From 4efbe1e970b3fb1200492162f56bd013d69fee4b Mon Sep 17 00:00:00 2001 From: chrisradek Date: Mon, 2 Nov 2015 11:12:57 -0800 Subject: [PATCH] Updates AWS.IAM API --- apis/iam-2010-05-08.min.json | 68 ++++++++++++++++++++++++--------- apis/iam-2010-05-08.normal.json | 62 +++++++++++++++++++++++++++--- 2 files changed, 105 insertions(+), 25 deletions(-) diff --git a/apis/iam-2010-05-08.min.json b/apis/iam-2010-05-08.min.json index 3d000e2dcb..92e0a428ba 100644 --- a/apis/iam-2010-05-08.min.json +++ b/apis/iam-2010-05-08.min.json @@ -2211,6 +2211,7 @@ "ContextEntries": { "shape": "S7j" }, + "ResourceHandlingOption": {}, "MaxItems": { "type": "integer" }, @@ -2218,7 +2219,7 @@ } }, "output": { - "shape": "S7o", + "shape": "S7p", "resultWrapper": "SimulateCustomPolicyResult" } }, @@ -2246,6 +2247,7 @@ "ContextEntries": { "shape": "S7j" }, + "ResourceHandlingOption": {}, "MaxItems": { "type": "integer" }, @@ -2253,7 +2255,7 @@ } }, "output": { - "shape": "S7o", + "shape": "S7p", "resultWrapper": "SimulatePrincipalPolicyResult" } }, @@ -2839,7 +2841,7 @@ } } }, - "S7o": { + "S7p": { "type": "structure", "members": { "EvaluationResults": { @@ -2848,7 +2850,6 @@ "type": "structure", "required": [ "EvalActionName", - "EvalResourceName", "EvalDecision" ], "members": { @@ -2856,28 +2857,36 @@ "EvalResourceName": {}, "EvalDecision": {}, "MatchedStatements": { + "shape": "S7t" + }, + "MissingContextValues": { + "shape": "S3w" + }, + "EvalDecisionDetails": { + "shape": "S80" + }, + "ResourceSpecificResults": { "type": "list", "member": { "type": "structure", + "required": [ + "EvalResourceName", + "EvalResourceDecision" + ], "members": { - "SourcePolicyId": {}, - "SourcePolicyType": {}, - "StartPosition": { - "shape": "S7w" + "EvalResourceName": {}, + "EvalResourceDecision": {}, + "MatchedStatements": { + "shape": "S7t" }, - "EndPosition": { - "shape": "S7w" + "MissingContextValues": { + "shape": "S3w" + }, + "EvalDecisionDetails": { + "shape": "S80" } } } - }, - "MissingContextValues": { - "shape": "S3w" - }, - "EvalDecisionDetails": { - "type": "map", - "key": {}, - "value": {} } } } @@ -2888,7 +2897,23 @@ "Marker": {} } }, - "S7w": { + "S7t": { + "type": "list", + "member": { + "type": "structure", + "members": { + "SourcePolicyId": {}, + "SourcePolicyType": {}, + "StartPosition": { + "shape": "S7x" + }, + "EndPosition": { + "shape": "S7x" + } + } + } + }, + "S7x": { "type": "structure", "members": { "Line": { @@ -2898,6 +2923,11 @@ "type": "integer" } } + }, + "S80": { + "type": "map", + "key": {}, + "value": {} } }, "examples": {} diff --git a/apis/iam-2010-05-08.normal.json b/apis/iam-2010-05-08.normal.json index 1e517d9bfd..87531f1832 100644 --- a/apis/iam-2010-05-08.normal.json +++ b/apis/iam-2010-05-08.normal.json @@ -2995,7 +2995,7 @@ "documentation":"

The request processing has failed because of an unknown error, exception or failure.

" } ], - "documentation":"

Lists the account aliases associated with the account. For information about using an AWS account alias, see Using an Alias for Your AWS Account ID in the IAM User Guide.

