/** * Fluent version of {@link Condition#setType(String)} * @return this */ public Condition withType(String type) { setType(type); return this; }
/** * Fluent-style setter for {@link #setStripAwsPrincipalIdHyphensEnabled(boolean)} that returns "this" for chaining. */ public PolicyReaderOptions withStripAwsPrincipalIdHyphensEnabled(boolean stripAwsPrincipalIdHyphensEnabled) { setStripAwsPrincipalIdHyphensEnabled(stripAwsPrincipalIdHyphensEnabled); return this; } }
/** * Fluent version of {@link Condition#setValues(List)} * @return this */ public Condition withValues(List<String> values) { setValues(values); return this; } }
public static String getPublicReadPolicy(String bucket_name) { Policy bucket_policy = new Policy().withStatements( new Statement(Statement.Effect.Allow) .withPrincipals(Principal.AllUsers) .withActions(S3Actions.GetObject) .withResources(new Resource( "arn:aws:s3:::" + bucket_name + "/*"))); return bucket_policy.toJson(); }
private String getPolicy(List<String> accountIds) { Policy policy = new Policy("AuthorizedWorkerAccessPolicy"); Statement stmt = new Statement(Effect.Allow); Action action = SQSActions.SendMessage; stmt.getActions().add(action); stmt.setResources(new LinkedList<>()); for(String accountId : accountIds) { Principal principal = new Principal(accountId); stmt.getPrincipals().add(principal); } stmt.getResources().add(new Resource(getQueueARN())); policy.getStatements().add(stmt); return policy.toJson(); }
/** * Creates a new principal instance for the given schema and the Json node. * * @param schema * the schema for the principal instance being created. * @param principalNode * the node indicating the AWS account that is making the * request. * @return a principal instance. */ private Principal createPrincipal(String schema, JsonNode principalNode) { if (schema.equalsIgnoreCase(PRINCIPAL_SCHEMA_USER)) { return new Principal(PRINCIPAL_SCHEMA_USER, principalNode.asText(), options.isStripAwsPrincipalIdHyphensEnabled()); } else if (schema.equalsIgnoreCase(PRINCIPAL_SCHEMA_SERVICE)) { return new Principal(schema, principalNode.asText()); } else if (schema.equalsIgnoreCase(PRINCIPAL_SCHEMA_FEDERATED)) { if (WebIdentityProviders.fromString(principalNode.asText()) != null) { return new Principal(WebIdentityProviders.fromString(principalNode.asText())); } else { return new Principal(PRINCIPAL_SCHEMA_FEDERATED, principalNode.asText()); } } throw new SdkClientException("Schema " + schema + " is not a valid value for the principal."); }
@Override public boolean equals(Object principal) { if (this == principal) { return true; } if (principal == null) { return false; } if (principal instanceof Principal == false) { return false; } Principal other = (Principal) principal; if (this.getProvider().equals(other.getProvider()) && this.getId().equals(other.getId())) { return true; } return false; }
/** * Construct the Services object from a string representing the service id. */ public static Services fromString(String serviceId) { if (serviceId != null) { for (Services s : Services.values()) { if (s.getServiceId().equalsIgnoreCase(serviceId)) { return s; } } } return null; }
/** * Construct the Services object from a string representing web identity provider. */ public static WebIdentityProviders fromString(String webIdentityProvider) { if (webIdentityProvider != null) { for (WebIdentityProviders provider : WebIdentityProviders.values()) { if (provider.getWebIdentityProvider().equalsIgnoreCase(webIdentityProvider)) { return provider; } } } return null; }
/** * Returns an AWS access control policy object generated from JSON string. This will automatically strip all dashes from * AWS principal IDs, because AWS account IDs must not contain dashes. If this behavior isn't desirable (eg. because you are * using IAM AWS principal IDs with dashes in the name), you may disable this behavior by specifying custom JSON policy reader * options in {@link #fromJson(String, PolicyReaderOptions)}. * * @param jsonString * The JSON string representation of this AWS access control policy. * * @return An AWS access control policy object. * * @throws IllegalArgumentException * If the specified JSON string is null or invalid and cannot be * converted to an AWS policy object. */ public static Policy fromJson(String jsonString) { return fromJson(jsonString, new PolicyReaderOptions()); }
/** * Sets the principals associated with this policy statement, and returns * this updated Statement object. Principals control which AWS accounts are * affected by this policy statement. * <p> * If you don't want to restrict your policy to specific users, you can use * {@link Principal#AllUsers} to apply the policy to any user trying to * access your resource. * * @param principals * The list of principals associated with this policy statement. * * @return The updated Statement object so that additional method calls can * be chained together. */ public Statement withPrincipals(Principal... principals) { setPrincipals(principals); return this; }
/** * Constructs a new AWS access control policy with the specified policy ID * and collection of statements. The policy ID is a user specified string * that serves to help developers keep track of multiple polices. Policy IDs * are often used as a human readable name for a policy. * <p> * Any statements that don't have a statement ID yet will automatically be * assigned a unique ID within this policy. * * @param id * The policy ID for the new policy object. Policy IDs serve to * help developers keep track of multiple policies, and are often * used to give the policy a meaningful, human readable name. * @param statements * The statements to include in the new policy. */ public Policy(String id, Collection<Statement> statements) { this(id); setStatements(statements); }
/** * Constructs a new principal with the specified AWS web service which * is being allowed or denied access to a resource through an access control * policy. * * @param service * An AWS service. */ public Principal(Services service) { if (service == null) { throw new IllegalArgumentException("Null AWS service name specified"); } id = service.getServiceId(); provider = "Service"; }
/** * Fluent version of {@link Condition#setConditionKey(String)} * @return this */ public Condition withConditionKey(String key) { setConditionKey(key); return this; }
/** * Sets the policy ID for this policy and returns the updated policy so that * multiple calls can be chained together. * <p> * Policy IDs serve to help developers keep track of multiple policies, and * are often used as human readable name for a policy. * * @param id * The policy ID for this policy. * * @return The updated Policy object so that additional calls can be chained * together. */ public Policy withId(String id) { setId(id); return this; }
/** * Sets the ID for this statement and returns the updated statement so * multiple calls can be chained together. * <p> * Statement IDs serve to help keep track of multiple statements, and are * often used to give the statement a meaningful, human readable name. * <p> * If you do not explicitly assign an ID to a statement, a unique ID will be * automatically assigned when the statement is added to a policy. * <p> * Developers should be careful to not use the same statement ID for * multiple statements in the same policy. Reusing the same statement ID in * different policies is not a problem. * * @param id * The new statement ID for this statement. */ public Statement withId(String id) { setId(id); return this; }
/** * Constructs a new principal with the specified web identity provider. * * @param webIdentityProvider * An web identity provider. */ public Principal(WebIdentityProviders webIdentityProvider) { if (webIdentityProvider == null) { throw new IllegalArgumentException("Null web identity provider specified"); } this.id = webIdentityProvider.getWebIdentityProvider(); provider = "Federated"; }
/** * Sets the collection of statements contained by this policy. Individual * statements in a policy are what specify the rules that enable or disable * access to your AWS resources. * <p> * Any statements that don't have a statement ID yet will automatically be * assigned a unique ID within this policy. * * @param statements * The collection of statements included in this policy. */ public void setStatements(Collection<Statement> statements) { this.statements = new ArrayList<Statement>(statements); assignUniqueStatementIds(); }
public JsonPolicyReader() { this(new PolicyReaderOptions()); }
/** * Fluent version of {@link Condition#setValues(List)} * @return this */ public Condition withValues(String... values) { setValues(Arrays.asList(values)); return this; }