line |
stmt |
bran |
cond |
sub |
pod |
time |
code |
1
|
|
|
|
|
|
|
|
2
|
|
|
|
|
|
|
package Paws::IAM::SimulatePrincipalPolicy; |
3
|
1
|
|
|
1
|
|
454
|
use Moose; |
|
1
|
|
|
|
|
2
|
|
|
1
|
|
|
|
|
7
|
|
4
|
|
|
|
|
|
|
has ActionNames => (is => 'ro', isa => 'ArrayRef[Str|Undef]', required => 1); |
5
|
|
|
|
|
|
|
has CallerArn => (is => 'ro', isa => 'Str'); |
6
|
|
|
|
|
|
|
has ContextEntries => (is => 'ro', isa => 'ArrayRef[Paws::IAM::ContextEntry]'); |
7
|
|
|
|
|
|
|
has Marker => (is => 'ro', isa => 'Str'); |
8
|
|
|
|
|
|
|
has MaxItems => (is => 'ro', isa => 'Int'); |
9
|
|
|
|
|
|
|
has PolicyInputList => (is => 'ro', isa => 'ArrayRef[Str|Undef]'); |
10
|
|
|
|
|
|
|
has PolicySourceArn => (is => 'ro', isa => 'Str', required => 1); |
11
|
|
|
|
|
|
|
has ResourceArns => (is => 'ro', isa => 'ArrayRef[Str|Undef]'); |
12
|
|
|
|
|
|
|
has ResourceHandlingOption => (is => 'ro', isa => 'Str'); |
13
|
|
|
|
|
|
|
has ResourceOwner => (is => 'ro', isa => 'Str'); |
14
|
|
|
|
|
|
|
has ResourcePolicy => (is => 'ro', isa => 'Str'); |
15
|
|
|
|
|
|
|
|
16
|
1
|
|
|
1
|
|
5993
|
use MooseX::ClassAttribute; |
|
1
|
|
|
|
|
6
|
|
|
1
|
|
|
|
|
9
|
|
17
|
|
|
|
|
|
|
|
18
|
|
|
|
|
|
|
class_has _api_call => (isa => 'Str', is => 'ro', default => 'SimulatePrincipalPolicy'); |
19
|
|
|
|
|
|
|
class_has _returns => (isa => 'Str', is => 'ro', default => 'Paws::IAM::SimulatePolicyResponse'); |
20
|
|
|
|
|
|
|
class_has _result_key => (isa => 'Str', is => 'ro', default => 'SimulatePrincipalPolicyResult'); |
21
|
|
|
|
|
|
|
1; |
22
|
|
|
|
|
|
|
|
23
|
|
|
|
|
|
|
### main pod documentation begin ### |
24
|
|
|
|
|
|
|
|
25
|
|
|
|
|
|
|
=head1 NAME |
26
|
|
|
|
|
|
|
|
27
|
|
|
|
|
|
|
Paws::IAM::SimulatePrincipalPolicy - Arguments for method SimulatePrincipalPolicy on Paws::IAM |
28
|
|
|
|
|
|
|
|
29
|
|
|
|
|
|
|
=head1 DESCRIPTION |
30
|
|
|
|
|
|
|
|
31
|
|
|
|
|
|
|
This class represents the parameters used for calling the method SimulatePrincipalPolicy on the |
32
|
|
|
|
|
|
|
AWS Identity and Access Management service. Use the attributes of this class |
33
|
|
|
|
|
|
|
as arguments to method SimulatePrincipalPolicy. |
34
|
|
|
|
|
|
|
|
35
|
|
|
|
|
|
|
You shouldn't make instances of this class. Each attribute should be used as a named argument in the call to SimulatePrincipalPolicy. |
36
|
|
|
|
|
|
|
|
37
|
|
|
|
|
|
|
As an example: |
38
|
|
|
|
|
|
|
|
39
|
|
|
|
|
|
|
$service_obj->SimulatePrincipalPolicy(Att1 => $value1, Att2 => $value2, ...); |
40
|
|
|
|
|
|
|
|
41
|
|
|
|
|
|
|
Values for attributes that are native types (Int, String, Float, etc) can passed as-is (scalar values). Values for complex Types (objects) can be passed as a HashRef. The keys and values of the hashref will be used to instance the underlying object. |
42
|
|
|
|
|
|
|
|
43
|
|
|
|
|
|
|
=head1 ATTRIBUTES |
44
|
|
|
|
|
|
|
|
45
|
|
|
|
|
|
|
|
46
|
|
|
|
|
|
|
