/** * Creates a new principal instance for the given schema and the Json node. * * @param schema * the schema for the principal instance being created. * @param principalNode * the node indicating the AWS account that is making the * request. * @return a principal instance. */ private Principal createPrincipal(String schema, JsonNode principalNode) { if (schema.equalsIgnoreCase(PRINCIPAL_SCHEMA_USER)) { return new Principal(PRINCIPAL_SCHEMA_USER, principalNode.asText(), options.isStripAwsPrincipalIdHyphensEnabled()); } else if (schema.equalsIgnoreCase(PRINCIPAL_SCHEMA_SERVICE)) { return new Principal(schema, principalNode.asText()); } else if (schema.equalsIgnoreCase(PRINCIPAL_SCHEMA_FEDERATED)) { if (WebIdentityProviders.fromString(principalNode.asText()) != null) { return new Principal(WebIdentityProviders.fromString(principalNode.asText())); } else { return new Principal(PRINCIPAL_SCHEMA_FEDERATED, principalNode.asText()); } } throw new SdkClientException("Schema " + schema + " is not a valid value for the principal."); }
@Override public boolean equals(Object principal) { if (this == principal) { return true; } if (principal == null) { return false; } if (principal instanceof Principal == false) { return false; } Principal other = (Principal) principal; if (this.getProvider().equals(other.getProvider()) && this.getId().equals(other.getId())) { return true; } return false; }
/** * Writes the list of <code>Principal</code>s to the JSONGenerator. * * @param principals * the list of principals to be written. */ private void writePrincipals(List<Principal> principals) throws JsonGenerationException, IOException { if (principals.size() == 1 && principals.get(0).equals(Principal.All)) { writeJsonKeyValue(JsonDocumentFields.PRINCIPAL, Principal.All.getId()); } else { writeJsonObjectStart(JsonDocumentFields.PRINCIPAL); Map<String, List<String>> principalsByScheme = groupPrincipalByScheme(principals); List<String> principalValues; for (Map.Entry<String, List<String>> entry : principalsByScheme.entrySet()) { principalValues = principalsByScheme.get(entry.getKey()); if (principalValues.size() == 1) { writeJsonKeyValue(entry.getKey(), principalValues.get(0)); } else { writeJsonArray(entry.getKey(), principalValues); } } writeJsonObjectEnd(); } }
policy.withStatements(new Statement(Effect.Allow) .withResources(new Resource("resource")) .withPrincipals(new Principal("accountId1"), new Principal("accountId2")) .withActions(new TestAction("action"))); assertEquals("resource", statements.get(0).getResources().get(0).getId()); assertEquals(2, statements.get(0).getPrincipals().size()); assertEquals("AWS", statements.get(0).getPrincipals().get(0).getProvider()); assertEquals("accountId1", statements.get(0).getPrincipals().get(0).getId()); assertEquals("AWS", statements.get(0).getPrincipals().get(1).getProvider()); assertEquals("accountId2", statements.get(0).getPrincipals().get(1).getId()); .withPrincipals(new Principal(Services.AmazonEC2), new Principal(Services.AmazonElasticTranscoder)) .withActions(new TestAction("action"))); policy = Policy.fromJson(policy.toJson()); assertEquals("action", statements.get(0).getActions().get(0).getActionName()); assertEquals(2, statements.get(0).getPrincipals().size()); assertEquals("Service", statements.get(0).getPrincipals().get(0).getProvider()); assertEquals(Services.AmazonEC2.getServiceId(), statements.get(0).getPrincipals().get(0) .getId()); assertEquals("Service", statements.get(0).getPrincipals().get(1).getProvider()); assertEquals(Services.AmazonElasticTranscoder.getServiceId(), statements.get(0) .getPrincipals().get(1).getId());
/** * Groups the list of <code>Principal</code>s by the Scheme. * * @param principals * the list of <code>Principal</code>s * @return a map grouped by scheme of the principal. */ private Map<String, List<String>> groupPrincipalByScheme( List<Principal> principals) { Map<String, List<String>> principalsByScheme = new LinkedHashMap<String, List<String>>(); String provider; List<String> principalValues; for (Principal principal : principals) { provider = principal.getProvider(); if (!principalsByScheme.containsKey(provider)) { principalsByScheme.put(provider, new ArrayList<String>()); } principalValues = principalsByScheme.get(provider); principalValues.add(principal.getId()); } return principalsByScheme; }
