Struct aws_sdk_iam::types::EvaluationResult

source · 
#[non_exhaustive]
pub struct EvaluationResult {
    pub eval_action_name: String,
    pub eval_resource_name: Option<String>,
    pub eval_decision: PolicyEvaluationDecisionType,
    pub matched_statements: Option<Vec<Statement>>,
    pub missing_context_values: Option<Vec<String>>,
    pub organizations_decision_detail: Option<OrganizationsDecisionDetail>,
    pub permissions_boundary_decision_detail: Option<PermissionsBoundaryDecisionDetail>,
    pub eval_decision_details: Option<HashMap<String, PolicyEvaluationDecisionType>>,
    pub resource_specific_results: Option<Vec<ResourceSpecificResult>>,
}
Expand description

Contains the results of a simulation.

This data type is used by the return parameter of SimulateCustomPolicy and SimulatePrincipalPolicy .

Fields (Non-exhaustive)§

This struct is marked as non-exhaustive
Non-exhaustive structs could have additional fields added in future. Therefore, non-exhaustive structs cannot be constructed in external crates using the traditional Struct { .. } syntax; cannot be matched against without a wildcard ..; and struct update syntax will not work.
§eval_action_name: String

The name of the API operation tested on the indicated resource.

§eval_resource_name: Option<String>

The ARN of the resource that the indicated API operation was tested on.

§eval_decision: PolicyEvaluationDecisionType

The result of the simulation.

§matched_statements: Option<Vec<Statement>>

A list of the statements in the input policies that determine the result for this scenario. Remember that even if multiple statements allow the operation on the resource, if only one statement denies that operation, then the explicit deny overrides any allow. In addition, the deny statement is the only entry included in the result.

§missing_context_values: Option<Vec<String>>

A list of context keys that are required by the included input policies but that were not provided by one of the input parameters. This list is used when the resource in a simulation is "*", either explicitly, or when the ResourceArns parameter blank. If you include a list of resources, then any missing context values are instead included under the ResourceSpecificResults section. To discover the context keys used by a set of policies, you can call GetContextKeysForCustomPolicy or GetContextKeysForPrincipalPolicy.

§organizations_decision_detail: Option<OrganizationsDecisionDetail>

A structure that details how Organizations and its service control policies affect the results of the simulation. Only applies if the simulated user's account is part of an organization.

§permissions_boundary_decision_detail: Option<PermissionsBoundaryDecisionDetail>

Contains information about the effect that a permissions boundary has on a policy simulation when the boundary is applied to an IAM entity.

§eval_decision_details: Option<HashMap<String, PolicyEvaluationDecisionType>>

Additional details about the results of the cross-account evaluation decision. This parameter is populated for only cross-account simulations. It contains a brief summary of how each policy type contributes to the final evaluation decision.

If the simulation evaluates policies within the same account and includes a resource ARN, then the parameter is present but the response is empty. If the simulation evaluates policies within the same account and specifies all resources (*), then the parameter is not returned.

When you make a cross-account request, Amazon Web Services evaluates the request in the trusting account and the trusted account. The request is allowed only if both evaluations return true. For more information about how policies are evaluated, see Evaluating policies within a single account.

If an Organizations SCP included in the evaluation denies access, the simulation ends. In this case, policy evaluation does not proceed any further and this parameter is not returned.

§resource_specific_results: Option<Vec<ResourceSpecificResult>>

The individual results of the simulation of the API operation specified in EvalActionName on each resource.

Implementations§

source§

impl EvaluationResult

source

pub fn eval_action_name(&self) -> &str

The name of the API operation tested on the indicated resource.

source

pub fn eval_resource_name(&self) -> Option<&str>

The ARN of the resource that the indicated API operation was tested on.

source

pub fn eval_decision(&self) -> &PolicyEvaluationDecisionType

The result of the simulation.

source

pub fn matched_statements(&self) -> &[Statement]

A list of the statements in the input policies that determine the result for this scenario. Remember that even if multiple statements allow the operation on the resource, if only one statement denies that operation, then the explicit deny overrides any allow. In addition, the deny statement is the only entry included in the result.