=head2 B<REQUIRED> ActionNames => ArrayRef[Str|Undef] |
47
|
|
|
|
|
|
|
|
48
|
|
|
|
|
|
|
A list of names of API actions to evaluate in the simulation. Each |
49
|
|
|
|
|
|
|
action is evaluated for each resource. Each action must include the |
50
|
|
|
|
|
|
|
service identifier, such as C<iam:CreateUser>. |
51
|
|
|
|
|
|
|
|
52
|
|
|
|
|
|
|
|
53
|
|
|
|
|
|
|
|
54
|
|
|
|
|
|
|
=head2 CallerArn => Str |
55
|
|
|
|
|
|
|
|
56
|
|
|
|
|
|
|
The ARN of the IAM user that you want to specify as the simulated |
57
|
|
|
|
|
|
|
caller of the APIs. If you do not specify a C<CallerArn>, it defaults |
58
|
|
|
|
|
|
|
to the ARN of the user that you specify in C<PolicySourceArn>, if you |
59
|
|
|
|
|
|
|
specified a user. If you include both a C<PolicySourceArn> (for |
60
|
|
|
|
|
|
|
example, C<arn:aws:iam::123456789012:user/David>) and a C<CallerArn> |
61
|
|
|
|
|
|
|
(for example, C<arn:aws:iam::123456789012:user/Bob>), the result is |
62
|
|
|
|
|
|
|
that you simulate calling the APIs as Bob, as if Bob had David's |
63
|
|
|
|
|
|
|
policies. |
64
|
|
|
|
|
|
|
|
65
|
|
|
|
|
|
|
You can specify only the ARN of an IAM user. You cannot specify the ARN |
66
|
|
|
|
|
|
|
of an assumed role, federated user, or a service principal. |
67
|
|
|
|
|
|
|
|
68
|
|
|
|
|
|
|
C<CallerArn> is required if you include a C<ResourcePolicy> and the |
69
|
|
|
|
|
|
|
C<PolicySourceArn> is not the ARN for an IAM user. This is required so |
70
|
|
|
|
|
|
|
that the resource-based policy's C<Principal> element has a value to |
71
|
|
|
|
|
|
|
use in evaluating the policy. |
72
|
|
|
|
|
|
|
|
73
|
|
|
|
|
|
|
For more information about ARNs, see Amazon Resource Names (ARNs) and |
74
|
|
|
|
|
|
|
AWS Service Namespaces in the I<AWS General Reference>. |
75
|
|
|
|
|
|
|
|
76
|
|
|
|
|
|
|
|
77
|
|
|
|
|
|
|
|
78
|
|
|
|
|
|
|
=head2 ContextEntries => ArrayRef[L<Paws::IAM::ContextEntry>] |
79
|
|
|
|
|
|
|
|
80
|
|
|
|
|
|
|
A list of context keys and corresponding values for the simulation to |
81
|
|
|
|
|
|
|
use. Whenever a context key is evaluated in one of the simulated IAM |
82
|
|
|
|
|
|
|
permission policies, the corresponding value is supplied. |
83
|
|
|
|
|
|
|
|
84
|
|
|
|
|
|
|
|
85
|
|
|
|
|
|
|
|
86
|
|
|
|
|
|
|
=head2 Marker => Str |
87
|
|
|
|
|
|
|
|
88
|
|
|
|
|
|
|
Use this parameter only when paginating results and only after you |
89
|
|
|
|
|
|
|
receive a response indicating that the results are truncated. Set it to |
90
|
|
|
|
|
|
|
the value of the C<Marker> element in the response that you received to |
91
|
|
|
|
|
|
|
indicate where the next call should start. |
92
|
|
|
|
|
|
|
|
93
|
|
|
|
|
|
|
|
94
|
|
|
|
|
|
|
|
95
|
|
|
|
|
|
|
=head2 MaxItems => Int |
96
|
|
|
|
|
|
|
|
97
|
|
|
|
|
|
|
(Optional) Use this only when paginating results to indicate the |
98
|
|
|
|
|
|
|
maximum number of items you want in the response. If additional items |
99
|
