Class GrantConstraints

java.lang.Object
com.amazonaws.services.kms.model.GrantConstraints
All Implemented Interfaces:
Serializable, Cloneable

public class GrantConstraints extends Object implements Serializable, Cloneable

A structure for specifying the conditions under which the operations permitted by the grant are allowed.

You can use this structure to allow the operations permitted by the grant only when a specified encryption context is present. For more information about encryption context, see Encryption Context in the AWS Key Management Service Developer Guide.

See Also:
  • Constructor Details

    • GrantConstraints

      public GrantConstraints()
  • Method Details

    • getEncryptionContextSubset

      public Map<String,String> getEncryptionContextSubset()

      Contains a list of key-value pairs, a subset of which must be present in the encryption context of a subsequent operation permitted by the grant. When a subsequent operation permitted by the grant includes an encryption context that matches this list or is a subset of this list, the grant allows the operation. Otherwise, the operation is not allowed.

      Returns:
      Contains a list of key-value pairs, a subset of which must be present in the encryption context of a subsequent operation permitted by the grant. When a subsequent operation permitted by the grant includes an encryption context that matches this list or is a subset of this list, the grant allows the operation. Otherwise, the operation is not allowed.
    • setEncryptionContextSubset

      public void setEncryptionContextSubset(Map<String,String> encryptionContextSubset)

      Contains a list of key-value pairs, a subset of which must be present in the encryption context of a subsequent operation permitted by the grant. When a subsequent operation permitted by the grant includes an encryption context that matches this list or is a subset of this list, the grant allows the operation. Otherwise, the operation is not allowed.

      Parameters:
      encryptionContextSubset - Contains a list of key-value pairs, a subset of which must be present in the encryption context of a subsequent operation permitted by the grant. When a subsequent operation permitted by the grant includes an encryption context that matches this list or is a subset of this list, the grant allows the operation. Otherwise, the operation is not allowed.
    • withEncryptionContextSubset

      public GrantConstraints withEncryptionContextSubset(Map<String,String> encryptionContextSubset)

      Contains a list of key-value pairs, a subset of which must be present in the encryption context of a subsequent operation permitted by the grant. When a subsequent operation permitted by the grant includes an encryption context that matches this list or is a subset of this list, the grant allows the operation. Otherwise, the operation is not allowed.

      Parameters:
      encryptionContextSubset - Contains a list of key-value pairs, a subset of which must be present in the encryption context of a subsequent operation permitted by the grant. When a subsequent operation permitted by the grant includes an encryption context that matches this list or is a subset of this list, the grant allows the operation. Otherwise, the operation is not allowed.
      Returns:
      Returns a reference to this object so that method calls can be chained together.
    • addEncryptionContextSubsetEntry

      public GrantConstraints addEncryptionContextSubsetEntry(String key, String value)
    • clearEncryptionContextSubsetEntries

      public GrantConstraints clearEncryptionContextSubsetEntries()
      Removes all the entries added into EncryptionContextSubset. <p> Returns a reference to this object so that method calls can be chained together.
    • getEncryptionContextEquals

      public Map<String,String> getEncryptionContextEquals()

      Contains a list of key-value pairs that must be present in the encryption context of a subsequent operation permitted by the grant. When a subsequent operation permitted by the grant includes an encryption context that matches this list, the grant allows the operation. Otherwise, the operation is not allowed.

      Returns:
      Contains a list of key-value pairs that must be present in the encryption context of a subsequent operation permitted by the grant. When a subsequent operation permitted by the grant includes an encryption context that matches this list, the grant allows the operation. Otherwise, the operation is not allowed.
    • setEncryptionContextEquals

      public void setEncryptionContextEquals(Map<String,String> encryptionContextEquals)

      Contains a list of key-value pairs that must be present in the encryption context of a subsequent operation permitted by the grant. When a subsequent operation permitted by the grant includes an encryption context that matches this list, the grant allows the operation. Otherwise, the operation is not allowed.

      Parameters:
      encryptionContextEquals - Contains a list of key-value pairs that must be present in the encryption context of a subsequent operation permitted by the grant. When a subsequent operation permitted by the grant includes an encryption context that matches this list, the grant allows the operation. Otherwise, the operation is not allowed.
    • withEncryptionContextEquals

      public GrantConstraints withEncryptionContextEquals(Map<String,String> encryptionContextEquals)

      Contains a list of key-value pairs that must be present in the encryption context of a subsequent operation permitted by the grant. When a subsequent operation permitted by the grant includes an encryption context that matches this list, the grant allows the operation. Otherwise, the operation is not allowed.

      Parameters:
      encryptionContextEquals - Contains a list of key-value pairs that must be present in the encryption context of a subsequent operation permitted by the grant. When a subsequent operation permitted by the grant includes an encryption context that matches this list, the grant allows the operation. Otherwise, the operation is not allowed.
      Returns:
      Returns a reference to this object so that method calls can be chained together.
    • addEncryptionContextEqualsEntry

      public GrantConstraints addEncryptionContextEqualsEntry(String key, String value)
    • clearEncryptionContextEqualsEntries

      public GrantConstraints clearEncryptionContextEqualsEntries()
      Removes all the entries added into EncryptionContextEquals. <p> Returns a reference to this object so that method calls can be chained together.
    • toString

      public String toString()
      Returns a string representation of this object; useful for testing and debugging.
      Overrides:
      toString in class Object
      Returns:
      A string representation of this object.
      See Also:
    • equals

      public boolean equals(Object obj)
      Overrides:
      equals in class Object
    • hashCode

      public int hashCode()
      Overrides:
      hashCode in class Object
    • clone

      public GrantConstraints clone()
      Overrides:
      clone in class Object