software.amazon.awssdk.services.iam.model.SimulatePrincipalPolicyRequest Maven / Gradle / Ivy
/*
* Copyright 2014-2019 Amazon.com, Inc. or its affiliates. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance with
* the License. A copy of the License is located at
*
* http://aws.amazon.com/apache2.0
*
* or in the "license" file accompanying this file. This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
* CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions
* and limitations under the License.
*/
package software.amazon.awssdk.services.iam.model;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.List;
import java.util.Objects;
import java.util.Optional;
import java.util.function.BiConsumer;
import java.util.function.Consumer;
import java.util.function.Function;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import software.amazon.awssdk.annotations.Generated;
import software.amazon.awssdk.awscore.AwsRequestOverrideConfiguration;
import software.amazon.awssdk.core.SdkField;
import software.amazon.awssdk.core.SdkPojo;
import software.amazon.awssdk.core.protocol.MarshallLocation;
import software.amazon.awssdk.core.protocol.MarshallingType;
import software.amazon.awssdk.core.traits.ListTrait;
import software.amazon.awssdk.core.traits.LocationTrait;
import software.amazon.awssdk.core.util.DefaultSdkAutoConstructList;
import software.amazon.awssdk.utils.ToString;
import software.amazon.awssdk.utils.builder.CopyableBuilder;
import software.amazon.awssdk.utils.builder.ToCopyableBuilder;
/**
*/
@Generated("software.amazon.awssdk:codegen")
public final class SimulatePrincipalPolicyRequest extends IamRequest implements
ToCopyableBuilder {
private static final SdkField POLICY_SOURCE_ARN_FIELD = SdkField. builder(MarshallingType.STRING)
.getter(getter(SimulatePrincipalPolicyRequest::policySourceArn)).setter(setter(Builder::policySourceArn))
.traits(LocationTrait.builder().location(MarshallLocation.PAYLOAD).locationName("PolicySourceArn").build()).build();
private static final SdkField> POLICY_INPUT_LIST_FIELD = SdkField
.> builder(MarshallingType.LIST)
.getter(getter(SimulatePrincipalPolicyRequest::policyInputList))
.setter(setter(Builder::policyInputList))
.traits(LocationTrait.builder().location(MarshallLocation.PAYLOAD).locationName("PolicyInputList").build(),
ListTrait
.builder()
.memberLocationName(null)
.memberFieldInfo(
SdkField. builder(MarshallingType.STRING)
.traits(LocationTrait.builder().location(MarshallLocation.PAYLOAD)
.locationName("member").build()).build()).build()).build();
private static final SdkField> ACTION_NAMES_FIELD = SdkField
.> builder(MarshallingType.LIST)
.getter(getter(SimulatePrincipalPolicyRequest::actionNames))
.setter(setter(Builder::actionNames))
.traits(LocationTrait.builder().location(MarshallLocation.PAYLOAD).locationName("ActionNames").build(),
ListTrait
.builder()
.memberLocationName(null)
.memberFieldInfo(
SdkField. builder(MarshallingType.STRING)
.traits(LocationTrait.builder().location(MarshallLocation.PAYLOAD)
.locationName("member").build()).build()).build()).build();
private static final SdkField> RESOURCE_ARNS_FIELD = SdkField
.> builder(MarshallingType.LIST)
.getter(getter(SimulatePrincipalPolicyRequest::resourceArns))
.setter(setter(Builder::resourceArns))
.traits(LocationTrait.builder().location(MarshallLocation.PAYLOAD).locationName("ResourceArns").build(),
ListTrait
.builder()
.memberLocationName(null)
.memberFieldInfo(
SdkField. builder(MarshallingType.STRING)
.traits(LocationTrait.builder().location(MarshallLocation.PAYLOAD)
.locationName("member").build()).build()).build()).build();
private static final SdkField RESOURCE_POLICY_FIELD = SdkField. builder(MarshallingType.STRING)
.getter(getter(SimulatePrincipalPolicyRequest::resourcePolicy)).setter(setter(Builder::resourcePolicy))
.traits(LocationTrait.builder().location(MarshallLocation.PAYLOAD).locationName("ResourcePolicy").build()).build();
private static final SdkField RESOURCE_OWNER_FIELD = SdkField. builder(MarshallingType.STRING)
.getter(getter(SimulatePrincipalPolicyRequest::resourceOwner)).setter(setter(Builder::resourceOwner))
.traits(LocationTrait.builder().location(MarshallLocation.PAYLOAD).locationName("ResourceOwner").build()).build();
private static final SdkField CALLER_ARN_FIELD = SdkField. builder(MarshallingType.STRING)
.getter(getter(SimulatePrincipalPolicyRequest::callerArn)).setter(setter(Builder::callerArn))
.traits(LocationTrait.builder().location(MarshallLocation.PAYLOAD).locationName("CallerArn").build()).build();
private static final SdkField> CONTEXT_ENTRIES_FIELD = SdkField
.> builder(MarshallingType.LIST)
.getter(getter(SimulatePrincipalPolicyRequest::contextEntries))
.setter(setter(Builder::contextEntries))
.traits(LocationTrait.builder().location(MarshallLocation.PAYLOAD).locationName("ContextEntries").build(),
ListTrait
.builder()
.memberLocationName(null)
.memberFieldInfo(
SdkField. builder(MarshallingType.SDK_POJO)
.constructor(ContextEntry::builder)
.traits(LocationTrait.builder().location(MarshallLocation.PAYLOAD)
.locationName("member").build()).build()).build()).build();
private static final SdkField RESOURCE_HANDLING_OPTION_FIELD = SdkField. builder(MarshallingType.STRING)
.getter(getter(SimulatePrincipalPolicyRequest::resourceHandlingOption))
.setter(setter(Builder::resourceHandlingOption))
.traits(LocationTrait.builder().location(MarshallLocation.PAYLOAD).locationName("ResourceHandlingOption").build())
.build();
private static final SdkField MAX_ITEMS_FIELD = SdkField. builder(MarshallingType.INTEGER)
.getter(getter(SimulatePrincipalPolicyRequest::maxItems)).setter(setter(Builder::maxItems))
.traits(LocationTrait.builder().location(MarshallLocation.PAYLOAD).locationName("MaxItems").build()).build();
private static final SdkField MARKER_FIELD = SdkField. builder(MarshallingType.STRING)
.getter(getter(SimulatePrincipalPolicyRequest::marker)).setter(setter(Builder::marker))
.traits(LocationTrait.builder().location(MarshallLocation.PAYLOAD).locationName("Marker").build()).build();
