software.amazon.awssdk.services.iam.model.EvaluationResult Maven / Gradle / Ivy
Show all versions of iam Show documentation
/*
* Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance with
* the License. A copy of the License is located at
*
* http://aws.amazon.com/apache2.0
*
* or in the "license" file accompanying this file. This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
* CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions
* and limitations under the License.
*/
package software.amazon.awssdk.services.iam.model;
import java.io.Serializable;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.function.BiConsumer;
import java.util.function.Consumer;
import java.util.function.Function;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import software.amazon.awssdk.annotations.Generated;
import software.amazon.awssdk.core.SdkField;
import software.amazon.awssdk.core.SdkPojo;
import software.amazon.awssdk.core.protocol.MarshallLocation;
import software.amazon.awssdk.core.protocol.MarshallingType;
import software.amazon.awssdk.core.traits.ListTrait;
import software.amazon.awssdk.core.traits.LocationTrait;
import software.amazon.awssdk.core.traits.MapTrait;
import software.amazon.awssdk.core.util.DefaultSdkAutoConstructList;
import software.amazon.awssdk.core.util.DefaultSdkAutoConstructMap;
import software.amazon.awssdk.core.util.SdkAutoConstructList;
import software.amazon.awssdk.core.util.SdkAutoConstructMap;
import software.amazon.awssdk.utils.ToString;
import software.amazon.awssdk.utils.builder.CopyableBuilder;
import software.amazon.awssdk.utils.builder.ToCopyableBuilder;
/**
*
* Contains the results of a simulation.
*
*
* This data type is used by the return parameter of SimulateCustomPolicy and
* SimulatePrincipalPolicy .
*
*/
@Generated("software.amazon.awssdk:codegen")
public final class EvaluationResult implements SdkPojo, Serializable,
ToCopyableBuilder {
private static final SdkField EVAL_ACTION_NAME_FIELD = SdkField. builder(MarshallingType.STRING)
.memberName("EvalActionName").getter(getter(EvaluationResult::evalActionName))
.setter(setter(Builder::evalActionName))
.traits(LocationTrait.builder().location(MarshallLocation.PAYLOAD).locationName("EvalActionName").build()).build();
private static final SdkField EVAL_RESOURCE_NAME_FIELD = SdkField. builder(MarshallingType.STRING)
.memberName("EvalResourceName").getter(getter(EvaluationResult::evalResourceName))
.setter(setter(Builder::evalResourceName))
.traits(LocationTrait.builder().location(MarshallLocation.PAYLOAD).locationName("EvalResourceName").build()).build();
private static final SdkField EVAL_DECISION_FIELD = SdkField. builder(MarshallingType.STRING)
.memberName("EvalDecision").getter(getter(EvaluationResult::evalDecisionAsString))
.setter(setter(Builder::evalDecision))
.traits(LocationTrait.builder().location(MarshallLocation.PAYLOAD).locationName("EvalDecision").build()).build();
private static final SdkField> MATCHED_STATEMENTS_FIELD = SdkField
.> builder(MarshallingType.LIST)
.memberName("MatchedStatements")
.getter(getter(EvaluationResult::matchedStatements))
.setter(setter(Builder::matchedStatements))
.traits(LocationTrait.builder().location(MarshallLocation.PAYLOAD).locationName("MatchedStatements").build(),
ListTrait
.builder()
.memberLocationName(null)
.memberFieldInfo(
SdkField. builder(MarshallingType.SDK_POJO)
.constructor(Statement::builder)
.traits(LocationTrait.builder().location(MarshallLocation.PAYLOAD)
.locationName("member").build()).build()).build()).build();
private static final SdkField> MISSING_CONTEXT_VALUES_FIELD = SdkField
.> builder(MarshallingType.LIST)
.memberName("MissingContextValues")
.getter(getter(EvaluationResult::missingContextValues))
.setter(setter(Builder::missingContextValues))
.traits(LocationTrait.builder().location(MarshallLocation.PAYLOAD).locationName("MissingContextValues").build(),
ListTrait
.builder()
.memberLocationName(null)
.memberFieldInfo(
SdkField. builder(MarshallingType.STRING)
.traits(LocationTrait.builder().location(MarshallLocation.PAYLOAD)
.locationName("member").build()).build()).build()).build();
private static final SdkField ORGANIZATIONS_DECISION_DETAIL_FIELD = SdkField
. builder(MarshallingType.SDK_POJO)
.memberName("OrganizationsDecisionDetail")
.getter(getter(EvaluationResult::organizationsDecisionDetail))
.setter(setter(Builder::organizationsDecisionDetail))
.constructor(OrganizationsDecisionDetail::builder)
.traits(LocationTrait.builder().location(MarshallLocation.PAYLOAD).locationName("OrganizationsDecisionDetail")
.build()).build();
private static final SdkField PERMISSIONS_BOUNDARY_DECISION_DETAIL_FIELD = SdkField
. builder(MarshallingType.SDK_POJO)
.memberName("PermissionsBoundaryDecisionDetail")
.getter(getter(EvaluationResult::permissionsBoundaryDecisionDetail))
.setter(setter(Builder::permissionsBoundaryDecisionDetail))
.constructor(PermissionsBoundaryDecisionDetail::builder)
.traits(LocationTrait.builder().location(MarshallLocation.PAYLOAD).locationName("PermissionsBoundaryDecisionDetail")
.build()).build();
private static final SdkField> EVAL_DECISION_DETAILS_FIELD = SdkField
.> builder(MarshallingType.MAP)
.memberName("EvalDecisionDetails")
.getter(getter(EvaluationResult::evalDecisionDetailsAsStrings))
.setter(setter(Builder::evalDecisionDetailsWithStrings))
.traits(LocationTrait.builder().location(MarshallLocation.PAYLOAD).locationName("EvalDecisionDetails").build(),
MapTrait.builder()
.keyLocationName("key")
.valueLocationName("value")
.valueFieldInfo(
SdkField. builder(MarshallingType.STRING)
.traits(LocationTrait.builder().location(MarshallLocation.PAYLOAD)
