Java 类com.amazonaws.services.kms.model.PutKeyPolicyRequest 实例源码

项目：cerberus-management-service 文件：KmsService.java

/**
 * Updates the KMS key policy in AWS for the given CMK
 */
protected void updateKmsKeyPolicy(String updatedPolicyJson, String awsKmsKeyArn, String kmsCMKRegion) {

    AWSKMSClient kmsClient = kmsClientFactory.getClient(kmsCMKRegion);

    kmsClient.putKeyPolicy(new PutKeyPolicyRequest()
            .withKeyId(awsKmsKeyArn)
            .withPolicyName("default")
            .withPolicy(updatedPolicyJson)
    );
}

项目：cerberus-management-service 文件：HystrixKmsClient.java

public PutKeyPolicyResult putKeyPolicy(PutKeyPolicyRequest request) {
    // Default AWS limit was 5 as of Aug 2017
    return execute("KmsPutKeyPolicy", () -> client.putKeyPolicy(request));
}

项目：aws-encryption-sdk-java 文件：MockKMSClient.java

@Override
public PutKeyPolicyResult putKeyPolicy(PutKeyPolicyRequest arg0) throws AmazonServiceException, AmazonClientException {
    throw new java.lang.UnsupportedOperationException();
}

项目：cerberus-lifecycle-cli 文件：SetBackupAdminPrincipalsOperation.java

@Override
public void run(SetBackupAdminPrincipalsCommand command) {
    GetCallerIdentityResult identityResult = sts.getCallerIdentity(new GetCallerIdentityRequest());
    String accountId = identityResult.getAccount();
    String rootArn = String.format("arn:aws:iam::%s:root", accountId);
    String adminRoleArn = configStore.getAccountAdminArn().get();

    Set<String> principals = new HashSet<>();
    principals.add(rootArn);
    principals.add(adminRoleArn);
    principals.addAll(command.getAdditionalPrincipals());

    configStore.storeBackupAdminIamPrincipals(principals);

    if (! configStore.getRegionBackupBucketMap().isEmpty()) {
        configStore.getRegionBackupBucketMap().forEach((region, backupRegionInfo) -> {
            final List<Statement> statements = new LinkedList<>();
            principals.forEach( principal -> {
                log.debug("Adding principal: {} to the CMK Policy for region {}", principal, region);
                statements.add(new Statement(Statement.Effect.Allow)
                        .withId("Principal " + principal + " Has All Actions")
                        .withPrincipals(new Principal(AWS_PROVIDER, principal, false))
                        .withActions(KMSActions.AllKMSActions)
                        .withResources(new Resource("*")));
            });

            Policy kmsPolicy = new Policy();
            kmsPolicy.setStatements(statements);
            String policyString = kmsPolicy.toJson();

            log.debug("Updating key {} for region {} with policy {}", backupRegionInfo.getKmsCmkId(), region, policyString);

            AWSKMS kms = AWSKMSClient.builder().withCredentials(getAWSCredentialsProviderChain()).withRegion(region).build();
            PutKeyPolicyRequest request = new PutKeyPolicyRequest()
                    .withKeyId(backupRegionInfo.getKmsCmkId())
                    .withPolicyName("default")
                    .withBypassPolicyLockoutSafetyCheck(true)
                    .withPolicy(policyString);

            kms.putKeyPolicy(request);

            log.info("Successfully updated key {} in region {} to allow the following principals access {}",
                    backupRegionInfo.getKmsCmkId(), region, String.join(", ", principals));
        });
    }
}