Search in sources :

Example 1 with AttachedPolicy

use of com.amazonaws.services.identitymanagement.model.AttachedPolicy in project cloudbreak by hortonworks.

the class AwsSetup method validateInstanceProfileCreation.

private void validateInstanceProfileCreation(AwsCredentialView awsCredentialView) {
    GetRoleRequest roleRequest = new GetRoleRequest();
    String roleName = awsCredentialView.getRoleArn().split("/")[1];
    LOGGER.info("Start validate {} role for S3 access.", roleName);
    roleRequest.withRoleName(roleName);
    AmazonIdentityManagement client = awsClient.createAmazonIdentityManagement(awsCredentialView);
    try {
        ListRolePoliciesRequest listRolePoliciesRequest = new ListRolePoliciesRequest();
        listRolePoliciesRequest.setRoleName(roleName);
        ListRolePoliciesResult listRolePoliciesResult = client.listRolePolicies(listRolePoliciesRequest);
        for (String s : listRolePoliciesResult.getPolicyNames()) {
            if (checkIamOrS3Statement(roleName, client, s)) {
                LOGGER.info("Validation successful for s3 or iam access.");
                return;
            }
        }
        ListAttachedRolePoliciesRequest listAttachedRolePoliciesRequest = new ListAttachedRolePoliciesRequest();
        listAttachedRolePoliciesRequest.setRoleName(roleName);
        ListAttachedRolePoliciesResult listAttachedRolePoliciesResult = client.listAttachedRolePolicies(listAttachedRolePoliciesRequest);
        for (AttachedPolicy attachedPolicy : listAttachedRolePoliciesResult.getAttachedPolicies()) {
            if (checkIamOrS3Access(client, attachedPolicy)) {
                LOGGER.info("Validation successful for s3 or iam access.");
                return;
            }
        }
    } catch (AmazonServiceException ase) {
        if (ase.getStatusCode() == UNAUTHORIZED) {
            String policyMEssage = "Could not get policies on the role because the arn role do not have enough permission: %s";
            LOGGER.info(String.format(policyMEssage, ase.getErrorMessage()));
            throw new CloudConnectorException(String.format(policyMEssage, ase.getErrorMessage()));
        } else {
            LOGGER.info(ase.getMessage());
            throw new CloudConnectorException(ase.getErrorMessage());
        }
    } catch (Exception e) {
        LOGGER.info(e.getMessage());
        throw new CloudConnectorException(e.getMessage());
    }
    LOGGER.info("Could not get policies on the role because the arn role do not have enough permission.");
    throw new CloudConnectorException("Could not get policies on the role because the arn role do not have enough permission.");
}
Also used : ListAttachedRolePoliciesResult(com.amazonaws.services.identitymanagement.model.ListAttachedRolePoliciesResult) ListRolePoliciesResult(com.amazonaws.services.identitymanagement.model.ListRolePoliciesResult) AttachedPolicy(com.amazonaws.services.identitymanagement.model.AttachedPolicy) CloudConnectorException(com.sequenceiq.cloudbreak.cloud.exception.CloudConnectorException) AmazonServiceException(com.amazonaws.AmazonServiceException) GetRoleRequest(com.amazonaws.services.identitymanagement.model.GetRoleRequest) ListAttachedRolePoliciesRequest(com.amazonaws.services.identitymanagement.model.ListAttachedRolePoliciesRequest) ListRolePoliciesRequest(com.amazonaws.services.identitymanagement.model.ListRolePoliciesRequest) AmazonIdentityManagement(com.amazonaws.services.identitymanagement.AmazonIdentityManagement) AmazonServiceException(com.amazonaws.AmazonServiceException) AmazonClientException(com.amazonaws.AmazonClientException) CloudConnectorException(com.sequenceiq.cloudbreak.cloud.exception.CloudConnectorException)

Example 2 with AttachedPolicy

use of com.amazonaws.services.identitymanagement.model.AttachedPolicy in project aws-doc-sdk-examples by awsdocs.

the class AttachRolePolicy method main.

public static void main(String[] args) {
    final String USAGE = "To run this example, supply a role name\n" + "Ex: AttachRolePolicy <role-name>\n";
    if (args.length != 1) {
        System.out.println(USAGE);
        System.exit(1);
    }
    String role_name = args[0];
    final AmazonIdentityManagement iam = AmazonIdentityManagementClientBuilder.defaultClient();
    ListAttachedRolePoliciesRequest request = new ListAttachedRolePoliciesRequest().withRoleName(role_name);
    List<AttachedPolicy> matching_policies = new ArrayList<>();
    boolean done = false;
    while (!done) {
        ListAttachedRolePoliciesResult response = iam.listAttachedRolePolicies(request);
        matching_policies.addAll(response.getAttachedPolicies().stream().filter(p -> p.getPolicyName().equals(role_name)).collect(Collectors.toList()));
        if (!response.getIsTruncated()) {
            done = true;
        }
        request.setMarker(response.getMarker());
    }
    if (matching_policies.size() > 0) {
        System.out.println(role_name + " policy is already attached to this role.");
        return;
    }
    AttachRolePolicyRequest attach_request = new AttachRolePolicyRequest().withRoleName(role_name).withPolicyArn(POLICY_ARN);
    iam.attachRolePolicy(attach_request);
    System.out.println("Successfully attached policy " + POLICY_ARN + " to role " + role_name);
}
Also used : ListAttachedRolePoliciesResult(com.amazonaws.services.identitymanagement.model.ListAttachedRolePoliciesResult) AttachRolePolicyRequest(com.amazonaws.services.identitymanagement.model.AttachRolePolicyRequest) AttachedPolicy(com.amazonaws.services.identitymanagement.model.AttachedPolicy) ArrayList(java.util.ArrayList) ListAttachedRolePoliciesRequest(com.amazonaws.services.identitymanagement.model.ListAttachedRolePoliciesRequest) AmazonIdentityManagement(com.amazonaws.services.identitymanagement.AmazonIdentityManagement)

Aggregations

AmazonIdentityManagement (com.amazonaws.services.identitymanagement.AmazonIdentityManagement)2 AttachedPolicy (com.amazonaws.services.identitymanagement.model.AttachedPolicy)2 ListAttachedRolePoliciesRequest (com.amazonaws.services.identitymanagement.model.ListAttachedRolePoliciesRequest)2 ListAttachedRolePoliciesResult (com.amazonaws.services.identitymanagement.model.ListAttachedRolePoliciesResult)2 AmazonClientException (com.amazonaws.AmazonClientException)1 AmazonServiceException (com.amazonaws.AmazonServiceException)1 AttachRolePolicyRequest (com.amazonaws.services.identitymanagement.model.AttachRolePolicyRequest)1 GetRoleRequest (com.amazonaws.services.identitymanagement.model.GetRoleRequest)1 ListRolePoliciesRequest (com.amazonaws.services.identitymanagement.model.ListRolePoliciesRequest)1 ListRolePoliciesResult (com.amazonaws.services.identitymanagement.model.ListRolePoliciesResult)1 CloudConnectorException (com.sequenceiq.cloudbreak.cloud.exception.CloudConnectorException)1 ArrayList (java.util.ArrayList)1