Search in sources :

Example 1 with ContextEntry

use of com.amazonaws.services.identitymanagement.model.ContextEntry in project cloudbreak by hortonworks.

the class AwsCredentialVerifier method getRequiredActions.

private List<RequiredAction> getRequiredActions(String policies) throws IOException {
    List<RequiredAction> requiredActions = new ArrayList<>();
    Policy policy = new JsonPolicyReader().createPolicyFromJsonString(policies);
    for (Statement statement : policy.getStatements()) {
        RequiredAction requiredAction = new RequiredAction();
        List<Action> actions = statement.getActions();
        if (actions != null) {
            List<String> actionNames = actions.stream().map(e -> e.getActionName()).collect(Collectors.toList());
            requiredAction.setActionNames(actionNames);
        }
        List<Condition> conditions = statement.getConditions();
        if (conditions != null) {
            for (Condition condition : conditions) {
                ContextEntry contextEntry = new ContextEntry();
                contextEntry.setContextKeyName(condition.getConditionKey());
                contextEntry.setContextKeyType(ContextKeyTypeEnum.String);
                contextEntry.setContextKeyValues(condition.getValues());
                requiredAction.getConditions().add(contextEntry);
            }
        }
        String resourceString = statement.getResources().stream().findFirst().get().getId();
        requiredAction.setResourceArn(resourceString);
        Optional<RequiredAction> first = requiredActions.stream().filter(e -> e.getConditions().equals(requiredAction.getConditions()) && e.getResourceArn().equals(requiredAction.getResourceArn())).findFirst();
        if (first.isPresent()) {
            requiredActions.remove(first.get());
            requiredAction.getActionNames().addAll(first.get().getActionNames());
            requiredAction.getConditions().addAll(first.get().getConditions());
            requiredActions.add(requiredAction);
        } else {
            requiredActions.add(requiredAction);
        }
    }
    return requiredActions;
}
Also used : Policy(com.amazonaws.auth.policy.Policy) JsonPolicyReader(com.amazonaws.auth.policy.internal.JsonPolicyReader) Policy(com.amazonaws.auth.policy.Policy) AwsCredentialCachingConfig(com.sequenceiq.cloudbreak.cloud.aws.common.cache.AwsCredentialCachingConfig) Action(com.amazonaws.auth.policy.Action) Cacheable(org.springframework.cache.annotation.Cacheable) LoggerFactory(org.slf4j.LoggerFactory) SimulatePrincipalPolicyRequest(com.amazonaws.services.identitymanagement.model.SimulatePrincipalPolicyRequest) ContextEntry(com.amazonaws.services.identitymanagement.model.ContextEntry) ArrayList(java.util.ArrayList) AwsPermissionMissingException(com.sequenceiq.cloudbreak.cloud.aws.common.exception.AwsPermissionMissingException) Inject(javax.inject.Inject) AwsCredentialView(com.sequenceiq.cloudbreak.cloud.aws.common.view.AwsCredentialView) Service(org.springframework.stereotype.Service) ContextKeyTypeEnum(com.amazonaws.services.identitymanagement.model.ContextKeyTypeEnum) AmazonIdentityManagementClient(com.sequenceiq.cloudbreak.cloud.aws.common.client.AmazonIdentityManagementClient) Statement(com.amazonaws.auth.policy.Statement) GetCallerIdentityResult(com.amazonaws.services.securitytoken.model.GetCallerIdentityResult) Logger(org.slf4j.Logger) JsonPolicyReader(com.amazonaws.auth.policy.internal.JsonPolicyReader) IOException(java.io.IOException) Collectors(java.util.stream.Collectors) Collectors.joining(java.util.stream.Collectors.joining) GetCallerIdentityRequest(com.amazonaws.services.securitytoken.model.GetCallerIdentityRequest) SimulatePrincipalPolicyResult(com.amazonaws.services.identitymanagement.model.SimulatePrincipalPolicyResult) Base64(java.util.Base64) List(java.util.List) AmazonSecurityTokenServiceClient(com.sequenceiq.cloudbreak.cloud.aws.common.client.AmazonSecurityTokenServiceClient) Optional(java.util.Optional) Collections(java.util.Collections) Condition(com.amazonaws.auth.policy.Condition) Condition(com.amazonaws.auth.policy.Condition) Action(com.amazonaws.auth.policy.Action) Statement(com.amazonaws.auth.policy.Statement) ArrayList(java.util.ArrayList) ContextEntry(com.amazonaws.services.identitymanagement.model.ContextEntry)

Aggregations

Action (com.amazonaws.auth.policy.Action)1 Condition (com.amazonaws.auth.policy.Condition)1 Policy (com.amazonaws.auth.policy.Policy)1 Statement (com.amazonaws.auth.policy.Statement)1 JsonPolicyReader (com.amazonaws.auth.policy.internal.JsonPolicyReader)1 ContextEntry (com.amazonaws.services.identitymanagement.model.ContextEntry)1 ContextKeyTypeEnum (com.amazonaws.services.identitymanagement.model.ContextKeyTypeEnum)1 SimulatePrincipalPolicyRequest (com.amazonaws.services.identitymanagement.model.SimulatePrincipalPolicyRequest)1 SimulatePrincipalPolicyResult (com.amazonaws.services.identitymanagement.model.SimulatePrincipalPolicyResult)1 GetCallerIdentityRequest (com.amazonaws.services.securitytoken.model.GetCallerIdentityRequest)1 GetCallerIdentityResult (com.amazonaws.services.securitytoken.model.GetCallerIdentityResult)1 AwsCredentialCachingConfig (com.sequenceiq.cloudbreak.cloud.aws.common.cache.AwsCredentialCachingConfig)1 AmazonIdentityManagementClient (com.sequenceiq.cloudbreak.cloud.aws.common.client.AmazonIdentityManagementClient)1 AmazonSecurityTokenServiceClient (com.sequenceiq.cloudbreak.cloud.aws.common.client.AmazonSecurityTokenServiceClient)1 AwsPermissionMissingException (com.sequenceiq.cloudbreak.cloud.aws.common.exception.AwsPermissionMissingException)1 AwsCredentialView (com.sequenceiq.cloudbreak.cloud.aws.common.view.AwsCredentialView)1 IOException (java.io.IOException)1 ArrayList (java.util.ArrayList)1 Base64 (java.util.Base64)1 Collections (java.util.Collections)1