All Downloads are FREE. Search and download functionalities are using the official Maven repository.

com.amazonaws.services.kms.model.CreateGrantRequest Maven / Gradle / Ivy

Go to download

The AWS Java SDK for AWS KMS module holds the client classes that are used for communicating with AWS Key Management Service

There is a newer version: 1.12.778
Show newest version
/*
 * Copyright 2019-2024 Amazon.com, Inc. or its affiliates. All Rights Reserved.
 * 
 * Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance with
 * the License. A copy of the License is located at
 * 
 * http://aws.amazon.com/apache2.0
 * 
 * or in the "license" file accompanying this file. This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
 * CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions
 * and limitations under the License.
 */
package com.amazonaws.services.kms.model;

import java.io.Serializable;
import javax.annotation.Generated;

import com.amazonaws.AmazonWebServiceRequest;

/**
 * 
 * @see AWS API
 *      Documentation
 */
@Generated("com.amazonaws:aws-java-sdk-code-generator")
public class CreateGrantRequest extends com.amazonaws.AmazonWebServiceRequest implements Serializable, Cloneable {

    /**
     * 

* Identifies the KMS key for the grant. The grant gives principals permission to use this KMS key. *

*

* Specify the key ID or key ARN of the KMS key. To specify a KMS key in a different Amazon Web Services account, * you must use the key ARN. *

*

* For example: *

*
    *
  • *

    * Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab *

    *
  • *
  • *

    * Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab *

    *
  • *
*

* To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. *

*/ private String keyId; /** *

* The identity that gets the permissions specified in the grant. *

*

* To specify the grantee principal, use the Amazon Resource Name (ARN) of an Amazon Web Services principal. Valid * principals include Amazon Web Services accounts, IAM users, IAM roles, federated users, and assumed role users. * For help with the ARN syntax for a principal, see IAM ARNs * in the Identity and Access Management User Guide . *

*/ private String granteePrincipal; /** *

* The principal that has permission to use the RetireGrant operation to retire the grant. *

*

* To specify the principal, use the Amazon Resource Name (ARN) * of an Amazon Web Services principal. Valid principals include Amazon Web Services accounts, IAM users, IAM roles, * federated users, and assumed role users. For help with the ARN syntax for a principal, see IAM ARNs * in the Identity and Access Management User Guide . *

*

* The grant determines the retiring principal. Other principals might have permission to retire the grant or revoke * the grant. For details, see RevokeGrant and Retiring and revoking * grants in the Key Management Service Developer Guide. *

*/ private String retiringPrincipal; /** *

* A list of operations that the grant permits. *

*

* This list must include only operations that are permitted in a grant. Also, the operation must be supported on * the KMS key. For example, you cannot create a grant for a symmetric encryption KMS key that allows the * Sign operation, or a grant for an asymmetric KMS key that allows the GenerateDataKey operation. If * you try, KMS returns a ValidationError exception. For details, see Grant * operations in the Key Management Service Developer Guide. *

*/ private com.amazonaws.internal.SdkInternalList operations; /** *

* Specifies a grant constraint. *

* *

* Do not include confidential or sensitive information in this field. This field may be displayed in plaintext in * CloudTrail logs and other output. *

*
*

* KMS supports the EncryptionContextEquals and EncryptionContextSubset grant constraints, * which allow the permissions in the grant only when the encryption context in the request matches ( * EncryptionContextEquals) or includes (EncryptionContextSubset) the encryption context * specified in the constraint. *

*

* The encryption context grant constraints are supported only on grant * operations that include an EncryptionContext parameter, such as cryptographic operations on * symmetric encryption KMS keys. Grants with grant constraints can include the DescribeKey and * RetireGrant operations, but the constraint doesn't apply to these operations. If a grant with a grant * constraint includes the CreateGrant operation, the constraint requires that any grants created with * the CreateGrant permission have an equally strict or stricter encryption context constraint. *

*

* You cannot use an encryption context grant constraint for cryptographic operations with asymmetric KMS keys or * HMAC KMS keys. Operations with these keys don't support an encryption context. *

*

* Each constraint value can include up to 8 encryption context pairs. The encryption context value in each * constraint cannot exceed 384 characters. For information about grant constraints, see Using * grant constraints in the Key Management Service Developer Guide. For more information about encryption * context, see Encryption context * in the Key Management Service Developer Guide . *

*/ private GrantConstraints constraints; /** *

* A list of grant tokens. *

*

* Use a grant token when your permission to call this operation comes from a new grant that has not yet achieved * eventual consistency. For more information, see Grant token and Using a grant * token in the Key Management Service Developer Guide. *

*/ private com.amazonaws.internal.SdkInternalList grantTokens; /** *

* A friendly name for the grant. Use this value to prevent the unintended creation of duplicate grants when * retrying this request. *

* *

* Do not include confidential or sensitive information in this field. This field may be displayed in plaintext in * CloudTrail logs and other output. *

*
*

* When this value is absent, all CreateGrant requests result in a new grant with a unique * GrantId even if all the supplied parameters are identical. This can result in unintended duplicates * when you retry the CreateGrant request. *

