createPolicyTemplate method

Future<CreatePolicyTemplateOutput> createPolicyTemplate({
  1. required String policyStoreId,
  2. required String statement,
  3. String? clientToken,
  4. String? description,
  5. String? name,
})

Creates a policy template. A template can use placeholders for the principal and resource. A template must be instantiated into a policy by associating it with specific principals and resources to use for the placeholders. That instantiated policy can then be considered in authorization decisions. The instantiated policy works identically to any other policy, except that it is dynamically linked to the template. If the template changes, then any policies that are linked to that template are immediately updated as well.

May throw ConflictException. May throw ResourceNotFoundException. May throw ServiceQuotaExceededException.

Parameter policyStoreId : The ID of the policy store in which to create the policy template.

To specify a policy store, use its ID or alias name. When using an alias name, prefix it with policy-store-alias/. For example:

  • ID: PSEXAMPLEabcdefg111111
  • Alias name: policy-store-alias/example-policy-store
To view aliases, use ListPolicyStoreAliases.

Parameter statement : Specifies the content that you want to use for the new policy template, written in the Cedar policy language.

Parameter clientToken : Specifies a unique, case-sensitive ID that you provide to ensure the idempotency of the request. This lets you safely retry the request without accidentally performing the same operation a second time. Passing the same value to a later call to an operation requires that you also pass the same value for all other parameters. We recommend that you use a UUID type of value..

If you don't provide this value, then Amazon Web Services generates a random one for you.

If you retry the operation with the same ClientToken, but with different parameters, the retry fails with an ConflictException error.

Verified Permissions recognizes a ClientToken for eight hours. After eight hours, the next request with the same parameters performs the operation again regardless of the value of ClientToken.

Parameter description : Specifies a description for the policy template.

Parameter name : Specifies a name for the policy template that is unique among all policy templates within the policy store. You can use the name in place of the policy template ID in API operations that reference the policy template. The name must be prefixed with name/.

If you specify a name that is already associated with another policy template in the policy store, you receive a ConflictException error.

Implementation

Future<CreatePolicyTemplateOutput> createPolicyTemplate({
  required String policyStoreId,
  required String statement,
  String? clientToken,
  String? description,
  String? name,
}) async {
  final headers = <String, String>{
    'Content-Type': 'application/x-amz-json-1.0',
    'X-Amz-Target': 'VerifiedPermissions.CreatePolicyTemplate'
  };
  final jsonResponse = await _protocol.send(
    method: 'POST',
    requestUri: '/',
    exceptionFnMap: _exceptionFns,
    // TODO queryParams
    headers: headers,
    payload: {
      'policyStoreId': policyStoreId,
      'statement': statement,
      'clientToken': clientToken ?? _s.generateIdempotencyToken(),
      if (description != null) 'description': description,
      if (name != null) 'name': name,
    },
  );

  return CreatePolicyTemplateOutput.fromJson(jsonResponse.body);
}