本文整理汇总了Java中com.amazonaws.auth.policy.Principal类的典型用法代码示例。如果您正苦于以下问题:Java Principal类的具体用法?Java Principal怎么用?Java Principal使用的例子?那么恭喜您, 这里精选的类代码示例或许可以为您提供帮助。
Principal类属于com.amazonaws.auth.policy包,在下文中一共展示了Principal类的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。
示例1: writePrincipals
import com.amazonaws.auth.policy.Principal; //导入依赖的package包/类
/**
* Writes the list of <code>Principal</code>s to the JSONGenerator.
*
* @param principals
* the list of principals to be written.
*/
private void writePrincipals(List<Principal> principals)
throws JsonGenerationException, IOException {
if (principals.size() == 1 && principals.get(0).equals(Principal.All)) {
writeJsonKeyValue(JsonDocumentFields.PRINCIPAL, Principal.All.getId());
} else {
writeJsonObjectStart(JsonDocumentFields.PRINCIPAL);
Map<String, List<String>> principalsByScheme = groupPrincipalByScheme(principals);
List<String> principalValues;
for (Map.Entry<String, List<String>> entry : principalsByScheme.entrySet()) {
principalValues = principalsByScheme.get(entry.getKey());
if (principalValues.size() == 1) {
writeJsonKeyValue(entry.getKey(), principalValues.get(0));
} else {
writeJsonArray(entry.getKey(), principalValues);
}
}
writeJsonObjectEnd();
}
}
示例2: groupPrincipalByScheme
import com.amazonaws.auth.policy.Principal; //导入依赖的package包/类
/**
* Groups the list of <code>Principal</code>s by the Scheme.
*
* @param principals
* the list of <code>Principal</code>s
* @return a map grouped by scheme of the principal.
*/
private Map<String, List<String>> groupPrincipalByScheme(
List<Principal> principals) {
Map<String, List<String>> principalsByScheme = new LinkedHashMap<String, List<String>>();
String provider;
List<String> principalValues;
for (Principal principal : principals) {
provider = principal.getProvider();
if (!principalsByScheme.containsKey(provider)) {
principalsByScheme.put(provider, new ArrayList<String>());
}
principalValues = principalsByScheme.get(provider);
principalValues.add(principal.getId());
}
return principalsByScheme;
}
示例3: generateStandardCMSPolicyStatement
import com.amazonaws.auth.policy.Principal; //导入依赖的package包/类
/**
* Generates the standard KMS key policy statement for the Cerberus Management Service
*/
protected Statement generateStandardCMSPolicyStatement() {
Statement cmsStatement = new Statement(Statement.Effect.Allow);
cmsStatement.withId(CERBERUS_MANAGEMENT_SERVICE_SID);
cmsStatement.withPrincipals(new Principal(AWS_PROVIDER, cmsRoleArn, false));
cmsStatement.withActions(
KMSActions.Encrypt,
KMSActions.Decrypt,
KMSActions.ReEncryptFrom,
KMSActions.ReEncryptTo,
KMSActions.GenerateDataKey,
KMSActions.GenerateDataKeyWithoutPlaintext,
KMSActions.GenerateRandom,
KMSActions.DescribeKey,
KMSActions.ScheduleKeyDeletion,
KMSActions.CancelKeyDeletion);
cmsStatement.withResources(new Resource("*"));
return cmsStatement;
}
示例4: subscribeQueueToTopic
import com.amazonaws.auth.policy.Principal; //导入依赖的package包/类
public String subscribeQueueToTopic(String snsTopicArn, String sqsQueueUrl){
Map<String, String> queueAttributes = sqsClient.getQueueAttributes(new GetQueueAttributesRequest(sqsQueueUrl)
.withAttributeNames(QueueAttributeName.QueueArn.toString())).getAttributes();
String sqsQueueArn = queueAttributes.get(QueueAttributeName.QueueArn.toString());
Policy policy = new Policy().withStatements(
new Statement(Effect.Allow)
.withId("topic-subscription-" + snsTopicArn)
.withPrincipals(Principal.AllUsers)
.withActions(SQSActions.SendMessage)
.withResources(new Resource(sqsQueueArn))
.withConditions(ConditionFactory.newSourceArnCondition(snsTopicArn)));
logger.debug("Policy: " + policy.toJson());
queueAttributes = new HashMap<String, String>();
queueAttributes.put(QueueAttributeName.Policy.toString(), policy.toJson());
sqsClient.setQueueAttributes(new SetQueueAttributesRequest(sqsQueueUrl, queueAttributes));
SubscribeResult subscribeResult =
snsClient.subscribe(new SubscribeRequest()
.withEndpoint(sqsQueueArn)
.withProtocol("sqs")
.withTopicArn(snsTopicArn));
return subscribeResult.getSubscriptionArn();
}
示例5: principalOf
import com.amazonaws.auth.policy.Principal; //导入依赖的package包/类
/**
* Generates a list of principals from the Principal Json Node
*
* @param principalNodes
* the principal Json to be parsed
* @return a list of principals
*/
private List<Principal> principalOf(JsonNode principalNodes) {
List<Principal> principals = new LinkedList<Principal>();
if (principalNodes.asText().equals("*")) {
principals.add(Principal.All);
return principals;
}
Iterator<Map.Entry<String, JsonNode>> mapOfPrincipals = principalNodes
.fields();
String schema;
JsonNode principalNode;
Entry<String, JsonNode> principal;
Iterator<JsonNode> elements;
while (mapOfPrincipals.hasNext()) {
principal = mapOfPrincipals.next();
schema = principal.getKey();
principalNode = principal.getValue();
if (principalNode.isArray()) {
elements = principalNode.elements();
while (elements.hasNext()) {
principals.add(createPrincipal(schema, elements.next()));
}
} else {
principals.add(createPrincipal(schema, principalNode));
}
}
return principals;
}
示例6: createPrincipal
import com.amazonaws.auth.policy.Principal; //导入依赖的package包/类
/**
* Creates a new principal instance for the given schema and the Json node.
