software.amazon.awssdk.services.kms.model.CreateKeyRequest Maven / Gradle / Ivy
/*
* Copyright 2014-2019 Amazon.com, Inc. or its affiliates. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance with
* the License. A copy of the License is located at
*
* http://aws.amazon.com/apache2.0
*
* or in the "license" file accompanying this file. This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
* CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions
* and limitations under the License.
*/
package software.amazon.awssdk.services.kms.model;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.List;
import java.util.Objects;
import java.util.Optional;
import java.util.function.BiConsumer;
import java.util.function.Consumer;
import java.util.function.Function;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import software.amazon.awssdk.annotations.Generated;
import software.amazon.awssdk.awscore.AwsRequestOverrideConfiguration;
import software.amazon.awssdk.core.SdkField;
import software.amazon.awssdk.core.SdkPojo;
import software.amazon.awssdk.core.protocol.MarshallLocation;
import software.amazon.awssdk.core.protocol.MarshallingType;
import software.amazon.awssdk.core.traits.ListTrait;
import software.amazon.awssdk.core.traits.LocationTrait;
import software.amazon.awssdk.core.util.DefaultSdkAutoConstructList;
import software.amazon.awssdk.utils.ToString;
import software.amazon.awssdk.utils.builder.CopyableBuilder;
import software.amazon.awssdk.utils.builder.ToCopyableBuilder;
/**
*/
@Generated("software.amazon.awssdk:codegen")
public final class CreateKeyRequest extends KmsRequest implements ToCopyableBuilder {
private static final SdkField POLICY_FIELD = SdkField. builder(MarshallingType.STRING)
.getter(getter(CreateKeyRequest::policy)).setter(setter(Builder::policy))
.traits(LocationTrait.builder().location(MarshallLocation.PAYLOAD).locationName("Policy").build()).build();
private static final SdkField DESCRIPTION_FIELD = SdkField. builder(MarshallingType.STRING)
.getter(getter(CreateKeyRequest::description)).setter(setter(Builder::description))
.traits(LocationTrait.builder().location(MarshallLocation.PAYLOAD).locationName("Description").build()).build();
private static final SdkField KEY_USAGE_FIELD = SdkField. builder(MarshallingType.STRING)
.getter(getter(CreateKeyRequest::keyUsageAsString)).setter(setter(Builder::keyUsage))
.traits(LocationTrait.builder().location(MarshallLocation.PAYLOAD).locationName("KeyUsage").build()).build();
private static final SdkField ORIGIN_FIELD = SdkField. builder(MarshallingType.STRING)
.getter(getter(CreateKeyRequest::originAsString)).setter(setter(Builder::origin))
.traits(LocationTrait.builder().location(MarshallLocation.PAYLOAD).locationName("Origin").build()).build();
private static final SdkField CUSTOM_KEY_STORE_ID_FIELD = SdkField. builder(MarshallingType.STRING)
.getter(getter(CreateKeyRequest::customKeyStoreId)).setter(setter(Builder::customKeyStoreId))
.traits(LocationTrait.builder().location(MarshallLocation.PAYLOAD).locationName("CustomKeyStoreId").build()).build();
private static final SdkField BYPASS_POLICY_LOCKOUT_SAFETY_CHECK_FIELD = SdkField
. builder(MarshallingType.BOOLEAN)
.getter(getter(CreateKeyRequest::bypassPolicyLockoutSafetyCheck))
.setter(setter(Builder::bypassPolicyLockoutSafetyCheck))
.traits(LocationTrait.builder().location(MarshallLocation.PAYLOAD).locationName("BypassPolicyLockoutSafetyCheck")
.build()).build();
private static final SdkField> TAGS_FIELD = SdkField
.> builder(MarshallingType.LIST)
.getter(getter(CreateKeyRequest::tags))
.setter(setter(Builder::tags))
.traits(LocationTrait.builder().location(MarshallLocation.PAYLOAD).locationName("Tags").build(),
ListTrait
.builder()
.memberLocationName(null)
.memberFieldInfo(
SdkField. builder(MarshallingType.SDK_POJO)
.constructor(Tag::builder)
.traits(LocationTrait.builder().location(MarshallLocation.PAYLOAD)
.locationName("member").build()).build()).build()).build();
private static final List> SDK_FIELDS = Collections.unmodifiableList(Arrays.asList(POLICY_FIELD,
DESCRIPTION_FIELD, KEY_USAGE_FIELD, ORIGIN_FIELD, CUSTOM_KEY_STORE_ID_FIELD,
BYPASS_POLICY_LOCKOUT_SAFETY_CHECK_FIELD, TAGS_FIELD));
private final String policy;
private final String description;
private final String keyUsage;
private final String origin;
private final String customKeyStoreId;
private final Boolean bypassPolicyLockoutSafetyCheck;
private final List tags;
private CreateKeyRequest(BuilderImpl builder) {
super(builder);
this.policy = builder.policy;
this.description = builder.description;
this.keyUsage = builder.keyUsage;
this.origin = builder.origin;
this.customKeyStoreId = builder.customKeyStoreId;
this.bypassPolicyLockoutSafetyCheck = builder.bypassPolicyLockoutSafetyCheck;
this.tags = builder.tags;
}
/**
*
* The key policy to attach to the CMK.
