VerifiedPermissions / Client / list_policies

list_policies#

VerifiedPermissions.Client.list_policies(**kwargs)#

Returns a paginated list of all policies stored in the specified policy store.

See also: AWS API Documentation

Request Syntax

response = client.list_policies(
    policyStoreId='string',
    nextToken='string',
    maxResults=123,
    filter={
        'principal': {
            'unspecified': True|False,
            'identifier': {
                'entityType': 'string',
                'entityId': 'string'
            }
        },
        'resource': {
            'unspecified': True|False,
            'identifier': {
                'entityType': 'string',
                'entityId': 'string'
            }
        },
        'policyType': 'STATIC'|'TEMPLATE_LINKED',
        'policyTemplateId': 'string'
    }
)
Parameters:
  • policyStoreId (string) –

    [REQUIRED]

    Specifies the ID of the policy store you want to list policies from.

  • nextToken (string) – Specifies that you want to receive the next page of results. Valid only if you received a NextToken response in the previous request. If you did, it indicates that more output is available. Set this parameter to the value provided by the previous call’s NextToken response to request the next page of results.

  • maxResults (integer) –

    Specifies the total number of results that you want included in each response. If additional items exist beyond the number you specify, the NextToken response element is returned with a value (not null). Include the specified value as the NextToken request parameter in the next call to the operation to get the next set of results. Note that the service might return fewer results than the maximum even when there are more results available. You should check NextToken after every operation to ensure that you receive all of the results.

    If you do not specify this parameter, the operation defaults to 10 policies per response. You can specify a maximum of 50 policies per response.

  • filter (dict) –

    Specifies a filter that limits the response to only policies that match the specified criteria. For example, you list only the policies that reference a specified principal.

    • principal (dict) –

      Filters the output to only policies that reference the specified principal.

      Note

      This is a Tagged Union structure. Only one of the following top level keys can be set: unspecified, identifier.

      • unspecified (boolean) –

        Used to indicate that a principal or resource is not specified. This can be used to search for policies that are not associated with a specific principal or resource.

      • identifier (dict) –

        The identifier of the entity. It can consist of either an EntityType and EntityId, a principal, or a resource.

        • entityType (string) – [REQUIRED]

          The type of an entity.

          Example: "entityType":"typeName"

        • entityId (string) – [REQUIRED]

          The identifier of an entity.

          "entityId":"identifier"

    • resource (dict) –

      Filters the output to only policies that reference the specified resource.

      Note

      This is a Tagged Union structure. Only one of the following top level keys can be set: unspecified, identifier.

      • unspecified (boolean) –

        Used to indicate that a principal or resource is not specified. This can be used to search for policies that are not associated with a specific principal or resource.

      • identifier (dict) –

        The identifier of the entity. It can consist of either an EntityType and EntityId, a principal, or a resource.

        • entityType (string) – [REQUIRED]

          The type of an entity.

          Example: "entityType":"typeName"

        • entityId (string) – [REQUIRED]

          The identifier of an entity.

          "entityId":"identifier"

    • policyType (string) –

      Filters the output to only policies of the specified type.

    • policyTemplateId (string) –

      Filters the output to only template-linked policies that were instantiated from the specified policy template.

Return type:

dict

Returns:

Response Syntax

{
    'nextToken': 'string',
    'policies': [
        {
            'policyStoreId': 'string',
            'policyId': 'string',
            'policyType': 'STATIC'|'TEMPLATE_LINKED',
            'principal': {
                'entityType': 'string',
                'entityId': 'string'
            },
            'resource': {
                'entityType': 'string',
                'entityId': 'string'
            },
            'actions': [
                {
                    'actionType': 'string',
                    'actionId': 'string'
                },
            ],
            'definition': {
                'static': {
                    'description': 'string'
                },
                'templateLinked': {
                    'policyTemplateId': 'string',
                    'principal': {
                        'entityType': 'string',
                        'entityId': 'string'
                    },
                    'resource': {
                        'entityType': 'string',
                        'entityId': 'string'
                    }
                }
            },
            'createdDate': datetime(2015, 1, 1),
            'lastUpdatedDate': datetime(2015, 1, 1),
            'effect': 'Permit'|'Forbid'
        },
    ]
}

Response Structure

  • (dict) –

    • nextToken (string) –

      If present, this value indicates that more output is available than is included in the current response. Use this value in the NextToken request parameter in a subsequent call to the operation to get the next part of the output. You should repeat this until the NextToken response element comes back as null. This indicates that this is the last page of results.