private static final List> SDK_FIELDS = Collections.unmodifiableList(Arrays.asList(POLICY_SOURCE_ARN_FIELD,
POLICY_INPUT_LIST_FIELD, ACTION_NAMES_FIELD, RESOURCE_ARNS_FIELD, RESOURCE_POLICY_FIELD, RESOURCE_OWNER_FIELD,
CALLER_ARN_FIELD, CONTEXT_ENTRIES_FIELD, RESOURCE_HANDLING_OPTION_FIELD, MAX_ITEMS_FIELD, MARKER_FIELD));
private final String policySourceArn;
private final List policyInputList;
private final List actionNames;
private final List resourceArns;
private final String resourcePolicy;
private final String resourceOwner;
private final String callerArn;
private final List contextEntries;
private final String resourceHandlingOption;
private final Integer maxItems;
private final String marker;
private SimulatePrincipalPolicyRequest(BuilderImpl builder) {
super(builder);
this.policySourceArn = builder.policySourceArn;
this.policyInputList = builder.policyInputList;
this.actionNames = builder.actionNames;
this.resourceArns = builder.resourceArns;
this.resourcePolicy = builder.resourcePolicy;
this.resourceOwner = builder.resourceOwner;
this.callerArn = builder.callerArn;
this.contextEntries = builder.contextEntries;
this.resourceHandlingOption = builder.resourceHandlingOption;
this.maxItems = builder.maxItems;
this.marker = builder.marker;
}
/**
*
* The Amazon Resource Name (ARN) of a user, group, or role whose policies you want to include in the simulation. If
* you specify a user, group, or role, the simulation includes all policies that are associated with that entity. If
* you specify a user, the simulation also includes all policies that are attached to any groups the user belongs
* to.
*
*
* For more information about ARNs, see Amazon Resource Names (ARNs) and
* AWS Service Namespaces in the AWS General Reference.
*
*
* @return The Amazon Resource Name (ARN) of a user, group, or role whose policies you want to include in the
* simulation. If you specify a user, group, or role, the simulation includes all policies that are
* associated with that entity. If you specify a user, the simulation also includes all policies that are
* attached to any groups the user belongs to.
*
* For more information about ARNs, see Amazon Resource Names
* (ARNs) and AWS Service Namespaces in the AWS General Reference.
*/
public String policySourceArn() {
return policySourceArn;
}
/**
*
* An optional list of additional policy documents to include in the simulation. Each document is specified as a
* string containing the complete, valid JSON text of an IAM policy.
*
*
* The regex pattern used to validate this parameter is a string of
* characters consisting of the following:
*
*
* -
*
* Any printable ASCII character ranging from the space character ( ) through the end of the ASCII character range
*
*
* -
*
* The printable characters in the Basic Latin and Latin-1 Supplement character set (through \u00FF)
*
*
* -
*
* The special characters tab ( ), line feed ( ), and carriage return ( )
*
*
*
*
* Attempts to modify the collection returned by this method will result in an UnsupportedOperationException.
*
*
* @return An optional list of additional policy documents to include in the simulation. Each document is specified
* as a string containing the complete, valid JSON text of an IAM policy.
*
* The regex pattern used to validate this parameter is a
* string of characters consisting of the following:
*
*
* -
*
* Any printable ASCII character ranging from the space character ( ) through the end of the ASCII character
* range
*
*
* -
*
* The printable characters in the Basic Latin and Latin-1 Supplement character set (through \u00FF)
*
*
* -
*
* The special characters tab ( ), line feed ( ), and carriage return ( )
*
*
*/
public List policyInputList() {
return policyInputList;
}
/**
*
* A list of names of API operations to evaluate in the simulation. Each operation is evaluated for each resource.
* Each operation must include the service identifier, such as iam:CreateUser.
*
*
* Attempts to modify the collection returned by this method will result in an UnsupportedOperationException.
*
*
* @return A list of names of API operations to evaluate in the simulation. Each operation is evaluated for each
* resource. Each operation must include the service identifier, such as iam:CreateUser.
*/
public List actionNames() {
return actionNames;
}
/**
*
* A list of ARNs of AWS resources to include in the simulation. If this parameter is not provided, then the value
* defaults to * (all resources). Each API in the ActionNames parameter is evaluated for
* each resource in this list. The simulation determines the access result (allowed or denied) of each combination
* and reports it in the response.
*
*
* The simulation does not automatically retrieve policies for the specified resources. If you want to include a
* resource policy in the simulation, then you must include the policy as a string in the
* ResourcePolicy parameter.
*
*
* For more information about ARNs, see Amazon Resource Names (ARNs) and
* AWS Service Namespaces in the AWS General Reference.
*
*
* Attempts to modify the collection returned by this method will result in an UnsupportedOperationException.
*
*
* @return A list of ARNs of AWS resources to include in the simulation. If this parameter is not provided, then the
* value defaults to * (all resources). Each API in the ActionNames parameter is
* evaluated for each resource in this list. The simulation determines the access result (allowed or denied)
* of each combination and reports it in the response.
*
* The simulation does not automatically retrieve policies for the specified resources. If you want to
* include a resource policy in the simulation, then you must include the policy as a string in the
* ResourcePolicy parameter.
*
*
* For more information about ARNs, see Amazon Resource Names
* (ARNs) and AWS Service Namespaces in the AWS General Reference.
*/
public List resourceArns() {
return resourceArns;
}
/**
*
* A resource-based policy to include in the simulation provided as a string. Each resource in the simulation is
* treated as if it had this policy attached. You can include only one resource-based policy in a simulation.