*

* When this value is present, you can retry a CreateGrant request with identical parameters; if the * grant already exists, the original GrantId is returned without creating a new grant. Note that the * returned grant token is unique with every CreateGrant request, even when a duplicate * GrantId is returned. All grant tokens for the same grant ID can be used interchangeably. *

*/ private String name; /** *

* Checks if your request will succeed. DryRun is an optional parameter. *

*

* To learn more about how to use this parameter, see Testing your KMS API * calls in the Key Management Service Developer Guide. *

*/ private Boolean dryRun; /** *

* Identifies the KMS key for the grant. The grant gives principals permission to use this KMS key. *

*

* Specify the key ID or key ARN of the KMS key. To specify a KMS key in a different Amazon Web Services account, * you must use the key ARN. *

*

* For example: *

*
    *
  • *

    * Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab *

    *
  • *
  • *

    * Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab *

    *
  • *
*

* To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. *

* * @param keyId * Identifies the KMS key for the grant. The grant gives principals permission to use this KMS key.

*

* Specify the key ID or key ARN of the KMS key. To specify a KMS key in a different Amazon Web Services * account, you must use the key ARN. *

*

* For example: *

*
    *
  • *

    * Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab *

    *
  • *
  • *

    * Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab *

    *
  • *
*

* To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. */ public void setKeyId(String keyId) { this.keyId = keyId; } /** *

* Identifies the KMS key for the grant. The grant gives principals permission to use this KMS key. *

*

* Specify the key ID or key ARN of the KMS key. To specify a KMS key in a different Amazon Web Services account, * you must use the key ARN. *

*

* For example: *

*
    *
  • *

    * Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab *

    *
  • *
  • *

    * Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab *

    *
  • *
*

* To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. *

* * @return Identifies the KMS key for the grant. The grant gives principals permission to use this KMS key.

*

* Specify the key ID or key ARN of the KMS key. To specify a KMS key in a different Amazon Web Services * account, you must use the key ARN. *

*

* For example: *

*
    *
  • *

    * Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab *

    *
  • *
  • *

    * Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab *

    *
  • *
*

* To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. */ public String getKeyId() { return this.keyId; } /** *

* Identifies the KMS key for the grant. The grant gives principals permission to use this KMS key. *

*

* Specify the key ID or key ARN of the KMS key. To specify a KMS key in a different Amazon Web Services account, * you must use the key ARN. *

*

* For example: *

*
    *
  • *

    * Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab *

    *
  • *
  • *

    * Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab *

    *
  • *
*

* To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. *

* * @param keyId * Identifies the KMS key for the grant. The grant gives principals permission to use this KMS key.

*

* Specify the key ID or key ARN of the KMS key. To specify a KMS key in a different Amazon Web Services * account, you must use the key ARN. *

*

* For example: *

*
    *
  • *

    * Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab *

    *
  • *
  • *

    * Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab *

    *
  • *
*

* To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. * @return Returns a reference to this object so that method calls can be chained together. */ public CreateGrantRequest withKeyId(String keyId) { setKeyId(keyId); return this; } /** *

* The identity that gets the permissions specified in the grant. *

*

* To specify the grantee principal, use the Amazon Resource Name (ARN) of an Amazon Web Services principal. Valid * principals include Amazon Web Services accounts, IAM users, IAM roles, federated users, and assumed role users. * For help with the ARN syntax for a principal, see IAM ARNs * in the Identity and Access Management User Guide . *

* * @param granteePrincipal * The identity that gets the permissions specified in the grant.

*

* To specify the grantee principal, use the Amazon Resource Name (ARN) of an Amazon Web Services principal. * Valid principals include Amazon Web Services accounts, IAM users, IAM roles, federated users, and assumed * role users. For help with the ARN syntax for a principal, see IAM * ARNs in the Identity and Access Management User Guide . */ public void setGranteePrincipal(String granteePrincipal) { this.granteePrincipal = granteePrincipal; } /** *

* The identity that gets the permissions specified in the grant. *

*

* To specify the grantee principal, use the Amazon Resource Name (ARN) of an Amazon Web Services principal. Valid * principals include Amazon Web Services accounts, IAM users, IAM roles, federated users, and assumed role users. * For help with the ARN syntax for a principal, see IAM ARNs * in the Identity and Access Management User Guide . *

* * @return The identity that gets the permissions specified in the grant.

*

* To specify the grantee principal, use the Amazon Resource Name (ARN) of an Amazon Web Services principal. * Valid principals include Amazon Web Services accounts, IAM users, IAM roles, federated users, and assumed * role users. For help with the ARN syntax for a principal, see IAM * ARNs in the Identity and Access Management User Guide . */ public String getGranteePrincipal() { return this.granteePrincipal; } /** *

* The identity that gets the permissions specified in the grant. *

*

* To specify the grantee principal, use the Amazon Resource Name (ARN) of an Amazon Web Services principal. Valid * principals include Amazon Web Services accounts, IAM users, IAM roles, federated users, and assumed role users. * For help with the ARN syntax for a principal, see IAM ARNs * in the Identity and Access Management User Guide . *

* * @param granteePrincipal * The identity that gets the permissions specified in the grant.

