/*
* Copyright 2010-2014 Amazon.com, Inc. or its affiliates. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License").
* You may not use this file except in compliance with the License.
* A copy of the License is located at
*
* http://aws.amazon.com/apache2.0
*
* or in the "license" file accompanying this file. This file is distributed
* on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
* express or implied. See the License for the specific language governing
* permissions and limitations under the License.
*/
/*
* Do not modify this file. This file is generated from the iam-2010-05-08.normal.json service model.
*/
using System;
using System.Collections.Generic;
using System.Xml.Serialization;
using System.Text;
using System.IO;
using Amazon.Runtime;
using Amazon.Runtime.Internal;
namespace Amazon.IdentityManagement.Model
{
///
/// Container for the parameters to the SimulateCustomPolicy operation.
/// Simulate how a set of IAM policies and optionally a resource-based policy works with
/// a list of API operations and AWS resources to determine the policies' effective permissions.
/// The policies are provided as strings.
///
///
///
/// The simulation does not perform the API operations; it only checks the authorization
/// to determine if the simulated policies allow or deny the operations.
///
///
///
/// If you want to simulate existing policies that are attached to an IAM user, group,
/// or role, use SimulatePrincipalPolicy instead.
///
///
///
/// Context keys are variables that are maintained by AWS and its services and which provide
/// details about the context of an API query request. You can use the Condition
/// element of an IAM policy to evaluate context keys. To get the list of context keys
/// that the policies require for correct simulation, use GetContextKeysForCustomPolicy.
///
///
///
/// If the output is long, you can use MaxItems and Marker parameters
/// to paginate the results.
///
///
public partial class SimulateCustomPolicyRequest : AmazonIdentityManagementServiceRequest
{
private List _actionNames = new List();
private string _callerArn;
private List _contextEntries = new List();
private string _marker;
private int? _maxItems;
private List _permissionsBoundaryPolicyInputList = new List();
private List _policyInputList = new List();
private List _resourceArns = new List();
private string _resourceHandlingOption;
private string _resourceOwner;
private string _resourcePolicy;
///
/// Gets and sets the property ActionNames.
///
/// A list of names of API operations to evaluate in the simulation. Each operation is
/// evaluated against each resource. Each operation must include the service identifier,
/// such as iam:CreateUser. This operation does not support using wildcards
/// (*) in an action name.
///
///
[AWSProperty(Required=true)]
public List ActionNames
{
get { return this._actionNames; }
set { this._actionNames = value; }
}
// Check to see if ActionNames property is set
internal bool IsSetActionNames()
{
return this._actionNames != null && this._actionNames.Count > 0;
}
///
/// Gets and sets the property CallerArn.
///
/// The ARN of the IAM user that you want to use as the simulated caller of the API operations.
/// CallerArn is required if you include a ResourcePolicy so
/// that the policy's Principal element has a value to use in evaluating
/// the policy.
///
///
///
/// You can specify only the ARN of an IAM user. You cannot specify the ARN of an assumed
/// role, federated user, or a service principal.
///
///
[AWSProperty(Min=1, Max=2048)]
public string CallerArn
{
get { return this._callerArn; }
set { this._callerArn = value; }
}
// Check to see if CallerArn property is set
internal bool IsSetCallerArn()
{
return this._callerArn != null;
}
///
/// Gets and sets the property ContextEntries.
///
/// A list of context keys and corresponding values for the simulation to use. Whenever
/// a context key is evaluated in one of the simulated IAM permissions policies, the corresponding
/// value is supplied.
///
///
public List ContextEntries
{
get { return this._contextEntries; }
set { this._contextEntries = value; }
}
// Check to see if ContextEntries property is set
internal bool IsSetContextEntries()
{
return this._contextEntries != null && this._contextEntries.Count > 0;
}
///
/// Gets and sets the property Marker.
///
/// Use this parameter only when paginating results and only after you receive a response
/// indicating that the results are truncated. Set it to the value of the Marker
/// element in the response that you received to indicate where the next call should start.
///
///
[AWSProperty(Min=1, Max=320)]
public string Marker
{
get { return this._marker; }
set { this._marker = value; }
}
// Check to see if Marker property is set
internal bool IsSetMarker()
{
return this._marker != null;
}
///
/// Gets and sets the property MaxItems.