*
* @param schema
* the schema for the principal instance being created.
* @param principalNode
* the node indicating the AWS account that is making the
* request.
* @return a principal instance.
*/
private Principal createPrincipal(String schema, JsonNode principalNode) {
if (schema.equalsIgnoreCase(PRINCIPAL_SCHEMA_USER)) {
return new Principal(PRINCIPAL_SCHEMA_USER, principalNode.asText(), options.isStripAwsPrincipalIdHyphensEnabled());
} else if (schema.equalsIgnoreCase(PRINCIPAL_SCHEMA_SERVICE)) {
return new Principal(schema, principalNode.asText());
} else if (schema.equalsIgnoreCase(PRINCIPAL_SCHEMA_FEDERATED)) {
if (WebIdentityProviders.fromString(principalNode.asText()) != null) {
return new Principal(WebIdentityProviders.fromString(principalNode.asText()));
} else {
return new Principal(PRINCIPAL_SCHEMA_FEDERATED, principalNode.asText());
}
}
throw new SdkClientException("Schema " + schema + " is not a valid value for the principal.");
}
示例7: getPolicy
import com.amazonaws.auth.policy.Principal; //导入依赖的package包/类
private String getPolicy(List<String> accountIds) {
Policy policy = new Policy("AuthorizedWorkerAccessPolicy");
Statement stmt = new Statement(Effect.Allow);
Action action = SQSActions.SendMessage;
stmt.getActions().add(action);
stmt.setResources(new LinkedList<>());
for(String accountId : accountIds) {
Principal principal = new Principal(accountId);
stmt.getPrincipals().add(principal);
}
stmt.getResources().add(new Resource(getQueueARN()));
policy.getStatements().add(stmt);
return policy.toJson();
}
示例8: generateStandardKmsPolicy
import com.amazonaws.auth.policy.Principal; //导入依赖的package包/类
public String generateStandardKmsPolicy(String iamRoleArn) {
Policy kmsPolicy = new Policy();
Statement rootUserStatement = new Statement(Statement.Effect.Allow);
rootUserStatement.withId("Root User Has All Actions");
rootUserStatement.withPrincipals(new Principal(AWS_PROVIDER, rootUserArn, false));
rootUserStatement.withActions(KMSActions.AllKMSActions);
rootUserStatement.withResources(new Resource("*"));
Statement keyAdministratorStatement = new Statement(Statement.Effect.Allow);
keyAdministratorStatement.withId("Admin Role Has All Actions");
keyAdministratorStatement.withPrincipals(new Principal(AWS_PROVIDER, adminRoleArn, false));
keyAdministratorStatement.withActions(KMSActions.AllKMSActions);
keyAdministratorStatement.withResources(new Resource("*"));
Statement instanceUsageStatement = generateStandardCMSPolicyStatement();
Statement iamRoleUsageStatement = new Statement(Statement.Effect.Allow);
iamRoleUsageStatement.withId(CERBERUS_CONSUMER_SID);
iamRoleUsageStatement.withPrincipals(
new Principal(AWS_PROVIDER, iamRoleArn, false));
iamRoleUsageStatement.withActions(KMSActions.Decrypt);
iamRoleUsageStatement.withResources(new Resource("*"));
kmsPolicy.withStatements(rootUserStatement,
keyAdministratorStatement,
instanceUsageStatement,
iamRoleUsageStatement);
return kmsPolicy.toJson();
}
示例9: getPublicReadPolicy
import com.amazonaws.auth.policy.Principal; //导入依赖的package包/类
public static String getPublicReadPolicy(String bucket_name)
{
Policy bucket_policy = new Policy().withStatements(
new Statement(Statement.Effect.Allow)
.withPrincipals(Principal.AllUsers)
.withActions(S3Actions.GetObject)
.withResources(new Resource(
"arn:aws:s3:::" + bucket_name + "/*")));
return bucket_policy.toJson();
}
示例10: provisionKmsCmkForBackupRegion
import com.amazonaws.auth.policy.Principal; //导入依赖的package包/类
