Repository: knox Updated Branches: refs/heads/KNOX-1204 d5885d145 -> f315b6652
KNOX-1204 - Move KnoxS3 to use idbroker classes and add client classes Project: http://git-wip-us.apache.org/repos/asf/knox/repo Commit: http://git-wip-us.apache.org/repos/asf/knox/commit/66736e15 Tree: http://git-wip-us.apache.org/repos/asf/knox/tree/66736e15 Diff: http://git-wip-us.apache.org/repos/asf/knox/diff/66736e15 Branch: refs/heads/KNOX-1204 Commit: 66736e1554695a1340f3f215fa1bfa5fd63e80c2 Parents: d5885d1 Author: Larry McCay <[email protected]> Authored: Wed Jun 20 22:43:01 2018 -0700 Committer: Larry McCay <[email protected]> Committed: Wed Jun 20 22:43:01 2018 -0700 ---------------------------------------------------------------------- gateway-service-knoxs3/pom.xml | 4 + .../gateway/service/knoxs3/AWSPolicyModel.java | 60 ------ .../service/knoxs3/IdentityBrokerResource.java | 127 ------------- .../service/knoxs3/KnoxS3ClientBuilder.java | 184 +++---------------- .../service/knoxs3/S3BucketsResource.java | 10 +- .../KnoxS3ServiceDeploymentContributor.java | 2 +- .../service/knoxs3/S3BucketsResourceTest.java | 102 +++++----- 7 files changed, 79 insertions(+), 410 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/knox/blob/66736e15/gateway-service-knoxs3/pom.xml ---------------------------------------------------------------------- diff --git a/gateway-service-knoxs3/pom.xml b/gateway-service-knoxs3/pom.xml index d83613c..b30f2f4 100644 --- a/gateway-service-knoxs3/pom.xml +++ b/gateway-service-knoxs3/pom.xml @@ -63,6 +63,10 @@ <artifactId>gateway-provider-jersey</artifactId> </dependency> <dependency> + <groupId>${gateway-group}</groupId> + <artifactId>gateway-service-idbroker</artifactId> + </dependency> + <dependency> <groupId>junit</groupId> <artifactId>junit</artifactId> <scope>test</scope> http://git-wip-us.apache.org/repos/asf/knox/blob/66736e15/gateway-service-knoxs3/src/main/java/org/apache/knox/gateway/service/knoxs3/AWSPolicyModel.java ---------------------------------------------------------------------- diff --git a/gateway-service-knoxs3/src/main/java/org/apache/knox/gateway/service/knoxs3/AWSPolicyModel.java b/gateway-service-knoxs3/src/main/java/org/apache/knox/gateway/service/knoxs3/AWSPolicyModel.java deleted file mode 100644 index 4b51dc3..0000000 --- a/gateway-service-knoxs3/src/main/java/org/apache/knox/gateway/service/knoxs3/AWSPolicyModel.java +++ /dev/null @@ -1,60 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.knox.gateway.service.knoxs3; - -import java.util.ArrayList; -import java.util.HashMap; -import java.util.Map; - -import org.apache.knox.gateway.util.JsonUtils; - -public class AWSPolicyModel { - HashMap<String, Object> policyModel = new HashMap<String, Object>(); - ArrayList<String> actionArray = new ArrayList<String>(); - HashMap<String, Object> statementMap = new HashMap<String, Object>(); - ArrayList<String> resourcesArray = new ArrayList<String>(); - - public AWSPolicyModel() { - policyModel.put("Version", "2012-10-17"); - ArrayList<Map<String, Object>> statement = new ArrayList<Map<String, Object>>(); - policyModel.put("Statement", statement ); - statement.add(statementMap); - statementMap.put("Action", actionArray ); - statementMap.put("Resource", resourcesArray); - } - - public void setEffect(String effect) { - statementMap.put("Effect", effect); - } - - public void addAction(String action) { - actionArray.add(action); - } - - public void addResource(String resource) { - resourcesArray.add(resource); - } - - public void setResource(String resource) { - statementMap.put("Resource", resource); - } - - public String toString() { - return JsonUtils.renderAsJsonString(policyModel); - } -} http://git-wip-us.apache.org/repos/asf/knox/blob/66736e15/gateway-service-knoxs3/src/main/java/org/apache/knox/gateway/service/knoxs3/IdentityBrokerResource.java ---------------------------------------------------------------------- diff --git a/gateway-service-knoxs3/src/main/java/org/apache/knox/gateway/service/knoxs3/IdentityBrokerResource.java b/gateway-service-knoxs3/src/main/java/org/apache/knox/gateway/service/knoxs3/IdentityBrokerResource.java deleted file mode 100644 index 624c65c..0000000 --- a/gateway-service-knoxs3/src/main/java/org/apache/knox/gateway/service/knoxs3/IdentityBrokerResource.java +++ /dev/null @@ -1,127 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.knox.gateway.service.knoxs3; - -import org.apache.knox.gateway.i18n.messages.MessagesFactory; -import org.apache.knox.gateway.security.SubjectUtils; - -import com.amazonaws.services.securitytoken.model.GetFederationTokenResult; - -import javax.annotation.PostConstruct; -import javax.security.auth.Subject; -import javax.servlet.ServletContext; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import javax.ws.rs.GET; -import javax.ws.rs.Path; -import javax.ws.rs.Produces; -import javax.ws.rs.core.Context; -import javax.ws.rs.core.Response; -import java.io.PrintWriter; -import java.util.Enumeration; -import java.util.Properties; - -import static javax.ws.rs.core.MediaType.APPLICATION_JSON; - -@Path(IdentityBrokerResource.RESOURCE_PATH) -public class IdentityBrokerResource { - private static final String CREDENTIALS_API_PATH = "credentials"; - private static final String USER_CREDENTIALS_API_PATH = "credentials/{id}"; - private static KnoxS3ServiceMessages log = MessagesFactory.get(KnoxS3ServiceMessages.class); - private static final String VERSION_TAG = "api/v1"; - static final String RESOURCE_PATH = "/idbroker/" + VERSION_TAG; - - private static final String CONTENT_TYPE = "application/json"; - private static final String CACHE_CONTROL = "Cache-Control"; - private static final String NO_CACHE = "must-revalidate,no-cache,no-store"; - - private KnoxS3ClientBuilder s3b = new KnoxS3ClientBuilder(); - - @Context - HttpServletRequest request; - - @Context - private HttpServletResponse response; - - @Context - ServletContext context; - - @PostConstruct - public void init() { - s3b.init(getProperties()); - } - - private Properties getProperties() { - Properties props = new Properties(); - String paramName = null; - Enumeration<String> e = context.getInitParameterNames(); - while (e.hasMoreElements()) { - paramName = (String)e.nextElement(); - if (paramName.startsWith("s3.")) { - props.setProperty(paramName, context.getInitParameter(paramName)); - } - } - - return props; - } - - @GET - @Produces({APPLICATION_JSON}) - @Path(CREDENTIALS_API_PATH) - public Response getCredentials() { - return getCredentialsResponse(); - } - - @GET - @Produces({APPLICATION_JSON}) - @Path(USER_CREDENTIALS_API_PATH) - public Response getUserCredentials() { - return getCredentialsResponse(); - } - - private Response getCredentialsResponse() { - response.setStatus(HttpServletResponse.SC_OK); - response.setHeader(CACHE_CONTROL, NO_CACHE); - response.setContentType(CONTENT_TYPE); - PrintWriter writer = null; - try { - writer = response.getWriter(); - writer.println(getFederationToken()); - } catch (Exception e) { - log.logException("list", e); - return Response.serverError().entity(String.format("Failed to reply correctly due to : %s ", e)).build(); - } finally { - if (writer != null) { - writer.close(); - } - } - return Response.ok().build(); - } - - protected String getFederationToken() { -// Subject subject = Subject.getSubject(AccessController.getContext()); -// String username = getEffectiveUserName(subject); - GetFederationTokenResult creds = (GetFederationTokenResult) s3b.getFederationTokenResult(); - return creds.toString(); - } - - private String getEffectiveUserName(Subject