software.amazon.awssdk.services.iam.model.ResourceSpecificResult Maven / Gradle / Ivy
Show all versions of iam Show documentation
/*
* Copyright 2014-2019 Amazon.com, Inc. or its affiliates. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance with
* the License. A copy of the License is located at
*
* http://aws.amazon.com/apache2.0
*
* or in the "license" file accompanying this file. This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
* CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions
* and limitations under the License.
*/
package software.amazon.awssdk.services.iam.model;
import java.io.Serializable;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.function.BiConsumer;
import java.util.function.Consumer;
import java.util.function.Function;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import software.amazon.awssdk.annotations.Generated;
import software.amazon.awssdk.core.SdkField;
import software.amazon.awssdk.core.SdkPojo;
import software.amazon.awssdk.core.protocol.MarshallLocation;
import software.amazon.awssdk.core.protocol.MarshallingType;
import software.amazon.awssdk.core.traits.ListTrait;
import software.amazon.awssdk.core.traits.LocationTrait;
import software.amazon.awssdk.core.traits.MapTrait;
import software.amazon.awssdk.core.util.DefaultSdkAutoConstructList;
import software.amazon.awssdk.core.util.DefaultSdkAutoConstructMap;
import software.amazon.awssdk.utils.ToString;
import software.amazon.awssdk.utils.builder.CopyableBuilder;
import software.amazon.awssdk.utils.builder.ToCopyableBuilder;
/**
*
* Contains the result of the simulation of a single API operation call on a single resource.
*
*
* This data type is used by a member of the EvaluationResult data type.
*
*/
@Generated("software.amazon.awssdk:codegen")
public final class ResourceSpecificResult implements SdkPojo, Serializable,
ToCopyableBuilder {
private static final SdkField EVAL_RESOURCE_NAME_FIELD = SdkField. builder(MarshallingType.STRING)
.getter(getter(ResourceSpecificResult::evalResourceName)).setter(setter(Builder::evalResourceName))
.traits(LocationTrait.builder().location(MarshallLocation.PAYLOAD).locationName("EvalResourceName").build()).build();
private static final SdkField EVAL_RESOURCE_DECISION_FIELD = SdkField. builder(MarshallingType.STRING)
.getter(getter(ResourceSpecificResult::evalResourceDecisionAsString)).setter(setter(Builder::evalResourceDecision))
.traits(LocationTrait.builder().location(MarshallLocation.PAYLOAD).locationName("EvalResourceDecision").build())
.build();
private static final SdkField> MATCHED_STATEMENTS_FIELD = SdkField
.> builder(MarshallingType.LIST)
.getter(getter(ResourceSpecificResult::matchedStatements))
.setter(setter(Builder::matchedStatements))
.traits(LocationTrait.builder().location(MarshallLocation.PAYLOAD).locationName("MatchedStatements").build(),
ListTrait
.builder()
.memberLocationName(null)
.memberFieldInfo(
SdkField. builder(MarshallingType.SDK_POJO)
.constructor(Statement::builder)
.traits(LocationTrait.builder().location(MarshallLocation.PAYLOAD)
.locationName("member").build()).build()).build()).build();
private static final SdkField> MISSING_CONTEXT_VALUES_FIELD = SdkField
.> builder(MarshallingType.LIST)
.getter(getter(ResourceSpecificResult::missingContextValues))
.setter(setter(Builder::missingContextValues))
.traits(LocationTrait.builder().location(MarshallLocation.PAYLOAD).locationName("MissingContextValues").build(),
ListTrait
.builder()
.memberLocationName(null)
.memberFieldInfo(
SdkField. builder(MarshallingType.STRING)
.traits(LocationTrait.builder().location(MarshallLocation.PAYLOAD)
.locationName("member").build()).build()).build()).build();
private static final SdkField> EVAL_DECISION_DETAILS_FIELD = SdkField
.> builder(MarshallingType.MAP)
.getter(getter(ResourceSpecificResult::evalDecisionDetailsAsStrings))
.setter(setter(Builder::evalDecisionDetailsWithStrings))
.traits(LocationTrait.builder().location(MarshallLocation.PAYLOAD).locationName("EvalDecisionDetails").build(),
MapTrait.builder()
.keyLocationName("key")
.valueLocationName("value")