|
|
|
|
|
|
exist beyond the maximum you specify, the C<IsTruncated> response |
100
|
|
|
|
|
|
|
element is C<true>. |
101
|
|
|
|
|
|
|
|
102
|
|
|
|
|
|
|
If you do not include this parameter, it defaults to 100. Note that IAM |
103
|
|
|
|
|
|
|
might return fewer results, even when there are more results available. |
104
|
|
|
|
|
|
|
In that case, the C<IsTruncated> response element returns C<true> and |
105
|
|
|
|
|
|
|
C<Marker> contains a value to include in the subsequent call that tells |
106
|
|
|
|
|
|
|
the service where to continue from. |
107
|
|
|
|
|
|
|
|
108
|
|
|
|
|
|
|
|
109
|
|
|
|
|
|
|
|
110
|
|
|
|
|
|
|
=head2 PolicyInputList => ArrayRef[Str|Undef] |
111
|
|
|
|
|
|
|
|
112
|
|
|
|
|
|
|
An optional list of additional policy documents to include in the |
113
|
|
|
|
|
|
|
simulation. Each document is specified as a string containing the |
114
|
|
|
|
|
|
|
complete, valid JSON text of an IAM policy. |
115
|
|
|
|
|
|
|
|
116
|
|
|
|
|
|
|
The regex pattern used to validate this parameter is a string of |
117
|
|
|
|
|
|
|
characters consisting of any printable ASCII character ranging from the |
118
|
|
|
|
|
|
|
space character (\u0020) through end of the ASCII character range as |
119
|
|
|
|
|
|
|
well as the printable characters in the Basic Latin and Latin-1 |
120
|
|
|
|
|
|
|
Supplement character set (through \u00FF). It also includes the special |
121
|
|
|
|
|
|
|
characters tab (\u0009), line feed (\u000A), and carriage return |
122
|
|
|
|
|
|
|
(\u000D). |
123
|
|
|
|
|
|
|
|
124
|
|
|
|
|
|
|
|
125
|
|
|
|
|
|
|
|
126
|
|
|
|
|
|
|
=head2 B<REQUIRED> PolicySourceArn => Str |
127
|
|
|
|
|
|
|
|
128
|
|
|
|
|
|
|
The Amazon Resource Name (ARN) of a user, group, or role whose policies |
129
|
|
|
|
|
|
|
you want to include in the simulation. If you specify a user, group, or |
130
|
|
|
|
|
|
|
role, the simulation includes all policies that are associated with |
131
|
|
|
|
|
|
|
that entity. If you specify a user, the simulation also includes all |
132
|
|
|
|
|
|
|
policies that are attached to any groups the user belongs to. |
133
|
|
|
|
|
|
|
|
134
|
|
|
|
|
|
|
For more information about ARNs, see Amazon Resource Names (ARNs) and |
135
|
|
|
|
|
|
|
AWS Service Namespaces in the I<AWS General Reference>. |
136
|
|
|
|
|
|
|
|
137
|
|
|
|
|
|
|
|
138
|
|
|
|
|
|
|
|
139
|
|
|
|
|
|
|
=head2 ResourceArns => ArrayRef[Str|Undef] |
140
|
|
|
|
|
|
|
|
141
|
|
|
|
|
|
|
A list of ARNs of AWS resources to include in the simulation. If this |
142
|
|
|
|
|
|
|
parameter is not provided then the value defaults to C<*> (all |
143
|
|
|
|
|
|
|
resources). Each API in the C<ActionNames> parameter is evaluated for |
144
|
|
|
|
|
|
|
each resource in this list. The simulation determines the access result |
145
|
|
|
|
|
|
|
(allowed or denied) of each combination and reports it in the response. |
146
|
|
|
|
|
|
|
|
147
|
|
|
|
|