.locationName("value").build()).build()).build()).build();
private static final SdkField> RESOURCE_SPECIFIC_RESULTS_FIELD = SdkField
.> builder(MarshallingType.LIST)
.memberName("ResourceSpecificResults")
.getter(getter(EvaluationResult::resourceSpecificResults))
.setter(setter(Builder::resourceSpecificResults))
.traits(LocationTrait.builder().location(MarshallLocation.PAYLOAD).locationName("ResourceSpecificResults").build(),
ListTrait
.builder()
.memberLocationName(null)
.memberFieldInfo(
SdkField. builder(MarshallingType.SDK_POJO)
.constructor(ResourceSpecificResult::builder)
.traits(LocationTrait.builder().location(MarshallLocation.PAYLOAD)
.locationName("member").build()).build()).build()).build();
private static final List> SDK_FIELDS = Collections.unmodifiableList(Arrays.asList(EVAL_ACTION_NAME_FIELD,
EVAL_RESOURCE_NAME_FIELD, EVAL_DECISION_FIELD, MATCHED_STATEMENTS_FIELD, MISSING_CONTEXT_VALUES_FIELD,
ORGANIZATIONS_DECISION_DETAIL_FIELD, PERMISSIONS_BOUNDARY_DECISION_DETAIL_FIELD, EVAL_DECISION_DETAILS_FIELD,
RESOURCE_SPECIFIC_RESULTS_FIELD));
private static final long serialVersionUID = 1L;
private final String evalActionName;
private final String evalResourceName;
private final String evalDecision;
private final List matchedStatements;
private final List missingContextValues;
private final OrganizationsDecisionDetail organizationsDecisionDetail;
private final PermissionsBoundaryDecisionDetail permissionsBoundaryDecisionDetail;
private final Map evalDecisionDetails;
private final List resourceSpecificResults;
private EvaluationResult(BuilderImpl builder) {
this.evalActionName = builder.evalActionName;
this.evalResourceName = builder.evalResourceName;
this.evalDecision = builder.evalDecision;
this.matchedStatements = builder.matchedStatements;
this.missingContextValues = builder.missingContextValues;
this.organizationsDecisionDetail = builder.organizationsDecisionDetail;
this.permissionsBoundaryDecisionDetail = builder.permissionsBoundaryDecisionDetail;
this.evalDecisionDetails = builder.evalDecisionDetails;
this.resourceSpecificResults = builder.resourceSpecificResults;
}
/**
*
* The name of the API operation tested on the indicated resource.
*
*
* @return The name of the API operation tested on the indicated resource.
*/
public final String evalActionName() {
return evalActionName;
}
/**
*
* The ARN of the resource that the indicated API operation was tested on.
*
*
* @return The ARN of the resource that the indicated API operation was tested on.
*/
public final String evalResourceName() {
return evalResourceName;
}
/**
*
* The result of the simulation.
*
*
* If the service returns an enum value that is not available in the current SDK version, {@link #evalDecision} will
* return {@link PolicyEvaluationDecisionType#UNKNOWN_TO_SDK_VERSION}. The raw value returned by the service is
* available from {@link #evalDecisionAsString}.
*
*
* @return The result of the simulation.
* @see PolicyEvaluationDecisionType
*/
public final PolicyEvaluationDecisionType evalDecision() {
return PolicyEvaluationDecisionType.fromValue(evalDecision);
}
/**
*
* The result of the simulation.
*
*
* If the service returns an enum value that is not available in the current SDK version, {@link #evalDecision} will
* return {@link PolicyEvaluationDecisionType#UNKNOWN_TO_SDK_VERSION}. The raw value returned by the service is
* available from {@link #evalDecisionAsString}.
*
*
* @return The result of the simulation.
* @see PolicyEvaluationDecisionType
*/
public final String evalDecisionAsString() {
return evalDecision;
}
/**
* For responses, this returns true if the service returned a value for the MatchedStatements property. This DOES
* NOT check that the value is non-empty (for which, you should check the {@code isEmpty()} method on the property).
* This is useful because the SDK will never return a null collection or map, but you may need to differentiate
* between the service returning nothing (or null) and the service returning an empty collection or map. For
* requests, this returns true if a value for the property was specified in the request builder, and false if a
* value was not specified.
*/
public final boolean hasMatchedStatements() {
return matchedStatements != null && !(matchedStatements instanceof SdkAutoConstructList);
}
/**
*
* A list of the statements in the input policies that determine the result for this scenario. Remember that even if
* multiple statements allow the operation on the resource, if only one statement denies that operation, then the
* explicit deny overrides any allow. In addition, the deny statement is the only entry included in the result.
*
*
* Attempts to modify the collection returned by this method will result in an UnsupportedOperationException.
*
*
* This method will never return null. If you would like to know whether the service returned this field (so that
* you can differentiate between null and empty), you can use the {@link #hasMatchedStatements} method.
*
*
* @return A list of the statements in the input policies that determine the result for this scenario. Remember that
* even if multiple statements allow the operation on the resource, if only one statement denies that
* operation, then the explicit deny overrides any allow. In addition, the deny statement is the only entry
* included in the result.
*/
public final List matchedStatements() {
return matchedStatements;
}
/**
* For responses, this returns true if the service returned a value for the MissingContextValues property. This DOES
* NOT check that the value is non-empty (for which, you should check the {@code isEmpty()} method on the property).
