/** * Returns an AWS access control policy object generated from JSON string. This will automatically strip all dashes from * AWS principal IDs, because AWS account IDs must not contain dashes. If this behavior isn't desirable (eg. because you are * using IAM AWS principal IDs with dashes in the name), you may disable this behavior by specifying custom JSON policy reader * options in {@link #fromJson(String, PolicyReaderOptions)}. * * @param jsonString * The JSON string representation of this AWS access control policy. * * @return An AWS access control policy object. * * @throws IllegalArgumentException * If the specified JSON string is null or invalid and cannot be * converted to an AWS policy object. */ public static Policy fromJson(String jsonString) { return fromJson(jsonString, new PolicyReaderOptions()); }
private static String getBucketPolicyFromFile(String policy_file) { StringBuilder file_text = new StringBuilder(); try { List<String> lines = Files.readAllLines( Paths.get(policy_file), Charset.forName("UTF-8")); for (String line : lines) { file_text.append(line); } } catch (IOException e) { System.out.format("Problem reading file: \"%s\"", policy_file); System.out.println(e.getMessage()); } // Verify the policy by trying to load it into a Policy object. Policy bucket_policy = null; try { bucket_policy = Policy.fromJson(file_text.toString()); } catch (IllegalArgumentException e) { System.out.format("Invalid policy text in file: \"%s\"", policy_file); System.out.println(e.getMessage()); } return bucket_policy.toJson(); }
Policy policy = policyJson != null && policyJson.length() > 0 ? Policy.fromJson(policyJson) : new Policy();
? Policy.fromJson(policyJson) : new Policy(); policy.getStatements().add(new Statement(Effect.Allow) .withId("topic-subscription-" + snsTopicArn)
/** * Returns an AWS access control policy object generated from JSON string. This will automatically strip all dashes from * AWS principal IDs, because AWS account IDs must not contain dashes. If this behavior isn't desirable (eg. because you are * using IAM AWS principal IDs with dashes in the name), you may disable this behavior by specifying custom JSON policy reader * options in {@link #fromJson(String, PolicyReaderOptions)}. * * @param jsonString * The JSON string representation of this AWS access control policy. * * @return An AWS access control policy object. * * @throws IllegalArgumentException * If the specified JSON string is null or invalid and cannot be * converted to an AWS policy object. */ public static Policy fromJson(String jsonString) { return fromJson(jsonString, new PolicyReaderOptions()); }
@Test public void testCloudHSMServicePrincipal() { String jsonString = "{" + "\"Version\":\"2008-10-17\"," + "\"Statement\":[" + "{\"Sid\":\"\"," + "\"Effect\":\"Allow\"," + "\"Principal\":{\"Service\":\"cloudhsm.amazonaws.com\"}," + "\"Action\":\"sts:AssumeRole\"}" + "]" + "}"; Policy policy = Policy.fromJson(jsonString); assertEquals(POLICY_VERSION, policy.getVersion()); List<Statement> statements = new LinkedList<Statement>(policy.getStatements()); assertEquals(1, statements.size()); assertEquals(1, statements.get(0).getActions().size()); assertEquals(Effect.Allow, statements.get(0).getEffect()); assertEquals("sts:AssumeRole", statements.get(0).getActions().get(0).getActionName()); assertEquals(0, statements.get(0).getConditions().size()); assertEquals(1, statements.get(0).getPrincipals().size()); assertEquals(Services.AWSCloudHSM.getServiceId(), statements.get(0).getPrincipals().get(0) .getId()); assertEquals("Service", statements.get(0).getPrincipals().get(0).getProvider()); }
+ "\"Action\":\"sts:AssumeRole\"" + "}" + "]" + "}"; Policy policy = Policy.fromJson(jsonString); assertEquals(POLICY_VERSION, policy.getVersion()); List<Statement> statements = new LinkedList<Statement>(
"}"; Policy policy = Policy.fromJson(jsonString); assertEquals(POLICY_VERSION, policy.getVersion()); List<Statement> statements = new LinkedList<Statement>(policy.getStatements());
@Test public void testMultipleConditionKeysForConditionType() throws Exception { Policy policy = new Policy(); policy.withStatements(new Statement(Effect.Allow) .withResources(new Resource("arn:aws:sqs:us-east-1:987654321000:MyQueue")) .withPrincipals(Principal.AllUsers) .withActions(new TestAction("foo")) .withConditions( new StringCondition(StringComparisonType.StringNotLike, "key1", "foo"), new StringCondition(StringComparisonType.StringNotLike, "key1", "bar"))); policy = Policy.fromJson(policy.toJson()); assertEquals(1, policy.getStatements().size()); List<Statement> statements = new LinkedList<Statement>(policy.getStatements()); assertEquals(Effect.Allow, statements.get(0).getEffect()); assertEquals(1, statements.get(0).getActions().size()); assertEquals("foo", statements.get(0).getActions().get(0).getActionName()); assertEquals(1, statements.get(0).getConditions().size()); assertEquals("StringNotLike", statements.get(0).getConditions().get(0).getType()); assertEquals("key1", statements.get(0).getConditions().get(0).getConditionKey()); assertEquals(2, statements.get(0).getConditions().get(0).getValues().size()); assertEquals("foo", statements.get(0).getConditions().get(0).getValues().get(0)); assertEquals("bar", statements.get(0).getConditions().get(0).getValues().get(1)); }
"}"; Policy policy = Policy.fromJson(jsonString); assertEquals(POLICY_VERSION, policy.getVersion()); List<Statement> statements = new LinkedList<Statement>(policy.getStatements());
"192.168.143.188/32"))); policy = Policy.fromJson(policy.toJson()); assertEquals(3, policy.getStatements().size()); assertEquals("S3PolicyId1", policy.getId());
.withActions(new TestAction("action"))); policy = Policy.fromJson(policy.toJson()); assertEquals(1, policy.getStatements().size()); List<Statement> statements = new LinkedList<Statement>(policy.getStatements()); new Principal(Services.AmazonElasticTranscoder)) .withActions(new TestAction("action"))); policy = Policy.fromJson(policy.toJson()); assertEquals(1, policy.getStatements().size()); statements = new LinkedList<Statement>(policy.getStatements()); .withPrincipals(Principal.All) .withActions(new TestAction("action"))); policy = Policy.fromJson(policy.toJson()); assertEquals(1, policy.getStatements().size()); statements = new LinkedList<Statement>(policy.getStatements()); Principal.AllWebProviders) .withActions(new TestAction("action"))); policy = Policy.fromJson(policy.toJson()); assertEquals(1, policy.getStatements().size()); statements = new LinkedList<Statement>(policy.getStatements());
/** * Returns an AWS access control policy object generated from JSON string. This will automatically strip all dashes from * AWS principal IDs, because AWS account IDs must not contain dashes. If this behavior isn't desirable (eg. because you are * using IAM AWS principal IDs with dashes in the name), you may disable this behavior by specifying custom JSON policy reader * options in {@link #fromJson(String, PolicyReaderOptions)}. * * @param jsonString * The JSON string representation of this AWS access control policy. * * @return An AWS access control policy object. * * @throws IllegalArgumentException * If the specified JSON string is null or invalid and cannot be * converted to an AWS policy object. */ public static Policy fromJson(String jsonString) { return fromJson(jsonString, new PolicyReaderOptions()); }