Class: AWSCDK::KMS::KeyGrants

Inherits:
Jsii::Object
  • Object
show all
Defined in:
kms/key_grants.rb

Overview

Collection of grant methods for an IKey.

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(*args) ⇒ KeyGrants

Returns a new instance of KeyGrants.

Raises:

  • (NoMethodError)


8
9
10
# File 'kms/key_grants.rb', line 8

def initialize(*args)
  raise NoMethodError, "aws-cdk-lib.aws_kms.KeyGrants does not have a visible constructor; use the provided factory methods"
end

Class Method Details

.from_key(resource, trust_account_identities = nil) ⇒ AWSCDK::KMS::KeyGrants

Creates grants for an IKeyRef.

Parameters:

Returns:

  • (AWSCDK::KMS::KeyGrants)


33
34
35
36
37
# File 'kms/key_grants.rb', line 33

def self.from_key(resource,  = nil)
  Jsii::Type.check_type(resource, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5pbnRlcmZhY2VzLmF3c19rbXMuSUtleVJlZiJ9")), "resource")
  Jsii::Type.check_type(, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJib29sZWFuIn0=")), "trustAccountIdentities") unless .nil?
  Jsii::Kernel.instance.call_static("aws-cdk-lib.aws_kms.KeyGrants", "fromKey", [resource, ])
end

.jsii_overridable_methodsObject



12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
# File 'kms/key_grants.rb', line 12

def self.jsii_overridable_methods
  {
    :resource => { kind: :property, name: "resource", is_optional: false },
    :actions => { kind: :method, name: "actions", is_optional: false },
    :admin => { kind: :method, name: "admin", is_optional: false },
    :decrypt => { kind: :method, name: "decrypt", is_optional: false },
    :encrypt => { kind: :method, name: "encrypt", is_optional: false },
    :encrypt_decrypt => { kind: :method, name: "encryptDecrypt", is_optional: false },
    :generate_mac => { kind: :method, name: "generateMac", is_optional: false },
    :sign => { kind: :method, name: "sign", is_optional: false },
    :sign_verify => { kind: :method, name: "signVerify", is_optional: false },
    :verify => { kind: :method, name: "verify", is_optional: false },
    :verify_mac => { kind: :method, name: "verifyMac", is_optional: false },
  }
end

Instance Method Details

#actions(grantee, *actions) ⇒ AWSCDK::IAM::Grant

Grant the indicated permissions on this key to the given principal.

This modifies both the principal's policy as well as the resource policy, since the default CloudFormation setup for KMS keys is that the policy must not be empty and so default grants won't work.

Parameters:

Returns:



53
54
55
56
57
58
59
# File 'kms/key_grants.rb', line 53

def actions(grantee, *actions)
  Jsii::Type.check_type(grantee, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfaWFtLklHcmFudGFibGUifQ==")), "grantee")
  actions.each_with_index do |item, index|
    Jsii::Type.check_type(item, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "actions[#{index}]")
  end
  jsii_call_method("actions", [grantee, *actions])
end

#admin(grantee) ⇒ AWSCDK::IAM::Grant

Grant admins permissions using this key to the given principal.

Key administrators have permissions to manage the key (e.g., change permissions, revoke), but do not have permissions to use the key in cryptographic operations (e.g., encrypt, decrypt).

Parameters:

Returns:



68
69
70
71
# File 'kms/key_grants.rb', line 68

def admin(grantee)
  Jsii::Type.check_type(grantee, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfaWFtLklHcmFudGFibGUifQ==")), "grantee")
  jsii_call_method("admin", [grantee])
end

#decrypt(grantee) ⇒ AWSCDK::IAM::Grant

Grant decryption permissions using this key to the given principal.

Parameters:

Returns:



77
78
79
80
# File 'kms/key_grants.rb', line 77

def decrypt(grantee)
  Jsii::Type.check_type(grantee, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfaWFtLklHcmFudGFibGUifQ==")), "grantee")
  jsii_call_method("decrypt", [grantee])
end

#encrypt(grantee) ⇒ AWSCDK::IAM::Grant

Grant encryption permissions using this key to the given principal.

Parameters:

Returns:



86
87
88
89
# File 'kms/key_grants.rb', line 86

def encrypt(grantee)
  Jsii::Type.check_type(grantee, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfaWFtLklHcmFudGFibGUifQ==")), "grantee")
  jsii_call_method("encrypt", [grantee])
end

#encrypt_decrypt(grantee) ⇒ AWSCDK::IAM::Grant

Grant encryption and decryption permissions using this key to the given principal.

Parameters:

Returns:



95
96
97
98
# File 'kms/key_grants.rb', line 95

def encrypt_decrypt(grantee)
  Jsii::Type.check_type(grantee, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfaWFtLklHcmFudGFibGUifQ==")), "grantee")
  jsii_call_method("encryptDecrypt", [grantee])
end

#generate_mac(grantee) ⇒ AWSCDK::IAM::Grant

Grant permissions to generating MACs to the given principal.

Parameters:

Returns:



104
105
106
107
# File 'kms/key_grants.rb', line 104

def generate_mac(grantee)
  Jsii::Type.check_type(grantee, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfaWFtLklHcmFudGFibGUifQ==")), "grantee")
  jsii_call_method("generateMac", [grantee])
end

#resourceAWSCDK::Interfaces::AWSKMS::IKeyRef



40
41
42
# File 'kms/key_grants.rb', line 40

def resource()
  jsii_get_property("resource")
end

#sign(grantee) ⇒ AWSCDK::IAM::Grant

Grant sign permissions using this key to the given principal.

Parameters:

Returns:



113
114
115
116
# File 'kms/key_grants.rb', line 113

def sign(grantee)
  Jsii::Type.check_type(grantee, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfaWFtLklHcmFudGFibGUifQ==")), "grantee")
  jsii_call_method("sign", [grantee])
end

#sign_verify(grantee) ⇒ AWSCDK::IAM::Grant

Grant sign and verify permissions using this key to the given principal.

Parameters:

Returns:



122
123
124
125
# File 'kms/key_grants.rb', line 122

def sign_verify(grantee)
  Jsii::Type.check_type(grantee, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfaWFtLklHcmFudGFibGUifQ==")), "grantee")
  jsii_call_method("signVerify", [grantee])
end

#verify(grantee) ⇒ AWSCDK::IAM::Grant

Grant verify permissions using this key to the given principal.

Parameters:

Returns:



131
132
133
134
# File 'kms/key_grants.rb', line 131

def verify(grantee)
  Jsii::Type.check_type(grantee, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfaWFtLklHcmFudGFibGUifQ==")), "grantee")
  jsii_call_method("verify", [grantee])
end

#verify_mac(grantee) ⇒ AWSCDK::IAM::Grant

Grant permissions to verifying MACs to the given principal.

Parameters:

Returns:



140
141
142
143
# File 'kms/key_grants.rb', line 140

def verify_mac(grantee)
  Jsii::Type.check_type(grantee, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfaWFtLklHcmFudGFibGUifQ==")), "grantee")
  jsii_call_method("verifyMac", [grantee])
end