Examples with KeyMetadata com.amazonaws.services.kms.model.KeyMetadata used on opensource projects

Search in sources :

Example 1 with KeyMetadata

use of com.amazonaws.services.kms.model.KeyMetadata in project cerberus by Nike-Inc.

the class KmsServiceTest method test_validatePolicy_validates_policy_when_validate_interval_has_passed.

@Test
public void test_validatePolicy_validates_policy_when_validate_interval_has_passed() {
    String kmsKeyArn = "kms key arn";
    String awsIamRoleRecordId = "aws iam role record id";
    String kmsCMKRegion = "kmsCMKRegion";
    String policy = "policy";
    OffsetDateTime lastValidated = OffsetDateTime.of(2016, 1, 1, 1, 1, 1, 1, ZoneOffset.UTC);
    OffsetDateTime now = OffsetDateTime.now();
    AWSKMSClient client = mock(AWSKMSClient.class);
    when(client.describeKey(anyObject())).thenReturn(new DescribeKeyResult().withKeyMetadata(new KeyMetadata().withKeyState(KeyState.Enabled)));
    when(kmsClientFactory.getClient(kmsCMKRegion)).thenReturn(client);
    GetKeyPolicyResult result = mock(GetKeyPolicyResult.class);
    when(result.getPolicy()).thenReturn(policy);
    when(client.getKeyPolicy(new GetKeyPolicyRequest().withKeyId(kmsKeyArn).withPolicyName("default"))).thenReturn(result);
    when(kmsPolicyService.isPolicyValid(policy)).thenReturn(true);
    AwsIamRoleKmsKeyRecord kmsKey = mock(AwsIamRoleKmsKeyRecord.class);
    when(kmsKey.getAwsIamRoleId()).thenReturn(awsIamRoleRecordId);
    when(kmsKey.getAwsKmsKeyId()).thenReturn(kmsKeyArn);
    when(kmsKey.getAwsRegion()).thenReturn(kmsCMKRegion);
    when(kmsKey.getLastValidatedTs()).thenReturn(lastValidated);
    when(awsIamRoleDao.getKmsKey(awsIamRoleRecordId, kmsCMKRegion)).thenReturn(Optional.of(kmsKey));
    when(dateTimeSupplier.get()).thenReturn(now);
    kmsService.validateKeyAndPolicy(kmsKey, kmsKeyArn);
    verify(client, times(1)).getKeyPolicy(new GetKeyPolicyRequest().withKeyId(kmsKeyArn).withPolicyName("default"));
    verify(kmsPolicyService, times(1)).isPolicyValid(policy);
}
Also used : AuthKmsKeyMetadata(com.nike.cerberus.domain.AuthKmsKeyMetadata) KeyMetadata(com.amazonaws.services.kms.model.KeyMetadata) OffsetDateTime(java.time.OffsetDateTime) DescribeKeyResult(com.amazonaws.services.kms.model.DescribeKeyResult) GetKeyPolicyResult(com.amazonaws.services.kms.model.GetKeyPolicyResult) AwsIamRoleKmsKeyRecord(com.nike.cerberus.record.AwsIamRoleKmsKeyRecord) AWSKMSClient(com.amazonaws.services.kms.AWSKMSClient) GetKeyPolicyRequest(com.amazonaws.services.kms.model.GetKeyPolicyRequest) Test(org.junit.Test)

Example 2 with KeyMetadata

use of com.amazonaws.services.kms.model.KeyMetadata in project aws-doc-sdk-examples by awsdocs.

the class ViewCustomerMasterKey method main.

