knox-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From lmc...@apache.org
Subject [1/2] knox git commit: KNOX-1204 - Move KnoxS3 to use idbroker classes and add client classes
Date Thu, 21 Jun 2018 05:44:07 GMT
Repository: knox
Updated Branches:
  refs/heads/KNOX-1204 d5885d145 -> f315b6652


KNOX-1204 - Move KnoxS3 to use idbroker classes and add client classes

Project: http://git-wip-us.apache.org/repos/asf/knox/repo
Commit: http://git-wip-us.apache.org/repos/asf/knox/commit/66736e15
Tree: http://git-wip-us.apache.org/repos/asf/knox/tree/66736e15
Diff: http://git-wip-us.apache.org/repos/asf/knox/diff/66736e15

Branch: refs/heads/KNOX-1204
Commit: 66736e1554695a1340f3f215fa1bfa5fd63e80c2
Parents: d5885d1
Author: Larry McCay <lmccay@HW14155.local>
Authored: Wed Jun 20 22:43:01 2018 -0700
Committer: Larry McCay <lmccay@HW14155.local>
Committed: Wed Jun 20 22:43:01 2018 -0700

----------------------------------------------------------------------
 gateway-service-knoxs3/pom.xml                  |   4 +
 .../gateway/service/knoxs3/AWSPolicyModel.java  |  60 ------
 .../service/knoxs3/IdentityBrokerResource.java  | 127 -------------
 .../service/knoxs3/KnoxS3ClientBuilder.java     | 184 +++----------------
 .../service/knoxs3/S3BucketsResource.java       |  10 +-
 .../KnoxS3ServiceDeploymentContributor.java     |   2 +-
 .../service/knoxs3/S3BucketsResourceTest.java   | 102 +++++-----
 7 files changed, 79 insertions(+), 410 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/knox/blob/66736e15/gateway-service-knoxs3/pom.xml
----------------------------------------------------------------------
diff --git a/gateway-service-knoxs3/pom.xml b/gateway-service-knoxs3/pom.xml
index d83613c..b30f2f4 100644
--- a/gateway-service-knoxs3/pom.xml
+++ b/gateway-service-knoxs3/pom.xml
@@ -63,6 +63,10 @@
             <artifactId>gateway-provider-jersey</artifactId>
         </dependency>
         <dependency>
+            <groupId>${gateway-group}</groupId>
+            <artifactId>gateway-service-idbroker</artifactId>
+        </dependency>
+        <dependency>
             <groupId>junit</groupId>
             <artifactId>junit</artifactId>
             <scope>test</scope>

http://git-wip-us.apache.org/repos/asf/knox/blob/66736e15/gateway-service-knoxs3/src/main/java/org/apache/knox/gateway/service/knoxs3/AWSPolicyModel.java
----------------------------------------------------------------------
diff --git a/gateway-service-knoxs3/src/main/java/org/apache/knox/gateway/service/knoxs3/AWSPolicyModel.java
b/gateway-service-knoxs3/src/main/java/org/apache/knox/gateway/service/knoxs3/AWSPolicyModel.java
deleted file mode 100644
index 4b51dc3..0000000
--- a/gateway-service-knoxs3/src/main/java/org/apache/knox/gateway/service/knoxs3/AWSPolicyModel.java
+++ /dev/null
@@ -1,60 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.knox.gateway.service.knoxs3;
-
-import java.util.ArrayList;
-import java.util.HashMap;
-import java.util.Map;
-
-import org.apache.knox.gateway.util.JsonUtils;
-
-public class AWSPolicyModel {
-  HashMap<String, Object> policyModel = new HashMap<String, Object>();
-  ArrayList<String> actionArray = new ArrayList<String>();
-  HashMap<String, Object> statementMap = new HashMap<String, Object>();
-  ArrayList<String> resourcesArray = new ArrayList<String>();
-
-  public AWSPolicyModel() {
-    policyModel.put("Version", "2012-10-17");
-    ArrayList<Map<String, Object>> statement = new ArrayList<Map<String,
Object>>();
-    policyModel.put("Statement", statement );
-    statement.add(statementMap);
-    statementMap.put("Action", actionArray );
-    statementMap.put("Resource", resourcesArray);
-  }
-
-  public void setEffect(String effect) {
-    statementMap.put("Effect", effect);
-  }
-
-  public void addAction(String action) {
-    actionArray.add(action);
-  }
-
-  public void addResource(String resource) {
-    resourcesArray.add(resource);
-  }
-
-  public void setResource(String resource) {
-    statementMap.put("Resource", resource);
-  }
-
-  public String toString() {
-    return JsonUtils.renderAsJsonString(policyModel);
-  }
-}

