Container for the parameters to the SimulatePrincipalPolicy operation. Simulate how a set of IAM policies attached to an IAM entity works with a list of API actions and AWS resources to determine the policies' effective permissions. The entity can be an IAM user, group, or role. If you specify a user, then the simulation also includes all of the policies that are attached to groups that the user belongs to .

You can optionally include a list of one or more additional policies specified as strings to include in the simulation. If you want to simulate only policies specified as strings, use SimulateCustomPolicy instead.

You can also optionally include one resource-based policy to be evaluated with each of the resources included in the simulation.

The simulation does not perform the API actions, it only checks the authorization to determine if the simulated policies allow or deny the actions.

Note: This API discloses information about the permissions granted to other users. If you do not want users to see other user's permissions, then consider allowing them to use SimulateCustomPolicy instead.

Context keys are variables maintained by AWS and its services that provide details about the context of an API query request. You can use the Condition element of an IAM policy to evaluate context keys. To get the list of context keys that the policies require for correct simulation, use GetContextKeysForPrincipalPolicy.

If the output is long, you can use the MaxItems and Marker parameters to paginate the results.

Inheritance: AmazonIdentityManagementServiceRequest
        public object Execute(ExecutorContext context)
        {
            var cmdletContext      = context as CmdletContext;
            var useParameterSelect = this.Select.StartsWith("^");

            // create request and set iteration invariants
            var request = new Amazon.IdentityManagement.Model.SimulatePrincipalPolicyRequest();

            if (cmdletContext.ActionName != null)
            {
                request.ActionNames = cmdletContext.ActionName;
            }
            if (cmdletContext.CallerArn != null)
            {
                request.CallerArn = cmdletContext.CallerArn;
            }
            if (cmdletContext.ContextEntry != null)
            {
                request.ContextEntries = cmdletContext.ContextEntry;
            }
            if (cmdletContext.PermissionsBoundaryPolicyInputList != null)
            {
                request.PermissionsBoundaryPolicyInputList = cmdletContext.PermissionsBoundaryPolicyInputList;
            }
            if (cmdletContext.PolicyInputList != null)
            {
                request.PolicyInputList = cmdletContext.PolicyInputList;
            }
            if (cmdletContext.PolicySourceArn != null)
            {
                request.PolicySourceArn = cmdletContext.PolicySourceArn;
            }
            if (cmdletContext.ResourceArn != null)
            {
                request.ResourceArns = cmdletContext.ResourceArn;
            }
            if (cmdletContext.ResourceHandlingOption != null)
            {
                request.ResourceHandlingOption = cmdletContext.ResourceHandlingOption;
            }
            if (cmdletContext.ResourceOwner != null)
            {
                request.ResourceOwner = cmdletContext.ResourceOwner;
            }
            if (cmdletContext.ResourcePolicy != null)
            {
                request.ResourcePolicy = cmdletContext.ResourcePolicy;
            }

            // Initialize loop variants and commence piping
            System.String _nextToken      = null;
            int?          _emitLimit      = null;
            int           _retrievedSoFar = 0;

            if (AutoIterationHelpers.HasValue(cmdletContext.Marker))
            {
                _nextToken = cmdletContext.Marker;
            }
            if (cmdletContext.MaxItem.HasValue)
            {
                // The service has a maximum page size of 1000. If the user has
                // asked for more items than page max, and there is no page size
                // configured, we rely on the service ignoring the set maximum
                // and giving us 1000 items back. If a page size is set, that will
                // be used to configure the pagination.
                // We'll make further calls to satisfy the user's request.
                _emitLimit = cmdletContext.MaxItem;
            }
            var _userControllingPaging = this.NoAutoIteration.IsPresent || ParameterWasBound(nameof(this.Marker));

            var client = Client ?? CreateClient(_CurrentCredentials, _RegionEndpoint);

            do
            {
                request.Marker = _nextToken;
                if (_emitLimit.HasValue)
                {
                    int correctPageSize = Math.Min(1000, _emitLimit.Value);
                    request.MaxItems = AutoIterationHelpers.ConvertEmitLimitToInt32(correctPageSize);
                }