public static void main(String[] args) {
    final String USAGE = "To run this example, supply a key id or ARN\n" + "Usage: ViewCustomerMasterKey <key-id>\n" + "Example: ViewCustomerMasterKey 1234abcd-12ab-34cd-56ef-1234567890ab\n";
    if (args.length != 1) {
        System.out.println(USAGE);
        System.exit(1);
    }
    String keyId = args[0];
    AWSKMS kmsClient = AWSKMSClientBuilder.standard().build();
    // Describe a CMK
    DescribeKeyRequest req = new DescribeKeyRequest().withKeyId(keyId);
    DescribeKeyResult result = kmsClient.describeKey(req);
    KeyMetadata metadata = result.getKeyMetadata();
    System.out.printf("%-15s %s%n", "KeyId:", keyId);
    System.out.printf("%-15s %s%n", "Arn:", metadata.getArn());
    System.out.printf("%-15s %s%n", "CreationDate:", metadata.getCreationDate());
    System.out.printf("%-15s %s%n", "Description:", metadata.getDescription());
    System.out.printf("%-15s %s%n", "KeyUsage:", metadata.getKeyUsage());
    System.out.printf("%-15s %s%n", "KeyState:", metadata.getKeyState());
    System.out.printf("%-15s %s%n", "Origin:", metadata.getOrigin());
    System.out.printf("%-15s %s%n", "KeyManager:", metadata.getKeyManager());
}
Also used : KeyMetadata(com.amazonaws.services.kms.model.KeyMetadata) DescribeKeyResult(com.amazonaws.services.kms.model.DescribeKeyResult) DescribeKeyRequest(com.amazonaws.services.kms.model.DescribeKeyRequest) AWSKMS(com.amazonaws.services.kms.AWSKMS)

Example 3 with KeyMetadata

use of com.amazonaws.services.kms.model.KeyMetadata in project cloudbreak by hortonworks.

the class AwsPlatformResourcesTest method collectEncryptionKeysWhenWeGetBackInfoThenItShouldReturnListWithElements.

@Test
public void collectEncryptionKeysWhenWeGetBackInfoThenItShouldReturnListWithElements() {
    ListKeysResult listKeysResult = new ListKeysResult();
    Set<KeyListEntry> listEntries = new HashSet<>();
    listEntries.add(keyListEntry(1));
    listEntries.add(keyListEntry(2));
    listEntries.add(keyListEntry(3));
    listEntries.add(keyListEntry(4));
    listKeysResult.setKeys(listEntries);
    DescribeKeyResult describeKeyResult = new DescribeKeyResult();
    describeKeyResult.setKeyMetadata(new KeyMetadata());
    ListAliasesResult describeAliasResult = new ListAliasesResult();
    Set<AliasListEntry> aliasListEntries = new HashSet<>();
    aliasListEntries.add(aliasListEntry(1));
    aliasListEntries.add(aliasListEntry(2));
    aliasListEntries.add(aliasListEntry(3));
    aliasListEntries.add(aliasListEntry(4));
    describeAliasResult.setAliases(aliasListEntries);
    when(awsClient.createAWSKMS(any(AwsCredentialView.class), anyString())).thenReturn(awskmsClient);
    when(awskmsClient.listKeys(any(ListKeysRequest.class))).thenReturn(listKeysResult);
    when(awskmsClient.describeKey(any(DescribeKeyRequest.class))).thenReturn(describeKeyResult);
    when(awskmsClient.listAliases(any(ListAliasesRequest.class))).thenReturn(describeAliasResult);
    CloudEncryptionKeys cloudEncryptionKeys = underTest.encryptionKeys(cloudCredential, region("London"), new HashMap<>());
    assertEquals(4L, cloudEncryptionKeys.getCloudEncryptionKeys().size());
}
Also used : ListAliasesResult(com.amazonaws.services.kms.model.ListAliasesResult) AliasListEntry(com.amazonaws.services.kms.model.AliasListEntry) DescribeKeyRequest(com.amazonaws.services.kms.model.DescribeKeyRequest) ListKeysRequest(com.amazonaws.services.kms.model.ListKeysRequest) CloudEncryptionKeys(com.sequenceiq.cloudbreak.cloud.model.CloudEncryptionKeys) AwsCredentialView(com.sequenceiq.cloudbreak.cloud.aws.common.view.AwsCredentialView) KeyListEntry(com.amazonaws.services.kms.model.KeyListEntry) KeyMetadata(com.amazonaws.services.kms.model.KeyMetadata) DescribeKeyResult(com.amazonaws.services.kms.model.DescribeKeyResult) ListKeysResult(com.amazonaws.services.kms.model.ListKeysResult) ListAliasesRequest(com.amazonaws.services.kms.model.ListAliasesRequest) HashSet(java.util.HashSet) Test(org.junit.jupiter.api.Test)

