Search in sources :

Example 1 with S3CertificateProvider

use of com.amazon.dataprepper.plugins.prepper.peerforwarder.certificate.s3.S3CertificateProvider in project data-prepper by opensearch-project.

the class CertificateProviderFactory method getCertificateProvider.

public CertificateProvider getCertificateProvider() {
    // ACM Cert for SSL takes preference
    if (certificateProviderConfig.useAcmCertForSSL()) {
        LOG.info("Using ACM certificate for SSL/TLS to setup trust store.");
        final AwsCredentialsProvider credentialsProvider = AwsCredentialsProviderChain.builder().addCredentialsProvider(DefaultCredentialsProvider.create()).build();
        final ClientOverrideConfiguration clientConfig = ClientOverrideConfiguration.builder().retryPolicy(RetryMode.STANDARD).build();
        final AcmClient awsCertificateManager = AcmClient.builder().region(Region.of(certificateProviderConfig.getAwsRegion())).credentialsProvider(credentialsProvider).overrideConfiguration(clientConfig).build();
        return new ACMCertificateProvider(awsCertificateManager, certificateProviderConfig.getAcmCertificateArn(), certificateProviderConfig.getAcmCertIssueTimeOutMillis());
    } else if (certificateProviderConfig.isSslCertFileInS3()) {
        LOG.info("Using S3 to fetch certificate for SSL/TLS to setup trust store.");
        final AwsCredentialsProvider credentialsProvider = AwsCredentialsProviderChain.builder().addCredentialsProvider(DefaultCredentialsProvider.create()).build();
        final S3Client s3Client = S3Client.builder().region(Region.of(certificateProviderConfig.getAwsRegion())).credentialsProvider(credentialsProvider).build();
        return new S3CertificateProvider(s3Client, certificateProviderConfig.getSslKeyCertChainFile());
    } else {
        LOG.info("Using local file system to get certificate for SSL/TLS to setup trust store.");
        return new FileCertificateProvider(certificateProviderConfig.getSslKeyCertChainFile());
    }
}
Also used : FileCertificateProvider(com.amazon.dataprepper.plugins.prepper.peerforwarder.certificate.file.FileCertificateProvider) AcmClient(software.amazon.awssdk.services.acm.AcmClient) ACMCertificateProvider(com.amazon.dataprepper.plugins.prepper.peerforwarder.certificate.acm.ACMCertificateProvider) ClientOverrideConfiguration(software.amazon.awssdk.core.client.config.ClientOverrideConfiguration) AwsCredentialsProvider(software.amazon.awssdk.auth.credentials.AwsCredentialsProvider) S3CertificateProvider(com.amazon.dataprepper.plugins.prepper.peerforwarder.certificate.s3.S3CertificateProvider) S3Client(software.amazon.awssdk.services.s3.S3Client)

Example 2 with S3CertificateProvider

use of com.amazon.dataprepper.plugins.prepper.peerforwarder.certificate.s3.S3CertificateProvider in project data-prepper by opensearch-project.

the class CertificateProviderFactory method getCertificateProvider.

public CertificateProvider getCertificateProvider() {
    // ACM Cert for SSL takes preference
    if (oTelMetricsSourceConfig.useAcmCertForSSL()) {
        LOG.info("Using ACM certificate and private key for SSL/TLS.");
        final AwsCredentialsProvider credentialsProvider = AwsCredentialsProviderChain.builder().addCredentialsProvider(DefaultCredentialsProvider.create()).build();
        final ClientOverrideConfiguration clientConfig = ClientOverrideConfiguration.builder().retryPolicy(RetryMode.STANDARD).build();
        final AcmClient awsCertificateManager = AcmClient.builder().region(Region.of(oTelMetricsSourceConfig.getAwsRegion())).credentialsProvider(credentialsProvider).overrideConfiguration(clientConfig).build();
        return new ACMCertificateProvider(awsCertificateManager, oTelMetricsSourceConfig.getAcmCertificateArn(), oTelMetricsSourceConfig.getAcmCertIssueTimeOutMillis(), oTelMetricsSourceConfig.getAcmPrivateKeyPassword());
    } else if (oTelMetricsSourceConfig.isSslCertAndKeyFileInS3()) {
        LOG.info("Using S3 to fetch certificate and private key for SSL/TLS.");
        final AwsCredentialsProvider credentialsProvider = AwsCredentialsProviderChain.builder().addCredentialsProvider(DefaultCredentialsProvider.create()).build();
        final S3Client s3Client = S3Client.builder().region(Region.of(oTelMetricsSourceConfig.getAwsRegion())).credentialsProvider(credentialsProvider).build();
        return new S3CertificateProvider(s3Client, oTelMetricsSourceConfig.getSslKeyCertChainFile(), oTelMetricsSourceConfig.getSslKeyFile());
    } else {
        LOG.info("Using local file system to get certificate and private key for SSL/TLS.");
        return new FileCertificateProvider(oTelMetricsSourceConfig.getSslKeyCertChainFile(), oTelMetricsSourceConfig.getSslKeyFile());
    }
}
Also used : FileCertificateProvider(com.amazon.dataprepper.plugins.certificate.file.FileCertificateProvider) AcmClient(software.amazon.awssdk.services.acm.AcmClient) ACMCertificateProvider(com.amazon.dataprepper.plugins.certificate.acm.ACMCertificateProvider) ClientOverrideConfiguration(software.amazon.awssdk.core.client.config.ClientOverrideConfiguration) AwsCredentialsProvider(software.amazon.awssdk.auth.credentials.AwsCredentialsProvider) S3CertificateProvider(com.amazon.dataprepper.plugins.certificate.s3.S3CertificateProvider) S3Client(software.amazon.awssdk.services.s3.S3Client)

