? Policy.fromJson(policyJson) : new Policy(); policy.getStatements().add(new Statement(Effect.Allow) .withId("topic-subscription-" + snsTopicArn) .withPrincipals(Principal.AllUsers) newAttrs.put(QueueAttributeName.Policy.toString(), policy.toJson()); sqs.setQueueAttributes(new SetQueueAttributesRequest(sqsQueueUrl, newAttrs));
public static String getPublicReadPolicy(String bucket_name) { Policy bucket_policy = new Policy().withStatements( new Statement(Statement.Effect.Allow) .withPrincipals(Principal.AllUsers) .withActions(S3Actions.GetObject) .withResources(new Resource( "arn:aws:s3:::" + bucket_name + "/*"))); return bucket_policy.toJson(); }
generator.writeStartObject(); writeJsonKeyValue(JsonDocumentFields.VERSION, policy.getVersion()); if (isNotNull(policy.getId())) writeJsonKeyValue(JsonDocumentFields.POLICY_ID, policy.getId()); for (Statement statement : policy.getStatements()) { generator.writeStartObject();
private static String getBucketPolicyFromFile(String policy_file) { StringBuilder file_text = new StringBuilder(); try { List<String> lines = Files.readAllLines( Paths.get(policy_file), Charset.forName("UTF-8")); for (String line : lines) { file_text.append(line); } } catch (IOException e) { System.out.format("Problem reading file: \"%s\"", policy_file); System.out.println(e.getMessage()); } // Verify the policy by trying to load it into a Policy object. Policy bucket_policy = null; try { bucket_policy = Policy.fromJson(file_text.toString()); } catch (IllegalArgumentException e) { System.out.format("Invalid policy text in file: \"%s\"", policy_file); System.out.println(e.getMessage()); } return bucket_policy.toJson(); }
private String getPolicy(List<String> accountIds) { Policy policy = new Policy("AuthorizedWorkerAccessPolicy"); Statement stmt = new Statement(Effect.Allow); Action action = SQSActions.SendMessage; stmt.getActions().add(action); stmt.setResources(new LinkedList<>()); for(String accountId : accountIds) { Principal principal = new Principal(accountId); stmt.getPrincipals().add(principal); } stmt.getResources().add(new Resource(getQueueARN())); policy.getStatements().add(stmt); return policy.toJson(); }
JsonNode idNode; JsonNode statementsNode; Policy policy = new Policy(); List<Statement> statements = new LinkedList<Statement>(); policy.setId(idNode.asText()); throw new IllegalArgumentException(message, e); policy.setStatements(statements); return policy;
public AwsPolicyBuilder() { policy = new Policy(null, new ArrayList<>()); }
private static String ensureQueueExists(AmazonSQS amazonSQS, ARN queueARN, ARN topicARN, Set<String> terminatingRoleArns, int sqsMessageRetentionPeriodSeconds) { String queueUrl = amazonSQS.createQueue(queueARN.name).getQueueUrl(); HashMap<String, String> attributes = new HashMap<>(); attributes.put("Policy", buildSQSPolicy(queueARN, topicARN, terminatingRoleArns).toJson()); attributes.put("MessageRetentionPeriod", Integer.toString(sqsMessageRetentionPeriodSeconds)); amazonSQS.setQueueAttributes( queueUrl, attributes ); return queueUrl; }
Policy policy = new Policy(); policy.setStatements(statements); .withDurationSeconds(durationSeconds) .withRoleSessionName(sessionName) .withPolicy(policy.toJson())); .withDurationSeconds(durationSeconds) .withName(sessionName) .withPolicy(policy.toJson());
@Test public void testCloudHSMServicePrincipal() { String jsonString = "{" + "\"Version\":\"2008-10-17\"," + "\"Statement\":[" + "{\"Sid\":\"\"," + "\"Effect\":\"Allow\"," + "\"Principal\":{\"Service\":\"cloudhsm.amazonaws.com\"}," + "\"Action\":\"sts:AssumeRole\"}" + "]" + "}"; Policy policy = Policy.fromJson(jsonString); assertEquals(POLICY_VERSION, policy.getVersion()); List<Statement> statements = new LinkedList<Statement>(policy.getStatements()); assertEquals(1, statements.size()); assertEquals(1, statements.get(0).getActions().size()); assertEquals(Effect.Allow, statements.get(0).getEffect()); assertEquals("sts:AssumeRole", statements.get(0).getActions().get(0).getActionName()); assertEquals(0, statements.get(0).getConditions().size()); assertEquals(1, statements.get(0).getPrincipals().size()); assertEquals(Services.AWSCloudHSM.getServiceId(), statements.get(0).getPrincipals().get(0) .getId()); assertEquals("Service", statements.get(0).getPrincipals().get(0).getProvider()); }
