本文整理汇总了Java中com.amazonaws.auth.policy.Statement.Effect类的典型用法代码示例。如果您正苦于以下问题:Java Effect类的具体用法?Java Effect怎么用?Java Effect使用的例子?那么恭喜您, 这里精选的类代码示例或许可以为您提供帮助。
Effect类属于com.amazonaws.auth.policy.Statement包,在下文中一共展示了Effect类的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。
示例1: testMultipleConditionKeysForConditionType
import com.amazonaws.auth.policy.Statement.Effect; //导入依赖的package包/类
@Test
public void testMultipleConditionKeysForConditionType() throws Exception {
Policy policy = new Policy();
policy.withStatements(new Statement(Effect.Allow)
.withResources(new Resource("arn:aws:sqs:us-east-1:987654321000:MyQueue"))
.withPrincipals(Principal.AllUsers)
.withActions(new TestAction("foo"))
.withConditions(
new StringCondition(StringComparisonType.StringNotLike, "key1", "foo"),
new StringCondition(StringComparisonType.StringNotLike, "key1", "bar")));
policy = Policy.fromJson(policy.toJson());
assertEquals(1, policy.getStatements().size());
List<Statement> statements = new LinkedList<Statement>(policy.getStatements());
assertEquals(Effect.Allow, statements.get(0).getEffect());
assertEquals(1, statements.get(0).getActions().size());
assertEquals("foo", statements.get(0).getActions().get(0).getActionName());
assertEquals(1, statements.get(0).getConditions().size());
assertEquals("StringNotLike", statements.get(0).getConditions().get(0).getType());
assertEquals("key1", statements.get(0).getConditions().get(0).getConditionKey());
assertEquals(2, statements.get(0).getConditions().get(0).getValues().size());
assertEquals("foo", statements.get(0).getConditions().get(0).getValues().get(0));
assertEquals("bar", statements.get(0).getConditions().get(0).getValues().get(1));
}
示例2: testPolicyParsingWithNoEffect
import com.amazonaws.auth.policy.Statement.Effect; //导入依赖的package包/类
/**
* Test policy parsing when the "Effect" is not mentioned in a Statement.
* The Effect must be default to "Deny" when it is not mentioned.
*/
@Test
public void testPolicyParsingWithNoEffect() {
String jsonString =
"{" +
"\"Statement\": [{" +
"\"Action\": [" +
"\"elasticmapreduce:*\"," +
"\"iam:PassRole\"" +
"]," +
"\"Resource\": [\"*\"]" +
"}]" +
"}";
Policy policy = Policy.fromJson(jsonString);
assertEquals(1, policy.getStatements().size());
List<Statement> statements = new LinkedList<Statement>(policy.getStatements());
assertEquals(Effect.Deny, statements.get(0).getEffect());
assertEquals(1, statements.size());
}
示例3: testCloudHSMServicePrincipal
import com.amazonaws.auth.policy.Statement.Effect; //导入依赖的package包/类
@Test
public void testCloudHSMServicePrincipal() {
String jsonString =
"{" +
"\"Version\":\"2008-10-17\"," +
"\"Statement\":[" +
"{\"Sid\":\"\"," +
"\"Effect\":\"Allow\"," +
"\"Principal\":{\"Service\":\"cloudhsm.amazonaws.com\"}," +
"\"Action\":\"sts:AssumeRole\"}" +
"]" +
"}";
Policy policy = Policy.fromJson(jsonString);
assertEquals(POLICY_VERSION, policy.getVersion());
List<Statement> statements = new LinkedList<Statement>(policy.getStatements());
assertEquals(1, statements.size());
assertEquals(1, statements.get(0).getActions().size());
assertEquals(Effect.Allow, statements.get(0).getEffect());
assertEquals("sts:AssumeRole", statements.get(0).getActions().get(0).getActionName());
assertEquals(0, statements.get(0).getConditions().size());
assertEquals(1, statements.get(0).getPrincipals().size());
assertEquals(Services.AWSCloudHSM.getServiceId(), statements.get(0).getPrincipals().get(0).getId());
assertEquals("Service", statements.get(0).getPrincipals().get(0).getProvider());
}
示例4: testPrincipalWithServiceNotInServicesEnum
import com.amazonaws.auth.policy.Statement.Effect; //导入依赖的package包/类
/**
* This test case was written as result of the following TT
*
* @see TT:0030871921
*
* When a service is mentioned in the principal, we always try to
* figure out the service from
* <code>com.amazonaws.auth.policy.Principal.Services</code> enum. For
* new services introduced, if the enum is not updated, then the parsing
* fails.
