@Generated(value="com.amazonaws:aws-java-sdk-code-generator") public class EvaluationResult extends Object implements Serializable, Cloneable
Contains the results of a simulation.
This data type is used by the return parameter of SimulateCustomPolicy
and
SimulatePrincipalPolicy
.
Constructor and Description |
---|
EvaluationResult() |
Modifier and Type | Method and Description |
---|---|
EvaluationResult |
addEvalDecisionDetailsEntry(String key,
String value)
Add a single EvalDecisionDetails entry
|
EvaluationResult |
clearEvalDecisionDetailsEntries()
Removes all the entries added into EvalDecisionDetails.
|
EvaluationResult |
clone() |
boolean |
equals(Object obj) |
String |
getEvalActionName()
The name of the API operation tested on the indicated resource.
|
String |
getEvalDecision()
The result of the simulation.
|
Map<String,String> |
getEvalDecisionDetails()
Additional details about the results of the cross-account evaluation decision.
|
String |
getEvalResourceName()
The ARN of the resource that the indicated API operation was tested on.
|
List<Statement> |
getMatchedStatements()
A list of the statements in the input policies that determine the result for this scenario.
|
List<String> |
getMissingContextValues()
A list of context keys that are required by the included input policies but that were not provided by one of the
input parameters.
|
OrganizationsDecisionDetail |
getOrganizationsDecisionDetail()
A structure that details how Organizations and its service control policies affect the results of the simulation.
|
PermissionsBoundaryDecisionDetail |
getPermissionsBoundaryDecisionDetail()
Contains information about the effect that a permissions boundary has on a policy simulation when the boundary is
applied to an IAM entity.
|
List<ResourceSpecificResult> |
getResourceSpecificResults()
The individual results of the simulation of the API operation specified in EvalActionName on each resource.
|
int |
hashCode() |
void |
setEvalActionName(String evalActionName)
The name of the API operation tested on the indicated resource.
|
void |
setEvalDecision(PolicyEvaluationDecisionType evalDecision)
The result of the simulation.
|
void |
setEvalDecision(String evalDecision)
The result of the simulation.
|
void |
setEvalDecisionDetails(Map<String,String> evalDecisionDetails)
Additional details about the results of the cross-account evaluation decision.
|
void |
setEvalResourceName(String evalResourceName)
The ARN of the resource that the indicated API operation was tested on.
|
void |
setMatchedStatements(Collection<Statement> matchedStatements)
A list of the statements in the input policies that determine the result for this scenario.
|
void |
setMissingContextValues(Collection<String> missingContextValues)
A list of context keys that are required by the included input policies but that were not provided by one of the
input parameters.
|
void |
setOrganizationsDecisionDetail(OrganizationsDecisionDetail organizationsDecisionDetail)
A structure that details how Organizations and its service control policies affect the results of the simulation.
|
void |
setPermissionsBoundaryDecisionDetail(PermissionsBoundaryDecisionDetail permissionsBoundaryDecisionDetail)
Contains information about the effect that a permissions boundary has on a policy simulation when the boundary is
applied to an IAM entity.
|
void |
setResourceSpecificResults(Collection<ResourceSpecificResult> resourceSpecificResults)
The individual results of the simulation of the API operation specified in EvalActionName on each resource.
|
String |
toString()
Returns a string representation of this object.
|
EvaluationResult |
withEvalActionName(String evalActionName)
The name of the API operation tested on the indicated resource.
|
EvaluationResult |
withEvalDecision(PolicyEvaluationDecisionType evalDecision)
The result of the simulation.
|
EvaluationResult |
withEvalDecision(String evalDecision)
The result of the simulation.
|
EvaluationResult |
withEvalDecisionDetails(Map<String,String> evalDecisionDetails)
Additional details about the results of the cross-account evaluation decision.
|
EvaluationResult |
withEvalResourceName(String evalResourceName)
The ARN of the resource that the indicated API operation was tested on.
|
EvaluationResult |
withMatchedStatements(Collection<Statement> matchedStatements)
A list of the statements in the input policies that determine the result for this scenario.