.valueFieldInfo(
SdkField. builder(MarshallingType.STRING)
.traits(LocationTrait.builder().location(MarshallLocation.PAYLOAD)
.locationName("value").build()).build()).build()).build();
private static final List> SDK_FIELDS = Collections.unmodifiableList(Arrays.asList(EVAL_RESOURCE_NAME_FIELD,
EVAL_RESOURCE_DECISION_FIELD, MATCHED_STATEMENTS_FIELD, MISSING_CONTEXT_VALUES_FIELD, EVAL_DECISION_DETAILS_FIELD));
private static final long serialVersionUID = 1L;
private final String evalResourceName;
private final String evalResourceDecision;
private final List matchedStatements;
private final List missingContextValues;
private final Map evalDecisionDetails;
private ResourceSpecificResult(BuilderImpl builder) {
this.evalResourceName = builder.evalResourceName;
this.evalResourceDecision = builder.evalResourceDecision;
this.matchedStatements = builder.matchedStatements;
this.missingContextValues = builder.missingContextValues;
this.evalDecisionDetails = builder.evalDecisionDetails;
}
/**
*
* The name of the simulated resource, in Amazon Resource Name (ARN) format.
*
*
* @return The name of the simulated resource, in Amazon Resource Name (ARN) format.
*/
public String evalResourceName() {
return evalResourceName;
}
/**
*
* The result of the simulation of the simulated API operation on the resource specified in
* EvalResourceName.
*
*
* If the service returns an enum value that is not available in the current SDK version,
* {@link #evalResourceDecision} will return {@link PolicyEvaluationDecisionType#UNKNOWN_TO_SDK_VERSION}. The raw
* value returned by the service is available from {@link #evalResourceDecisionAsString}.
*
*
* @return The result of the simulation of the simulated API operation on the resource specified in
* EvalResourceName.
* @see PolicyEvaluationDecisionType
*/
public PolicyEvaluationDecisionType evalResourceDecision() {
return PolicyEvaluationDecisionType.fromValue(evalResourceDecision);
}
/**
*
* The result of the simulation of the simulated API operation on the resource specified in
* EvalResourceName.
*
*
* If the service returns an enum value that is not available in the current SDK version,
* {@link #evalResourceDecision} will return {@link PolicyEvaluationDecisionType#UNKNOWN_TO_SDK_VERSION}. The raw
* value returned by the service is available from {@link #evalResourceDecisionAsString}.
*
*
* @return The result of the simulation of the simulated API operation on the resource specified in
* EvalResourceName.
* @see PolicyEvaluationDecisionType
*/
public String evalResourceDecisionAsString() {
return evalResourceDecision;
}
/**
*
* A list of the statements in the input policies that determine the result for this part of the simulation.
* Remember that even if multiple statements allow the operation on the resource, if any statement denies
* that operation, then the explicit deny overrides any allow. In addition, the deny statement is the only entry
* included in the result.
*
*
* Attempts to modify the collection returned by this method will result in an UnsupportedOperationException.
*
*
* @return A list of the statements in the input policies that determine the result for this part of the simulation.
* Remember that even if multiple statements allow the operation on the resource, if any statement
* denies that operation, then the explicit deny overrides any allow. In addition, the deny statement is the
* only entry included in the result.
*/
public List matchedStatements() {
return matchedStatements;
}
/**
*
* A list of context keys that are required by the included input policies but that were not provided by one of the
* input parameters. This list is used when a list of ARNs is included in the ResourceArns parameter
* instead of "*". If you do not specify individual resources, by setting ResourceArns to "*" or by not
* including the ResourceArns parameter, then any missing context values are instead included under the
* EvaluationResults section. To discover the context keys used by a set of policies, you can call
* GetContextKeysForCustomPolicy or GetContextKeysForPrincipalPolicy.
