com.amazonaws.services.identitymanagement.model.EvaluationResult Maven / Gradle / Ivy
Show all versions of aws-java-sdk-iam Show documentation
/*
* Copyright 2010-2016 Amazon.com, Inc. or its affiliates. All Rights
* Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License").
* You may not use this file except in compliance with the License.
* A copy of the License is located at
*
* http://aws.amazon.com/apache2.0
*
* or in the "license" file accompanying this file. This file is distributed
* on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
* express or implied. See the License for the specific language governing
* permissions and limitations under the License.
*/
package com.amazonaws.services.identitymanagement.model;
import java.io.Serializable;
/**
*
* Contains the results of a simulation.
*
*
* This data type is used by the return parameter of
* SimulateCustomPolicy and
* SimulatePrincipalPolicy .
*
*/
public class EvaluationResult implements Serializable, Cloneable {
/**
*
* The name of the API action tested on the indicated resource.
*
*/
private String evalActionName;
/**
*
* The ARN of the resource that the indicated API action was tested on.
*
*/
private String evalResourceName;
/**
*
* The result of the simulation.
*
*/
private String evalDecision;
/**
*
* A list of the statements in the input policies that determine the result
* for this scenario. Remember that even if multiple statements allow the
* action on the resource, if only one statement denies that action, then
* the explicit deny overrides any allow, and the deny statement is the only
* entry included in the result.
*
*/
private com.amazonaws.internal.SdkInternalList matchedStatements;
/**
*
* A list of context keys that are required by the included input policies
* but that were not provided by one of the input parameters. This list is
* used when the resource in a simulation is "*", either explicitly, or when
* the ResourceArns parameter blank. If you include a list of
* resources, then any missing context values are instead included under the
* ResourceSpecificResults section. To discover the context
* keys used by a set of policies, you can call
* GetContextKeysForCustomPolicy or
* GetContextKeysForPrincipalPolicy.
*
*/
private com.amazonaws.internal.SdkInternalList missingContextValues;
/**
*
* Additional details about the results of the evaluation decision. When
* there are both IAM policies and resource policies, this parameter
* explains how each set of policies contributes to the final evaluation
* decision. When simulating cross-account access to a resource, both the
* resource-based policy and the caller's IAM policy must grant access. See
* How IAM Roles Differ from Resource-based Policies
*
*/
private com.amazonaws.internal.SdkInternalMap evalDecisionDetails;
/**
*
* The individual results of the simulation of the API action specified in
* EvalActionName on each resource.
*
*/
private com.amazonaws.internal.SdkInternalList resourceSpecificResults;
/**
*
* The name of the API action tested on the indicated resource.
*
*
* @param evalActionName
* The name of the API action tested on the indicated resource.
*/
public void setEvalActionName(String evalActionName) {
this.evalActionName = evalActionName;
}
/**
*
* The name of the API action tested on the indicated resource.
*
*
* @return The name of the API action tested on the indicated resource.
*/
public String getEvalActionName() {
return this.evalActionName;
}
/**
*
* The name of the API action tested on the indicated resource.
*
*
* @param evalActionName
* The name of the API action tested on the indicated resource.
* @return Returns a reference to this object so that method calls can be
* chained together.
*/
public EvaluationResult withEvalActionName(String evalActionName) {
setEvalActionName(evalActionName);
return this;
}
/**
*
* The ARN of the resource that the indicated API action was tested on.
*
*
* @param evalResourceName
* The ARN of the resource that the indicated API action was tested
* on.
*/
public void setEvalResourceName(String evalResourceName) {
this.evalResourceName = evalResourceName;
}
/**
*
* The ARN of the resource that the indicated API action was tested on.
*
*
* @return The ARN of the resource that the indicated API action was tested
* on.
*/
public String getEvalResourceName() {
return this.evalResourceName;
}
/**
*
* The ARN of the resource that the indicated API action was tested on.
*
*
* @param evalResourceName
* The ARN of the resource that the indicated API action was tested
* on.