|
EvaluationResult |
withMatchedStatements(Statement... matchedStatements)
A list of the statements in the input policies that determine the result for this scenario.
|
EvaluationResult |
withMissingContextValues(Collection<String> missingContextValues)
A list of context keys that are required by the included input policies but that were not provided by one of the
input parameters.
|
EvaluationResult |
withMissingContextValues(String... missingContextValues)
A list of context keys that are required by the included input policies but that were not provided by one of the
input parameters.
|
EvaluationResult |
withOrganizationsDecisionDetail(OrganizationsDecisionDetail organizationsDecisionDetail)
A structure that details how Organizations and its service control policies affect the results of the simulation.
|
EvaluationResult |
withPermissionsBoundaryDecisionDetail(PermissionsBoundaryDecisionDetail permissionsBoundaryDecisionDetail)
Contains information about the effect that a permissions boundary has on a policy simulation when the boundary is
applied to an IAM entity.
|
EvaluationResult |
withResourceSpecificResults(Collection<ResourceSpecificResult> resourceSpecificResults)
The individual results of the simulation of the API operation specified in EvalActionName on each resource.
|
EvaluationResult |
withResourceSpecificResults(ResourceSpecificResult... resourceSpecificResults)
The individual results of the simulation of the API operation specified in EvalActionName on each resource.
|
public void setEvalActionName(String evalActionName)
The name of the API operation tested on the indicated resource.
evalActionName
- The name of the API operation tested on the indicated resource.public String getEvalActionName()
The name of the API operation tested on the indicated resource.
public EvaluationResult withEvalActionName(String evalActionName)
The name of the API operation tested on the indicated resource.
evalActionName
- The name of the API operation tested on the indicated resource.public void setEvalResourceName(String evalResourceName)
The ARN of the resource that the indicated API operation was tested on.
evalResourceName
- The ARN of the resource that the indicated API operation was tested on.public String getEvalResourceName()
The ARN of the resource that the indicated API operation was tested on.
public EvaluationResult withEvalResourceName(String evalResourceName)
The ARN of the resource that the indicated API operation was tested on.
evalResourceName
- The ARN of the resource that the indicated API operation was tested on.public void setEvalDecision(String evalDecision)
The result of the simulation.
evalDecision
- The result of the simulation.PolicyEvaluationDecisionType
public String getEvalDecision()
The result of the simulation.
PolicyEvaluationDecisionType
public EvaluationResult withEvalDecision(String evalDecision)
The result of the simulation.
evalDecision
- The result of the simulation.PolicyEvaluationDecisionType
public void setEvalDecision(PolicyEvaluationDecisionType evalDecision)
The result of the simulation.
evalDecision
- The result of the simulation.PolicyEvaluationDecisionType
public EvaluationResult withEvalDecision(PolicyEvaluationDecisionType evalDecision)
The result of the simulation.
evalDecision
- The result of the simulation.PolicyEvaluationDecisionType
public List<Statement> getMatchedStatements()
A list of the statements in the input policies that determine the result for this scenario. Remember that even if multiple statements allow the operation on the resource, if only one statement denies that operation, then the explicit deny overrides any allow. In addition, the deny statement is the only entry included in the result.
public void setMatchedStatements(Collection<Statement> matchedStatements)
A list of the statements in the input policies that determine the result for this scenario. Remember that even if multiple statements allow the operation on the resource, if only one statement denies that operation, then the explicit deny overrides any allow. In addition, the deny statement is the only entry included in the result.
matchedStatements
- A list of the statements in the input policies that determine the result for this scenario. Remember that
even if multiple statements allow the operation on the resource, if only one statement denies that
operation, then the explicit deny overrides any allow. In addition, the deny statement is the only entry
included in the result.public EvaluationResult withMatchedStatements(Statement... matchedStatements)
A list of the statements in the input policies that determine the result for this scenario. Remember that even if multiple statements allow the operation on the resource, if only one statement denies that operation, then the explicit deny overrides any allow. In addition, the deny statement is the only entry included in the result.