You can paginate the results using the MaxItems and Marker parameters.

" + "documentation":"

Lists the account alias associated with the account (Note: you can have only one). For information about using an AWS account alias, see Using an Alias for Your AWS Account ID in the IAM User Guide.

" }, "ListAttachedGroupPolicies":{ "name":"ListAttachedGroupPolicies", @@ -5901,7 +5901,6 @@ "type":"structure", "required":[ "EvalActionName", - "EvalResourceName", "EvalDecision" ], "members":{ @@ -5927,7 +5926,11 @@ }, "EvalDecisionDetails":{ "shape":"EvalDecisionDetailsType", - "documentation":"

Additional details about the results of the evaluation decision. When there are both IAM policies and resource policies, this parameter explains how each set of policies contributes to the final evaluation decision. When simulating cross-account access to a resource, both the resource-based policy and the caller's IAM policy must grant access. See How IAM Roles Differ from Resource-based Policies

" + "documentation":"

Additional details about the results of the evaluation decision. When there are both IAM policies and resource policies, this parameter explains how each set of policies contributes to the final evaluation decision. When simulating cross-account access to a resource, both the resource-based policy and the caller's IAM policy must grant access. See How IAM Roles Differ from Resource-based Policies

" + }, + "ResourceSpecificResults":{ + "shape":"ResourceSpecificResultListType", + "documentation":"

The individual results of the simulation of the API action specified in EvalActionName on each resource.

" } }, "documentation":"

Contains the results of a simulation.

This data type is used by the return parameter of SimulatePolicy.

" @@ -6045,7 +6048,7 @@ "members":{ "PolicyInputList":{ "shape":"SimulationPolicyListType", - "documentation":"

A list of policies for which you want list of context keys used in Condition elements.

" + "documentation":"

A list of policies for which you want list of context keys used in Condition elements. Each document is specified as a string containing the complete, valid JSON text of an IAM policy.

" } } }, @@ -6741,7 +6744,7 @@ "members":{ "AccountAliases":{ "shape":"accountAliasListType", - "documentation":"

A list of aliases associated with the account.

" + "documentation":"

A list of aliases associated with the account. AWS supports only one alias per account.

" }, "IsTruncated":{ "shape":"booleanType", @@ -7719,7 +7722,7 @@ }, "ExpirePasswords":{ "shape":"booleanType", - "documentation":"

Specifies whether IAM users are required to change their password after a specified number of days.

" + "documentation":"

Indicates whether passwords in the account expire. Returns true if MaxPasswordAge is contains a value greater than 0. Returns false if MaxPasswordAge is 0 or not present.

" }, "MaxPasswordAge":{ "shape":"maxPasswordAgeType", @@ -8048,6 +8051,11 @@ "COMPLETE" ] }, + "ResourceHandlingOptionType":{ + "type":"string", + "min":1, + "max":64 + }, "ResourceNameListType":{ "type":"list", "member":{"shape":"ResourceNameType"} @@ -8057,6 +8065,40 @@ "min":1, "max":2048 }, + "ResourceSpecificResult":{ + "type":"structure", + "required":[ + "EvalResourceName", + "EvalResourceDecision" + ], + "members":{ + "EvalResourceName":{ + "shape":"ResourceNameType", + "documentation":"

The name of the simulated resource, in Amazon Resource Name (ARN) format.

" + }, + "EvalResourceDecision":{ + "shape":"PolicyEvaluationDecisionType", + "documentation":"

The result of the simulation of the simulated API action on the resource specified in EvalResourceName.

" + }, + "MatchedStatements":{ + "shape":"StatementListType", + "documentation":"

A list of the statements in the input policies that determine the result for this part of the simulation. Remember that even if multiple statements allow the action on the resource, if any statement denies that action, then the explicit deny overrides any allow, and the deny statement is the only entry included in the result.