*
*
* If you provide a key policy, it must meet the following criteria:
*
*
* -
*
* If you don't set BypassPolicyLockoutSafetyCheck to true, the key policy must allow the principal
* that is making the CreateKey request to make a subsequent PutKeyPolicy request on the CMK.
* This reduces the risk that the CMK becomes unmanageable. For more information, refer to the scenario in the Default Key Policy section of the AWS Key Management Service Developer Guide .
*
*
* -
*
* Each statement in the key policy must contain one or more principals. The principals in the key policy must exist
* and be visible to AWS KMS. When you create a new AWS principal (for example, an IAM user or role), you might need
* to enforce a delay before including the new principal in a key policy because the new principal might not be
* immediately visible to AWS KMS. For more information, see Changes that I make are not always immediately visible in the AWS Identity and Access Management User
* Guide.
*
*
*
*
* If you do not provide a key policy, AWS KMS attaches a default key policy to the CMK. For more information, see
* Default Key
* Policy in the AWS Key Management Service Developer Guide.
*
*
* The key policy size limit is 32 kilobytes (32768 bytes).
*
*
* @return The key policy to attach to the CMK.
*
* If you provide a key policy, it must meet the following criteria:
*
*
* -
*
* If you don't set BypassPolicyLockoutSafetyCheck to true, the key policy must allow the
* principal that is making the CreateKey request to make a subsequent PutKeyPolicy
* request on the CMK. This reduces the risk that the CMK becomes unmanageable. For more information, refer
* to the scenario in the Default Key Policy section of the AWS Key Management Service Developer Guide .
*
*
* -
*
* Each statement in the key policy must contain one or more principals. The principals in the key policy
* must exist and be visible to AWS KMS. When you create a new AWS principal (for example, an IAM user or
* role), you might need to enforce a delay before including the new principal in a key policy because the
* new principal might not be immediately visible to AWS KMS. For more information, see Changes that I make are not always immediately visible in the AWS Identity and Access Management
* User Guide.
*
*
*
*
* If you do not provide a key policy, AWS KMS attaches a default key policy to the CMK. For more
* information, see Default
* Key Policy in the AWS Key Management Service Developer Guide.
*
*
* The key policy size limit is 32 kilobytes (32768 bytes).
*/
public String policy() {
return policy;
}
/**
*
* A description of the CMK.
*
*
* Use a description that helps you decide whether the CMK is appropriate for a task.
*
*
* @return A description of the CMK.
*
* Use a description that helps you decide whether the CMK is appropriate for a task.
*/
public String description() {
return description;
}
/**
*
* The cryptographic operations for which you can use the CMK. The only valid value is ENCRYPT_DECRYPT,
* which means you can use the CMK to encrypt and decrypt data.
*
*
* If the service returns an enum value that is not available in the current SDK version, {@link #keyUsage} will
* return {@link KeyUsageType#UNKNOWN_TO_SDK_VERSION}. The raw value returned by the service is available from
* {@link #keyUsageAsString}.
*
*
* @return The cryptographic operations for which you can use the CMK. The only valid value is
* ENCRYPT_DECRYPT, which means you can use the CMK to encrypt and decrypt data.
* @see KeyUsageType
*/
public KeyUsageType keyUsage() {
return KeyUsageType.fromValue(keyUsage);
}
/**
*
* The cryptographic operations for which you can use the CMK. The only valid value is ENCRYPT_DECRYPT,
* which means you can use the CMK to encrypt and decrypt data.
