software.amazon.awssdk.services.kms.model.PutKeyPolicyRequest Maven / Gradle / Ivy
/*
* Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance with
* the License. A copy of the License is located at
*
* http://aws.amazon.com/apache2.0
*
* or in the "license" file accompanying this file. This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
* CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions
* and limitations under the License.
*/
package software.amazon.awssdk.services.kms.model;
import java.util.Arrays;
import java.util.Collections;
import java.util.List;
import java.util.Objects;
import java.util.Optional;
import java.util.function.BiConsumer;
import java.util.function.Consumer;
import java.util.function.Function;
import software.amazon.awssdk.annotations.Generated;
import software.amazon.awssdk.awscore.AwsRequestOverrideConfiguration;
import software.amazon.awssdk.core.SdkField;
import software.amazon.awssdk.core.SdkPojo;
import software.amazon.awssdk.core.protocol.MarshallLocation;
import software.amazon.awssdk.core.protocol.MarshallingType;
import software.amazon.awssdk.core.traits.LocationTrait;
import software.amazon.awssdk.utils.ToString;
import software.amazon.awssdk.utils.builder.CopyableBuilder;
import software.amazon.awssdk.utils.builder.ToCopyableBuilder;
/**
*/
@Generated("software.amazon.awssdk:codegen")
public final class PutKeyPolicyRequest extends KmsRequest implements
ToCopyableBuilder {
private static final SdkField KEY_ID_FIELD = SdkField. builder(MarshallingType.STRING).memberName("KeyId")
.getter(getter(PutKeyPolicyRequest::keyId)).setter(setter(Builder::keyId))
.traits(LocationTrait.builder().location(MarshallLocation.PAYLOAD).locationName("KeyId").build()).build();
private static final SdkField POLICY_NAME_FIELD = SdkField. builder(MarshallingType.STRING)
.memberName("PolicyName").getter(getter(PutKeyPolicyRequest::policyName)).setter(setter(Builder::policyName))
.traits(LocationTrait.builder().location(MarshallLocation.PAYLOAD).locationName("PolicyName").build()).build();
private static final SdkField POLICY_FIELD = SdkField. builder(MarshallingType.STRING).memberName("Policy")
.getter(getter(PutKeyPolicyRequest::policy)).setter(setter(Builder::policy))
.traits(LocationTrait.builder().location(MarshallLocation.PAYLOAD).locationName("Policy").build()).build();
private static final SdkField BYPASS_POLICY_LOCKOUT_SAFETY_CHECK_FIELD = SdkField
. builder(MarshallingType.BOOLEAN)
.memberName("BypassPolicyLockoutSafetyCheck")
.getter(getter(PutKeyPolicyRequest::bypassPolicyLockoutSafetyCheck))
.setter(setter(Builder::bypassPolicyLockoutSafetyCheck))
.traits(LocationTrait.builder().location(MarshallLocation.PAYLOAD).locationName("BypassPolicyLockoutSafetyCheck")
.build()).build();
private static final List> SDK_FIELDS = Collections.unmodifiableList(Arrays.asList(KEY_ID_FIELD,
POLICY_NAME_FIELD, POLICY_FIELD, BYPASS_POLICY_LOCKOUT_SAFETY_CHECK_FIELD));
private final String keyId;
private final String policyName;
private final String policy;
private final Boolean bypassPolicyLockoutSafetyCheck;
private PutKeyPolicyRequest(BuilderImpl builder) {
super(builder);
this.keyId = builder.keyId;
this.policyName = builder.policyName;
this.policy = builder.policy;
this.bypassPolicyLockoutSafetyCheck = builder.bypassPolicyLockoutSafetyCheck;
}
/**
*
* A unique identifier for the customer master key (CMK).
*
*
* Specify the key ID or the Amazon Resource Name (ARN) of the CMK.
*
*
* For example:
*
*
* -
*
* Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab
*
*
* -
*
* Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
*
*
*
*
* To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey.
*
*
* @return A unique identifier for the customer master key (CMK).
*
* Specify the key ID or the Amazon Resource Name (ARN) of the CMK.
*
*
* For example:
*
*
* -
*
* Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab
*
*
* -
*
* Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
*
*
*
*
* To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey.
*/
public final String keyId() {
return keyId;
}
/**
*
* The name of the key policy. The only valid value is default.
