Example 1 with GetKeyPolicyRequest
use of com.amazonaws.services.kms.model.GetKeyPolicyRequest in project cerberus by Nike-Inc.
the class KmsServiceTest method test_validatePolicy_validates_policy_when_validate_interval_has_passed.
@Test
public void test_validatePolicy_validates_policy_when_validate_interval_has_passed() {
String kmsKeyArn = "kms key arn";
String awsIamRoleRecordId = "aws iam role record id";
String kmsCMKRegion = "kmsCMKRegion";
String policy = "policy";
OffsetDateTime lastValidated = OffsetDateTime.of(2016, 1, 1, 1, 1, 1, 1, ZoneOffset.UTC);
OffsetDateTime now = OffsetDateTime.now();
AWSKMSClient client = mock(AWSKMSClient.class);
when(client.describeKey(anyObject())).thenReturn(new DescribeKeyResult().withKeyMetadata(new KeyMetadata().withKeyState(KeyState.Enabled)));
when(kmsClientFactory.getClient(kmsCMKRegion)).thenReturn(client);
GetKeyPolicyResult result = mock(GetKeyPolicyResult.class);
when(result.getPolicy()).thenReturn(policy);
when(client.getKeyPolicy(new GetKeyPolicyRequest().withKeyId(kmsKeyArn).withPolicyName("default"))).thenReturn(result);
when(kmsPolicyService.isPolicyValid(policy)).thenReturn(true);
AwsIamRoleKmsKeyRecord kmsKey = mock(AwsIamRoleKmsKeyRecord.class);
when(kmsKey.getAwsIamRoleId()).thenReturn(awsIamRoleRecordId);
when(kmsKey.getAwsKmsKeyId()).thenReturn(kmsKeyArn);
when(kmsKey.getAwsRegion()).thenReturn(kmsCMKRegion);
when(kmsKey.getLastValidatedTs()).thenReturn(lastValidated);
when(awsIamRoleDao.getKmsKey(awsIamRoleRecordId, kmsCMKRegion)).thenReturn(Optional.of(kmsKey));
when(dateTimeSupplier.get()).thenReturn(now);
kmsService.validateKeyAndPolicy(kmsKey, kmsKeyArn);
verify(client, times(1)).getKeyPolicy(new GetKeyPolicyRequest().withKeyId(kmsKeyArn).withPolicyName("default"));
verify(kmsPolicyService, times(1)).isPolicyValid(policy);
}
Also used :
AuthKmsKeyMetadata(com.nike.cerberus.domain.AuthKmsKeyMetadata)
KeyMetadata(com.amazonaws.services.kms.model.KeyMetadata)
OffsetDateTime(java.time.OffsetDateTime)
DescribeKeyResult(com.amazonaws.services.kms.model.DescribeKeyResult)
GetKeyPolicyResult(com.amazonaws.services.kms.model.GetKeyPolicyResult)
AwsIamRoleKmsKeyRecord(com.nike.cerberus.record.AwsIamRoleKmsKeyRecord)
AWSKMSClient(com.amazonaws.services.kms.AWSKMSClient)
GetKeyPolicyRequest(com.amazonaws.services.kms.model.GetKeyPolicyRequest)
Test(org.junit.Test)
Example 2 with GetKeyPolicyRequest
use of com.amazonaws.services.kms.model.GetKeyPolicyRequest in project aws-doc-sdk-examples by awsdocs.
the class GetKeyPolicy method main.
