@SuppressWarnings("PMD.CloseResource") // These are not SQL statements so they don't need to be closed. private Policy createUploaderPolicyNoKmsKey(String s3BucketName, String s3Key) { return new AwsPolicyBuilder().withS3(s3BucketName, s3Key, S3Actions.PutObject).build(); }
@SuppressWarnings("PMD.CloseResource") // These are not SQL statements so they don't need to be closed. private Policy createUploaderPolicyNoKmsKey(String s3BucketName, String s3Key) { return new AwsPolicyBuilder().withS3(s3BucketName, s3Key, S3Actions.PutObject).build(); }
/** * Creates a restricted policy JSON string which only allows GetObject to the given bucket name and object key, and allows Decrypt for the given key ID. * * @param s3BucketName - The S3 bucket name to restrict uploads to * @param s3Key - The S3 object key to restrict the uploads to * * @return the policy JSON string */ @SuppressWarnings("PMD.CloseResource") // These are not SQL statements so they don't need to be closed. private Policy createDownloaderPolicy(String s3BucketName, String s3Key) { return new AwsPolicyBuilder().withS3(s3BucketName, s3Key, S3Actions.GetObject).build(); }
/** * Creates a restricted policy JSON string which only allows GetObject to the given bucket name and object key, and allows Decrypt for the given key ID. * * @param s3BucketName - The S3 bucket name to restrict uploads to * @param s3Key - The S3 object key to restrict the uploads to * * @return the policy JSON string */ @SuppressWarnings("PMD.CloseResource") // These are not SQL statements so they don't need to be closed. private Policy createDownloaderPolicy(String s3BucketName, String s3Key) { return new AwsPolicyBuilder().withS3(s3BucketName, s3Key, S3Actions.GetObject).build(); }
/** * Creates a restricted policy JSON string which only allows GetObject to the given bucket name and object key, and allows Decrypt for the given key ID. * * @param s3BucketName - The S3 bucket name to restrict uploads to * @param s3Key - The S3 object key to restrict the uploads to * @param awsKmsKeyId - The KMS key ID to allow access * * @return the policy JSON string */ @SuppressWarnings("PMD.CloseResource") // These are not SQL statements so they don't need to be closed. private Policy createDownloaderPolicy(String s3BucketName, String s3Key, String awsKmsKeyId) { return new AwsPolicyBuilder().withS3(s3BucketName, s3Key, S3Actions.GetObject).withKms(awsKmsKeyId, KmsActions.DECRYPT).build(); }
/** * Creates a restricted policy JSON string which only allows GetObject to the given bucket name and object key, and allows Decrypt for the given key ID. * * @param s3BucketName - The S3 bucket name to restrict uploads to * @param s3Key - The S3 object key to restrict the uploads to * @param awsKmsKeyId - The KMS key ID to allow access * * @return the policy JSON string */ @SuppressWarnings("PMD.CloseResource") // These are not SQL statements so they don't need to be closed. private Policy createDownloaderPolicy(String s3BucketName, String s3Key, String awsKmsKeyId) { return new AwsPolicyBuilder().withS3(s3BucketName, s3Key, S3Actions.GetObject).withKms(awsKmsKeyId, KmsActions.DECRYPT).build(); }
/** * Creates a restricted policy JSON string which only allows PutObject to the given bucket name and object key, and allows GenerateDataKey and Decrypt for * the given key ID. The Decrypt is required for multipart upload with KMS encryption. * * @param s3BucketName - The S3 bucket name to restrict uploads to * @param s3Key - The S3 object key to restrict the uploads to * @param awsKmsKeyId - The KMS key ID to allow access * * @return the policy JSON string */ @SuppressWarnings("PMD.CloseResource") // These are not SQL statements so they don't need to be closed. private Policy createUploaderPolicy(String s3BucketName, String s3Key, String awsKmsKeyId) { return new AwsPolicyBuilder().withS3(s3BucketName, s3Key, S3Actions.PutObject).withKms(awsKmsKeyId, KmsActions.GENERATE_DATA_KEY, KmsActions.DECRYPT) .build(); }
/** * Creates a restricted policy JSON string which only allows PutObject to the given bucket name and object key, and allows GenerateDataKey and Decrypt for * the given key ID. The Decrypt is required for multipart upload with KMS encryption. * * @param s3BucketName - The S3 bucket name to restrict uploads to * @param s3Key - The S3 object key to restrict the uploads to * @param awsKmsKeyId - The KMS key ID to allow access * * @return the policy JSON string */ @SuppressWarnings("PMD.CloseResource") // These are not SQL statements so they don't need to be closed. private Policy createUploaderPolicy(String s3BucketName, String s3Key, String awsKmsKeyId) { return new AwsPolicyBuilder().withS3(s3BucketName, s3Key, S3Actions.PutObject).withKms(awsKmsKeyId, KmsActions.GENERATE_DATA_KEY, KmsActions.DECRYPT) .build(); }
/** * Gets a temporary session token that is only good for downloading the specified object key from the given bucket for a limited amount of time. * * @param storageEntity The storage entity of the external storage. * @param sessionName The session name to use for the temporary credentials. * @param awsPolicyBuilder The AWS policy builder. * * @return {@link Credentials} temporary session token */ private Credentials getDownloaderCredentials(StorageEntity storageEntity, String sessionName, AwsPolicyBuilder awsPolicyBuilder) { return stsDao.getTemporarySecurityCredentials(awsHelper.getAwsParamsDto(), sessionName, getStorageDownloadRoleArn(storageEntity), getStorageDownloadSessionDuration(storageEntity), awsPolicyBuilder.build()); }
/** * Gets a temporary session token that is only good for downloading the specified object key from the given bucket for a limited amount of time. * * @param storageEntity The storage entity of the external storage. * @param sessionName The session name to use for the temporary credentials. * @param awsPolicyBuilder The AWS policy builder. * * @return {@link Credentials} temporary session token */ private Credentials getDownloaderCredentials(StorageEntity storageEntity, String sessionName, AwsPolicyBuilder awsPolicyBuilder) { return stsDao.getTemporarySecurityCredentials(awsHelper.getAwsParamsDto(), sessionName, getStorageDownloadRoleArn(storageEntity), getStorageDownloadSessionDuration(storageEntity), awsPolicyBuilder.build()); }
.getTemporarySecurityCredentials(awsHelper.getAwsParamsDto(), UUID.randomUUID().toString(), roleArn, durationSeconds, awsPolicyBuilder.build());
.getTemporarySecurityCredentials(awsHelper.getAwsParamsDto(), UUID.randomUUID().toString(), roleArn, durationSeconds, awsPolicyBuilder.build());