VERIFIEDPERMISSIONS
BatchGetPolicy
valid {
input.Body.requests[_].policyStoreId == STRING
input.Body.requests[_].policyId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
BatchIsAuthorized
valid {
input.Body.policyStoreId == STRING
input.Body.entities.entityList[_].identifier.entityType == STRING
input.Body.entities.entityList[_].identifier.entityId == STRING
input.Body.entities.entityList[_].attributes.STRING.boolean == BOOLEAN
input.Body.entities.entityList[_].attributes.STRING.entityIdentifier.entityType == STRING
input.Body.entities.entityList[_].attributes.STRING.entityIdentifier.entityId == STRING
input.Body.entities.entityList[_].attributes.STRING.long == LONG
input.Body.entities.entityList[_].attributes.STRING.string == STRING
input.Body.entities.entityList[_].attributes.STRING.set[_] == NESTED
input.Body.entities.entityList[_].attributes.STRING.record.STRING == NESTED
input.Body.entities.entityList[_].attributes.STRING.ipaddr == STRING
input.Body.entities.entityList[_].attributes.STRING.decimal == STRING
input.Body.entities.entityList[_].parents[_].entityType == STRING
input.Body.entities.entityList[_].parents[_].entityId == STRING
input.Body.requests[_].principal.entityType == STRING
input.Body.requests[_].principal.entityId == STRING
input.Body.requests[_].action.actionType == STRING
input.Body.requests[_].action.actionId == STRING
input.Body.requests[_].resource.entityType == STRING
input.Body.requests[_].resource.entityId == STRING
input.Body.requests[_].context.contextMap.STRING.boolean == BOOLEAN
input.Body.requests[_].context.contextMap.STRING.entityIdentifier.entityType == STRING
input.Body.requests[_].context.contextMap.STRING.entityIdentifier.entityId == STRING
input.Body.requests[_].context.contextMap.STRING.long == LONG
input.Body.requests[_].context.contextMap.STRING.string == STRING
input.Body.requests[_].context.contextMap.STRING.set[_] == NESTED
input.Body.requests[_].context.contextMap.STRING.record.STRING == NESTED
input.Body.requests[_].context.contextMap.STRING.ipaddr == STRING
input.Body.requests[_].context.contextMap.STRING.decimal == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
BatchIsAuthorizedWithToken
valid {
input.Body.policyStoreId == STRING
input.Body.identityToken == STRING
input.Body.accessToken == STRING
input.Body.entities.entityList[_].identifier.entityType == STRING
input.Body.entities.entityList[_].identifier.entityId == STRING
input.Body.entities.entityList[_].attributes.STRING.boolean == BOOLEAN
input.Body.entities.entityList[_].attributes.STRING.entityIdentifier.entityType == STRING
input.Body.entities.entityList[_].attributes.STRING.entityIdentifier.entityId == STRING
input.Body.entities.entityList[_].attributes.STRING.long == LONG
input.Body.entities.entityList[_].attributes.STRING.string == STRING
input.Body.entities.entityList[_].attributes.STRING.set[_] == NESTED
input.Body.entities.entityList[_].attributes.STRING.record.STRING == NESTED
input.Body.entities.entityList[_].attributes.STRING.ipaddr == STRING
input.Body.entities.entityList[_].attributes.STRING.decimal == STRING
input.Body.entities.entityList[_].parents[_].entityType == STRING
input.Body.entities.entityList[_].parents[_].entityId == STRING
input.Body.requests[_].action.actionType == STRING
input.Body.requests[_].action.actionId == STRING
input.Body.requests[_].resource.entityType == STRING
input.Body.requests[_].resource.entityId == STRING
input.Body.requests[_].context.contextMap.STRING.boolean == BOOLEAN
input.Body.requests[_].context.contextMap.STRING.entityIdentifier.entityType == STRING
input.Body.requests[_].context.contextMap.STRING.entityIdentifier.entityId == STRING
input.Body.requests[_].context.contextMap.STRING.long == LONG
input.Body.requests[_].context.contextMap.STRING.string == STRING
input.Body.requests[_].context.contextMap.STRING.set[_] == NESTED
input.Body.requests[_].context.contextMap.STRING.record.STRING == NESTED
input.Body.requests[_].context.contextMap.STRING.ipaddr == STRING
input.Body.requests[_].context.contextMap.STRING.decimal == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
CreateIdentitySource
valid {
input.Body.clientToken == STRING
input.Body.policyStoreId == STRING
input.Body.configuration.cognitoUserPoolConfiguration.userPoolArn == STRING
input.Body.configuration.cognitoUserPoolConfiguration.clientIds[_] == STRING
input.Body.configuration.cognitoUserPoolConfiguration.groupConfiguration.groupEntityType == STRING
input.Body.configuration.openIdConnectConfiguration.issuer == STRING
input.Body.configuration.openIdConnectConfiguration.entityIdPrefix == STRING
input.Body.configuration.openIdConnectConfiguration.groupConfiguration.groupClaim == STRING
input.Body.configuration.openIdConnectConfiguration.groupConfiguration.groupEntityType == STRING
