private static String getBucketPolicyFromFile(String policy_file) { StringBuilder file_text = new StringBuilder(); try { List<String> lines = Files.readAllLines( Paths.get(policy_file), Charset.forName("UTF-8")); for (String line : lines) { file_text.append(line); } } catch (IOException e) { System.out.format("Problem reading file: \"%s\"", policy_file); System.out.println(e.getMessage()); } // Verify the policy by trying to load it into a Policy object. Policy bucket_policy = null; try { bucket_policy = Policy.fromJson(file_text.toString()); } catch (IllegalArgumentException e) { System.out.format("Invalid policy text in file: \"%s\"", policy_file); System.out.println(e.getMessage()); } return bucket_policy.toJson(); }
private String getPolicy(List<String> accountIds) { Policy policy = new Policy("AuthorizedWorkerAccessPolicy"); Statement stmt = new Statement(Effect.Allow); Action action = SQSActions.SendMessage; stmt.getActions().add(action); stmt.setResources(new LinkedList<>()); for(String accountId : accountIds) { Principal principal = new Principal(accountId); stmt.getPrincipals().add(principal); } stmt.getResources().add(new Resource(getQueueARN())); policy.getStatements().add(stmt); return policy.toJson(); }
public static String getPublicReadPolicy(String bucket_name) { Policy bucket_policy = new Policy().withStatements( new Statement(Statement.Effect.Allow) .withPrincipals(Principal.AllUsers) .withActions(S3Actions.GetObject) .withResources(new Resource( "arn:aws:s3:::" + bucket_name + "/*"))); return bucket_policy.toJson(); }
private void setupQueueAndTopic() { String randomSeed = UUID.randomUUID().toString(); String queueName = "glacier-archive-transfer-" + randomSeed; String topicName = "glacier-archive-transfer-" + randomSeed; queueUrl = sqs.createQueue(new CreateQueueRequest(queueName)).getQueueUrl(); topicArn = sns.createTopic(new CreateTopicRequest(topicName)).getTopicArn(); String queueARN = sqs.getQueueAttributes(new GetQueueAttributesRequest(queueUrl).withAttributeNames("QueueArn")).getAttributes().get("QueueArn"); Policy sqsPolicy = new Policy().withStatements( new Statement(Effect.Allow) .withPrincipals(Principal.AllUsers) .withActions(SQSActions.SendMessage) .withResources(new Resource(queueARN)) .withConditions(ConditionFactory.newSourceArnCondition(topicArn))); sqs.setQueueAttributes(new SetQueueAttributesRequest(queueUrl, newAttributes("Policy", sqsPolicy.toJson()))); sns.subscribe(new SubscribeRequest(topicArn, "sqs", queueARN)); }
newAttrs.put(QueueAttributeName.Policy.toString(), policy.toJson()); sqs.setQueueAttributes(new SetQueueAttributesRequest(sqsQueueUrl, newAttrs));
@Test public void testMultipleConditionKeysForConditionType() throws Exception { Policy policy = new Policy(); policy.withStatements(new Statement(Effect.Allow) .withResources(new Resource("arn:aws:sqs:us-east-1:987654321000:MyQueue")) .withPrincipals(Principal.AllUsers) .withActions(new TestAction("foo")) .withConditions( new StringCondition(StringComparisonType.StringNotLike, "key1", "foo"), new StringCondition(StringComparisonType.StringNotLike, "key1", "bar"))); policy = Policy.fromJson(policy.toJson()); assertEquals(1, policy.getStatements().size()); List<Statement> statements = new LinkedList<Statement>(policy.getStatements()); assertEquals(Effect.Allow, statements.get(0).getEffect()); assertEquals(1, statements.get(0).getActions().size()); assertEquals("foo", statements.get(0).getActions().get(0).getActionName()); assertEquals(1, statements.get(0).getConditions().size()); assertEquals("StringNotLike", statements.get(0).getConditions().get(0).getType()); assertEquals("key1", statements.get(0).getConditions().get(0).getConditionKey()); assertEquals(2, statements.get(0).getConditions().get(0).getValues().size()); assertEquals("foo", statements.get(0).getConditions().get(0).getValues().get(0)); assertEquals("bar", statements.get(0).getConditions().get(0).getValues().get(1)); }