public static void main(String[] args) {
final String USAGE = "To run this example, supply a key id or ARN\n" + "Usage: GetKeyPolicy <key-id>\n" + "Example: GetKeyPolicy 1234abcd-12ab-34cd-56ef-1234567890ab\n";
if (args.length != 1) {
System.out.println(USAGE);
System.exit(1);
}
String keyId = args[0];
AWSKMS kmsClient = AWSKMSClientBuilder.standard().build();
// Get the policy for a CMK
String policyName = "default";
GetKeyPolicyRequest req = new GetKeyPolicyRequest().withKeyId(keyId).withPolicyName(policyName);
GetKeyPolicyResult result = kmsClient.getKeyPolicy(req);
System.out.printf("Found key policy for %s:%n%s%n", keyId, result.getPolicy());
}
Also used :
GetKeyPolicyResult(com.amazonaws.services.kms.model.GetKeyPolicyResult)
GetKeyPolicyRequest(com.amazonaws.services.kms.model.GetKeyPolicyRequest)
AWSKMS(com.amazonaws.services.kms.AWSKMS)
Example 3 with GetKeyPolicyRequest
use of com.amazonaws.services.kms.model.GetKeyPolicyRequest in project cerberus by Nike-Inc.
the class KmsServiceTest method test_validateKeyAndPolicy_does_not_throw_error_when_cannot_validate.
@Test
public void test_validateKeyAndPolicy_does_not_throw_error_when_cannot_validate() {
String keyId = "key-id";
String iamPrincipalArn = "arn";
String kmsCMKRegion = "kmsCMKRegion";
String policy = "policy";
OffsetDateTime lastValidated = OffsetDateTime.of(2016, 1, 1, 1, 1, 1, 1, ZoneOffset.UTC);
OffsetDateTime now = OffsetDateTime.now();
when(dateTimeSupplier.get()).thenReturn(now);
AwsIamRoleKmsKeyRecord kmsKey = mock(AwsIamRoleKmsKeyRecord.class);
when(kmsKey.getAwsKmsKeyId()).thenReturn(keyId);
when(kmsKey.getAwsIamRoleId()).thenReturn(iamPrincipalArn);
when(kmsKey.getAwsRegion()).thenReturn(kmsCMKRegion);
when(kmsKey.getLastValidatedTs()).thenReturn(lastValidated);
AWSKMSClient client = mock(AWSKMSClient.class);
when(kmsClientFactory.getClient(kmsCMKRegion)).thenReturn(client);
GetKeyPolicyResult result = mock(GetKeyPolicyResult.class);
when(result.getPolicy()).thenReturn(policy);
when(client.getKeyPolicy(new GetKeyPolicyRequest().withKeyId(keyId).withPolicyName("default"))).thenThrow(AmazonServiceException.class);
kmsService.validateKeyAndPolicy(kmsKey, iamPrincipalArn);
verify(kmsPolicyService, never()).isPolicyValid(policy);
verify(client, never()).putKeyPolicy(anyObject());
}
Also used :
OffsetDateTime(java.time.OffsetDateTime)
GetKeyPolicyResult(com.amazonaws.services.kms.model.GetKeyPolicyResult)
AwsIamRoleKmsKeyRecord(com.nike.cerberus.record.AwsIamRoleKmsKeyRecord)
AWSKMSClient(com.amazonaws.services.kms.AWSKMSClient)
GetKeyPolicyRequest(com.amazonaws.services.kms.model.GetKeyPolicyRequest)
Test(org.junit.Test)
Aggregations
GetKeyPolicyRequest (com.amazonaws.services.kms.model.GetKeyPolicyRequest)3
GetKeyPolicyResult (com.amazonaws.services.kms.model.GetKeyPolicyResult)3
AWSKMSClient (com.amazonaws.services.kms.AWSKMSClient)2
AwsIamRoleKmsKeyRecord (com.nike.cerberus.record.AwsIamRoleKmsKeyRecord)2
OffsetDateTime (java.time.OffsetDateTime)2
Test (org.junit.Test)2
AWSKMS (com.amazonaws.services.kms.AWSKMS)1
DescribeKeyResult (com.amazonaws.services.kms.model.DescribeKeyResult)1
KeyMetadata (com.amazonaws.services.kms.model.KeyMetadata)1
AuthKmsKeyMetadata (com.nike.cerberus.domain.AuthKmsKeyMetadata)1