*
*
* The regex pattern used to validate this parameter is a string of
* characters consisting of the following:
*
*
* -
*
* Any printable ASCII character ranging from the space character ( ) through the end of the ASCII character range
*
*
* -
*
* The printable characters in the Basic Latin and Latin-1 Supplement character set (through \u00FF)
*
*
* -
*
* The special characters tab ( ), line feed ( ), and carriage return ( )
*
*
*
*
* @return A resource-based policy to include in the simulation provided as a string. Each resource in the
* simulation is treated as if it had this policy attached. You can include only one resource-based policy
* in a simulation.
*
* The regex pattern used to validate this parameter is a
* string of characters consisting of the following:
*
*
* -
*
* Any printable ASCII character ranging from the space character ( ) through the end of the ASCII character
* range
*
*
* -
*
* The printable characters in the Basic Latin and Latin-1 Supplement character set (through \u00FF)
*
*
* -
*
* The special characters tab ( ), line feed ( ), and carriage return ( )
*
*
*/
public String resourcePolicy() {
return resourcePolicy;
}
/**
*
* An AWS account ID that specifies the owner of any simulated resource that does not identify its owner in the
* resource ARN, such as an S3 bucket or object. If ResourceOwner is specified, it is also used as the
* account owner of any ResourcePolicy included in the simulation. If the ResourceOwner
* parameter is not specified, then the owner of the resources and the resource policy defaults to the account of
* the identity provided in CallerArn. This parameter is required only if you specify a resource-based
* policy and account that owns the resource is different from the account that owns the simulated calling user
* CallerArn.
*
*
* @return An AWS account ID that specifies the owner of any simulated resource that does not identify its owner in
* the resource ARN, such as an S3 bucket or object. If ResourceOwner is specified, it is also
* used as the account owner of any ResourcePolicy included in the simulation. If the
* ResourceOwner parameter is not specified, then the owner of the resources and the resource
* policy defaults to the account of the identity provided in CallerArn. This parameter is
* required only if you specify a resource-based policy and account that owns the resource is different from
* the account that owns the simulated calling user CallerArn.
*/
public String resourceOwner() {
return resourceOwner;
}
/**
*
* The ARN of the IAM user that you want to specify as the simulated caller of the API operations. If you do not
* specify a CallerArn, it defaults to the ARN of the user that you specify in
* PolicySourceArn, if you specified a user. If you include both a PolicySourceArn (for
* example, arn:aws:iam::123456789012:user/David) and a CallerArn (for example,
* arn:aws:iam::123456789012:user/Bob), the result is that you simulate calling the API operations as
* Bob, as if Bob had David's policies.
*
*
* You can specify only the ARN of an IAM user. You cannot specify the ARN of an assumed role, federated user, or a
* service principal.
*
*
* CallerArn is required if you include a ResourcePolicy and the
* PolicySourceArn is not the ARN for an IAM user. This is required so that the resource-based policy's
* Principal element has a value to use in evaluating the policy.
*
*
* For more information about ARNs, see Amazon Resource Names (ARNs) and
* AWS Service Namespaces in the AWS General Reference.
*
*
* @return The ARN of the IAM user that you want to specify as the simulated caller of the API operations. If you do
* not specify a CallerArn, it defaults to the ARN of the user that you specify in
* PolicySourceArn, if you specified a user. If you include both a PolicySourceArn
* (for example, arn:aws:iam::123456789012:user/David) and a CallerArn (for
* example, arn:aws:iam::123456789012:user/Bob), the result is that you simulate calling the
* API operations as Bob, as if Bob had David's policies.
*
* You can specify only the ARN of an IAM user. You cannot specify the ARN of an assumed role, federated
* user, or a service principal.
*
*
* CallerArn is required if you include a ResourcePolicy and the
* PolicySourceArn is not the ARN for an IAM user. This is required so that the resource-based
* policy's Principal element has a value to use in evaluating the policy.
*
*
* For more information about ARNs, see Amazon Resource Names
* (ARNs) and AWS Service Namespaces in the AWS General Reference.
*/
public String callerArn() {
return callerArn;
}
/**
*
* A list of context keys and corresponding values for the simulation to use. Whenever a context key is evaluated in
* one of the simulated IAM permission policies, the corresponding value is supplied.
*
*
* Attempts to modify the collection returned by this method will result in an UnsupportedOperationException.
*
*
* @return A list of context keys and corresponding values for the simulation to use. Whenever a context key is
* evaluated in one of the simulated IAM permission policies, the corresponding value is supplied.
*/
public List contextEntries() {
return contextEntries;
}
/**
*
* Specifies the type of simulation to run. Different API operations that support resource-based policies require
* different combinations of resources. By specifying the type of simulation to run, you enable the policy simulator
* to enforce the presence of the required resources to ensure reliable simulation results. If your simulation does
* not match one of the following scenarios, then you can omit this parameter. The following list shows each of the
* supported scenario values and the resources that you must define to run the simulation.
*
*
* Each of the EC2 scenarios requires that you specify instance, image, and security group resources. If your
* scenario includes an EBS volume, then you must specify that volume as a resource. If the EC2 scenario includes
* VPC, then you must supply the network interface resource. If it includes an IP subnet, then you must specify the
* subnet resource. For more information on the EC2 scenario options, see Supported Platforms in
* the Amazon EC2 User Guide.
*
*
* -
*
* EC2-Classic-InstanceStore
*
*
* instance, image, security group
*
*
* -
*
* EC2-Classic-EBS
*
*
* instance, image, security group, volume
*
*
* -
*
* EC2-VPC-InstanceStore
*
*
* instance, image, security group, network interface
*
*
* -
*
* EC2-VPC-InstanceStore-Subnet
*
*
* instance, image, security group, network interface, subnet
*
*
* -
*
* EC2-VPC-EBS
*
*
* instance, image, security group, network interface, volume
*
*
* -
*
* EC2-VPC-EBS-Subnet
*
*
* instance, image, security group, network interface, subnet, volume
*
*
*
*
* @return Specifies the type of simulation to run. Different API operations that support resource-based policies
* require different combinations of resources. By specifying the type of simulation to run, you enable the
* policy simulator to enforce the presence of the required resources to ensure reliable simulation results.
