in common/src/main/java/software/amazon/kms/common/KeyHandlerHelper.java [129:153]
public ProgressEvent<M, C> updateKeyPolicy(
final AmazonWebServicesClientProxy proxy,
final ProxyClient<KmsClient> proxyClient,
final M previousModel,
final M model,
final C callbackContext
) {
final String previousKeyPolicy =
keyTranslator.translatePolicyInput(keyTranslator.getKeyPolicy(previousModel));
final String currentKeyPolicy =
keyTranslator.translatePolicyInput(keyTranslator.getKeyPolicy(model));
if (!previousKeyPolicy.equals(currentKeyPolicy) && !callbackContext
.isKeyPolicyUpdated()) { // context carries policy propagation status
callbackContext.setKeyPolicyUpdated(true);
return proxy
.initiate("kms::update-key-keypolicy", proxyClient, model, callbackContext)
.translateToServiceRequest(keyTranslator::putKeyPolicyRequest)
.makeServiceCall(keyApiHelper::putKeyPolicy)
.progress(EventualConsistencyHandlerHelper.EVENTUAL_CONSISTENCY_DELAY_SECONDS);
// This requires some propagation delay because the updated policy
// might provision new permissions which are required by the next events
}
return ProgressEvent.progress(model, callbackContext);
}