* @return Returns a reference to this object so that method calls can be
* chained together.
*/
public EvaluationResult withEvalResourceName(String evalResourceName) {
setEvalResourceName(evalResourceName);
return this;
}
/**
*
* The result of the simulation.
*
*
* @param evalDecision
* The result of the simulation.
* @see PolicyEvaluationDecisionType
*/
public void setEvalDecision(String evalDecision) {
this.evalDecision = evalDecision;
}
/**
*
* The result of the simulation.
*
*
* @return The result of the simulation.
* @see PolicyEvaluationDecisionType
*/
public String getEvalDecision() {
return this.evalDecision;
}
/**
*
* The result of the simulation.
*
*
* @param evalDecision
* The result of the simulation.
* @return Returns a reference to this object so that method calls can be
* chained together.
* @see PolicyEvaluationDecisionType
*/
public EvaluationResult withEvalDecision(String evalDecision) {
setEvalDecision(evalDecision);
return this;
}
/**
*
* The result of the simulation.
*
*
* @param evalDecision
* The result of the simulation.
* @see PolicyEvaluationDecisionType
*/
public void setEvalDecision(PolicyEvaluationDecisionType evalDecision) {
this.evalDecision = evalDecision.toString();
}
/**
*
* The result of the simulation.
*
*
* @param evalDecision
* The result of the simulation.
* @return Returns a reference to this object so that method calls can be
* chained together.
* @see PolicyEvaluationDecisionType
*/
public EvaluationResult withEvalDecision(
PolicyEvaluationDecisionType evalDecision) {
setEvalDecision(evalDecision);
return this;
}
/**
*
* A list of the statements in the input policies that determine the result
* for this scenario. Remember that even if multiple statements allow the
* action on the resource, if only one statement denies that action, then
* the explicit deny overrides any allow, and the deny statement is the only
* entry included in the result.
*
*
* @return A list of the statements in the input policies that determine the
* result for this scenario. Remember that even if multiple
* statements allow the action on the resource, if only one
* statement denies that action, then the explicit deny overrides
* any allow, and the deny statement is the only entry included in
* the result.
*/
public java.util.List getMatchedStatements() {
if (matchedStatements == null) {
matchedStatements = new com.amazonaws.internal.SdkInternalList();
}
return matchedStatements;
}
/**
*
* A list of the statements in the input policies that determine the result
* for this scenario. Remember that even if multiple statements allow the
* action on the resource, if only one statement denies that action, then
* the explicit deny overrides any allow, and the deny statement is the only
* entry included in the result.
*
*
* @param matchedStatements
* A list of the statements in the input policies that determine the
* result for this scenario. Remember that even if multiple
* statements allow the action on the resource, if only one statement
* denies that action, then the explicit deny overrides any allow,
* and the deny statement is the only entry included in the result.
*/
public void setMatchedStatements(
java.util.Collection matchedStatements) {
if (matchedStatements == null) {
this.matchedStatements = null;
return;
}
this.matchedStatements = new com.amazonaws.internal.SdkInternalList(
matchedStatements);
}
/**
*
* A list of the statements in the input policies that determine the result
* for this scenario. Remember that even if multiple statements allow the
* action on the resource, if only one statement denies that action, then
* the explicit deny overrides any allow, and the deny statement is the only
* entry included in the result.
*
*
* NOTE: This method appends the values to the existing list (if
* any). Use {@link #setMatchedStatements(java.util.Collection)} or
* {@link #withMatchedStatements(java.util.Collection)} if you want to
* override the existing values.
*
*
* @param matchedStatements
* A list of the statements in the input policies that determine the
* result for this scenario. Remember that even if multiple
* statements allow the action on the resource, if only one statement
* denies that action, then the explicit deny overrides any allow,
* and the deny statement is the only entry included in the result.
* @return Returns a reference to this object so that method calls can be
* chained together.