private String getPolicy(List<String> accountIds) { Policy policy = new Policy("AuthorizedWorkerAccessPolicy"); Statement stmt = new Statement(Effect.Allow); Action action = SQSActions.SendMessage; stmt.getActions().add(action); stmt.setResources(new LinkedList<>()); for(String accountId : accountIds) { Principal principal = new Principal(accountId); stmt.getPrincipals().add(principal); } stmt.getResources().add(new Resource(getQueueARN())); policy.getStatements().add(stmt); return policy.toJson(); }
/** * Writes the list of <code>Principal</code>s to the JSONGenerator. * * @param principals the list of principals to be written. */ private void writePrincipals(List<Principal> principals) throws IOException { if (principals.size() == 1 && principals.get(0).equals(Principal.All)) { writeJsonKeyValue(JsonDocumentFields.PRINCIPAL, Principal.All.getId()); } else { writeJsonObjectStart(JsonDocumentFields.PRINCIPAL); Map<String, List<String>> principalsByScheme = groupPrincipalByScheme(principals); List<String> principalValues; for (Map.Entry<String, List<String>> entry : principalsByScheme.entrySet()) { principalValues = principalsByScheme.get(entry.getKey()); if (principalValues.size() == 1) { writeJsonKeyValue(entry.getKey(), principalValues.get(0)); } else { writeJsonArray(entry.getKey(), principalValues); } } writeJsonObjectEnd(); } }
@Override public boolean equals(Object principal) { if (this == principal) { return true; } if (principal == null) { return false; } if (!(principal instanceof Principal)) { return false; } Principal other = (Principal) principal; if (this.getProvider().equals(other.getProvider()) && this.getId().equals(other.getId())) { return true; } return false; }
/** * Creates a new principal instance for the given schema and the JSON node. * * @param schema the schema for the principal instance being created. * @param principalNode the node indicating the AWS account that is making * the request. * @return a principal instance. */ private Principal createPrincipal(String schema, String principal) { if (schema.equalsIgnoreCase(PRINCIPAL_SCHEMA_USER)) { return new Principal(principal); } else if (schema.equalsIgnoreCase(PRINCIPAL_SCHEMA_SERVICE)) { return new Principal(schema, principal); } else if (schema.equalsIgnoreCase(PRINICIPAL_SCHEMA_FEDERATED)) { if (WebIdentityProviders.fromString(principal) != null) { return new Principal( WebIdentityProviders.fromString(principal)); } else { return new Principal(PRINICIPAL_SCHEMA_FEDERATED, principal); } } throw new AmazonClientException("Schema " + schema + " is not a valid value for the principal."); }
/** * Writes the list of <code>Principal</code>s to the JSONGenerator. * * @param principals * the list of principals to be written. */ private void writePrincipals(List<Principal> principals) throws JsonGenerationException, IOException { if (principals.size() == 1 && principals.get(0).equals(Principal.All)) { writeJsonKeyValue(JsonDocumentFields.PRINCIPAL, Principal.All.getId()); } else { writeJsonObjectStart(JsonDocumentFields.PRINCIPAL); Map<String, List<String>> principalsByScheme = groupPrincipalByScheme(principals); List<String> principalValues; for (Map.Entry<String, List<String>> entry : principalsByScheme.entrySet()) { principalValues = principalsByScheme.get(entry.getKey()); if (principalValues.size() == 1) { writeJsonKeyValue(entry.getKey(), principalValues.get(0)); } else { writeJsonArray(entry.getKey(), principalValues); } } writeJsonObjectEnd(); } }
@Override public boolean equals(Object principal) { if (this == principal) { return true; } if (principal == null) { return false; } if (principal instanceof Principal == false) { return false; } Principal other = (Principal) principal; if (this.getProvider().equals(other.getProvider()) && this.getId().equals(other.getId())) { return true; } return false; }