*/
@Test
public void testPrincipalWithServiceNotInServicesEnum() {
String jsonString = "{" + "\"Version\":\"2008-10-17\","
+ "\"Statement\":[" + "{" + "\"Sid\":\"\","
+ "\"Effect\":\"Allow\"," + "\"Principal\":{"
+ "\"Service\":\"workspaces.amazonaws.com\" " + "},"
+ "\"Action\":\"sts:AssumeRole\"" + "}" + "]" + "}";
Policy policy = Policy.fromJson(jsonString);
assertEquals(POLICY_VERSION, policy.getVersion());
List<Statement> statements = new LinkedList<Statement>(
policy.getStatements());
assertEquals(1, statements.size());
assertEquals(1, statements.get(0).getActions().size());
assertEquals(Effect.Allow, statements.get(0).getEffect());
assertEquals("sts:AssumeRole", statements.get(0).getActions().get(0)
.getActionName());
assertEquals(0, statements.get(0).getConditions().size());
assertEquals(1, statements.get(0).getPrincipals().size());
assertEquals("workspaces.amazonaws.com", statements.get(0)
.getPrincipals().get(0).getId());
assertEquals("Service", statements.get(0).getPrincipals().get(0)
.getProvider());
}
示例5: testStatementIdAssignment
import com.amazonaws.auth.policy.Statement.Effect; //导入依赖的package包/类
/**
* Tests that a policy correctly assigns unique statement IDs to any added
* statements without IDs yet.
*/
@Test
public void testStatementIdAssignment() throws Exception {
Policy policy = new Policy("S3PolicyId1");
policy.withStatements(
new Statement(Effect.Allow).withId("0")
.withPrincipals(Principal.AllUsers)
.withActions(new TestAction("action1")),
new Statement(Effect.Allow).withId("1")
.withPrincipals(Principal.AllUsers)
.withActions(new TestAction("action1")), new Statement(
Effect.Deny).withPrincipals(Principal.AllUsers)
.withActions(new TestAction("action2")));
assertValidStatementIds(policy);
}
示例6: subscribeQueueToTopic
import com.amazonaws.auth.policy.Statement.Effect; //导入依赖的package包/类
public String subscribeQueueToTopic(String snsTopicArn, String sqsQueueUrl){
Map<String, String> queueAttributes = sqsClient.getQueueAttributes(new GetQueueAttributesRequest(sqsQueueUrl)
.withAttributeNames(QueueAttributeName.QueueArn.toString())).getAttributes();
String sqsQueueArn = queueAttributes.get(QueueAttributeName.QueueArn.toString());
Policy policy = new Policy().withStatements(
new Statement(Effect.Allow)
.withId("topic-subscription-" + snsTopicArn)
.withPrincipals(Principal.AllUsers)
.withActions(SQSActions.SendMessage)
.withResources(new Resource(sqsQueueArn))
.withConditions(ConditionFactory.newSourceArnCondition(snsTopicArn)));
logger.debug("Policy: " + policy.toJson());
queueAttributes = new HashMap<String, String>();
queueAttributes.put(QueueAttributeName.Policy.toString(), policy.toJson());
sqsClient.setQueueAttributes(new SetQueueAttributesRequest(sqsQueueUrl, queueAttributes));
SubscribeResult subscribeResult =
snsClient.subscribe(new SubscribeRequest()
.withEndpoint(sqsQueueArn)
.withProtocol("sqs")
.withTopicArn(snsTopicArn));
return subscribeResult.getSubscriptionArn();
}
示例7: statementOf
import com.amazonaws.auth.policy.Statement.Effect; //导入依赖的package包/类
/**
* Creates a <code>Statement<code> instance from the statement node.
*
* A statement consists of an Effect, id (optional), principal, action, resource,
* and conditions.
* <p>
* principal is the AWS account that is making a request to access or modify one of your AWS resources.
* <p>
* action is the way in which your AWS resource is being accessed or modified, such as sending a message to an Amazon SQS queue, or storing an object in an Amazon S3 bucket.
* <p>
* resource is the AWS entity that the principal wants to access, such as an Amazon SQS queue, or an object stored in Amazon S3.
* <p>
* conditions are the optional constraints that specify when to allow or deny access for the principal to access your resource. Many expressive conditions are available, some specific to each service. For example, you can use date conditions to allow access to your resources only after or before a specific time.
*
* @param jStatement
* JsonNode representing the statement.
* @return a reference to the statement instance created.