*/
public EvaluationResult withMatchedStatements(
Statement... matchedStatements) {
if (this.matchedStatements == null) {
setMatchedStatements(new com.amazonaws.internal.SdkInternalList(
matchedStatements.length));
}
for (Statement ele : matchedStatements) {
this.matchedStatements.add(ele);
}
return this;
}
/**
*
* A list of the statements in the input policies that determine the result
* for this scenario. Remember that even if multiple statements allow the
* action on the resource, if only one statement denies that action, then
* the explicit deny overrides any allow, and the deny statement is the only
* entry included in the result.
*
*
* @param matchedStatements
* A list of the statements in the input policies that determine the
* result for this scenario. Remember that even if multiple
* statements allow the action on the resource, if only one statement
* denies that action, then the explicit deny overrides any allow,
* and the deny statement is the only entry included in the result.
* @return Returns a reference to this object so that method calls can be
* chained together.
*/
public EvaluationResult withMatchedStatements(
java.util.Collection matchedStatements) {
setMatchedStatements(matchedStatements);
return this;
}
/**
*
* A list of context keys that are required by the included input policies
* but that were not provided by one of the input parameters. This list is
* used when the resource in a simulation is "*", either explicitly, or when
* the ResourceArns parameter blank. If you include a list of
* resources, then any missing context values are instead included under the
* ResourceSpecificResults section. To discover the context
* keys used by a set of policies, you can call
* GetContextKeysForCustomPolicy or
* GetContextKeysForPrincipalPolicy.
*
*
* @return A list of context keys that are required by the included input
* policies but that were not provided by one of the input
* parameters. This list is used when the resource in a simulation
* is "*", either explicitly, or when the ResourceArns
* parameter blank. If you include a list of resources, then any
* missing context values are instead included under the
* ResourceSpecificResults section. To discover the
* context keys used by a set of policies, you can call
* GetContextKeysForCustomPolicy or
* GetContextKeysForPrincipalPolicy.
*/
public java.util.List getMissingContextValues() {
if (missingContextValues == null) {
missingContextValues = new com.amazonaws.internal.SdkInternalList();
}
return missingContextValues;
}
/**
*
* A list of context keys that are required by the included input policies
* but that were not provided by one of the input parameters. This list is
* used when the resource in a simulation is "*", either explicitly, or when
* the ResourceArns parameter blank. If you include a list of
* resources, then any missing context values are instead included under the
* ResourceSpecificResults section. To discover the context
* keys used by a set of policies, you can call
* GetContextKeysForCustomPolicy or
* GetContextKeysForPrincipalPolicy.
*
*
* @param missingContextValues
* A list of context keys that are required by the included input
* policies but that were not provided by one of the input
* parameters. This list is used when the resource in a simulation is
* "*", either explicitly, or when the ResourceArns
* parameter blank. If you include a list of resources, then any
* missing context values are instead included under the
* ResourceSpecificResults section. To discover the
* context keys used by a set of policies, you can call
* GetContextKeysForCustomPolicy or
* GetContextKeysForPrincipalPolicy.
*/
public void setMissingContextValues(
java.util.Collection missingContextValues) {
if (missingContextValues == null) {
this.missingContextValues = null;
return;
}
this.missingContextValues = new com.amazonaws.internal.SdkInternalList(
missingContextValues);
}
/**
*
* A list of context keys that are required by the included input policies
* but that were not provided by one of the input parameters. This list is
* used when the resource in a simulation is "*", either explicitly, or when
* the ResourceArns parameter blank. If you include a list of
* resources, then any missing context values are instead included under the
* ResourceSpecificResults section. To discover the context
* keys used by a set of policies, you can call
* GetContextKeysForCustomPolicy or
* GetContextKeysForPrincipalPolicy.
*
*
* NOTE: This method appends the values to the existing list (if
* any). Use {@link #setMissingContextValues(java.util.Collection)} or
* {@link #withMissingContextValues(java.util.Collection)} if you want to
* override the existing values.
