IAM Actions:Get Context Keys For Principal Policy

Search (SHIFT+S)

Get Context Keys For Principal Policy

POST /iam?Action=GetContextKeysForPrincipalPolicy

Gets a list of all of the context keys referenced in all the IAM policies that are attached to the specified IAM entity. The entity can be an IAM user, group, or role.

Query Parameters

PolicySourceArn	The ARN of a user, group, or role whose policies contain the context keys that you want listed. If you specify a user, the list includes context keys that are found in all policies that are attached to the user. The list also includes all groups that the user is a member of.
PolicyInputList	A list of policies for which you want the list of context keys referenced in those policies.

Required Roles

This call has no restrictions.

Request Payload

No Request Payload

Response Body

No Response Body

Examples

Request

NOTE:  Policy must be encoded
https://192.168.0.0::4443/iam?Action=GetContextKeysForPrincipalPolicy
&PolicyInputList.member.1='{
"Version": "2012-10-17",
"Statement": {
  "Effect": "Allow",
  "Action": "s3:*",
  "Resource": "*",
  "Condition":{"StringEquals":{"s3:x-amz-acl":"public-read"}}
}
}'
Accept: appliction/json
X-SDS-AUTH-TOKEN: <AUTH_TOKEN>
x-emc-namespace: <namespace>

Response

HTTP/1.1 200 OK

<?xml version="1.0" encoding="UTF-8" ?>
<GetContextKeysForPrincipalPolicyResponse>
    <ResponseMetadata>
        <RequestId>0af9f5b8:17178fe9282:c9e6:68</RequestId>
    </ResponseMetadata>
    <GetContextKeysForPrincipalPolicyResult>
        <ContextKeyNames>
            <member>s3:x-amz-acl</member>
        </ContextKeyNames>
    </GetContextKeysForPrincipalPolicyResult>
</GetContextKeysForPrincipalPolicyResponse>

Request

NOTE:  Policy must be encoded
https://192.168.0.0::4443/iam?Action=GetContextKeysForPrincipalPolicy
&PolicySourceArn=arn:ecs:iam::ns1:user/testuser
&PolicyInputList.member.1='{
"Version": "2012-10-17",
"Statement": {
  "Effect": "Allow",
  "Action": "s3:*",
  "Resource": "*",
  "Condition":{"StringEquals":{"s3:x-amz-acl":"public-read"}}
}
}'
Accept: appliction/json
X-SDS-AUTH-TOKEN: <AUTH_TOKEN>
x-emc-namespace: <namespace>

Response

HTTP/1.1 200 OK


{
    "ResponseMetadata": {
        "RequestId": "0af9f5b8:17178fe9282:cbe5:66"
    },
    "GetContextKeysForPrincipalPolicyResult": {
        "ContextKeyNames": ["s3:x-amz-acl", "aws:username"]
    }
}

Request

NOTE:  Policy must be encoded

curl -H $token -H "Content-Type: application/xml" -H "x-emc-namespace: <namespace>" -X POST https://$nodeIp:4443/iam?Action=GetContextKeysForPrincipalPolicy&PolicyInputList.member.1='{"Version": "2012-10-17","Statement": {"Effect": "Allow","Action": "s3:*","Resource": "*","Condition":{"StringEquals":{"s3:x-amz-acl":"public-read"}}}}'

Response

HTTP/1.1 200 OK
Content-Type: application/xml

<?xml version="1.0" encoding="UTF-8" ?>
<GetContextKeysForPrincipalPolicyResponse>
    <ResponseMetadata>
        <RequestId>0af9f5b8:17178fe9282:c9e6:68</RequestId>
    </ResponseMetadata>
    <GetContextKeysForPrincipalPolicyResult>
        <ContextKeyNames>
            <member>s3:x-amz-acl</member>
        </ContextKeyNames>
    </GetContextKeysForPrincipalPolicyResult>
</GetContextKeysForPrincipalPolicyResponse>