* If your simulation does not match one of the following scenarios, then you can omit this parameter. The
* following list shows each of the supported scenario values and the resources that you must define to run
* the simulation.
*
* Each of the EC2 scenarios requires that you specify instance, image, and security group resources. If
* your scenario includes an EBS volume, then you must specify that volume as a resource. If the EC2
* scenario includes VPC, then you must supply the network interface resource. If it includes an IP subnet,
* then you must specify the subnet resource. For more information on the EC2 scenario options, see Supported
* Platforms in the Amazon EC2 User Guide.
*
*
* -
*
* EC2-Classic-InstanceStore
*
*
* instance, image, security group
*
*
* -
*
* EC2-Classic-EBS
*
*
* instance, image, security group, volume
*
*
* -
*
* EC2-VPC-InstanceStore
*
*
* instance, image, security group, network interface
*
*
* -
*
* EC2-VPC-InstanceStore-Subnet
*
*
* instance, image, security group, network interface, subnet
*
*
* -
*
* EC2-VPC-EBS
*
*
* instance, image, security group, network interface, volume
*
*
* -
*
* EC2-VPC-EBS-Subnet
*
*
* instance, image, security group, network interface, subnet, volume
*
*
*/
public String resourceHandlingOption() {
return resourceHandlingOption;
}
/**
*
* Use this only when paginating results to indicate the maximum number of items you want in the response. If
* additional items exist beyond the maximum you specify, the IsTruncated response element is
* true.
*
*
* If you do not include this parameter, the number of items defaults to 100. Note that IAM might return fewer
* results, even when there are more results available. In that case, the IsTruncated response element
* returns true, and Marker contains a value to include in the subsequent call that tells
* the service where to continue from.
*
*
* @return Use this only when paginating results to indicate the maximum number of items you want in the response.
* If additional items exist beyond the maximum you specify, the IsTruncated response element
* is true.
*
* If you do not include this parameter, the number of items defaults to 100. Note that IAM might return
* fewer results, even when there are more results available. In that case, the IsTruncated
* response element returns true, and Marker contains a value to include in the
* subsequent call that tells the service where to continue from.
*/
public Integer maxItems() {
return maxItems;
}
/**
*
* Use this parameter only when paginating results and only after you receive a response indicating that the results
* are truncated. Set it to the value of the Marker element in the response that you received to
* indicate where the next call should start.
*
*
* @return Use this parameter only when paginating results and only after you receive a response indicating that the
* results are truncated. Set it to the value of the Marker element in the response that you
* received to indicate where the next call should start.
*/
public String marker() {
return marker;
}
@Override
public Builder toBuilder() {
return new BuilderImpl(this);
}
public static Builder builder() {
return new BuilderImpl();
}
public static Class serializableBuilderClass() {
return BuilderImpl.class;
}
@Override
public int hashCode() {
int hashCode = 1;
hashCode = 31 * hashCode + Objects.hashCode(policySourceArn());
hashCode = 31 * hashCode + Objects.hashCode(policyInputList());
hashCode = 31 * hashCode + Objects.hashCode(actionNames());
hashCode = 31 * hashCode + Objects.hashCode(resourceArns());
hashCode = 31 * hashCode + Objects.hashCode(resourcePolicy());
hashCode = 31 * hashCode + Objects.hashCode(resourceOwner());
hashCode = 31 * hashCode + Objects.hashCode(callerArn());
hashCode = 31 * hashCode + Objects.hashCode(contextEntries());
hashCode = 31 * hashCode + Objects.hashCode(resourceHandlingOption());
hashCode = 31 * hashCode + Objects.hashCode(maxItems());
hashCode = 31 * hashCode + Objects.hashCode(marker());
return hashCode;
}
@Override
public boolean equals(Object obj) {
if (this == obj) {
return true;
}
if (obj == null) {
return false;
}
if (!(obj instanceof SimulatePrincipalPolicyRequest)) {
return false;
}
SimulatePrincipalPolicyRequest other = (SimulatePrincipalPolicyRequest) obj;
return Objects.equals(policySourceArn(), other.policySourceArn())
&& Objects.equals(policyInputList(), other.policyInputList())
&& Objects.equals(actionNames(), other.actionNames()) && Objects.equals(resourceArns(), other.resourceArns())
&& Objects.equals(resourcePolicy(), other.resourcePolicy())
&& Objects.equals(resourceOwner(), other.resourceOwner()) && Objects.equals(callerArn(), other.callerArn())
&& Objects.equals(contextEntries(), other.contextEntries())
&& Objects.equals(resourceHandlingOption(), other.resourceHandlingOption())
&& Objects.equals(maxItems(), other.maxItems()) && Objects.equals(marker(), other.marker());
}
@Override
public String toString() {
return ToString.builder("SimulatePrincipalPolicyRequest").add("PolicySourceArn", policySourceArn())
.add("PolicyInputList", policyInputList()).add("ActionNames", actionNames()).add("ResourceArns", resourceArns())
.add("ResourcePolicy", resourcePolicy()).add("ResourceOwner", resourceOwner()).add("CallerArn", callerArn())
.add("ContextEntries", contextEntries()).add("ResourceHandlingOption", resourceHandlingOption())
.add("MaxItems", maxItems()).add("Marker", marker()).build();
}
public Optional getValueForField(String fieldName, Class clazz) {
switch (fieldName) {
case "PolicySourceArn":
return Optional.ofNullable(clazz.cast(policySourceArn()));
case "PolicyInputList":
return Optional.ofNullable(clazz.cast(policyInputList()));
case "ActionNames":
return Optional.ofNullable(clazz.cast(actionNames()));
case "ResourceArns":
return Optional.ofNullable(clazz.cast(resourceArns()));
case "ResourcePolicy":
return Optional.ofNullable(clazz.cast(resourcePolicy()));
case "ResourceOwner":
return Optional.ofNullable(clazz.cast(resourceOwner()));
case "CallerArn":
return Optional.ofNullable(clazz.cast(callerArn()));
case "ContextEntries":
return Optional.ofNullable(clazz.cast(contextEntries()));
case "ResourceHandlingOption":
return Optional.ofNullable(clazz.cast(resourceHandlingOption()));
case "MaxItems":
return Optional.ofNullable(clazz.cast(maxItems()));
case "Marker":
return Optional.ofNullable(clazz.cast(marker()));
default:
return Optional.empty();
}
}
@Override
public List> sdkFields() {
return SDK_FIELDS;
}
private static Function getter(Function g) {
return obj -> g.apply((SimulatePrincipalPolicyRequest) obj);
}
private static BiConsumer setter(BiConsumer s) {
return (obj, val) -> s.accept((Builder) obj, val);
}
public interface Builder extends IamRequest.Builder, SdkPojo, CopyableBuilder {
/**
*
* The Amazon Resource Name (ARN) of a user, group, or role whose policies you want to include in the
* simulation. If you specify a user, group, or role, the simulation includes all policies that are associated
* with that entity. If you specify a user, the simulation also includes all policies that are attached to any
* groups the user belongs to.
