/** * Generates a list of resources from the Resource Json Node. * * @param resourceNodes * the resource Json node to be parsed. * @return the list of resources. */ private List<Resource> resourcesOf(JsonNode resourceNodes) { List<Resource> resources = new LinkedList<Resource>(); if (resourceNodes.isArray()) { for (JsonNode resource : resourceNodes) { resources.add(new Resource(resource.asText())); } } else { resources.add(new Resource(resourceNodes.asText())); } return resources; }
statement.getId(), statement.getEffect().name(), statement.getActions().get(0).getActionName(), statement.getResources().get(0).getId()); if (resource.getId().equals(queueARN)) { queueResourceFound = true; break; .withPrincipals(Principal.AllUsers) .withActions(SQSActions.SendMessage) .withResources(new Resource(queueARN)); statement.setConditions(conditions);
/** * Writes the list of <code>Resource</code>s to the JSONGenerator. * * @param resources * the list of resources to be written. */ private void writeResources(List<Resource> resources) throws JsonGenerationException, IOException { PolicyUtils.validateResourceList(resources); List<String> resourceStrings = new ArrayList<String>(); for (Resource resource : resources) { resourceStrings.add(resource.getId()); } // all resources are validated to be of the same type, so it is safe to take the type of the first one if (resources.get(0).isNotType()) { writeJsonArray(JsonDocumentFields.NOT_RESOURCE, resourceStrings); } else { writeJsonArray(JsonDocumentFields.RESOURCE, resourceStrings); } }
/** * Writes the list of <code>Resource</code>s to the JSONGenerator. * * @param resources the list of resources to be written. */ private void writeResources(List<Resource> resources) throws IOException { List<String> resourceStrings = new ArrayList<String>(); for (Resource resource : resources) { resourceStrings.add(resource.getId()); } writeJsonArray(JsonDocumentFields.RESOURCE, resourceStrings); }
/** * Determines if a list of Resource objects is valid, containing either all NotResource elements or all Resource * elements * * @param resourceList the list of Resource objects * @throws IllegalArgumentException if the resource list is invalid */ public static void validateResourceList(final List<Resource> resourceList) { boolean hasNotResource = false; boolean hasResource = false; for (Resource resource : resourceList) { if (resource.isNotType()) { hasNotResource = true; } else { hasResource = true; } if (hasResource && hasNotResource) { // right now only validate that there are only NotResource or only Resource elements // in the future could do more validation throw new IllegalArgumentException(PolicyUtils.INVALID_RESOURCE); } } } }
/** * Writes the list of <code>Resource</code>s to the JSONGenerator. * * @param resources the list of resources to be written. */ private void writeResources(List<Resource> resources) throws IOException { List<String> resourceStrings = new ArrayList<String>(); for (Resource resource : resources) { resourceStrings.add(resource.getId()); } writeJsonArray(JsonDocumentFields.RESOURCE, resourceStrings); }
/** * Determines if a list of Resource objects is valid, containing either all NotResource elements or all Resource * elements * * @param resourceList the list of Resource objects * @throws IllegalArgumentException if the resource list is invalid */ public static void validateResourceList(final List<Resource> resourceList) { boolean hasNotResource = false; boolean hasResource = false; for (Resource resource : resourceList) { if (resource.isNotType()) { hasNotResource = true; } else { hasResource = true; } if (hasResource && hasNotResource) { // right now only validate that there are only NotResource or only Resource elements // in the future could do more validation throw new IllegalArgumentException(PolicyUtils.INVALID_RESOURCE); } } } }
