Example 1 with Condition
use of com.amazonaws.auth.policy.Condition in project aws-sdk-android by aws-amplify.
the class S3ConditionFactoryTest method testS3ConditionFactory.
@Test
public void testS3ConditionFactory() {
CannedAccessControlList acl = CannedAccessControlList.Private;
Condition c = S3ConditionFactory.newCannedACLCondition(acl);
assertEquals(c.getType(), StringComparisonType.StringEquals.toString());
assertEquals(c.getConditionKey(), "s3:x-amz-acl");
assertEquals(c.getValues().get(0), acl.toString());
}
Also used :
Condition(com.amazonaws.auth.policy.Condition)
CannedAccessControlList(com.amazonaws.services.s3.model.CannedAccessControlList)
Test(org.junit.Test)
Example 2 with Condition
use of com.amazonaws.auth.policy.Condition in project aws-sdk-android by aws-amplify.
the class JsonPolicyWriter method groupConditionsByTypeAndKey.
/**
* Groups the list of <code>Condition</code>s by the condition type and
* condition key.
*
* @param conditions the list of conditions to be grouped
* @return a map of conditions grouped by type and then key.
*/
private Map<String, ConditionsByKey> groupConditionsByTypeAndKey(List<Condition> conditions) {
Map<String, ConditionsByKey> conditionsByType = new HashMap<String, ConditionsByKey>();
String type;
String key;
ConditionsByKey conditionsByKey;
for (Condition condition : conditions) {
type = condition.getType();
key = condition.getConditionKey();
if (!(conditionsByType.containsKey(type))) {
conditionsByType.put(type, new ConditionsByKey());
}
conditionsByKey = conditionsByType.get(type);
conditionsByKey.addValuesToKey(key, condition.getValues());
}
return conditionsByType;
}Example 3 with Condition
use of com.amazonaws.auth.policy.Condition in project aws-sdk-android by aws-amplify.
the class JsonPolicyWriter method jsonStringOf.
/**
* Converts the given <code>Policy</code> into a JSON String.
*
* @param policy the policy to be converted.
* @return a JSON String of the specified policy object.
*/
private String jsonStringOf(Policy policy) throws IOException {
jsonWriter.beginObject();
writeJsonKeyValue(JsonDocumentFields.VERSION, policy.getVersion());
if (isNotNull(policy.getId()))
writeJsonKeyValue(JsonDocumentFields.POLICY_ID, policy.getId());
writeJsonArrayStart(JsonDocumentFields.STATEMENT);
for (Statement statement : policy.getStatements()) {
jsonWriter.beginObject();
if (isNotNull(statement.getId())) {
writeJsonKeyValue(JsonDocumentFields.STATEMENT_ID, statement.getId());
}
writeJsonKeyValue(JsonDocumentFields.STATEMENT_EFFECT, statement.getEffect().toString());
List<Principal> principals = statement.getPrincipals();
if (isNotNull(principals) && !principals.isEmpty())
writePrincipals(principals);
List<Action> actions = statement.getActions();
if (isNotNull(actions) && !actions.isEmpty())
writeActions(actions);
List<Resource> resources = statement.getResources();
if (isNotNull(resources) && !resources.isEmpty())
writeResources(resources);
List<Condition> conditions = statement.getConditions();
if (isNotNull(conditions) && !conditions.isEmpty())
writeConditions(conditions);
jsonWriter.endObject();
}
writeJsonArrayEnd();
jsonWriter.endObject();
jsonWriter.flush();
return writer.toString();
}Example 4 with Condition
use of com.amazonaws.auth.policy.Condition in project cloudbreak by hortonworks.
the class AwsCredentialVerifier method getRequiredActions.
private List<RequiredAction> getRequiredActions(String policies) throws IOException {
List<RequiredAction> requiredActions = new ArrayList<>();
Policy policy = new JsonPolicyReader().createPolicyFromJsonString(policies);
for (Statement statement : policy.getStatements()) {
RequiredAction requiredAction = new RequiredAction();
List<Action> actions = statement.getActions();
if (actions != null) {
List<String> actionNames = actions.stream().map(e -> e.getActionName()).collect(Collectors.toList());
requiredAction.setActionNames(actionNames);
}
List<Condition> conditions = statement.getConditions();
if (conditions != null) {
for (Condition condition : conditions) {
ContextEntry contextEntry = new ContextEntry();
contextEntry.setContextKeyName(condition.getConditionKey());
contextEntry.setContextKeyType(ContextKeyTypeEnum.String);
contextEntry.setContextKeyValues(condition.getValues());
requiredAction.getConditions().add(contextEntry);
}
}
String resourceString = statement.getResources().stream().findFirst().get().getId();
requiredAction.setResourceArn(resourceString);
Optional<RequiredAction> first = requiredActions.stream().filter(e -> e.getConditions().equals(requiredAction.getConditions()) && e.getResourceArn().equals(requiredAction.getResourceArn())).findFirst();
if (first.isPresent()) {
requiredActions.remove(first.get());
requiredAction.getActionNames().addAll(first.get().getActionNames());
requiredAction.getConditions().addAll(first.get().getConditions());
requiredActions.add(requiredAction);
} else {
requiredActions.add(requiredAction);
}
}
return requiredActions;
}
Also used :
Policy(com.amazonaws.auth.policy.Policy)