*

* To specify the grantee principal, use the Amazon Resource Name (ARN) of an Amazon Web Services principal. * Valid principals include Amazon Web Services accounts, IAM users, IAM roles, federated users, and assumed * role users. For help with the ARN syntax for a principal, see IAM * ARNs in the Identity and Access Management User Guide . * @return Returns a reference to this object so that method calls can be chained together. */ public CreateGrantRequest withGranteePrincipal(String granteePrincipal) { setGranteePrincipal(granteePrincipal); return this; } /** *

* The principal that has permission to use the RetireGrant operation to retire the grant. *

*

* To specify the principal, use the Amazon Resource Name (ARN) * of an Amazon Web Services principal. Valid principals include Amazon Web Services accounts, IAM users, IAM roles, * federated users, and assumed role users. For help with the ARN syntax for a principal, see IAM ARNs * in the Identity and Access Management User Guide . *

*

* The grant determines the retiring principal. Other principals might have permission to retire the grant or revoke * the grant. For details, see RevokeGrant and Retiring and revoking * grants in the Key Management Service Developer Guide. *

* * @param retiringPrincipal * The principal that has permission to use the RetireGrant operation to retire the grant.

*

* To specify the principal, use the Amazon Resource Name * (ARN) of an Amazon Web Services principal. Valid principals include Amazon Web Services accounts, IAM * users, IAM roles, federated users, and assumed role users. For help with the ARN syntax for a principal, * see IAM * ARNs in the Identity and Access Management User Guide . *

*

* The grant determines the retiring principal. Other principals might have permission to retire the grant or * revoke the grant. For details, see RevokeGrant and Retiring and * revoking grants in the Key Management Service Developer Guide. */ public void setRetiringPrincipal(String retiringPrincipal) { this.retiringPrincipal = retiringPrincipal; } /** *

* The principal that has permission to use the RetireGrant operation to retire the grant. *

*

* To specify the principal, use the Amazon Resource Name (ARN) * of an Amazon Web Services principal. Valid principals include Amazon Web Services accounts, IAM users, IAM roles, * federated users, and assumed role users. For help with the ARN syntax for a principal, see IAM ARNs * in the Identity and Access Management User Guide . *

*

* The grant determines the retiring principal. Other principals might have permission to retire the grant or revoke * the grant. For details, see RevokeGrant and Retiring and revoking * grants in the Key Management Service Developer Guide. *

* * @return The principal that has permission to use the RetireGrant operation to retire the grant.

*

* To specify the principal, use the Amazon Resource Name * (ARN) of an Amazon Web Services principal. Valid principals include Amazon Web Services accounts, IAM * users, IAM roles, federated users, and assumed role users. For help with the ARN syntax for a principal, * see IAM * ARNs in the Identity and Access Management User Guide . *

*

* The grant determines the retiring principal. Other principals might have permission to retire the grant * or revoke the grant. For details, see RevokeGrant and Retiring and * revoking grants in the Key Management Service Developer Guide. */ public String getRetiringPrincipal() { return this.retiringPrincipal; } /** *

* The principal that has permission to use the RetireGrant operation to retire the grant. *

*

* To specify the principal, use the Amazon Resource Name (ARN) * of an Amazon Web Services principal. Valid principals include Amazon Web Services accounts, IAM users, IAM roles, * federated users, and assumed role users. For help with the ARN syntax for a principal, see IAM ARNs * in the Identity and Access Management User Guide . *

*

* The grant determines the retiring principal. Other principals might have permission to retire the grant or revoke * the grant. For details, see RevokeGrant and Retiring and revoking * grants in the Key Management Service Developer Guide. *

* * @param retiringPrincipal * The principal that has permission to use the RetireGrant operation to retire the grant.

*

* To specify the principal, use the Amazon Resource Name * (ARN) of an Amazon Web Services principal. Valid principals include Amazon Web Services accounts, IAM * users, IAM roles, federated users, and assumed role users. For help with the ARN syntax for a principal, * see IAM * ARNs in the Identity and Access Management User Guide . *

*

* The grant determines the retiring principal. Other principals might have permission to retire the grant or * revoke the grant. For details, see RevokeGrant and Retiring and * revoking grants in the Key Management Service Developer Guide. * @return Returns a reference to this object so that method calls can be chained together. */ public CreateGrantRequest withRetiringPrincipal(String retiringPrincipal) { setRetiringPrincipal(retiringPrincipal); return this; } /** *

* A list of operations that the grant permits. *

*

* This list must include only operations that are permitted in a grant. Also, the operation must be supported on * the KMS key. For example, you cannot create a grant for a symmetric encryption KMS key that allows the * Sign operation, or a grant for an asymmetric KMS key that allows the GenerateDataKey operation. If * you try, KMS returns a ValidationError exception. For details, see Grant * operations in the Key Management Service Developer Guide. *

* * @return A list of operations that the grant permits.

*

* This list must include only operations that are permitted in a grant. Also, the operation must be * supported on the KMS key. For example, you cannot create a grant for a symmetric encryption KMS key that * allows the Sign operation, or a grant for an asymmetric KMS key that allows the * GenerateDataKey operation. If you try, KMS returns a ValidationError exception. For * details, see Grant * operations in the Key Management Service Developer Guide. * @see GrantOperation */ public java.util.List getOperations() { if (operations == null) { operations = new com.amazonaws.internal.SdkInternalList(); } return operations; } /** *

* A list of operations that the grant permits. *

*

* This list must include only operations that are permitted in a grant. Also, the operation must be supported on * the KMS key. For example, you cannot create a grant for a symmetric encryption KMS key that allows the * Sign operation, or a grant for an asymmetric KMS key that allows the GenerateDataKey operation. If * you try, KMS returns a ValidationError exception. For details, see Grant * operations in the Key Management Service Developer Guide. *

* * @param operations * A list of operations that the grant permits.