Example 3 with S3CertificateProvider

use of com.amazon.dataprepper.plugins.prepper.peerforwarder.certificate.s3.S3CertificateProvider in project data-prepper by opensearch-project.

the class CertificateProviderFactory method getCertificateProvider.

public CertificateProvider getCertificateProvider() {
    // ACM Cert for SSL takes preference
    if (oTelTraceSourceConfig.useAcmCertForSSL()) {
        LOG.info("Using ACM certificate and private key for SSL/TLS.");
        final AwsCredentialsProvider credentialsProvider = AwsCredentialsProviderChain.builder().addCredentialsProvider(DefaultCredentialsProvider.create()).build();
        final ClientOverrideConfiguration clientConfig = ClientOverrideConfiguration.builder().retryPolicy(RetryMode.STANDARD).build();
        final AcmClient awsCertificateManager = AcmClient.builder().region(Region.of(oTelTraceSourceConfig.getAwsRegion())).credentialsProvider(credentialsProvider).overrideConfiguration(clientConfig).build();
        return new ACMCertificateProvider(awsCertificateManager, oTelTraceSourceConfig.getAcmCertificateArn(), oTelTraceSourceConfig.getAcmCertIssueTimeOutMillis(), oTelTraceSourceConfig.getAcmPrivateKeyPassword());
    } else if (oTelTraceSourceConfig.isSslCertAndKeyFileInS3()) {
        LOG.info("Using S3 to fetch certificate and private key for SSL/TLS.");
        final AwsCredentialsProvider credentialsProvider = AwsCredentialsProviderChain.builder().addCredentialsProvider(DefaultCredentialsProvider.create()).build();
        final S3Client s3Client = S3Client.builder().region(Region.of(oTelTraceSourceConfig.getAwsRegion())).credentialsProvider(credentialsProvider).build();
        return new S3CertificateProvider(s3Client, oTelTraceSourceConfig.getSslKeyCertChainFile(), oTelTraceSourceConfig.getSslKeyFile());
    } else {
        LOG.info("Using local file system to get certificate and private key for SSL/TLS.");
        return new FileCertificateProvider(oTelTraceSourceConfig.getSslKeyCertChainFile(), oTelTraceSourceConfig.getSslKeyFile());
    }
}
Also used : FileCertificateProvider(com.amazon.dataprepper.plugins.certificate.file.FileCertificateProvider) AcmClient(software.amazon.awssdk.services.acm.AcmClient) ACMCertificateProvider(com.amazon.dataprepper.plugins.certificate.acm.ACMCertificateProvider) ClientOverrideConfiguration(software.amazon.awssdk.core.client.config.ClientOverrideConfiguration) AwsCredentialsProvider(software.amazon.awssdk.auth.credentials.AwsCredentialsProvider) S3CertificateProvider(com.amazon.dataprepper.plugins.certificate.s3.S3CertificateProvider) S3Client(software.amazon.awssdk.services.s3.S3Client)

Aggregations

AwsCredentialsProvider (software.amazon.awssdk.auth.credentials.AwsCredentialsProvider)3 ClientOverrideConfiguration (software.amazon.awssdk.core.client.config.ClientOverrideConfiguration)3 AcmClient (software.amazon.awssdk.services.acm.AcmClient)3 S3Client (software.amazon.awssdk.services.s3.S3Client)3 ACMCertificateProvider (com.amazon.dataprepper.plugins.certificate.acm.ACMCertificateProvider)2 FileCertificateProvider (com.amazon.dataprepper.plugins.certificate.file.FileCertificateProvider)2 S3CertificateProvider (com.amazon.dataprepper.plugins.certificate.s3.S3CertificateProvider)2 ACMCertificateProvider (com.amazon.dataprepper.plugins.prepper.peerforwarder.certificate.acm.ACMCertificateProvider)1 FileCertificateProvider (com.amazon.dataprepper.plugins.prepper.peerforwarder.certificate.file.FileCertificateProvider)1 S3CertificateProvider (com.amazon.dataprepper.plugins.prepper.peerforwarder.certificate.s3.S3CertificateProvider)1