JsonPolicyReader(com.amazonaws.auth.policy.internal.JsonPolicyReader)
Policy(com.amazonaws.auth.policy.Policy)
AwsCredentialCachingConfig(com.sequenceiq.cloudbreak.cloud.aws.common.cache.AwsCredentialCachingConfig)
Action(com.amazonaws.auth.policy.Action)
Cacheable(org.springframework.cache.annotation.Cacheable)
LoggerFactory(org.slf4j.LoggerFactory)
SimulatePrincipalPolicyRequest(com.amazonaws.services.identitymanagement.model.SimulatePrincipalPolicyRequest)
ContextEntry(com.amazonaws.services.identitymanagement.model.ContextEntry)
ArrayList(java.util.ArrayList)
AwsPermissionMissingException(com.sequenceiq.cloudbreak.cloud.aws.common.exception.AwsPermissionMissingException)
Inject(javax.inject.Inject)
AwsCredentialView(com.sequenceiq.cloudbreak.cloud.aws.common.view.AwsCredentialView)
Service(org.springframework.stereotype.Service)
ContextKeyTypeEnum(com.amazonaws.services.identitymanagement.model.ContextKeyTypeEnum)
AmazonIdentityManagementClient(com.sequenceiq.cloudbreak.cloud.aws.common.client.AmazonIdentityManagementClient)
Statement(com.amazonaws.auth.policy.Statement)
GetCallerIdentityResult(com.amazonaws.services.securitytoken.model.GetCallerIdentityResult)
Logger(org.slf4j.Logger)
JsonPolicyReader(com.amazonaws.auth.policy.internal.JsonPolicyReader)
IOException(java.io.IOException)
Collectors(java.util.stream.Collectors)
Collectors.joining(java.util.stream.Collectors.joining)
GetCallerIdentityRequest(com.amazonaws.services.securitytoken.model.GetCallerIdentityRequest)
SimulatePrincipalPolicyResult(com.amazonaws.services.identitymanagement.model.SimulatePrincipalPolicyResult)
Base64(java.util.Base64)
List(java.util.List)
AmazonSecurityTokenServiceClient(com.sequenceiq.cloudbreak.cloud.aws.common.client.AmazonSecurityTokenServiceClient)
Optional(java.util.Optional)
Collections(java.util.Collections)
Condition(com.amazonaws.auth.policy.Condition)
Condition(com.amazonaws.auth.policy.Condition)
Action(com.amazonaws.auth.policy.Action)
Statement(com.amazonaws.auth.policy.Statement)
ArrayList(java.util.ArrayList)
ContextEntry(com.amazonaws.services.identitymanagement.model.ContextEntry)
Example 5 with Condition
use of com.amazonaws.auth.policy.Condition in project front50 by spinnaker.
the class TemporarySQSQueue method createQueue.
private TemporaryQueue createQueue(String snsTopicArn, String sqsQueueArn, String sqsQueueName) {
String sqsQueueUrl = amazonSQS.createQueue(new CreateQueueRequest().withQueueName(sqsQueueName).withAttributes(Collections.singletonMap("MessageRetentionPeriod", // 60s message retention
"60"))).getQueueUrl();
log.info("Created Temporary S3 Notification Queue: {}", value("queue", sqsQueueUrl));
String snsTopicSubscriptionArn = amazonSNS.subscribe(snsTopicArn, "sqs", sqsQueueArn).getSubscriptionArn();
Statement snsStatement = new Statement(Statement.Effect.Allow).withActions(SQSActions.SendMessage);
snsStatement.setPrincipals(Principal.All);
snsStatement.setResources(Collections.singletonList(new Resource(sqsQueueArn)));
snsStatement.setConditions(Collections.singletonList(new Condition().withType("ArnEquals").withConditionKey("aws:SourceArn").withValues(snsTopicArn)));
Policy allowSnsPolicy = new Policy("allow-sns", Collections.singletonList(snsStatement));
HashMap<String, String> attributes = new HashMap<>();
attributes.put("Policy", allowSnsPolicy.toJson());
amazonSQS.setQueueAttributes(sqsQueueUrl, attributes);
return new TemporaryQueue(snsTopicArn, sqsQueueArn, sqsQueueUrl, snsTopicSubscriptionArn);
}Aggregations
Condition (com.amazonaws.auth.policy.Condition)5
Statement (com.amazonaws.auth.policy.Statement)3
Action (com.amazonaws.auth.policy.Action)2
Policy (com.amazonaws.auth.policy.Policy)2
Resource (com.amazonaws.auth.policy.Resource)2
HashMap (java.util.HashMap)2
Principal (com.amazonaws.auth.policy.Principal)1
JsonPolicyReader (com.amazonaws.auth.policy.internal.JsonPolicyReader)1
ContextEntry (com.amazonaws.services.identitymanagement.model.ContextEntry)1
ContextKeyTypeEnum (com.amazonaws.services.identitymanagement.model.ContextKeyTypeEnum)1
SimulatePrincipalPolicyRequest (com.amazonaws.services.identitymanagement.model.SimulatePrincipalPolicyRequest)1
SimulatePrincipalPolicyResult (com.amazonaws.services.identitymanagement.model.SimulatePrincipalPolicyResult)1
CannedAccessControlList (com.amazonaws.services.s3.model.CannedAccessControlList)1
GetCallerIdentityRequest (com.amazonaws.services.securitytoken.model.GetCallerIdentityRequest)1
GetCallerIdentityResult (com.amazonaws.services.securitytoken.model.GetCallerIdentityResult)1
CreateQueueRequest (com.amazonaws.services.sqs.model.CreateQueueRequest)1
AwsCredentialCachingConfig (com.sequenceiq.cloudbreak.cloud.aws.common.cache.AwsCredentialCachingConfig)1
AmazonIdentityManagementClient (com.sequenceiq.cloudbreak.cloud.aws.common.client.AmazonIdentityManagementClient)1
AmazonSecurityTokenServiceClient (com.sequenceiq.cloudbreak.cloud.aws.common.client.AmazonSecurityTokenServiceClient)1
AwsPermissionMissingException (com.sequenceiq.cloudbreak.cloud.aws.common.exception.AwsPermissionMissingException)1