|
|
The simulation does not automatically retrieve policies for the |
148
|
|
|
|
|
|
|
specified resources. If you want to include a resource policy in the |
149
|
|
|
|
|
|
|
simulation, then you must include the policy as a string in the |
150
|
|
|
|
|
|
|
C<ResourcePolicy> parameter. |
151
|
|
|
|
|
|
|
|
152
|
|
|
|
|
|
|
For more information about ARNs, see Amazon Resource Names (ARNs) and |
153
|
|
|
|
|
|
|
AWS Service Namespaces in the I<AWS General Reference>. |
154
|
|
|
|
|
|
|
|
155
|
|
|
|
|
|
|
|
156
|
|
|
|
|
|
|
|
157
|
|
|
|
|
|
|
=head2 ResourceHandlingOption => Str |
158
|
|
|
|
|
|
|
|
159
|
|
|
|
|
|
|
Specifies the type of simulation to run. Different APIs that support |
160
|
|
|
|
|
|
|
resource-based policies require different combinations of resources. By |
161
|
|
|
|
|
|
|
specifying the type of simulation to run, you enable the policy |
162
|
|
|
|
|
|
|
simulator to enforce the presence of the required resources to ensure |
163
|
|
|
|
|
|
|
reliable simulation results. If your simulation does not match one of |
164
|
|
|
|
|
|
|
the following scenarios, then you can omit this parameter. The |
165
|
|
|
|
|
|
|
following list shows each of the supported scenario values and the |
166
|
|
|
|
|
|
|
resources that you must define to run the simulation. |
167
|
|
|
|
|
|
|
|
168
|
|
|
|
|
|
|
Each of the EC2 scenarios requires that you specify instance, image, |
169
|
|
|
|
|
|
|
and security-group resources. If your scenario includes an EBS volume, |
170
|
|
|
|
|
|
|
then you must specify that volume as a resource. If the EC2 scenario |
171
|
|
|
|
|
|
|
includes VPC, then you must supply the network-interface resource. If |
172
|
|
|
|
|
|
|
it includes an IP subnet, then you must specify the subnet resource. |
173
|
|
|
|
|
|
|
For more information on the EC2 scenario options, see Supported |
174
|
|
|
|
|
|
|
Platforms in the I<AWS EC2 User Guide>. |
175
|
|
|
|
|
|
|
|
176
|
|
|
|
|
|
|
=over |
177
|
|
|
|
|
|
|
|
178
|
|
|
|
|
|
|
=item * |
179
|
|
|
|
|
|
|
|
180
|
|
|
|
|
|
|
B<EC2-Classic-InstanceStore> |
181
|
|
|
|
|
|
|
|
182
|
|
|
|
|
|
|
instance, image, security-group |
183
|
|
|
|
|
|
|
|
184
|
|
|
|
|
|
|
=item * |
185
|
|
|
|
|
|
|
|
186
|
|
|
|
|
|
|
B<EC2-Classic-EBS> |
187
|
|
|
|
|
|
|
|
188
|
|
|
|
|
|
|
instance, image, security-group, volume |
189
|
|
|
|
|
|
|
|
190
|
|
|
|
|
|
|
=item * |
191
|
|
|
|
|
|
|
|
192
|
|
|
|
|
|
|
B<EC2-VPC-InstanceStore> |
193
|
|
|
|
|
|
|
|
194
|
|
|
|
|
|
|
instance, image, security-group, network-interface |
195
|
|
|
|
|
|
|
|
196
|
|
|
|
|
|
|
=item * |
197
|
|
|
|
|
|
|
|
198
|
|
|
|
|
|
|
B<EC2-VPC-InstanceStore-Subnet> |
199
|
|
|
|
|
|
|
|
200
|
|
|
|
|
|
|
instance, image, security-group, network-interface, subnet |
201
|
|
|
|
|
|
|
|
202
|
|
|
|
|
|
|
=item * |
203
|
|
|
|
|
|
|
|
204
|
|
|
|
|
|
|
B<EC2-VPC-EBS> |
205
|
|
|
|
|
|
|
|
206
|
|
|
|
|
|
|