*
*
* @return The name of the key policy. The only valid value is default.
*/
public final String policyName() {
return policyName;
}
/**
*
* The key policy to attach to the CMK.
*
*
* The key policy must meet the following criteria:
*
*
* -
*
* If you don't set BypassPolicyLockoutSafetyCheck to true, the key policy must allow the principal
* that is making the PutKeyPolicy request to make a subsequent PutKeyPolicy request on
* the CMK. This reduces the risk that the CMK becomes unmanageable. For more information, refer to the scenario in
* the Default Key Policy section of the AWS Key Management Service Developer Guide.
*
*
* -
*
* Each statement in the key policy must contain one or more principals. The principals in the key policy must exist
* and be visible to AWS KMS. When you create a new AWS principal (for example, an IAM user or role), you might need
* to enforce a delay before including the new principal in a key policy because the new principal might not be
* immediately visible to AWS KMS. For more information, see Changes that I make are not always immediately visible in the AWS Identity and Access Management User
* Guide.
*
*
*
*
* The key policy cannot exceed 32 kilobytes (32768 bytes). For more information, see Resource Quotas in the
* AWS Key Management Service Developer Guide.
*
*
* @return The key policy to attach to the CMK.
*
* The key policy must meet the following criteria:
*
*
* -
*
* If you don't set BypassPolicyLockoutSafetyCheck to true, the key policy must allow the
* principal that is making the PutKeyPolicy request to make a subsequent
* PutKeyPolicy request on the CMK. This reduces the risk that the CMK becomes unmanageable.
* For more information, refer to the scenario in the Default Key Policy section of the AWS Key Management Service Developer Guide.
*
*
* -
*
* Each statement in the key policy must contain one or more principals. The principals in the key policy
* must exist and be visible to AWS KMS. When you create a new AWS principal (for example, an IAM user or
* role), you might need to enforce a delay before including the new principal in a key policy because the
* new principal might not be immediately visible to AWS KMS. For more information, see Changes that I make are not always immediately visible in the AWS Identity and Access Management
* User Guide.
*
*
*
*
* The key policy cannot exceed 32 kilobytes (32768 bytes). For more information, see Resource Quotas in
* the AWS Key Management Service Developer Guide.
*/
public final String policy() {
return policy;
}
/**
*
* A flag to indicate whether to bypass the key policy lockout safety check.
*
*
*
* Setting this value to true increases the risk that the CMK becomes unmanageable. Do not set this value to true
* indiscriminately.
*
*
* For more information, refer to the scenario in the Default Key Policy section in the AWS Key Management Service Developer Guide.
*
*
*
* Use this parameter only when you intend to prevent the principal that is making the request from making a
* subsequent PutKeyPolicy request on the CMK.
*
*
* The default value is false.
*
*
* @return A flag to indicate whether to bypass the key policy lockout safety check.
*
* Setting this value to true increases the risk that the CMK becomes unmanageable. Do not set this value to
* true indiscriminately.
*
*
* For more information, refer to the scenario in the Default Key Policy section in the AWS Key Management Service Developer Guide.
*
*
*
* Use this parameter only when you intend to prevent the principal that is making the request from making a
* subsequent PutKeyPolicy request on the CMK.
*
*
* The default value is false.
*/
public final Boolean bypassPolicyLockoutSafetyCheck() {
return bypassPolicyLockoutSafetyCheck;
}
@Override
public Builder toBuilder() {
return new BuilderImpl(this);
}
public static Builder builder() {
return new BuilderImpl();
}
public static Class serializableBuilderClass() {
return BuilderImpl.class;
}
@Override
public final int hashCode() {
int hashCode = 1;
hashCode = 31 * hashCode + super.hashCode();
hashCode = 31 * hashCode + Objects.hashCode(keyId());
hashCode = 31 * hashCode + Objects.hashCode(policyName());
hashCode = 31 * hashCode + Objects.hashCode(policy());
hashCode = 31 * hashCode + Objects.hashCode(bypassPolicyLockoutSafetyCheck());
return hashCode;
}
@Override
public final boolean equals(Object obj) {
return super.equals(obj) && equalsBySdkFields(obj);
}
@Override
public final boolean equalsBySdkFields(Object obj) {
if (this == obj) {
return true;
}
if (obj == null) {
return false;
}
if (!(obj instanceof PutKeyPolicyRequest)) {
return false;
}
PutKeyPolicyRequest other = (PutKeyPolicyRequest) obj;
return Objects.equals(keyId(), other.keyId()) && Objects.equals(policyName(), other.policyName())
&& Objects.equals(policy(), other.policy())
&& Objects.equals(bypassPolicyLockoutSafetyCheck(), other.bypassPolicyLockoutSafetyCheck());
}
/**
* Returns a string representation of this object. This is useful for testing and debugging. Sensitive data will be
* redacted from this string using a placeholder value.