* This is useful because the SDK will never return a null collection or map, but you may need to differentiate
* between the service returning nothing (or null) and the service returning an empty collection or map. For
* requests, this returns true if a value for the property was specified in the request builder, and false if a
* value was not specified.
*/
public final boolean hasMissingContextValues() {
return missingContextValues != null && !(missingContextValues instanceof SdkAutoConstructList);
}
/**
*
* A list of context keys that are required by the included input policies but that were not provided by one of the
* input parameters. This list is used when the resource in a simulation is "*", either explicitly, or when the
* ResourceArns parameter blank. If you include a list of resources, then any missing context values
* are instead included under the ResourceSpecificResults section. To discover the context keys used by
* a set of policies, you can call GetContextKeysForCustomPolicy or GetContextKeysForPrincipalPolicy.
*
*
* Attempts to modify the collection returned by this method will result in an UnsupportedOperationException.
*
*
* This method will never return null. If you would like to know whether the service returned this field (so that
* you can differentiate between null and empty), you can use the {@link #hasMissingContextValues} method.
*
*
* @return A list of context keys that are required by the included input policies but that were not provided by one
* of the input parameters. This list is used when the resource in a simulation is "*", either explicitly,
* or when the ResourceArns parameter blank. If you include a list of resources, then any
* missing context values are instead included under the ResourceSpecificResults section. To
* discover the context keys used by a set of policies, you can call GetContextKeysForCustomPolicy or
* GetContextKeysForPrincipalPolicy.
*/
public final List missingContextValues() {
return missingContextValues;
}
/**
*
* A structure that details how Organizations and its service control policies affect the results of the simulation.
* Only applies if the simulated user's account is part of an organization.
*
*
* @return A structure that details how Organizations and its service control policies affect the results of the
* simulation. Only applies if the simulated user's account is part of an organization.
*/
public final OrganizationsDecisionDetail organizationsDecisionDetail() {
return organizationsDecisionDetail;
}
/**
*
* Contains information about the effect that a permissions boundary has on a policy simulation when the boundary is
* applied to an IAM entity.
*
*
* @return Contains information about the effect that a permissions boundary has on a policy simulation when the
* boundary is applied to an IAM entity.
*/
public final PermissionsBoundaryDecisionDetail permissionsBoundaryDecisionDetail() {
return permissionsBoundaryDecisionDetail;
}
/**
*
* Additional details about the results of the cross-account evaluation decision. This parameter is populated for
* only cross-account simulations. It contains a brief summary of how each policy type contributes to the final
* evaluation decision.
*
*
* If the simulation evaluates policies within the same account and includes a resource ARN, then the parameter is
* present but the response is empty. If the simulation evaluates policies within the same account and specifies all
* resources (*), then the parameter is not returned.
*
*
* When you make a cross-account request, Amazon Web Services evaluates the request in the trusting account and the
* trusted account. The request is allowed only if both evaluations return true. For more information
* about how policies are evaluated, see Evaluating policies within a single account.
*
*
* If an Organizations SCP included in the evaluation denies access, the simulation ends. In this case, policy
* evaluation does not proceed any further and this parameter is not returned.
*
*
* Attempts to modify the collection returned by this method will result in an UnsupportedOperationException.
*
*
* This method will never return null. If you would like to know whether the service returned this field (so that
* you can differentiate between null and empty), you can use the {@link #hasEvalDecisionDetails} method.
*
*
* @return Additional details about the results of the cross-account evaluation decision. This parameter is
* populated for only cross-account simulations. It contains a brief summary of how each policy type
* contributes to the final evaluation decision.
*
* If the simulation evaluates policies within the same account and includes a resource ARN, then the
* parameter is present but the response is empty. If the simulation evaluates policies within the same
* account and specifies all resources (*), then the parameter is not returned.
*
*
* When you make a cross-account request, Amazon Web Services evaluates the request in the trusting account
* and the trusted account. The request is allowed only if both evaluations return true. For
* more information about how policies are evaluated, see Evaluating policies within a single account.
*
*
* If an Organizations SCP included in the evaluation denies access, the simulation ends. In this case,
* policy evaluation does not proceed any further and this parameter is not returned.
*/
public final Map evalDecisionDetails() {
return EvalDecisionDetailsTypeCopier.copyStringToEnum(evalDecisionDetails);
}
/**
* For responses, this returns true if the service returned a value for the EvalDecisionDetails property. This DOES
* NOT check that the value is non-empty (for which, you should check the {@code isEmpty()} method on the property).
* This is useful because the SDK will never return a null collection or map, but you may need to differentiate
* between the service returning nothing (or null) and the service returning an empty collection or map. For
* requests, this returns true if a value for the property was specified in the request builder, and false if a
* value was not specified.
*/
public final boolean hasEvalDecisionDetails() {
return evalDecisionDetails != null && !(evalDecisionDetails instanceof SdkAutoConstructMap);
}
/**
*
* Additional details about the results of the cross-account evaluation decision. This parameter is populated for
* only cross-account simulations. It contains a brief summary of how each policy type contributes to the final
* evaluation decision.
*
*
* If the simulation evaluates policies within the same account and includes a resource ARN, then the parameter is
* present but the response is empty. If the simulation evaluates policies within the same account and specifies all
* resources (*), then the parameter is not returned.
*
*
* When you make a cross-account request, Amazon Web Services evaluates the request in the trusting account and the
* trusted account. The request is allowed only if both evaluations return true. For more information
* about how policies are evaluated, see Evaluating policies within a single account.
*
*
* If an Organizations SCP included in the evaluation denies access, the simulation ends. In this case, policy
* evaluation does not proceed any further and this parameter is not returned.
