Class: AWSCDK::KMS::KeyGrants
- Inherits:
-
Jsii::Object
- Object
- Jsii::Object
- AWSCDK::KMS::KeyGrants
- Defined in:
- kms/key_grants.rb
Overview
Collection of grant methods for an IKey.
Class Method Summary collapse
-
.from_key(resource, trust_account_identities = nil) ⇒ AWSCDK::KMS::KeyGrants
Creates grants for an IKeyRef.
- .jsii_overridable_methods ⇒ Object
Instance Method Summary collapse
-
#actions(grantee, *actions) ⇒ AWSCDK::IAM::Grant
Grant the indicated permissions on this key to the given principal.
-
#admin(grantee) ⇒ AWSCDK::IAM::Grant
Grant admins permissions using this key to the given principal.
-
#decrypt(grantee) ⇒ AWSCDK::IAM::Grant
Grant decryption permissions using this key to the given principal.
-
#encrypt(grantee) ⇒ AWSCDK::IAM::Grant
Grant encryption permissions using this key to the given principal.
-
#encrypt_decrypt(grantee) ⇒ AWSCDK::IAM::Grant
Grant encryption and decryption permissions using this key to the given principal.
-
#generate_mac(grantee) ⇒ AWSCDK::IAM::Grant
Grant permissions to generating MACs to the given principal.
-
#initialize(*args) ⇒ KeyGrants
constructor
A new instance of KeyGrants.
- #resource ⇒ AWSCDK::Interfaces::AWSKMS::IKeyRef
-
#sign(grantee) ⇒ AWSCDK::IAM::Grant
Grant sign permissions using this key to the given principal.
-
#sign_verify(grantee) ⇒ AWSCDK::IAM::Grant
Grant sign and verify permissions using this key to the given principal.
-
#verify(grantee) ⇒ AWSCDK::IAM::Grant
Grant verify permissions using this key to the given principal.
-
#verify_mac(grantee) ⇒ AWSCDK::IAM::Grant
Grant permissions to verifying MACs to the given principal.
Constructor Details
#initialize(*args) ⇒ KeyGrants
Returns a new instance of KeyGrants.
8 9 10 |
# File 'kms/key_grants.rb', line 8 def initialize(*args) raise NoMethodError, "aws-cdk-lib.aws_kms.KeyGrants does not have a visible constructor; use the provided factory methods" end |
Class Method Details
.from_key(resource, trust_account_identities = nil) ⇒ AWSCDK::KMS::KeyGrants
Creates grants for an IKeyRef.
33 34 35 36 37 |
# File 'kms/key_grants.rb', line 33 def self.from_key(resource, trust_account_identities = nil) Jsii::Type.check_type(resource, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5pbnRlcmZhY2VzLmF3c19rbXMuSUtleVJlZiJ9")), "resource") Jsii::Type.check_type(trust_account_identities, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJib29sZWFuIn0=")), "trustAccountIdentities") unless trust_account_identities.nil? Jsii::Kernel.instance.call_static("aws-cdk-lib.aws_kms.KeyGrants", "fromKey", [resource, trust_account_identities]) end |
.jsii_overridable_methods ⇒ Object
12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 |
# File 'kms/key_grants.rb', line 12 def self.jsii_overridable_methods { :resource => { kind: :property, name: "resource", is_optional: false }, :actions => { kind: :method, name: "actions", is_optional: false }, :admin => { kind: :method, name: "admin", is_optional: false }, :decrypt => { kind: :method, name: "decrypt", is_optional: false }, :encrypt => { kind: :method, name: "encrypt", is_optional: false }, :encrypt_decrypt => { kind: :method, name: "encryptDecrypt", is_optional: false }, :generate_mac => { kind: :method, name: "generateMac", is_optional: false }, :sign => { kind: :method, name: "sign", is_optional: false }, :sign_verify => { kind: :method, name: "signVerify", is_optional: false }, :verify => { kind: :method, name: "verify", is_optional: false }, :verify_mac => { kind: :method, name: "verifyMac", is_optional: false }, } end |
Instance Method Details
#actions(grantee, *actions) ⇒ AWSCDK::IAM::Grant
Grant the indicated permissions on this key to the given principal.
This modifies both the principal's policy as well as the resource policy, since the default CloudFormation setup for KMS keys is that the policy must not be empty and so default grants won't work.
