本文整理汇总了Java中com.amazonaws.auth.policy.Policy.toJson方法的典型用法代码示例。如果您正苦于以下问题:Java Policy.toJson方法的具体用法?Java Policy.toJson怎么用?Java Policy.toJson使用的例子?那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类com.amazonaws.auth.policy.Policy的用法示例。
在下文中一共展示了Policy.toJson方法的6个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。
示例1: getPolicy
import com.amazonaws.auth.policy.Policy; //导入方法依赖的package包/类
private String getPolicy(List<String> accountIds) {
Policy policy = new Policy("AuthorizedWorkerAccessPolicy");
Statement stmt = new Statement(Effect.Allow);
Action action = SQSActions.SendMessage;
stmt.getActions().add(action);
stmt.setResources(new LinkedList<>());
for(String accountId : accountIds) {
Principal principal = new Principal(accountId);
stmt.getPrincipals().add(principal);
}
stmt.getResources().add(new Resource(getQueueARN()));
policy.getStatements().add(stmt);
return policy.toJson();
}
示例2: overwriteCMSPolicy
import com.amazonaws.auth.policy.Policy; //导入方法依赖的package包/类
/**
* Overwrite the policy statement for CMS with the standard statement. Add the standard statement for CMS
* to the policy if it did not already exist.
*
* @param policyJson - The KMS key policy in JSON format
* @return - The updated JSON KMS policy containing a regenerated statement for CMS
*/
protected String overwriteCMSPolicy(String policyJson) {
Policy policy = policyReader.createPolicyFromJsonString(policyJson);
removeStatementFromPolicy(policy, CERBERUS_MANAGEMENT_SERVICE_SID);
Collection<Statement> statements = policy.getStatements();
statements.add(generateStandardCMSPolicyStatement());
return policy.toJson();
}
示例3: generateStandardKmsPolicy
import com.amazonaws.auth.policy.Policy; //导入方法依赖的package包/类
public String generateStandardKmsPolicy(String iamRoleArn) {
Policy kmsPolicy = new Policy();
Statement rootUserStatement = new Statement(Statement.Effect.Allow);
rootUserStatement.withId("Root User Has All Actions");
rootUserStatement.withPrincipals(new Principal(AWS_PROVIDER, rootUserArn, false));
rootUserStatement.withActions(KMSActions.AllKMSActions);
rootUserStatement.withResources(new Resource("*"));
Statement keyAdministratorStatement = new Statement(Statement.Effect.Allow);
keyAdministratorStatement.withId("Admin Role Has All Actions");
keyAdministratorStatement.withPrincipals(new Principal(AWS_PROVIDER, adminRoleArn, false));
keyAdministratorStatement.withActions(KMSActions.AllKMSActions);
keyAdministratorStatement.withResources(new Resource("*"));
Statement instanceUsageStatement = generateStandardCMSPolicyStatement();
Statement iamRoleUsageStatement = new Statement(Statement.Effect.Allow);
iamRoleUsageStatement.withId(CERBERUS_CONSUMER_SID);
iamRoleUsageStatement.withPrincipals(
new Principal(AWS_PROVIDER, iamRoleArn, false));
iamRoleUsageStatement.withActions(KMSActions.Decrypt);
iamRoleUsageStatement.withResources(new Resource("*"));
kmsPolicy.withStatements(rootUserStatement,
keyAdministratorStatement,
instanceUsageStatement,
iamRoleUsageStatement);
return kmsPolicy.toJson();
}
示例4: getPublicReadPolicy
import com.amazonaws.auth.policy.Policy; //导入方法依赖的package包/类
public static String getPublicReadPolicy(String bucket_name)
{
Policy bucket_policy = new Policy().withStatements(
new Statement(Statement.Effect.Allow)
.withPrincipals(Principal.AllUsers)
.withActions(S3Actions.GetObject)
.withResources(new Resource(
"arn:aws:s3:::" + bucket_name + "/*")));
return bucket_policy.toJson();
}
示例5: provisionKmsCmkForBackupRegion
import com.amazonaws.auth.policy.Policy; //导入方法依赖的package包/类
private String provisionKmsCmkForBackupRegion(String region) {
Policy kmsPolicy = new Policy();
final List<Statement> statements = new LinkedList<>();
// allow the configured admin iam principals all permissions
configStore.getBackupAdminIamPrincipals().forEach( principal -> {
log.debug("Adding principal: {} to the CMK Policy for region {}", principal, region);
statements.add(new Statement(Statement.Effect.Allow)
.withId("Principal " + principal + " Has All Actions")
.withPrincipals(new Principal(AWS_PROVIDER, principal, false))
.withActions(KMSActions.AllKMSActions)
.withResources(new Resource("*")));
});
kmsPolicy.setStatements(statements);
String policyString = kmsPolicy.toJson();
log.debug("Creating key for region {} with policy {}", region, policyString);
AWSKMS kms = AWSKMSClient.builder().withCredentials(getAWSCredentialsProviderChain()).withRegion(region).build();
CreateKeyResult createKeyResult = kms.createKey(
new CreateKeyRequest()
.withPolicy(policyString)
.withBypassPolicyLockoutSafetyCheck(true)
.withDescription(String.format("Cerberus Backup Encryption key for env: %S region: %s",
environmentMetadata.getName(), region))
.withTags(
new Tag().withTagKey("env").withTagValue(environmentMetadata.getName()),
new Tag().withTagKey("region").withTagValue(region),
new Tag().withTagKey("cerberus-backup-key").withTagValue("true")
)
);
String keyId = createKeyResult.getKeyMetadata().getKeyId();
log.info("Created new backup KMS CMK with id: {} for region: {}", keyId, region);
return keyId;
}
示例6: removeConsumerPrincipalFromPolicy
import com.amazonaws.auth.policy.Policy; //导入方法依赖的package包/类
/**
* Removes the 'Allow' statement for the consumer IAM principal.
*
* This is important when updating the KMS policy
* because if the IAM principal has been deleted then the KMS policy will contain the principal 'ID' instead of the
* ARN, which renders the policy invalid when calling {@link com.amazonaws.services.kms.AWSKMSClient#putKeyPolicy(PutKeyPolicyRequest)}.
*
* @param policyJson - Key policy JSON from which to remove consumer principal
* @return - The updated key policy JSON
*/
protected String removeConsumerPrincipalFromPolicy(String policyJson) {
Policy policy = policyReader.createPolicyFromJsonString(policyJson);
removeStatementFromPolicy(policy, CERBERUS_CONSUMER_SID);
return policy.toJson();
}