                CmdletOutput output;

                try
                {
                    var    response       = CallAWSServiceOperation(client, request);
                    object pipelineOutput = null;
                    if (!useParameterSelect)
                    {
                        pipelineOutput = cmdletContext.Select(response, this);
                    }
                    output = new CmdletOutput
                    {
                        PipelineOutput  = pipelineOutput,
                        ServiceResponse = response
                    };
                    int _receivedThisCall = response.EvaluationResults.Count;

                    _nextToken       = response.Marker;
                    _retrievedSoFar += _receivedThisCall;
                    if (_emitLimit.HasValue)
                    {
                        _emitLimit -= _receivedThisCall;
                    }
                }
                catch (Exception e)
                {
                    if (_retrievedSoFar == 0 || !_emitLimit.HasValue)
                    {
                        output = new CmdletOutput {
                            ErrorResponse = e
                        };
                    }
                    else
                    {
                        break;
                    }
                }

                ProcessOutput(output);
            } while (!_userControllingPaging && AutoIterationHelpers.HasValue(_nextToken) && (!_emitLimit.HasValue || _emitLimit.Value >= 1));


            if (useParameterSelect)
            {
                WriteObject(cmdletContext.Select(null, this));
            }


            return(null);
        }
 private Amazon.IdentityManagement.Model.SimulatePrincipalPolicyResponse CallAWSServiceOperation(IAmazonIdentityManagementService client, Amazon.IdentityManagement.Model.SimulatePrincipalPolicyRequest request)
 {
     Utils.Common.WriteVerboseEndpointMessage(this, client.Config, "AWS Identity and Access Management", "SimulatePrincipalPolicy");
     try
     {
         #if DESKTOP
         return(client.SimulatePrincipalPolicy(request));
         #elif CORECLR
         return(client.SimulatePrincipalPolicyAsync(request).GetAwaiter().GetResult());
         #else
                 #error "Unknown build edition"
         #endif
     }
     catch (AmazonServiceException exc)
     {
         var webException = exc.InnerException as System.Net.WebException;
         if (webException != null)
         {
             throw new Exception(Utils.Common.FormatNameResolutionFailureMessage(client.Config, webException.Message), webException);
         }
         throw;
     }
 }
        /// <summary>
        /// Initiates the asynchronous execution of the SimulatePrincipalPolicy operation.
        /// </summary>
        /// 
        /// <param name="request">Container for the necessary parameters to execute the SimulatePrincipalPolicy operation on AmazonIdentityManagementServiceClient.</param>
        /// <param name="callback">An AsyncCallback delegate that is invoked when the operation completes.</param>
        /// <param name="state">A user-defined state object that is passed to the callback procedure. Retrieve this object from within the callback
        ///          procedure using the AsyncState property.</param>
        /// 
        /// <returns>An IAsyncResult that can be used to poll or wait for results, or both; this value is also needed when invoking EndSimulatePrincipalPolicy
        ///         operation.</returns>
        public IAsyncResult BeginSimulatePrincipalPolicy(SimulatePrincipalPolicyRequest request, AsyncCallback callback, object state)
        {
            var marshaller = new SimulatePrincipalPolicyRequestMarshaller();
            var unmarshaller = SimulatePrincipalPolicyResponseUnmarshaller.Instance;

            return BeginInvoke<SimulatePrincipalPolicyRequest>(request, marshaller, unmarshaller,
                callback, state);
        }
        public object Execute(ExecutorContext context)
        {
            var cmdletContext      = context as CmdletContext;
            var useParameterSelect = this.Select.StartsWith("^");

            // create request and set iteration invariants
            var request = new Amazon.IdentityManagement.Model.SimulatePrincipalPolicyRequest();