///
/// Use this only when paginating results to indicate the maximum number of items you
/// want in the response. If additional items exist beyond the maximum you specify, the
/// IsTruncated response element is true.
///
///
///
/// If you do not include this parameter, the number of items defaults to 100. Note that
/// IAM might return fewer results, even when there are more results available. In that
/// case, the IsTruncated response element returns true, and
/// Marker contains a value to include in the subsequent call that tells
/// the service where to continue from.
///
///
[AWSProperty(Min=1, Max=1000)]
public int MaxItems
{
get { return this._maxItems.GetValueOrDefault(); }
set { this._maxItems = value; }
}
// Check to see if MaxItems property is set
internal bool IsSetMaxItems()
{
return this._maxItems.HasValue;
}
///
/// Gets and sets the property PermissionsBoundaryPolicyInputList.
///
/// The IAM permissions boundary policy to simulate. The permissions boundary sets the
/// maximum permissions that an IAM entity can have. You can input only one permissions
/// boundary when you pass a policy to this operation. For more information about permissions
/// boundaries, see Permissions
/// Boundaries for IAM Entities in the IAM User Guide. The policy input is
/// specified as a string that contains the complete, valid JSON text of a permissions
/// boundary policy.
///
///
///
/// The regex pattern used to validate this
/// parameter is a string of characters consisting of the following:
///
/// -
///
/// Any printable ASCII character ranging from the space character (
\u0020)
/// through the end of the ASCII character range
///
/// -
///
/// The printable characters in the Basic Latin and Latin-1 Supplement character set (through
///
\u00FF)
///
/// -
///
/// The special characters tab (
\u0009), line feed (\u000A),
/// and carriage return (\u000D)
///
///
///
public List PermissionsBoundaryPolicyInputList
{
get { return this._permissionsBoundaryPolicyInputList; }
set { this._permissionsBoundaryPolicyInputList = value; }
}
// Check to see if PermissionsBoundaryPolicyInputList property is set
internal bool IsSetPermissionsBoundaryPolicyInputList()
{
return this._permissionsBoundaryPolicyInputList != null && this._permissionsBoundaryPolicyInputList.Count > 0;
}
///
/// Gets and sets the property PolicyInputList.
///
/// A list of policy documents to include in the simulation. Each document is specified
/// as a string containing the complete, valid JSON text of an IAM policy. Do not include
/// any resource-based policies in this parameter. Any resource-based policy must be submitted
/// with the ResourcePolicy parameter. The policies cannot be "scope-down"
/// policies, such as you could include in a call to GetFederationToken
/// or one of the AssumeRole
/// API operations. In other words, do not use policies designed to restrict what a user
/// can do while using the temporary credentials.
///
///
///
/// The regex pattern used to validate this
/// parameter is a string of characters consisting of the following:
///
/// -
///
/// Any printable ASCII character ranging from the space character (
\u0020)
/// through the end of the ASCII character range
///
/// -
///
/// The printable characters in the Basic Latin and Latin-1 Supplement character set (through
///
\u00FF)
///
/// -
///
/// The special characters tab (
\u0009), line feed (\u000A),
/// and carriage return (\u000D)
///
///
///
[AWSProperty(Required=true)]
public List PolicyInputList
{
get { return this._policyInputList; }
set { this._policyInputList = value; }
}
// Check to see if PolicyInputList property is set
internal bool IsSetPolicyInputList()
{
return this._policyInputList != null && this._policyInputList.Count > 0;
}
///
/// Gets and sets the property ResourceArns.
///
/// A list of ARNs of AWS resources to include in the simulation. If this parameter is
/// not provided, then the value defaults to * (all resources). Each API
/// in the ActionNames parameter is evaluated for each resource in this list.
/// The simulation determines the access result (allowed or denied) of each combination
/// and reports it in the response.
///
///
///
/// The simulation does not automatically retrieve policies for the specified resources.
/// If you want to include a resource policy in the simulation, then you must include
/// the policy as a string in the ResourcePolicy parameter.
///
///
///
/// If you include a ResourcePolicy, then it must be applicable to all of
/// the resources included in the simulation or you receive an invalid input error.
///
///
///
/// For more information about ARNs, see Amazon
/// Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference.