Example 4 with KeyMetadata

use of com.amazonaws.services.kms.model.KeyMetadata in project cerberus by Nike-Inc.

the class KmsServiceTest method test_provisionKmsKey.

@Test
public void test_provisionKmsKey() {
    String iamRoleId = "role-id";
    String awsRegion = "aws-region";
    String user = "user";
    OffsetDateTime dateTime = OffsetDateTime.now();
    String policy = "policy";
    String arn = "arn:aws:iam::12345678901234:role/some-role";
    String awsIamRoleKmsKeyId = "awsIamRoleKmsKeyId";
    when(uuidSupplier.get()).thenReturn(awsIamRoleKmsKeyId);
    when(kmsPolicyService.generateStandardKmsPolicy(arn)).thenReturn(policy);
    AWSKMSClient client = mock(AWSKMSClient.class);
    when(kmsClientFactory.getClient(awsRegion)).thenReturn(client);
    CreateKeyRequest request = new CreateKeyRequest();
    request.setKeyUsage(KeyUsageType.ENCRYPT_DECRYPT);
    request.setDescription("Key used by Cerberus fakeEnv for IAM role authentication. " + arn);
    request.setPolicy(policy);
    request.setTags(Lists.newArrayList(new Tag().withTagKey("created_by").withTagValue(ARTIFACT + VERSION), new Tag().withTagKey("created_for").withTagValue("cerberus_auth"), new Tag().withTagKey("auth_principal").withTagValue(arn), new Tag().withTagKey("cerberus_env").withTagValue(ENV)));
    CreateKeyResult createKeyResult = mock(CreateKeyResult.class);
    KeyMetadata metadata = mock(KeyMetadata.class);
    when(metadata.getArn()).thenReturn(arn);
    when(createKeyResult.getKeyMetadata()).thenReturn(metadata);
    when(client.createKey(any())).thenReturn(createKeyResult);
    // invoke method under test
    String actualResult = kmsService.provisionKmsKey(iamRoleId, arn, awsRegion, user, dateTime).getAwsKmsKeyId();
    assertEquals(arn, actualResult);
    CreateAliasRequest aliasRequest = new CreateAliasRequest();
    aliasRequest.setAliasName(kmsService.getAliasName(awsIamRoleKmsKeyId, arn));
    aliasRequest.setTargetKeyId(arn);
    verify(client).createAlias(aliasRequest);
    AwsIamRoleKmsKeyRecord awsIamRoleKmsKeyRecord = new AwsIamRoleKmsKeyRecord();
    awsIamRoleKmsKeyRecord.setId(awsIamRoleKmsKeyId);
    awsIamRoleKmsKeyRecord.setAwsIamRoleId(iamRoleId);
    awsIamRoleKmsKeyRecord.setAwsKmsKeyId(arn);
    awsIamRoleKmsKeyRecord.setAwsRegion(awsRegion);
    awsIamRoleKmsKeyRecord.setCreatedBy(user);
    awsIamRoleKmsKeyRecord.setLastUpdatedBy(user);
    awsIamRoleKmsKeyRecord.setCreatedTs(dateTime);
    awsIamRoleKmsKeyRecord.setLastUpdatedTs(dateTime);
    awsIamRoleKmsKeyRecord.setLastValidatedTs(dateTime);
    verify(awsIamRoleDao).createIamRoleKmsKey(awsIamRoleKmsKeyRecord);
}
Also used : CreateKeyResult(com.amazonaws.services.kms.model.CreateKeyResult) AuthKmsKeyMetadata(com.nike.cerberus.domain.AuthKmsKeyMetadata) KeyMetadata(com.amazonaws.services.kms.model.KeyMetadata) OffsetDateTime(java.time.OffsetDateTime) CreateKeyRequest(com.amazonaws.services.kms.model.CreateKeyRequest) AwsIamRoleKmsKeyRecord(com.nike.cerberus.record.AwsIamRoleKmsKeyRecord) AWSKMSClient(com.amazonaws.services.kms.AWSKMSClient) Tag(com.amazonaws.services.kms.model.Tag) CreateAliasRequest(com.amazonaws.services.kms.model.CreateAliasRequest) Test(org.junit.Test)

