Adds Cedar JSON format support for entities and context data in authorization requests

Author: aws-sdk-dotnet-automation

generator/ServiceModels/verifiedpermissions/verifiedpermissions-2021-12-01.api.json

@@ -737,6 +737,10 @@
       "box":true,
       "sensitive":true
     },
+    "CedarJson":{
+      "type":"string",
+      "sensitive":true
+    },
     "Claim":{
       "type":"string",
       "min":1,
@@ -850,7 +854,8 @@
     "ContextDefinition":{
       "type":"structure",
       "members":{
-        "contextMap":{"shape":"ContextMap"}
+        "contextMap":{"shape":"ContextMap"},
+        "cedarJson":{"shape":"CedarJson"}
       },
       "union":true
     },
@@ -1079,7 +1084,8 @@
     "EntitiesDefinition":{
       "type":"structure",
       "members":{
-        "entityList":{"shape":"EntityList"}
+        "entityList":{"shape":"EntityList"},
+        "cedarJson":{"shape":"CedarJson"}
       },
       "union":true
     },

generator/ServiceModels/verifiedpermissions/verifiedpermissions-2021-12-01.docs.json

@@ -225,6 +225,13 @@
         "AttributeValue$boolean": "<p>An attribute value of <a href=\"https://docs.cedarpolicy.com/policies/syntax-datatypes.html#boolean\">Boolean</a> type.</p> <p>Example: <code>{\"boolean\": true}</code> </p>"
       }
     },
+    "CedarJson": {
+      "base": null,
+      "refs": {
+        "ContextDefinition$cedarJson": "<p>A Cedar JSON string representation of the context needed to successfully evaluate an authorization request.</p> <p>Example: <code>{\"cedarJson\":\"{\\\"&lt;KeyName1&gt;\\\": true, \\\"&lt;KeyName2&gt;\\\": 1234}\" }</code> </p>",
+        "EntitiesDefinition$cedarJson": "<p>A Cedar JSON string representation of the entities needed to successfully evaluate an authorization request.</p> <p>Example: <code>{\"cedarJson\": \"[{\\\"uid\\\":{\\\"type\\\":\\\"Photo\\\",\\\"id\\\":\\\"VacationPhoto94.jpg\\\"},\\\"attrs\\\":{\\\"accessLevel\\\":\\\"public\\\"},\\\"parents\\\":[]}]\"}</code> </p>"
+      }
+    },
     "Claim": {
       "base": null,
       "refs": {
@@ -323,7 +330,7 @@
       }
     },
     "ContextDefinition": {
-      "base": "<p>Contains additional details about the context of the request. Verified Permissions evaluates this information in an authorization request as part of the <code>when</code> and <code>unless</code> clauses in a policy.</p> <p>This data type is used as a request parameter for the <a href=\"https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_IsAuthorized.html\">IsAuthorized</a>, <a href=\"https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_BatchIsAuthorized.html\">BatchIsAuthorized</a>, and <a href=\"https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_IsAuthorizedWithToken.html\">IsAuthorizedWithToken</a> operations.</p> <p>Example: <code>\"context\":{\"contextMap\":{\"&lt;KeyName1&gt;\":{\"boolean\":true},\"&lt;KeyName2&gt;\":{\"long\":1234}}}</code> </p>",
+      "base": "<p>Contains additional details about the context of the request. Verified Permissions evaluates this information in an authorization request as part of the <code>when</code> and <code>unless</code> clauses in a policy.</p> <p>This data type is used as a request parameter for the <a href=\"https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_IsAuthorized.html\">IsAuthorized</a>, <a href=\"https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_BatchIsAuthorized.html\">BatchIsAuthorized</a>, and <a href=\"https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_IsAuthorizedWithToken.html\">IsAuthorizedWithToken</a> operations.</p> <p>If you're passing context as part of the request, exactly one instance of <code>context</code> must be passed. If you don't want to pass context, omit the <code>context</code> parameter from your request rather than sending <code>context {}</code>.</p> <p>Example: <code>\"context\":{\"contextMap\":{\"&lt;KeyName1&gt;\":{\"boolean\":true},\"&lt;KeyName2&gt;\":{\"long\":1234}}}</code> </p>",
       "refs": {
         "BatchIsAuthorizedInputItem$context": "<p>Specifies additional context that can be used to make more granular authorization decisions.</p>",
         "BatchIsAuthorizedWithTokenInputItem$context": "<p>Specifies additional context that can be used to make more granular authorization decisions.</p>",
@@ -524,7 +531,7 @@
     "EntityList": {
       "base": null,
       "refs": {
-        "EntitiesDefinition$entityList": "<p>An array of entities that are needed to successfully evaluate an authorization request. Each entity in this array must include an identifier for the entity, the attributes of the entity, and a list of any parent entities.</p>"
+        "EntitiesDefinition$entityList": "<p>An array of entities that are needed to successfully evaluate an authorization request. Each entity in this array must include an identifier for the entity, the attributes of the entity, and a list of any parent entities.</p> <note> <p>If you include multiple entities with the same <code>identifier</code>, only the last one is processed in the request.</p> </note>"
       }
     },
     "EntityReference": {

generator/ServiceModels/verifiedpermissions/verifiedpermissions-2021-12-01.normal.json

