createPolicy method

Future<CreatePolicyOutput> createPolicy({
  1. required PolicyDefinition definition,
  2. required String policyStoreId,
  3. String? clientToken,
  4. String? name,
})

Creates a Cedar policy and saves it in the specified policy store. You can create either a static policy or a policy linked to a policy template.

  • To create a static policy, provide the Cedar policy text in the StaticPolicy section of the PolicyDefinition.
  • To create a policy that is dynamically linked to a policy template, specify the policy template ID and the principal and resource to associate with this policy in the templateLinked section of the PolicyDefinition. If the policy template is ever updated, any policies linked to the policy template automatically use the updated template.

May throw ConflictException. May throw ResourceNotFoundException. May throw ServiceQuotaExceededException.

Parameter definition : A structure that specifies the policy type and content to use for the new policy. You must include either a static or a templateLinked element. The policy content must be written in the Cedar policy language.

Parameter policyStoreId : Specifies the PolicyStoreId of the policy store you want to store the policy in.

To specify a policy store, use its ID or alias name. When using an alias name, prefix it with policy-store-alias/. For example:

  • ID: PSEXAMPLEabcdefg111111
  • Alias name: policy-store-alias/example-policy-store
To view aliases, use ListPolicyStoreAliases.

Parameter clientToken : Specifies a unique, case-sensitive ID that you provide to ensure the idempotency of the request. This lets you safely retry the request without accidentally performing the same operation a second time. Passing the same value to a later call to an operation requires that you also pass the same value for all other parameters. We recommend that you use a UUID type of value..

If you don't provide this value, then Amazon Web Services generates a random one for you.

If you retry the operation with the same ClientToken, but with different parameters, the retry fails with an ConflictException error.

Verified Permissions recognizes a ClientToken for eight hours. After eight hours, the next request with the same parameters performs the operation again regardless of the value of ClientToken.

Parameter name : Specifies a name for the policy that is unique among all policies within the policy store. You can use the name in place of the policy ID in API operations that reference the policy. The name must be prefixed with name/.

If you specify a name that is already associated with another policy in the policy store, you receive a ConflictException error.

Implementation

Future<CreatePolicyOutput> createPolicy({
  required PolicyDefinition definition,
  required String policyStoreId,
  String? clientToken,
  String? name,
}) async {
  final headers = <String, String>{
    'Content-Type': 'application/x-amz-json-1.0',
    'X-Amz-Target': 'VerifiedPermissions.CreatePolicy'
  };
  final jsonResponse = await _protocol.send(
    method: 'POST',
    requestUri: '/',
    exceptionFnMap: _exceptionFns,
    // TODO queryParams
    headers: headers,
    payload: {
      'definition': definition,
      'policyStoreId': policyStoreId,
      'clientToken': clientToken ?? _s.generateIdempotencyToken(),
      if (name != null) 'name': name,
    },
  );

  return CreatePolicyOutput.fromJson(jsonResponse.body);
}