"192.168.143.188/32"))); policy = Policy.fromJson(policy.toJson()); assertEquals(3, policy.getStatements().size()); assertEquals("S3PolicyId1", policy.getId());
.withActions(new TestAction("action"))); policy = Policy.fromJson(policy.toJson()); assertEquals(1, policy.getStatements().size()); List<Statement> statements = new LinkedList<Statement>(policy.getStatements()); new Principal(Services.AmazonElasticTranscoder)) .withActions(new TestAction("action"))); policy = Policy.fromJson(policy.toJson()); assertEquals(1, policy.getStatements().size()); statements = new LinkedList<Statement>(policy.getStatements()); .withPrincipals(Principal.All) .withActions(new TestAction("action"))); policy = Policy.fromJson(policy.toJson()); assertEquals(1, policy.getStatements().size()); statements = new LinkedList<Statement>(policy.getStatements()); Principal.AllWebProviders) .withActions(new TestAction("action"))); policy = Policy.fromJson(policy.toJson()); assertEquals(1, policy.getStatements().size()); statements = new LinkedList<Statement>(policy.getStatements());
private static String ensureQueueExists(AmazonSQS amazonSQS, ARN queueARN, ARN topicARN, Set<String> terminatingRoleArns, int sqsMessageRetentionPeriodSeconds) { String queueUrl = amazonSQS.createQueue(queueARN.name).getQueueUrl(); HashMap<String, String> attributes = new HashMap<>(); attributes.put("Policy", buildSQSPolicy(queueARN, topicARN, terminatingRoleArns).toJson()); attributes.put("MessageRetentionPeriod", Integer.toString(sqsMessageRetentionPeriodSeconds)); amazonSQS.setQueueAttributes( queueUrl, attributes ); return queueUrl; }
public static String ensureQueueExists(AmazonSQS amazonSQS, ARN queueARN, ARN topicARN, int sqsMessageRetentionPeriodSeconds) { String queueUrl = amazonSQS.createQueue(queueARN.getName()).getQueueUrl(); log.debug("Created queue " + queueUrl); HashMap<String, String> attributes = new HashMap<>(); attributes.put("Policy", buildSQSPolicy(queueARN, topicARN).toJson()); attributes.put("MessageRetentionPeriod", Integer.toString(sqsMessageRetentionPeriodSeconds)); amazonSQS.setQueueAttributes( queueUrl, attributes ); return queueUrl; }
@TaskAction public void applyBucketPolicy() { // to enable conventionMappings feature String bucketName = getBucketName(); Policy policy = getPolicy(); if (bucketName == null) { throw new GradleException("bucketName is not specified"); } if (policy == null) { throw new GradleException("policy is not specified"); } AmazonS3PluginExtension ext = getProject().getExtensions().getByType(AmazonS3PluginExtension.class); AmazonS3 s3 = ext.getClient(); String policyJson = policy.toJson(); getLogger().info("Setting s3://{} bucket policy to {}", bucketName, policyJson); s3.setBucketPolicy(bucketName, policy.toJson()); } }
private String getPolicy(List<String> accountIds) { Policy policy = new Policy("AuthorizedWorkerAccessPolicy"); Statement stmt = new Statement(Effect.Allow); Action action = SQSActions.SendMessage; stmt.getActions().add(action); stmt.setResources(new LinkedList<>()); for(String accountId : accountIds) { Principal principal = new Principal(accountId); stmt.getPrincipals().add(principal); } stmt.getResources().add(new Resource(getQueueARN())); policy.getStatements().add(stmt); return policy.toJson(); }
/** * Ensure that the queue exists and has a policy granting the source topic permission to send messages to it */ private static String ensureQueueExists(AmazonSQS amazonSQS, ARN queueARN, ARN topicARN) { String queueUrl; try { queueUrl = amazonSQS.getQueueUrl(queueARN.name).getQueueUrl(); } catch (Exception e) { queueUrl = amazonSQS.createQueue(queueARN.name).getQueueUrl(); } amazonSQS.setQueueAttributes( queueUrl, Collections.singletonMap("Policy", buildSQSPolicy(queueARN, topicARN).toJson()) ); return queueUrl; }