*

* This list must include only operations that are permitted in a grant. Also, the operation must be * supported on the KMS key. For example, you cannot create a grant for a symmetric encryption KMS key that * allows the Sign operation, or a grant for an asymmetric KMS key that allows the * GenerateDataKey operation. If you try, KMS returns a ValidationError exception. For * details, see Grant * operations in the Key Management Service Developer Guide. * @see GrantOperation */ public void setOperations(java.util.Collection operations) { if (operations == null) { this.operations = null; return; } this.operations = new com.amazonaws.internal.SdkInternalList(operations); } /** *

* A list of operations that the grant permits. *

*

* This list must include only operations that are permitted in a grant. Also, the operation must be supported on * the KMS key. For example, you cannot create a grant for a symmetric encryption KMS key that allows the * Sign operation, or a grant for an asymmetric KMS key that allows the GenerateDataKey operation. If * you try, KMS returns a ValidationError exception. For details, see Grant * operations in the Key Management Service Developer Guide. *

*

* NOTE: This method appends the values to the existing list (if any). Use * {@link #setOperations(java.util.Collection)} or {@link #withOperations(java.util.Collection)} if you want to * override the existing values. *

* * @param operations * A list of operations that the grant permits.

*

* This list must include only operations that are permitted in a grant. Also, the operation must be * supported on the KMS key. For example, you cannot create a grant for a symmetric encryption KMS key that * allows the Sign operation, or a grant for an asymmetric KMS key that allows the * GenerateDataKey operation. If you try, KMS returns a ValidationError exception. For * details, see Grant * operations in the Key Management Service Developer Guide. * @return Returns a reference to this object so that method calls can be chained together. * @see GrantOperation */ public CreateGrantRequest withOperations(String... operations) { if (this.operations == null) { setOperations(new com.amazonaws.internal.SdkInternalList(operations.length)); } for (String ele : operations) { this.operations.add(ele); } return this; } /** *

* A list of operations that the grant permits. *

*

* This list must include only operations that are permitted in a grant. Also, the operation must be supported on * the KMS key. For example, you cannot create a grant for a symmetric encryption KMS key that allows the * Sign operation, or a grant for an asymmetric KMS key that allows the GenerateDataKey operation. If * you try, KMS returns a ValidationError exception. For details, see Grant * operations in the Key Management Service Developer Guide. *

* * @param operations * A list of operations that the grant permits.

*

* This list must include only operations that are permitted in a grant. Also, the operation must be * supported on the KMS key. For example, you cannot create a grant for a symmetric encryption KMS key that * allows the Sign operation, or a grant for an asymmetric KMS key that allows the * GenerateDataKey operation. If you try, KMS returns a ValidationError exception. For * details, see Grant * operations in the Key Management Service Developer Guide. * @return Returns a reference to this object so that method calls can be chained together. * @see GrantOperation */ public CreateGrantRequest withOperations(java.util.Collection operations) { setOperations(operations); return this; } /** *

* A list of operations that the grant permits. *

*

* This list must include only operations that are permitted in a grant. Also, the operation must be supported on * the KMS key. For example, you cannot create a grant for a symmetric encryption KMS key that allows the * Sign operation, or a grant for an asymmetric KMS key that allows the GenerateDataKey operation. If * you try, KMS returns a ValidationError exception. For details, see Grant * operations in the Key Management Service Developer Guide. *

* * @param operations * A list of operations that the grant permits.

*

* This list must include only operations that are permitted in a grant. Also, the operation must be * supported on the KMS key. For example, you cannot create a grant for a symmetric encryption KMS key that * allows the Sign operation, or a grant for an asymmetric KMS key that allows the * GenerateDataKey operation. If you try, KMS returns a ValidationError exception. For * details, see Grant * operations in the Key Management Service Developer Guide. * @return Returns a reference to this object so that method calls can be chained together. * @see GrantOperation */ public CreateGrantRequest withOperations(GrantOperation... operations) { com.amazonaws.internal.SdkInternalList operationsCopy = new com.amazonaws.internal.SdkInternalList(operations.length); for (GrantOperation value : operations) { operationsCopy.add(value.toString()); } if (getOperations() == null) { setOperations(operationsCopy); } else { getOperations().addAll(operationsCopy); } return this; } /** *

* Specifies a grant constraint. *

* *

* Do not include confidential or sensitive information in this field. This field may be displayed in plaintext in * CloudTrail logs and other output. *

*
*

* KMS supports the EncryptionContextEquals and EncryptionContextSubset grant constraints, * which allow the permissions in the grant only when the encryption context in the request matches ( * EncryptionContextEquals) or includes (EncryptionContextSubset) the encryption context * specified in the constraint. *

