com.amazonaws.services.kms.model.GetKeyPolicyRequest Java Examples

The following examples show how to use com.amazonaws.services.kms.model.GetKeyPolicyRequest. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: GetKeyPolicy.java    From aws-doc-sdk-examples with Apache License 2.0 6 votes vote down vote up
public static void main(String[] args) {
    final String USAGE =
        "To run this example, supply a key id or ARN\n" +
        "Usage: GetKeyPolicy <key-id>\n" +
        "Example: GetKeyPolicy 1234abcd-12ab-34cd-56ef-1234567890ab\n";

    if (args.length != 1) {
        System.out.println(USAGE);
        System.exit(1);
    }

    String keyId = args[0];

    AWSKMS kmsClient = AWSKMSClientBuilder.standard().build();

    // Get the policy for a CMK
    String policyName = "default";

    GetKeyPolicyRequest req = new GetKeyPolicyRequest().withKeyId(keyId).withPolicyName(policyName);
    GetKeyPolicyResult result = kmsClient.getKeyPolicy(req);

    System.out.printf("Found key policy for %s:%n%s%n", keyId, result.getPolicy());

}
 
Example #2
Source File: KmsServiceTest.java    From cerberus with Apache License 2.0 5 votes vote down vote up
@Test
public void test_validatePolicy_validates_policy_when_validate_interval_has_passed() {
  String kmsKeyArn = "kms key arn";
  String awsIamRoleRecordId = "aws iam role record id";
  String kmsCMKRegion = "kmsCMKRegion";
  String policy = "policy";
  OffsetDateTime lastValidated = OffsetDateTime.of(2016, 1, 1, 1, 1, 1, 1, ZoneOffset.UTC);
  OffsetDateTime now = OffsetDateTime.now();

  AWSKMSClient client = mock(AWSKMSClient.class);
  when(client.describeKey(anyObject()))
      .thenReturn(
          new DescribeKeyResult()
              .withKeyMetadata(new KeyMetadata().withKeyState(KeyState.Enabled)));

  when(kmsClientFactory.getClient(kmsCMKRegion)).thenReturn(client);

  GetKeyPolicyResult result = mock(GetKeyPolicyResult.class);
  when(result.getPolicy()).thenReturn(policy);
  when(client.getKeyPolicy(
          new GetKeyPolicyRequest().withKeyId(kmsKeyArn).withPolicyName("default")))
      .thenReturn(result);
  when(kmsPolicyService.isPolicyValid(policy)).thenReturn(true);

  AwsIamRoleKmsKeyRecord kmsKey = mock(AwsIamRoleKmsKeyRecord.class);
  when(kmsKey.getAwsIamRoleId()).thenReturn(awsIamRoleRecordId);
  when(kmsKey.getAwsKmsKeyId()).thenReturn(kmsKeyArn);
  when(kmsKey.getAwsRegion()).thenReturn(kmsCMKRegion);
  when(kmsKey.getLastValidatedTs()).thenReturn(lastValidated);
  when(awsIamRoleDao.getKmsKey(awsIamRoleRecordId, kmsCMKRegion)).thenReturn(Optional.of(kmsKey));

  when(dateTimeSupplier.get()).thenReturn(now);
  kmsService.validateKeyAndPolicy(kmsKey, kmsKeyArn);

  verify(client, times(1))
      .getKeyPolicy(new GetKeyPolicyRequest().withKeyId(kmsKeyArn).withPolicyName("default"));
  verify(kmsPolicyService, times(1)).isPolicyValid(policy);
}
 
Example #3
Source File: KmsServiceTest.java    From cerberus with Apache License 2.0 5 votes vote down vote up
@Test
public void test_validateKeyAndPolicy_does_not_throw_error_when_cannot_validate() {
  String keyId = "key-id";
  String iamPrincipalArn = "arn";
  String kmsCMKRegion = "kmsCMKRegion";
  String policy = "policy";
  OffsetDateTime lastValidated = OffsetDateTime.of(2016, 1, 1, 1, 1, 1, 1, ZoneOffset.UTC);
  OffsetDateTime now = OffsetDateTime.now();
  when(dateTimeSupplier.get()).thenReturn(now);

  AwsIamRoleKmsKeyRecord kmsKey = mock(AwsIamRoleKmsKeyRecord.class);
  when(kmsKey.getAwsKmsKeyId()).thenReturn(keyId);
  when(kmsKey.getAwsIamRoleId()).thenReturn(iamPrincipalArn);
  when(kmsKey.getAwsRegion()).thenReturn(kmsCMKRegion);
  when(kmsKey.getLastValidatedTs()).thenReturn(lastValidated);

  AWSKMSClient client = mock(AWSKMSClient.class);
  when(kmsClientFactory.getClient(kmsCMKRegion)).thenReturn(client);

  GetKeyPolicyResult result = mock(GetKeyPolicyResult.class);
  when(result.getPolicy()).thenReturn(policy);
  when(client.getKeyPolicy(new GetKeyPolicyRequest().withKeyId(keyId).withPolicyName("default")))
      .thenThrow(AmazonServiceException.class);

  kmsService.validateKeyAndPolicy(kmsKey, iamPrincipalArn);

  verify(kmsPolicyService, never()).isPolicyValid(policy);
  verify(client, never()).putKeyPolicy(anyObject());
}
 
Example #4
Source File: MockKMSClient.java    From aws-encryption-sdk-java with Apache License 2.0 4 votes vote down vote up
@Override
public GetKeyPolicyResult getKeyPolicy(GetKeyPolicyRequest arg0) throws AmazonServiceException,
        AmazonClientException {
    throw new java.lang.UnsupportedOperationException();
}