    • policies (list) –

      Lists all policies that are available in the specified policy store.

      • (dict) –

        Contains information about a policy.

        This data type is used as a response parameter for the ListPolicies operation.

        • policyStoreId (string) –

          The identifier of the policy store where the policy you want information about is stored.

        • policyId (string) –

          The identifier of the policy you want information about.

        • policyType (string) –

          The type of the policy. This is one of the following values:

          • STATIC

          • TEMPLATE_LINKED

        • principal (dict) –

          The principal associated with the policy.

          • entityType (string) –

            The type of an entity.

            Example: "entityType":"typeName"

          • entityId (string) –

            The identifier of an entity.

            "entityId":"identifier"

        • resource (dict) –

          The resource associated with the policy.

          • entityType (string) –

            The type of an entity.

            Example: "entityType":"typeName"

          • entityId (string) –

            The identifier of an entity.

            "entityId":"identifier"

        • actions (list) –

          The action that a policy permits or forbids. For example, {"actions": [{"actionId": "ViewPhoto", "actionType": "PhotoFlash::Action"}, {"entityID": "SharePhoto", "entityType": "PhotoFlash::Action"}]}.

          • (dict) –

            Contains information about an action for a request for which an authorization decision is made.

            This data type is used as a request parameter to the IsAuthorized, BatchIsAuthorized, and IsAuthorizedWithToken operations.

            Example: { "actionId": "<action name>", "actionType": "Action" }

            • actionType (string) –

              The type of an action.

            • actionId (string) –

              The ID of an action.

        • definition (dict) –

          The policy definition of an item in the list of policies returned.

          Note

          This is a Tagged Union structure. Only one of the following top level keys will be set: static, templateLinked. If a client receives an unknown member it will set SDK_UNKNOWN_MEMBER as the top level key, which maps to the name or tag of the unknown member. The structure of SDK_UNKNOWN_MEMBER is as follows:

          'SDK_UNKNOWN_MEMBER': {'name': 'UnknownMemberName'}
          
          • static (dict) –

            Information about a static policy that wasn’t created with a policy template.

            • description (string) –

              A description of the static policy.

          • templateLinked (dict) –

            Information about a template-linked policy that was created by instantiating a policy template.

            • policyTemplateId (string) –

              The unique identifier of the policy template used to create this policy.

            • principal (dict) –

              The principal associated with this template-linked policy. Verified Permissions substitutes this principal for the ?principal placeholder in the policy template when it evaluates an authorization request.

              • entityType (string) –

                The type of an entity.

                Example: "entityType":"typeName"

              • entityId (string) –

                The identifier of an entity.

                "entityId":"identifier"

            • resource (dict) –

              The resource associated with this template-linked policy. Verified Permissions substitutes this resource for the ?resource placeholder in the policy template when it evaluates an authorization request.

              • entityType (string) –

                The type of an entity.

                Example: "entityType":"typeName"

              • entityId (string) –

                The identifier of an entity.

                "entityId":"identifier"

        • createdDate (datetime) –

          The date and time the policy was created.

        • lastUpdatedDate (datetime) –

          The date and time the policy was most recently updated.

        • effect (string) –

          The effect of the decision that a policy returns to an authorization request. For example, "effect": "Permit".

Exceptions

  • VerifiedPermissions.Client.exceptions.ValidationException

  • VerifiedPermissions.Client.exceptions.AccessDeniedException

  • VerifiedPermissions.Client.exceptions.ResourceNotFoundException

  • VerifiedPermissions.Client.exceptions.ThrottlingException

  • VerifiedPermissions.Client.exceptions.InternalServerException