List of usage examples for com.amazonaws.services.identitymanagement.model PutUserPolicyRequest setPolicyDocument
public void setPolicyDocument(String policyDocument)
The policy document.
From source file:org.apache.usergrid.apm.service.ApplicationServiceImpl.java
License:Apache License
public AccessKey createAuthorizedAppPrinciple(Long applicationId, String orgAppName) { CreateUserRequest createUserRequest = new CreateUserRequest(); createUserRequest.setUserName(APP_PRINCIPLE_USER_PREFIX + "_" + orgAppName); createUserRequest.setRequestCredentials(awsCredentials); try {//from ww w. j av a2 s . c o m CreateUserResult createUserResult = identityManagementClient.createUser(createUserRequest); log.info("cloud user id for app with " + orgAppName + " created with " + createUserResult.getUser().getUserName()); CreateAccessKeyRequest accessKeyRequest = new CreateAccessKeyRequest(); accessKeyRequest.setUserName(createUserResult.getUser().getUserName()); CreateAccessKeyResult accessKeyResult = identityManagementClient.createAccessKey(accessKeyRequest); //Create policy of queue GetQueueAttributesRequest attributesRequest = new GetQueueAttributesRequest(); log.info("Going to secure sqs queue : " + AWSUtil.formFullQueueUrl(orgAppName)); attributesRequest.setQueueUrl(AWSUtil.formFullQueueUrl(orgAppName)); List<String> attributeNames = new ArrayList<String>(); attributeNames.add("QueueArn"); attributesRequest.setAttributeNames(attributeNames); GetQueueAttributesResult attributesResult = sqsClient.getQueueAttributes(attributesRequest); String queueArn = attributesResult.getAttributes().get("QueueArn"); String policy = POLICY_DOCUMENT_TEMPLATE.replace("QUEUE_ARN", queueArn); String formattedPolicy = String.format(POLICY_DOCUMENT_TEMPLATE, queueArn); log.info("Applying authorization for following AWS resources" + formattedPolicy); PutUserPolicyRequest policyRequest = new PutUserPolicyRequest(); policyRequest.setPolicyName(POLICY_NAME); policyRequest.setPolicyDocument(formattedPolicy); policyRequest.setUserName(createUserResult.getUser().getUserName()); identityManagementClient.putUserPolicy(policyRequest); log.info("User policy for queue " + queueArn + " was set"); return accessKeyResult.getAccessKey(); } catch (EntityAlreadyExistsException e) { log.error("This should not happen in production. Swallowing the error fow now " + e.getMessage()); log.error(e); return null; } }
From source file:org.applicationMigrator.userManagement.UserManagementWorker.java
License:Apache License
public void grantPermissions(CreateUserRequest user, AmazonIdentityManagementClient client) { Resource resource = new Resource(BUCKET_NAME + "/" + user.getUserName() + "/*"); Statement statement = new Statement(Effect.Allow); Action deleteObjectAction = S3Actions.DeleteObject; Action getObjectaAction = S3Actions.GetObject; Action putObjectAction = S3Actions.PutObject; Collection<Action> actions = new ArrayList<Action>(); actions.add(deleteObjectAction);//from ww w .j a v a2 s . c om actions.add(getObjectaAction); actions.add(putObjectAction); statement.setActions(actions); Collection<Resource> resources = new ArrayList<Resource>(); resources.add(resource); statement.setResources(resources); Policy userPolicy = new Policy(); Collection<Statement> statements = new ArrayList<Statement>(); statements.add(statement); userPolicy.setStatements(statements); PutUserPolicyRequest putUserPolicyRequest = new PutUserPolicyRequest(); putUserPolicyRequest.setPolicyDocument(userPolicy.toJson()); putUserPolicyRequest.setPolicyName(new Date().getTime() + "Policy"); putUserPolicyRequest.setUserName(user.getUserName()); client.putUserPolicy(putUserPolicyRequest); }