/** * Creates a new principal instance for the given schema and the Json node. * * @param schema * the schema for the principal instance being created. * @param principalNode * the node indicating the AWS account that is making the * request. * @return a principal instance. */ private Principal createPrincipal(String schema, JsonNode principalNode) { if (schema.equalsIgnoreCase(PRINCIPAL_SCHEMA_USER)) { return new Principal(PRINCIPAL_SCHEMA_USER, principalNode.asText(), options.isStripAwsPrincipalIdHyphensEnabled()); } else if (schema.equalsIgnoreCase(PRINCIPAL_SCHEMA_SERVICE)) { return new Principal(schema, principalNode.asText()); } else if (schema.equalsIgnoreCase(PRINCIPAL_SCHEMA_FEDERATED)) { if (WebIdentityProviders.fromString(principalNode.asText()) != null) { return new Principal(WebIdentityProviders.fromString(principalNode.asText())); } else { return new Principal(PRINCIPAL_SCHEMA_FEDERATED, principalNode.asText()); } } throw new SdkClientException("Schema " + schema + " is not a valid value for the principal."); }
/** * Writes the list of <code>Principal</code>s to the JSONGenerator. * * @param principals * the list of principals to be written. */ private void writePrincipals(List<Principal> principals) throws JsonGenerationException, IOException { if (principals.size() == 1 && principals.get(0).equals(Principal.All)) { writeJsonKeyValue(JsonDocumentFields.PRINCIPAL, Principal.All.getId()); } else { writeJsonObjectStart(JsonDocumentFields.PRINCIPAL); Map<String, List<String>> principalsByScheme = groupPrincipalByScheme(principals); List<String> principalValues; for (Map.Entry<String, List<String>> entry : principalsByScheme.entrySet()) { principalValues = principalsByScheme.get(entry.getKey()); if (principalValues.size() == 1) { writeJsonKeyValue(entry.getKey(), principalValues.get(0)); } else { writeJsonArray(entry.getKey(), principalValues); } } writeJsonObjectEnd(); } }
/** * Groups the list of <code>Principal</code>s by the Scheme. * * @param principals the list of <code>Principal</code>s * @return a map grouped by scheme of the principal. */ private Map<String, List<String>> groupPrincipalByScheme( List<Principal> principals) { Map<String, List<String>> principalsByScheme = new HashMap<String, List<String>>(); String provider; List<String> principalValues; for (Principal principal : principals) { provider = principal.getProvider(); if (!principalsByScheme.containsKey(provider)) { principalsByScheme.put(provider, new ArrayList<String>()); } principalValues = principalsByScheme.get(provider); principalValues.add(principal.getId()); } return principalsByScheme; }
/** * Creates a new principal instance for the given schema and the JSON node. * * @param schema the schema for the principal instance being created. * @param principalNode the node indicating the AWS account that is making * the request. * @return a principal instance. */ private Principal createPrincipal(String schema, String principal) { if (schema.equalsIgnoreCase(PRINCIPAL_SCHEMA_USER)) { return new Principal(principal); } else if (schema.equalsIgnoreCase(PRINCIPAL_SCHEMA_SERVICE)) { return new Principal(schema, principal); } else if (schema.equalsIgnoreCase(PRINICIPAL_SCHEMA_FEDERATED)) { if (WebIdentityProviders.fromString(principal) != null) { return new Principal( WebIdentityProviders.fromString(principal)); } else { return new Principal(PRINICIPAL_SCHEMA_FEDERATED, principal); } } throw new AmazonClientException("Schema " + schema + " is not a valid value for the principal."); }