*
*
* Attempts to modify the collection returned by this method will result in an UnsupportedOperationException.
*
*
* @return A list of context keys that are required by the included input policies but that were not provided by one
* of the input parameters. This list is used when a list of ARNs is included in the
* ResourceArns parameter instead of "*". If you do not specify individual resources, by
* setting ResourceArns to "*" or by not including the ResourceArns parameter,
* then any missing context values are instead included under the EvaluationResults section. To
* discover the context keys used by a set of policies, you can call GetContextKeysForCustomPolicy or
* GetContextKeysForPrincipalPolicy.
*/
public List missingContextValues() {
return missingContextValues;
}
/**
*
* Additional details about the results of the evaluation decision. When there are both IAM policies and resource
* policies, this parameter explains how each set of policies contributes to the final evaluation decision. When
* simulating cross-account access to a resource, both the resource-based policy and the caller's IAM policy must
* grant access.
*
*
* Attempts to modify the collection returned by this method will result in an UnsupportedOperationException.
*
*
* @return Additional details about the results of the evaluation decision. When there are both IAM policies and
* resource policies, this parameter explains how each set of policies contributes to the final evaluation
* decision. When simulating cross-account access to a resource, both the resource-based policy and the
* caller's IAM policy must grant access.
*/
public Map evalDecisionDetails() {
return EvalDecisionDetailsTypeCopier.copyStringToEnum(evalDecisionDetails);
}
/**
*
* Additional details about the results of the evaluation decision. When there are both IAM policies and resource
* policies, this parameter explains how each set of policies contributes to the final evaluation decision. When
* simulating cross-account access to a resource, both the resource-based policy and the caller's IAM policy must
* grant access.
*
*
* Attempts to modify the collection returned by this method will result in an UnsupportedOperationException.
*
*
* @return Additional details about the results of the evaluation decision. When there are both IAM policies and
* resource policies, this parameter explains how each set of policies contributes to the final evaluation
* decision. When simulating cross-account access to a resource, both the resource-based policy and the
* caller's IAM policy must grant access.
*/
public Map evalDecisionDetailsAsStrings() {
return evalDecisionDetails;
}
@Override
public Builder toBuilder() {
return new BuilderImpl(this);
}
public static Builder builder() {
return new BuilderImpl();
}
public static Class serializableBuilderClass() {
return BuilderImpl.class;
}
@Override
public int hashCode() {
int hashCode = 1;
hashCode = 31 * hashCode + Objects.hashCode(evalResourceName());
hashCode = 31 * hashCode + Objects.hashCode(evalResourceDecisionAsString());
hashCode = 31 * hashCode + Objects.hashCode(matchedStatements());
hashCode = 31 * hashCode + Objects.hashCode(missingContextValues());
hashCode = 31 * hashCode + Objects.hashCode(evalDecisionDetailsAsStrings());
return hashCode;
}
@Override
public boolean equals(Object obj) {
return equalsBySdkFields(obj);
}
@Override
public boolean equalsBySdkFields(Object obj) {
if (this == obj) {
return true;
}
if (obj == null) {
return false;
}
if (!(obj instanceof ResourceSpecificResult)) {
return false;
}
ResourceSpecificResult other = (ResourceSpecificResult) obj;
return Objects.equals(evalResourceName(), other.evalResourceName())
&& Objects.equals(evalResourceDecisionAsString(), other.evalResourceDecisionAsString())
&& Objects.equals(matchedStatements(), other.matchedStatements())
&& Objects.equals(missingContextValues(), other.missingContextValues())
&& Objects.equals(evalDecisionDetailsAsStrings(), other.evalDecisionDetailsAsStrings());
}
/**
* Returns a string representation of this object. This is useful for testing and debugging. Sensitive data will be
* redacted from this string using a placeholder value.