input.Body.configuration.openIdConnectConfiguration.tokenSelection.accessTokenOnly.principalIdClaim == STRING
input.Body.configuration.openIdConnectConfiguration.tokenSelection.accessTokenOnly.audiences[_] == STRING
input.Body.configuration.openIdConnectConfiguration.tokenSelection.identityTokenOnly.principalIdClaim == STRING
input.Body.configuration.openIdConnectConfiguration.tokenSelection.identityTokenOnly.clientIds[_] == STRING
input.Body.principalEntityType == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
CreatePolicy
valid {
input.Body.clientToken == STRING
input.Body.policyStoreId == STRING
input.Body.definition.static.description == STRING
input.Body.definition.static.statement == STRING
input.Body.definition.templateLinked.policyTemplateId == STRING
input.Body.definition.templateLinked.principal.entityType == STRING
input.Body.definition.templateLinked.principal.entityId == STRING
input.Body.definition.templateLinked.resource.entityType == STRING
input.Body.definition.templateLinked.resource.entityId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
CreatePolicyStore
enum_ValidationMode := [ "OFF", "STRICT" ]
valid {
input.Body.clientToken == STRING
input.Body.validationSettings.mode == enum_ValidationMode[_]
input.Body.description == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
CreatePolicyTemplate
valid {
input.Body.clientToken == STRING
input.Body.policyStoreId == STRING
input.Body.description == STRING
input.Body.statement == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DeleteIdentitySource
valid {
input.Body.policyStoreId == STRING
input.Body.identitySourceId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DeletePolicy
valid {
input.Body.policyStoreId == STRING
input.Body.policyId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DeletePolicyStore
valid {
input.Body.policyStoreId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DeletePolicyTemplate
valid {
input.Body.policyStoreId == STRING
input.Body.policyTemplateId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetIdentitySource
valid {
input.Body.policyStoreId == STRING
input.Body.identitySourceId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetPolicy
valid {
input.Body.policyStoreId == STRING
input.Body.policyId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetPolicyStore
valid {
input.Body.policyStoreId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetPolicyTemplate
valid {
input.Body.policyStoreId == STRING
input.Body.policyTemplateId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetSchema
valid {
input.Body.policyStoreId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
IsAuthorized
valid {
input.Body.policyStoreId == STRING
input.Body.principal.entityType == STRING
input.Body.principal.entityId == STRING
input.Body.action.actionType == STRING
input.Body.action.actionId == STRING
input.Body.resource.entityType == STRING
input.Body.resource.entityId == STRING
input.Body.context.contextMap.STRING.boolean == BOOLEAN
input.Body.context.contextMap.STRING.entityIdentifier.entityType == STRING
input.Body.context.contextMap.STRING.entityIdentifier.entityId == STRING
input.Body.context.contextMap.STRING.long == LONG
input.Body.context.contextMap.STRING.string == STRING
input.Body.context.contextMap.STRING.set[_] == NESTED
input.Body.context.contextMap.STRING.record.STRING == NESTED
input.Body.context.contextMap.STRING.ipaddr == STRING
input.Body.context.contextMap.STRING.decimal == STRING
input.Body.entities.entityList[_].identifier.entityType == STRING
input.Body.entities.entityList[_].identifier.entityId == STRING
input.Body.entities.entityList[_].attributes.STRING.boolean == BOOLEAN
input.Body.entities.entityList[_].attributes.STRING.entityIdentifier.entityType == STRING
input.Body.entities.entityList[_].attributes.STRING.entityIdentifier.entityId == STRING
input.Body.entities.entityList[_].attributes.STRING.long == LONG
input.Body.entities.entityList[_].attributes.STRING.string == STRING
input.Body.entities.entityList[_].attributes.STRING.set[_] == NESTED
input.Body.entities.entityList[_].attributes.STRING.record.STRING == NESTED
input.Body.entities.entityList[_].attributes.STRING.ipaddr == STRING
input.Body.entities.entityList[_].attributes.STRING.decimal == STRING
input.Body.entities.entityList[_].parents[_].entityType == STRING
input.Body.entities.entityList[_].parents[_].entityId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
IsAuthorizedWithToken
valid {
input.Body.policyStoreId == STRING
input.Body.identityToken == STRING
input.Body.accessToken == STRING
input.Body.action.actionType == STRING
input.Body.action.actionId == STRING
input.Body.resource.entityType == STRING
input.Body.resource.entityId == STRING
input.Body.context.contextMap.STRING.boolean == BOOLEAN
