/** * Sets the resources associated with this policy statement and returns this * updated Statement object so that additional method calls can be chained * together. * <p> * Resources are what a policy statement is allowing or denying access to, * such as an Amazon SQS queue or an Amazon SNS topic. * <p> * Note that some services allow only one resource to be specified per * policy statement. * * @param resources * The resources associated with this policy statement. * * @return The updated Statement object so that additional method calls can * be chained together. */ public Statement withResources(Resource... resources) { setResources(Arrays.asList(resources)); return this; }
private String getPolicy(List<String> accountIds) { Policy policy = new Policy("AuthorizedWorkerAccessPolicy"); Statement stmt = new Statement(Effect.Allow); Action action = SQSActions.SendMessage; stmt.getActions().add(action); stmt.setResources(new LinkedList<>()); for(String accountId : accountIds) { Principal principal = new Principal(accountId); stmt.getPrincipals().add(principal); } stmt.getResources().add(new Resource(getQueueARN())); policy.getStatements().add(stmt); return policy.toJson(); }
statement.setResources(resourcesOf(resourceNodes));
/** * Sets the resources associated with this policy statement and returns this * updated Statement object so that additional method calls can be chained * together. * <p> * Resources are what a policy statement is allowing or denying access to, * such as an Amazon SQS queue or an Amazon SNS topic. * <p> * Note that some services allow only one resource to be specified per * policy statement. * * @param resources The resources associated with this policy statement. * @return The updated Statement object so that additional method calls can * be chained together. */ @SuppressWarnings("checkstyle:hiddenfield") public Statement withResources(Resource... resources) { setResources(Arrays.asList(resources)); return this; }
/** * Sets the resources associated with this policy statement and returns this * updated Statement object so that additional method calls can be chained * together. * <p> * Resources are what a policy statement is allowing or denying access to, * such as an Amazon SQS queue or an Amazon SNS topic. * <p> * Note that some services allow only one resource to be specified per * policy statement. * * @param resources * The resources associated with this policy statement. * * @return The updated Statement object so that additional method calls can * be chained together. */ public Statement withResources(Resource... resources) { setResources(Arrays.asList(resources)); return this; }
statement.setResources(resourcesOf(resourceNodes));
statement.setActions(actionsOf(reader)); } else if (JsonDocumentFields.RESOURCE.equals(name)) { statement.setResources(resourcesOf(reader)); } else if (JsonDocumentFields.PRINCIPAL.equals(name)) { statement.setPrincipals(principalOf(reader));
/** * Sets the resources associated with this policy statement and returns this * updated Statement object so that additional method calls can be chained * together. * <p> * Resources are what a policy statement is allowing or denying access to, * such as an Amazon SQS queue or an Amazon SNS topic. * <p> * Note that some services allow only one resource to be specified per * policy statement. * * @param resources The resources associated with this policy statement. * @return The updated Statement object so that additional method calls can * be chained together. */ @SuppressWarnings("checkstyle:hiddenfield") public Statement withResources(Resource... resources) { setResources(Arrays.asList(resources)); return this; }
/** * Sets the resources associated with this policy statement and returns this * updated Statement object so that additional method calls can be chained * together. * <p> * Resources are what a policy statement is allowing or denying access to, * such as an Amazon SQS queue or an Amazon SNS topic. * <p> * Note that some services allow only one resource to be specified per * policy statement. * * @param resources * The resources associated with this policy statement. * * @return The updated Statement object so that additional method calls can * be chained together. */ public Statement withResources(Resource... resources) { setResources(Arrays.asList(resources)); return this; }
/** * Sets the resources associated with this policy statement and returns this * updated Statement object so that additional method calls can be chained * together. * <p> * Resources are what a policy statement is allowing or denying access to, * such as an Amazon SQS queue or an Amazon SNS topic. * <p> * Note that some services allow only one resource to be specified per * policy statement. * * @param resources The resources associated with this policy statement. * @return The updated Statement object so that additional method calls can * be chained together. */ @SuppressWarnings("checkstyle:hiddenfield") public Statement withResources(Resource... resources) { setResources(Arrays.asList(resources)); return this; }
private static Policy buildSNSPolicy(ARN topicARN, List<String> allAccountIds) { Statement statement = new Statement(Statement.Effect.Allow).withActions(SNSActions.Publish); statement.setPrincipals(allAccountIds.stream().map(Principal::new).collect(Collectors.toList())); statement.setResources(Collections.singletonList(new Resource(topicARN.arn))); return new Policy("allow-remote-account-send", Collections.singletonList(statement)); }