*
*
* For more information about ARNs, see Amazon Resource Names (ARNs)
* and AWS Service Namespaces in the AWS General Reference.
*
*
* @param policySourceArn
* The Amazon Resource Name (ARN) of a user, group, or role whose policies you want to include in the
* simulation. If you specify a user, group, or role, the simulation includes all policies that are
* associated with that entity. If you specify a user, the simulation also includes all policies that are
* attached to any groups the user belongs to.
*
* For more information about ARNs, see Amazon Resource Names
* (ARNs) and AWS Service Namespaces in the AWS General Reference.
* @return Returns a reference to this object so that method calls can be chained together.
*/
Builder policySourceArn(String policySourceArn);
/**
*
* An optional list of additional policy documents to include in the simulation. Each document is specified as a
* string containing the complete, valid JSON text of an IAM policy.
*
*
* The regex pattern used to validate this parameter is a string
* of characters consisting of the following:
*
*
* -
*
* Any printable ASCII character ranging from the space character ( ) through the end of the ASCII character
* range
*
*
* -
*
* The printable characters in the Basic Latin and Latin-1 Supplement character set (through \u00FF)
*
*
* -
*
* The special characters tab ( ), line feed ( ), and carriage return ( )
*
*
*
*
* @param policyInputList
* An optional list of additional policy documents to include in the simulation. Each document is
* specified as a string containing the complete, valid JSON text of an IAM policy.
*
* The regex pattern used to validate this parameter is a
* string of characters consisting of the following:
*
*
* -
*
* Any printable ASCII character ranging from the space character ( ) through the end of the ASCII
* character range
*
*
* -
*
* The printable characters in the Basic Latin and Latin-1 Supplement character set (through \u00FF)
*
*
* -
*
* The special characters tab ( ), line feed ( ), and carriage return ( )
*
*
* @return Returns a reference to this object so that method calls can be chained together.
*/
Builder policyInputList(Collection policyInputList);
/**
*
* An optional list of additional policy documents to include in the simulation. Each document is specified as a
* string containing the complete, valid JSON text of an IAM policy.
*
*
* The regex pattern used to validate this parameter is a string
* of characters consisting of the following:
*
*
* -
*
* Any printable ASCII character ranging from the space character ( ) through the end of the ASCII character
* range
*
*
* -
*
* The printable characters in the Basic Latin and Latin-1 Supplement character set (through \u00FF)
*
*
* -
*
* The special characters tab ( ), line feed ( ), and carriage return ( )
*
*
*
*
* @param policyInputList
* An optional list of additional policy documents to include in the simulation. Each document is
* specified as a string containing the complete, valid JSON text of an IAM policy.
*
* The regex pattern used to validate this parameter is a
* string of characters consisting of the following:
*
*
* -
*
* Any printable ASCII character ranging from the space character ( ) through the end of the ASCII
* character range
*
*
* -
*
* The printable characters in the Basic Latin and Latin-1 Supplement character set (through \u00FF)
*
*
* -
*
* The special characters tab ( ), line feed ( ), and carriage return ( )
*
*
* @return Returns a reference to this object so that method calls can be chained together.
*/
Builder policyInputList(String... policyInputList);
/**
*
* A list of names of API operations to evaluate in the simulation. Each operation is evaluated for each
* resource. Each operation must include the service identifier, such as iam:CreateUser.
*
*
* @param actionNames
* A list of names of API operations to evaluate in the simulation. Each operation is evaluated for each
* resource. Each operation must include the service identifier, such as iam:CreateUser.
* @return Returns a reference to this object so that method calls can be chained together.
*/
Builder actionNames(Collection actionNames);
/**
*
* A list of names of API operations to evaluate in the simulation. Each operation is evaluated for each
* resource. Each operation must include the service identifier, such as iam:CreateUser.
*
*
* @param actionNames
* A list of names of API operations to evaluate in the simulation. Each operation is evaluated for each
* resource. Each operation must include the service identifier, such as iam:CreateUser.
* @return Returns a reference to this object so that method calls can be chained together.
*/
Builder actionNames(String... actionNames);
/**
*
* A list of ARNs of AWS resources to include in the simulation. If this parameter is not provided, then the
* value defaults to * (all resources). Each API in the ActionNames parameter is
* evaluated for each resource in this list. The simulation determines the access result (allowed or denied) of
* each combination and reports it in the response.
*
*
* The simulation does not automatically retrieve policies for the specified resources. If you want to include a
* resource policy in the simulation, then you must include the policy as a string in the
* ResourcePolicy parameter.
*
*
* For more information about ARNs, see Amazon Resource Names (ARNs)
* and AWS Service Namespaces in the AWS General Reference.
*
*
* @param resourceArns
* A list of ARNs of AWS resources to include in the simulation. If this parameter is not provided, then
* the value defaults to * (all resources). Each API in the ActionNames
* parameter is evaluated for each resource in this list. The simulation determines the access result
* (allowed or denied) of each combination and reports it in the response.
*
* The simulation does not automatically retrieve policies for the specified resources. If you want to
* include a resource policy in the simulation, then you must include the policy as a string in the
* ResourcePolicy parameter.