private String provisionKmsCmkForBackupRegion(String region) {
Policy kmsPolicy = new Policy();
final List<Statement> statements = new LinkedList<>();
// allow the configured admin iam principals all permissions
configStore.getBackupAdminIamPrincipals().forEach( principal -> {
log.debug("Adding principal: {} to the CMK Policy for region {}", principal, region);
statements.add(new Statement(Statement.Effect.Allow)
.withId("Principal " + principal + " Has All Actions")
.withPrincipals(new Principal(AWS_PROVIDER, principal, false))
.withActions(KMSActions.AllKMSActions)
.withResources(new Resource("*")));
});
kmsPolicy.setStatements(statements);
String policyString = kmsPolicy.toJson();
log.debug("Creating key for region {} with policy {}", region, policyString);
AWSKMS kms = AWSKMSClient.builder().withCredentials(getAWSCredentialsProviderChain()).withRegion(region).build();
CreateKeyResult createKeyResult = kms.createKey(
new CreateKeyRequest()
.withPolicy(policyString)
.withBypassPolicyLockoutSafetyCheck(true)
.withDescription(String.format("Cerberus Backup Encryption key for env: %S region: %s",
environmentMetadata.getName(), region))
.withTags(
new Tag().withTagKey("env").withTagValue(environmentMetadata.getName()),
new Tag().withTagKey("region").withTagValue(region),
new Tag().withTagKey("cerberus-backup-key").withTagValue("true")
)
);
String keyId = createKeyResult.getKeyMetadata().getKeyId();
log.info("Created new backup KMS CMK with id: {} for region: {}", keyId, region);
return keyId;
}
示例11: statementEquals
import com.amazonaws.auth.policy.Principal; //导入依赖的package包/类
private Boolean statementEquals(Statement statement1, Statement statement2) {
List<Action> actions1 = statement1.getActions();
List<Action> actions2 = statement2.getActions();
boolean actionMatches = actions1.size() == actions2.size()
&& actions1.stream().allMatch(action1 -> actions2.stream().anyMatch(action2 -> action1.getActionName().equals(action2.getActionName())));
if (!actionMatches) return false;
boolean effectMatches = statement1.getEffect().equals(statement2.getEffect());
if (!effectMatches) return false;
List<Resource> resources1 = statement1.getResources();
List<Resource> resources2 = statement2.getResources();
boolean resourceMatches = resources1.size() == resources2.size()
&& resources1.stream().allMatch(resource1 -> resources2.stream().anyMatch(resource2 -> resource1.getId().equals(resource2.getId())));
if (!resourceMatches) return false;
List<Condition> conditions1 = statement1.getConditions();
List<Condition> conditions2 = statement2.getConditions();
boolean conditionMatches = conditions1.size() == conditions2.size()
&& conditions1.stream().allMatch(condition1 -> conditions2.stream().anyMatch(condition2 -> conditionEquals(condition1, condition2)));
if (!conditionMatches) return false;
List<Principal> principals1 = statement1.getPrincipals();
List<Principal> principals2 = statement2.getPrincipals();
boolean principleMatches = principals1.size() == principals2.size()
&& principals1.stream().allMatch(principle1 -> principals2.stream().anyMatch(principal2 -> principleEquals(principle1, principal2)));
if (!principleMatches) return false;
return true;
}
示例12: jsonStringOf
import com.amazonaws.auth.policy.Principal; //导入依赖的package包/类
/**
* Converts the given <code>Policy</code> into a JSON String.
*
* @param policy
* the policy to be converted.
* @return a JSON String of the specified policy object.