@@ -927,6 +927,10 @@
       "box":true,
       "sensitive":true
     },
+    "CedarJson":{
+      "type":"string",
+      "sensitive":true
+    },
     "Claim":{
       "type":"string",
       "min":1,
@@ -1116,9 +1120,13 @@
         "contextMap":{
           "shape":"ContextMap",
           "documentation":"<p>An list of attributes that are needed to successfully evaluate an authorization request. Each attribute in this array must include a map of a data type and its value.</p> <p>Example: <code>\"contextMap\":{\"&lt;KeyName1&gt;\":{\"boolean\":true},\"&lt;KeyName2&gt;\":{\"long\":1234}}</code> </p>"
+        },
+        "cedarJson":{
+          "shape":"CedarJson",
+          "documentation":"<p>A Cedar JSON string representation of the context needed to successfully evaluate an authorization request.</p> <p>Example: <code>{\"cedarJson\":\"{\\\"&lt;KeyName1&gt;\\\": true, \\\"&lt;KeyName2&gt;\\\": 1234}\" }</code> </p>"
         }
       },
-      "documentation":"<p>Contains additional details about the context of the request. Verified Permissions evaluates this information in an authorization request as part of the <code>when</code> and <code>unless</code> clauses in a policy.</p> <p>This data type is used as a request parameter for the <a href=\"https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_IsAuthorized.html\">IsAuthorized</a>, <a href=\"https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_BatchIsAuthorized.html\">BatchIsAuthorized</a>, and <a href=\"https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_IsAuthorizedWithToken.html\">IsAuthorizedWithToken</a> operations.</p> <p>Example: <code>\"context\":{\"contextMap\":{\"&lt;KeyName1&gt;\":{\"boolean\":true},\"&lt;KeyName2&gt;\":{\"long\":1234}}}</code> </p>",
+      "documentation":"<p>Contains additional details about the context of the request. Verified Permissions evaluates this information in an authorization request as part of the <code>when</code> and <code>unless</code> clauses in a policy.</p> <p>This data type is used as a request parameter for the <a href=\"https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_IsAuthorized.html\">IsAuthorized</a>, <a href=\"https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_BatchIsAuthorized.html\">BatchIsAuthorized</a>, and <a href=\"https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_IsAuthorizedWithToken.html\">IsAuthorizedWithToken</a> operations.</p> <p>If you're passing context as part of the request, exactly one instance of <code>context</code> must be passed. If you don't want to pass context, omit the <code>context</code> parameter from your request rather than sending <code>context {}</code>.</p> <p>Example: <code>\"context\":{\"contextMap\":{\"&lt;KeyName1&gt;\":{\"boolean\":true},\"&lt;KeyName2&gt;\":{\"long\":1234}}}</code> </p>",
       "union":true
     },
     "ContextMap":{
@@ -1470,7 +1478,11 @@
       "members":{
         "entityList":{
           "shape":"EntityList",
-          "documentation":"<p>An array of entities that are needed to successfully evaluate an authorization request. Each entity in this array must include an identifier for the entity, the attributes of the entity, and a list of any parent entities.</p>"
+          "documentation":"<p>An array of entities that are needed to successfully evaluate an authorization request. Each entity in this array must include an identifier for the entity, the attributes of the entity, and a list of any parent entities.</p> <note> <p>If you include multiple entities with the same <code>identifier</code>, only the last one is processed in the request.</p> </note>"
+        },
+        "cedarJson":{
+          "shape":"CedarJson",
+          "documentation":"<p>A Cedar JSON string representation of the entities needed to successfully evaluate an authorization request.</p> <p>Example: <code>{\"cedarJson\": \"[{\\\"uid\\\":{\\\"type\\\":\\\"Photo\\\",\\\"id\\\":\\\"VacationPhoto94.jpg\\\"},\\\"attrs\\\":{\\\"accessLevel\\\":\\\"public\\\"},\\\"parents\\\":[]}]\"}</code> </p>"
         }
       },
       "documentation":"<p>Contains the list of entities to be considered during an authorization request. This includes all principals, resources, and actions required to successfully evaluate the request.</p> <p>This data type is used as a field in the response parameter for the <a href=\"https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_IsAuthorized.html\">IsAuthorized</a> and <a href=\"https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_IsAuthorizedWithToken.html\">IsAuthorizedWithToken</a> operations.</p>",

sdk/src/Services/VerifiedPermissions/Generated/Model/ContextDefinition.cs

@@ -43,14 +43,46 @@ namespace Amazon.VerifiedPermissions.Model
     /// </para>
     ///  
     /// <para>
+    /// If you're passing context as part of the request, exactly one instance of <c>context</c>
+    /// must be passed. If you don't want to pass context, omit the <c>context</c> parameter
+    /// from your request rather than sending <c>context {}</c>.
+    /// </para>
+    ///  
+    /// <para>
     /// Example: <c>"context":{"contextMap":{"&lt;KeyName1&gt;":{"boolean":true},"&lt;KeyName2&gt;":{"long":1234}}}</c>
     /// 
     /// </para>
     /// </summary>
     public partial class ContextDefinition
     {
+        private string _cedarJson;
         private Dictionary<string, AttributeValue> _contextMap = AWSConfigs.InitializeCollections ? new Dictionary<string, AttributeValue>() : null;
 