*
*
* For more information about ARNs, see Amazon Resource Names
* (ARNs) and AWS Service Namespaces in the AWS General Reference.
* @return Returns a reference to this object so that method calls can be chained together.
*/
Builder resourceArns(Collection resourceArns);
/**
*
* A list of ARNs of AWS resources to include in the simulation. If this parameter is not provided, then the
* value defaults to * (all resources). Each API in the ActionNames parameter is
* evaluated for each resource in this list. The simulation determines the access result (allowed or denied) of
* each combination and reports it in the response.
*
*
* The simulation does not automatically retrieve policies for the specified resources. If you want to include a
* resource policy in the simulation, then you must include the policy as a string in the
* ResourcePolicy parameter.
*
*
* For more information about ARNs, see Amazon Resource Names (ARNs)
* and AWS Service Namespaces in the AWS General Reference.
*
*
* @param resourceArns
* A list of ARNs of AWS resources to include in the simulation. If this parameter is not provided, then
* the value defaults to * (all resources). Each API in the ActionNames
* parameter is evaluated for each resource in this list. The simulation determines the access result
* (allowed or denied) of each combination and reports it in the response.
*
* The simulation does not automatically retrieve policies for the specified resources. If you want to
* include a resource policy in the simulation, then you must include the policy as a string in the
* ResourcePolicy parameter.
*
*
* For more information about ARNs, see Amazon Resource Names
* (ARNs) and AWS Service Namespaces in the AWS General Reference.
* @return Returns a reference to this object so that method calls can be chained together.
*/
Builder resourceArns(String... resourceArns);
/**
*
* A resource-based policy to include in the simulation provided as a string. Each resource in the simulation is
* treated as if it had this policy attached. You can include only one resource-based policy in a simulation.
*
*
* The regex pattern used to validate this parameter is a string
* of characters consisting of the following:
*
*
* -
*
* Any printable ASCII character ranging from the space character ( ) through the end of the ASCII character
* range
*
*
* -
*
* The printable characters in the Basic Latin and Latin-1 Supplement character set (through \u00FF)
*
*
* -
*
* The special characters tab ( ), line feed ( ), and carriage return ( )
*
*
*
*
* @param resourcePolicy
* A resource-based policy to include in the simulation provided as a string. Each resource in the
* simulation is treated as if it had this policy attached. You can include only one resource-based
* policy in a simulation.
*
* The regex pattern used to validate this parameter is a
* string of characters consisting of the following:
*
*
* -
*
* Any printable ASCII character ranging from the space character ( ) through the end of the ASCII
* character range
*
*
* -
*
* The printable characters in the Basic Latin and Latin-1 Supplement character set (through \u00FF)
*
*
* -
*
* The special characters tab ( ), line feed ( ), and carriage return ( )
*
*
* @return Returns a reference to this object so that method calls can be chained together.
*/
Builder resourcePolicy(String resourcePolicy);
/**
*
* An AWS account ID that specifies the owner of any simulated resource that does not identify its owner in the
* resource ARN, such as an S3 bucket or object. If ResourceOwner is specified, it is also used as
* the account owner of any ResourcePolicy included in the simulation. If the
* ResourceOwner parameter is not specified, then the owner of the resources and the resource
* policy defaults to the account of the identity provided in CallerArn. This parameter is required
* only if you specify a resource-based policy and account that owns the resource is different from the account
* that owns the simulated calling user CallerArn.
*
*
* @param resourceOwner
* An AWS account ID that specifies the owner of any simulated resource that does not identify its owner
* in the resource ARN, such as an S3 bucket or object. If ResourceOwner is specified, it is
* also used as the account owner of any ResourcePolicy included in the simulation. If the
* ResourceOwner parameter is not specified, then the owner of the resources and the
* resource policy defaults to the account of the identity provided in CallerArn. This
* parameter is required only if you specify a resource-based policy and account that owns the resource
* is different from the account that owns the simulated calling user CallerArn.
* @return Returns a reference to this object so that method calls can be chained together.
*/
Builder resourceOwner(String resourceOwner);
/**
*
* The ARN of the IAM user that you want to specify as the simulated caller of the API operations. If you do not
* specify a CallerArn, it defaults to the ARN of the user that you specify in
* PolicySourceArn, if you specified a user. If you include both a PolicySourceArn
* (for example, arn:aws:iam::123456789012:user/David) and a CallerArn (for example,
* arn:aws:iam::123456789012:user/Bob), the result is that you simulate calling the API operations
* as Bob, as if Bob had David's policies.
*
*
* You can specify only the ARN of an IAM user. You cannot specify the ARN of an assumed role, federated user,
* or a service principal.
*
*
* CallerArn is required if you include a ResourcePolicy and the
* PolicySourceArn is not the ARN for an IAM user. This is required so that the resource-based
* policy's Principal element has a value to use in evaluating the policy.
*
*
* For more information about ARNs, see Amazon Resource Names (ARNs)
* and AWS Service Namespaces in the AWS General Reference.
*
*
* @param callerArn
* The ARN of the IAM user that you want to specify as the simulated caller of the API operations. If you
* do not specify a CallerArn, it defaults to the ARN of the user that you specify in
* PolicySourceArn, if you specified a user. If you include both a
* PolicySourceArn (for example, arn:aws:iam::123456789012:user/David) and a
* CallerArn (for example, arn:aws:iam::123456789012:user/Bob), the result is
* that you simulate calling the API operations as Bob, as if Bob had David's policies.
*
* You can specify only the ARN of an IAM user. You cannot specify the ARN of an assumed role, federated
* user, or a service principal.
*
*
* CallerArn is required if you include a ResourcePolicy and the
* PolicySourceArn is not the ARN for an IAM user. This is required so that the
* resource-based policy's Principal element has a value to use in evaluating the policy.
*
*
* For more information about ARNs, see Amazon Resource Names
* (ARNs) and AWS Service Namespaces in the AWS General Reference.
* @return Returns a reference to this object so that method calls can be chained together.