*
*
* If the service returns an enum value that is not available in the current SDK version, {@link #keyUsage} will
* return {@link KeyUsageType#UNKNOWN_TO_SDK_VERSION}. The raw value returned by the service is available from
* {@link #keyUsageAsString}.
*
*
* @return The cryptographic operations for which you can use the CMK. The only valid value is
* ENCRYPT_DECRYPT, which means you can use the CMK to encrypt and decrypt data.
* @see KeyUsageType
*/
public String keyUsageAsString() {
return keyUsage;
}
/**
*
* The source of the key material for the CMK. You cannot change the origin after you create the CMK.
*
*
* The default is AWS_KMS, which means AWS KMS creates the key material in its own key store.
*
*
* When the parameter value is EXTERNAL, AWS KMS creates a CMK without key material so that you can
* import key material from your existing key management infrastructure. For more information about importing key
* material into AWS KMS, see Importing Key Material in
* the AWS Key Management Service Developer Guide.
*
*
* When the parameter value is AWS_CLOUDHSM, AWS KMS creates the CMK in an AWS KMS custom key store
* and creates its key material in the associated AWS CloudHSM cluster. You must also use the
* CustomKeyStoreId parameter to identify the custom key store.
*
*
* If the service returns an enum value that is not available in the current SDK version, {@link #origin} will
* return {@link OriginType#UNKNOWN_TO_SDK_VERSION}. The raw value returned by the service is available from
* {@link #originAsString}.
*
*
* @return The source of the key material for the CMK. You cannot change the origin after you create the CMK.
*
* The default is AWS_KMS, which means AWS KMS creates the key material in its own key store.
*
*
* When the parameter value is EXTERNAL, AWS KMS creates a CMK without key material so that you
* can import key material from your existing key management infrastructure. For more information about
* importing key material into AWS KMS, see Importing Key
* Material in the AWS Key Management Service Developer Guide.
*
*
* When the parameter value is AWS_CLOUDHSM, AWS KMS creates the CMK in an AWS KMS custom key
* store and creates its key material in the associated AWS CloudHSM cluster. You must also use the
* CustomKeyStoreId parameter to identify the custom key store.
* @see OriginType
*/
public OriginType origin() {
return OriginType.fromValue(origin);
}
/**
*
* The source of the key material for the CMK. You cannot change the origin after you create the CMK.
*
*
* The default is AWS_KMS, which means AWS KMS creates the key material in its own key store.
*
*
* When the parameter value is EXTERNAL, AWS KMS creates a CMK without key material so that you can
* import key material from your existing key management infrastructure. For more information about importing key
* material into AWS KMS, see Importing Key Material in
* the AWS Key Management Service Developer Guide.
*
*
* When the parameter value is AWS_CLOUDHSM, AWS KMS creates the CMK in an AWS KMS custom key store
* and creates its key material in the associated AWS CloudHSM cluster. You must also use the
* CustomKeyStoreId parameter to identify the custom key store.
*
*
* If the service returns an enum value that is not available in the current SDK version, {@link #origin} will
* return {@link OriginType#UNKNOWN_TO_SDK_VERSION}. The raw value returned by the service is available from
* {@link #originAsString}.
*
*
* @return The source of the key material for the CMK. You cannot change the origin after you create the CMK.
*
* The default is AWS_KMS, which means AWS KMS creates the key material in its own key store.
*
*
* When the parameter value is EXTERNAL, AWS KMS creates a CMK without key material so that you
* can import key material from your existing key management infrastructure. For more information about
* importing key material into AWS KMS, see Importing Key
* Material in the AWS Key Management Service Developer Guide.
*
*
* When the parameter value is AWS_CLOUDHSM, AWS KMS creates the CMK in an AWS KMS custom key
* store and creates its key material in the associated AWS CloudHSM cluster. You must also use the
* CustomKeyStoreId parameter to identify the custom key store.
* @see OriginType
*/
public String originAsString() {
return origin;
}
/**
*
* Creates the CMK in the specified custom key store
* and the key material in its associated AWS CloudHSM cluster. To create a CMK in a custom key store, you must also
* specify the Origin parameter with a value of AWS_CLOUDHSM. The AWS CloudHSM cluster
* that is associated with the custom key store must have at least two active HSMs, each in a different Availability
* Zone in the Region.
*
*
* To find the ID of a custom key store, use the DescribeCustomKeyStores operation.
*
*
* The response includes the custom key store ID and the ID of the AWS CloudHSM cluster.