*
*
* @param missingContextValues
* A list of context keys that are required by the included input
* policies but that were not provided by one of the input
* parameters. This list is used when the resource in a simulation is
* "*", either explicitly, or when the ResourceArns
* parameter blank. If you include a list of resources, then any
* missing context values are instead included under the
* ResourceSpecificResults section. To discover the
* context keys used by a set of policies, you can call
* GetContextKeysForCustomPolicy or
* GetContextKeysForPrincipalPolicy.
* @return Returns a reference to this object so that method calls can be
* chained together.
*/
public EvaluationResult withMissingContextValues(
String... missingContextValues) {
if (this.missingContextValues == null) {
setMissingContextValues(new com.amazonaws.internal.SdkInternalList(
missingContextValues.length));
}
for (String ele : missingContextValues) {
this.missingContextValues.add(ele);
}
return this;
}
/**
*
* A list of context keys that are required by the included input policies
* but that were not provided by one of the input parameters. This list is
* used when the resource in a simulation is "*", either explicitly, or when
* the ResourceArns parameter blank. If you include a list of
* resources, then any missing context values are instead included under the
* ResourceSpecificResults section. To discover the context
* keys used by a set of policies, you can call
* GetContextKeysForCustomPolicy or
* GetContextKeysForPrincipalPolicy.
*
*
* @param missingContextValues
* A list of context keys that are required by the included input
* policies but that were not provided by one of the input
* parameters. This list is used when the resource in a simulation is
* "*", either explicitly, or when the ResourceArns
* parameter blank. If you include a list of resources, then any
* missing context values are instead included under the
* ResourceSpecificResults section. To discover the
* context keys used by a set of policies, you can call
* GetContextKeysForCustomPolicy or
* GetContextKeysForPrincipalPolicy.
* @return Returns a reference to this object so that method calls can be
* chained together.
*/
public EvaluationResult withMissingContextValues(
java.util.Collection missingContextValues) {
setMissingContextValues(missingContextValues);
return this;
}
/**
*
* Additional details about the results of the evaluation decision. When
* there are both IAM policies and resource policies, this parameter
* explains how each set of policies contributes to the final evaluation
* decision. When simulating cross-account access to a resource, both the
* resource-based policy and the caller's IAM policy must grant access. See
* How IAM Roles Differ from Resource-based Policies
*
*
* @return Additional details about the results of the evaluation decision.
* When there are both IAM policies and resource policies, this
* parameter explains how each set of policies contributes to the
* final evaluation decision. When simulating cross-account access
* to a resource, both the resource-based policy and the caller's
* IAM policy must grant access. See How IAM Roles Differ from Resource-based Policies
*/
public java.util.Map getEvalDecisionDetails() {
if (evalDecisionDetails == null) {
evalDecisionDetails = new com.amazonaws.internal.SdkInternalMap();
}
return evalDecisionDetails;
}
/**
*
* Additional details about the results of the evaluation decision. When
* there are both IAM policies and resource policies, this parameter
* explains how each set of policies contributes to the final evaluation
* decision. When simulating cross-account access to a resource, both the
* resource-based policy and the caller's IAM policy must grant access. See
* How IAM Roles Differ from Resource-based Policies
*
*
* @param evalDecisionDetails
* Additional details about the results of the evaluation decision.
* When there are both IAM policies and resource policies, this
* parameter explains how each set of policies contributes to the
* final evaluation decision. When simulating cross-account access to
* a resource, both the resource-based policy and the caller's IAM
* policy must grant access. See How IAM Roles Differ from Resource-based Policies
*/
public void setEvalDecisionDetails(
java.util.Map evalDecisionDetails) {
this.evalDecisionDetails = evalDecisionDetails == null ? null
: new com.amazonaws.internal.SdkInternalMap(
evalDecisionDetails);
}
/**
*
* Additional details about the results of the evaluation decision. When
* there are both IAM policies and resource policies, this parameter
* explains how each set of policies contributes to the final evaluation
* decision. When simulating cross-account access to a resource, both the
* resource-based policy and the caller's IAM policy must grant access. See
* How IAM Roles Differ from Resource-based Policies
*
*
* @param evalDecisionDetails
* Additional details about the results of the evaluation decision.