*/
@Override
public String toString() {
return ToString.builder("ResourceSpecificResult").add("EvalResourceName", evalResourceName())
.add("EvalResourceDecision", evalResourceDecisionAsString()).add("MatchedStatements", matchedStatements())
.add("MissingContextValues", missingContextValues()).add("EvalDecisionDetails", evalDecisionDetailsAsStrings())
.build();
}
public Optional getValueForField(String fieldName, Class clazz) {
switch (fieldName) {
case "EvalResourceName":
return Optional.ofNullable(clazz.cast(evalResourceName()));
case "EvalResourceDecision":
return Optional.ofNullable(clazz.cast(evalResourceDecisionAsString()));
case "MatchedStatements":
return Optional.ofNullable(clazz.cast(matchedStatements()));
case "MissingContextValues":
return Optional.ofNullable(clazz.cast(missingContextValues()));
case "EvalDecisionDetails":
return Optional.ofNullable(clazz.cast(evalDecisionDetailsAsStrings()));
default:
return Optional.empty();
}
}
@Override
public List> sdkFields() {
return SDK_FIELDS;
}
private static Function getter(Function g) {
return obj -> g.apply((ResourceSpecificResult) obj);
}
private static BiConsumer setter(BiConsumer s) {
return (obj, val) -> s.accept((Builder) obj, val);
}
public interface Builder extends SdkPojo, CopyableBuilder {
/**
*
* The name of the simulated resource, in Amazon Resource Name (ARN) format.
*
*
* @param evalResourceName
* The name of the simulated resource, in Amazon Resource Name (ARN) format.
* @return Returns a reference to this object so that method calls can be chained together.
*/
Builder evalResourceName(String evalResourceName);
/**
*
* The result of the simulation of the simulated API operation on the resource specified in
* EvalResourceName.
*
*
* @param evalResourceDecision
* The result of the simulation of the simulated API operation on the resource specified in
* EvalResourceName.
* @see PolicyEvaluationDecisionType
* @return Returns a reference to this object so that method calls can be chained together.
* @see PolicyEvaluationDecisionType
*/
Builder evalResourceDecision(String evalResourceDecision);
/**
*
* The result of the simulation of the simulated API operation on the resource specified in
* EvalResourceName.
*
*
* @param evalResourceDecision
* The result of the simulation of the simulated API operation on the resource specified in
* EvalResourceName.
* @see PolicyEvaluationDecisionType
* @return Returns a reference to this object so that method calls can be chained together.
* @see PolicyEvaluationDecisionType
*/
Builder evalResourceDecision(PolicyEvaluationDecisionType evalResourceDecision);
/**
*
* A list of the statements in the input policies that determine the result for this part of the simulation.
* Remember that even if multiple statements allow the operation on the resource, if any statement denies
* that operation, then the explicit deny overrides any allow. In addition, the deny statement is the only entry
* included in the result.
*
*
* @param matchedStatements
* A list of the statements in the input policies that determine the result for this part of the
* simulation. Remember that even if multiple statements allow the operation on the resource, if
* any statement denies that operation, then the explicit deny overrides any allow. In addition,
* the deny statement is the only entry included in the result.
* @return Returns a reference to this object so that method calls can be chained together.
*/
Builder matchedStatements(Collection matchedStatements);
/**
*
* A list of the statements in the input policies that determine the result for this part of the simulation.
* Remember that even if multiple statements allow the operation on the resource, if any statement denies
* that operation, then the explicit deny overrides any allow. In addition, the deny statement is the only entry
* included in the result.
*
*
* @param matchedStatements
* A list of the statements in the input policies that determine the result for this part of the
* simulation. Remember that even if multiple statements allow the operation on the resource, if
* any statement denies that operation, then the explicit deny overrides any allow. In addition,
* the deny statement is the only entry included in the result.
* @return Returns a reference to this object so that method calls can be chained together.
*/
Builder matchedStatements(Statement... matchedStatements);
/**
*
* A list of the statements in the input policies that determine the result for this part of the simulation.
* Remember that even if multiple statements allow the operation on the resource, if any statement denies
* that operation, then the explicit deny overrides any allow. In addition, the deny statement is the only entry
* included in the result.
*
* This is a convenience that creates an instance of the {@link List.Builder} avoiding the need to
* create one manually via {@link List#builder()}.
*
* When the {@link Consumer} completes, {@link List.Builder#build()} is called immediately and its
* result is passed to {@link #matchedStatements(List)}.
*
* @param matchedStatements
* a consumer that will call methods on {@link List.Builder}
* @return Returns a reference to this object so that method calls can be chained together.
* @see #matchedStatements(List)
*/
Builder matchedStatements(Consumer... matchedStatements);
/**
*
* A list of context keys that are required by the included input policies but that were not provided by one of
* the input parameters. This list is used when a list of ARNs is included in the ResourceArns
* parameter instead of "*". If you do not specify individual resources, by setting ResourceArns to
* "*" or by not including the ResourceArns parameter, then any missing context values are instead
* included under the EvaluationResults section. To discover the context keys used by a set of
* policies, you can call GetContextKeysForCustomPolicy or GetContextKeysForPrincipalPolicy.
*
*
* @param missingContextValues
* A list of context keys that are required by the included input policies but that were not provided by
* one of the input parameters. This list is used when a list of ARNs is included in the
* ResourceArns parameter instead of "*". If you do not specify individual resources, by
* setting ResourceArns to "*" or by not including the ResourceArns parameter,
* then any missing context values are instead included under the EvaluationResults section.
* To discover the context keys used by a set of policies, you can call
* GetContextKeysForCustomPolicy or GetContextKeysForPrincipalPolicy.
* @return Returns a reference to this object so that method calls can be chained together.
*/
Builder missingContextValues(Collection missingContextValues);
/**
*
* A list of context keys that are required by the included input policies but that were not provided by one of
* the input parameters. This list is used when a list of ARNs is included in the ResourceArns
* parameter instead of "*". If you do not specify individual resources, by setting ResourceArns to
* "*" or by not including the ResourceArns parameter, then any missing context values are instead
* included under the EvaluationResults section. To discover the context keys used by a set of
* policies, you can call GetContextKeysForCustomPolicy or GetContextKeysForPrincipalPolicy.
*
*
* @param missingContextValues
* A list of context keys that are required by the included input policies but that were not provided by
* one of the input parameters. This list is used when a list of ARNs is included in the
* ResourceArns parameter instead of "*". If you do not specify individual resources, by
* setting ResourceArns to "*" or by not including the ResourceArns parameter,
* then any missing context values are instead included under the EvaluationResults section.
* To discover the context keys used by a set of policies, you can call
* GetContextKeysForCustomPolicy or GetContextKeysForPrincipalPolicy.
* @return Returns a reference to this object so that method calls can be chained together.
*/
Builder missingContextValues(String... missingContextValues);
/**
*
* Additional details about the results of the evaluation decision. When there are both IAM policies and
* resource policies, this parameter explains how each set of policies contributes to the final evaluation
* decision. When simulating cross-account access to a resource, both the resource-based policy and the caller's
* IAM policy must grant access.
*
*
* @param evalDecisionDetails
* Additional details about the results of the evaluation decision. When there are both IAM policies and
* resource policies, this parameter explains how each set of policies contributes to the final
* evaluation decision. When simulating cross-account access to a resource, both the resource-based
* policy and the caller's IAM policy must grant access.
* @return Returns a reference to this object so that method calls can be chained together.
*/
Builder evalDecisionDetailsWithStrings(Map evalDecisionDetails);
/**
*
* Additional details about the results of the evaluation decision. When there are both IAM policies and
* resource policies, this parameter explains how each set of policies contributes to the final evaluation
* decision. When simulating cross-account access to a resource, both the resource-based policy and the caller's
* IAM policy must grant access.
*
*
* @param evalDecisionDetails
* Additional details about the results of the evaluation decision. When there are both IAM policies and
* resource policies, this parameter explains how each set of policies contributes to the final
* evaluation decision. When simulating cross-account access to a resource, both the resource-based
* policy and the caller's IAM policy must grant access.
* @return Returns a reference to this object so that method calls can be chained together.