*/
private Statement statementOf(JsonNode jStatement) {
JsonNode effectNode = jStatement.get(JsonDocumentFields.STATEMENT_EFFECT);
final Effect effect = isNotNull(effectNode)
? Effect.valueOf(effectNode.asText())
: Effect.Deny ;
Statement statement = new Statement(effect);
JsonNode id = jStatement.get(JsonDocumentFields.STATEMENT_ID);
if (isNotNull(id)) {
statement.setId(id.asText());
}
JsonNode actionNodes = jStatement.get(JsonDocumentFields.ACTION);
if (isNotNull(actionNodes))
statement.setActions(actionsOf(actionNodes));
JsonNode resourceNodes = jStatement.get(JsonDocumentFields.RESOURCE);
if (isNotNull(resourceNodes))
statement.setResources(resourcesOf(resourceNodes));
JsonNode conditionNodes = jStatement.get(JsonDocumentFields.CONDITION);
if (isNotNull(conditionNodes))
statement.setConditions(conditionsOf(conditionNodes));
JsonNode principalNodes = jStatement.get(JsonDocumentFields.PRINCIPAL);
if (isNotNull(principalNodes))
statement.setPrincipals(principalOf(principalNodes));
return statement;
}
示例8: testNoJsonArray
import com.amazonaws.auth.policy.Statement.Effect; //导入依赖的package包/类
@Test
public void testNoJsonArray() {
String jsonString =
"{" +
"\"Version\": \"2012-10-17\"," +
"\"Statement\": [" +
"{" +
"\"Effect\": \"Allow\"," +
"\"Principal\": {" +
"\"AWS\": \"*\"" +
"}," +
"\"Action\": \"sts:AssumeRole\"," +
"\"Condition\": {" +
"\"IpAddress\": {" +
" \"aws:SourceIp\": \"10.10.10.10/32\"" +
"}" +
"}" +
"}" +
"]" +
"}" ;
Policy policy = Policy.fromJson(jsonString);
assertEquals(POLICY_VERSION, policy.getVersion());
List<Statement> statements = new LinkedList<Statement>(policy.getStatements());
assertEquals(1, statements.size());
assertEquals(1, statements.get(0).getActions().size());
assertEquals(Effect.Allow, statements.get(0).getEffect());
assertEquals("sts:AssumeRole", statements.get(0).getActions().get(0).getActionName());
assertEquals(1, statements.get(0).getConditions().size());
assertEquals("IpAddress", statements.get(0).getConditions().get(0).getType());
assertEquals("aws:SourceIp", statements.get(0).getConditions().get(0).getConditionKey());
assertEquals(1, statements.get(0).getConditions().get(0).getValues().size());
assertEquals("10.10.10.10/32", statements.get(0).getConditions().get(0).getValues().get(0));
assertEquals(1, statements.get(0).getPrincipals().size());
assertEquals("*", statements.get(0).getPrincipals().get(0).getId());
assertEquals("AWS", statements.get(0).getPrincipals().get(0).getProvider());
}
示例9: testFederatedUserBySAMLProvider
import com.amazonaws.auth.policy.Statement.Effect; //导入依赖的package包/类
/**
* Tests that SAML-based federated user is supported as principal.
*/
@Test
public void testFederatedUserBySAMLProvider() {
String jsonString =
"{" +
"\"Version\":\"2012-10-17\"," +
"\"Statement\":[" +
"{" +
"\"Sid\":\"\"," +
"\"Effect\":\"Allow\"," +
"\"Principal\":{" +
"\"Federated\":\"arn:aws:iam::862954416975:saml-provider/myprovider\"" +
"}," +
"\"Action\":\"sts:AssumeRoleWithSAML\"," +
"\"Condition\":{" +
"\"StringEquals\":{" +
"\"SAML:aud\":\"https://signin.aws.amazon.com/saml\"" +
"}" +
"}" +
"}" +
"]" +
"}";
Policy policy = Policy.fromJson(jsonString);
assertEquals(POLICY_VERSION, policy.getVersion());
List<Statement> statements = new LinkedList<Statement>(policy.getStatements());
assertEquals(1, statements.size());
assertEquals(1, statements.get(0).getActions().size());
assertEquals(Effect.Allow, statements.get(0).getEffect());
assertEquals("sts:AssumeRoleWithSAML", statements.get(0).getActions().get(0).getActionName());
assertEquals(1, statements.get(0).getConditions().size());
assertEquals("StringEquals", statements.get(0).getConditions().get(0).getType());
assertEquals("SAML:aud", statements.get(0).getConditions().get(0).getConditionKey());
assertEquals(1, statements.get(0).getConditions().get(0).getValues().size());
assertEquals("https://signin.aws.amazon.com/saml", statements.get(0).getConditions().get(0).getValues().get(0));
assertEquals(1, statements.get(0).getPrincipals().size());
assertEquals("arn:aws:iam::862954416975:saml-provider/myprovider", statements.get(0).getPrincipals().get(0).getId());
assertEquals("Federated", statements.get(0).getPrincipals().get(0).getProvider());
}
示例10: testMultipleConditionKeysForConditionType
import com.amazonaws.auth.policy.Statement.Effect; //导入依赖的package包/类
/**
* Policies with multiple conditions that use the same comparison type must
* be merged together in the JSON format, otherwise there will be two keys
* with the same name and one will override the other.
