1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240

// Code generated by software.amazon.smithy.rust.codegen.smithy-rs. DO NOT EDIT.
pub use crate::operation::is_authorized_with_token::_is_authorized_with_token_output::IsAuthorizedWithTokenOutputBuilder;

pub use crate::operation::is_authorized_with_token::_is_authorized_with_token_input::IsAuthorizedWithTokenInputBuilder;

impl IsAuthorizedWithTokenInputBuilder {
    /// Sends a request with this input using the given client.
    pub async fn send_with(
        self,
        client: &crate::Client,
    ) -> ::std::result::Result<
        crate::operation::is_authorized_with_token::IsAuthorizedWithTokenOutput,
        ::aws_smithy_runtime_api::client::result::SdkError<
            crate::operation::is_authorized_with_token::IsAuthorizedWithTokenError,
            ::aws_smithy_runtime_api::client::orchestrator::HttpResponse,
        >,
    > {
        let mut fluent_builder = client.is_authorized_with_token();
        fluent_builder.inner = self;
        fluent_builder.send().await
    }
}
/// Fluent builder constructing a request to `IsAuthorizedWithToken`.
///
/// <p>Makes an authorization decision about a service request described in the parameters. The principal in this request comes from an external identity source in the form of an identity token formatted as a <a href="https://wikipedia.org/wiki/JSON_Web_Token">JSON web token (JWT)</a>. The information in the parameters can also define additional context that Verified Permissions can include in the evaluation. The request is evaluated against all matching policies in the specified policy store. The result of the decision is either <code>Allow</code> or <code>Deny</code>, along with a list of the policies that resulted in the decision.</p><important>
/// <p>If you specify the <code>identityToken</code> parameter, then this operation derives the principal from that token. You must not also include that principal in the <code>entities</code> parameter or the operation fails and reports a conflict between the two entity sources.</p>
/// <p>If you provide only an <code>accessToken</code>, then you can include the entity as part of the <code>entities</code> parameter to provide additional attributes.</p>
/// </important>
/// <p>At this time, Verified Permissions accepts tokens from only Amazon Cognito.</p>
/// <p>Verified Permissions validates each token that is specified in a request by checking its expiration date and its signature.</p><important>
/// <p>If you delete a Amazon Cognito user pool or user, tokens from that deleted pool or that deleted user continue to be usable until they expire.</p>
/// </important>
#[derive(::std::clone::Clone, ::std::fmt::Debug)]
pub struct IsAuthorizedWithTokenFluentBuilder {
    handle: ::std::sync::Arc<crate::client::Handle>,
    inner: crate::operation::is_authorized_with_token::builders::IsAuthorizedWithTokenInputBuilder,
    config_override: ::std::option::Option<crate::config::Builder>,
}
impl
    crate::client::customize::internal::CustomizableSend<
        crate::operation::is_authorized_with_token::IsAuthorizedWithTokenOutput,
        crate::operation::is_authorized_with_token::IsAuthorizedWithTokenError,
    > for IsAuthorizedWithTokenFluentBuilder
{
    fn send(
        self,
        config_override: crate::config::Builder,
    ) -> crate::client::customize::internal::BoxFuture<
        crate::client::customize::internal::SendResult<
            crate::operation::is_authorized_with_token::IsAuthorizedWithTokenOutput,
            crate::operation::is_authorized_with_token::IsAuthorizedWithTokenError,
        >,
    > {
        ::std::boxed::Box::pin(async move { self.config_override(config_override).send().await })
    }
}
impl IsAuthorizedWithTokenFluentBuilder {
    /// Creates a new `IsAuthorizedWithToken`.
    pub(crate) fn new(handle: ::std::sync::Arc<crate::client::Handle>) -> Self {
        Self {
            handle,
            inner: ::std::default::Default::default(),
            config_override: ::std::option::Option::None,
        }
    }
    /// Access the IsAuthorizedWithToken as a reference.
    pub fn as_input(&self) -> &crate::operation::is_authorized_with_token::builders::IsAuthorizedWithTokenInputBuilder {
        &self.inner
    }
    /// Sends the request and returns the response.
    ///
    /// If an error occurs, an `SdkError` will be returned with additional details that
    /// can be matched against.
    ///
    /// By default, any retryable failures will be retried twice. Retry behavior
    /// is configurable with the [RetryConfig](aws_smithy_types::retry::RetryConfig), which can be
    /// set when configuring the client.
    pub async fn send(
        self,
    ) -> ::std::result::Result<
        crate::operation::is_authorized_with_token::IsAuthorizedWithTokenOutput,
        ::aws_smithy_runtime_api::client::result::SdkError<
            crate::operation::is_authorized_with_token::IsAuthorizedWithTokenError,
            ::aws_smithy_runtime_api::client::orchestrator::HttpResponse,
        >,
    > {
        let input = self
            .inner
            .build()
            .map_err(::aws_smithy_runtime_api::client::result::SdkError::construction_failure)?;
        let runtime_plugins = crate::operation::is_authorized_with_token::IsAuthorizedWithToken::operation_runtime_plugins(
            self.handle.runtime_plugins.clone(),
            &self.handle.conf,
            self.config_override,
        );
        crate::operation::is_authorized_with_token::IsAuthorizedWithToken::orchestrate(&runtime_plugins, input).await
    }