*
*
* Attempts to modify the collection returned by this method will result in an UnsupportedOperationException.
*
*
* This method will never return null. If you would like to know whether the service returned this field (so that
* you can differentiate between null and empty), you can use the {@link #hasEvalDecisionDetails} method.
*
*
* @return Additional details about the results of the cross-account evaluation decision. This parameter is
* populated for only cross-account simulations. It contains a brief summary of how each policy type
* contributes to the final evaluation decision.
*
* If the simulation evaluates policies within the same account and includes a resource ARN, then the
* parameter is present but the response is empty. If the simulation evaluates policies within the same
* account and specifies all resources (*), then the parameter is not returned.
*
*
* When you make a cross-account request, Amazon Web Services evaluates the request in the trusting account
* and the trusted account. The request is allowed only if both evaluations return true. For
* more information about how policies are evaluated, see Evaluating policies within a single account.
*
*
* If an Organizations SCP included in the evaluation denies access, the simulation ends. In this case,
* policy evaluation does not proceed any further and this parameter is not returned.
*/
public final Map evalDecisionDetailsAsStrings() {
return evalDecisionDetails;
}
/**
* For responses, this returns true if the service returned a value for the ResourceSpecificResults property. This
* DOES NOT check that the value is non-empty (for which, you should check the {@code isEmpty()} method on the
* property). This is useful because the SDK will never return a null collection or map, but you may need to
* differentiate between the service returning nothing (or null) and the service returning an empty collection or
* map. For requests, this returns true if a value for the property was specified in the request builder, and false
* if a value was not specified.
*/
public final boolean hasResourceSpecificResults() {
return resourceSpecificResults != null && !(resourceSpecificResults instanceof SdkAutoConstructList);
}
/**
*
* The individual results of the simulation of the API operation specified in EvalActionName on each resource.
*
*
* Attempts to modify the collection returned by this method will result in an UnsupportedOperationException.
*
*
* This method will never return null. If you would like to know whether the service returned this field (so that
* you can differentiate between null and empty), you can use the {@link #hasResourceSpecificResults} method.
*
*
* @return The individual results of the simulation of the API operation specified in EvalActionName on each
* resource.
*/
public final List resourceSpecificResults() {
return resourceSpecificResults;
}
@Override
public Builder toBuilder() {
return new BuilderImpl(this);
}
public static Builder builder() {
return new BuilderImpl();
}
public static Class serializableBuilderClass() {
return BuilderImpl.class;
}
@Override
public final int hashCode() {
int hashCode = 1;
hashCode = 31 * hashCode + Objects.hashCode(evalActionName());
hashCode = 31 * hashCode + Objects.hashCode(evalResourceName());
hashCode = 31 * hashCode + Objects.hashCode(evalDecisionAsString());
hashCode = 31 * hashCode + Objects.hashCode(hasMatchedStatements() ? matchedStatements() : null);
hashCode = 31 * hashCode + Objects.hashCode(hasMissingContextValues() ? missingContextValues() : null);
hashCode = 31 * hashCode + Objects.hashCode(organizationsDecisionDetail());
hashCode = 31 * hashCode + Objects.hashCode(permissionsBoundaryDecisionDetail());
hashCode = 31 * hashCode + Objects.hashCode(hasEvalDecisionDetails() ? evalDecisionDetailsAsStrings() : null);
hashCode = 31 * hashCode + Objects.hashCode(hasResourceSpecificResults() ? resourceSpecificResults() : null);
return hashCode;
}
@Override
public final boolean equals(Object obj) {
return equalsBySdkFields(obj);
}
@Override
public final boolean equalsBySdkFields(Object obj) {
if (this == obj) {
return true;
}
if (obj == null) {
return false;
}
if (!(obj instanceof EvaluationResult)) {
return false;
}
EvaluationResult other = (EvaluationResult) obj;
return Objects.equals(evalActionName(), other.evalActionName())
&& Objects.equals(evalResourceName(), other.evalResourceName())
&& Objects.equals(evalDecisionAsString(), other.evalDecisionAsString())
&& hasMatchedStatements() == other.hasMatchedStatements()
&& Objects.equals(matchedStatements(), other.matchedStatements())
&& hasMissingContextValues() == other.hasMissingContextValues()
&& Objects.equals(missingContextValues(), other.missingContextValues())
&& Objects.equals(organizationsDecisionDetail(), other.organizationsDecisionDetail())
&& Objects.equals(permissionsBoundaryDecisionDetail(), other.permissionsBoundaryDecisionDetail())
&& hasEvalDecisionDetails() == other.hasEvalDecisionDetails()
&& Objects.equals(evalDecisionDetailsAsStrings(), other.evalDecisionDetailsAsStrings())
&& hasResourceSpecificResults() == other.hasResourceSpecificResults()
&& Objects.equals(resourceSpecificResults(), other.resourceSpecificResults());
}
/**
* Returns a string representation of this object. This is useful for testing and debugging. Sensitive data will be
* redacted from this string using a placeholder value.