*/
Builder callerArn(String callerArn);
/**
*
* A list of context keys and corresponding values for the simulation to use. Whenever a context key is
* evaluated in one of the simulated IAM permission policies, the corresponding value is supplied.
*
*
* @param contextEntries
* A list of context keys and corresponding values for the simulation to use. Whenever a context key is
* evaluated in one of the simulated IAM permission policies, the corresponding value is supplied.
* @return Returns a reference to this object so that method calls can be chained together.
*/
Builder contextEntries(Collection contextEntries);
/**
*
* A list of context keys and corresponding values for the simulation to use. Whenever a context key is
* evaluated in one of the simulated IAM permission policies, the corresponding value is supplied.
*
*
* @param contextEntries
* A list of context keys and corresponding values for the simulation to use. Whenever a context key is
* evaluated in one of the simulated IAM permission policies, the corresponding value is supplied.
* @return Returns a reference to this object so that method calls can be chained together.
*/
Builder contextEntries(ContextEntry... contextEntries);
/**
*
* A list of context keys and corresponding values for the simulation to use. Whenever a context key is
* evaluated in one of the simulated IAM permission policies, the corresponding value is supplied.
*
* This is a convenience that creates an instance of the {@link List.Builder} avoiding the need to
* create one manually via {@link List#builder()}.
*
* When the {@link Consumer} completes, {@link List.Builder#build()} is called immediately and its
* result is passed to {@link #contextEntries(List)}.
*
* @param contextEntries
* a consumer that will call methods on {@link List.Builder}
* @return Returns a reference to this object so that method calls can be chained together.
* @see #contextEntries(List)
*/
Builder contextEntries(Consumer... contextEntries);
/**
*
* Specifies the type of simulation to run. Different API operations that support resource-based policies
* require different combinations of resources. By specifying the type of simulation to run, you enable the
* policy simulator to enforce the presence of the required resources to ensure reliable simulation results. If
* your simulation does not match one of the following scenarios, then you can omit this parameter. The
* following list shows each of the supported scenario values and the resources that you must define to run the
* simulation.
*
*
* Each of the EC2 scenarios requires that you specify instance, image, and security group resources. If your
* scenario includes an EBS volume, then you must specify that volume as a resource. If the EC2 scenario
* includes VPC, then you must supply the network interface resource. If it includes an IP subnet, then you must
* specify the subnet resource. For more information on the EC2 scenario options, see Supported
* Platforms in the Amazon EC2 User Guide.
*
*
* -
*
* EC2-Classic-InstanceStore
*
*
* instance, image, security group
*
*
* -
*
* EC2-Classic-EBS
*
*
* instance, image, security group, volume
*
*
* -
*
* EC2-VPC-InstanceStore
*
*
* instance, image, security group, network interface
*
*
* -
*
* EC2-VPC-InstanceStore-Subnet
*
*
* instance, image, security group, network interface, subnet
*
*
* -
*
* EC2-VPC-EBS
*
*
* instance, image, security group, network interface, volume
*
*
* -
*
* EC2-VPC-EBS-Subnet
*
*
* instance, image, security group, network interface, subnet, volume
*
*
*
*
* @param resourceHandlingOption
* Specifies the type of simulation to run. Different API operations that support resource-based policies
* require different combinations of resources. By specifying the type of simulation to run, you enable
* the policy simulator to enforce the presence of the required resources to ensure reliable simulation
* results. If your simulation does not match one of the following scenarios, then you can omit this
* parameter. The following list shows each of the supported scenario values and the resources that you
* must define to run the simulation.
*
* Each of the EC2 scenarios requires that you specify instance, image, and security group resources. If
* your scenario includes an EBS volume, then you must specify that volume as a resource. If the EC2
* scenario includes VPC, then you must supply the network interface resource. If it includes an IP
* subnet, then you must specify the subnet resource. For more information on the EC2 scenario options,
* see Supported
* Platforms in the Amazon EC2 User Guide.
*
*
* -
*
* EC2-Classic-InstanceStore
*
*
* instance, image, security group
*
*
* -
*
* EC2-Classic-EBS
*
*
* instance, image, security group, volume
*
*
* -
*
* EC2-VPC-InstanceStore
*
*
* instance, image, security group, network interface
*
*
* -
*
* EC2-VPC-InstanceStore-Subnet
*
*
* instance, image, security group, network interface, subnet
*
*
* -
*
* EC2-VPC-EBS
*
*
* instance, image, security group, network interface, volume
*
*
* -
*
* EC2-VPC-EBS-Subnet
*
*
* instance, image, security group, network interface, subnet, volume
*
*
* @return Returns a reference to this object so that method calls can be chained together.
*/
Builder resourceHandlingOption(String resourceHandlingOption);
/**
*
* Use this only when paginating results to indicate the maximum number of items you want in the response. If
* additional items exist beyond the maximum you specify, the IsTruncated response element is
* true.
*
*
* If you do not include this parameter, the number of items defaults to 100. Note that IAM might return fewer
* results, even when there are more results available. In that case, the IsTruncated response
* element returns true, and Marker contains a value to include in the subsequent call
* that tells the service where to continue from.
*
*
* @param maxItems
* Use this only when paginating results to indicate the maximum number of items you want in the
* response. If additional items exist beyond the maximum you specify, the IsTruncated
* response element is true.
*
* If you do not include this parameter, the number of items defaults to 100. Note that IAM might return
* fewer results, even when there are more results available. In that case, the IsTruncated
* response element returns true, and Marker contains a value to include in the
* subsequent call that tells the service where to continue from.
* @return Returns a reference to this object so that method calls can be chained together.
*/
Builder maxItems(Integer maxItems);
/**
*
* Use this parameter only when paginating results and only after you receive a response indicating that the
* results are truncated. Set it to the value of the Marker element in the response that you
* received to indicate where the next call should start.
*
*
* @param marker
* Use this parameter only when paginating results and only after you receive a response indicating that
* the results are truncated. Set it to the value of the Marker element in the response that
* you received to indicate where the next call should start.
* @return Returns a reference to this object so that method calls can be chained together.