NOTE: This method appends the values to the existing list (if any). Use
setMatchedStatements(java.util.Collection)
or withMatchedStatements(java.util.Collection)
if
you want to override the existing values.
matchedStatements
- A list of the statements in the input policies that determine the result for this scenario. Remember that
even if multiple statements allow the operation on the resource, if only one statement denies that
operation, then the explicit deny overrides any allow. In addition, the deny statement is the only entry
included in the result.public EvaluationResult withMatchedStatements(Collection<Statement> matchedStatements)
A list of the statements in the input policies that determine the result for this scenario. Remember that even if multiple statements allow the operation on the resource, if only one statement denies that operation, then the explicit deny overrides any allow. In addition, the deny statement is the only entry included in the result.
matchedStatements
- A list of the statements in the input policies that determine the result for this scenario. Remember that
even if multiple statements allow the operation on the resource, if only one statement denies that
operation, then the explicit deny overrides any allow. In addition, the deny statement is the only entry
included in the result.public List<String> getMissingContextValues()
A list of context keys that are required by the included input policies but that were not provided by one of the
input parameters. This list is used when the resource in a simulation is "*", either explicitly, or when the
ResourceArns
parameter blank. If you include a list of resources, then any missing context values
are instead included under the ResourceSpecificResults
section. To discover the context keys used by
a set of policies, you can call GetContextKeysForCustomPolicy or GetContextKeysForPrincipalPolicy.
ResourceArns
parameter blank. If you include a list of resources, then any
missing context values are instead included under the ResourceSpecificResults
section. To
discover the context keys used by a set of policies, you can call GetContextKeysForCustomPolicy or
GetContextKeysForPrincipalPolicy.public void setMissingContextValues(Collection<String> missingContextValues)
A list of context keys that are required by the included input policies but that were not provided by one of the
input parameters. This list is used when the resource in a simulation is "*", either explicitly, or when the
ResourceArns
parameter blank. If you include a list of resources, then any missing context values
are instead included under the ResourceSpecificResults
section. To discover the context keys used by
a set of policies, you can call GetContextKeysForCustomPolicy or GetContextKeysForPrincipalPolicy.
missingContextValues
- A list of context keys that are required by the included input policies but that were not provided by one
of the input parameters. This list is used when the resource in a simulation is "*", either explicitly, or
when the ResourceArns
parameter blank. If you include a list of resources, then any missing
context values are instead included under the ResourceSpecificResults
section. To discover
the context keys used by a set of policies, you can call GetContextKeysForCustomPolicy or
GetContextKeysForPrincipalPolicy.public EvaluationResult withMissingContextValues(String... missingContextValues)
A list of context keys that are required by the included input policies but that were not provided by one of the
input parameters. This list is used when the resource in a simulation is "*", either explicitly, or when the
ResourceArns
parameter blank. If you include a list of resources, then any missing context values
are instead included under the ResourceSpecificResults
section. To discover the context keys used by
a set of policies, you can call GetContextKeysForCustomPolicy or GetContextKeysForPrincipalPolicy.
NOTE: This method appends the values to the existing list (if any). Use
setMissingContextValues(java.util.Collection)
or withMissingContextValues(java.util.Collection)
if you want to override the existing values.
missingContextValues
- A list of context keys that are required by the included input policies but that were not provided by one
of the input parameters. This list is used when the resource in a simulation is "*", either explicitly, or
when the ResourceArns
parameter blank. If you include a list of resources, then any missing
context values are instead included under the ResourceSpecificResults
section. To discover
the context keys used by a set of policies, you can call GetContextKeysForCustomPolicy or
GetContextKeysForPrincipalPolicy.public EvaluationResult withMissingContextValues(Collection<String> missingContextValues)
A list of context keys that are required by the included input policies but that were not provided by one of the
input parameters. This list is used when the resource in a simulation is "*", either explicitly, or when the
ResourceArns
parameter blank. If you include a list of resources, then any missing context values
are instead included under the ResourceSpecificResults
section. To discover the context keys used by
a set of policies, you can call GetContextKeysForCustomPolicy or GetContextKeysForPrincipalPolicy.