*

* The encryption context grant constraints are supported only on grant * operations that include an EncryptionContext parameter, such as cryptographic operations on * symmetric encryption KMS keys. Grants with grant constraints can include the DescribeKey and * RetireGrant operations, but the constraint doesn't apply to these operations. If a grant with a grant * constraint includes the CreateGrant operation, the constraint requires that any grants created with * the CreateGrant permission have an equally strict or stricter encryption context constraint. *

*

* You cannot use an encryption context grant constraint for cryptographic operations with asymmetric KMS keys or * HMAC KMS keys. Operations with these keys don't support an encryption context. *

*

* Each constraint value can include up to 8 encryption context pairs. The encryption context value in each * constraint cannot exceed 384 characters. For information about grant constraints, see Using * grant constraints in the Key Management Service Developer Guide. For more information about encryption * context, see Encryption context * in the Key Management Service Developer Guide . *

* * @param constraints * Specifies a grant constraint.

*

* Do not include confidential or sensitive information in this field. This field may be displayed in * plaintext in CloudTrail logs and other output. *

*
*

* KMS supports the EncryptionContextEquals and EncryptionContextSubset grant * constraints, which allow the permissions in the grant only when the encryption context in the request * matches (EncryptionContextEquals) or includes (EncryptionContextSubset) the * encryption context specified in the constraint. *

*

* The encryption context grant constraints are supported only on grant * operations that include an EncryptionContext parameter, such as cryptographic operations * on symmetric encryption KMS keys. Grants with grant constraints can include the DescribeKey and * RetireGrant operations, but the constraint doesn't apply to these operations. If a grant with a * grant constraint includes the CreateGrant operation, the constraint requires that any grants * created with the CreateGrant permission have an equally strict or stricter encryption context * constraint. *

*

* You cannot use an encryption context grant constraint for cryptographic operations with asymmetric KMS * keys or HMAC KMS keys. Operations with these keys don't support an encryption context. *

*

* Each constraint value can include up to 8 encryption context pairs. The encryption context value in each * constraint cannot exceed 384 characters. For information about grant constraints, see Using * grant constraints in the Key Management Service Developer Guide. For more information about * encryption context, see Encryption * context in the Key Management Service Developer Guide . */ public void setConstraints(GrantConstraints constraints) { this.constraints = constraints; } /** *

* Specifies a grant constraint. *

* *

* Do not include confidential or sensitive information in this field. This field may be displayed in plaintext in * CloudTrail logs and other output. *

*
*

* KMS supports the EncryptionContextEquals and EncryptionContextSubset grant constraints, * which allow the permissions in the grant only when the encryption context in the request matches ( * EncryptionContextEquals) or includes (EncryptionContextSubset) the encryption context * specified in the constraint. *

*

* The encryption context grant constraints are supported only on grant * operations that include an EncryptionContext parameter, such as cryptographic operations on * symmetric encryption KMS keys. Grants with grant constraints can include the DescribeKey and * RetireGrant operations, but the constraint doesn't apply to these operations. If a grant with a grant * constraint includes the CreateGrant operation, the constraint requires that any grants created with * the CreateGrant permission have an equally strict or stricter encryption context constraint. *

*

* You cannot use an encryption context grant constraint for cryptographic operations with asymmetric KMS keys or * HMAC KMS keys. Operations with these keys don't support an encryption context. *

*

* Each constraint value can include up to 8 encryption context pairs. The encryption context value in each * constraint cannot exceed 384 characters. For information about grant constraints, see Using * grant constraints in the Key Management Service Developer Guide. For more information about encryption * context, see Encryption context * in the Key Management Service Developer Guide . *

* * @return Specifies a grant constraint.

*

* Do not include confidential or sensitive information in this field. This field may be displayed in * plaintext in CloudTrail logs and other output. *

*
*

* KMS supports the EncryptionContextEquals and EncryptionContextSubset grant * constraints, which allow the permissions in the grant only when the encryption context in the request * matches (EncryptionContextEquals) or includes (EncryptionContextSubset) the * encryption context specified in the constraint. *

*

* The encryption context grant constraints are supported only on grant * operations that include an EncryptionContext parameter, such as cryptographic operations * on symmetric encryption KMS keys. Grants with grant constraints can include the DescribeKey and * RetireGrant operations, but the constraint doesn't apply to these operations. If a grant with a * grant constraint includes the CreateGrant operation, the constraint requires that any grants * created with the CreateGrant permission have an equally strict or stricter encryption * context constraint. *

*

* You cannot use an encryption context grant constraint for cryptographic operations with asymmetric KMS * keys or HMAC KMS keys. Operations with these keys don't support an encryption context. *

*

* Each constraint value can include up to 8 encryption context pairs. The encryption context value in each * constraint cannot exceed 384 characters. For information about grant constraints, see Using grant constraints in the Key Management Service Developer Guide. For more information * about encryption context, see Encryption * context in the Key Management Service Developer Guide . */ public GrantConstraints getConstraints() { return this.constraints; } /** *

* Specifies a grant constraint. *

* *

* Do not include confidential or sensitive information in this field. This field may be displayed in plaintext in * CloudTrail logs and other output. *

*
*

* KMS supports the EncryptionContextEquals and EncryptionContextSubset grant constraints, * which allow the permissions in the grant only when the encryption context in the request matches ( * EncryptionContextEquals) or includes (EncryptionContextSubset) the encryption context * specified in the constraint. *

