use of com.amazonaws.services.identitymanagement.model.AttachedPolicy in project cloudbreak by hortonworks.
the class AwsSetup method validateInstanceProfileCreation.
private void validateInstanceProfileCreation(AwsCredentialView awsCredentialView) {
GetRoleRequest roleRequest = new GetRoleRequest();
String roleName = awsCredentialView.getRoleArn().split("/")[1];
LOGGER.info("Start validate {} role for S3 access.", roleName);
roleRequest.withRoleName(roleName);
AmazonIdentityManagement client = awsClient.createAmazonIdentityManagement(awsCredentialView);
try {
ListRolePoliciesRequest listRolePoliciesRequest = new ListRolePoliciesRequest();
listRolePoliciesRequest.setRoleName(roleName);
ListRolePoliciesResult listRolePoliciesResult = client.listRolePolicies(listRolePoliciesRequest);
for (String s : listRolePoliciesResult.getPolicyNames()) {
if (checkIamOrS3Statement(roleName, client, s)) {
LOGGER.info("Validation successful for s3 or iam access.");
return;
}
}
ListAttachedRolePoliciesRequest listAttachedRolePoliciesRequest = new ListAttachedRolePoliciesRequest();
listAttachedRolePoliciesRequest.setRoleName(roleName);
ListAttachedRolePoliciesResult listAttachedRolePoliciesResult = client.listAttachedRolePolicies(listAttachedRolePoliciesRequest);
for (AttachedPolicy attachedPolicy : listAttachedRolePoliciesResult.getAttachedPolicies()) {
if (checkIamOrS3Access(client, attachedPolicy)) {
LOGGER.info("Validation successful for s3 or iam access.");
return;
}
}
} catch (AmazonServiceException ase) {
if (ase.getStatusCode() == UNAUTHORIZED) {
String policyMEssage = "Could not get policies on the role because the arn role do not have enough permission: %s";
LOGGER.info(String.format(policyMEssage, ase.getErrorMessage()));
throw new CloudConnectorException(String.format(policyMEssage, ase.getErrorMessage()));
} else {
LOGGER.info(ase.getMessage());
throw new CloudConnectorException(ase.getErrorMessage());
}
} catch (Exception e) {
LOGGER.info(e.getMessage());
throw new CloudConnectorException(e.getMessage());
}
LOGGER.info("Could not get policies on the role because the arn role do not have enough permission.");
throw new CloudConnectorException("Could not get policies on the role because the arn role do not have enough permission.");
}
use of com.amazonaws.services.identitymanagement.model.AttachedPolicy in project aws-doc-sdk-examples by awsdocs.
the class AttachRolePolicy method main.
public static void main(String[] args) {
final String USAGE = "To run this example, supply a role name\n" + "Ex: AttachRolePolicy <role-name>\n";
if (args.length != 1) {
System.out.println(USAGE);
System.exit(1);
}
String role_name = args[0];
final AmazonIdentityManagement iam = AmazonIdentityManagementClientBuilder.defaultClient();
ListAttachedRolePoliciesRequest request = new ListAttachedRolePoliciesRequest().withRoleName(role_name);
List<AttachedPolicy> matching_policies = new ArrayList<>();
boolean done = false;
while (!done) {
ListAttachedRolePoliciesResult response = iam.listAttachedRolePolicies(request);
matching_policies.addAll(response.getAttachedPolicies().stream().filter(p -> p.getPolicyName().equals(role_name)).collect(Collectors.toList()));
if (!response.getIsTruncated()) {
done = true;
}
request.setMarker(response.getMarker());
}
if (matching_policies.size() > 0) {
System.out.println(role_name + " policy is already attached to this role.");
return;
}
AttachRolePolicyRequest attach_request = new AttachRolePolicyRequest().withRoleName(role_name).withPolicyArn(POLICY_ARN);
iam.attachRolePolicy(attach_request);
System.out.println("Successfully attached policy " + POLICY_ARN + " to role " + role_name);
}
Aggregations