subject) { - return SubjectUtils.getEffectivePrincipalName(subject); - } - -} http://git-wip-us.apache.org/repos/asf/knox/blob/66736e15/gateway-service-knoxs3/src/main/java/org/apache/knox/gateway/service/knoxs3/KnoxS3ClientBuilder.java ---------------------------------------------------------------------- diff --git a/gateway-service-knoxs3/src/main/java/org/apache/knox/gateway/service/knoxs3/KnoxS3ClientBuilder.java b/gateway-service-knoxs3/src/main/java/org/apache/knox/gateway/service/knoxs3/KnoxS3ClientBuilder.java index aab399a..62730f9 100644 --- a/gateway-service-knoxs3/src/main/java/org/apache/knox/gateway/service/knoxs3/KnoxS3ClientBuilder.java +++ b/gateway-service-knoxs3/src/main/java/org/apache/knox/gateway/service/knoxs3/KnoxS3ClientBuilder.java @@ -32,7 +32,13 @@ import org.apache.knox.gateway.security.GroupPrincipal; import org.apache.knox.gateway.security.ImpersonatedPrincipal; import org.apache.knox.gateway.security.PrimaryPrincipal; import org.apache.knox.gateway.security.SubjectUtils; +import org.apache.knox.gateway.service.idbroker.KnoxCloudCredentialsClient; +import org.apache.knox.gateway.service.idbroker.KnoxCloudCredentiatlsClientManager; +import org.apache.knox.gateway.service.idbroker.KnoxCloudPolicyProvider; +import org.apache.knox.gateway.service.idbroker.KnoxPolicyProviderManager; +import com.amazonaws.auth.AWSCredentials; +import com.amazonaws.auth.AWSCredentialsProvider; import com.amazonaws.auth.AWSStaticCredentialsProvider; import com.amazonaws.auth.BasicSessionCredentials; import com.amazonaws.regions.Regions; @@ -45,183 +51,35 @@ import com.amazonaws.services.securitytoken.model.GetFederationTokenRequest; import com.amazonaws.services.securitytoken.model.GetFederationTokenResult; public class KnoxS3ClientBuilder { - private Map<String, PolicyConfig> userPolicyConfig = new HashMap<String, PolicyConfig>(); - private Map<String, PolicyConfig> groupPolicyConfig = new HashMap<String, PolicyConfig>(); + private KnoxCloudPolicyProvider policyProvider = new KnoxPolicyProviderManager(); + private KnoxCloudCredentialsClient credentialsClient = new KnoxCloudCredentiatlsClientManager(); + + private Properties props = null; public KnoxS3ClientBuilder() { } - + public AmazonS3 getS3Client() { - BasicSessionCredentials sessionCredentials = (BasicSessionCredentials) getCredentials(); + GetFederationTokenResult result = (GetFederationTokenResult) credentialsClient.getCredentials(); + Credentials session_creds = result.getCredentials(); + BasicSessionCredentials sessionCredentials = new BasicSessionCredentials( + session_creds.getAccessKeyId(), + session_creds.getSecretAccessKey(), + session_creds.getSessionToken()); + AmazonS3 s3 = AmazonS3ClientBuilder.standard().withRegion(Regions.US_EAST_1) .withCredentials(new AWSStaticCredentialsProvider(sessionCredentials)).build(); return s3; } - /** - * Get an opaque Object representation of the credentials. - * This method will only be called by callers that are aware - * of the actual form of the credentials in the given context - * and therefore able to cast it appropriately. - * @return opaque object - */ - public Object getCredentials() { - BasicSessionCredentials sessionCredentials = getSessionCredentials(); - if (sessionCredentials == null) { - throw new RuntimeException("No S3 credentials available."); - } - return sessionCredentials; - } - public void init(Properties context) { - buildPolicyMaps(context); - } - - private void buildPolicyMaps(Properties context) { - /* - <service> - <role>KNOXS3</role> - <param> - <name>s3.user.policy.action.guest</name> - <value>s3:Get*,s3:List*</value> - </param> - <param> - <name>s3.user.policy.resource.guest</name> - <value>*</value> - </param> - <param> - <name>s3.group.policy.action.admin</name> - <value>*</value> - </param> - <param> - <name>s3.group.policy.resource.admin</name> - <value>*</value> - </param> - </service> - */ - - String paramName = null; - Enumeration<Object> e = context.keys(); - while (e.hasMoreElements()) { - paramName = (String)e.nextElement(); - if (paramName.startsWith("s3.")) { - String[] elements = paramName.split("\\."); - if (elements[1].equals("user")) { - PolicyConfig policy = userPolicyConfig.get(elements[4]); - if (policy == null) { - policy = new PolicyConfig(); - userPolicyConfig.put(elements[4], policy); - } - if (elements[3].equals("action")) { - policy.actions=context.getProperty(paramName); - } else { - policy.resources=context.getProperty(paramName); - } - if (policy.actions != null && policy.resources != null) { - buildS3PolicyModel(policy); - } - }else if (elements[1].equals("group")) { - PolicyConfig policy = groupPolicyConfig.get(elements[4]); - if (policy == null) { - policy = new PolicyConfig(); - groupPolicyConfig.put(elements[4], policy); - } - if (elements[3].equals("action")) { - policy.actions=context.getProperty(paramName); - } else { - policy.resources=context.getProperty(paramName); - } - if (policy.actions != null && policy.resources != null) { - buildS3PolicyModel(policy); - } - } - } - } - } - - private void buildS3PolicyModel(PolicyConfig policy) { - AWSPolicyModel model = new AWSPolicyModel(); - model.setEffect("Allow"); - String[] actions = policy.actions.split(","); - for (int i = 0; i < actions.length; i++) { - model.addAction(actions[i]); - } - String[] resources = policy.resources.split(","); - if (resources.length > 1) { - for (int i = 0; i < resources.length; i++) { - model.addResource(resources[i]); - } - } else { - model.setResource(resources[0]); - } - policy.policy = model.toString(); - } - - private BasicSessionCredentials getSessionCredentials() { - BasicSessionCredentials sessionCredentials = null; - try { - GetFederationTokenResult result = getFederationTokenResult(); - Credentials session_creds = result.getCredentials(); - sessionCredentials = new BasicSessionCredentials( - session_creds.getAccessKeyId(), - session_creds.getSecretAccessKey(), - session_creds.getSessionToken()); - } catch (Exception e) { - e.printStackTrace(); - } - return sessionCredentials; - } - - public GetFederationTokenResult getFederationTokenResult() { - String policy; - AWSSecurityTokenService sts_client = AWSSecurityTokenServiceClientBuilder.standard().withRegion(Regions.US_EAST_1).build(); - String username = null; - Subject subject = Subject.getSubject(AccessController.getContext()); - username = getEffectiveUserName(subject); - policy = buildPolicy(username, subject); - GetFederationTokenResult result = null; - if (policy != null) { - GetFederationTokenRequest request = new GetFederationTokenRequest(username).withPolicy(policy); - result = sts_client.getFederationToken(request); - System.out.println(result.getCredentials()); - } - return result; + policyProvider.init(context); + credentialsClient.init(context); + credentialsClient.setPolicyProvider(policyProvider); } private String getEffectiveUserName(Subject subject) { return SubjectUtils.getEffectivePrincipalName(subject); } - - private String buildPolicy(String username, Subject subject) { - String policy = null; - List<String> groupNames = new ArrayList<String>(); - Object[] groups = subject.getPrincipals(GroupPrincipal.class).toArray(); - for (int i = 0; i < groups.length; i++) { - groupNames.add( - ((Principal)groups[0]).getName()); - } - - PolicyConfig config = userPolicyConfig.get(username); - if (config == null) { - // check for a group policy match - for (String groupName : groupNames) { - config = groupPolicyConfig.get(groupName); - if (config != null) { - // just accept first match for now - break; - } - } - } - if (config != null) { - policy = config.policy; - } - return policy; - } - - private class PolicyConfig { - public String actions = null; - public String resources = null; - public String policy = null; - } } \ No newline at end of file http://git-wip-us.apache.org/repos/asf/knox/blob/66736e15/gateway-service-knoxs3/src/main/java/org/apache/knox/gateway/service/knoxs3/S3BucketsResource.java ---------------------------------------------------------------------- diff --git a/gateway-service-knoxs3/src/main/java/org/apache/knox/gateway/service/knoxs3/S3BucketsResource.java b/gateway-service-knoxs3/src/main/java/org/apache/knox/gateway/service/knoxs3/S3BucketsResource.java index b261749..ad1e3fc 100644 --- a/gateway-service-knoxs3/src/main/java/org/apache/knox/gateway/service/knoxs3/S3BucketsResource.java +++ b/gateway-service-knoxs3/src/main/java/org/apache/knox/gateway/service/knoxs3/S3BucketsResource.java @@ -18,8 +18,6 @@ package org.apache.knox.gateway.service.knoxs3; import org.apache.knox.gateway.i18n.messages.MessagesFactory; -import org.apache.knox.gateway.security.ImpersonatedPrincipal; -import org.apache.knox.gateway.security.PrimaryPrincipal; import org.apache.knox.gateway.security.SubjectUtils; import org.apache.knox.gateway.services.GatewayServices; import org.apache.knox.gateway.util.JsonUtils; @@ -59,7 +57,6 @@ import java.io.OutputStreamWriter; import java.io.PrintWriter; import java.io.Writer; import java.security.AccessController; -import java.security.Principal; import java.util.Enumeration; import java.util.HashMap; import java.util.List; @@ -70,7 +67,6 @@ import static javax.ws.rs.core.MediaType.APPLICATION_JSON; import static javax.ws.rs.core.MediaType.APPLICATION_XML; import static javax.ws.rs.core.MediaType.TEXT_PLAIN; - @Path(S3BucketsResource.RESOURCE_PATH) public class S3BucketsResource { private static final String BUCKETS_API_PATH = "buckets"; @@ -107,9 +103,7 @@ public class S3BucketsResource { Enumeration<String> e = context.getInitParameterNames(); while (e.hasMoreElements()) { paramName = (String)e.nextElement(); - if (paramName.startsWith("s3.")) { - props.setProperty(paramName, context.getInitParameter(paramName)); - } + props.setProperty(paramName, context.getInitParameter(paramName)); } return props; @@ -134,7 +128,7 @@ public class S3BucketsResource { writer = response.getWriter(); doDeleteObject(bucket, id); } catch (Exception ioe) { - log.logException("create", ioe); + log.logException("delete", ioe); return Response.serverError().entity(String.format("Failed to reply correctly due to : %s ", ioe)).build(); } finally { if (writer != null) { http://git-wip-us.apache.org/repos/asf/knox/blob/66736e15/gateway-service-knoxs3/src/main/java/org/apache/knox/gateway/service/knoxs3/deploy/KnoxS3ServiceDeploymentContributor.java ---------------------------------------------------------------------- diff --git a/gateway-service-knoxs3/src/main/java/org/apache/knox/gateway/service/knoxs3/deploy/KnoxS3ServiceDeploymentContributor.java b/gateway-service-knoxs3/src/main/java/org/apache/knox/gateway/service/knoxs3/deploy/KnoxS3ServiceDeploymentContributor.java index 2a7fdb6..ec2a317 100644 --- a/gateway-service-knoxs3/src/main/java/org/apache/knox/gateway/service/knoxs3/deploy/KnoxS3ServiceDeploymentContributor.java +++ b/gateway-service-knoxs3/src/main/java/org/apache/knox/gateway/service/knoxs3/deploy/KnoxS3ServiceDeploymentContributor.java @@ -50,6 +50,6 @@ public class KnoxS3ServiceDeploymentContributor extends JerseyServiceDeploymentC */ @Override protected String[] getPatterns() { - return new String[]{"*/**?**"}; + return new String[]{"/knoxs3/*/**?