*

* The encryption context grant constraints are supported only on grant * operations that include an EncryptionContext parameter, such as cryptographic operations on * symmetric encryption KMS keys. Grants with grant constraints can include the DescribeKey and * RetireGrant operations, but the constraint doesn't apply to these operations. If a grant with a grant * constraint includes the CreateGrant operation, the constraint requires that any grants created with * the CreateGrant permission have an equally strict or stricter encryption context constraint. *

*

* You cannot use an encryption context grant constraint for cryptographic operations with asymmetric KMS keys or * HMAC KMS keys. Operations with these keys don't support an encryption context. *

*

* Each constraint value can include up to 8 encryption context pairs. The encryption context value in each * constraint cannot exceed 384 characters. For information about grant constraints, see Using * grant constraints in the Key Management Service Developer Guide. For more information about encryption * context, see Encryption context * in the Key Management Service Developer Guide . *

* * @param constraints * Specifies a grant constraint.

*

* Do not include confidential or sensitive information in this field. This field may be displayed in * plaintext in CloudTrail logs and other output. *

*
*

* KMS supports the EncryptionContextEquals and EncryptionContextSubset grant * constraints, which allow the permissions in the grant only when the encryption context in the request * matches (EncryptionContextEquals) or includes (EncryptionContextSubset) the * encryption context specified in the constraint. *

*

* The encryption context grant constraints are supported only on grant * operations that include an EncryptionContext parameter, such as cryptographic operations * on symmetric encryption KMS keys. Grants with grant constraints can include the DescribeKey and * RetireGrant operations, but the constraint doesn't apply to these operations. If a grant with a * grant constraint includes the CreateGrant operation, the constraint requires that any grants * created with the CreateGrant permission have an equally strict or stricter encryption context * constraint. *

*

* You cannot use an encryption context grant constraint for cryptographic operations with asymmetric KMS * keys or HMAC KMS keys. Operations with these keys don't support an encryption context. *

*

* Each constraint value can include up to 8 encryption context pairs. The encryption context value in each * constraint cannot exceed 384 characters. For information about grant constraints, see Using * grant constraints in the Key Management Service Developer Guide. For more information about * encryption context, see Encryption * context in the Key Management Service Developer Guide . * @return Returns a reference to this object so that method calls can be chained together. */ public CreateGrantRequest withConstraints(GrantConstraints constraints) { setConstraints(constraints); return this; } /** *

* A list of grant tokens. *

*

* Use a grant token when your permission to call this operation comes from a new grant that has not yet achieved * eventual consistency. For more information, see Grant token and Using a grant * token in the Key Management Service Developer Guide. *

* * @return A list of grant tokens.

*

* Use a grant token when your permission to call this operation comes from a new grant that has not yet * achieved eventual consistency. For more information, see Grant token and * Using * a grant token in the Key Management Service Developer Guide. */ public java.util.List getGrantTokens() { if (grantTokens == null) { grantTokens = new com.amazonaws.internal.SdkInternalList(); } return grantTokens; } /** *

* A list of grant tokens. *

*

* Use a grant token when your permission to call this operation comes from a new grant that has not yet achieved * eventual consistency. For more information, see Grant token and Using a grant * token in the Key Management Service Developer Guide. *

* * @param grantTokens * A list of grant tokens.

*

* Use a grant token when your permission to call this operation comes from a new grant that has not yet * achieved eventual consistency. For more information, see Grant token and * Using * a grant token in the Key Management Service Developer Guide. */ public void setGrantTokens(java.util.Collection grantTokens) { if (grantTokens == null) { this.grantTokens = null; return; } this.grantTokens = new com.amazonaws.internal.SdkInternalList(grantTokens); } /** *

* A list of grant tokens. *

*

* Use a grant token when your permission to call this operation comes from a new grant that has not yet achieved * eventual consistency. For more information, see Grant token and Using a grant * token in the Key Management Service Developer Guide. *

*

* NOTE: This method appends the values to the existing list (if any). Use * {@link #setGrantTokens(java.util.Collection)} or {@link #withGrantTokens(java.util.Collection)} if you want to * override the existing values. *

* * @param grantTokens * A list of grant tokens.

*

* Use a grant token when your permission to call this operation comes from a new grant that has not yet * achieved eventual consistency. For more information, see Grant token and * Using * a grant token in the Key Management Service Developer Guide. * @return Returns a reference to this object so that method calls can be chained together. */ public CreateGrantRequest withGrantTokens(String... grantTokens) { if (this.grantTokens == null) { setGrantTokens(new com.amazonaws.internal.SdkInternalList(grantTokens.length)); } for (String ele : grantTokens) { this.grantTokens.add(ele); } return this; } /** *

* A list of grant tokens. *

*

* Use a grant token when your permission to call this operation comes from a new grant that has not yet achieved * eventual consistency. For more information, see Grant token and Using a grant * token in the Key Management Service Developer Guide. *

* * @param grantTokens * A list of grant tokens.