If no value was sent for this field, a default will be set. If you want to determine if no value was sent, use .matched_statements.is_none().

source

pub fn missing_context_values(&self) -> &[String]

A list of context keys that are required by the included input policies but that were not provided by one of the input parameters. This list is used when the resource in a simulation is "*", either explicitly, or when the ResourceArns parameter blank. If you include a list of resources, then any missing context values are instead included under the ResourceSpecificResults section. To discover the context keys used by a set of policies, you can call GetContextKeysForCustomPolicy or GetContextKeysForPrincipalPolicy.

If no value was sent for this field, a default will be set. If you want to determine if no value was sent, use .missing_context_values.is_none().

source

pub fn organizations_decision_detail( &self ) -> Option<&OrganizationsDecisionDetail>

A structure that details how Organizations and its service control policies affect the results of the simulation. Only applies if the simulated user's account is part of an organization.

source

pub fn permissions_boundary_decision_detail( &self ) -> Option<&PermissionsBoundaryDecisionDetail>

Contains information about the effect that a permissions boundary has on a policy simulation when the boundary is applied to an IAM entity.

source

pub fn eval_decision_details( &self ) -> Option<&HashMap<String, PolicyEvaluationDecisionType>>

Additional details about the results of the cross-account evaluation decision. This parameter is populated for only cross-account simulations. It contains a brief summary of how each policy type contributes to the final evaluation decision.

If the simulation evaluates policies within the same account and includes a resource ARN, then the parameter is present but the response is empty. If the simulation evaluates policies within the same account and specifies all resources (*), then the parameter is not returned.

When you make a cross-account request, Amazon Web Services evaluates the request in the trusting account and the trusted account. The request is allowed only if both evaluations return true. For more information about how policies are evaluated, see Evaluating policies within a single account.

If an Organizations SCP included in the evaluation denies access, the simulation ends. In this case, policy evaluation does not proceed any further and this parameter is not returned.

source

pub fn resource_specific_results(&self) -> &[ResourceSpecificResult]

The individual results of the simulation of the API operation specified in EvalActionName on each resource.

If no value was sent for this field, a default will be set. If you want to determine if no value was sent, use .resource_specific_results.is_none().

source§

impl EvaluationResult

source

pub fn builder() -> EvaluationResultBuilder

Creates a new builder-style object to manufacture EvaluationResult.

Trait Implementations§

source§

impl Clone for EvaluationResult

source§

fn clone(&self) -> EvaluationResult

Returns a copy of the value. Read more
1.0.0 · source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
source§

impl Debug for EvaluationResult

source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
source§

impl PartialEq for EvaluationResult

source§

fn eq(&self, other: &EvaluationResult) -> bool

This method tests for self and other values to be equal, and is used by ==.
1.0.0 · source§

fn ne(&self, other: &Rhs) -> bool

This method tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.
source§

impl StructuralPartialEq for EvaluationResult

Auto Trait Implementations§

Blanket Implementations§

source§

impl<T> Any for T
where T: 'static + ?Sized,

source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
source§

impl<T> Borrow<T> for T
where T: ?Sized,

source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
source§

impl<T> From<T> for T

source§

fn from(t: T) -> T

Returns the argument unchanged.

source§

impl<T> Instrument for T

source§

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more
source§

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more
source§

impl<T, U> Into<U> for T
where U: From<T>,

source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

source§

impl<Unshared, Shared> IntoShared<Shared> for Unshared
where Shared: FromUnshared<Unshared>,

source§

fn into_shared(self) -> Shared

Creates a shared type from an unshared type.
source§

impl<T> Same for T

§

type Output = T

Should always be Self
source§

impl<T> ToOwned for T
where T: Clone,

§

type Owned = T

The resulting type after obtaining ownership.
source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

§

type Error = Infallible

The type returned in the event of a conversion error.
source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
source§

impl<T> WithSubscriber for T

source§

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more
source§

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more