VerifiedPermissions / Client / get_policy

get_policy

VerifiedPermissions.Client.get_policy(**kwargs)

Retrieves information about the specified policy.

See also: AWS API Documentation

Request Syntax

response = client.get_policy(
    policyStoreId='string',
    policyId='string'
)
Parameters:

  • policyStoreId (string) –

    [REQUIRED]

    Specifies the ID of the policy store that contains the policy that you want information about.

  • policyId (string) –

    [REQUIRED]

    Specifies the ID of the policy you want information about.

Return type:

dict

Returns:

Response Syntax

{
    'policyStoreId': 'string',
    'policyId': 'string',
    'policyType': 'STATIC'|'TEMPLATE_LINKED',
    'principal': {
        'entityType': 'string',
        'entityId': 'string'
    },
    'resource': {
        'entityType': 'string',
        'entityId': 'string'
    },
    'actions': [
        {
            'actionType': 'string',
            'actionId': 'string'
        },
    ],
    'definition': {
        'static': {
            'description': 'string',
            'statement': 'string'
        },
        'templateLinked': {
            'policyTemplateId': 'string',
            'principal': {
                'entityType': 'string',
                'entityId': 'string'
            },
            'resource': {
                'entityType': 'string',
                'entityId': 'string'
            }
        }
    },
    'createdDate': datetime(2015, 1, 1),
    'lastUpdatedDate': datetime(2015, 1, 1),
    'effect': 'Permit'|'Forbid'
}

Response Structure

  • (dict) –

    • policyStoreId (string) –

      The ID of the policy store that contains the policy that you want information about.

    • policyId (string) –

      The unique ID of the policy that you want information about.

    • policyType (string) –

      The type of the policy.

    • principal (dict) –

      The principal specified in the policy’s scope. This element isn’t included in the response when Principal isn’t present in the policy content.

      • entityType (string) –

        The type of an entity.

        Example: "entityType":"typeName"

      • entityId (string) –

        The identifier of an entity.

        "entityId":"identifier"

    • resource (dict) –

      The resource specified in the policy’s scope. This element isn’t included in the response when Resource isn’t present in the policy content.

      • entityType (string) –

        The type of an entity.

        Example: "entityType":"typeName"

      • entityId (string) –

        The identifier of an entity.

        "entityId":"identifier"

    • actions (list) –

      The action that a policy permits or forbids. For example, {"actions": [{"actionId": "ViewPhoto", "actionType": "PhotoFlash::Action"}, {"entityID": "SharePhoto", "entityType": "PhotoFlash::Action"}]}.

      • (dict) –

        Contains information about an action for a request for which an authorization decision is made.

        This data type is used as a request parameter to the IsAuthorized, BatchIsAuthorized, and IsAuthorizedWithToken operations.

        Example: { "actionId": "<action name>", "actionType": "Action" }

        • actionType (string) –

          The type of an action.

        • actionId (string) –

          The ID of an action.

    • definition (dict) –

      The definition of the requested policy.

      Note

      This is a Tagged Union structure. Only one of the following top level keys will be set: static, templateLinked. If a client receives an unknown member it will set SDK_UNKNOWN_MEMBER as the top level key, which maps to the name or tag of the unknown member. The structure of SDK_UNKNOWN_MEMBER is as follows:

      'SDK_UNKNOWN_MEMBER': {'name': 'UnknownMemberName'}

      • static (dict) –

        Information about a static policy that wasn’t created with a policy template.

        • description (string) –

          A description of the static policy.

        • statement (string) –

          The content of the static policy written in the Cedar policy language.

      • templateLinked (dict) –

        Information about a template-linked policy that was created by instantiating a policy template.

        • policyTemplateId (string) –

          The unique identifier of the policy template used to create this policy.

        • principal (dict) –

          The principal associated with this template-linked policy. Verified Permissions substitutes this principal for the ?principal placeholder in the policy template when it evaluates an authorization request.

          • entityType (string) –

            The type of an entity.

            Example: "entityType":"typeName"

          • entityId (string) –

            The identifier of an entity.

            "entityId":"identifier"

        • resource (dict) –

          The resource associated with this template-linked policy. Verified Permissions substitutes this resource for the ?resource placeholder in the policy template when it evaluates an authorization request.

          • entityType (string) –

            The type of an entity.

            Example: "entityType":"typeName"

          • entityId (string) –

            The identifier of an entity.

            "entityId":"identifier"

    • createdDate (datetime) –

      The date and time that the policy was originally created.

    • lastUpdatedDate (datetime) –

      The date and time that the policy was last updated.

    • effect (string) –

      The effect of the decision that a policy returns to an authorization request. For example, "effect": "Permit".

Exceptions

  • VerifiedPermissions.Client.exceptions.ValidationException

  • VerifiedPermissions.Client.exceptions.AccessDeniedException

  • VerifiedPermissions.Client.exceptions.ResourceNotFoundException

  • VerifiedPermissions.Client.exceptions.ThrottlingException

  • VerifiedPermissions.Client.exceptions.InternalServerException