private String getPolicy(List<String> accountIds) { Policy policy = new Policy("AuthorizedWorkerAccessPolicy"); Statement stmt = new Statement(Effect.Allow); Action action = SQSActions.SendMessage; stmt.getActions().add(action); stmt.setResources(new LinkedList<>()); for(String accountId : accountIds) { Principal principal = new Principal(accountId); stmt.getPrincipals().add(principal); } stmt.getResources().add(new Resource(getQueueARN())); policy.getStatements().add(stmt); return policy.toJson(); }
.withPrincipals(Principal.AllUsers) .withActions(new TestAction("action1")) .withResources(new Resource("resource")) .withConditions( new IpAddressCondition("192.168.143.0/24")), .withPrincipals(Principal.AllUsers) .withActions(new TestAction("action2")) .withResources(new Resource("resource")) .withConditions(new IpAddressCondition("10.1.2.0/24")), new Statement(Effect.Allow) .withPrincipals(Principal.AllUsers) .withActions(new TestAction("action3")) .withResources(new Resource("resource")) .withConditions(new IpAddressCondition(IpAddressComparisonType.NotIpAddress, "192.168.143.188/32"))); assertEquals("AWS", statements.get(0).getPrincipals().get(0).getProvider()); assertEquals(1, statements.get(0).getResources().size()); assertEquals("resource", statements.get(0).getResources().get(0).getId()); assertEquals(1, statements.get(0).getActions().size()); assertEquals("action1", statements.get(0).getActions().get(0).getActionName()); assertEquals("AWS", statements.get(1).getPrincipals().get(0).getProvider()); assertEquals(1, statements.get(1).getResources().size()); assertEquals("resource", statements.get(1).getResources().get(0).getId()); assertEquals(1, statements.get(1).getActions().size()); assertEquals("action2", statements.get(1).getActions().get(0).getActionName());
/** * Writes the list of <code>Resource</code>s to the JSONGenerator. * * @param resources the list of resources to be written. */ private void writeResources(List<Resource> resources) throws IOException { List<String> resourceStrings = new ArrayList<String>(); for (Resource resource : resources) { resourceStrings.add(resource.getId()); } writeJsonArray(JsonDocumentFields.RESOURCE, resourceStrings); }
/** * Writes the list of <code>Resource</code>s to the JSONGenerator. * * @param resources * the list of resources to be written. */ private void writeResources(List<Resource> resources) throws JsonGenerationException, IOException { PolicyUtils.validateResourceList(resources); List<String> resourceStrings = new ArrayList<String>(); for (Resource resource : resources) { resourceStrings.add(resource.getId()); } // all resources are validated to be of the same type, so it is safe to take the type of the first one if (resources.get(0).isNotType()) { writeJsonArray(JsonDocumentFields.NOT_RESOURCE, resourceStrings); } else { writeJsonArray(JsonDocumentFields.RESOURCE, resourceStrings); } }
public static String getPublicReadPolicy(String bucket_name) { Policy bucket_policy = new Policy().withStatements( new Statement(Statement.Effect.Allow) .withPrincipals(Principal.AllUsers) .withActions(S3Actions.GetObject) .withResources(new Resource( "arn:aws:s3:::" + bucket_name + "/*"))); return bucket_policy.toJson(); }
Policy policy = new Policy(); policy.withStatements(new Statement(Effect.Allow) .withResources(new Resource("resource")) .withPrincipals(new Principal("accountId1"), new Principal("accountId2")) .withActions(new TestAction("action"))); assertEquals("resource", statements.get(0).getResources().get(0).getId()); assertEquals(2, statements.get(0).getPrincipals().size()); assertEquals("AWS", statements.get(0).getPrincipals().get(0).getProvider()); .withResources(new Resource("resource")) .withPrincipals(new Principal(Services.AmazonEC2), new Principal(Services.AmazonElasticTranscoder)) policy.withStatements(new Statement(Effect.Allow).withResources(new Resource("resource")) .withPrincipals(Principal.All) .withActions(new TestAction("action"))); .withResources(new Resource("resource")) .withPrincipals(Principal.AllUsers, Principal.AllServices, Principal.AllWebProviders)