    /// Consumes this builder, creating a customizable operation that can be modified before being sent.
    pub fn customize(
        self,
    ) -> crate::client::customize::CustomizableOperation<
        crate::operation::is_authorized_with_token::IsAuthorizedWithTokenOutput,
        crate::operation::is_authorized_with_token::IsAuthorizedWithTokenError,
        Self,
    > {
        crate::client::customize::CustomizableOperation::new(self)
    }
    pub(crate) fn config_override(mut self, config_override: impl Into<crate::config::Builder>) -> Self {
        self.set_config_override(Some(config_override.into()));
        self
    }

    pub(crate) fn set_config_override(&mut self, config_override: Option<crate::config::Builder>) -> &mut Self {
        self.config_override = config_override;
        self
    }
    /// <p>Specifies the ID of the policy store. Policies in this policy store will be used to make an authorization decision for the input.</p>
    pub fn policy_store_id(mut self, input: impl ::std::convert::Into<::std::string::String>) -> Self {
        self.inner = self.inner.policy_store_id(input.into());
        self
    }
    /// <p>Specifies the ID of the policy store. Policies in this policy store will be used to make an authorization decision for the input.</p>
    pub fn set_policy_store_id(mut self, input: ::std::option::Option<::std::string::String>) -> Self {
        self.inner = self.inner.set_policy_store_id(input);
        self
    }
    /// <p>Specifies the ID of the policy store. Policies in this policy store will be used to make an authorization decision for the input.</p>
    pub fn get_policy_store_id(&self) -> &::std::option::Option<::std::string::String> {
        self.inner.get_policy_store_id()
    }
    /// <p>Specifies an identity token for the principal to be authorized. This token is provided to you by the identity provider (IdP) associated with the specified identity source. You must specify either an <code>AccessToken</code> or an <code>IdentityToken</code>, or both.</p>
    pub fn identity_token(mut self, input: impl ::std::convert::Into<::std::string::String>) -> Self {
        self.inner = self.inner.identity_token(input.into());
        self
    }
    /// <p>Specifies an identity token for the principal to be authorized. This token is provided to you by the identity provider (IdP) associated with the specified identity source. You must specify either an <code>AccessToken</code> or an <code>IdentityToken</code>, or both.</p>
    pub fn set_identity_token(mut self, input: ::std::option::Option<::std::string::String>) -> Self {
        self.inner = self.inner.set_identity_token(input);
        self
    }
    /// <p>Specifies an identity token for the principal to be authorized. This token is provided to you by the identity provider (IdP) associated with the specified identity source. You must specify either an <code>AccessToken</code> or an <code>IdentityToken</code>, or both.</p>
    pub fn get_identity_token(&self) -> &::std::option::Option<::std::string::String> {
        self.inner.get_identity_token()
    }
    /// <p>Specifies an access token for the principal to be authorized. This token is provided to you by the identity provider (IdP) associated with the specified identity source. You must specify either an <code>AccessToken</code>, or an <code>IdentityToken</code>, or both.</p>
    pub fn access_token(mut self, input: impl ::std::convert::Into<::std::string::String>) -> Self {
        self.inner = self.inner.access_token(input.into());
        self
    }
    /// <p>Specifies an access token for the principal to be authorized. This token is provided to you by the identity provider (IdP) associated with the specified identity source. You must specify either an <code>AccessToken</code>, or an <code>IdentityToken</code>, or both.</p>
    pub fn set_access_token(mut self, input: ::std::option::Option<::std::string::String>) -> Self {
        self.inner = self.inner.set_access_token(input);
        self
    }
    /// <p>Specifies an access token for the principal to be authorized. This token is provided to you by the identity provider (IdP) associated with the specified identity source. You must specify either an <code>AccessToken</code>, or an <code>IdentityToken</code>, or both.</p>
    pub fn get_access_token(&self) -> &::std::option::Option<::std::string::String> {
        self.inner.get_access_token()
    }
    /// <p>Specifies the requested action to be authorized. Is the specified principal authorized to perform this action on the specified resource.</p>
    pub fn action(mut self, input: crate::types::ActionIdentifier) -> Self {
        self.inner = self.inner.action(input);
        self
    }