/** * Tests that a policy correctly assigns unique statement IDs to any added * statements without IDs yet. */ @Test public void testStatementIdAssignment() throws Exception { Policy policy = new Policy("S3PolicyId1"); policy.withStatements( new Statement(Effect.Allow).withId("0") .withPrincipals(Principal.AllUsers) .withActions(new TestAction("action1")), new Statement(Effect.Allow).withId("1") .withPrincipals(Principal.AllUsers) .withActions(new TestAction("action1")), new Statement( Effect.Deny).withPrincipals(Principal.AllUsers) .withActions(new TestAction("action2"))); assertValidStatementIds(policy); }
/** * Asserts that each statement in the specified policy has a unique ID * assigned to it. */ private void assertValidStatementIds(Policy policy) { Set<String> statementIds = new HashSet<String>(); for (Statement statement : policy.getStatements()) { assertNotNull(statement.getId()); assertFalse(statementIds.contains(statement.getId())); statementIds.add(statement.getId()); } }
/** * Returns an AWS access control policy object generated from JSON string. This will automatically strip all dashes from * AWS principal IDs, because AWS account IDs must not contain dashes. If this behavior isn't desirable (eg. because you are * using IAM AWS principal IDs with dashes in the name), you may disable this behavior by specifying custom JSON policy reader * options in {@link #fromJson(String, PolicyReaderOptions)}. * * @param jsonString * The JSON string representation of this AWS access control policy. * * @return An AWS access control policy object. * * @throws IllegalArgumentException * If the specified JSON string is null or invalid and cannot be * converted to an AWS policy object. */ public static Policy fromJson(String jsonString) { return fromJson(jsonString, new PolicyReaderOptions()); }
JsonNode idNode; JsonNode statementsNode; Policy policy = new Policy(); List<Statement> statements = new LinkedList<Statement>(); policy.setId(idNode.asText()); throw new IllegalArgumentException(message, e); policy.setStatements(statements); return policy;
private String getPolicy(List<String> accountIds) { Policy policy = new Policy("AuthorizedWorkerAccessPolicy"); Statement stmt = new Statement(Effect.Allow); Action action = SQSActions.SendMessage; stmt.getActions().add(action); stmt.setResources(new LinkedList<>()); for(String accountId : accountIds) { Principal principal = new Principal(accountId); stmt.getPrincipals().add(principal); } stmt.getResources().add(new Resource(getQueueARN())); policy.getStatements().add(stmt); return policy.toJson(); }
public AwsPolicyBuilder() { policy = new Policy(null, new ArrayList<>()); }
public static String ensureQueueExists(AmazonSQS amazonSQS, ARN queueARN, ARN topicARN, int sqsMessageRetentionPeriodSeconds) { String queueUrl = amazonSQS.createQueue(queueARN.getName()).getQueueUrl(); log.debug("Created queue " + queueUrl); HashMap<String, String> attributes = new HashMap<>(); attributes.put("Policy", buildSQSPolicy(queueARN, topicARN).toJson()); attributes.put("MessageRetentionPeriod", Integer.toString(sqsMessageRetentionPeriodSeconds)); amazonSQS.setQueueAttributes( queueUrl, attributes ); return queueUrl; }
+ "\"Action\":\"sts:AssumeRole\"" + "}" + "]" + "}"; Policy policy = Policy.fromJson(jsonString); assertEquals(POLICY_VERSION, policy.getVersion()); List<Statement> statements = new LinkedList<Statement>( policy.getStatements()); assertEquals(1, statements.size()); assertEquals(1, statements.get(0).getActions().size());
/** * Adds a permission to allow the specified actions to the given KMS key id. * * @param kmsKeyId Full ARN to the kms key * @param actions List of actions * * @return This builder */ @SuppressWarnings("PMD.CloseResource") public AwsPolicyBuilder withKms(String kmsKeyId, KmsActions... actions) { Statement statement = new Statement(Effect.Allow); statement.setActions(Arrays.asList(actions)); statement.setResources(Arrays.asList(new Resource(kmsKeyId))); policy.getStatements().add(statement); return this; }