VerifiedPermissions / Client / create_policy_store
create_policy_store#
- VerifiedPermissions.Client.create_policy_store(**kwargs)#
Creates a policy store. A policy store is a container for policy resources.
Note
Although Cedar supports multiple namespaces, Verified Permissions currently supports only one namespace per policy store.
Note
Verified Permissions is eventually consistent . It can take a few seconds for a new or changed element to be propagate through the service and be visible in the results of other Verified Permissions operations.
See also: AWS API Documentation
Request Syntax
response = client.create_policy_store( clientToken='string', validationSettings={ 'mode': 'OFF'|'STRICT' } )
- Parameters:
clientToken (string) –
Specifies a unique, case-sensitive ID that you provide to ensure the idempotency of the request. This lets you safely retry the request without accidentally performing the same operation a second time. Passing the same value to a later call to an operation requires that you also pass the same value for all other parameters. We recommend that you use a UUID type of value..
If you don’t provide this value, then Amazon Web Services generates a random one for you.
If you retry the operation with the same
ClientToken
, but with different parameters, the retry fails with anIdempotentParameterMismatch
error.This field is autopopulated if not provided.
validationSettings (dict) –
[REQUIRED]
Specifies the validation setting for this policy store.
Currently, the only valid and required value is
Mode
.Warning
We recommend that you turn on
STRICT
mode only after you define a schema. If a schema doesn’t exist, thenSTRICT
mode causes any policy to fail validation, and Verified Permissions rejects the policy. You can turn off validation by using the UpdatePolicyStore. Then, when you have a schema defined, use UpdatePolicyStore again to turn validation back on.mode (string) – [REQUIRED]
The validation mode currently configured for this policy store. The valid values are:
OFF – Neither Verified Permissions nor Cedar perform any validation on policies. No validation errors are reported by either service.
STRICT – Requires a schema to be present in the policy store. Cedar performs validation on all submitted new or updated static policies and policy templates. Any that fail validation are rejected and Cedar doesn’t store them in the policy store.
Warning
If
Mode=STRICT
and the policy store doesn’t contain a schema, Verified Permissions rejects all static policies and policy templates because there is no schema to validate against.To submit a static policy or policy template without a schema, you must turn off validation.
- Return type:
dict
- Returns:
Response Syntax
{ 'policyStoreId': 'string', 'arn': 'string', 'createdDate': datetime(2015, 1, 1), 'lastUpdatedDate': datetime(2015, 1, 1) }
Response Structure
(dict) –
policyStoreId (string) –
The unique ID of the new policy store.
arn (string) –
The Amazon Resource Name (ARN) of the new policy store.
createdDate (datetime) –
The date and time the policy store was originally created.
lastUpdatedDate (datetime) –
The date and time the policy store was last updated.
Exceptions
VerifiedPermissions.Client.exceptions.ValidationException
VerifiedPermissions.Client.exceptions.ServiceQuotaExceededException
VerifiedPermissions.Client.exceptions.ConflictException
VerifiedPermissions.Client.exceptions.AccessDeniedException
VerifiedPermissions.Client.exceptions.ThrottlingException
VerifiedPermissions.Client.exceptions.InternalServerException