+        /// <summary>
+        /// Gets and sets the property CedarJson. 
+        /// <para>
+        /// A Cedar JSON string representation of the context needed to successfully evaluate
+        /// an authorization request.
+        /// </para>
+        ///  
+        /// <para>
+        /// Example: <c>{"cedarJson":"{\"&lt;KeyName1&gt;\": true, \"&lt;KeyName2&gt;\": 1234}"
+        /// }</c> 
+        /// </para>
+        /// </summary>
+        [AWSProperty(Sensitive=true)]
+        public string CedarJson
+        {
+            get { return this._cedarJson; }
+            set { this._cedarJson = value; }
+        }
+
+        // Check to see if CedarJson property is set
+        internal bool IsSetCedarJson()
+        {
+            return this._cedarJson != null;
+        }
+
         /// <summary>
         /// Gets and sets the property ContextMap. 
         /// <para>

sdk/src/Services/VerifiedPermissions/Generated/Model/EntitiesDefinition.cs

@@ -43,15 +43,47 @@ namespace Amazon.VerifiedPermissions.Model
     /// </summary>
     public partial class EntitiesDefinition
     {
+        private string _cedarJson;
         private List<EntityItem> _entityList = AWSConfigs.InitializeCollections ? new List<EntityItem>() : null;
 
+        /// <summary>
+        /// Gets and sets the property CedarJson. 
+        /// <para>
+        /// A Cedar JSON string representation of the entities needed to successfully evaluate
+        /// an authorization request.
+        /// </para>
+        ///  
+        /// <para>
+        /// Example: <c>{"cedarJson": "[{\"uid\":{\"type\":\"Photo\",\"id\":\"VacationPhoto94.jpg\"},\"attrs\":{\"accessLevel\":\"public\"},\"parents\":[]}]"}</c>
+        /// 
+        /// </para>
+        /// </summary>
+        [AWSProperty(Sensitive=true)]
+        public string CedarJson
+        {
+            get { return this._cedarJson; }
+            set { this._cedarJson = value; }
+        }
+
+        // Check to see if CedarJson property is set
+        internal bool IsSetCedarJson()
+        {
+            return this._cedarJson != null;
+        }
+
         /// <summary>
         /// Gets and sets the property EntityList. 
         /// <para>
         /// An array of entities that are needed to successfully evaluate an authorization request.
         /// Each entity in this array must include an identifier for the entity, the attributes
         /// of the entity, and a list of any parent entities.
         /// </para>
+        ///  <note> 
+        /// <para>
+        /// If you include multiple entities with the same <c>identifier</c>, only the last one
+        /// is processed in the request.
+        /// </para>
+        ///  </note>
         /// </summary>
         public List<EntityItem> EntityList
         {

sdk/src/Services/VerifiedPermissions/Generated/Model/Internal/MarshallTransformations/ContextDefinitionMarshaller.cs

@@ -48,6 +48,12 @@ public void Marshall(ContextDefinition requestObject, JsonMarshallerContext cont
         {
             if(requestObject == null)
                 return;
+            if(requestObject.IsSetCedarJson())
+            {
+                context.Writer.WritePropertyName("cedarJson");
+                context.Writer.Write(requestObject.CedarJson);
+            }
+
             if(requestObject.IsSetContextMap())
             {
                 context.Writer.WritePropertyName("contextMap");

sdk/src/Services/VerifiedPermissions/Generated/Model/Internal/MarshallTransformations/ContextDefinitionUnmarshaller.cs

@@ -66,6 +66,12 @@ public ContextDefinition Unmarshall(JsonUnmarshallerContext context)
             int targetDepth = context.CurrentDepth;
             while (context.ReadAtDepth(targetDepth))
             {
+                if (context.TestExpression("cedarJson", targetDepth))
+                {
+                    var unmarshaller = StringUnmarshaller.Instance;
+                    unmarshalledObject.CedarJson = unmarshaller.Unmarshall(context);
+                    continue;
+                }
                 if (context.TestExpression("contextMap", targetDepth))
                 {
                     var unmarshaller = new DictionaryUnmarshaller<string, AttributeValue, StringUnmarshaller, AttributeValueUnmarshaller>(StringUnmarshaller.Instance, AttributeValueUnmarshaller.Instance);

sdk/src/Services/VerifiedPermissions/Generated/Model/Internal/MarshallTransformations/EntitiesDefinitionMarshaller.cs

@@ -48,6 +48,12 @@ public void Marshall(EntitiesDefinition requestObject, JsonMarshallerContext con
         {
             if(requestObject == null)
                 return;
+            if(requestObject.IsSetCedarJson())
+            {
+                context.Writer.WritePropertyName("cedarJson");
+                context.Writer.Write(requestObject.CedarJson);
+            }
+
             if(requestObject.IsSetEntityList())
             {
                 context.Writer.WritePropertyName("entityList");