http://git-wip-us.apache.org/repos/asf/knox/blob/66736e15/gateway-service-knoxs3/src/main/java/org/apache/knox/gateway/service/knoxs3/IdentityBrokerResource.java
----------------------------------------------------------------------
diff --git a/gateway-service-knoxs3/src/main/java/org/apache/knox/gateway/service/knoxs3/IdentityBrokerResource.java
b/gateway-service-knoxs3/src/main/java/org/apache/knox/gateway/service/knoxs3/IdentityBrokerResource.java
deleted file mode 100644
index 624c65c..0000000
--- a/gateway-service-knoxs3/src/main/java/org/apache/knox/gateway/service/knoxs3/IdentityBrokerResource.java
+++ /dev/null
@@ -1,127 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.knox.gateway.service.knoxs3;
-
-import org.apache.knox.gateway.i18n.messages.MessagesFactory;
-import org.apache.knox.gateway.security.SubjectUtils;
-
-import com.amazonaws.services.securitytoken.model.GetFederationTokenResult;
-
-import javax.annotation.PostConstruct;
-import javax.security.auth.Subject;
-import javax.servlet.ServletContext;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import javax.ws.rs.GET;
-import javax.ws.rs.Path;
-import javax.ws.rs.Produces;
-import javax.ws.rs.core.Context;
-import javax.ws.rs.core.Response;
-import java.io.PrintWriter;
-import java.util.Enumeration;
-import java.util.Properties;
-
-import static javax.ws.rs.core.MediaType.APPLICATION_JSON;
-
-@Path(IdentityBrokerResource.RESOURCE_PATH)
-public class IdentityBrokerResource {
-  private static final String CREDENTIALS_API_PATH = "credentials";
-  private static final String USER_CREDENTIALS_API_PATH = "credentials/{id}";
-  private static KnoxS3ServiceMessages log = MessagesFactory.get(KnoxS3ServiceMessages.class);
-  private static final String VERSION_TAG = "api/v1";
-  static final String RESOURCE_PATH = "/idbroker/" + VERSION_TAG;
-
-  private static final String CONTENT_TYPE = "application/json";
-  private static final String CACHE_CONTROL = "Cache-Control";
-  private static final String NO_CACHE = "must-revalidate,no-cache,no-store";
-
-  private KnoxS3ClientBuilder s3b = new KnoxS3ClientBuilder();
-
-  @Context
-  HttpServletRequest request;
-
-  @Context
-  private HttpServletResponse response;
-
-  @Context
-  ServletContext context;
-
-  @PostConstruct
-  public void init() {
-    s3b.init(getProperties());
-  }
-
-  private Properties getProperties() {
-    Properties props = new Properties();
-    String paramName = null;
-    Enumeration<String> e = context.getInitParameterNames();
-    while (e.hasMoreElements()) {
-      paramName = (String)e.nextElement();
-      if (paramName.startsWith("s3.")) {
-        props.setProperty(paramName, context.getInitParameter(paramName));
-      }
-    }
-    
-    return props;
-  }
-
-  @GET
-  @Produces({APPLICATION_JSON})
-  @Path(CREDENTIALS_API_PATH)
-  public Response getCredentials() {
-    return getCredentialsResponse();
-  }
-
-  @GET
-  @Produces({APPLICATION_JSON})
-  @Path(USER_CREDENTIALS_API_PATH)
-  public Response getUserCredentials() {
-    return getCredentialsResponse();
-  }
-
-  private Response getCredentialsResponse() {
-    response.setStatus(HttpServletResponse.SC_OK);
-    response.setHeader(CACHE_CONTROL, NO_CACHE);
-    response.setContentType(CONTENT_TYPE);
-    PrintWriter writer = null;
-    try {
-      writer = response.getWriter();
-      writer.println(getFederationToken());
-    } catch (Exception e) {
-      log.logException("list", e);
-      return Response.serverError().entity(String.format("Failed to reply correctly due to
: %s ", e)).build();
-    } finally {
-      if (writer != null) {
-        writer.close();
-      }
-    }
-    return Response.ok().build();
-  }
-
-  protected String getFederationToken() {
-//    Subject subject = Subject.getSubject(AccessController.getContext());
-//    String username = getEffectiveUserName(subject);
-    GetFederationTokenResult creds = (GetFederationTokenResult) s3b.getFederationTokenResult();
-    return creds.toString();
-  }
-
-  private String getEffectiveUserName(Subject subject) {
-    return SubjectUtils.getEffectivePrincipalName(subject);
-  }
-
-}

