Search in sources :

Example 1 with SdkBaseException

use of com.amazonaws.SdkBaseException in project aws-msk-iam-auth by aws.

the class MSKCredentialProvider method loadCredentialsWithRetry.

private AWSCredentials loadCredentialsWithRetry() {
    RetryPolicyContext retryPolicyContext = RetryPolicyContext.builder().build();
    boolean shouldTry = true;
    try {
        while (shouldTry) {
            try {
                AWSCredentials credentials = compositeDelegate.getCredentials();
                if (credentials == null) {
                    throw new SdkClientException("Composite delegate returned empty credentials.");
                }
                return credentials;
            } catch (SdkBaseException se) {
                log.warn("Exception loading credentials. Retry Attempts: {}", retryPolicyContext.retriesAttempted(), se);
                retryPolicyContext = createRetryPolicyContext(se, retryPolicyContext.retriesAttempted());
                shouldTry = retryPolicy.shouldRetry(retryPolicyContext);
                if (shouldTry) {
                    Thread.sleep(retryPolicy.computeDelayBeforeNextRetry(retryPolicyContext));
                    retryPolicyContext = createRetryPolicyContext(retryPolicyContext.exception(), retryPolicyContext.retriesAttempted() + 1);
                } else {
                    throw se;
                }
            }
        }
        throw new SdkClientException("loadCredentialsWithRetry in unexpected location " + retryPolicyContext.totalRequests(), retryPolicyContext.exception());
    } catch (InterruptedException ie) {
        Thread.currentThread().interrupt();
        throw new RuntimeException("Interrupted while waiting for credentials.", ie);
    }
}
Also used : SdkClientException(com.amazonaws.SdkClientException) SdkBaseException(com.amazonaws.SdkBaseException) RetryPolicyContext(com.amazonaws.retry.v2.RetryPolicyContext) AWSCredentials(com.amazonaws.auth.AWSCredentials)

Example 2 with SdkBaseException

use of com.amazonaws.SdkBaseException in project aws-msk-iam-auth by aws.

the class MSKCredentialProviderTest method setupMockStsRoleCredentialsProviderWithRetriableExceptions.

private STSAssumeRoleSessionCredentialsProvider setupMockStsRoleCredentialsProviderWithRetriableExceptions(int numErrors) {
    SdkBaseException[] exceptionsToThrow = getSdkBaseExceptions(numErrors);
    STSAssumeRoleSessionCredentialsProvider mockStsRoleProvider = Mockito.mock(STSAssumeRoleSessionCredentialsProvider.class);
    Mockito.when(mockStsRoleProvider.getCredentials()).thenThrow(exceptionsToThrow).thenReturn(new BasicSessionCredentials(ACCESS_KEY_VALUE, SECRET_KEY_VALUE, SESSION_TOKEN));
    return mockStsRoleProvider;
}
Also used : STSAssumeRoleSessionCredentialsProvider(com.amazonaws.auth.STSAssumeRoleSessionCredentialsProvider) BasicSessionCredentials(com.amazonaws.auth.BasicSessionCredentials) SdkBaseException(com.amazonaws.SdkBaseException)

Example 3 with SdkBaseException

use of com.amazonaws.SdkBaseException in project aws-msk-iam-auth by aws.

the class MSKCredentialProviderTest method setupMockDefaultProviderWithRetriableExceptions.

private AWSCredentialsProvider setupMockDefaultProviderWithRetriableExceptions(int numErrors) {
    SdkBaseException[] exceptionsToThrow = getSdkBaseExceptions(numErrors);
    EC2ContainerCredentialsProviderWrapper mockEc2Provider = Mockito.mock(EC2ContainerCredentialsProviderWrapper.class);
    Mockito.when(mockEc2Provider.getCredentials()).thenThrow(exceptionsToThrow).thenReturn(new BasicAWSCredentials(ACCESS_KEY_VALUE_TWO, SECRET_KEY_VALUE_TWO));
    return mockEc2Provider;
}
Also used : SdkBaseException(com.amazonaws.SdkBaseException) BasicAWSCredentials(com.amazonaws.auth.BasicAWSCredentials) EC2ContainerCredentialsProviderWrapper(com.amazonaws.auth.EC2ContainerCredentialsProviderWrapper)