private static Policy buildSNSPolicy(ARN topicARN, List<String> allAccountIds) { Statement statement = new Statement(Statement.Effect.Allow).withActions(SNSActions.Publish); statement.setPrincipals(allAccountIds.stream().map(Principal::new).collect(Collectors.toList())); statement.setResources(Collections.singletonList(new Resource(topicARN.arn))); return new Policy("allow-remote-account-send", Collections.singletonList(statement)); }
/** * Adds a permission to allow the specified actions to the given KMS key id. * * @param kmsKeyId Full ARN to the kms key * @param actions List of actions * * @return This builder */ @SuppressWarnings("PMD.CloseResource") public AwsPolicyBuilder withKms(String kmsKeyId, KmsActions... actions) { Statement statement = new Statement(Effect.Allow); statement.setActions(Arrays.asList(actions)); statement.setResources(Arrays.asList(new Resource(kmsKeyId))); policy.getStatements().add(statement); return this; }
/** * Adds a permission to allow the specified actions to the given KMS key id. * * @param kmsKeyId Full ARN to the kms key * @param actions List of actions * * @return This builder */ @SuppressWarnings("PMD.CloseResource") public AwsPolicyBuilder withKms(String kmsKeyId, KmsActions... actions) { Statement statement = new Statement(Effect.Allow); statement.setActions(Arrays.asList(actions)); statement.setResources(Arrays.asList(new Resource(kmsKeyId))); policy.getStatements().add(statement); return this; }
/** * Adds a permission to allow the specified actions to the given bucket and s3 object key. The permission will allow the given actions only to the specified * object key. If object key is null, the permission is applied to the bucket itself. * * @param bucketName S3 bucket name * @param objectKey S3 object key * @param actions List of actions to allow * * @return This builder */ @SuppressWarnings("PMD.CloseResource") public AwsPolicyBuilder withS3(String bucketName, String objectKey, S3Actions... actions) { Statement statement = new Statement(Effect.Allow); statement.setActions(Arrays.asList(actions)); String resource = "arn:aws:s3:::" + bucketName; if (objectKey != null) { resource += "/" + objectKey; } statement.setResources(Arrays.asList(new Resource(resource))); policy.getStatements().add(statement); return this; }
/** * Adds a permission to allow the specified actions to the given bucket and s3 object key. The permission will allow the given actions only to the specified * object key. If object key is null, the permission is applied to the bucket itself. * * @param bucketName S3 bucket name * @param objectKey S3 object key * @param actions List of actions to allow * * @return This builder */ @SuppressWarnings("PMD.CloseResource") public AwsPolicyBuilder withS3(String bucketName, String objectKey, S3Actions... actions) { Statement statement = new Statement(Effect.Allow); statement.setActions(Arrays.asList(actions)); String resource = "arn:aws:s3:::" + bucketName; if (objectKey != null) { resource += "/" + objectKey; } statement.setResources(Arrays.asList(new Resource(resource))); policy.getStatements().add(statement); return this; }
/** * This policy allows operators to choose whether or not to have lifecycle hooks to be sent via SNS for fanout, or * be sent directly to an SQS queue from the autoscaling group. */ private static Policy buildSQSPolicy(ARN queue, ARN topic, Set<String> terminatingRoleArns) { Statement snsStatement = new Statement(Effect.Allow).withActions(SQSActions.SendMessage); snsStatement.setPrincipals(Principal.All); snsStatement.setResources(Collections.singletonList(new Resource(queue.arn))); snsStatement.setConditions(Collections.singletonList( new Condition().withType("ArnEquals").withConditionKey("aws:SourceArn").withValues(topic.arn) )); Statement sqsStatement = new Statement(Effect.Allow).withActions(SQSActions.SendMessage, SQSActions.GetQueueUrl); sqsStatement.setPrincipals(terminatingRoleArns.stream().map(Principal::new).collect(Collectors.toList())); sqsStatement.setResources(Collections.singletonList(new Resource(queue.arn))); return new Policy("allow-sns-or-sqs-send", Arrays.asList(snsStatement, sqsStatement)); }
private String getPolicy(List<String> accountIds) { Policy policy = new Policy("AuthorizedWorkerAccessPolicy"); Statement stmt = new Statement(Effect.Allow); Action action = SQSActions.SendMessage; stmt.getActions().add(action); stmt.setResources(new LinkedList<>()); for(String accountId : accountIds) { Principal principal = new Principal(accountId); stmt.getPrincipals().add(principal); } stmt.getResources().add(new Resource(getQueueARN())); policy.getStatements().add(stmt); return policy.toJson(); }
private static Policy buildSQSPolicy(ARN queue, ARN topic) { Statement statement = new Statement(Statement.Effect.Allow).withActions(SQSActions.SendMessage); statement.setPrincipals(Principal.All); statement.setResources(Collections.singletonList(new Resource(queue.arn))); statement.setConditions(Collections.singletonList( new Condition().withType("ArnEquals").withConditionKey("aws:SourceArn").withValues(topic.arn) )); return new Policy("allow-sns-topic-send", Collections.singletonList(statement)); }
/** * This policy allows messages to be sent from an SNS topic. */ public static Policy buildSQSPolicy(ARN queue, ARN topic) { Statement snsStatement = new Statement(Statement.Effect.Allow).withActions(SQSActions.SendMessage); snsStatement.setPrincipals(Principal.All); snsStatement.setResources(Collections.singletonList(new Resource(queue.getArn()))); snsStatement.setConditions(Collections.singletonList( new Condition().withType("ArnEquals").withConditionKey("aws:SourceArn").withValues(topic.getArn()) )); return new Policy("allow-sns-send", Collections.singletonList(snsStatement)); } }