" + }, + "MissingContextValues":{ + "shape":"ContextKeyNamesResultListType", + "documentation":"

A list of context keys that are required by the included input policies but that were not provided by one of the input parameters. To discover the context keys used by a set of policies, you can call GetContextKeysForCustomPolicy or GetContextKeysForPrincipalPolicy.

" + }, + "EvalDecisionDetails":{ + "shape":"EvalDecisionDetailsType", + "documentation":"

Additional details about the results of the evaluation decision. When there are both IAM policies and resource policies, this parameter explains how each set of policies contributes to the final evaluation decision. When simulating cross-account access to a resource, both the resource-based policy and the caller's IAM policy must grant access.

" + } + }, + "documentation":"

Contains the result of the simulation of a single API action call on a single resource.

This data type is used by a member of the EvaluationResult data type.

" + }, + "ResourceSpecificResultListType":{ + "type":"list", + "member":{"shape":"ResourceSpecificResult"} + }, "ResyncMFADeviceRequest":{ "type":"structure", "required":[ @@ -8410,6 +8452,10 @@ "shape":"ContextEntryListType", "documentation":"

A list of context keys and corresponding values for the simulation to use. Whenever a context key is evaluated by a Condition element in one of the simulated IAM permission policies, the corresponding value is supplied.

" }, + "ResourceHandlingOption":{ + "shape":"ResourceHandlingOptionType", + "documentation":"

Specifies the type of simulation to run. Different APIs that support resource-based policies require different combinations of resources. By specifying the type of simulation to run, you enable the policy simulator to enforce the presence of the required resources to ensure reliable simulation results. If your simulation does not match one of the following scenarios, then you can omit this parameter. The following list shows each of the supported scenario values and the resources that you must define to run the simulation.

Each of the EC2 scenarios requires that you specify instance, image, and security-group resources. If your scenario includes an EBS volume, then you must specify that volume as a resource. If the EC2 scenario includes VPC, then you must supply the network-interface resource. If it includes an IP subnet, then you must specify the subnet resource. For more information on the EC2 scenario options, see Supported Platforms in the AWS EC2 User Guide.

" + }, "MaxItems":{ "shape":"maxItemsType", "documentation":"

Use this only when paginating results to indicate the maximum number of items you want in the response. If additional items exist beyond the maximum you specify, the IsTruncated response element is true.

This parameter is optional. If you do not include it, it defaults to 100. Note that IAM might return fewer results, even when there are more results available. In that case, the IsTruncated response element returns true and Marker contains a value to include in the subsequent call that tells the service where to continue from.

" @@ -8477,6 +8523,10 @@ "shape":"ContextEntryListType", "documentation":"

A list of context keys and corresponding values for the simulation to use. Whenever a context key is evaluated by a Condition element in one of the simulated policies, the corresponding value is supplied.

" }, + "ResourceHandlingOption":{ + "shape":"ResourceHandlingOptionType", + "documentation":"

Specifies the type of simulation to run. Different APIs that support resource-based policies require different combinations of resources. By specifying the type of simulation to run, you enable the policy simulator to enforce the presence of the required resources to ensure reliable simulation results. If your simulation does not match one of the following scenarios, then you can omit this parameter. The following list shows each of the supported scenario values and the resources that you must define to run the simulation.

Each of the EC2 scenarios requires that you specify instance, image, and security-group resources. If your scenario includes an EBS volume, then you must specify that volume as a resource. If the EC2 scenario includes VPC, then you must supply the network-interface resource. If it includes an IP subnet, then you must specify the subnet resource. For more information on the EC2 scenario options, see Supported Platforms in the AWS EC2 User Guide.

" + }, "MaxItems":{ "shape":"maxItemsType", "documentation":"

Use this only when paginating results to indicate the maximum number of items you want in the response. If additional items exist beyond the maximum you specify, the IsTruncated response element is true.

This parameter is optional. If you do not include it, it defaults to 100. Note that IAM might return fewer results, even when there are more results available. In that case, the IsTruncated response element returns true and Marker contains a value to include in the subsequent call that tells the service where to continue from.

"