@Test public void testCreateAdminPolicy() throws Exception { String policyDocument = new String(Files.readAllBytes(Paths.get(TEST_DATA_DIR, "test_admin_policy"))); CreatePolicyRequest request = constructCreatePolicyRequest("admin", policyDocument); CreatePolicyResult result = new CreatePolicyResult().withPolicy(new Policy().withArn(ADMIN_POLICY_ARN)); when(mockClient.createPolicy(request)).thenReturn(result); // When constructing policy statement for KMS, the KMSManager checks that the key exists with a // DescribeKeyRequest. So we need to mock this result as well. DescribeKeyRequest keyRequest = new DescribeKeyRequest().withKeyId(KMS_ALIAS_ARN); when(mockKMSClient.describeKey(keyRequest)).thenReturn(constructDescribeKeyResult()); // Create the policy and verify the policy is as expected and expected calls to AWS were made. String policyArn = partiallyMockedPolicyManager.createAdminPolicy(group, kmsEncryptor, partiallyMockedStore); verify(mockClient, times(1)).createPolicy(request); verify(mockKMSClient, times(1)).describeKey(keyRequest); assertEquals(policyArn, ADMIN_POLICY_ARN); }
@Test public void testCreateReadOnlyPolicy() throws Exception { String policyDocument = new String(Files.readAllBytes(Paths.get(TEST_DATA_DIR, "test_readonly_policy"))); CreatePolicyRequest request = constructCreatePolicyRequest("readonly", policyDocument); CreatePolicyResult result = new CreatePolicyResult().withPolicy(new Policy().withArn(READONLY_POLICY_ARN)); when(mockClient.createPolicy(request)).thenReturn(result); // When constructing policy statement for KMS, the KMSManager checks that the key exists with a // DescribeKeyRequest. So we need to mock this result as well. DescribeKeyRequest keyRequest = new DescribeKeyRequest().withKeyId(KMS_ALIAS_ARN); when(mockKMSClient.describeKey(keyRequest)).thenReturn(constructDescribeKeyResult()); // Create the policy and verify the policy is as expected and expected calls to AWS were made. String policyArn = partiallyMockedPolicyManager.createReadOnlyPolicy(group, kmsEncryptor, partiallyMockedStore); verify(mockClient, times(1)).createPolicy(request); verify(mockKMSClient, times(1)).describeKey(keyRequest); assertEquals(policyArn, READONLY_POLICY_ARN); }
public static void main(String[] args) { final String USAGE = "To run this example, supply a policy name\n" + "Ex: CreatePolicy <policy-name>\n"; if (args.length != 1) { System.out.println(USAGE); System.exit(1); } String policy_name = args[0]; final AmazonIdentityManagement iam = AmazonIdentityManagementClientBuilder.defaultClient(); CreatePolicyRequest request = new CreatePolicyRequest() .withPolicyName(policy_name) .withPolicyDocument(POLICY_DOCUMENT); CreatePolicyResult response = iam.createPolicy(request); System.out.println("Successfully created policy: " + response.getPolicy().getPolicyName()); }
private CreatePolicyRequest constructCreatePolicyRequest(String accessType, String policyDocument) { return new CreatePolicyRequest() .withPolicyName(String.format("strongbox_us-west-1_test-group_%s", accessType)) .withDescription(String.format("This policy is managed by Strongbox. This policy grants %s permissions.", accessType)) .withPolicyDocument(policyDocument) .withPath("/strongbox/"); }