*/
@Override
public final String toString() {
return ToString.builder("PutKeyPolicyRequest").add("KeyId", keyId()).add("PolicyName", policyName())
.add("Policy", policy()).add("BypassPolicyLockoutSafetyCheck", bypassPolicyLockoutSafetyCheck()).build();
}
public final Optional getValueForField(String fieldName, Class clazz) {
switch (fieldName) {
case "KeyId":
return Optional.ofNullable(clazz.cast(keyId()));
case "PolicyName":
return Optional.ofNullable(clazz.cast(policyName()));
case "Policy":
return Optional.ofNullable(clazz.cast(policy()));
case "BypassPolicyLockoutSafetyCheck":
return Optional.ofNullable(clazz.cast(bypassPolicyLockoutSafetyCheck()));
default:
return Optional.empty();
}
}
@Override
public final List> sdkFields() {
return SDK_FIELDS;
}
private static Function getter(Function g) {
return obj -> g.apply((PutKeyPolicyRequest) obj);
}
private static BiConsumer setter(BiConsumer s) {
return (obj, val) -> s.accept((Builder) obj, val);
}
public interface Builder extends KmsRequest.Builder, SdkPojo, CopyableBuilder {
/**
*
* A unique identifier for the customer master key (CMK).
*
*
* Specify the key ID or the Amazon Resource Name (ARN) of the CMK.
*
*
* For example:
*
*
* -
*
* Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab
*
*
* -
*
* Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
*
*
*
*
* To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey.
*
*
* @param keyId
* A unique identifier for the customer master key (CMK).
*
* Specify the key ID or the Amazon Resource Name (ARN) of the CMK.
*
*
* For example:
*
*
* -
*
* Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab
*
*
* -
*
* Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
*
*
*
*
* To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey.
* @return Returns a reference to this object so that method calls can be chained together.
*/
Builder keyId(String keyId);
/**
*
* The name of the key policy. The only valid value is default.
*
*
* @param policyName
* The name of the key policy. The only valid value is default.
* @return Returns a reference to this object so that method calls can be chained together.
*/
Builder policyName(String policyName);
/**
*
* The key policy to attach to the CMK.
*
*
* The key policy must meet the following criteria:
*
*
* -
*
* If you don't set BypassPolicyLockoutSafetyCheck to true, the key policy must allow the principal
* that is making the PutKeyPolicy request to make a subsequent PutKeyPolicy request
* on the CMK. This reduces the risk that the CMK becomes unmanageable. For more information, refer to the
* scenario in the Default Key Policy section of the AWS Key Management Service Developer Guide.
*
*
* -
*
* Each statement in the key policy must contain one or more principals. The principals in the key policy must
* exist and be visible to AWS KMS. When you create a new AWS principal (for example, an IAM user or role), you
* might need to enforce a delay before including the new principal in a key policy because the new principal
* might not be immediately visible to AWS KMS. For more information, see Changes that I make are not always immediately visible in the AWS Identity and Access Management User
* Guide.
*
*
*
*
* The key policy cannot exceed 32 kilobytes (32768 bytes). For more information, see Resource Quotas in the
* AWS Key Management Service Developer Guide.
*
*
* @param policy
* The key policy to attach to the CMK.
*
* The key policy must meet the following criteria:
*
*
* -
*
* If you don't set BypassPolicyLockoutSafetyCheck to true, the key policy must allow the
* principal that is making the PutKeyPolicy request to make a subsequent
* PutKeyPolicy request on the CMK. This reduces the risk that the CMK becomes unmanageable.
* For more information, refer to the scenario in the Default Key Policy section of the AWS Key Management Service Developer Guide.