http://git-wip-us.apache.org/repos/asf/knox/blob/66736e15/gateway-service-knoxs3/src/main/java/org/apache/knox/gateway/service/knoxs3/KnoxS3ClientBuilder.java
----------------------------------------------------------------------
diff --git a/gateway-service-knoxs3/src/main/java/org/apache/knox/gateway/service/knoxs3/KnoxS3ClientBuilder.java
b/gateway-service-knoxs3/src/main/java/org/apache/knox/gateway/service/knoxs3/KnoxS3ClientBuilder.java
index aab399a..62730f9 100644
--- a/gateway-service-knoxs3/src/main/java/org/apache/knox/gateway/service/knoxs3/KnoxS3ClientBuilder.java
+++ b/gateway-service-knoxs3/src/main/java/org/apache/knox/gateway/service/knoxs3/KnoxS3ClientBuilder.java
@@ -32,7 +32,13 @@ import org.apache.knox.gateway.security.GroupPrincipal;
 import org.apache.knox.gateway.security.ImpersonatedPrincipal;
 import org.apache.knox.gateway.security.PrimaryPrincipal;
 import org.apache.knox.gateway.security.SubjectUtils;
+import org.apache.knox.gateway.service.idbroker.KnoxCloudCredentialsClient;
+import org.apache.knox.gateway.service.idbroker.KnoxCloudCredentiatlsClientManager;
+import org.apache.knox.gateway.service.idbroker.KnoxCloudPolicyProvider;
+import org.apache.knox.gateway.service.idbroker.KnoxPolicyProviderManager;
 
+import com.amazonaws.auth.AWSCredentials;
+import com.amazonaws.auth.AWSCredentialsProvider;
 import com.amazonaws.auth.AWSStaticCredentialsProvider;
 import com.amazonaws.auth.BasicSessionCredentials;
 import com.amazonaws.regions.Regions;
@@ -45,183 +51,35 @@ import com.amazonaws.services.securitytoken.model.GetFederationTokenRequest;
 import com.amazonaws.services.securitytoken.model.GetFederationTokenResult;
 
 public class KnoxS3ClientBuilder {
-  private Map<String, PolicyConfig> userPolicyConfig =  new HashMap<String, PolicyConfig>();
-  private Map<String, PolicyConfig> groupPolicyConfig =  new HashMap<String, PolicyConfig>();
+  private KnoxCloudPolicyProvider policyProvider = new KnoxPolicyProviderManager();
+  private KnoxCloudCredentialsClient credentialsClient = new KnoxCloudCredentiatlsClientManager();
+
+  private Properties props = null;
 
   public KnoxS3ClientBuilder() {
   }
-
+  
   public AmazonS3 getS3Client() {
-    BasicSessionCredentials sessionCredentials = (BasicSessionCredentials) getCredentials();
+    GetFederationTokenResult result = (GetFederationTokenResult) credentialsClient.getCredentials();
 