Example 5 with KeyMetadata

use of com.amazonaws.services.kms.model.KeyMetadata in project cerberus by Nike-Inc.

the class KmsServiceTest method test_getKmsKeyState_happy.

@Test
public void test_getKmsKeyState_happy() {
    String awsRegion = "aws region";
    String kmsKeyId = "kms key id";
    String state = "state";
    AWSKMSClient kmsClient = mock(AWSKMSClient.class);
    when(kmsClientFactory.getClient(awsRegion)).thenReturn(kmsClient);
    when(kmsClient.describeKey(anyObject())).thenReturn(new DescribeKeyResult().withKeyMetadata(new KeyMetadata().withKeyState(state)));
    String result = kmsService.getKmsKeyState(kmsKeyId, awsRegion);
    assertEquals(state, result);
}
Also used : AuthKmsKeyMetadata(com.nike.cerberus.domain.AuthKmsKeyMetadata) KeyMetadata(com.amazonaws.services.kms.model.KeyMetadata) DescribeKeyResult(com.amazonaws.services.kms.model.DescribeKeyResult) AWSKMSClient(com.amazonaws.services.kms.AWSKMSClient) Test(org.junit.Test)

Aggregations

KeyMetadata (com.amazonaws.services.kms.model.KeyMetadata)5 DescribeKeyResult (com.amazonaws.services.kms.model.DescribeKeyResult)4 AWSKMSClient (com.amazonaws.services.kms.AWSKMSClient)3 AuthKmsKeyMetadata (com.nike.cerberus.domain.AuthKmsKeyMetadata)3 Test (org.junit.Test)3 DescribeKeyRequest (com.amazonaws.services.kms.model.DescribeKeyRequest)2 AwsIamRoleKmsKeyRecord (com.nike.cerberus.record.AwsIamRoleKmsKeyRecord)2 OffsetDateTime (java.time.OffsetDateTime)2 AWSKMS (com.amazonaws.services.kms.AWSKMS)1 AliasListEntry (com.amazonaws.services.kms.model.AliasListEntry)1 CreateAliasRequest (com.amazonaws.services.kms.model.CreateAliasRequest)1 CreateKeyRequest (com.amazonaws.services.kms.model.CreateKeyRequest)1 CreateKeyResult (com.amazonaws.services.kms.model.CreateKeyResult)1 GetKeyPolicyRequest (com.amazonaws.services.kms.model.GetKeyPolicyRequest)1 GetKeyPolicyResult (com.amazonaws.services.kms.model.GetKeyPolicyResult)1 KeyListEntry (com.amazonaws.services.kms.model.KeyListEntry)1 ListAliasesRequest (com.amazonaws.services.kms.model.ListAliasesRequest)1 ListAliasesResult (com.amazonaws.services.kms.model.ListAliasesResult)1 ListKeysRequest (com.amazonaws.services.kms.model.ListKeysRequest)1 ListKeysResult (com.amazonaws.services.kms.model.ListKeysResult)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial