Search in sources :

Example 1 with GetKeyPolicyRequest

use of com.amazonaws.services.kms.model.GetKeyPolicyRequest in project cerberus by Nike-Inc.

the class KmsServiceTest method test_validatePolicy_validates_policy_when_validate_interval_has_passed.

@Test
public void test_validatePolicy_validates_policy_when_validate_interval_has_passed() {
    String kmsKeyArn = "kms key arn";
    String awsIamRoleRecordId = "aws iam role record id";
    String kmsCMKRegion = "kmsCMKRegion";
    String policy = "policy";
    OffsetDateTime lastValidated = OffsetDateTime.of(2016, 1, 1, 1, 1, 1, 1, ZoneOffset.UTC);
    OffsetDateTime now = OffsetDateTime.now();
    AWSKMSClient client = mock(AWSKMSClient.class);
    when(client.describeKey(anyObject())).thenReturn(new DescribeKeyResult().withKeyMetadata(new KeyMetadata().withKeyState(KeyState.Enabled)));
    when(kmsClientFactory.getClient(kmsCMKRegion)).thenReturn(client);
    GetKeyPolicyResult result = mock(GetKeyPolicyResult.class);
    when(result.getPolicy()).thenReturn(policy);
    when(client.getKeyPolicy(new GetKeyPolicyRequest().withKeyId(kmsKeyArn).withPolicyName("default"))).thenReturn(result);
    when(kmsPolicyService.isPolicyValid(policy)).thenReturn(true);
    AwsIamRoleKmsKeyRecord kmsKey = mock(AwsIamRoleKmsKeyRecord.class);
    when(kmsKey.getAwsIamRoleId()).thenReturn(awsIamRoleRecordId);
    when(kmsKey.getAwsKmsKeyId()).thenReturn(kmsKeyArn);
    when(kmsKey.getAwsRegion()).thenReturn(kmsCMKRegion);
    when(kmsKey.getLastValidatedTs()).thenReturn(lastValidated);
    when(awsIamRoleDao.getKmsKey(awsIamRoleRecordId, kmsCMKRegion)).thenReturn(Optional.of(kmsKey));
    when(dateTimeSupplier.get()).thenReturn(now);
    kmsService.validateKeyAndPolicy(kmsKey, kmsKeyArn);
    verify(client, times(1)).getKeyPolicy(new GetKeyPolicyRequest().withKeyId(kmsKeyArn).withPolicyName("default"));
    verify(kmsPolicyService, times(1)).isPolicyValid(policy);
}
Also used : AuthKmsKeyMetadata(com.nike.cerberus.domain.AuthKmsKeyMetadata) KeyMetadata(com.amazonaws.services.kms.model.KeyMetadata) OffsetDateTime(java.time.OffsetDateTime) DescribeKeyResult(com.amazonaws.services.kms.model.DescribeKeyResult) GetKeyPolicyResult(com.amazonaws.services.kms.model.GetKeyPolicyResult) AwsIamRoleKmsKeyRecord(com.nike.cerberus.record.AwsIamRoleKmsKeyRecord) AWSKMSClient(com.amazonaws.services.kms.AWSKMSClient) GetKeyPolicyRequest(com.amazonaws.services.kms.model.GetKeyPolicyRequest) Test(org.junit.Test)

Example 2 with GetKeyPolicyRequest

use of com.amazonaws.services.kms.model.GetKeyPolicyRequest in project aws-doc-sdk-examples by awsdocs.

the class GetKeyPolicy method main.