+    Credentials session_creds = result.getCredentials();
+    BasicSessionCredentials sessionCredentials = new BasicSessionCredentials(
+       session_creds.getAccessKeyId(),
+       session_creds.getSecretAccessKey(),
+       session_creds.getSessionToken());
+    
     AmazonS3 s3 = AmazonS3ClientBuilder.standard().withRegion(Regions.US_EAST_1)
         .withCredentials(new AWSStaticCredentialsProvider(sessionCredentials)).build();
     return s3;
   }
 
-  /**
-   * Get an opaque Object representation of the credentials.
-   * This method will only be called by callers that are aware
-   * of the actual form of the credentials in the given context
-   * and therefore able to cast it appropriately.
-   * @return opaque object
-   */
-  public Object getCredentials() {
-    BasicSessionCredentials sessionCredentials = getSessionCredentials();
-    if (sessionCredentials == null) {
-      throw new RuntimeException("No S3 credentials available.");
-    }
-    return sessionCredentials;
-  }
-
   public void init(Properties context) {
-    buildPolicyMaps(context);
-  }
-
-  private void buildPolicyMaps(Properties context) {
-    /*
-    <service>
-    <role>KNOXS3</role>
-    <param>
-        <name>s3.user.policy.action.guest</name>
-        <value>s3:Get*,s3:List*</value>
-    </param>
-    <param>
-        <name>s3.user.policy.resource.guest</name>
-        <value>*</value>
-    </param>
-    <param>
-        <name>s3.group.policy.action.admin</name>
-        <value>*</value>
-    </param>
-    <param>
-        <name>s3.group.policy.resource.admin</name>
-        <value>*</value>
-    </param>
-  </service>
-  */
-
-    String paramName = null;
-    Enumeration<Object> e = context.keys();
-    while (e.hasMoreElements()) {
-      paramName = (String)e.nextElement();
-      if (paramName.startsWith("s3.")) {
-        String[] elements = paramName.split("\\.");
-        if (elements[1].equals("user")) {
-          PolicyConfig policy = userPolicyConfig.get(elements[4]);
-          if (policy == null) {
-            policy = new PolicyConfig();
-            userPolicyConfig.put(elements[4], policy);
-          }
-          if (elements[3].equals("action")) {
-            policy.actions=context.getProperty(paramName);
-          } else {
-            policy.resources=context.getProperty(paramName);
-          }
-          if (policy.actions != null && policy.resources != null) {
-            buildS3PolicyModel(policy);
-          }
-        }else if (elements[1].equals("group")) {
-          PolicyConfig policy = groupPolicyConfig.get(elements[4]);
-          if (policy == null) {
-            policy = new PolicyConfig();
-            groupPolicyConfig.put(elements[4], policy);
-          }
-          if (elements[3].equals("action")) {
-            policy.actions=context.getProperty(paramName);
-          } else {
-            policy.resources=context.getProperty(paramName);
-          }
-          if (policy.actions != null && policy.resources != null) {
-            buildS3PolicyModel(policy);
-          }
-        }
-      }
-    }
-  }
-
-  private void buildS3PolicyModel(PolicyConfig policy) {
-    AWSPolicyModel model = new AWSPolicyModel();
-    model.setEffect("Allow");
-    String[] actions = policy.actions.split(",");
-    for (int i = 0; i < actions.length; i++) {
-      model.addAction(actions[i]);
-    }
-    String[] resources = policy.resources.split(",");
-    if (resources.length > 1) {
-      for (int i = 0; i < resources.length; i++) {
-        model.addResource(resources[i]);
-      }
-    } else {
-      model.setResource(resources[0]);
-    }
-    policy.policy = model.toString();
-  }
-
-  private BasicSessionCredentials getSessionCredentials() {
-    BasicSessionCredentials sessionCredentials = null;
-    try {
-      GetFederationTokenResult result = getFederationTokenResult();
-      Credentials session_creds = result.getCredentials();
-      sessionCredentials = new BasicSessionCredentials(
-          session_creds.getAccessKeyId(),
-          session_creds.getSecretAccessKey(),
-          session_creds.getSessionToken());
-    } catch (Exception e) {
-      e.printStackTrace();
-    }
-    return sessionCredentials;
-  }
-
-  public GetFederationTokenResult getFederationTokenResult() {
-    String policy;
-    AWSSecurityTokenService sts_client = AWSSecurityTokenServiceClientBuilder.standard().withRegion(Regions.US_EAST_1).build();
-    String username = null;
-    Subject subject = Subject.getSubject(AccessController.getContext());
-    username = getEffectiveUserName(subject);
-    policy = buildPolicy(username, subject);
-    GetFederationTokenResult result = null;
-    if (policy != null) {
-      GetFederationTokenRequest request = new GetFederationTokenRequest(username).withPolicy(policy);
-      result = sts_client.getFederationToken(request);
-      System.out.println(result.getCredentials());
-    }
-    return result;
+    policyProvider.init(context);
+    credentialsClient.init(context);
+    credentialsClient.setPolicyProvider(policyProvider);
   }
 