* When there are both IAM policies and resource policies, this
* parameter explains how each set of policies contributes to the
* final evaluation decision. When simulating cross-account access to
* a resource, both the resource-based policy and the caller's IAM
* policy must grant access. See How IAM Roles Differ from Resource-based Policies
* @return Returns a reference to this object so that method calls can be
* chained together.
*/
public EvaluationResult withEvalDecisionDetails(
java.util.Map evalDecisionDetails) {
setEvalDecisionDetails(evalDecisionDetails);
return this;
}
public EvaluationResult addEvalDecisionDetailsEntry(String key, String value) {
if (null == this.evalDecisionDetails) {
this.evalDecisionDetails = new com.amazonaws.internal.SdkInternalMap();
}
if (this.evalDecisionDetails.containsKey(key))
throw new IllegalArgumentException("Duplicated keys ("
+ key.toString() + ") are provided.");
this.evalDecisionDetails.put(key, value);
return this;
}
/**
* Removes all the entries added into EvalDecisionDetails. <p> Returns a
* reference to this object so that method calls can be chained together.
*/
public EvaluationResult clearEvalDecisionDetailsEntries() {
this.evalDecisionDetails = null;
return this;
}
/**
*
* The individual results of the simulation of the API action specified in
* EvalActionName on each resource.
*
*
* @return The individual results of the simulation of the API action
* specified in EvalActionName on each resource.
*/
public java.util.List getResourceSpecificResults() {
if (resourceSpecificResults == null) {
resourceSpecificResults = new com.amazonaws.internal.SdkInternalList();
}
return resourceSpecificResults;
}
/**
*
* The individual results of the simulation of the API action specified in
* EvalActionName on each resource.
*
*
* @param resourceSpecificResults
* The individual results of the simulation of the API action
* specified in EvalActionName on each resource.
*/
public void setResourceSpecificResults(
java.util.Collection resourceSpecificResults) {
if (resourceSpecificResults == null) {
this.resourceSpecificResults = null;
return;
}
this.resourceSpecificResults = new com.amazonaws.internal.SdkInternalList(
resourceSpecificResults);
}
/**
*
* The individual results of the simulation of the API action specified in
* EvalActionName on each resource.
*
*
* NOTE: This method appends the values to the existing list (if
* any). Use {@link #setResourceSpecificResults(java.util.Collection)} or
* {@link #withResourceSpecificResults(java.util.Collection)} if you want to
* override the existing values.
*
*
* @param resourceSpecificResults
* The individual results of the simulation of the API action
* specified in EvalActionName on each resource.
* @return Returns a reference to this object so that method calls can be
* chained together.
*/
public EvaluationResult withResourceSpecificResults(
ResourceSpecificResult... resourceSpecificResults) {
if (this.resourceSpecificResults == null) {
setResourceSpecificResults(new com.amazonaws.internal.SdkInternalList(
resourceSpecificResults.length));
}
for (ResourceSpecificResult ele : resourceSpecificResults) {
this.resourceSpecificResults.add(ele);
}
return this;
}
/**
*
* The individual results of the simulation of the API action specified in
* EvalActionName on each resource.
*
*
* @param resourceSpecificResults
* The individual results of the simulation of the API action
* specified in EvalActionName on each resource.
* @return Returns a reference to this object so that method calls can be
* chained together.
*/
public EvaluationResult withResourceSpecificResults(
java.util.Collection resourceSpecificResults) {
setResourceSpecificResults(resourceSpecificResults);
return this;
}
/**
* Returns a string representation of this object; useful for testing and
* debugging.
*
* @return A string representation of this object.