*

* Use a grant token when your permission to call this operation comes from a new grant that has not yet * achieved eventual consistency. For more information, see Grant token and * Using * a grant token in the Key Management Service Developer Guide. * @return Returns a reference to this object so that method calls can be chained together. */ public CreateGrantRequest withGrantTokens(java.util.Collection grantTokens) { setGrantTokens(grantTokens); return this; } /** *

* A friendly name for the grant. Use this value to prevent the unintended creation of duplicate grants when * retrying this request. *

* *

* Do not include confidential or sensitive information in this field. This field may be displayed in plaintext in * CloudTrail logs and other output. *

*
*

* When this value is absent, all CreateGrant requests result in a new grant with a unique * GrantId even if all the supplied parameters are identical. This can result in unintended duplicates * when you retry the CreateGrant request. *

*

* When this value is present, you can retry a CreateGrant request with identical parameters; if the * grant already exists, the original GrantId is returned without creating a new grant. Note that the * returned grant token is unique with every CreateGrant request, even when a duplicate * GrantId is returned. All grant tokens for the same grant ID can be used interchangeably. *

* * @param name * A friendly name for the grant. Use this value to prevent the unintended creation of duplicate grants when * retrying this request.

*

* Do not include confidential or sensitive information in this field. This field may be displayed in * plaintext in CloudTrail logs and other output. *

*
*

* When this value is absent, all CreateGrant requests result in a new grant with a unique * GrantId even if all the supplied parameters are identical. This can result in unintended * duplicates when you retry the CreateGrant request. *

*

* When this value is present, you can retry a CreateGrant request with identical parameters; if * the grant already exists, the original GrantId is returned without creating a new grant. Note * that the returned grant token is unique with every CreateGrant request, even when a duplicate * GrantId is returned. All grant tokens for the same grant ID can be used interchangeably. */ public void setName(String name) { this.name = name; } /** *

* A friendly name for the grant. Use this value to prevent the unintended creation of duplicate grants when * retrying this request. *

* *

* Do not include confidential or sensitive information in this field. This field may be displayed in plaintext in * CloudTrail logs and other output. *

*
*

* When this value is absent, all CreateGrant requests result in a new grant with a unique * GrantId even if all the supplied parameters are identical. This can result in unintended duplicates * when you retry the CreateGrant request. *

*

* When this value is present, you can retry a CreateGrant request with identical parameters; if the * grant already exists, the original GrantId is returned without creating a new grant. Note that the * returned grant token is unique with every CreateGrant request, even when a duplicate * GrantId is returned. All grant tokens for the same grant ID can be used interchangeably. *

* * @return A friendly name for the grant. Use this value to prevent the unintended creation of duplicate grants when * retrying this request.

*

* Do not include confidential or sensitive information in this field. This field may be displayed in * plaintext in CloudTrail logs and other output. *

*
*

* When this value is absent, all CreateGrant requests result in a new grant with a unique * GrantId even if all the supplied parameters are identical. This can result in unintended * duplicates when you retry the CreateGrant request. *

*

* When this value is present, you can retry a CreateGrant request with identical parameters; * if the grant already exists, the original GrantId is returned without creating a new grant. * Note that the returned grant token is unique with every CreateGrant request, even when a * duplicate GrantId is returned. All grant tokens for the same grant ID can be used * interchangeably. */ public String getName() { return this.name; } /** *

* A friendly name for the grant. Use this value to prevent the unintended creation of duplicate grants when * retrying this request. *

* *

* Do not include confidential or sensitive information in this field. This field may be displayed in plaintext in * CloudTrail logs and other output. *

*
*

* When this value is absent, all CreateGrant requests result in a new grant with a unique * GrantId even if all the supplied parameters are identical. This can result in unintended duplicates * when you retry the CreateGrant request. *

*

* When this value is present, you can retry a CreateGrant request with identical parameters; if the * grant already exists, the original GrantId is returned without creating a new grant. Note that the * returned grant token is unique with every CreateGrant request, even when a duplicate * GrantId is returned. All grant tokens for the same grant ID can be used interchangeably. *

* * @param name * A friendly name for the grant. Use this value to prevent the unintended creation of duplicate grants when * retrying this request.

*

* Do not include confidential or sensitive information in this field. This field may be displayed in * plaintext in CloudTrail logs and other output. *

*
*

* When this value is absent, all CreateGrant requests result in a new grant with a unique * GrantId even if all the supplied parameters are identical. This can result in unintended * duplicates when you retry the CreateGrant request. *

*

* When this value is present, you can retry a CreateGrant request with identical parameters; if * the grant already exists, the original GrantId is returned without creating a new grant. Note * that the returned grant token is unique with every CreateGrant request, even when a duplicate * GrantId is returned. All grant tokens for the same grant ID can be used interchangeably. * @return Returns a reference to this object so that method calls can be chained together. */ public CreateGrantRequest withName(String name) { setName(name); return this; } /** *

* Checks if your request will succeed. DryRun is an optional parameter. *

*

* To learn more about how to use this parameter, see Testing your KMS API * calls in the Key Management Service Developer Guide. *

* * @param dryRun * Checks if your request will succeed. DryRun is an optional parameter.

*

* To learn more about how to use this parameter, see Testing your KMS API * calls in the Key Management Service Developer Guide. */ public void setDryRun(Boolean dryRun) { this.dryRun = dryRun; } /** *

* Checks if your request will succeed. DryRun is an optional parameter. *

*

* To learn more about how to use this parameter, see Testing your KMS API * calls in the Key Management Service Developer Guide. *

* * @return Checks if your request will succeed. DryRun is an optional parameter.