*/
Builder evalDecisionDetails(Map evalDecisionDetails);
}
static final class BuilderImpl implements Builder {
private String evalResourceName;
private String evalResourceDecision;
private List matchedStatements = DefaultSdkAutoConstructList.getInstance();
private List missingContextValues = DefaultSdkAutoConstructList.getInstance();
private Map evalDecisionDetails = DefaultSdkAutoConstructMap.getInstance();
private BuilderImpl() {
}
private BuilderImpl(ResourceSpecificResult model) {
evalResourceName(model.evalResourceName);
evalResourceDecision(model.evalResourceDecision);
matchedStatements(model.matchedStatements);
missingContextValues(model.missingContextValues);
evalDecisionDetailsWithStrings(model.evalDecisionDetails);
}
public final String getEvalResourceName() {
return evalResourceName;
}
@Override
public final Builder evalResourceName(String evalResourceName) {
this.evalResourceName = evalResourceName;
return this;
}
public final void setEvalResourceName(String evalResourceName) {
this.evalResourceName = evalResourceName;
}
public final String getEvalResourceDecisionAsString() {
return evalResourceDecision;
}
@Override
public final Builder evalResourceDecision(String evalResourceDecision) {
this.evalResourceDecision = evalResourceDecision;
return this;
}
@Override
public final Builder evalResourceDecision(PolicyEvaluationDecisionType evalResourceDecision) {
this.evalResourceDecision(evalResourceDecision == null ? null : evalResourceDecision.toString());
return this;
}
public final void setEvalResourceDecision(String evalResourceDecision) {
this.evalResourceDecision = evalResourceDecision;
}
public final Collection getMatchedStatements() {
return matchedStatements != null ? matchedStatements.stream().map(Statement::toBuilder).collect(Collectors.toList())
: null;
}
@Override
public final Builder matchedStatements(Collection matchedStatements) {
this.matchedStatements = StatementListTypeCopier.copy(matchedStatements);
return this;
}
@Override
@SafeVarargs
public final Builder matchedStatements(Statement... matchedStatements) {
matchedStatements(Arrays.asList(matchedStatements));
return this;
}
@Override
@SafeVarargs
public final Builder matchedStatements(Consumer... matchedStatements) {
matchedStatements(Stream.of(matchedStatements).map(c -> Statement.builder().applyMutation(c).build())
.collect(Collectors.toList()));
return this;
}
public final void setMatchedStatements(Collection matchedStatements) {
this.matchedStatements = StatementListTypeCopier.copyFromBuilder(matchedStatements);
}
public final Collection getMissingContextValues() {
return missingContextValues;
}
@Override
public final Builder missingContextValues(Collection missingContextValues) {
this.missingContextValues = ContextKeyNamesResultListTypeCopier.copy(missingContextValues);
return this;
}
@Override
@SafeVarargs
public final Builder missingContextValues(String... missingContextValues) {
missingContextValues(Arrays.asList(missingContextValues));
return this;
}
public final void setMissingContextValues(Collection missingContextValues) {
this.missingContextValues = ContextKeyNamesResultListTypeCopier.copy(missingContextValues);
}
public final Map getEvalDecisionDetailsAsStrings() {
return evalDecisionDetails;
}
@Override
public final Builder evalDecisionDetailsWithStrings(Map evalDecisionDetails) {
this.evalDecisionDetails = EvalDecisionDetailsTypeCopier.copy(evalDecisionDetails);
return this;
}
@Override
public final Builder evalDecisionDetails(Map evalDecisionDetails) {
this.evalDecisionDetails = EvalDecisionDetailsTypeCopier.copyEnumToString(evalDecisionDetails);
return this;
}
public final void setEvalDecisionDetailsWithStrings(Map evalDecisionDetails) {
this.evalDecisionDetails = EvalDecisionDetailsTypeCopier.copy(evalDecisionDetails);
}
@Override
public ResourceSpecificResult build() {
return new ResourceSpecificResult(this);
}
@Override
public List> sdkFields() {
return SDK_FIELDS;
}
}
}