Struct rusoto_kms::GrantConstraints
source · [−]pub struct GrantConstraints {
pub encryption_context_equals: Option<HashMap<String, String>>,
pub encryption_context_subset: Option<HashMap<String, String>>,
}
Expand description
Use this structure to allow cryptographic operations in the grant only when the operation request includes the specified encryption context.
AWS KMS applies the grant constraints only to cryptographic operations that support an encryption context, that is, all cryptographic operations with a symmetric CMK. Grant constraints are not applied to operations that do not support an encryption context, such as cryptographic operations with asymmetric CMKs and management operations, such as DescribeKey or RetireGrant.
In a cryptographic operation, the encryption context in the decryption operation must be an exact, case-sensitive match for the keys and values in the encryption context of the encryption operation. Only the order of the pairs can vary.
However, in a grant constraint, the key in each key-value pair is not case sensitive, but the value is case sensitive.
To avoid confusion, do not use multiple encryption context pairs that differ only by case. To require a fully case-sensitive encryption context, use the kms:EncryptionContext:
and kms:EncryptionContextKeys
conditions in an IAM or key policy. For details, see kms:EncryptionContext: in the AWS Key Management Service Developer Guide .
Fields
encryption_context_equals: Option<HashMap<String, String>>
A list of key-value pairs that must match the encryption context in the cryptographic operation request. The grant allows the operation only when the encryption context in the request is the same as the encryption context specified in this constraint.
encryption_context_subset: Option<HashMap<String, String>>
A list of key-value pairs that must be included in the encryption context of the cryptographic operation request. The grant allows the cryptographic operation only when the encryption context in the request includes the key-value pairs specified in this constraint, although it can include additional key-value pairs.
Trait Implementations
sourceimpl Clone for GrantConstraints
impl Clone for GrantConstraints
sourcefn clone(&self) -> GrantConstraints
fn clone(&self) -> GrantConstraints
Returns a copy of the value. Read more
1.0.0 · sourcefn clone_from(&mut self, source: &Self)
fn clone_from(&mut self, source: &Self)
Performs copy-assignment from source
. Read more
sourceimpl Debug for GrantConstraints
impl Debug for GrantConstraints
sourceimpl Default for GrantConstraints
impl Default for GrantConstraints
sourcefn default() -> GrantConstraints
fn default() -> GrantConstraints
Returns the “default value” for a type. Read more
sourceimpl<'de> Deserialize<'de> for GrantConstraints
impl<'de> Deserialize<'de> for GrantConstraints
sourcefn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error> where
__D: Deserializer<'de>,
fn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error> where
__D: Deserializer<'de>,
Deserialize this value from the given Serde deserializer. Read more
sourceimpl PartialEq<GrantConstraints> for GrantConstraints
impl PartialEq<GrantConstraints> for GrantConstraints
sourcefn eq(&self, other: &GrantConstraints) -> bool
fn eq(&self, other: &GrantConstraints) -> bool
This method tests for self
and other
values to be equal, and is used
by ==
. Read more
sourcefn ne(&self, other: &GrantConstraints) -> bool
fn ne(&self, other: &GrantConstraints) -> bool
This method tests for !=
.
sourceimpl Serialize for GrantConstraints
impl Serialize for GrantConstraints
impl StructuralPartialEq for GrantConstraints
Auto Trait Implementations
impl RefUnwindSafe for GrantConstraints
impl Send for GrantConstraints
impl Sync for GrantConstraints
impl Unpin for GrantConstraints
impl UnwindSafe for GrantConstraints
Blanket Implementations
sourceimpl<T> BorrowMut<T> for T where
T: ?Sized,
impl<T> BorrowMut<T> for T where
T: ?Sized,
const: unstable · sourcefn borrow_mut(&mut self) -> &mut T
fn borrow_mut(&mut self) -> &mut T
Mutably borrows from an owned value. Read more
sourceimpl<T> Instrument for T
impl<T> Instrument for T
sourcefn instrument(self, span: Span) -> Instrumented<Self>
fn instrument(self, span: Span) -> Instrumented<Self>
sourcefn in_current_span(self) -> Instrumented<Self>
fn in_current_span(self) -> Instrumented<Self>
sourceimpl<T> ToOwned for T where
T: Clone,
impl<T> ToOwned for T where
T: Clone,
type Owned = T
type Owned = T
The resulting type after obtaining ownership.
sourcefn clone_into(&self, target: &mut T)
fn clone_into(&self, target: &mut T)
toowned_clone_into
)Uses borrowed data to replace owned data, usually by cloning. Read more
sourceimpl<T> WithSubscriber for T
impl<T> WithSubscriber for T
sourcefn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self> where
S: Into<Dispatch>,
fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self> where
S: Into<Dispatch>,
Attaches the provided Subscriber
to this type, returning a
WithDispatch
wrapper. Read more
sourcefn with_current_subscriber(self) -> WithDispatch<Self>
fn with_current_subscriber(self) -> WithDispatch<Self>
Attaches the current default Subscriber
to this type, returning a
WithDispatch
wrapper. Read more