*/
@Override
public final String toString() {
return ToString.builder("EvaluationResult").add("EvalActionName", evalActionName())
.add("EvalResourceName", evalResourceName()).add("EvalDecision", evalDecisionAsString())
.add("MatchedStatements", hasMatchedStatements() ? matchedStatements() : null)
.add("MissingContextValues", hasMissingContextValues() ? missingContextValues() : null)
.add("OrganizationsDecisionDetail", organizationsDecisionDetail())
.add("PermissionsBoundaryDecisionDetail", permissionsBoundaryDecisionDetail())
.add("EvalDecisionDetails", hasEvalDecisionDetails() ? evalDecisionDetailsAsStrings() : null)
.add("ResourceSpecificResults", hasResourceSpecificResults() ? resourceSpecificResults() : null).build();
}
public final Optional getValueForField(String fieldName, Class clazz) {
switch (fieldName) {
case "EvalActionName":
return Optional.ofNullable(clazz.cast(evalActionName()));
case "EvalResourceName":
return Optional.ofNullable(clazz.cast(evalResourceName()));
case "EvalDecision":
return Optional.ofNullable(clazz.cast(evalDecisionAsString()));
case "MatchedStatements":
return Optional.ofNullable(clazz.cast(matchedStatements()));
case "MissingContextValues":
return Optional.ofNullable(clazz.cast(missingContextValues()));
case "OrganizationsDecisionDetail":
return Optional.ofNullable(clazz.cast(organizationsDecisionDetail()));
case "PermissionsBoundaryDecisionDetail":
return Optional.ofNullable(clazz.cast(permissionsBoundaryDecisionDetail()));
case "EvalDecisionDetails":
return Optional.ofNullable(clazz.cast(evalDecisionDetailsAsStrings()));
case "ResourceSpecificResults":
return Optional.ofNullable(clazz.cast(resourceSpecificResults()));
default:
return Optional.empty();
}
}
@Override
public final List> sdkFields() {
return SDK_FIELDS;
}
private static Function getter(Function g) {
return obj -> g.apply((EvaluationResult) obj);
}
private static BiConsumer setter(BiConsumer s) {
return (obj, val) -> s.accept((Builder) obj, val);
}
public interface Builder extends SdkPojo, CopyableBuilder {
/**
*
* The name of the API operation tested on the indicated resource.
*
*
* @param evalActionName
* The name of the API operation tested on the indicated resource.
* @return Returns a reference to this object so that method calls can be chained together.
*/
Builder evalActionName(String evalActionName);
/**
*
* The ARN of the resource that the indicated API operation was tested on.
*
*
* @param evalResourceName
* The ARN of the resource that the indicated API operation was tested on.
* @return Returns a reference to this object so that method calls can be chained together.
*/
Builder evalResourceName(String evalResourceName);
/**
*
* The result of the simulation.
*
*
* @param evalDecision
* The result of the simulation.
* @see PolicyEvaluationDecisionType
* @return Returns a reference to this object so that method calls can be chained together.
* @see PolicyEvaluationDecisionType
*/
Builder evalDecision(String evalDecision);
/**
*
* The result of the simulation.
*
*
* @param evalDecision
* The result of the simulation.
* @see PolicyEvaluationDecisionType
* @return Returns a reference to this object so that method calls can be chained together.
* @see PolicyEvaluationDecisionType
*/
Builder evalDecision(PolicyEvaluationDecisionType evalDecision);
/**
*
* A list of the statements in the input policies that determine the result for this scenario. Remember that
* even if multiple statements allow the operation on the resource, if only one statement denies that operation,
* then the explicit deny overrides any allow. In addition, the deny statement is the only entry included in the
* result.
*
*
* @param matchedStatements
* A list of the statements in the input policies that determine the result for this scenario. Remember
* that even if multiple statements allow the operation on the resource, if only one statement denies
* that operation, then the explicit deny overrides any allow. In addition, the deny statement is the
* only entry included in the result.
* @return Returns a reference to this object so that method calls can be chained together.
*/
Builder matchedStatements(Collection matchedStatements);
/**
*
* A list of the statements in the input policies that determine the result for this scenario. Remember that
* even if multiple statements allow the operation on the resource, if only one statement denies that operation,
* then the explicit deny overrides any allow. In addition, the deny statement is the only entry included in the
* result.
*
*
* @param matchedStatements
* A list of the statements in the input policies that determine the result for this scenario. Remember
* that even if multiple statements allow the operation on the resource, if only one statement denies
* that operation, then the explicit deny overrides any allow. In addition, the deny statement is the
* only entry included in the result.
* @return Returns a reference to this object so that method calls can be chained together.
*/
Builder matchedStatements(Statement... matchedStatements);
/**
*
* A list of the statements in the input policies that determine the result for this scenario. Remember that
* even if multiple statements allow the operation on the resource, if only one statement denies that operation,
* then the explicit deny overrides any allow. In addition, the deny statement is the only entry included in the
* result.
*
* This is a convenience method that creates an instance of the
* {@link software.amazon.awssdk.services.iam.model.Statement.Builder} avoiding the need to create one manually
* via {@link software.amazon.awssdk.services.iam.model.Statement#builder()}.
*
*
* When the {@link Consumer} completes,
* {@link software.amazon.awssdk.services.iam.model.Statement.Builder#build()} is called immediately and its
* result is passed to {@link #matchedStatements(List)}.
*
* @param matchedStatements
* a consumer that will call methods on
* {@link software.amazon.awssdk.services.iam.model.Statement.Builder}
* @return Returns a reference to this object so that method calls can be chained together.
* @see #matchedStatements(java.util.Collection)
*/
Builder matchedStatements(Consumer... matchedStatements);
/**
*
* A list of context keys that are required by the included input policies but that were not provided by one of
* the input parameters. This list is used when the resource in a simulation is "*", either explicitly, or when
* the ResourceArns parameter blank. If you include a list of resources, then any missing context
* values are instead included under the ResourceSpecificResults section. To discover the context
* keys used by a set of policies, you can call GetContextKeysForCustomPolicy or
* GetContextKeysForPrincipalPolicy.