*

* To learn more about how to use this parameter, see Testing your KMS API * calls in the Key Management Service Developer Guide. */ public Boolean getDryRun() { return this.dryRun; } /** *

* Checks if your request will succeed. DryRun is an optional parameter. *

*

* To learn more about how to use this parameter, see Testing your KMS API * calls in the Key Management Service Developer Guide. *

* * @param dryRun * Checks if your request will succeed. DryRun is an optional parameter.

*

* To learn more about how to use this parameter, see Testing your KMS API * calls in the Key Management Service Developer Guide. * @return Returns a reference to this object so that method calls can be chained together. */ public CreateGrantRequest withDryRun(Boolean dryRun) { setDryRun(dryRun); return this; } /** *

* Checks if your request will succeed. DryRun is an optional parameter. *

*

* To learn more about how to use this parameter, see Testing your KMS API * calls in the Key Management Service Developer Guide. *

* * @return Checks if your request will succeed. DryRun is an optional parameter.

*

* To learn more about how to use this parameter, see Testing your KMS API * calls in the Key Management Service Developer Guide. */ public Boolean isDryRun() { return this.dryRun; } /** * Returns a string representation of this object. This is useful for testing and debugging. Sensitive data will be * redacted from this string using a placeholder value. * * @return A string representation of this object. * * @see java.lang.Object#toString() */ @Override public String toString() { StringBuilder sb = new StringBuilder(); sb.append("{"); if (getKeyId() != null) sb.append("KeyId: ").append(getKeyId()).append(","); if (getGranteePrincipal() != null) sb.append("GranteePrincipal: ").append(getGranteePrincipal()).append(","); if (getRetiringPrincipal() != null) sb.append("RetiringPrincipal: ").append(getRetiringPrincipal()).append(","); if (getOperations() != null) sb.append("Operations: ").append(getOperations()).append(","); if (getConstraints() != null) sb.append("Constraints: ").append(getConstraints()).append(","); if (getGrantTokens() != null) sb.append("GrantTokens: ").append(getGrantTokens()).append(","); if (getName() != null) sb.append("Name: ").append(getName()).append(","); if (getDryRun() != null) sb.append("DryRun: ").append(getDryRun()); sb.append("}"); return sb.toString(); } @Override public boolean equals(Object obj) { if (this == obj) return true; if (obj == null) return false; if (obj instanceof CreateGrantRequest == false) return false; CreateGrantRequest other = (CreateGrantRequest) obj; if (other.getKeyId() == null ^ this.getKeyId() == null) return false; if (other.getKeyId() != null && other.getKeyId().equals(this.getKeyId()) == false) return false; if (other.getGranteePrincipal() == null ^ this.getGranteePrincipal() == null) return false; if (other.getGranteePrincipal() != null && other.getGranteePrincipal().equals(this.getGranteePrincipal()) == false) return false; if (other.getRetiringPrincipal() == null ^ this.getRetiringPrincipal() == null) return false; if (other.getRetiringPrincipal() != null && other.getRetiringPrincipal().equals(this.getRetiringPrincipal()) == false) return false; if (other.getOperations() == null ^ this.getOperations() == null) return false; if (other.getOperations() != null && other.getOperations().equals(this.getOperations()) == false) return false; if (other.getConstraints() == null ^ this.getConstraints() == null) return false; if (other.getConstraints() != null && other.getConstraints().equals(this.getConstraints()) == false) return false; if (other.getGrantTokens() == null ^ this.getGrantTokens() == null) return false; if (other.getGrantTokens() != null && other.getGrantTokens().equals(this.getGrantTokens()) == false) return false; if (other.getName() == null ^ this.getName() == null) return false; if (other.getName() != null && other.getName().equals(this.getName()) == false) return false; if (other.getDryRun() == null ^ this.getDryRun() == null) return false; if (other.getDryRun() != null && other.getDryRun().equals(this.getDryRun()) == false) return false; return true; } @Override public int hashCode() { final int prime = 31; int hashCode = 1; hashCode = prime * hashCode + ((getKeyId() == null) ? 0 : getKeyId().hashCode()); hashCode = prime * hashCode + ((getGranteePrincipal() == null) ? 0 : getGranteePrincipal().hashCode()); hashCode = prime * hashCode + ((getRetiringPrincipal() == null) ? 0 : getRetiringPrincipal().hashCode()); hashCode = prime * hashCode + ((getOperations() == null) ? 0 : getOperations().hashCode()); hashCode = prime * hashCode + ((getConstraints() == null) ? 0 : getConstraints().hashCode()); hashCode = prime * hashCode + ((getGrantTokens() == null) ? 0 : getGrantTokens().hashCode()); hashCode = prime * hashCode + ((getName() == null) ? 0 : getName().hashCode()); hashCode = prime * hashCode + ((getDryRun() == null) ? 0 : getDryRun().hashCode()); return hashCode; } @Override public CreateGrantRequest clone() { return (CreateGrantRequest) super.clone(); } }





© 2015 - 2024 Weber Informatics LLC | Privacy Policy