*
*
* -
*
* Each statement in the key policy must contain one or more principals. The principals in the key policy
* must exist and be visible to AWS KMS. When you create a new AWS principal (for example, an IAM user or
* role), you might need to enforce a delay before including the new principal in a key policy because
* the new principal might not be immediately visible to AWS KMS. For more information, see Changes that I make are not always immediately visible in the AWS Identity and Access
* Management User Guide.
*
*
*
*
* The key policy cannot exceed 32 kilobytes (32768 bytes). For more information, see Resource Quotas
* in the AWS Key Management Service Developer Guide.
* @return Returns a reference to this object so that method calls can be chained together.
*/
Builder policy(String policy);
/**
*
* A flag to indicate whether to bypass the key policy lockout safety check.
*
*
*
* Setting this value to true increases the risk that the CMK becomes unmanageable. Do not set this value to
* true indiscriminately.
*
*
* For more information, refer to the scenario in the Default Key Policy section in the AWS Key Management Service Developer Guide.
*
*
*
* Use this parameter only when you intend to prevent the principal that is making the request from making a
* subsequent PutKeyPolicy request on the CMK.
*
*
* The default value is false.
*
*
* @param bypassPolicyLockoutSafetyCheck
* A flag to indicate whether to bypass the key policy lockout safety check.
*
* Setting this value to true increases the risk that the CMK becomes unmanageable. Do not set this value
* to true indiscriminately.
*
*
* For more information, refer to the scenario in the Default Key Policy section in the AWS Key Management Service Developer Guide.
*
*
*
* Use this parameter only when you intend to prevent the principal that is making the request from
* making a subsequent PutKeyPolicy request on the CMK.
*
*
* The default value is false.
* @return Returns a reference to this object so that method calls can be chained together.
*/
Builder bypassPolicyLockoutSafetyCheck(Boolean bypassPolicyLockoutSafetyCheck);
@Override
Builder overrideConfiguration(AwsRequestOverrideConfiguration overrideConfiguration);
@Override
Builder overrideConfiguration(Consumer builderConsumer);
}
static final class BuilderImpl extends KmsRequest.BuilderImpl implements Builder {
private String keyId;
private String policyName;
private String policy;
private Boolean bypassPolicyLockoutSafetyCheck;
private BuilderImpl() {
}
private BuilderImpl(PutKeyPolicyRequest model) {
super(model);
keyId(model.keyId);
policyName(model.policyName);
policy(model.policy);
bypassPolicyLockoutSafetyCheck(model.bypassPolicyLockoutSafetyCheck);
}
public final String getKeyId() {
return keyId;
}
@Override
public final Builder keyId(String keyId) {
this.keyId = keyId;
return this;
}
public final void setKeyId(String keyId) {
this.keyId = keyId;
}
public final String getPolicyName() {
return policyName;
}
@Override
public final Builder policyName(String policyName) {
this.policyName = policyName;
return this;
}
public final void setPolicyName(String policyName) {
this.policyName = policyName;
}
public final String getPolicy() {
return policy;
}
@Override
public final Builder policy(String policy) {
this.policy = policy;
return this;
}
public final void setPolicy(String policy) {
this.policy = policy;
}
public final Boolean getBypassPolicyLockoutSafetyCheck() {
return bypassPolicyLockoutSafetyCheck;
}
@Override
public final Builder bypassPolicyLockoutSafetyCheck(Boolean bypassPolicyLockoutSafetyCheck) {
this.bypassPolicyLockoutSafetyCheck = bypassPolicyLockoutSafetyCheck;
return this;
}
public final void setBypassPolicyLockoutSafetyCheck(Boolean bypassPolicyLockoutSafetyCheck) {
this.bypassPolicyLockoutSafetyCheck = bypassPolicyLockoutSafetyCheck;
}
@Override
public Builder overrideConfiguration(AwsRequestOverrideConfiguration overrideConfiguration) {
super.overrideConfiguration(overrideConfiguration);
return this;
}
@Override
public Builder overrideConfiguration(Consumer builderConsumer) {
super.overrideConfiguration(builderConsumer);
return this;
}
@Override
public PutKeyPolicyRequest build() {
return new PutKeyPolicyRequest(this);
}
@Override
public List> sdkFields() {
return SDK_FIELDS;
}
}
}