            if (cmdletContext.ActionName != null)
            {
                request.ActionNames = cmdletContext.ActionName;
            }
            if (cmdletContext.CallerArn != null)
            {
                request.CallerArn = cmdletContext.CallerArn;
            }
            if (cmdletContext.ContextEntry != null)
            {
                request.ContextEntries = cmdletContext.ContextEntry;
            }
            if (cmdletContext.MaxItem != null)
            {
                request.MaxItems = AutoIterationHelpers.ConvertEmitLimitToServiceTypeInt32(cmdletContext.MaxItem.Value);
            }
            if (cmdletContext.PermissionsBoundaryPolicyInputList != null)
            {
                request.PermissionsBoundaryPolicyInputList = cmdletContext.PermissionsBoundaryPolicyInputList;
            }
            if (cmdletContext.PolicyInputList != null)
            {
                request.PolicyInputList = cmdletContext.PolicyInputList;
            }
            if (cmdletContext.PolicySourceArn != null)
            {
                request.PolicySourceArn = cmdletContext.PolicySourceArn;
            }
            if (cmdletContext.ResourceArn != null)
            {
                request.ResourceArns = cmdletContext.ResourceArn;
            }
            if (cmdletContext.ResourceHandlingOption != null)
            {
                request.ResourceHandlingOption = cmdletContext.ResourceHandlingOption;
            }
            if (cmdletContext.ResourceOwner != null)
            {
                request.ResourceOwner = cmdletContext.ResourceOwner;
            }
            if (cmdletContext.ResourcePolicy != null)
            {
                request.ResourcePolicy = cmdletContext.ResourcePolicy;
            }

            // Initialize loop variant and commence piping
            var _nextToken             = cmdletContext.Marker;
            var _userControllingPaging = this.NoAutoIteration.IsPresent || ParameterWasBound(nameof(this.Marker));

            var client = Client ?? CreateClient(_CurrentCredentials, _RegionEndpoint);

            do
            {
                request.Marker = _nextToken;

                CmdletOutput output;

                try
                {
                    var response = CallAWSServiceOperation(client, request);

                    object pipelineOutput = null;
                    if (!useParameterSelect)
                    {
                        pipelineOutput = cmdletContext.Select(response, this);
                    }
                    output = new CmdletOutput
                    {
                        PipelineOutput  = pipelineOutput,
                        ServiceResponse = response
                    };

                    _nextToken = response.Marker;
                }
                catch (Exception e)
                {
                    output = new CmdletOutput {
                        ErrorResponse = e
                    };
                }

                ProcessOutput(output);
            } while (!_userControllingPaging && AutoIterationHelpers.HasValue(_nextToken));

            if (useParameterSelect)
            {
                WriteObject(cmdletContext.Select(null, this));
            }


            return(null);
        }
        /// <summary>
        /// Simulate how a set of IAM policies attached to an IAM entity works with a list of
        /// API actions and AWS resources to determine the policies' effective permissions. The
        /// entity can be an IAM user, group, or role. If you specify a user, then the simulation
        /// also includes all of the policies that are attached to groups that the user belongs
        /// to .
        /// 
        ///  
        /// <para>
        /// You can optionally include a list of one or more additional policies specified as
        /// strings to include in the simulation. If you want to simulate only policies specified
        /// as strings, use <a>SimulateCustomPolicy</a> instead.
        /// </para>
        ///  
        /// <para>
        /// You can also optionally include one resource-based policy to be evaluated with each
        /// of the resources included in the simulation.
        /// </para>
        ///  
        /// <para>
        /// The simulation does not perform the API actions, it only checks the authorization
        /// to determine if the simulated policies allow or deny the actions.
        /// </para>
        ///  
        /// <para>
        /// <b>Note:</b> This API discloses information about the permissions granted to other
        /// users. If you do not want users to see other user's permissions, then consider allowing
        /// them to use <a>SimulateCustomPolicy</a> instead.
        /// </para>
        ///  
        /// <para>
        /// Context keys are variables maintained by AWS and its services that provide details
        /// about the context of an API query request. You can use the <code>Condition</code>
        /// element of an IAM policy to evaluate context keys. To get the list of context keys
        /// that the policies require for correct simulation, use <a>GetContextKeysForPrincipalPolicy</a>.
        /// </para>
        ///  
        /// <para>
        /// If the output is long, you can use the <code>MaxItems</code> and <code>Marker</code>
        /// parameters to paginate the results.
        /// </para>
        /// </summary>
        /// <param name="request">Container for the necessary parameters to execute the SimulatePrincipalPolicy service method.</param>
        /// 
        /// <returns>The response from the SimulatePrincipalPolicy service method, as returned by IdentityManagementService.</returns>
        /// <exception cref="Amazon.IdentityManagement.Model.InvalidInputException">
        /// The request was rejected because an invalid or out-of-range value was supplied for
        /// an input parameter.
        /// </exception>
        /// <exception cref="Amazon.IdentityManagement.Model.NoSuchEntityException">
        /// The request was rejected because it referenced an entity that does not exist. The
        /// error message describes the entity.
        /// </exception>
        /// <exception cref="Amazon.IdentityManagement.Model.PolicyEvaluationException">
        /// The request failed because a provided policy could not be successfully evaluated.
        /// An additional detail message indicates the source of the failure.
        /// </exception>
        public SimulatePrincipalPolicyResponse SimulatePrincipalPolicy(SimulatePrincipalPolicyRequest request)
        {
            var marshaller = new SimulatePrincipalPolicyRequestMarshaller();
            var unmarshaller = SimulatePrincipalPolicyResponseUnmarshaller.Instance;