*
*
* @param missingContextValues
* A list of context keys that are required by the included input policies but that were not provided by
* one of the input parameters. This list is used when the resource in a simulation is "*", either
* explicitly, or when the ResourceArns parameter blank. If you include a list of resources,
* then any missing context values are instead included under the ResourceSpecificResults
* section. To discover the context keys used by a set of policies, you can call
* GetContextKeysForCustomPolicy or GetContextKeysForPrincipalPolicy.
* @return Returns a reference to this object so that method calls can be chained together.
*/
Builder missingContextValues(Collection missingContextValues);
/**
*
* A list of context keys that are required by the included input policies but that were not provided by one of
* the input parameters. This list is used when the resource in a simulation is "*", either explicitly, or when
* the ResourceArns parameter blank. If you include a list of resources, then any missing context
* values are instead included under the ResourceSpecificResults section. To discover the context
* keys used by a set of policies, you can call GetContextKeysForCustomPolicy or
* GetContextKeysForPrincipalPolicy.
*
*
* @param missingContextValues
* A list of context keys that are required by the included input policies but that were not provided by
* one of the input parameters. This list is used when the resource in a simulation is "*", either
* explicitly, or when the ResourceArns parameter blank. If you include a list of resources,
* then any missing context values are instead included under the ResourceSpecificResults
* section. To discover the context keys used by a set of policies, you can call
* GetContextKeysForCustomPolicy or GetContextKeysForPrincipalPolicy.
* @return Returns a reference to this object so that method calls can be chained together.
*/
Builder missingContextValues(String... missingContextValues);
/**
*
* A structure that details how Organizations and its service control policies affect the results of the
* simulation. Only applies if the simulated user's account is part of an organization.
*
*
* @param organizationsDecisionDetail
* A structure that details how Organizations and its service control policies affect the results of the
* simulation. Only applies if the simulated user's account is part of an organization.
* @return Returns a reference to this object so that method calls can be chained together.
*/
Builder organizationsDecisionDetail(OrganizationsDecisionDetail organizationsDecisionDetail);
/**
*
* A structure that details how Organizations and its service control policies affect the results of the
* simulation. Only applies if the simulated user's account is part of an organization.
*
* This is a convenience method that creates an instance of the {@link OrganizationsDecisionDetail.Builder}
* avoiding the need to create one manually via {@link OrganizationsDecisionDetail#builder()}.
*
*
* When the {@link Consumer} completes, {@link OrganizationsDecisionDetail.Builder#build()} is called
* immediately and its result is passed to {@link #organizationsDecisionDetail(OrganizationsDecisionDetail)}.
*
* @param organizationsDecisionDetail
* a consumer that will call methods on {@link OrganizationsDecisionDetail.Builder}
* @return Returns a reference to this object so that method calls can be chained together.
* @see #organizationsDecisionDetail(OrganizationsDecisionDetail)
*/
default Builder organizationsDecisionDetail(Consumer organizationsDecisionDetail) {
return organizationsDecisionDetail(OrganizationsDecisionDetail.builder().applyMutation(organizationsDecisionDetail)
.build());
}
/**
*
* Contains information about the effect that a permissions boundary has on a policy simulation when the
* boundary is applied to an IAM entity.
*
*
* @param permissionsBoundaryDecisionDetail
* Contains information about the effect that a permissions boundary has on a policy simulation when the
* boundary is applied to an IAM entity.
* @return Returns a reference to this object so that method calls can be chained together.
*/
Builder permissionsBoundaryDecisionDetail(PermissionsBoundaryDecisionDetail permissionsBoundaryDecisionDetail);
/**
*
* Contains information about the effect that a permissions boundary has on a policy simulation when the
* boundary is applied to an IAM entity.
*
* This is a convenience method that creates an instance of the
* {@link PermissionsBoundaryDecisionDetail.Builder} avoiding the need to create one manually via
* {@link PermissionsBoundaryDecisionDetail#builder()}.
*
*
* When the {@link Consumer} completes, {@link PermissionsBoundaryDecisionDetail.Builder#build()} is called
* immediately and its result is passed to
* {@link #permissionsBoundaryDecisionDetail(PermissionsBoundaryDecisionDetail)}.
*
* @param permissionsBoundaryDecisionDetail
* a consumer that will call methods on {@link PermissionsBoundaryDecisionDetail.Builder}
* @return Returns a reference to this object so that method calls can be chained together.
* @see #permissionsBoundaryDecisionDetail(PermissionsBoundaryDecisionDetail)
*/
default Builder permissionsBoundaryDecisionDetail(
Consumer permissionsBoundaryDecisionDetail) {
return permissionsBoundaryDecisionDetail(PermissionsBoundaryDecisionDetail.builder()
.applyMutation(permissionsBoundaryDecisionDetail).build());
}
/**
*
* Additional details about the results of the cross-account evaluation decision. This parameter is populated
* for only cross-account simulations. It contains a brief summary of how each policy type contributes to the
* final evaluation decision.
*
*
* If the simulation evaluates policies within the same account and includes a resource ARN, then the parameter
* is present but the response is empty. If the simulation evaluates policies within the same account and
* specifies all resources (*), then the parameter is not returned.
*
*
* When you make a cross-account request, Amazon Web Services evaluates the request in the trusting account and
* the trusted account. The request is allowed only if both evaluations return true. For more
* information about how policies are evaluated, see Evaluating policies within a single account.
*
*
* If an Organizations SCP included in the evaluation denies access, the simulation ends. In this case, policy
* evaluation does not proceed any further and this parameter is not returned.
*
*
* @param evalDecisionDetails
* Additional details about the results of the cross-account evaluation decision. This parameter is
* populated for only cross-account simulations. It contains a brief summary of how each policy type
* contributes to the final evaluation decision.
*
* If the simulation evaluates policies within the same account and includes a resource ARN, then the
* parameter is present but the response is empty. If the simulation evaluates policies within the same
* account and specifies all resources (*), then the parameter is not returned.