   private String getEffectiveUserName(Subject subject) {
     return SubjectUtils.getEffectivePrincipalName(subject);
   }
-
-  private String buildPolicy(String username, Subject subject) {
-    String policy = null;
-    List<String> groupNames = new ArrayList<String>();
-    Object[] groups = subject.getPrincipals(GroupPrincipal.class).toArray();
-    for (int i = 0; i < groups.length; i++) {
-      groupNames.add(
-          ((Principal)groups[0]).getName());
-    }
-    
-    PolicyConfig config = userPolicyConfig.get(username);
-    if (config == null) {
-      // check for a group policy match
-      for (String groupName : groupNames) {
-        config = groupPolicyConfig.get(groupName);
-        if (config != null) {
-          // just accept first match for now
-          break;
-        }
-      }
-    }
-    if (config != null) {
-      policy = config.policy;
-    }
-    return policy;
-  }
-  
-  private class PolicyConfig {
-    public String actions = null;
-    public String resources = null;
-    public String policy = null;
-  }
 }
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/knox/blob/66736e15/gateway-service-knoxs3/src/main/java/org/apache/knox/gateway/service/knoxs3/S3BucketsResource.java
----------------------------------------------------------------------
diff --git a/gateway-service-knoxs3/src/main/java/org/apache/knox/gateway/service/knoxs3/S3BucketsResource.java
b/gateway-service-knoxs3/src/main/java/org/apache/knox/gateway/service/knoxs3/S3BucketsResource.java
index b261749..ad1e3fc 100644
--- a/gateway-service-knoxs3/src/main/java/org/apache/knox/gateway/service/knoxs3/S3BucketsResource.java
+++ b/gateway-service-knoxs3/src/main/java/org/apache/knox/gateway/service/knoxs3/S3BucketsResource.java
@@ -18,8 +18,6 @@
 package org.apache.knox.gateway.service.knoxs3;
 
 import org.apache.knox.gateway.i18n.messages.MessagesFactory;
-import org.apache.knox.gateway.security.ImpersonatedPrincipal;
-import org.apache.knox.gateway.security.PrimaryPrincipal;
 import org.apache.knox.gateway.security.SubjectUtils;
 import org.apache.knox.gateway.services.GatewayServices;
 import org.apache.knox.gateway.util.JsonUtils;
@@ -59,7 +57,6 @@ import java.io.OutputStreamWriter;
 import java.io.PrintWriter;
 import java.io.Writer;
 import java.security.AccessController;
-import java.security.Principal;
 import java.util.Enumeration;
 import java.util.HashMap;
 import java.util.List;
@@ -70,7 +67,6 @@ import static javax.ws.rs.core.MediaType.APPLICATION_JSON;
 import static javax.ws.rs.core.MediaType.APPLICATION_XML;
 import static javax.ws.rs.core.MediaType.TEXT_PLAIN;
 
