Example 1 with ContextEntry
use of com.amazonaws.services.identitymanagement.model.ContextEntry in project cloudbreak by hortonworks.
the class AwsCredentialVerifier method getRequiredActions.
private List<RequiredAction> getRequiredActions(String policies) throws IOException {
List<RequiredAction> requiredActions = new ArrayList<>();
Policy policy = new JsonPolicyReader().createPolicyFromJsonString(policies);
for (Statement statement : policy.getStatements()) {
RequiredAction requiredAction = new RequiredAction();
List<Action> actions = statement.getActions();
if (actions != null) {
List<String> actionNames = actions.stream().map(e -> e.getActionName()).collect(Collectors.toList());
requiredAction.setActionNames(actionNames);
}
List<Condition> conditions = statement.getConditions();
if (conditions != null) {
for (Condition condition : conditions) {
ContextEntry contextEntry = new ContextEntry();
contextEntry.setContextKeyName(condition.getConditionKey());
contextEntry.setContextKeyType(ContextKeyTypeEnum.String);
contextEntry.setContextKeyValues(condition.getValues());
requiredAction.getConditions().add(contextEntry);
}
}
String resourceString = statement.getResources().stream().findFirst().get().getId();
requiredAction.setResourceArn(resourceString);
Optional<RequiredAction> first = requiredActions.stream().filter(e -> e.getConditions().equals(requiredAction.getConditions()) && e.getResourceArn().equals(requiredAction.getResourceArn())).findFirst();
if (first.isPresent()) {
requiredActions.remove(first.get());
requiredAction.getActionNames().addAll(first.get().getActionNames());
requiredAction.getConditions().addAll(first.get().getConditions());
requiredActions.add(requiredAction);
} else {
requiredActions.add(requiredAction);
}
}
return requiredActions;
}
Also used :
Policy(com.amazonaws.auth.policy.Policy)
JsonPolicyReader(com.amazonaws.auth.policy.internal.JsonPolicyReader)
Policy(com.amazonaws.auth.policy.Policy)
AwsCredentialCachingConfig(com.sequenceiq.cloudbreak.cloud.aws.common.cache.AwsCredentialCachingConfig)
Action(com.amazonaws.auth.policy.Action)
Cacheable(org.springframework.cache.annotation.Cacheable)
LoggerFactory(org.slf4j.LoggerFactory)
SimulatePrincipalPolicyRequest(com.amazonaws.services.identitymanagement.model.SimulatePrincipalPolicyRequest)
ContextEntry(com.amazonaws.services.identitymanagement.model.ContextEntry)
ArrayList(java.util.ArrayList)
AwsPermissionMissingException(com.sequenceiq.cloudbreak.cloud.aws.common.exception.AwsPermissionMissingException)
Inject(javax.inject.Inject)
AwsCredentialView(com.sequenceiq.cloudbreak.cloud.aws.common.view.AwsCredentialView)
Service(org.springframework.stereotype.Service)
ContextKeyTypeEnum(com.amazonaws.services.identitymanagement.model.ContextKeyTypeEnum)
AmazonIdentityManagementClient(com.sequenceiq.cloudbreak.cloud.aws.common.client.AmazonIdentityManagementClient)
Statement(com.amazonaws.auth.policy.Statement)
GetCallerIdentityResult(com.amazonaws.services.securitytoken.model.GetCallerIdentityResult)
Logger(org.slf4j.Logger)
JsonPolicyReader(com.amazonaws.auth.policy.internal.JsonPolicyReader)
IOException(java.io.IOException)
Collectors(java.util.stream.Collectors)
Collectors.joining(java.util.stream.Collectors.joining)
GetCallerIdentityRequest(com.amazonaws.services.securitytoken.model.GetCallerIdentityRequest)
SimulatePrincipalPolicyResult(com.amazonaws.services.identitymanagement.model.SimulatePrincipalPolicyResult)
Base64(java.util.Base64)
List(java.util.List)
AmazonSecurityTokenServiceClient(com.sequenceiq.cloudbreak.cloud.aws.common.client.AmazonSecurityTokenServiceClient)
Optional(java.util.Optional)
Collections(java.util.Collections)
Condition(com.amazonaws.auth.policy.Condition)
Condition(com.amazonaws.auth.policy.Condition)
Action(com.amazonaws.auth.policy.Action)
Statement(com.amazonaws.auth.policy.Statement)
ArrayList(java.util.ArrayList)
ContextEntry(com.amazonaws.services.identitymanagement.model.ContextEntry)
Aggregations
Action (com.amazonaws.auth.policy.Action)1
Condition (com.amazonaws.auth.policy.Condition)1
Policy (com.amazonaws.auth.policy.Policy)1
Statement (com.amazonaws.auth.policy.Statement)1
JsonPolicyReader (com.amazonaws.auth.policy.internal.JsonPolicyReader)1
ContextEntry (com.amazonaws.services.identitymanagement.model.ContextEntry)1
ContextKeyTypeEnum (com.amazonaws.services.identitymanagement.model.ContextKeyTypeEnum)1
SimulatePrincipalPolicyRequest (com.amazonaws.services.identitymanagement.model.SimulatePrincipalPolicyRequest)1
SimulatePrincipalPolicyResult (com.amazonaws.services.identitymanagement.model.SimulatePrincipalPolicyResult)1
GetCallerIdentityRequest (com.amazonaws.services.securitytoken.model.GetCallerIdentityRequest)1
GetCallerIdentityResult (com.amazonaws.services.securitytoken.model.GetCallerIdentityResult)1
AwsCredentialCachingConfig (com.sequenceiq.cloudbreak.cloud.aws.common.cache.AwsCredentialCachingConfig)1
AmazonIdentityManagementClient (com.sequenceiq.cloudbreak.cloud.aws.common.client.AmazonIdentityManagementClient)1
AmazonSecurityTokenServiceClient (com.sequenceiq.cloudbreak.cloud.aws.common.client.AmazonSecurityTokenServiceClient)1
AwsPermissionMissingException (com.sequenceiq.cloudbreak.cloud.aws.common.exception.AwsPermissionMissingException)1
AwsCredentialView (com.sequenceiq.cloudbreak.cloud.aws.common.view.AwsCredentialView)1
IOException (java.io.IOException)1
ArrayList (java.util.ArrayList)1
Base64 (java.util.Base64)1
Collections (java.util.Collections)1