*/
private String jsonStringOf(Policy policy) throws JsonGenerationException,
IOException {
generator.writeStartObject();
writeJsonKeyValue(JsonDocumentFields.VERSION, policy.getVersion());
if (isNotNull(policy.getId()))
writeJsonKeyValue(JsonDocumentFields.POLICY_ID, policy.getId());
writeJsonArrayStart(JsonDocumentFields.STATEMENT);
for (Statement statement : policy.getStatements()) {
generator.writeStartObject();
if (isNotNull(statement.getId())) {
writeJsonKeyValue(JsonDocumentFields.STATEMENT_ID, statement.getId());
}
writeJsonKeyValue(JsonDocumentFields.STATEMENT_EFFECT, statement
.getEffect().toString());
List<Principal> principals = statement.getPrincipals();
if (isNotNull(principals) && !principals.isEmpty())
writePrincipals(principals);
List<Action> actions = statement.getActions();
if (isNotNull(actions) && !actions.isEmpty())
writeActions(actions);
List<Resource> resources = statement.getResources();
if (isNotNull(resources) && !resources.isEmpty())
writeResources(resources);
List<Condition> conditions = statement.getConditions();
if (isNotNull(conditions) && !conditions.isEmpty())
writeConditions(conditions);
generator.writeEndObject();
}
writeJsonArrayEnd();
generator.writeEndObject();
generator.flush();
return writer.toString();
}
示例13: run
import com.amazonaws.auth.policy.Principal; //导入依赖的package包/类
@Override
public void run(SetBackupAdminPrincipalsCommand command) {
GetCallerIdentityResult identityResult = sts.getCallerIdentity(new GetCallerIdentityRequest());
String accountId = identityResult.getAccount();
String rootArn = String.format("arn:aws:iam::%s:root", accountId);
String adminRoleArn = configStore.getAccountAdminArn().get();
Set<String> principals = new HashSet<>();
principals.add(rootArn);
principals.add(adminRoleArn);
principals.addAll(command.getAdditionalPrincipals());
configStore.storeBackupAdminIamPrincipals(principals);
if (! configStore.getRegionBackupBucketMap().isEmpty()) {
configStore.getRegionBackupBucketMap().forEach((region, backupRegionInfo) -> {
final List<Statement> statements = new LinkedList<>();
principals.forEach( principal -> {
log.debug("Adding principal: {} to the CMK Policy for region {}", principal, region);
statements.add(new Statement(Statement.Effect.Allow)
.withId("Principal " + principal + " Has All Actions")
.withPrincipals(new Principal(AWS_PROVIDER, principal, false))
.withActions(KMSActions.AllKMSActions)
.withResources(new Resource("*")));
});
Policy kmsPolicy = new Policy();
kmsPolicy.setStatements(statements);
String policyString = kmsPolicy.toJson();
log.debug("Updating key {} for region {} with policy {}", backupRegionInfo.getKmsCmkId(), region, policyString);
AWSKMS kms = AWSKMSClient.builder().withCredentials(getAWSCredentialsProviderChain()).withRegion(region).build();
PutKeyPolicyRequest request = new PutKeyPolicyRequest()
.withKeyId(backupRegionInfo.getKmsCmkId())
.withPolicyName("default")
.withBypassPolicyLockoutSafetyCheck(true)
.withPolicy(policyString);
kms.putKeyPolicy(request);
log.info("Successfully updated key {} in region {} to allow the following principals access {}",
backupRegionInfo.getKmsCmkId(), region, String.join(", ", principals));
});
}
}
示例14: principleEquals
import com.amazonaws.auth.policy.Principal; //导入依赖的package包/类
private boolean principleEquals(Principal principle1, Principal principal2) {
return principle1.getId().equals(principal2.getId())
&& principle1.getProvider().equals(principal2.getProvider());
}
示例15: allowSQSQueueToReceiveMessagesFromSNSTopic
import com.amazonaws.auth.policy.Principal; //导入依赖的package包/类
private static void allowSQSQueueToReceiveMessagesFromSNSTopic(
AmazonSQS amazonSQS,
String queueURL,
String queueARN,
String topicARN
) {
GetQueueAttributesResult queueAttributesResult =
amazonSQS.getQueueAttributes(
new GetQueueAttributesRequest().withQueueUrl(queueURL).withAttributeNames(
QueueAttributeName.Policy
)
);
String policyJson = queueAttributesResult.getAttributes().get(QueueAttributeName.Policy.name());
final List<Statement> statements;
if (policyJson != null) {
statements = new ArrayList<>(Policy.fromJson(policyJson).getStatements());
} else {
// no policies yet exist
statements = new ArrayList<>();
}
statements.add(
new Statement(Statement.Effect.Allow)
.withPrincipals(Principal.AllUsers)
.withResources(new Resource(queueARN))
.withActions(SQSActions.SendMessage)
.withConditions(ConditionFactory.newSourceArnCondition(topicARN))
);
Policy policy = new Policy();
policy.setStatements(statements);
Map<String, String> queueAttributes = new HashMap<>();
queueAttributes.put(QueueAttributeName.Policy.name(), policy.toJson());
// Note that if the queue already has this policy, this will do nothing.
amazonSQS.setQueueAttributes(
new SetQueueAttributesRequest()
.withQueueUrl(queueURL)
.withAttributes(queueAttributes)
);
}