private QueueConfig setupSQS(String sqsQueueName) { QueueConfig config = new QueueConfig(); CreateQueueRequest request = new CreateQueueRequest().withQueueName(sqsQueueName); CreateQueueResult result = sqsClient.createQueue(request); config.sqsQueueURL = result.getQueueUrl(); GetQueueAttributesRequest qRequest = new GetQueueAttributesRequest().withQueueUrl(config.sqsQueueURL) .withAttributeNames("QueueArn"); GetQueueAttributesResult qResult = sqsClient.getQueueAttributes(qRequest); config.sqsQueueARN = qResult.getAttributes().get("QueueArn"); Policy sqsPolicy = new Policy().withStatements(new Statement(Effect.Allow).withPrincipals(Principal.AllUsers) .withActions(SQSActions.SendMessage).withResources(new Resource(config.sqsQueueARN))); Map<String, String> queueAttributes = new HashMap<String, String>(); queueAttributes.put("Policy", sqsPolicy.toJson()); sqsClient.setQueueAttributes(new SetQueueAttributesRequest(config.sqsQueueURL, queueAttributes)); return config; }
private static String ensureTopicExists(AmazonSNS amazonSNS, ARN topicARN, List<String> allAccountIds, ARN queueARN) { topicARN.arn = amazonSNS.createTopic(topicARN.name).getTopicArn(); amazonSNS.setTopicAttributes( new SetTopicAttributesRequest() .withTopicArn(topicARN.arn) .withAttributeName("Policy") .withAttributeValue(buildSNSPolicy(topicARN, allAccountIds).toJson()) ); amazonSNS.subscribe(topicARN.arn, "sqs", queueARN.arn); return topicARN.arn; }
/** * Ensure that the topic exists and has a policy granting all accounts permission to publish messages to it */ private static String ensureTopicExists(AmazonSNS amazonSNS, ARN topicARN, List<String> allAccountIds, ARN queueARN) { topicARN.arn = amazonSNS.createTopic(topicARN.name).getTopicArn(); amazonSNS.setTopicAttributes( new SetTopicAttributesRequest() .withTopicArn(topicARN.arn) .withAttributeName("Policy") .withAttributeValue(buildSNSPolicy(topicARN, allAccountIds).toJson()) ); amazonSNS.subscribe(topicARN.arn, "sqs", queueARN.arn); return topicARN.arn; }
private void setupQueueAndTopic() { String randomSeed = UUID.randomUUID().toString(); String queueName = "glacier-archive-transfer-" + randomSeed; String topicName = "glacier-archive-transfer-" + randomSeed; queueUrl = sqs.createQueue(new CreateQueueRequest(queueName)).getQueueUrl(); topicArn = sns.createTopic(new CreateTopicRequest(topicName)).getTopicArn(); String queueARN = sqs.getQueueAttributes(new GetQueueAttributesRequest(queueUrl).withAttributeNames("QueueArn")).getAttributes().get("QueueArn"); Policy sqsPolicy = new Policy().withStatements( new Statement(Effect.Allow) .withPrincipals(Principal.AllUsers) .withActions(SQSActions.SendMessage) .withResources(new Resource(queueARN)) .withConditions(ConditionFactory.newSourceArnCondition(topicArn))); sqs.setQueueAttributes(new SetQueueAttributesRequest(queueUrl, newAttributes("Policy", sqsPolicy.toJson()))); sns.subscribe(new SubscribeRequest(topicArn, "sqs", queueARN)); }
private static BasicSessionCredentials getSessionCredentials() { AWSSecurityTokenService stsClient = AWSSecurityTokenServiceClientBuilder.standard().withCredentials( new AWSStaticCredentialsProvider(new BasicAWSCredentials(EMBULK_S3_TEST_ACCESS_KEY_ID, EMBULK_S3_TEST_SECRET_ACCESS_KEY)) ).build(); GetFederationTokenRequest getFederationTokenRequest = new GetFederationTokenRequest(); getFederationTokenRequest.setDurationSeconds(7200); getFederationTokenRequest.setName("dummy"); Policy policy = new Policy().withStatements(new Statement(Statement.Effect.Allow) .withActions(S3Actions.ListObjects, S3Actions.GetObject) .withResources( new Resource("arn:aws:s3:::" + EMBULK_S3_TEST_BUCKET + "/" + EMBULK_S3_TEST_PATH_PREFIX + "/*"), new Resource("arn:aws:s3:::" + EMBULK_S3_TEST_BUCKET))); getFederationTokenRequest.setPolicy(policy.toJson()); GetFederationTokenResult federationTokenResult = stsClient.getFederationToken(getFederationTokenRequest); Credentials sessionCredentials = federationTokenResult.getCredentials(); return new BasicSessionCredentials( sessionCredentials.getAccessKeyId(), sessionCredentials.getSecretAccessKey(), sessionCredentials.getSessionToken()); } }