*
*
* This operation is part of the Custom Key Store
* feature feature in AWS KMS, which combines the convenience and extensive integration of AWS KMS with the
* isolation and control of a single-tenant key store.
*
*
* @return Creates the CMK in the specified custom key
* store and the key material in its associated AWS CloudHSM cluster. To create a CMK in a custom key
* store, you must also specify the Origin parameter with a value of AWS_CLOUDHSM.
* The AWS CloudHSM cluster that is associated with the custom key store must have at least two active HSMs,
* each in a different Availability Zone in the Region.
*
* To find the ID of a custom key store, use the DescribeCustomKeyStores operation.
*
*
* The response includes the custom key store ID and the ID of the AWS CloudHSM cluster.
*
*
* This operation is part of the Custom Key
* Store feature feature in AWS KMS, which combines the convenience and extensive integration of AWS KMS
* with the isolation and control of a single-tenant key store.
*/
public String customKeyStoreId() {
return customKeyStoreId;
}
/**
*
* A flag to indicate whether to bypass the key policy lockout safety check.
*
*
*
* Setting this value to true increases the risk that the CMK becomes unmanageable. Do not set this value to true
* indiscriminately.
*
*
* For more information, refer to the scenario in the Default Key Policy section in the AWS Key Management Service Developer Guide .
*
*
*
* Use this parameter only when you include a policy in the request and you intend to prevent the principal that is
* making the request from making a subsequent PutKeyPolicy request on the CMK.
*
*
* The default value is false.
*
*
* @return A flag to indicate whether to bypass the key policy lockout safety check.
*
* Setting this value to true increases the risk that the CMK becomes unmanageable. Do not set this value to
* true indiscriminately.
*
*
* For more information, refer to the scenario in the Default Key Policy section in the AWS Key Management Service Developer Guide .
*
*
*
* Use this parameter only when you include a policy in the request and you intend to prevent the principal
* that is making the request from making a subsequent PutKeyPolicy request on the CMK.
*
*
* The default value is false.
*/
public Boolean bypassPolicyLockoutSafetyCheck() {
return bypassPolicyLockoutSafetyCheck;
}
/**
*
* One or more tags. Each tag consists of a tag key and a tag value. Tag keys and tag values are both required, but
* tag values can be empty (null) strings.
*
*
* Use this parameter to tag the CMK when it is created. Alternately, you can omit this parameter and instead tag
* the CMK after it is created using TagResource.
*
*
* Attempts to modify the collection returned by this method will result in an UnsupportedOperationException.
*
*
* @return One or more tags. Each tag consists of a tag key and a tag value. Tag keys and tag values are both
* required, but tag values can be empty (null) strings.
*
* Use this parameter to tag the CMK when it is created. Alternately, you can omit this parameter and
* instead tag the CMK after it is created using TagResource.
*/
public List tags() {
return tags;
}
@Override
public Builder toBuilder() {
return new BuilderImpl(this);
}
public static Builder builder() {
return new BuilderImpl();
}
public static Class serializableBuilderClass() {
return BuilderImpl.class;
}
@Override
public int hashCode() {
int hashCode = 1;
hashCode = 31 * hashCode + Objects.hashCode(policy());
hashCode = 31 * hashCode + Objects.hashCode(description());
hashCode = 31 * hashCode + Objects.hashCode(keyUsageAsString());
hashCode = 31 * hashCode + Objects.hashCode(originAsString());
hashCode = 31 * hashCode + Objects.hashCode(customKeyStoreId());
hashCode = 31 * hashCode + Objects.hashCode(bypassPolicyLockoutSafetyCheck());
hashCode = 31 * hashCode + Objects.hashCode(tags());
return hashCode;
}
@Override
public boolean equals(Object obj) {
if (this == obj) {
return true;
}
if (obj == null) {
return false;
}
if (!(obj instanceof CreateKeyRequest)) {
return false;
}
CreateKeyRequest other = (CreateKeyRequest) obj;
return Objects.equals(policy(), other.policy()) && Objects.equals(description(), other.description())
&& Objects.equals(keyUsageAsString(), other.keyUsageAsString())
&& Objects.equals(originAsString(), other.originAsString())
&& Objects.equals(customKeyStoreId(), other.customKeyStoreId())
&& Objects.equals(bypassPolicyLockoutSafetyCheck(), other.bypassPolicyLockoutSafetyCheck())
&& Objects.equals(tags(), other.tags());
}
/**
* Returns a string representation of this object. This is useful for testing and debugging. Sensitive data will be
* redacted from this string using a placeholder value.