*
* @see java.lang.Object#toString()
*/
@Override
public String toString() {
StringBuilder sb = new StringBuilder();
sb.append("{");
if (getEvalActionName() != null)
sb.append("EvalActionName: " + getEvalActionName() + ",");
if (getEvalResourceName() != null)
sb.append("EvalResourceName: " + getEvalResourceName() + ",");
if (getEvalDecision() != null)
sb.append("EvalDecision: " + getEvalDecision() + ",");
if (getMatchedStatements() != null)
sb.append("MatchedStatements: " + getMatchedStatements() + ",");
if (getMissingContextValues() != null)
sb.append("MissingContextValues: " + getMissingContextValues()
+ ",");
if (getEvalDecisionDetails() != null)
sb.append("EvalDecisionDetails: " + getEvalDecisionDetails() + ",");
if (getResourceSpecificResults() != null)
sb.append("ResourceSpecificResults: "
+ getResourceSpecificResults());
sb.append("}");
return sb.toString();
}
@Override
public boolean equals(Object obj) {
if (this == obj)
return true;
if (obj == null)
return false;
if (obj instanceof EvaluationResult == false)
return false;
EvaluationResult other = (EvaluationResult) obj;
if (other.getEvalActionName() == null
^ this.getEvalActionName() == null)
return false;
if (other.getEvalActionName() != null
&& other.getEvalActionName().equals(this.getEvalActionName()) == false)
return false;
if (other.getEvalResourceName() == null
^ this.getEvalResourceName() == null)
return false;
if (other.getEvalResourceName() != null
&& other.getEvalResourceName().equals(
this.getEvalResourceName()) == false)
return false;
if (other.getEvalDecision() == null ^ this.getEvalDecision() == null)
return false;
if (other.getEvalDecision() != null
&& other.getEvalDecision().equals(this.getEvalDecision()) == false)
return false;
if (other.getMatchedStatements() == null
^ this.getMatchedStatements() == null)
return false;
if (other.getMatchedStatements() != null
&& other.getMatchedStatements().equals(
this.getMatchedStatements()) == false)
return false;
if (other.getMissingContextValues() == null
^ this.getMissingContextValues() == null)
return false;
if (other.getMissingContextValues() != null
&& other.getMissingContextValues().equals(
this.getMissingContextValues()) == false)
return false;
if (other.getEvalDecisionDetails() == null
^ this.getEvalDecisionDetails() == null)
return false;
if (other.getEvalDecisionDetails() != null
&& other.getEvalDecisionDetails().equals(
this.getEvalDecisionDetails()) == false)
return false;
if (other.getResourceSpecificResults() == null
^ this.getResourceSpecificResults() == null)
return false;
if (other.getResourceSpecificResults() != null
&& other.getResourceSpecificResults().equals(
this.getResourceSpecificResults()) == false)
return false;
return true;
}
@Override
public int hashCode() {
final int prime = 31;
int hashCode = 1;
hashCode = prime
* hashCode
+ ((getEvalActionName() == null) ? 0 : getEvalActionName()
.hashCode());
hashCode = prime
* hashCode
+ ((getEvalResourceName() == null) ? 0 : getEvalResourceName()
.hashCode());
hashCode = prime
* hashCode
+ ((getEvalDecision() == null) ? 0 : getEvalDecision()
.hashCode());
hashCode = prime
* hashCode
+ ((getMatchedStatements() == null) ? 0
: getMatchedStatements().hashCode());
hashCode = prime
* hashCode
+ ((getMissingContextValues() == null) ? 0
: getMissingContextValues().hashCode());
hashCode = prime
* hashCode
+ ((getEvalDecisionDetails() == null) ? 0
: getEvalDecisionDetails().hashCode());
hashCode = prime
* hashCode
+ ((getResourceSpecificResults() == null) ? 0
: getResourceSpecificResults().hashCode());
return hashCode;
}
@Override
public EvaluationResult clone() {
try {
return (EvaluationResult) super.clone();
} catch (CloneNotSupportedException e) {
throw new IllegalStateException(
"Got a CloneNotSupportedException from Object.clone() "
+ "even though we're Cloneable!", e);
}
}
}