*/
@Test
public void testMultipleConditionKeysForConditionType() throws Exception {
Policy policy = new Policy();
policy.withStatements(new Statement(Effect.Allow)
.withResources(
new Resource(
"arn:aws:sqs:us-east-1:987654321000:MyQueue"))
.withPrincipals(Principal.AllUsers)
.withActions(new TestAction("foo"))
.withConditions(
new StringCondition(StringComparisonType.StringNotLike,
"key1", "foo"),
new StringCondition(StringComparisonType.StringNotLike,
"key1", "bar")));
JsonNode jsonPolicy = Jackson.jsonNodeOf(policy.toJson());
JsonNode statementArray = jsonPolicy.get("Statement");
assertEquals(statementArray.size(),1);
JsonNode conditions = statementArray.get(0).get("Condition");
assertEquals(conditions.size(),1);
JsonNode stringLikeCondition = conditions.get(StringComparisonType.StringNotLike.toString());
assertTrue(stringLikeCondition.has("key1"));
assertFalse(stringLikeCondition.has("key2"));
assertValidStatementIds(policy);
}
示例11: testMultipleStatements
import com.amazonaws.auth.policy.Statement.Effect; //导入依赖的package包/类
/**
* Tests serializing a more complex policy object with multiple statements.
*/
@Test
public void testMultipleStatements() throws Exception {
Policy policy = new Policy("S3PolicyId1");
policy.withStatements(
new Statement(Effect.Allow)
.withPrincipals(Principal.AllUsers)
.withActions(new TestAction("action1"))
.withResources(new Resource("resource"))
.withConditions(
new IpAddressCondition("192.168.143.0/24"),
new IpAddressCondition(
IpAddressComparisonType.NotIpAddress,
"192.168.143.188/32")),
new Statement(Effect.Deny).withPrincipals(Principal.AllUsers)
.withActions(new TestAction("action2"))
.withResources(new Resource("resource"))
.withConditions(new IpAddressCondition("10.1.2.0/24")));
JsonNode jsonPolicy = Jackson.jsonNodeOf(policy.toJson());
assertTrue(jsonPolicy.has("Id"));
JsonNode statementArray = jsonPolicy.get("Statement");
assertEquals(statementArray.size(),2);
assertValidStatementIds(policy);
JsonNode statement;
for (int i = 0; i < statementArray.size(); i++) {
statement = statementArray.get(i);
assertTrue(statement.has("Sid"));
assertTrue(statement.has("Effect"));
assertTrue(statement.has("Principal"));
assertTrue(statement.has("Action"));
assertTrue(statement.has("Resource"));
assertTrue(statement.has("Condition"));
}
}
示例12: getPolicy
import com.amazonaws.auth.policy.Statement.Effect; //导入依赖的package包/类
private String getPolicy(List<String> accountIds) {
Policy policy = new Policy("AuthorizedWorkerAccessPolicy");
Statement stmt = new Statement(Effect.Allow);
Action action = SQSActions.SendMessage;
stmt.getActions().add(action);
stmt.setResources(new LinkedList<>());
for(String accountId : accountIds) {
Principal principal = new Principal(accountId);
stmt.getPrincipals().add(principal);
}
stmt.getResources().add(new Resource(getQueueARN()));
policy.getStatements().add(stmt);
return policy.toJson();
}
示例13: withKms
import com.amazonaws.auth.policy.Statement.Effect; //导入依赖的package包/类
/**
* Adds a permission to allow the specified actions to the given KMS key id.
*
* @param kmsKeyId Full ARN to the kms key
* @param actions List of actions
*
* @return This builder
*/
@SuppressWarnings("PMD.CloseResource")
public AwsPolicyBuilder withKms(String kmsKeyId, KmsActions... actions)
{
Statement statement = new Statement(Effect.Allow);
statement.setActions(Arrays.asList(actions));
statement.setResources(Arrays.asList(new Resource(kmsKeyId)));
policy.getStatements().add(statement);
return this;
}
示例14: withS3
import com.amazonaws.auth.policy.Statement.Effect; //导入依赖的package包/类
/**
* Adds a permission to allow the specified actions to the given bucket and s3 object key. The permission will allow the given actions only to the specified
* object key. If object key is null, the permission is applied to the bucket itself.