    /// <p>Specifies the requested action to be authorized. Is the specified principal authorized to perform this action on the specified resource.</p>
    pub fn set_action(mut self, input: ::std::option::Option<crate::types::ActionIdentifier>) -> Self {
        self.inner = self.inner.set_action(input);
        self
    }
    /// <p>Specifies the requested action to be authorized. Is the specified principal authorized to perform this action on the specified resource.</p>
    pub fn get_action(&self) -> &::std::option::Option<crate::types::ActionIdentifier> {
        self.inner.get_action()
    }
    /// <p>Specifies the resource for which the authorization decision is made. For example, is the principal allowed to perform the action on the resource?</p>
    pub fn resource(mut self, input: crate::types::EntityIdentifier) -> Self {
        self.inner = self.inner.resource(input);
        self
    }
    /// <p>Specifies the resource for which the authorization decision is made. For example, is the principal allowed to perform the action on the resource?</p>
    pub fn set_resource(mut self, input: ::std::option::Option<crate::types::EntityIdentifier>) -> Self {
        self.inner = self.inner.set_resource(input);
        self
    }
    /// <p>Specifies the resource for which the authorization decision is made. For example, is the principal allowed to perform the action on the resource?</p>
    pub fn get_resource(&self) -> &::std::option::Option<crate::types::EntityIdentifier> {
        self.inner.get_resource()
    }
    /// <p>Specifies additional context that can be used to make more granular authorization decisions.</p>
    pub fn context(mut self, input: crate::types::ContextDefinition) -> Self {
        self.inner = self.inner.context(input);
        self
    }
    /// <p>Specifies additional context that can be used to make more granular authorization decisions.</p>
    pub fn set_context(mut self, input: ::std::option::Option<crate::types::ContextDefinition>) -> Self {
        self.inner = self.inner.set_context(input);
        self
    }
    /// <p>Specifies additional context that can be used to make more granular authorization decisions.</p>
    pub fn get_context(&self) -> &::std::option::Option<crate::types::ContextDefinition> {
        self.inner.get_context()
    }
    /// <p>Specifies the list of resources and their associated attributes that Verified Permissions can examine when evaluating the policies.</p><note>
    /// <p>You can include only resource and action entities in this parameter; you can't include principals.</p>
    /// <ul>
    /// <li>
    /// <p>The <code>IsAuthorizedWithToken</code> operation takes principal attributes from <b> <i>only</i> </b> the <code>identityToken</code> or <code>accessToken</code> passed to the operation.</p></li>
    /// <li>
    /// <p>For action entities, you can include only their <code>Identifier</code> and <code>EntityType</code>.</p></li>
    /// </ul>
    /// </note>
    pub fn entities(mut self, input: crate::types::EntitiesDefinition) -> Self {
        self.inner = self.inner.entities(input);
        self
    }
    /// <p>Specifies the list of resources and their associated attributes that Verified Permissions can examine when evaluating the policies.</p><note>
    /// <p>You can include only resource and action entities in this parameter; you can't include principals.</p>
    /// <ul>
    /// <li>
    /// <p>The <code>IsAuthorizedWithToken</code> operation takes principal attributes from <b> <i>only</i> </b> the <code>identityToken</code> or <code>accessToken</code> passed to the operation.</p></li>
    /// <li>
    /// <p>For action entities, you can include only their <code>Identifier</code> and <code>EntityType</code>.</p></li>
    /// </ul>
    /// </note>
    pub fn set_entities(mut self, input: ::std::option::Option<crate::types::EntitiesDefinition>) -> Self {
        self.inner = self.inner.set_entities(input);
        self
    }
    /// <p>Specifies the list of resources and their associated attributes that Verified Permissions can examine when evaluating the policies.</p><note>
    /// <p>You can include only resource and action entities in this parameter; you can't include principals.</p>
    /// <ul>
    /// <li>
    /// <p>The <code>IsAuthorizedWithToken</code> operation takes principal attributes from <b> <i>only</i> </b> the <code>identityToken</code> or <code>accessToken</code> passed to the operation.</p></li>
    /// <li>
    /// <p>For action entities, you can include only their <code>Identifier</code> and <code>EntityType</code>.</p></li>
    /// </ul>
    /// </note>
    pub fn get_entities(&self) -> &::std::option::Option<crate::types::EntitiesDefinition> {
        self.inner.get_entities()
    }
}