*/
@Override
public String toString() {
return ToString.builder("CreateKeyRequest").add("Policy", policy()).add("Description", description())
.add("KeyUsage", keyUsageAsString()).add("Origin", originAsString()).add("CustomKeyStoreId", customKeyStoreId())
.add("BypassPolicyLockoutSafetyCheck", bypassPolicyLockoutSafetyCheck()).add("Tags", tags()).build();
}
public Optional getValueForField(String fieldName, Class clazz) {
switch (fieldName) {
case "Policy":
return Optional.ofNullable(clazz.cast(policy()));
case "Description":
return Optional.ofNullable(clazz.cast(description()));
case "KeyUsage":
return Optional.ofNullable(clazz.cast(keyUsageAsString()));
case "Origin":
return Optional.ofNullable(clazz.cast(originAsString()));
case "CustomKeyStoreId":
return Optional.ofNullable(clazz.cast(customKeyStoreId()));
case "BypassPolicyLockoutSafetyCheck":
return Optional.ofNullable(clazz.cast(bypassPolicyLockoutSafetyCheck()));
case "Tags":
return Optional.ofNullable(clazz.cast(tags()));
default:
return Optional.empty();
}
}
@Override
public List> sdkFields() {
return SDK_FIELDS;
}
private static Function getter(Function g) {
return obj -> g.apply((CreateKeyRequest) obj);
}
private static BiConsumer setter(BiConsumer s) {
return (obj, val) -> s.accept((Builder) obj, val);
}
public interface Builder extends KmsRequest.Builder, SdkPojo, CopyableBuilder {
/**
*
* The key policy to attach to the CMK.
*
*
* If you provide a key policy, it must meet the following criteria:
*
*
* -
*
* If you don't set BypassPolicyLockoutSafetyCheck to true, the key policy must allow the principal
* that is making the CreateKey request to make a subsequent PutKeyPolicy request on the
* CMK. This reduces the risk that the CMK becomes unmanageable. For more information, refer to the scenario in
* the Default Key Policy section of the AWS Key Management Service Developer Guide .
*
*
* -
*
* Each statement in the key policy must contain one or more principals. The principals in the key policy must
* exist and be visible to AWS KMS. When you create a new AWS principal (for example, an IAM user or role), you
* might need to enforce a delay before including the new principal in a key policy because the new principal
* might not be immediately visible to AWS KMS. For more information, see Changes that I make are not always immediately visible in the AWS Identity and Access Management User
* Guide.
*
*
*
*
* If you do not provide a key policy, AWS KMS attaches a default key policy to the CMK. For more information,
* see Default Key
* Policy in the AWS Key Management Service Developer Guide.
*
*
* The key policy size limit is 32 kilobytes (32768 bytes).
*
*
* @param policy
* The key policy to attach to the CMK.
*
* If you provide a key policy, it must meet the following criteria:
*
*
* -
*
* If you don't set BypassPolicyLockoutSafetyCheck to true, the key policy must allow the
* principal that is making the CreateKey request to make a subsequent PutKeyPolicy
* request on the CMK. This reduces the risk that the CMK becomes unmanageable. For more information,
* refer to the scenario in the Default Key Policy section of the AWS Key Management Service Developer Guide .
*
*
* -
*
* Each statement in the key policy must contain one or more principals. The principals in the key policy
* must exist and be visible to AWS KMS. When you create a new AWS principal (for example, an IAM user or
* role), you might need to enforce a delay before including the new principal in a key policy because
* the new principal might not be immediately visible to AWS KMS. For more information, see Changes that I make are not always immediately visible in the AWS Identity and Access
* Management User Guide.
*
*
*
*
* If you do not provide a key policy, AWS KMS attaches a default key policy to the CMK. For more
* information, see Default Key Policy in the AWS Key Management Service Developer Guide.
*
*
* The key policy size limit is 32 kilobytes (32768 bytes).
* @return Returns a reference to this object so that method calls can be chained together.
*/
Builder policy(String policy);
/**
*
* A description of the CMK.
*
*
* Use a description that helps you decide whether the CMK is appropriate for a task.
*
*
* @param description
* A description of the CMK.
*
* Use a description that helps you decide whether the CMK is appropriate for a task.
* @return Returns a reference to this object so that method calls can be chained together.
