Java 类com.amazonaws.services.kms.model.CreateAliasRequest 实例源码

项目：strongbox 文件：KMSManagerTest.java

@Test
public void testCreate() throws Exception {
    // Mocks the responses from AWS.
    CreateKeyRequest createKeyRequest = new CreateKeyRequest().withDescription(
            "This key is automatically managed by Strongbox");
    CreateKeyResult createKeyResult = new CreateKeyResult().withKeyMetadata(new KeyMetadata().withArn(KMS_ARN));
    CreateAliasRequest createAliasRequest = new CreateAliasRequest().withAliasName(ALIAS_KEY_NAME).withTargetKeyId(KMS_ARN);

    when(mockKMSClient.describeKey(describeKeyRequest))
            .thenThrow(NotFoundException.class)
            .thenThrow(NotFoundException.class)  // still waiting for creation
            .thenReturn(enabledKeyResult());
    when(mockKMSClient.createKey(createKeyRequest)).thenReturn(createKeyResult);

    // Check the result from create method.
    String arn = kmsManager.create();
    assertEquals(arn, KMS_ARN);

    // Verify correct number of calls was made to AWS.
    verify(mockKMSClient, times(3)).describeKey(describeKeyRequest);
    verify(mockKMSClient, times(1)).createAlias(createAliasRequest);
    verify(mockKMSClient, times(1)).createKey(createKeyRequest);
}

项目：cerberus-management-service 文件：HystrixKmsClient.java

public CreateAliasResult createAlias(CreateAliasRequest request) {
    // Default AWS limit was 5 as of Aug 2017
    return execute("KmsCreateAlias", () -> client.createAlias(request));
}

项目：cerberus-management-service 文件：KmsService.java

/**
 * Provisions a new KMS CMK in the specified region to be used by the specified role.
 *
 * @param iamRoleId        The IAM role that this CMK will be associated with
 * @param iamPrincipalArn  The AWS IAM principal ARN
 * @param awsRegion        The region to provision the key in
 * @param user             The user requesting it
 * @param dateTime         The date of creation
 * @return The AWS Key ID ARN
 */
@Transactional
public String provisionKmsKey(final String iamRoleId,
                              final String iamPrincipalArn,
                              final String awsRegion,
                              final String user,
                              final OffsetDateTime dateTime) {
    final AWSKMSClient kmsClient = kmsClientFactory.getClient(awsRegion);

    final String awsIamPrincipalKmsKeyId = uuidSupplier.get();

    final CreateKeyRequest request = new CreateKeyRequest();
    request.setKeyUsage(KeyUsageType.ENCRYPT_DECRYPT);
    request.setDescription("Key used by Cerberus for IAM role authentication.");
    String policy = kmsPolicyService.generateStandardKmsPolicy(iamPrincipalArn);
    request.setPolicy(policy);

    CreateKeyResult result;
    try {
        result = kmsClient.createKey(request);
    } catch (Throwable t) {
        logger.error("Failed to provision KMS key using policy: {}", policy, t);
        throw t;
    }

    final CreateAliasRequest aliasRequest = new CreateAliasRequest();
    aliasRequest.setAliasName(getAliasName(awsIamPrincipalKmsKeyId));
    KeyMetadata keyMetadata = result.getKeyMetadata();
    String arn = keyMetadata.getArn();
    aliasRequest.setTargetKeyId(arn);
    kmsClient.createAlias(aliasRequest);

    final AwsIamRoleKmsKeyRecord awsIamRoleKmsKeyRecord = new AwsIamRoleKmsKeyRecord();
    awsIamRoleKmsKeyRecord.setId(awsIamPrincipalKmsKeyId);
    awsIamRoleKmsKeyRecord.setAwsIamRoleId(iamRoleId);
    awsIamRoleKmsKeyRecord.setAwsKmsKeyId(result.getKeyMetadata().getArn());
    awsIamRoleKmsKeyRecord.setAwsRegion(awsRegion);
    awsIamRoleKmsKeyRecord.setCreatedBy(user);
    awsIamRoleKmsKeyRecord.setLastUpdatedBy(user);
    awsIamRoleKmsKeyRecord.setCreatedTs(dateTime);
    awsIamRoleKmsKeyRecord.setLastUpdatedTs(dateTime);
    awsIamRoleKmsKeyRecord.setLastValidatedTs(dateTime);

    awsIamRoleDao.createIamRoleKmsKey(awsIamRoleKmsKeyRecord);

    return result.getKeyMetadata().getArn();
}

项目：cerberus-management-service 文件：KmsServiceTest.java

@Test
public void test_provisionKmsKey() {

    String iamRoleId = "role-id";
    String awsRegion = "aws-region";
    String user = "user";
    OffsetDateTime dateTime = OffsetDateTime.now();

    String policy = "policy";
    String arn = "arn";

    String awsIamRoleKmsKeyId = "awsIamRoleKmsKeyId";

    when(uuidSupplier.get()).thenReturn(awsIamRoleKmsKeyId);
    when(kmsPolicyService.generateStandardKmsPolicy(arn)).thenReturn(policy);

    AWSKMSClient client = mock(AWSKMSClient.class);
    when(kmsClientFactory.getClient(awsRegion)).thenReturn(client);

    CreateKeyRequest request = new CreateKeyRequest();
    request.setKeyUsage(KeyUsageType.ENCRYPT_DECRYPT);
    request.setDescription("Key used by Cerberus for IAM role authentication.");
    request.setPolicy(policy);

    CreateKeyResult createKeyResult = mock(CreateKeyResult.class);
    KeyMetadata metadata = mock(KeyMetadata.class);
    when(metadata.getArn()).thenReturn(arn);
    when(createKeyResult.getKeyMetadata()).thenReturn(metadata);
    when(client.createKey(request)).thenReturn(createKeyResult);

    // invoke method under test
    String actualResult = kmsService.provisionKmsKey(iamRoleId, arn, awsRegion, user, dateTime);

    assertEquals(arn, actualResult);

    CreateAliasRequest aliasRequest = new CreateAliasRequest();
    aliasRequest.setAliasName(kmsService.getAliasName(awsIamRoleKmsKeyId));
    aliasRequest.setTargetKeyId(arn);
    verify(client).createAlias(aliasRequest);

    AwsIamRoleKmsKeyRecord awsIamRoleKmsKeyRecord = new AwsIamRoleKmsKeyRecord();
    awsIamRoleKmsKeyRecord.setId(awsIamRoleKmsKeyId);
    awsIamRoleKmsKeyRecord.setAwsIamRoleId(iamRoleId);
    awsIamRoleKmsKeyRecord.setAwsKmsKeyId(arn);
    awsIamRoleKmsKeyRecord.setAwsRegion(awsRegion);
    awsIamRoleKmsKeyRecord.setCreatedBy(user);
    awsIamRoleKmsKeyRecord.setLastUpdatedBy(user);
    awsIamRoleKmsKeyRecord.setCreatedTs(dateTime);
    awsIamRoleKmsKeyRecord.setLastUpdatedTs(dateTime);
    awsIamRoleKmsKeyRecord.setLastValidatedTs(dateTime);
    verify(awsIamRoleDao).createIamRoleKmsKey(awsIamRoleKmsKeyRecord);
}

项目：aws-encryption-sdk-java 文件：MockKMSClient.java

@Override
public CreateAliasResult createAlias(CreateAliasRequest arg0) throws AmazonServiceException, AmazonClientException {
    throw new java.lang.UnsupportedOperationException();
}