ValidationException
The request failed because one or more input parameters don't satisfy their constraint requirements. The output is provided as a list of fields and a reason for each field that isn't valid.
The possible reasons include the following:
UnrecognizedEntityTypeThe policy includes an entity type that isn't found in the schema.
UnrecognizedActionIdThe policy includes an action id that isn't found in the schema.
InvalidActionApplicationThe policy includes an action that, according to the schema, doesn't support the specified principal and resource.
UnexpectedTypeThe policy included an operand that isn't a valid type for the specified operation.
IncompatibleTypesThe types of elements included in a
set, or the types of expressions used in anif...then...elseclause aren't compatible in this context.MissingAttributeThe policy attempts to access a record or entity attribute that isn't specified in the schema. Test for the existence of the attribute first before attempting to access its value. For more information, see the has (presence of attribute test) operator in the Cedar Policy Language Guide.
UnsafeOptionalAttributeAccessThe policy attempts to access a record or entity attribute that is optional and isn't guaranteed to be present. Test for the existence of the attribute first before attempting to access its value. For more information, see the has (presence of attribute test) operator in the Cedar Policy Language Guide.
ImpossiblePolicyCedar has determined that a policy condition always evaluates to false. If the policy is always false, it can never apply to any query, and so it can never affect an authorization decision.
WrongNumberArgumentsThe policy references an extension type with the wrong number of arguments.
FunctionArgumentValidationErrorCedar couldn't parse the argument passed to an extension type. For example, a string that is to be parsed as an IPv4 address can contain only digits and the period character.