input.Body.context.contextMap.STRING.entityIdentifier.entityType == STRING
input.Body.context.contextMap.STRING.entityIdentifier.entityId == STRING
input.Body.context.contextMap.STRING.long == LONG
input.Body.context.contextMap.STRING.string == STRING
input.Body.context.contextMap.STRING.set[_] == NESTED
input.Body.context.contextMap.STRING.record.STRING == NESTED
input.Body.context.contextMap.STRING.ipaddr == STRING
input.Body.context.contextMap.STRING.decimal == STRING
input.Body.entities.entityList[_].identifier.entityType == STRING
input.Body.entities.entityList[_].identifier.entityId == STRING
input.Body.entities.entityList[_].attributes.STRING.boolean == BOOLEAN
input.Body.entities.entityList[_].attributes.STRING.entityIdentifier.entityType == STRING
input.Body.entities.entityList[_].attributes.STRING.entityIdentifier.entityId == STRING
input.Body.entities.entityList[_].attributes.STRING.long == LONG
input.Body.entities.entityList[_].attributes.STRING.string == STRING
input.Body.entities.entityList[_].attributes.STRING.set[_] == NESTED
input.Body.entities.entityList[_].attributes.STRING.record.STRING == NESTED
input.Body.entities.entityList[_].attributes.STRING.ipaddr == STRING
input.Body.entities.entityList[_].attributes.STRING.decimal == STRING
input.Body.entities.entityList[_].parents[_].entityType == STRING
input.Body.entities.entityList[_].parents[_].entityId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListIdentitySources
valid {
input.Body.policyStoreId == STRING
input.Body.nextToken == STRING
input.Body.maxResults == INTEGER
input.Body.filters[_].principalEntityType == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListPolicies
enum_PolicyType := [ "STATIC", "TEMPLATE_LINKED" ]
valid {
input.Body.policyStoreId == STRING
input.Body.nextToken == STRING
input.Body.maxResults == INTEGER
input.Body.filter.principal.unspecified == BOOLEAN
input.Body.filter.principal.identifier.entityType == STRING
input.Body.filter.principal.identifier.entityId == STRING
input.Body.filter.resource.unspecified == BOOLEAN
input.Body.filter.resource.identifier.entityType == STRING
input.Body.filter.resource.identifier.entityId == STRING
input.Body.filter.policyType == enum_PolicyType[_]
input.Body.filter.policyTemplateId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListPolicyStores
valid {
input.Body.nextToken == STRING
input.Body.maxResults == INTEGER
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListPolicyTemplates
valid {
input.Body.policyStoreId == STRING
input.Body.nextToken == STRING
input.Body.maxResults == INTEGER
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
PutSchema
valid {
input.Body.policyStoreId == STRING
input.Body.definition.cedarJson == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
UpdateIdentitySource
valid {
input.Body.policyStoreId == STRING
input.Body.identitySourceId == STRING
input.Body.updateConfiguration.cognitoUserPoolConfiguration.userPoolArn == STRING
input.Body.updateConfiguration.cognitoUserPoolConfiguration.clientIds[_] == STRING
input.Body.updateConfiguration.cognitoUserPoolConfiguration.groupConfiguration.groupEntityType == STRING
input.Body.updateConfiguration.openIdConnectConfiguration.issuer == STRING
input.Body.updateConfiguration.openIdConnectConfiguration.entityIdPrefix == STRING
input.Body.updateConfiguration.openIdConnectConfiguration.groupConfiguration.groupClaim == STRING
input.Body.updateConfiguration.openIdConnectConfiguration.groupConfiguration.groupEntityType == STRING
input.Body.updateConfiguration.openIdConnectConfiguration.tokenSelection.accessTokenOnly.principalIdClaim == STRING
input.Body.updateConfiguration.openIdConnectConfiguration.tokenSelection.accessTokenOnly.audiences[_] == STRING
input.Body.updateConfiguration.openIdConnectConfiguration.tokenSelection.identityTokenOnly.principalIdClaim == STRING
input.Body.updateConfiguration.openIdConnectConfiguration.tokenSelection.identityTokenOnly.clientIds[_] == STRING
input.Body.principalEntityType == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
UpdatePolicy
valid {
input.Body.policyStoreId == STRING
input.Body.policyId == STRING
input.Body.definition.static.description == STRING
input.Body.definition.static.statement == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
UpdatePolicyStore
enum_ValidationMode := [ "OFF", "STRICT" ]
valid {
input.Body.policyStoreId == STRING
input.Body.validationSettings.mode == enum_ValidationMode[_]
input.Body.description == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
UpdatePolicyTemplate
valid {
input.Body.policyStoreId == STRING
input.Body.policyTemplateId == STRING
input.Body.description == STRING
input.Body.statement == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
Updated 9 days ago