Example 4 with SdkBaseException

use of com.amazonaws.SdkBaseException in project cloudbreak by hortonworks.

the class AwsCredentialConnectorTest method testVerifyByServiceIfRoleBasedCredentialVerificationThrowsSdkBaseExceptionThenFailed503StatusShouldReturn.

@Test
public void testVerifyByServiceIfRoleBasedCredentialVerificationThrowsSdkBaseExceptionThenFailed503StatusShouldReturn() throws IOException {
    URL url = Resources.getResource("definitions/aws-environment-minimal-policy.json");
    String awsEnvPolicy = Resources.toString(url, UTF_8);
    String encodedAwsEnvPolicy = Base64.getEncoder().encodeToString(awsEnvPolicy.getBytes());
    List<String> services = List.of("ml");
    Map<String, String> experiencePrerequisites = Map.of("ml", encodedAwsEnvPolicy);
    String roleArn = "someRoleArn";
    when(credentialView.getRoleArn()).thenReturn(roleArn);
    String exceptionMessageComesFromSdk = "SomethingTerribleHappened!";
    String expectedExceptionMessage = String.format("Unable to verify credential: check if the role '%s' exists and it's created with the correct " + "external ID. Cause: '%s'", roleArn, exceptionMessageComesFromSdk);
    Exception sdkException = new SdkBaseException(exceptionMessageComesFromSdk);
    when(awsPlatformParameters.getEnvironmentMinimalPoliciesJson()).thenReturn(Map.of(PolicyType.PUBLIC, encodedAwsEnvPolicy, PolicyType.GOV, encodedAwsEnvPolicy));
    when(credentialClient.retrieveSessionCredentials(any())).thenThrow(sdkException);
    CDPServicePolicyVerificationResponses result = underTest.verifyByServices(authenticatedContext, services, experiencePrerequisites);
    assertNotNull(result);
    assertEquals(result.getResults().size(), 1);
    assertEquals(result.getResults().stream().findFirst().get().getServiceName(), "ml");
    assertEquals(result.getResults().stream().findFirst().get().getServiceStatus(), expectedExceptionMessage);
    assertEquals(result.getResults().stream().findFirst().get().getStatusCode(), 503);
}
Also used : SdkBaseException(com.amazonaws.SdkBaseException) CDPServicePolicyVerificationResponses(com.sequenceiq.cloudbreak.cloud.model.CDPServicePolicyVerificationResponses) URL(java.net.URL) SdkBaseException(com.amazonaws.SdkBaseException) AwsPermissionMissingException(com.sequenceiq.cloudbreak.cloud.aws.common.exception.AwsPermissionMissingException) ExpectedException(org.junit.rules.ExpectedException) IOException(java.io.IOException) AwsConfusedDeputyException(com.sequenceiq.cloudbreak.cloud.aws.common.exception.AwsConfusedDeputyException) AmazonClientException(com.amazonaws.AmazonClientException) Test(org.junit.Test)

Example 5 with SdkBaseException

use of com.amazonaws.SdkBaseException in project cloudbreak by hortonworks.

the class AwsCredentialConnectorTest method testVerifyIfRoleBasedCredentialVerificationThrowsSdkBaseExceptionThenFailedStatusShouldReturn.