-
 @Path(S3BucketsResource.RESOURCE_PATH)
 public class S3BucketsResource {
   private static final String BUCKETS_API_PATH = "buckets";
@@ -107,9 +103,7 @@ public class S3BucketsResource {
     Enumeration<String> e = context.getInitParameterNames();
     while (e.hasMoreElements()) {
       paramName = (String)e.nextElement();
-      if (paramName.startsWith("s3.")) {
-        props.setProperty(paramName, context.getInitParameter(paramName));
-      }
+      props.setProperty(paramName, context.getInitParameter(paramName));
     }
     
     return props;
@@ -134,7 +128,7 @@ public class S3BucketsResource {
       writer = response.getWriter();
       doDeleteObject(bucket, id);
     } catch (Exception ioe) {
-      log.logException("create", ioe);
+      log.logException("delete", ioe);
       return Response.serverError().entity(String.format("Failed to reply correctly due to
: %s ", ioe)).build();
     } finally {
       if (writer != null) {

http://git-wip-us.apache.org/repos/asf/knox/blob/66736e15/gateway-service-knoxs3/src/main/java/org/apache/knox/gateway/service/knoxs3/deploy/KnoxS3ServiceDeploymentContributor.java
----------------------------------------------------------------------
diff --git a/gateway-service-knoxs3/src/main/java/org/apache/knox/gateway/service/knoxs3/deploy/KnoxS3ServiceDeploymentContributor.java
b/gateway-service-knoxs3/src/main/java/org/apache/knox/gateway/service/knoxs3/deploy/KnoxS3ServiceDeploymentContributor.java
index 2a7fdb6..ec2a317 100644
--- a/gateway-service-knoxs3/src/main/java/org/apache/knox/gateway/service/knoxs3/deploy/KnoxS3ServiceDeploymentContributor.java
+++ b/gateway-service-knoxs3/src/main/java/org/apache/knox/gateway/service/knoxs3/deploy/KnoxS3ServiceDeploymentContributor.java
@@ -50,6 +50,6 @@ public class KnoxS3ServiceDeploymentContributor extends JerseyServiceDeploymentC
    */
   @Override
   protected String[] getPatterns() {
-    return new String[]{"*/**?**"};
+    return new String[]{"/knoxs3/*/**?**"};
   }
 }

http://git-wip-us.apache.org/repos/asf/knox/blob/66736e15/gateway-service-knoxs3/src/test/java/org/apache/knox/gateway/service/knoxs3/S3BucketsResourceTest.java
----------------------------------------------------------------------
diff --git a/gateway-service-knoxs3/src/test/java/org/apache/knox/gateway/service/knoxs3/S3BucketsResourceTest.java
b/gateway-service-knoxs3/src/test/java/org/apache/knox/gateway/service/knoxs3/S3BucketsResourceTest.java
index ec7f438..b746f1e 100644
--- a/gateway-service-knoxs3/src/test/java/org/apache/knox/gateway/service/knoxs3/S3BucketsResourceTest.java
+++ b/gateway-service-knoxs3/src/test/java/org/apache/knox/gateway/service/knoxs3/S3BucketsResourceTest.java
@@ -25,55 +25,55 @@ import org.apache.knox.gateway.util.JsonUtils;
 import org.junit.Test;
 