            return Invoke<SimulatePrincipalPolicyRequest,SimulatePrincipalPolicyResponse>(request, marshaller, unmarshaller);
        }
示例#6
0
 internal SimulatePrincipalPolicyPaginator(IAmazonIdentityManagementService client, SimulatePrincipalPolicyRequest request)
 {
     this._client  = client;
     this._request = request;
 }
        /// <summary>
        /// Initiates the asynchronous execution of the SimulatePrincipalPolicy operation.
        /// </summary>
        /// 
        /// <param name="request">Container for the necessary parameters to execute the SimulatePrincipalPolicy operation.</param>
        /// <param name="cancellationToken">
        ///     A cancellation token that can be used by other objects or threads to receive notice of cancellation.
        /// </param>
        /// <returns>The task object representing the asynchronous operation.</returns>
        public Task<SimulatePrincipalPolicyResponse> SimulatePrincipalPolicyAsync(SimulatePrincipalPolicyRequest request, System.Threading.CancellationToken cancellationToken = default(CancellationToken))
        {
            var marshaller = new SimulatePrincipalPolicyRequestMarshaller();
            var unmarshaller = SimulatePrincipalPolicyResponseUnmarshaller.Instance;

            return InvokeAsync<SimulatePrincipalPolicyRequest,SimulatePrincipalPolicyResponse>(request, marshaller, 
                unmarshaller, cancellationToken);
        }
 /// <summary>
 /// Paginator for SimulatePrincipalPolicy operation
 ///</summary>
 public ISimulatePrincipalPolicyPaginator SimulatePrincipalPolicy(SimulatePrincipalPolicyRequest request)
 {
     return(new SimulatePrincipalPolicyPaginator(this.client, request));
 }
 /// <summary>
 /// Initiates the asynchronous execution of the SimulatePrincipalPolicy operation.
 /// </summary>
 /// 
 /// <param name="request">Container for the necessary parameters to execute the SimulatePrincipalPolicy operation on AmazonIdentityManagementServiceClient.</param>
 /// <param name="callback">An Action delegate that is invoked when the operation completes.</param>
 /// <param name="options">A user-defined state object that is passed to the callback procedure. Retrieve this object from within the callback
 ///          procedure using the AsyncState property.</param>
 public void SimulatePrincipalPolicyAsync(SimulatePrincipalPolicyRequest request, AmazonServiceCallback<SimulatePrincipalPolicyRequest, SimulatePrincipalPolicyResponse> callback, AsyncOptions options = null)
 {
     options = options == null?new AsyncOptions():options;
     var marshaller = new SimulatePrincipalPolicyRequestMarshaller();
     var unmarshaller = SimulatePrincipalPolicyResponseUnmarshaller.Instance;
     Action<AmazonWebServiceRequest, AmazonWebServiceResponse, Exception, AsyncOptions> callbackHelper = null;
     if(callback !=null )
         callbackHelper = (AmazonWebServiceRequest req, AmazonWebServiceResponse res, Exception ex, AsyncOptions ao) => { 
             AmazonServiceResult<SimulatePrincipalPolicyRequest,SimulatePrincipalPolicyResponse> responseObject 
                     = new AmazonServiceResult<SimulatePrincipalPolicyRequest,SimulatePrincipalPolicyResponse>((SimulatePrincipalPolicyRequest)req, (SimulatePrincipalPolicyResponse)res, ex , ao.State);    
                 callback(responseObject); 
         };
     BeginInvoke<SimulatePrincipalPolicyRequest>(request, marshaller, unmarshaller, options, callbackHelper);
 }