public static void main(String[] args) {
    final String USAGE = "To run this example, supply a key id or ARN\n" + "Usage: GetKeyPolicy <key-id>\n" + "Example: GetKeyPolicy 1234abcd-12ab-34cd-56ef-1234567890ab\n";
    if (args.length != 1) {
        System.out.println(USAGE);
        System.exit(1);
    }
    String keyId = args[0];
    AWSKMS kmsClient = AWSKMSClientBuilder.standard().build();
    // Get the policy for a CMK
    String policyName = "default";
    GetKeyPolicyRequest req = new GetKeyPolicyRequest().withKeyId(keyId).withPolicyName(policyName);
    GetKeyPolicyResult result = kmsClient.getKeyPolicy(req);
    System.out.printf("Found key policy for %s:%n%s%n", keyId, result.getPolicy());
}
Also used : GetKeyPolicyResult(com.amazonaws.services.kms.model.GetKeyPolicyResult) GetKeyPolicyRequest(com.amazonaws.services.kms.model.GetKeyPolicyRequest) AWSKMS(com.amazonaws.services.kms.AWSKMS)

Example 3 with GetKeyPolicyRequest

use of com.amazonaws.services.kms.model.GetKeyPolicyRequest in project cerberus by Nike-Inc.

the class KmsServiceTest method test_validateKeyAndPolicy_does_not_throw_error_when_cannot_validate.

@Test
public void test_validateKeyAndPolicy_does_not_throw_error_when_cannot_validate() {
    String keyId = "key-id";
    String iamPrincipalArn = "arn";
    String kmsCMKRegion = "kmsCMKRegion";
    String policy = "policy";
    OffsetDateTime lastValidated = OffsetDateTime.of(2016, 1, 1, 1, 1, 1, 1, ZoneOffset.UTC);
    OffsetDateTime now = OffsetDateTime.now();
    when(dateTimeSupplier.get()).thenReturn(now);
    AwsIamRoleKmsKeyRecord kmsKey = mock(AwsIamRoleKmsKeyRecord.class);
    when(kmsKey.getAwsKmsKeyId()).thenReturn(keyId);
    when(kmsKey.getAwsIamRoleId()).thenReturn(iamPrincipalArn);
    when(kmsKey.getAwsRegion()).thenReturn(kmsCMKRegion);
    when(kmsKey.getLastValidatedTs()).thenReturn(lastValidated);
    AWSKMSClient client = mock(AWSKMSClient.class);
    when(kmsClientFactory.getClient(kmsCMKRegion)).thenReturn(client);
    GetKeyPolicyResult result = mock(GetKeyPolicyResult.class);
    when(result.getPolicy()).thenReturn(policy);
    when(client.getKeyPolicy(new GetKeyPolicyRequest().withKeyId(keyId).withPolicyName("default"))).thenThrow(AmazonServiceException.class);
    kmsService.validateKeyAndPolicy(kmsKey, iamPrincipalArn);
    verify(kmsPolicyService, never()).isPolicyValid(policy);
    verify(client, never()).putKeyPolicy(anyObject());
}
Also used : OffsetDateTime(java.time.OffsetDateTime) GetKeyPolicyResult(com.amazonaws.services.kms.model.GetKeyPolicyResult) AwsIamRoleKmsKeyRecord(com.nike.cerberus.record.AwsIamRoleKmsKeyRecord) AWSKMSClient(com.amazonaws.services.kms.AWSKMSClient) GetKeyPolicyRequest(com.amazonaws.services.kms.model.GetKeyPolicyRequest) Test(org.junit.Test)

Aggregations

GetKeyPolicyRequest (com.amazonaws.services.kms.model.GetKeyPolicyRequest)3 GetKeyPolicyResult (com.amazonaws.services.kms.model.GetKeyPolicyResult)3 AWSKMSClient (com.amazonaws.services.kms.AWSKMSClient)2 AwsIamRoleKmsKeyRecord (com.nike.cerberus.record.AwsIamRoleKmsKeyRecord)2 OffsetDateTime (java.time.OffsetDateTime)2 Test (org.junit.Test)2 AWSKMS (com.amazonaws.services.kms.AWSKMS)1 DescribeKeyResult (com.amazonaws.services.kms.model.DescribeKeyResult)1 KeyMetadata (com.amazonaws.services.kms.model.KeyMetadata)1 AuthKmsKeyMetadata (com.nike.cerberus.domain.AuthKmsKeyMetadata)1