*/
Builder description(String description);
/**
*
* The cryptographic operations for which you can use the CMK. The only valid value is
* ENCRYPT_DECRYPT, which means you can use the CMK to encrypt and decrypt data.
*
*
* @param keyUsage
* The cryptographic operations for which you can use the CMK. The only valid value is
* ENCRYPT_DECRYPT, which means you can use the CMK to encrypt and decrypt data.
* @see KeyUsageType
* @return Returns a reference to this object so that method calls can be chained together.
* @see KeyUsageType
*/
Builder keyUsage(String keyUsage);
/**
*
* The cryptographic operations for which you can use the CMK. The only valid value is
* ENCRYPT_DECRYPT, which means you can use the CMK to encrypt and decrypt data.
*
*
* @param keyUsage
* The cryptographic operations for which you can use the CMK. The only valid value is
* ENCRYPT_DECRYPT, which means you can use the CMK to encrypt and decrypt data.
* @see KeyUsageType
* @return Returns a reference to this object so that method calls can be chained together.
* @see KeyUsageType
*/
Builder keyUsage(KeyUsageType keyUsage);
/**
*
* The source of the key material for the CMK. You cannot change the origin after you create the CMK.
*
*
* The default is AWS_KMS, which means AWS KMS creates the key material in its own key store.
*
*
* When the parameter value is EXTERNAL, AWS KMS creates a CMK without key material so that you can
* import key material from your existing key management infrastructure. For more information about importing
* key material into AWS KMS, see Importing Key Material
* in the AWS Key Management Service Developer Guide.
*
*
* When the parameter value is AWS_CLOUDHSM, AWS KMS creates the CMK in an AWS KMS custom key
* store and creates its key material in the associated AWS CloudHSM cluster. You must also use the
* CustomKeyStoreId parameter to identify the custom key store.
*
*
* @param origin
* The source of the key material for the CMK. You cannot change the origin after you create the CMK.
*
* The default is AWS_KMS, which means AWS KMS creates the key material in its own key
* store.
*
*
* When the parameter value is EXTERNAL, AWS KMS creates a CMK without key material so that
* you can import key material from your existing key management infrastructure. For more information
* about importing key material into AWS KMS, see Importing Key
* Material in the AWS Key Management Service Developer Guide.
*
*
* When the parameter value is AWS_CLOUDHSM, AWS KMS creates the CMK in an AWS KMS custom key
* store and creates its key material in the associated AWS CloudHSM cluster. You must also use the
* CustomKeyStoreId parameter to identify the custom key store.
* @see OriginType
* @return Returns a reference to this object so that method calls can be chained together.
* @see OriginType
*/
Builder origin(String origin);
/**
*
* The source of the key material for the CMK. You cannot change the origin after you create the CMK.
*
*
* The default is AWS_KMS, which means AWS KMS creates the key material in its own key store.
*
*
* When the parameter value is EXTERNAL, AWS KMS creates a CMK without key material so that you can
* import key material from your existing key management infrastructure. For more information about importing
* key material into AWS KMS, see Importing Key Material
* in the AWS Key Management Service Developer Guide.
*
*
* When the parameter value is AWS_CLOUDHSM, AWS KMS creates the CMK in an AWS KMS custom key
* store and creates its key material in the associated AWS CloudHSM cluster. You must also use the
* CustomKeyStoreId parameter to identify the custom key store.
*
*
* @param origin
* The source of the key material for the CMK. You cannot change the origin after you create the CMK.
*
* The default is AWS_KMS, which means AWS KMS creates the key material in its own key
* store.
*
*
* When the parameter value is EXTERNAL, AWS KMS creates a CMK without key material so that
* you can import key material from your existing key management infrastructure. For more information
* about importing key material into AWS KMS, see Importing Key
* Material in the AWS Key Management Service Developer Guide.
*
*
* When the parameter value is AWS_CLOUDHSM, AWS KMS creates the CMK in an AWS KMS custom key
* store and creates its key material in the associated AWS CloudHSM cluster. You must also use the
* CustomKeyStoreId parameter to identify the custom key store.
* @see OriginType
* @return Returns a reference to this object so that method calls can be chained together.
* @see OriginType
*/
Builder origin(OriginType origin);
/**
*
* Creates the CMK in the specified custom key
* store and the key material in its associated AWS CloudHSM cluster. To create a CMK in a custom key store,
* you must also specify the Origin parameter with a value of AWS_CLOUDHSM. The AWS
* CloudHSM cluster that is associated with the custom key store must have at least two active HSMs, each in a
* different Availability Zone in the Region.