missingContextValues
- A list of context keys that are required by the included input policies but that were not provided by one
of the input parameters. This list is used when the resource in a simulation is "*", either explicitly, or
when the ResourceArns
parameter blank. If you include a list of resources, then any missing
context values are instead included under the ResourceSpecificResults
section. To discover
the context keys used by a set of policies, you can call GetContextKeysForCustomPolicy or
GetContextKeysForPrincipalPolicy.public void setOrganizationsDecisionDetail(OrganizationsDecisionDetail organizationsDecisionDetail)
A structure that details how Organizations and its service control policies affect the results of the simulation. Only applies if the simulated user's account is part of an organization.
organizationsDecisionDetail
- A structure that details how Organizations and its service control policies affect the results of the
simulation. Only applies if the simulated user's account is part of an organization.public OrganizationsDecisionDetail getOrganizationsDecisionDetail()
A structure that details how Organizations and its service control policies affect the results of the simulation. Only applies if the simulated user's account is part of an organization.
public EvaluationResult withOrganizationsDecisionDetail(OrganizationsDecisionDetail organizationsDecisionDetail)
A structure that details how Organizations and its service control policies affect the results of the simulation. Only applies if the simulated user's account is part of an organization.
organizationsDecisionDetail
- A structure that details how Organizations and its service control policies affect the results of the
simulation. Only applies if the simulated user's account is part of an organization.public void setPermissionsBoundaryDecisionDetail(PermissionsBoundaryDecisionDetail permissionsBoundaryDecisionDetail)
Contains information about the effect that a permissions boundary has on a policy simulation when the boundary is applied to an IAM entity.
permissionsBoundaryDecisionDetail
- Contains information about the effect that a permissions boundary has on a policy simulation when the
boundary is applied to an IAM entity.public PermissionsBoundaryDecisionDetail getPermissionsBoundaryDecisionDetail()
Contains information about the effect that a permissions boundary has on a policy simulation when the boundary is applied to an IAM entity.
public EvaluationResult withPermissionsBoundaryDecisionDetail(PermissionsBoundaryDecisionDetail permissionsBoundaryDecisionDetail)
Contains information about the effect that a permissions boundary has on a policy simulation when the boundary is applied to an IAM entity.
permissionsBoundaryDecisionDetail
- Contains information about the effect that a permissions boundary has on a policy simulation when the
boundary is applied to an IAM entity.public Map<String,String> getEvalDecisionDetails()
Additional details about the results of the cross-account evaluation decision. This parameter is populated for only cross-account simulations. It contains a brief summary of how each policy type contributes to the final evaluation decision.
If the simulation evaluates policies within the same account and includes a resource ARN, then the parameter is
present but the response is empty. If the simulation evaluates policies within the same account and specifies all
resources (*
), then the parameter is not returned.
When you make a cross-account request, Amazon Web Services evaluates the request in the trusting account and the
trusted account. The request is allowed only if both evaluations return true
. For more information
about how policies are evaluated, see Evaluating policies within a single account.
If an Organizations SCP included in the evaluation denies access, the simulation ends. In this case, policy evaluation does not proceed any further and this parameter is not returned.
If the simulation evaluates policies within the same account and includes a resource ARN, then the
parameter is present but the response is empty. If the simulation evaluates policies within the same
account and specifies all resources (*
), then the parameter is not returned.
When you make a cross-account request, Amazon Web Services evaluates the request in the trusting account
and the trusted account. The request is allowed only if both evaluations return true
. For
more information about how policies are evaluated, see Evaluating policies within a single account.
If an Organizations SCP included in the evaluation denies access, the simulation ends. In this case, policy evaluation does not proceed any further and this parameter is not returned.
public void setEvalDecisionDetails(Map<String,String> evalDecisionDetails)
Additional details about the results of the cross-account evaluation decision. This parameter is populated for only cross-account simulations. It contains a brief summary of how each policy type contributes to the final evaluation decision.
If the simulation evaluates policies within the same account and includes a resource ARN, then the parameter is
present but the response is empty. If the simulation evaluates policies within the same account and specifies all
resources (*
), then the parameter is not returned.