*
* @param bucketName S3 bucket name
* @param objectKey S3 object key
* @param actions List of actions to allow
*
* @return This builder
*/
@SuppressWarnings("PMD.CloseResource")
public AwsPolicyBuilder withS3(String bucketName, String objectKey, S3Actions... actions)
{
Statement statement = new Statement(Effect.Allow);
statement.setActions(Arrays.asList(actions));
String resource = "arn:aws:s3:::" + bucketName;
if (objectKey != null)
{
resource += "/" + objectKey;
}
statement.setResources(Arrays.asList(new Resource(resource)));
policy.getStatements().add(statement);
return this;
}
示例15: testPrincipals
import com.amazonaws.auth.policy.Statement.Effect; //导入依赖的package包/类
@Test
public void testPrincipals() {
Policy policy = new Policy();
policy.withStatements(new Statement(Effect.Allow)
.withResources(new Resource("resource"))
.withPrincipals(new Principal("accountId1"), new Principal("accountId2"))
.withActions(new TestAction("action")));
policy = Policy.fromJson(policy.toJson());
assertEquals(1, policy.getStatements().size());
List<Statement> statements = new LinkedList<Statement>(policy.getStatements());
assertEquals(Effect.Allow, statements.get(0).getEffect());
assertEquals("action", statements.get(0).getActions().get(0).getActionName());
assertEquals("resource", statements.get(0).getResources().get(0).getId());
assertEquals(2, statements.get(0).getPrincipals().size());
assertEquals("AWS", statements.get(0).getPrincipals().get(0).getProvider());
assertEquals("accountId1", statements.get(0).getPrincipals().get(0).getId());
assertEquals("AWS", statements.get(0).getPrincipals().get(1).getProvider());
assertEquals("accountId2", statements.get(0).getPrincipals().get(1).getId());
policy = new Policy();
policy.withStatements(new Statement(Effect.Allow).withResources(new Resource("resource")).withPrincipals(new Principal(Services.AmazonEC2), new Principal(Services.AmazonElasticTranscoder))
.withActions(new TestAction("action")));
policy = Policy.fromJson(policy.toJson());
assertEquals(1, policy.getStatements().size());
statements = new LinkedList<Statement>(policy.getStatements());
assertEquals(Effect.Allow, statements.get(0).getEffect());
assertEquals(1, statements.get(0).getActions().size());
assertEquals("action", statements.get(0).getActions().get(0).getActionName());
assertEquals(2, statements.get(0).getPrincipals().size());
assertEquals("Service", statements.get(0).getPrincipals().get(0).getProvider());
assertEquals(Services.AmazonEC2.getServiceId(), statements.get(0).getPrincipals().get(0).getId());
assertEquals("Service", statements.get(0).getPrincipals().get(1).getProvider());
assertEquals(Services.AmazonElasticTranscoder.getServiceId(), statements.get(0).getPrincipals().get(1).getId());
policy = new Policy();
policy.withStatements(new Statement(Effect.Allow).withResources(new Resource("resource")).withPrincipals(Principal.All)
.withActions(new TestAction("action")));
policy = Policy.fromJson(policy.toJson());
assertEquals(1, policy.getStatements().size());
statements = new LinkedList<Statement>(policy.getStatements());
assertEquals(Effect.Allow, statements.get(0).getEffect());
assertEquals(1, statements.get(0).getActions().size());
assertEquals("action", statements.get(0).getActions().get(0).getActionName());
assertEquals(1, statements.get(0).getPrincipals().size());
assertEquals(Principal.All, statements.get(0).getPrincipals().get(0));
policy = new Policy();
policy.withStatements(new Statement(Effect.Allow).withResources(new Resource("resource")).withPrincipals(Principal.AllUsers, Principal.AllServices, Principal.AllWebProviders)
.withActions(new TestAction("action")));
policy = Policy.fromJson(policy.toJson());
assertEquals(1, policy.getStatements().size());
statements = new LinkedList<Statement>(policy.getStatements());
assertEquals(Effect.Allow, statements.get(0).getEffect());
assertEquals(1, statements.get(0).getActions().size());
assertEquals("action", statements.get(0).getActions().get(0).getActionName());
assertEquals(3, statements.get(0).getPrincipals().size());
assertThat(statements.get(0).getPrincipals(),
contains(Principal.AllUsers, Principal.AllServices, Principal.AllWebProviders));
}