use of com.amazonaws.services.kms.model.GetKeyPolicyRequest in project cerberus by Nike-Inc.
the class KmsServiceTest method test_validatePolicy_validates_policy_when_validate_interval_has_passed.
@Test
public void test_validatePolicy_validates_policy_when_validate_interval_has_passed() {
String kmsKeyArn = "kms key arn";
String awsIamRoleRecordId = "aws iam role record id";
String kmsCMKRegion = "kmsCMKRegion";
String policy = "policy";
OffsetDateTime lastValidated = OffsetDateTime.of(2016, 1, 1, 1, 1, 1, 1, ZoneOffset.UTC);
OffsetDateTime now = OffsetDateTime.now();
AWSKMSClient client = mock(AWSKMSClient.class);
when(client.describeKey(anyObject())).thenReturn(new DescribeKeyResult().withKeyMetadata(new KeyMetadata().withKeyState(KeyState.Enabled)));
when(kmsClientFactory.getClient(kmsCMKRegion)).thenReturn(client);
GetKeyPolicyResult result = mock(GetKeyPolicyResult.class);
when(result.getPolicy()).thenReturn(policy);
when(client.getKeyPolicy(new GetKeyPolicyRequest().withKeyId(kmsKeyArn).withPolicyName("default"))).thenReturn(result);
when(kmsPolicyService.isPolicyValid(policy)).thenReturn(true);
AwsIamRoleKmsKeyRecord kmsKey = mock(AwsIamRoleKmsKeyRecord.class);
when(kmsKey.getAwsIamRoleId()).thenReturn(awsIamRoleRecordId);
when(kmsKey.getAwsKmsKeyId()).thenReturn(kmsKeyArn);
when(kmsKey.getAwsRegion()).thenReturn(kmsCMKRegion);
when(kmsKey.getLastValidatedTs()).thenReturn(lastValidated);
when(awsIamRoleDao.getKmsKey(awsIamRoleRecordId, kmsCMKRegion)).thenReturn(Optional.of(kmsKey));
when(dateTimeSupplier.get()).thenReturn(now);
kmsService.validateKeyAndPolicy(kmsKey, kmsKeyArn);
verify(client, times(1)).getKeyPolicy(new GetKeyPolicyRequest().withKeyId(kmsKeyArn).withPolicyName("default"));
verify(kmsPolicyService, times(1)).isPolicyValid(policy);
}
use of com.amazonaws.services.kms.model.GetKeyPolicyRequest in project aws-doc-sdk-examples by awsdocs.
the class GetKeyPolicy method main.
public static void main(String[] args) {
final String USAGE = "To run this example, supply a key id or ARN\n" + "Usage: GetKeyPolicy <key-id>\n" + "Example: GetKeyPolicy 1234abcd-12ab-34cd-56ef-1234567890ab\n";
if (args.length != 1) {
System.out.println(USAGE);
System.exit(1);
}
String keyId = args[0];
AWSKMS kmsClient = AWSKMSClientBuilder.standard().build();
// Get the policy for a CMK
String policyName = "default";
GetKeyPolicyRequest req = new GetKeyPolicyRequest().withKeyId(keyId).withPolicyName(policyName);
GetKeyPolicyResult result = kmsClient.getKeyPolicy(req);
System.out.printf("Found key policy for %s:%n%s%n", keyId, result.getPolicy());
}
use of com.amazonaws.services.kms.model.GetKeyPolicyRequest in project cerberus by Nike-Inc.
the class KmsServiceTest method test_validateKeyAndPolicy_does_not_throw_error_when_cannot_validate.
@Test
public void test_validateKeyAndPolicy_does_not_throw_error_when_cannot_validate() {
String keyId = "key-id";
String iamPrincipalArn = "arn";
String kmsCMKRegion = "kmsCMKRegion";
String policy = "policy";
OffsetDateTime lastValidated = OffsetDateTime.of(2016, 1, 1, 1, 1, 1, 1, ZoneOffset.UTC);
OffsetDateTime now = OffsetDateTime.now();
when(dateTimeSupplier.get()).thenReturn(now);
AwsIamRoleKmsKeyRecord kmsKey = mock(AwsIamRoleKmsKeyRecord.class);
when(kmsKey.getAwsKmsKeyId()).thenReturn(keyId);
when(kmsKey.getAwsIamRoleId()).thenReturn(iamPrincipalArn);
when(kmsKey.getAwsRegion()).thenReturn(kmsCMKRegion);
when(kmsKey.getLastValidatedTs()).thenReturn(lastValidated);
AWSKMSClient client = mock(AWSKMSClient.class);
when(kmsClientFactory.getClient(kmsCMKRegion)).thenReturn(client);
GetKeyPolicyResult result = mock(GetKeyPolicyResult.class);
when(result.getPolicy()).thenReturn(policy);
when(client.getKeyPolicy(new GetKeyPolicyRequest().withKeyId(keyId).withPolicyName("default"))).thenThrow(AmazonServiceException.class);
kmsService.validateKeyAndPolicy(kmsKey, iamPrincipalArn);
verify(kmsPolicyService, never()).isPolicyValid(policy);
verify(client, never()).putKeyPolicy(anyObject());
}
Aggregations