**"}; } } http://git-wip-us.apache.org/repos/asf/knox/blob/66736e15/gateway-service-knoxs3/src/test/java/org/apache/knox/gateway/service/knoxs3/S3BucketsResourceTest.java ---------------------------------------------------------------------- diff --git a/gateway-service-knoxs3/src/test/java/org/apache/knox/gateway/service/knoxs3/S3BucketsResourceTest.java b/gateway-service-knoxs3/src/test/java/org/apache/knox/gateway/service/knoxs3/S3BucketsResourceTest.java index ec7f438..b746f1e 100644 --- a/gateway-service-knoxs3/src/test/java/org/apache/knox/gateway/service/knoxs3/S3BucketsResourceTest.java +++ b/gateway-service-knoxs3/src/test/java/org/apache/knox/gateway/service/knoxs3/S3BucketsResourceTest.java @@ -25,55 +25,55 @@ import org.apache.knox.gateway.util.JsonUtils; import org.junit.Test; public class S3BucketsResourceTest { - @Test - public void testPolicyCreation() { - - String policy = "{\n" + - " \"Version\": \"2012-10-17\",\n" + - " \"Statement\": [\n" + - " {\n" + - " \"Effect\": \"Allow\",\n" + - " \"Action\": [\n" + - " \"s3:Get*\",\n" + - " \"s3:List*\"\n" + - // " \"s3:Delete*\"\n" + - " ],\n" + - " \"Resource\": \"*\"\n" + - " }\n" + - " ]\n" + - "}"; - System.out.println(policy); - - HashMap<String, Object> policyModel = new HashMap<String, Object>(); - policyModel.put("Version", "2012-10-17"); - ArrayList<Map<String, Object>> statement = new ArrayList<Map<String, Object>>(); - - policyModel.put("Version", "2012-10-17"); - policyModel.put("Statement", statement ); - HashMap<String, Object> statementMap = new HashMap<String, Object>(); - statementMap.put("Effect", "Allow"); - ArrayList<String> actionArray = new ArrayList<String>(); - actionArray.add("s3:Get*"); - actionArray.add("s3:List*"); - statementMap.put("Action", actionArray ); - statement.add(statementMap); - policyModel.put("Resource", "*"); - - System.out.println(JsonUtils.renderAsJsonString(policyModel)); - - AWSPolicyModel model = new AWSPolicyModel(); - model.setEffect("Allow"); - model.addAction("s3:Get*"); - model.addAction("s3:List*"); - model.setResource("*"); - System.out.println(model); - - model = new AWSPolicyModel(); - model.setEffect("Allow"); - model.addAction("s3:Get*"); - model.addAction("s3:List*"); - model.addResource("this"); - model.addResource("that"); - System.out.println(model); -} +// @Test +// public void testPolicyCreation() { +// +// String policy = "{\n" + +// " \"Version\": \"2012-10-17\",\n" + +// " \"Statement\": [\n" + +// " {\n" + +// " \"Effect\": \"Allow\",\n" + +// " \"Action\": [\n" + +// " \"s3:Get*\",\n" + +// " \"s3:List*\"\n" + +// // " \"s3:Delete*\"\n" + +// " ],\n" + +// " \"Resource\": \"*\"\n" + +// " }\n" + +// " ]\n" + +// "}"; +// System.out.println(policy); +// +// HashMap<String, Object> policyModel = new HashMap<String, Object>(); +// policyModel.put("Version", "2012-10-17"); +// ArrayList<Map<String, Object>> statement = new ArrayList<Map<String, Object>>(); +// +// policyModel.put("Version", "2012-10-17"); +// policyModel.put("Statement", statement ); +// HashMap<String, Object> statementMap = new HashMap<String, Object>(); +// statementMap.put("Effect", "Allow"); +// ArrayList<String> actionArray = new ArrayList<String>(); +// actionArray.add("s3:Get*"); +// actionArray.add("s3:List*"); +// statementMap.put("Action", actionArray ); +// statement.add(statementMap); +// policyModel.put("Resource", "*"); +// +// System.out.println(JsonUtils.renderAsJsonString(policyModel)); +// +// AWSPolicyModel model = new AWSPolicyModel(); +// model.setEffect("Allow"); +// model.addAction("s3:Get*"); +// model.addAction("s3:List*"); +// model.setResource("*"); +// System.out.println(model); +// +// model = new AWSPolicyModel(); +// model.setEffect("Allow"); +// model.addAction("s3:Get*"); +// model.addAction("s3:List*"); +// model.addResource("this"); +// model.addResource("that"); +// System.out.println(model); +//} } \ No newline at end of file