*
*
* To find the ID of a custom key store, use the DescribeCustomKeyStores operation.
*
*
* The response includes the custom key store ID and the ID of the AWS CloudHSM cluster.
*
*
* This operation is part of the Custom Key Store
* feature feature in AWS KMS, which combines the convenience and extensive integration of AWS KMS with the
* isolation and control of a single-tenant key store.
*
*
* @param customKeyStoreId
* Creates the CMK in the specified custom key
* store and the key material in its associated AWS CloudHSM cluster. To create a CMK in a custom key
* store, you must also specify the Origin parameter with a value of
* AWS_CLOUDHSM. The AWS CloudHSM cluster that is associated with the custom key store must
* have at least two active HSMs, each in a different Availability Zone in the Region.
*
* To find the ID of a custom key store, use the DescribeCustomKeyStores operation.
*
*
* The response includes the custom key store ID and the ID of the AWS CloudHSM cluster.
*
*
* This operation is part of the Custom Key
* Store feature feature in AWS KMS, which combines the convenience and extensive integration of AWS
* KMS with the isolation and control of a single-tenant key store.
* @return Returns a reference to this object so that method calls can be chained together.
*/
Builder customKeyStoreId(String customKeyStoreId);
/**
*
* A flag to indicate whether to bypass the key policy lockout safety check.
*
*
*
* Setting this value to true increases the risk that the CMK becomes unmanageable. Do not set this value to
* true indiscriminately.
*
*
* For more information, refer to the scenario in the Default Key Policy section in the AWS Key Management Service Developer Guide .
*
*
*
* Use this parameter only when you include a policy in the request and you intend to prevent the principal that
* is making the request from making a subsequent PutKeyPolicy request on the CMK.
*
*
* The default value is false.
*
*
* @param bypassPolicyLockoutSafetyCheck
* A flag to indicate whether to bypass the key policy lockout safety check.
*
* Setting this value to true increases the risk that the CMK becomes unmanageable. Do not set this value
* to true indiscriminately.
*
*
* For more information, refer to the scenario in the Default Key Policy section in the AWS Key Management Service Developer Guide .
*
*
*
* Use this parameter only when you include a policy in the request and you intend to prevent the
* principal that is making the request from making a subsequent PutKeyPolicy request on the CMK.
*
*
* The default value is false.
* @return Returns a reference to this object so that method calls can be chained together.
*/
Builder bypassPolicyLockoutSafetyCheck(Boolean bypassPolicyLockoutSafetyCheck);
/**
*
* One or more tags. Each tag consists of a tag key and a tag value. Tag keys and tag values are both required,
* but tag values can be empty (null) strings.
*
*
* Use this parameter to tag the CMK when it is created. Alternately, you can omit this parameter and instead
* tag the CMK after it is created using TagResource.
*
*
* @param tags
* One or more tags. Each tag consists of a tag key and a tag value. Tag keys and tag values are both
* required, but tag values can be empty (null) strings.
*
* Use this parameter to tag the CMK when it is created. Alternately, you can omit this parameter and
* instead tag the CMK after it is created using TagResource.
* @return Returns a reference to this object so that method calls can be chained together.
*/
Builder tags(Collection tags);
/**
*
* One or more tags. Each tag consists of a tag key and a tag value. Tag keys and tag values are both required,
* but tag values can be empty (null) strings.
*
*
* Use this parameter to tag the CMK when it is created. Alternately, you can omit this parameter and instead
* tag the CMK after it is created using TagResource.
*
*
* @param tags
* One or more tags. Each tag consists of a tag key and a tag value. Tag keys and tag values are both
* required, but tag values can be empty (null) strings.
*
* Use this parameter to tag the CMK when it is created. Alternately, you can omit this parameter and
* instead tag the CMK after it is created using TagResource.
* @return Returns a reference to this object so that method calls can be chained together.
*/
Builder tags(Tag... tags);
/**
*
* One or more tags. Each tag consists of a tag key and a tag value. Tag keys and tag values are both required,
* but tag values can be empty (null) strings.
*
*
* Use this parameter to tag the CMK when it is created. Alternately, you can omit this parameter and instead
* tag the CMK after it is created using TagResource.
*
* This is a convenience that creates an instance of the {@link List.Builder} avoiding the need to create
* one manually via {@link List#builder()}.
