amazonka-iam-1.3.2: gen/Network/AWS/IAM/SimulateCustomPolicy.hs
{-# LANGUAGE DeriveDataTypeable #-}
{-# LANGUAGE DeriveGeneric #-}
{-# LANGUAGE OverloadedStrings #-}
{-# LANGUAGE RecordWildCards #-}
{-# LANGUAGE TypeFamilies #-}
{-# OPTIONS_GHC -fno-warn-unused-imports #-}
{-# OPTIONS_GHC -fno-warn-unused-binds #-}
{-# OPTIONS_GHC -fno-warn-unused-matches #-}
-- Derived from AWS service descriptions, licensed under Apache 2.0.
-- |
-- Module : Network.AWS.IAM.SimulateCustomPolicy
-- Copyright : (c) 2013-2015 Brendan Hay
-- License : Mozilla Public License, v. 2.0.
-- Maintainer : Brendan Hay <brendan.g.hay@gmail.com>
-- Stability : auto-generated
-- Portability : non-portable (GHC extensions)
--
-- Simulate a set of IAM policies against a list of API actions and AWS
-- resources to determine the policies\' effective permissions. The
-- policies are provided as a list of strings.
--
-- The simulation does not perform the API actions, it only checks the
-- authorization to determine if the simulated policies allow or deny the
-- actions.
--
-- If you want to simulate existing policies attached to an IAM user,
-- group, or role, use SimulatePrincipalPolicy instead.
--
-- Context keys are variables maintained by AWS and its services that
-- provide details about the context of an API query request, and can be
-- evaluated by using the 'Condition' element of an IAM policy. To get the
-- list of context keys required by the policies to simulate them
-- correctly, use GetContextKeysForCustomPolicy.
--
-- If the output is long, you can paginate the results using the 'MaxItems'
-- and 'Marker' parameters.
--
-- /See:/ <http://docs.aws.amazon.com/IAM/latest/APIReference/API_SimulateCustomPolicy.html AWS API Reference> for SimulateCustomPolicy.
module Network.AWS.IAM.SimulateCustomPolicy
(
-- * Creating a Request
simulateCustomPolicy
, SimulateCustomPolicy
-- * Request Lenses
, scpResourceARNs
, scpMarker
, scpMaxItems
, scpContextEntries
, scpPolicyInputList
, scpActionNames
-- * Destructuring the Response
, simulatePolicyResponse
, SimulatePolicyResponse
-- * Response Lenses
, spEvaluationResults
, spMarker
, spIsTruncated
) where
import Network.AWS.IAM.Types
import Network.AWS.IAM.Types.Product
import Network.AWS.Prelude
import Network.AWS.Request
import Network.AWS.Response
-- | /See:/ 'simulateCustomPolicy' smart constructor.
data SimulateCustomPolicy = SimulateCustomPolicy'
{ _scpResourceARNs :: !(Maybe [Text])
, _scpMarker :: !(Maybe Text)
, _scpMaxItems :: !(Maybe Nat)
, _scpContextEntries :: !(Maybe [ContextEntry])
, _scpPolicyInputList :: ![Text]
, _scpActionNames :: ![Text]
} deriving (Eq,Read,Show,Data,Typeable,Generic)
-- | Creates a value of 'SimulateCustomPolicy' with the minimum fields required to make a request.
--
-- Use one of the following lenses to modify other fields as desired:
--
-- * 'scpResourceARNs'
--
-- * 'scpMarker'
--
-- * 'scpMaxItems'
--
-- * 'scpContextEntries'
--
-- * 'scpPolicyInputList'
--
-- * 'scpActionNames'
simulateCustomPolicy
:: SimulateCustomPolicy
simulateCustomPolicy =
SimulateCustomPolicy'
{ _scpResourceARNs = Nothing
, _scpMarker = Nothing
, _scpMaxItems = Nothing
, _scpContextEntries = Nothing
, _scpPolicyInputList = mempty
, _scpActionNames = mempty
}
-- | A list of ARNs of AWS resources to include in the simulation. If this
-- parameter is not provided then the value defaults to '*' (all
-- resources). Each API in the 'ActionNames' parameter is evaluated for
-- each resource in this list. The simulation determines the access result
-- (allowed or denied) of each combination and reports it in the response.
scpResourceARNs :: Lens' SimulateCustomPolicy [Text]
scpResourceARNs = lens _scpResourceARNs (\ s a -> s{_scpResourceARNs = a}) . _Default . _Coerce;
-- | Use this parameter only when paginating results and only after you
-- receive a response indicating that the results are truncated. Set it to
-- the value of the 'Marker' element in the response you received to inform
-- the next call about where to start.
scpMarker :: Lens' SimulateCustomPolicy (Maybe Text)
scpMarker = lens _scpMarker (\ s a -> s{_scpMarker = a});
-- | Use this only when paginating results to indicate the maximum number of
-- items you want in the response. If there are additional items beyond the
-- maximum you specify, the 'IsTruncated' response element is 'true'.
--
-- This parameter is optional. If you do not include it, it defaults to
-- 100. Note that IAM might return fewer results, even when there are more
-- results available. If this is the case, the 'IsTruncated' response
-- element returns 'true' and 'Marker' contains a value to include in the
-- subsequent call that tells the service where to continue from.
scpMaxItems :: Lens' SimulateCustomPolicy (Maybe Natural)
scpMaxItems = lens _scpMaxItems (\ s a -> s{_scpMaxItems = a}) . mapping _Nat;
-- | A list of context keys and corresponding values that are used by the
-- simulation. Whenever a context key is evaluated by a 'Condition' element
-- in one of the simulated IAM permission policies, the corresponding value
-- is supplied.
scpContextEntries :: Lens' SimulateCustomPolicy [ContextEntry]
scpContextEntries = lens _scpContextEntries (\ s a -> s{_scpContextEntries = a}) . _Default . _Coerce;
-- | A list of policy documents to include in the simulation. Each document
-- is specified as a string containing the complete, valid JSON text of an
-- IAM policy.
scpPolicyInputList :: Lens' SimulateCustomPolicy [Text]
scpPolicyInputList = lens _scpPolicyInputList (\ s a -> s{_scpPolicyInputList = a}) . _Coerce;
-- | A list of names of API actions to evaluate in the simulation. Each
-- action is evaluated for each resource. Each action must include the
-- service identifier, such as 'iam:CreateUser'.
scpActionNames :: Lens' SimulateCustomPolicy [Text]
scpActionNames = lens _scpActionNames (\ s a -> s{_scpActionNames = a}) . _Coerce;
instance AWSRequest SimulateCustomPolicy where
type Rs SimulateCustomPolicy = SimulatePolicyResponse
request = postQuery iAM
response
= receiveXMLWrapper "SimulateCustomPolicyResult"
(\ s h x -> parseXML x)
instance ToHeaders SimulateCustomPolicy where
toHeaders = const mempty
instance ToPath SimulateCustomPolicy where
toPath = const "/"
instance ToQuery SimulateCustomPolicy where
toQuery SimulateCustomPolicy'{..}
= mconcat
["Action" =: ("SimulateCustomPolicy" :: ByteString),
"Version" =: ("2010-05-08" :: ByteString),
"ResourceArns" =:
toQuery (toQueryList "member" <$> _scpResourceARNs),
"Marker" =: _scpMarker, "MaxItems" =: _scpMaxItems,
"ContextEntries" =:
toQuery
(toQueryList "member" <$> _scpContextEntries),
"PolicyInputList" =:
toQueryList "member" _scpPolicyInputList,
"ActionNames" =:
toQueryList "member" _scpActionNames]