 public class S3BucketsResourceTest {
-  @Test
-  public void testPolicyCreation() {
-
-    String policy = "{\n" +
-    "  \"Version\": \"2012-10-17\",\n" +
-    "  \"Statement\": [\n" +
-    "    {\n" +
-    "      \"Effect\": \"Allow\",\n" +
-    "      \"Action\": [\n" +
-    "        \"s3:Get*\",\n" +
-    "        \"s3:List*\"\n" +
-    // "        \"s3:Delete*\"\n" +
-    "      ],\n" +
-    "      \"Resource\": \"*\"\n" +
-    "    }\n" +
-    "  ]\n" +
-    "}";
-    System.out.println(policy);
-
-    HashMap<String, Object> policyModel = new HashMap<String, Object>();
-    policyModel.put("Version", "2012-10-17");
-    ArrayList<Map<String, Object>> statement = new ArrayList<Map<String,
Object>>();
-
-    policyModel.put("Version", "2012-10-17");
-    policyModel.put("Statement", statement );
-    HashMap<String, Object> statementMap = new HashMap<String, Object>();
-    statementMap.put("Effect", "Allow");
-    ArrayList<String> actionArray = new ArrayList<String>();
-    actionArray.add("s3:Get*");
-    actionArray.add("s3:List*");
-    statementMap.put("Action", actionArray );
-    statement.add(statementMap);
-    policyModel.put("Resource", "*");
-    
-    System.out.println(JsonUtils.renderAsJsonString(policyModel));
-    
-    AWSPolicyModel model = new AWSPolicyModel();
-    model.setEffect("Allow");
-    model.addAction("s3:Get*");
-    model.addAction("s3:List*");
-    model.setResource("*");
-    System.out.println(model);
-
-    model = new AWSPolicyModel();
-    model.setEffect("Allow");
-    model.addAction("s3:Get*");
-    model.addAction("s3:List*");
-    model.addResource("this");
-    model.addResource("that");
-    System.out.println(model);
-}
+//  @Test
+//  public void testPolicyCreation() {
+//
+//    String policy = "{\n" +
+//    "  \"Version\": \"2012-10-17\",\n" +
+//    "  \"Statement\": [\n" +
+//    "    {\n" +
+//    "      \"Effect\": \"Allow\",\n" +
+//    "      \"Action\": [\n" +
+//    "        \"s3:Get*\",\n" +
+//    "        \"s3:List*\"\n" +
+//    // "        \"s3:Delete*\"\n" +
+//    "      ],\n" +
+//    "      \"Resource\": \"*\"\n" +
+//    "    }\n" +
+//    "  ]\n" +
+//    "}";
+//    System.out.println(policy);
+//
+//    HashMap<String, Object> policyModel = new HashMap<String, Object>();
+//    policyModel.put("Version", "2012-10-17");
+//    ArrayList<Map<String, Object>> statement = new ArrayList<Map<String,
Object>>();
+//
+//    policyModel.put("Version", "2012-10-17");
+//    policyModel.put("Statement", statement );
+//    HashMap<String, Object> statementMap = new HashMap<String, Object>();
+//    statementMap.put("Effect", "Allow");
+//    ArrayList<String> actionArray = new ArrayList<String>();
+//    actionArray.add("s3:Get*");
+//    actionArray.add("s3:List*");
+//    statementMap.put("Action", actionArray );
+//    statement.add(statementMap);
+//    policyModel.put("Resource", "*");
+//    
+//    System.out.println(JsonUtils.renderAsJsonString(policyModel));
+//    
+//    AWSPolicyModel model = new AWSPolicyModel();
+//    model.setEffect("Allow");
+//    model.addAction("s3:Get*");
+//    model.addAction("s3:List*");
+//    model.setResource("*");
+//    System.out.println(model);
+//
+//    model = new AWSPolicyModel();
+//    model.setEffect("Allow");
+//    model.addAction("s3:Get*");
+//    model.addAction("s3:List*");
+//    model.addResource("this");
+//    model.addResource("that");
+//    System.out.println(model);
+//}
 }
\ No newline at end of file


Mime
View raw message