When you make a cross-account request, Amazon Web Services evaluates the request in the trusting account and the
trusted account. The request is allowed only if both evaluations return true
. For more information
about how policies are evaluated, see Evaluating policies within a single account.
If an Organizations SCP included in the evaluation denies access, the simulation ends. In this case, policy evaluation does not proceed any further and this parameter is not returned.
evalDecisionDetails
- Additional details about the results of the cross-account evaluation decision. This parameter is populated
for only cross-account simulations. It contains a brief summary of how each policy type contributes to the
final evaluation decision.
If the simulation evaluates policies within the same account and includes a resource ARN, then the
parameter is present but the response is empty. If the simulation evaluates policies within the same
account and specifies all resources (*
), then the parameter is not returned.
When you make a cross-account request, Amazon Web Services evaluates the request in the trusting account
and the trusted account. The request is allowed only if both evaluations return true
. For
more information about how policies are evaluated, see Evaluating policies within a single account.
If an Organizations SCP included in the evaluation denies access, the simulation ends. In this case, policy evaluation does not proceed any further and this parameter is not returned.
public EvaluationResult withEvalDecisionDetails(Map<String,String> evalDecisionDetails)
Additional details about the results of the cross-account evaluation decision. This parameter is populated for only cross-account simulations. It contains a brief summary of how each policy type contributes to the final evaluation decision.
If the simulation evaluates policies within the same account and includes a resource ARN, then the parameter is
present but the response is empty. If the simulation evaluates policies within the same account and specifies all
resources (*
), then the parameter is not returned.
When you make a cross-account request, Amazon Web Services evaluates the request in the trusting account and the
trusted account. The request is allowed only if both evaluations return true
. For more information
about how policies are evaluated, see Evaluating policies within a single account.
If an Organizations SCP included in the evaluation denies access, the simulation ends. In this case, policy evaluation does not proceed any further and this parameter is not returned.
evalDecisionDetails
- Additional details about the results of the cross-account evaluation decision. This parameter is populated
for only cross-account simulations. It contains a brief summary of how each policy type contributes to the
final evaluation decision.
If the simulation evaluates policies within the same account and includes a resource ARN, then the
parameter is present but the response is empty. If the simulation evaluates policies within the same
account and specifies all resources (*
), then the parameter is not returned.
When you make a cross-account request, Amazon Web Services evaluates the request in the trusting account
and the trusted account. The request is allowed only if both evaluations return true
. For
more information about how policies are evaluated, see Evaluating policies within a single account.
If an Organizations SCP included in the evaluation denies access, the simulation ends. In this case, policy evaluation does not proceed any further and this parameter is not returned.
public EvaluationResult addEvalDecisionDetailsEntry(String key, String value)
public EvaluationResult clearEvalDecisionDetailsEntries()
public List<ResourceSpecificResult> getResourceSpecificResults()
The individual results of the simulation of the API operation specified in EvalActionName on each resource.
public void setResourceSpecificResults(Collection<ResourceSpecificResult> resourceSpecificResults)
The individual results of the simulation of the API operation specified in EvalActionName on each resource.
resourceSpecificResults
- The individual results of the simulation of the API operation specified in EvalActionName on each
resource.public EvaluationResult withResourceSpecificResults(ResourceSpecificResult... resourceSpecificResults)
The individual results of the simulation of the API operation specified in EvalActionName on each resource.
NOTE: This method appends the values to the existing list (if any). Use
setResourceSpecificResults(java.util.Collection)
or
withResourceSpecificResults(java.util.Collection)
if you want to override the existing values.
resourceSpecificResults
- The individual results of the simulation of the API operation specified in EvalActionName on each
resource.public EvaluationResult withResourceSpecificResults(Collection<ResourceSpecificResult> resourceSpecificResults)
The individual results of the simulation of the API operation specified in EvalActionName on each resource.
resourceSpecificResults
- The individual results of the simulation of the API operation specified in EvalActionName on each
resource.public String toString()
toString
in class Object
Object.toString()
public EvaluationResult clone()