is used for the structures:

    \n
      \n
    • \n

      Parameter type structures that end in Detail are used in\n Get operations.

      \n
      • \n
    • \n

      Parameter type structures that end in Item are used in\n List operations.

      \n
      • \n
    • \n

      Parameter type structures that use neither suffix are used in the mutating\n (create and update) operations.

      \n
      • \n
    ", + "smithy.api#documentation": "

    Amazon Verified Permissions is a permissions management service from Amazon Web Services. You can use Verified Permissions to manage\n permissions for your application, and authorize user access based on those permissions.\n Using Verified Permissions, application developers can grant access based on information about the\n users, resources, and requested actions. You can also evaluate additional information\n like group membership, attributes of the resources, and session context, such as time of\n request and IP addresses. Verified Permissions manages these permissions by letting you create and\n store authorization policies for your applications, such as consumer-facing web sites\n and enterprise business systems.

    \n

    Verified Permissions uses Cedar as the policy language to express your permission requirements.\n Cedar supports both role-based access control (RBAC) and attribute-based access\n control (ABAC) authorization models.

    \n

    For more information about configuring, administering, and using Amazon Verified Permissions in your\n applications, see the Amazon Verified Permissions User Guide.

    \n

    For more information about the Cedar policy language, see the Cedar Policy Language Guide.

    \n \n

    When you write Cedar policies that reference principals, resources and actions,\n you can define the unique identifiers used for each of those elements. We strongly\n recommend that you follow these best practices:

    \n
      \n
    • \n

      \n Use values like universally unique identifiers\n (UUIDs) for all principal and resource identifiers.\n

      \n

      For example, if user jane leaves the company, and you later\n let someone else use the name jane, then that new user\n automatically gets access to everything granted by policies that still\n reference User::\"jane\". Cedar can’t distinguish between the\n new user and the old. This applies to both principal and resource\n identifiers. Always use identifiers that are guaranteed unique and never\n reused to ensure that you don’t unintentionally grant access because of the\n presence of an old identifier in a policy.

      \n

      Where you use a UUID for an entity, we recommend that you follow it with\n the // comment specifier and the ‘friendly’ name of your entity. This helps\n to make your policies easier to understand. For example: principal ==\n User::\"a1b2c3d4-e5f6-a1b2-c3d4-EXAMPLE11111\", // alice

      \n
      • \n
    • \n

      \n Do not include personally identifying, confidential,\n or sensitive information as part of the unique identifier for your\n principals or resources. These identifiers are included in\n log entries shared in CloudTrail trails.

      \n
      • \n
    \n     \n

    Several operations return structures that appear similar, but have different purposes.\n As new functionality is added to the product, the structure used in a parameter of one\n operation might need to change in a way that wouldn't make sense for the same parameter\n in a different operation. To help you understand the purpose of each, the following\n naming convention is used for the structures:

    \n
      \n
    • \n

      Parameter type structures that end in Detail are used in\n Get operations.

      \n
      • \n
    • \n

      Parameter type structures that end in Item are used in\n List operations.

      \n
      • \n
    • \n

      Parameter type structures that use neither suffix are used in the mutating\n (create and update) operations.

      \n
      • \n
    ", "smithy.api#title": "Amazon Verified Permissions", "smithy.rules#endpointRuleSet": { "version": "1.0",