/** * Writes the list of <code>Resource</code>s to the JSONGenerator. * * @param resources * the list of resources to be written. */ private void writeResources(List<Resource> resources) throws JsonGenerationException, IOException { List<String> resourceStrings = new ArrayList<String>(); for (Resource resource : resources) { resourceStrings.add(resource.getId()); } writeJsonArray(JsonDocumentFields.RESOURCE, resourceStrings); }
private void setupQueueAndTopic() { String randomSeed = UUID.randomUUID().toString(); String queueName = "glacier-archive-transfer-" + randomSeed; String topicName = "glacier-archive-transfer-" + randomSeed; queueUrl = sqs.createQueue(new CreateQueueRequest(queueName)).getQueueUrl(); topicArn = sns.createTopic(new CreateTopicRequest(topicName)).getTopicArn(); String queueARN = sqs.getQueueAttributes(new GetQueueAttributesRequest(queueUrl).withAttributeNames("QueueArn")).getAttributes().get("QueueArn"); Policy sqsPolicy = new Policy().withStatements( new Statement(Effect.Allow) .withPrincipals(Principal.AllUsers) .withActions(SQSActions.SendMessage) .withResources(new Resource(queueARN)) .withConditions(ConditionFactory.newSourceArnCondition(topicArn))); sqs.setQueueAttributes(new SetQueueAttributesRequest(queueUrl, newAttributes("Policy", sqsPolicy.toJson()))); sns.subscribe(new SubscribeRequest(topicArn, "sqs", queueARN)); }
.withPrincipals(Principal.AllUsers) .withActions(SQSActions.SendMessage) .withResources(new Resource(sqsQueueArn)) .withConditions(ConditionFactory.newSourceArnCondition(snsTopicArn)));
/** * Generates a list of resources from the Resource Json Node. * * @param resourceNodes * the resource Json node to be parsed. * @return the list of resources. */ private List<Resource> resourcesOf(JsonNode resourceNodes) { List<Resource> resources = new LinkedList<Resource>(); if (resourceNodes.isArray()) { for (JsonNode resource : resourceNodes) { resources.add(new Resource(resource.asText())); } } else { resources.add(new Resource(resourceNodes.asText())); } return resources; }
/** * Generates a list of resources from the Resource JSON Node. * * @param resourceNodes the resource JSON node to be parsed. * @return the list of resources. */ private List<Resource> resourcesOf(AwsJsonReader reader) throws IOException { List<Resource> resources = new LinkedList<Resource>(); if (reader.isContainer()) { reader.beginArray(); while (reader.hasNext()) { resources.add(new Resource(reader.nextString())); } reader.endArray(); } else { resources.add(new Resource(reader.nextString())); } return resources; }
@Test public void testMultipleConditionKeysForConditionType() throws Exception { Policy policy = new Policy(); policy.withStatements(new Statement(Effect.Allow) .withResources(new Resource("arn:aws:sqs:us-east-1:987654321000:MyQueue")) .withPrincipals(Principal.AllUsers) .withActions(new TestAction("foo")) .withConditions( new StringCondition(StringComparisonType.StringNotLike, "key1", "foo"), new StringCondition(StringComparisonType.StringNotLike, "key1", "bar"))); policy = Policy.fromJson(policy.toJson()); assertEquals(1, policy.getStatements().size()); List<Statement> statements = new LinkedList<Statement>(policy.getStatements()); assertEquals(Effect.Allow, statements.get(0).getEffect()); assertEquals(1, statements.get(0).getActions().size()); assertEquals("foo", statements.get(0).getActions().get(0).getActionName()); assertEquals(1, statements.get(0).getConditions().size()); assertEquals("StringNotLike", statements.get(0).getConditions().get(0).getType()); assertEquals("key1", statements.get(0).getConditions().get(0).getConditionKey()); assertEquals(2, statements.get(0).getConditions().get(0).getValues().size()); assertEquals("foo", statements.get(0).getConditions().get(0).getValues().get(0)); assertEquals("bar", statements.get(0).getConditions().get(0).getValues().get(1)); }
.withPrincipals(Principal.AllUsers) .withActions(SQSActions.SendMessage) .withResources(new Resource(sqsQueueArn)) .withConditions(ConditionFactory.newSourceArnCondition(snsTopicArn)));