@Test
public void testVerifyIfRoleBasedCredentialVerificationThrowsSdkBaseExceptionThenFailedStatusShouldReturn() throws AwsPermissionMissingException, IOException {
    URL url = Resources.getResource("definitions/aws-environment-minimal-policy.json");
    String awsEnvPolicy = Resources.toString(url, UTF_8);
    String encodedAwsEnvPolicy = Base64.getEncoder().encodeToString(awsEnvPolicy.getBytes());
    String roleArn = "someRoleArn";
    when(credentialView.getRoleArn()).thenReturn(roleArn);
    String exceptionMessageComesFromSdk = "SomethingTerribleHappened!";
    String expectedExceptionMessage = String.format("Unable to verify credential: check if the role '%s' exists and it's created with the correct " + "external ID. Cause: '%s'", roleArn, exceptionMessageComesFromSdk);
    Exception sdkException = new SdkBaseException(exceptionMessageComesFromSdk);
    when(awsPlatformParameters.getEnvironmentMinimalPoliciesJson()).thenReturn(Map.of(PolicyType.PUBLIC, encodedAwsEnvPolicy, PolicyType.GOV, encodedAwsEnvPolicy));
    doThrow(sdkException).when(awsCredentialVerifier).validateAws(credentialView, encodedAwsEnvPolicy);
    CloudCredentialStatus result = underTest.verify(authenticatedContext, CREDENTIAL_VERIFICATION_CONTEXT);
    assertNotNull(result);
    assertEquals(CredentialStatus.FAILED, result.getStatus());
    assertEquals(expectedExceptionMessage, result.getStatusReason());
    assertEquals(sdkException, result.getException());
    verify(awsCredentialVerifier, times(1)).validateAws(any(), any());
    verify(awsCredentialVerifier, times(1)).validateAws(credentialView, encodedAwsEnvPolicy);
}
Also used : SdkBaseException(com.amazonaws.SdkBaseException) URL(java.net.URL) SdkBaseException(com.amazonaws.SdkBaseException) AwsPermissionMissingException(com.sequenceiq.cloudbreak.cloud.aws.common.exception.AwsPermissionMissingException) ExpectedException(org.junit.rules.ExpectedException) IOException(java.io.IOException) AwsConfusedDeputyException(com.sequenceiq.cloudbreak.cloud.aws.common.exception.AwsConfusedDeputyException) AmazonClientException(com.amazonaws.AmazonClientException) CloudCredentialStatus(com.sequenceiq.cloudbreak.cloud.model.CloudCredentialStatus) Test(org.junit.Test)

Aggregations

SdkBaseException (com.amazonaws.SdkBaseException)7 IOException (java.io.IOException)3 AmazonClientException (com.amazonaws.AmazonClientException)2 SdkClientException (com.amazonaws.SdkClientException)2 AwsConfusedDeputyException (com.sequenceiq.cloudbreak.cloud.aws.common.exception.AwsConfusedDeputyException)2 AwsPermissionMissingException (com.sequenceiq.cloudbreak.cloud.aws.common.exception.AwsPermissionMissingException)2 URL (java.net.URL)2 Test (org.junit.Test)2 ExpectedException (org.junit.rules.ExpectedException)2 AWSCredentials (com.amazonaws.auth.AWSCredentials)1 BasicAWSCredentials (com.amazonaws.auth.BasicAWSCredentials)1 BasicSessionCredentials (com.amazonaws.auth.BasicSessionCredentials)1 EC2ContainerCredentialsProviderWrapper (com.amazonaws.auth.EC2ContainerCredentialsProviderWrapper)1 STSAssumeRoleSessionCredentialsProvider (com.amazonaws.auth.STSAssumeRoleSessionCredentialsProvider)1 RetryPolicyContext (com.amazonaws.retry.v2.RetryPolicyContext)1 CheckoutLicenseRequest (com.amazonaws.services.licensemanager.model.CheckoutLicenseRequest)1 CheckoutLicenseResult (com.amazonaws.services.licensemanager.model.CheckoutLicenseResult)1 AbortMultipartUploadRequest (com.amazonaws.services.s3.model.AbortMultipartUploadRequest)1 CompleteMultipartUploadRequest (com.amazonaws.services.s3.model.CompleteMultipartUploadRequest)1 InitiateMultipartUploadRequest (com.amazonaws.services.s3.model.InitiateMultipartUploadRequest)1