53 54 55 56 57 58 59 |
# File 'kms/key_grants.rb', line 53 def actions(grantee, *actions) Jsii::Type.check_type(grantee, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfaWFtLklHcmFudGFibGUifQ==")), "grantee") actions.each_with_index do |item, index| Jsii::Type.check_type(item, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "actions[#{index}]") end jsii_call_method("actions", [grantee, *actions]) end |
#admin(grantee) ⇒ AWSCDK::IAM::Grant
Grant admins permissions using this key to the given principal.
Key administrators have permissions to manage the key (e.g., change permissions, revoke), but do not have permissions to use the key in cryptographic operations (e.g., encrypt, decrypt).
68 69 70 71 |
# File 'kms/key_grants.rb', line 68 def admin(grantee) Jsii::Type.check_type(grantee, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfaWFtLklHcmFudGFibGUifQ==")), "grantee") jsii_call_method("admin", [grantee]) end |
#decrypt(grantee) ⇒ AWSCDK::IAM::Grant
Grant decryption permissions using this key to the given principal.
77 78 79 80 |
# File 'kms/key_grants.rb', line 77 def decrypt(grantee) Jsii::Type.check_type(grantee, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfaWFtLklHcmFudGFibGUifQ==")), "grantee") jsii_call_method("decrypt", [grantee]) end |
#encrypt(grantee) ⇒ AWSCDK::IAM::Grant
Grant encryption permissions using this key to the given principal.
86 87 88 89 |
# File 'kms/key_grants.rb', line 86 def encrypt(grantee) Jsii::Type.check_type(grantee, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfaWFtLklHcmFudGFibGUifQ==")), "grantee") jsii_call_method("encrypt", [grantee]) end |
#encrypt_decrypt(grantee) ⇒ AWSCDK::IAM::Grant
Grant encryption and decryption permissions using this key to the given principal.
95 96 97 98 |
# File 'kms/key_grants.rb', line 95 def encrypt_decrypt(grantee) Jsii::Type.check_type(grantee, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfaWFtLklHcmFudGFibGUifQ==")), "grantee") jsii_call_method("encryptDecrypt", [grantee]) end |
#generate_mac(grantee) ⇒ AWSCDK::IAM::Grant
Grant permissions to generating MACs to the given principal.
104 105 106 107 |
# File 'kms/key_grants.rb', line 104 def generate_mac(grantee) Jsii::Type.check_type(grantee, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfaWFtLklHcmFudGFibGUifQ==")), "grantee") jsii_call_method("generateMac", [grantee]) end |
#resource ⇒ AWSCDK::Interfaces::AWSKMS::IKeyRef
40 41 42 |
# File 'kms/key_grants.rb', line 40 def resource() jsii_get_property("resource") end |
#sign(grantee) ⇒ AWSCDK::IAM::Grant
Grant sign permissions using this key to the given principal.
113 114 115 116 |
# File 'kms/key_grants.rb', line 113 def sign(grantee) Jsii::Type.check_type(grantee, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfaWFtLklHcmFudGFibGUifQ==")), "grantee") jsii_call_method("sign", [grantee]) end |
#sign_verify(grantee) ⇒ AWSCDK::IAM::Grant
Grant sign and verify permissions using this key to the given principal.
122 123 124 125 |
# File 'kms/key_grants.rb', line 122 def sign_verify(grantee) Jsii::Type.check_type(grantee, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfaWFtLklHcmFudGFibGUifQ==")), "grantee") jsii_call_method("signVerify", [grantee]) end |
#verify(grantee) ⇒ AWSCDK::IAM::Grant
Grant verify permissions using this key to the given principal.
131 132 133 134 |
# File 'kms/key_grants.rb', line 131 def verify(grantee) Jsii::Type.check_type(grantee, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfaWFtLklHcmFudGFibGUifQ==")), "grantee") jsii_call_method("verify", [grantee]) end |
#verify_mac(grantee) ⇒ AWSCDK::IAM::Grant
Grant permissions to verifying MACs to the given principal.
140 141 142 143 |
# File 'kms/key_grants.rb', line 140 def verify_mac(grantee) Jsii::Type.check_type(grantee, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfaWFtLklHcmFudGFibGUifQ==")), "grantee") jsii_call_method("verifyMac", [grantee]) end |