/** * Writes the list of <code>Principal</code>s to the JSONGenerator. * * @param principals the list of principals to be written. */ private void writePrincipals(List<Principal> principals) throws IOException { if (principals.size() == 1 && principals.get(0).equals(Principal.All)) { writeJsonKeyValue(JsonDocumentFields.PRINCIPAL, Principal.All.getId()); } else { writeJsonObjectStart(JsonDocumentFields.PRINCIPAL); Map<String, List<String>> principalsByScheme = groupPrincipalByScheme(principals); List<String> principalValues; for (Map.Entry<String, List<String>> entry : principalsByScheme.entrySet()) { principalValues = principalsByScheme.get(entry.getKey()); if (principalValues.size() == 1) { writeJsonKeyValue(entry.getKey(), principalValues.get(0)); } else { writeJsonArray(entry.getKey(), principalValues); } } writeJsonObjectEnd(); } }
/** * Groups the list of <code>Principal</code>s by the Scheme. * * @param principals * the list of <code>Principal</code>s * @return a map grouped by scheme of the principal. */ private Map<String, List<String>> groupPrincipalByScheme( List<Principal> principals) { Map<String, List<String>> principalsByScheme = new LinkedHashMap<String, List<String>>(); String provider; List<String> principalValues; for (Principal principal : principals) { provider = principal.getProvider(); if (!principalsByScheme.containsKey(provider)) { principalsByScheme.put(provider, new ArrayList<String>()); } principalValues = principalsByScheme.get(provider); principalValues.add(principal.getId()); } return principalsByScheme; }
/** * Creates a new principal instance for the given schema and the Json node. * * @param schema * the schema for the principal instance being created. * @param principalNode * the node indicating the AWS account that is making the * request. * @return a principal instance. */ private Principal createPrincipal(String schema, JsonNode principalNode) { if (schema.equalsIgnoreCase(PRINCIPAL_SCHEMA_USER)) { return new Principal(PRINCIPAL_SCHEMA_USER, principalNode.asText(), options.isStripAwsPrincipalIdHyphensEnabled()); } else if (schema.equalsIgnoreCase(PRINCIPAL_SCHEMA_SERVICE)) { return new Principal(schema, principalNode.asText()); } else if (schema.equalsIgnoreCase(PRINCIPAL_SCHEMA_FEDERATED)) { if (WebIdentityProviders.fromString(principalNode.asText()) != null) { return new Principal(WebIdentityProviders.fromString(principalNode.asText())); } else { return new Principal(PRINCIPAL_SCHEMA_FEDERATED, principalNode.asText()); } } throw new SdkClientException("Schema " + schema + " is not a valid value for the principal."); }
/** * Writes the list of <code>Principal</code>s to the JSONGenerator. * * @param principals the list of principals to be written. */ private void writePrincipals(List<Principal> principals) throws IOException { if (principals.size() == 1 && principals.get(0).equals(Principal.All)) { writeJsonKeyValue(JsonDocumentFields.PRINCIPAL, Principal.All.getId()); } else { writeJsonObjectStart(JsonDocumentFields.PRINCIPAL); Map<String, List<String>> principalsByScheme = groupPrincipalByScheme(principals); List<String> principalValues; for (Map.Entry<String, List<String>> entry : principalsByScheme.entrySet()) { principalValues = principalsByScheme.get(entry.getKey()); if (principalValues.size() == 1) { writeJsonKeyValue(entry.getKey(), principalValues.get(0)); } else { writeJsonArray(entry.getKey(), principalValues); } } writeJsonObjectEnd(); } }
@Test public void testCloudHSMServicePrincipal() { String jsonString = "{" + "\"Version\":\"2008-10-17\"," + "\"Statement\":[" + "{\"Sid\":\"\"," + "\"Effect\":\"Allow\"," + "\"Principal\":{\"Service\":\"cloudhsm.amazonaws.com\"}," + "\"Action\":\"sts:AssumeRole\"}" + "]" + "}"; Policy policy = Policy.fromJson(jsonString); assertEquals(POLICY_VERSION, policy.getVersion()); List<Statement> statements = new LinkedList<Statement>(policy.getStatements()); assertEquals(1, statements.size()); assertEquals(1, statements.get(0).getActions().size()); assertEquals(Effect.Allow, statements.get(0).getEffect()); assertEquals("sts:AssumeRole", statements.get(0).getActions().get(0).getActionName()); assertEquals(0, statements.get(0).getConditions().size()); assertEquals(1, statements.get(0).getPrincipals().size()); assertEquals(Services.AWSCloudHSM.getServiceId(), statements.get(0).getPrincipals().get(0) .getId()); assertEquals("Service", statements.get(0).getPrincipals().get(0).getProvider()); }