*/
Builder marker(String marker);
@Override
Builder overrideConfiguration(AwsRequestOverrideConfiguration overrideConfiguration);
@Override
Builder overrideConfiguration(Consumer builderConsumer);
}
static final class BuilderImpl extends IamRequest.BuilderImpl implements Builder {
private String policySourceArn;
private List policyInputList = DefaultSdkAutoConstructList.getInstance();
private List actionNames = DefaultSdkAutoConstructList.getInstance();
private List resourceArns = DefaultSdkAutoConstructList.getInstance();
private String resourcePolicy;
private String resourceOwner;
private String callerArn;
private List contextEntries = DefaultSdkAutoConstructList.getInstance();
private String resourceHandlingOption;
private Integer maxItems;
private String marker;
private BuilderImpl() {
}
private BuilderImpl(SimulatePrincipalPolicyRequest model) {
super(model);
policySourceArn(model.policySourceArn);
policyInputList(model.policyInputList);
actionNames(model.actionNames);
resourceArns(model.resourceArns);
resourcePolicy(model.resourcePolicy);
resourceOwner(model.resourceOwner);
callerArn(model.callerArn);
contextEntries(model.contextEntries);
resourceHandlingOption(model.resourceHandlingOption);
maxItems(model.maxItems);
marker(model.marker);
}
public final String getPolicySourceArn() {
return policySourceArn;
}
@Override
public final Builder policySourceArn(String policySourceArn) {
this.policySourceArn = policySourceArn;
return this;
}
public final void setPolicySourceArn(String policySourceArn) {
this.policySourceArn = policySourceArn;
}
public final Collection getPolicyInputList() {
return policyInputList;
}
@Override
public final Builder policyInputList(Collection policyInputList) {
this.policyInputList = SimulationPolicyListTypeCopier.copy(policyInputList);
return this;
}
@Override
@SafeVarargs
public final Builder policyInputList(String... policyInputList) {
policyInputList(Arrays.asList(policyInputList));
return this;
}
public final void setPolicyInputList(Collection policyInputList) {
this.policyInputList = SimulationPolicyListTypeCopier.copy(policyInputList);
}
public final Collection getActionNames() {
return actionNames;
}
@Override
public final Builder actionNames(Collection actionNames) {
this.actionNames = ActionNameListTypeCopier.copy(actionNames);
return this;
}
@Override
@SafeVarargs
public final Builder actionNames(String... actionNames) {
actionNames(Arrays.asList(actionNames));
return this;
}
public final void setActionNames(Collection actionNames) {
this.actionNames = ActionNameListTypeCopier.copy(actionNames);
}
public final Collection getResourceArns() {
return resourceArns;
}
@Override
public final Builder resourceArns(Collection resourceArns) {
this.resourceArns = ResourceNameListTypeCopier.copy(resourceArns);
return this;
}
@Override
@SafeVarargs
public final Builder resourceArns(String... resourceArns) {
resourceArns(Arrays.asList(resourceArns));
return this;
}
public final void setResourceArns(Collection resourceArns) {
this.resourceArns = ResourceNameListTypeCopier.copy(resourceArns);
}
public final String getResourcePolicy() {
return resourcePolicy;
}
@Override
public final Builder resourcePolicy(String resourcePolicy) {
this.resourcePolicy = resourcePolicy;
return this;
}
public final void setResourcePolicy(String resourcePolicy) {
this.resourcePolicy = resourcePolicy;
}
public final String getResourceOwner() {
return resourceOwner;
}
@Override
public final Builder resourceOwner(String resourceOwner) {
this.resourceOwner = resourceOwner;
return this;
}
public final void setResourceOwner(String resourceOwner) {
this.resourceOwner = resourceOwner;
}
public final String getCallerArn() {
return callerArn;
}
@Override
public final Builder callerArn(String callerArn) {
this.callerArn = callerArn;
return this;
}
public final void setCallerArn(String callerArn) {
this.callerArn = callerArn;
}
public final Collection getContextEntries() {
return contextEntries != null ? contextEntries.stream().map(ContextEntry::toBuilder).collect(Collectors.toList())
: null;
}
@Override
public final Builder contextEntries(Collection contextEntries) {
this.contextEntries = ContextEntryListTypeCopier.copy(contextEntries);
return this;
}
@Override
@SafeVarargs
public final Builder contextEntries(ContextEntry... contextEntries) {
contextEntries(Arrays.asList(contextEntries));
return this;
}
@Override
@SafeVarargs
public final Builder contextEntries(Consumer... contextEntries) {
contextEntries(Stream.of(contextEntries).map(c -> ContextEntry.builder().applyMutation(c).build())
.collect(Collectors.toList()));
return this;
}
public final void setContextEntries(Collection contextEntries) {
this.contextEntries = ContextEntryListTypeCopier.copyFromBuilder(contextEntries);
}
public final String getResourceHandlingOption() {
return resourceHandlingOption;
}
@Override
public final Builder resourceHandlingOption(String resourceHandlingOption) {
this.resourceHandlingOption = resourceHandlingOption;
return this;
}
public final void setResourceHandlingOption(String resourceHandlingOption) {
this.resourceHandlingOption = resourceHandlingOption;
}
public final Integer getMaxItems() {
return maxItems;
}
@Override
public final Builder maxItems(Integer maxItems) {
this.maxItems = maxItems;
return this;
}
public final void setMaxItems(Integer maxItems) {
this.maxItems = maxItems;
}
public final String getMarker() {
return marker;
}
@Override
public final Builder marker(String marker) {
this.marker = marker;
return this;
}
public final void setMarker(String marker) {
this.marker = marker;
}
@Override
public Builder overrideConfiguration(AwsRequestOverrideConfiguration overrideConfiguration) {
super.overrideConfiguration(overrideConfiguration);
return this;
}
@Override
public Builder overrideConfiguration(Consumer builderConsumer) {
super.overrideConfiguration(builderConsumer);
return this;
}
@Override
public SimulatePrincipalPolicyRequest build() {
return new SimulatePrincipalPolicyRequest(this);
}
@Override
public List> sdkFields() {
return SDK_FIELDS;
}
}
}