Class GrantConstraints

  • All Implemented Interfaces:
    Serializable, Cloneable

    public class GrantConstraints
    extends Object
    implements Serializable, Cloneable

    A structure for specifying the conditions under which the operations permitted by the grant are allowed.

    You can use this structure to allow the operations permitted by the grant only when a specified encryption context is present. For more information about encryption context, see Encryption Context in the AWS Key Management Service Developer Guide.

    See Also:
    Serialized Form
    • Constructor Detail

      • GrantConstraints

        public GrantConstraints()
    • Method Detail

      • getEncryptionContextSubset

        public Map<String,​String> getEncryptionContextSubset()

        Contains a list of key-value pairs, a subset of which must be present in the encryption context of a subsequent operation permitted by the grant. When a subsequent operation permitted by the grant includes an encryption context that matches this list or is a subset of this list, the grant allows the operation. Otherwise, the operation is not allowed.

        Returns:
        Contains a list of key-value pairs, a subset of which must be present in the encryption context of a subsequent operation permitted by the grant. When a subsequent operation permitted by the grant includes an encryption context that matches this list or is a subset of this list, the grant allows the operation. Otherwise, the operation is not allowed.
      • setEncryptionContextSubset

        public void setEncryptionContextSubset​(Map<String,​String> encryptionContextSubset)

        Contains a list of key-value pairs, a subset of which must be present in the encryption context of a subsequent operation permitted by the grant. When a subsequent operation permitted by the grant includes an encryption context that matches this list or is a subset of this list, the grant allows the operation. Otherwise, the operation is not allowed.

        Parameters:
        encryptionContextSubset - Contains a list of key-value pairs, a subset of which must be present in the encryption context of a subsequent operation permitted by the grant. When a subsequent operation permitted by the grant includes an encryption context that matches this list or is a subset of this list, the grant allows the operation. Otherwise, the operation is not allowed.
      • withEncryptionContextSubset

        public GrantConstraints withEncryptionContextSubset​(Map<String,​String> encryptionContextSubset)

        Contains a list of key-value pairs, a subset of which must be present in the encryption context of a subsequent operation permitted by the grant. When a subsequent operation permitted by the grant includes an encryption context that matches this list or is a subset of this list, the grant allows the operation. Otherwise, the operation is not allowed.

        Parameters:
        encryptionContextSubset - Contains a list of key-value pairs, a subset of which must be present in the encryption context of a subsequent operation permitted by the grant. When a subsequent operation permitted by the grant includes an encryption context that matches this list or is a subset of this list, the grant allows the operation. Otherwise, the operation is not allowed.
        Returns:
        Returns a reference to this object so that method calls can be chained together.
      • clearEncryptionContextSubsetEntries

        public GrantConstraints clearEncryptionContextSubsetEntries()
        Removes all the entries added into EncryptionContextSubset. <p> Returns a reference to this object so that method calls can be chained together.
      • getEncryptionContextEquals

        public Map<String,​String> getEncryptionContextEquals()

        Contains a list of key-value pairs that must be present in the encryption context of a subsequent operation permitted by the grant. When a subsequent operation permitted by the grant includes an encryption context that matches this list, the grant allows the operation. Otherwise, the operation is not allowed.

        Returns:
        Contains a list of key-value pairs that must be present in the encryption context of a subsequent operation permitted by the grant. When a subsequent operation permitted by the grant includes an encryption context that matches this list, the grant allows the operation. Otherwise, the operation is not allowed.
      • setEncryptionContextEquals

        public void setEncryptionContextEquals​(Map<String,​String> encryptionContextEquals)

        Contains a list of key-value pairs that must be present in the encryption context of a subsequent operation permitted by the grant. When a subsequent operation permitted by the grant includes an encryption context that matches this list, the grant allows the operation. Otherwise, the operation is not allowed.

        Parameters:
        encryptionContextEquals - Contains a list of key-value pairs that must be present in the encryption context of a subsequent operation permitted by the grant. When a subsequent operation permitted by the grant includes an encryption context that matches this list, the grant allows the operation. Otherwise, the operation is not allowed.
      • withEncryptionContextEquals

        public GrantConstraints withEncryptionContextEquals​(Map<String,​String> encryptionContextEquals)

        Contains a list of key-value pairs that must be present in the encryption context of a subsequent operation permitted by the grant. When a subsequent operation permitted by the grant includes an encryption context that matches this list, the grant allows the operation. Otherwise, the operation is not allowed.

        Parameters:
        encryptionContextEquals - Contains a list of key-value pairs that must be present in the encryption context of a subsequent operation permitted by the grant. When a subsequent operation permitted by the grant includes an encryption context that matches this list, the grant allows the operation. Otherwise, the operation is not allowed.
        Returns:
        Returns a reference to this object so that method calls can be chained together.
      • clearEncryptionContextEqualsEntries

        public GrantConstraints clearEncryptionContextEqualsEntries()
        Removes all the entries added into EncryptionContextEquals. <p> Returns a reference to this object so that method calls can be chained together.
      • toString

        public String toString()
        Returns a string representation of this object; useful for testing and debugging.
        Overrides:
        toString in class Object
        Returns:
        A string representation of this object.
        See Also:
        Object.toString()
      • hashCode

        public int hashCode()
        Overrides:
        hashCode in class Object