internal CreateGrantResponse CreateGrant(CreateGrantRequest request)
{
var marshaller = new CreateGrantRequestMarshaller();
var unmarshaller = CreateGrantResponseUnmarshaller.Instance;
return(Invoke <CreateGrantRequest, CreateGrantResponse>(request, marshaller, unmarshaller));
}
// snippet-start:[KMS.dotnetv3.CreateGrantExample]
public static async Task Main()
{
var client = new AmazonKeyManagementServiceClient();
// The identity that is given permission to perform the operations
// specified in the grant.
var grantee = "arn:aws:iam::111122223333:role/ExampleRole";
// The identifier of the AWS KMS key to which the grant applies. You
// can use the key ID or the Amazon Resource Name (ARN) of the KMS key.
var keyId = "7c9eccc2-38cb-4c4f-9db3-766ee8dd3ad4";
var request = new CreateGrantRequest
{
GranteePrincipal = grantee,
KeyId = keyId,
// A list of operations that the grant allows.
Operations = new List <string>
{
"Encrypt",
"Decrypt",
},
};
var response = await client.CreateGrantAsync(request);
string grantId = response.GrantId; // The unique identifier of the grant.
string grantToken = response.GrantToken; // The grant token.
Console.WriteLine($"Id: {grantId}, Token: {grantToken}");
}
public void CreateGrantRequest()
{
var request = new CreateGrantRequest
{
KeyId = "key",
GranteePrincipal = "principle",
Operations = new[] { KmsOperations.Decrypt },
Constraints = new GrantConstraints
{
EncryptionContextEquals = new JsonObject {
{ "vault", "master" }
}
}
};
Assert.Equal(@"{
""Constraints"": {
""EncryptionContextEquals"": {
""vault"": ""master""
}
},
""GranteePrincipal"": ""principle"",
""KeyId"": ""key"",
""Operations"": [ ""Decrypt"" ]
}", JsonObject.FromObject(request).ToString());
}
public void Serialize()
{
var request = new CreateGrantRequest
{
KeyId = "key",
GranteePrincipal = "principle",
Operations = new[] { KmsOperations.Decrypt },
Constraints = new GrantConstraints {
EncryptionContextEquals = new Dictionary <string, string> {
{ "vault", "master" }
}
}
};
Assert.Equal(@"{
""Constraints"": {
""EncryptionContextEquals"": {
""vault"": ""master""
}
},
""GranteePrincipal"": ""principle"",
""KeyId"": ""key"",
""Operations"": [
""Decrypt""
]
}", JsonSerializer.Serialize(request, JSO.Default));
}
/// <summary>
/// Initiates the asynchronous execution of the CreateGrant operation.
/// </summary>
///
/// <param name="request">Container for the necessary parameters to execute the CreateGrant operation.</param>
/// <param name="cancellationToken">
/// A cancellation token that can be used by other objects or threads to receive notice of cancellation.
/// </param>
/// <returns>The task object representing the asynchronous operation.</returns>
public Task <CreateGrantResponse> CreateGrantAsync(CreateGrantRequest request, System.Threading.CancellationToken cancellationToken = default(CancellationToken))
{
var marshaller = new CreateGrantRequestMarshaller();
var unmarshaller = CreateGrantResponseUnmarshaller.Instance;
return(InvokeAsync <CreateGrantRequest, CreateGrantResponse>(request, marshaller,
unmarshaller, cancellationToken));
}
/// <summary>
/// 创建授权
/// </summary>
public async Task <CreateGrantResponse> CreateGrantAsync(CreateGrantRequest createGrantRequest)
{
Dictionary <string, string> urlParam = new Dictionary <string, string>();
urlParam.Add("version_id", createGrantRequest.VersionId.ToString());
string urlPath = HttpUtils.AddUrlPath("/{version_id}/{project_id}/kms/create-grant", urlParam);
SdkRequest request = HttpUtils.InitSdkRequest(urlPath, "application/json;charset=UTF-8", createGrantRequest);
HttpResponseMessage response = await DoHttpRequestAsync("POST", request);
return(JsonUtils.DeSerialize <CreateGrantResponse>(response));
}
private static string CreateGrant(KmsClient kmsClient)
{
var operations = new List <string> {
"describe-key", "create-datakey"
};
try
{
var request = new CreateGrantRequest
{
VersionId = "v1.0",
Body = new CreateGrantRequestBody()
{
KeyId = GetKeyByStatus.GetKeyByKeyStatus(kmsClient, "2"),
GranteePrincipal = "99104bff46109531b9ac70e606d3ffdf",
GranteePrincipalType = CreateGrantRequestBody.GranteePrincipalTypeEnum.DOMAIN,
Operations = operations
}
};
var resp = kmsClient.CreateGrant(request);
Console.WriteLine(resp.GrantId);
return(resp.GrantId);
}
catch (RequestTimeoutException requestTimeoutException)
{
Console.WriteLine(requestTimeoutException.ErrorMessage);
}
catch (ServiceResponseException clientRequestException)
{
Console.WriteLine(clientRequestException.HttpStatusCode);
Console.WriteLine(clientRequestException.ErrorCode);
Console.WriteLine(clientRequestException.ErrorMsg);
}
catch (ConnectionException connectionException)
{
Console.WriteLine(connectionException.ErrorMessage);
}
return(null);
}