*
* When the {@link Consumer} completes, {@link List.Builder#build()} is called immediately and its result
* is passed to {@link #tags(List)}.
*
* @param tags
* a consumer that will call methods on {@link List.Builder}
* @return Returns a reference to this object so that method calls can be chained together.
* @see #tags(List)
*/
Builder tags(Consumer... tags);
@Override
Builder overrideConfiguration(AwsRequestOverrideConfiguration overrideConfiguration);
@Override
Builder overrideConfiguration(Consumer builderConsumer);
}
static final class BuilderImpl extends KmsRequest.BuilderImpl implements Builder {
private String policy;
private String description;
private String keyUsage;
private String origin;
private String customKeyStoreId;
private Boolean bypassPolicyLockoutSafetyCheck;
private List tags = DefaultSdkAutoConstructList.getInstance();
private BuilderImpl() {
}
private BuilderImpl(CreateKeyRequest model) {
super(model);
policy(model.policy);
description(model.description);
keyUsage(model.keyUsage);
origin(model.origin);
customKeyStoreId(model.customKeyStoreId);
bypassPolicyLockoutSafetyCheck(model.bypassPolicyLockoutSafetyCheck);
tags(model.tags);
}
public final String getPolicy() {
return policy;
}
@Override
public final Builder policy(String policy) {
this.policy = policy;
return this;
}
public final void setPolicy(String policy) {
this.policy = policy;
}
public final String getDescription() {
return description;
}
@Override
public final Builder description(String description) {
this.description = description;
return this;
}
public final void setDescription(String description) {
this.description = description;
}
public final String getKeyUsageAsString() {
return keyUsage;
}
@Override
public final Builder keyUsage(String keyUsage) {
this.keyUsage = keyUsage;
return this;
}
@Override
public final Builder keyUsage(KeyUsageType keyUsage) {
this.keyUsage(keyUsage.toString());
return this;
}
public final void setKeyUsage(String keyUsage) {
this.keyUsage = keyUsage;
}
public final String getOriginAsString() {
return origin;
}
@Override
public final Builder origin(String origin) {
this.origin = origin;
return this;
}
@Override
public final Builder origin(OriginType origin) {
this.origin(origin.toString());
return this;
}
public final void setOrigin(String origin) {
this.origin = origin;
}
public final String getCustomKeyStoreId() {
return customKeyStoreId;
}
@Override
public final Builder customKeyStoreId(String customKeyStoreId) {
this.customKeyStoreId = customKeyStoreId;
return this;
}
public final void setCustomKeyStoreId(String customKeyStoreId) {
this.customKeyStoreId = customKeyStoreId;
}
public final Boolean getBypassPolicyLockoutSafetyCheck() {
return bypassPolicyLockoutSafetyCheck;
}
@Override
public final Builder bypassPolicyLockoutSafetyCheck(Boolean bypassPolicyLockoutSafetyCheck) {
this.bypassPolicyLockoutSafetyCheck = bypassPolicyLockoutSafetyCheck;
return this;
}
public final void setBypassPolicyLockoutSafetyCheck(Boolean bypassPolicyLockoutSafetyCheck) {
this.bypassPolicyLockoutSafetyCheck = bypassPolicyLockoutSafetyCheck;
}
public final Collection getTags() {
return tags != null ? tags.stream().map(Tag::toBuilder).collect(Collectors.toList()) : null;
}
@Override
public final Builder tags(Collection tags) {
this.tags = TagListCopier.copy(tags);
return this;
}
@Override
@SafeVarargs
public final Builder tags(Tag... tags) {
tags(Arrays.asList(tags));
return this;
}
@Override
@SafeVarargs
public final Builder tags(Consumer... tags) {
tags(Stream.of(tags).map(c -> Tag.builder().applyMutation(c).build()).collect(Collectors.toList()));
return this;
}
public final void setTags(Collection tags) {
this.tags = TagListCopier.copyFromBuilder(tags);
}
@Override
public Builder overrideConfiguration(AwsRequestOverrideConfiguration overrideConfiguration) {
super.overrideConfiguration(overrideConfiguration);
return this;
}
@Override
public Builder overrideConfiguration(Consumer builderConsumer) {
super.overrideConfiguration(builderConsumer);
return this;
}
@Override
public CreateKeyRequest build() {
return new CreateKeyRequest(this);
}
@Override
public List> sdkFields() {
return SDK_FIELDS;
}
}
}