*
*
* When you make a cross-account request, Amazon Web Services evaluates the request in the trusting
* account and the trusted account. The request is allowed only if both evaluations return
* true. For more information about how policies are evaluated, see Evaluating policies within a single account.
*
*
* If an Organizations SCP included in the evaluation denies access, the simulation ends. In this case,
* policy evaluation does not proceed any further and this parameter is not returned.
* @return Returns a reference to this object so that method calls can be chained together.
*/
Builder evalDecisionDetailsWithStrings(Map evalDecisionDetails);
/**
*
* Additional details about the results of the cross-account evaluation decision. This parameter is populated
* for only cross-account simulations. It contains a brief summary of how each policy type contributes to the
* final evaluation decision.
*
*
* If the simulation evaluates policies within the same account and includes a resource ARN, then the parameter
* is present but the response is empty. If the simulation evaluates policies within the same account and
* specifies all resources (*), then the parameter is not returned.
*
*
* When you make a cross-account request, Amazon Web Services evaluates the request in the trusting account and
* the trusted account. The request is allowed only if both evaluations return true. For more
* information about how policies are evaluated, see Evaluating policies within a single account.
*
*
* If an Organizations SCP included in the evaluation denies access, the simulation ends. In this case, policy
* evaluation does not proceed any further and this parameter is not returned.
*
*
* @param evalDecisionDetails
* Additional details about the results of the cross-account evaluation decision. This parameter is
* populated for only cross-account simulations. It contains a brief summary of how each policy type
* contributes to the final evaluation decision.
*
* If the simulation evaluates policies within the same account and includes a resource ARN, then the
* parameter is present but the response is empty. If the simulation evaluates policies within the same
* account and specifies all resources (*), then the parameter is not returned.
*
*
* When you make a cross-account request, Amazon Web Services evaluates the request in the trusting
* account and the trusted account. The request is allowed only if both evaluations return
* true. For more information about how policies are evaluated, see Evaluating policies within a single account.
*
*
* If an Organizations SCP included in the evaluation denies access, the simulation ends. In this case,
* policy evaluation does not proceed any further and this parameter is not returned.
* @return Returns a reference to this object so that method calls can be chained together.
*/
Builder evalDecisionDetails(Map evalDecisionDetails);
/**
*
* The individual results of the simulation of the API operation specified in EvalActionName on each resource.
*
*
* @param resourceSpecificResults
* The individual results of the simulation of the API operation specified in EvalActionName on each
* resource.
* @return Returns a reference to this object so that method calls can be chained together.
*/
Builder resourceSpecificResults(Collection resourceSpecificResults);
/**
*
* The individual results of the simulation of the API operation specified in EvalActionName on each resource.
*
*
* @param resourceSpecificResults
* The individual results of the simulation of the API operation specified in EvalActionName on each
* resource.
* @return Returns a reference to this object so that method calls can be chained together.
*/
Builder resourceSpecificResults(ResourceSpecificResult... resourceSpecificResults);
/**
*
* The individual results of the simulation of the API operation specified in EvalActionName on each resource.
*
* This is a convenience method that creates an instance of the
* {@link software.amazon.awssdk.services.iam.model.ResourceSpecificResult.Builder} avoiding the need to create
* one manually via {@link software.amazon.awssdk.services.iam.model.ResourceSpecificResult#builder()}.
*
*
* When the {@link Consumer} completes,
* {@link software.amazon.awssdk.services.iam.model.ResourceSpecificResult.Builder#build()} is called
* immediately and its result is passed to {@link #resourceSpecificResults(List)}.
*
* @param resourceSpecificResults
* a consumer that will call methods on
* {@link software.amazon.awssdk.services.iam.model.ResourceSpecificResult.Builder}
* @return Returns a reference to this object so that method calls can be chained together.
* @see #resourceSpecificResults(java.util.Collection)
*/
Builder resourceSpecificResults(Consumer... resourceSpecificResults);
}
static final class BuilderImpl implements Builder {
private String evalActionName;
private String evalResourceName;
private String evalDecision;
private List matchedStatements = DefaultSdkAutoConstructList.getInstance();
private List missingContextValues = DefaultSdkAutoConstructList.getInstance();
private OrganizationsDecisionDetail organizationsDecisionDetail;
private PermissionsBoundaryDecisionDetail permissionsBoundaryDecisionDetail;
private Map evalDecisionDetails = DefaultSdkAutoConstructMap.getInstance();
private List resourceSpecificResults = DefaultSdkAutoConstructList.getInstance();
private BuilderImpl() {
}
private BuilderImpl(EvaluationResult model) {
evalActionName(model.evalActionName);
evalResourceName(model.evalResourceName);
evalDecision(model.evalDecision);
matchedStatements(model.matchedStatements);
missingContextValues(model.missingContextValues);
organizationsDecisionDetail(model.organizationsDecisionDetail);
permissionsBoundaryDecisionDetail(model.permissionsBoundaryDecisionDetail);
evalDecisionDetailsWithStrings(model.evalDecisionDetails);
resourceSpecificResults(model.resourceSpecificResults);
}