///
///
public List ResourceArns
{
get { return this._resourceArns; }
set { this._resourceArns = value; }
}
// Check to see if ResourceArns property is set
internal bool IsSetResourceArns()
{
return this._resourceArns != null && this._resourceArns.Count > 0;
}
///
/// Gets and sets the property ResourceHandlingOption.
///
/// Specifies the type of simulation to run. Different API operations that support resource-based
/// policies require different combinations of resources. By specifying the type of simulation
/// to run, you enable the policy simulator to enforce the presence of the required resources
/// to ensure reliable simulation results. If your simulation does not match one of the
/// following scenarios, then you can omit this parameter. The following list shows each
/// of the supported scenario values and the resources that you must define to run the
/// simulation.
///
///
///
/// Each of the EC2 scenarios requires that you specify instance, image, and security-group
/// resources. If your scenario includes an EBS volume, then you must specify that volume
/// as a resource. If the EC2 scenario includes VPC, then you must supply the network-interface
/// resource. If it includes an IP subnet, then you must specify the subnet resource.
/// For more information on the EC2 scenario options, see Supported
/// Platforms in the Amazon EC2 User Guide.
///
/// -
///
/// EC2-Classic-InstanceStore
///
///
///
/// instance, image, security-group
///
///
-
///
/// EC2-Classic-EBS
///
///
///
/// instance, image, security-group, volume
///
///
-
///
/// EC2-VPC-InstanceStore
///
///
///
/// instance, image, security-group, network-interface
///
///
-
///
/// EC2-VPC-InstanceStore-Subnet
///
///
///
/// instance, image, security-group, network-interface, subnet
///
///
-
///
/// EC2-VPC-EBS
///
///
///
/// instance, image, security-group, network-interface, volume
///
///
-
///
/// EC2-VPC-EBS-Subnet
///
///
///
/// instance, image, security-group, network-interface, subnet, volume
///
///
///
[AWSProperty(Min=1, Max=64)]
public string ResourceHandlingOption
{
get { return this._resourceHandlingOption; }
set { this._resourceHandlingOption = value; }
}
// Check to see if ResourceHandlingOption property is set
internal bool IsSetResourceHandlingOption()
{
return this._resourceHandlingOption != null;
}
///
/// Gets and sets the property ResourceOwner.
///
/// An ARN representing the AWS account ID that specifies the owner of any simulated resource
/// that does not identify its owner in the resource ARN. Examples of resource ARNs include
/// an S3 bucket or object. If ResourceOwner is specified, it is also used
/// as the account owner of any ResourcePolicy included in the simulation.
/// If the ResourceOwner parameter is not specified, then the owner of the
/// resources and the resource policy defaults to the account of the identity provided
/// in CallerArn. This parameter is required only if you specify a resource-based
/// policy and account that owns the resource is different from the account that owns
/// the simulated calling user CallerArn.
///
///
///
/// The ARN for an account uses the following syntax: arn:aws:iam::AWS-account-ID:root.
/// For example, to represent the account with the 112233445566 ID, use the following
/// ARN: arn:aws:iam::112233445566-ID:root.
///
///
[AWSProperty(Min=1, Max=2048)]
public string ResourceOwner
{
get { return this._resourceOwner; }
set { this._resourceOwner = value; }
}
// Check to see if ResourceOwner property is set
internal bool IsSetResourceOwner()
{
return this._resourceOwner != null;
}
///
/// Gets and sets the property ResourcePolicy.
///
/// A resource-based policy to include in the simulation provided as a string. Each resource
/// in the simulation is treated as if it had this policy attached. You can include only
/// one resource-based policy in a simulation.
///
///
///
/// The regex pattern used to validate this
/// parameter is a string of characters consisting of the following:
///
/// -
///
/// Any printable ASCII character ranging from the space character (
\u0020)
/// through the end of the ASCII character range
///
/// -
///
/// The printable characters in the Basic Latin and Latin-1 Supplement character set (through
///
\u00FF)
///
/// -
///
/// The special characters tab (
\u0009), line feed (\u000A),
/// and carriage return (\u000D)
///
///
///
[AWSProperty(Min=1, Max=131072)]
public string ResourcePolicy
{
get { return this._resourcePolicy; }
set { this._resourcePolicy = value; }
}
// Check to see if ResourcePolicy property is set
internal bool IsSetResourcePolicy()
{
return this._resourcePolicy != null;
}
}
}