instance, image, security-group, network-interface, volume |
207
|
|
|
|
|
|
|
|
208
|
|
|
|
|
|
|
=item * |
209
|
|
|
|
|
|
|
|
210
|
|
|
|
|
|
|
B<EC2-VPC-EBS-Subnet> |
211
|
|
|
|
|
|
|
|
212
|
|
|
|
|
|
|
instance, image, security-group, network-interface, subnet, volume |
213
|
|
|
|
|
|
|
|
214
|
|
|
|
|
|
|
=back |
215
|
|
|
|
|
|
|
|
216
|
|
|
|
|
|
|
|
217
|
|
|
|
|
|
|
|
218
|
|
|
|
|
|
|
|
219
|
|
|
|
|
|
|
=head2 ResourceOwner => Str |
220
|
|
|
|
|
|
|
|
221
|
|
|
|
|
|
|
An AWS account ID that specifies the owner of any simulated resource |
222
|
|
|
|
|
|
|
that does not identify its owner in the resource ARN, such as an S3 |
223
|
|
|
|
|
|
|
bucket or object. If C<ResourceOwner> is specified, it is also used as |
224
|
|
|
|
|
|
|
the account owner of any C<ResourcePolicy> included in the simulation. |
225
|
|
|
|
|
|
|
If the C<ResourceOwner> parameter is not specified, then the owner of |
226
|
|
|
|
|
|
|
the resources and the resource policy defaults to the account of the |
227
|
|
|
|
|
|
|
identity provided in C<CallerArn>. This parameter is required only if |
228
|
|
|
|
|
|
|
you specify a resource-based policy and account that owns the resource |
229
|
|
|
|
|
|
|
is different from the account that owns the simulated calling user |
230
|
|
|
|
|
|
|
C<CallerArn>. |
231
|
|
|
|
|
|
|
|
232
|
|
|
|
|
|
|
|
233
|
|
|
|
|
|
|
|
234
|
|
|
|
|
|
|
=head2 ResourcePolicy => Str |
235
|
|
|
|
|
|
|
|
236
|
|
|
|
|
|
|
A resource-based policy to include in the simulation provided as a |
237
|
|
|
|
|
|
|
string. Each resource in the simulation is treated as if it had this |
238
|
|
|
|
|
|
|
policy attached. You can include only one resource-based policy in a |
239
|
|
|
|
|
|
|
simulation. |
240
|
|
|
|
|
|
|
|
241
|
|
|
|
|
|
|
The regex pattern used to validate this parameter is a string of |
242
|
|
|
|
|
|
|
characters consisting of any printable ASCII character ranging from the |
243
|
|
|
|
|
|
|
space character (\u0020) through end of the ASCII character range as |
244
|
|
|
|
|
|
|
well as the printable characters in the Basic Latin and Latin-1 |
245
|
|
|
|
|
|
|
Supplement character set (through \u00FF). It also includes the special |
246
|
|
|
|
|
|
|
characters tab (\u0009), line feed (\u000A), and carriage return |
247
|
|
|
|
|
|
|
(\u000D). |
248
|
|
|
|
|
|
|
|
249
|
|
|
|
|
|
|
|
250
|
|
|
|
|
|
|
|
251
|
|
|
|
|
|
|
|
252
|
|
|
|
|
|
|
=head1 SEE ALSO |
253
|
|
|
|
|
|
|
|
254
|
|
|
|
|
|
|
This class forms part of L<Paws>, documenting arguments for method SimulatePrincipalPolicy in L<Paws::IAM> |
255
|
|
|
|
|
|
|
|
256
|
|
|
|
|
|
|
=head1 BUGS and CONTRIBUTIONS |
257
|
|
|
|
|
|
|
|
258
|
|
|
|
|
|
|
The source code is located here: https://github.com/pplu/aws-sdk-perl |
259
|
|
|
|
|
|
|
|
260
|
|
|
|
|
|
|
Please report bugs to: https://github.com/pplu/aws-sdk-perl/issues |
261
|
|
|
|
|
|
|
|
262
|
|
|
|
|
|
|
=cut |
263
|
|
|
|
|
|
|
|