public final String getEvalActionName() {
return evalActionName;
}
public final void setEvalActionName(String evalActionName) {
this.evalActionName = evalActionName;
}
@Override
public final Builder evalActionName(String evalActionName) {
this.evalActionName = evalActionName;
return this;
}
public final String getEvalResourceName() {
return evalResourceName;
}
public final void setEvalResourceName(String evalResourceName) {
this.evalResourceName = evalResourceName;
}
@Override
public final Builder evalResourceName(String evalResourceName) {
this.evalResourceName = evalResourceName;
return this;
}
public final String getEvalDecision() {
return evalDecision;
}
public final void setEvalDecision(String evalDecision) {
this.evalDecision = evalDecision;
}
@Override
public final Builder evalDecision(String evalDecision) {
this.evalDecision = evalDecision;
return this;
}
@Override
public final Builder evalDecision(PolicyEvaluationDecisionType evalDecision) {
this.evalDecision(evalDecision == null ? null : evalDecision.toString());
return this;
}
public final List getMatchedStatements() {
List result = StatementListTypeCopier.copyToBuilder(this.matchedStatements);
if (result instanceof SdkAutoConstructList) {
return null;
}
return result;
}
public final void setMatchedStatements(Collection matchedStatements) {
this.matchedStatements = StatementListTypeCopier.copyFromBuilder(matchedStatements);
}
@Override
public final Builder matchedStatements(Collection matchedStatements) {
this.matchedStatements = StatementListTypeCopier.copy(matchedStatements);
return this;
}
@Override
@SafeVarargs
public final Builder matchedStatements(Statement... matchedStatements) {
matchedStatements(Arrays.asList(matchedStatements));
return this;
}
@Override
@SafeVarargs
public final Builder matchedStatements(Consumer... matchedStatements) {
matchedStatements(Stream.of(matchedStatements).map(c -> Statement.builder().applyMutation(c).build())
.collect(Collectors.toList()));
return this;
}
public final Collection getMissingContextValues() {
if (missingContextValues instanceof SdkAutoConstructList) {
return null;
}
return missingContextValues;
}
public final void setMissingContextValues(Collection missingContextValues) {
this.missingContextValues = ContextKeyNamesResultListTypeCopier.copy(missingContextValues);
}
@Override
public final Builder missingContextValues(Collection missingContextValues) {
this.missingContextValues = ContextKeyNamesResultListTypeCopier.copy(missingContextValues);
return this;
}
@Override
@SafeVarargs
public final Builder missingContextValues(String... missingContextValues) {
missingContextValues(Arrays.asList(missingContextValues));
return this;
}
public final OrganizationsDecisionDetail.Builder getOrganizationsDecisionDetail() {
return organizationsDecisionDetail != null ? organizationsDecisionDetail.toBuilder() : null;
}
public final void setOrganizationsDecisionDetail(OrganizationsDecisionDetail.BuilderImpl organizationsDecisionDetail) {
this.organizationsDecisionDetail = organizationsDecisionDetail != null ? organizationsDecisionDetail.build() : null;
}
@Override
public final Builder organizationsDecisionDetail(OrganizationsDecisionDetail organizationsDecisionDetail) {
this.organizationsDecisionDetail = organizationsDecisionDetail;
return this;
}
public final PermissionsBoundaryDecisionDetail.Builder getPermissionsBoundaryDecisionDetail() {
return permissionsBoundaryDecisionDetail != null ? permissionsBoundaryDecisionDetail.toBuilder() : null;
}
public final void setPermissionsBoundaryDecisionDetail(
PermissionsBoundaryDecisionDetail.BuilderImpl permissionsBoundaryDecisionDetail) {
this.permissionsBoundaryDecisionDetail = permissionsBoundaryDecisionDetail != null ? permissionsBoundaryDecisionDetail
.build() : null;
}
@Override
public final Builder permissionsBoundaryDecisionDetail(PermissionsBoundaryDecisionDetail permissionsBoundaryDecisionDetail) {
this.permissionsBoundaryDecisionDetail = permissionsBoundaryDecisionDetail;
return this;
}
public final Map getEvalDecisionDetails() {
if (evalDecisionDetails instanceof SdkAutoConstructMap) {
return null;
}
return evalDecisionDetails;
}
public final void setEvalDecisionDetails(Map evalDecisionDetails) {
this.evalDecisionDetails = EvalDecisionDetailsTypeCopier.copy(evalDecisionDetails);
}
@Override
public final Builder evalDecisionDetailsWithStrings(Map evalDecisionDetails) {
this.evalDecisionDetails = EvalDecisionDetailsTypeCopier.copy(evalDecisionDetails);
return this;
}
@Override
public final Builder evalDecisionDetails(Map evalDecisionDetails) {
this.evalDecisionDetails = EvalDecisionDetailsTypeCopier.copyEnumToString(evalDecisionDetails);
return this;
}
public final List getResourceSpecificResults() {
List result = ResourceSpecificResultListTypeCopier
.copyToBuilder(this.resourceSpecificResults);
if (result instanceof SdkAutoConstructList) {
return null;
}
return result;
}
public final void setResourceSpecificResults(Collection resourceSpecificResults) {
this.resourceSpecificResults = ResourceSpecificResultListTypeCopier.copyFromBuilder(resourceSpecificResults);
}
@Override
public final Builder resourceSpecificResults(Collection resourceSpecificResults) {
this.resourceSpecificResults = ResourceSpecificResultListTypeCopier.copy(resourceSpecificResults);
return this;
}
@Override
@SafeVarargs
public final Builder resourceSpecificResults(ResourceSpecificResult... resourceSpecificResults) {
resourceSpecificResults(Arrays.asList(resourceSpecificResults));
return this;
}
@Override
@SafeVarargs
public final Builder resourceSpecificResults(Consumer... resourceSpecificResults) {
resourceSpecificResults(Stream.of(resourceSpecificResults)
.map(c -> ResourceSpecificResult.builder().applyMutation(c).build()).collect(Collectors.toList()));
return this;
}
@Override
public EvaluationResult build() {
return new EvaluationResult(this);
}
@Override
public List> sdkFields() {
return SDK_FIELDS;
}
}
}