Example 1 with AliasListEntry
use of com.amazonaws.services.kms.model.AliasListEntry in project cyberduck by iterate-ch.
the class KMSEncryptionFeature method getKeys.
/**
* @return List of IDs of KMS managed keys
*/
@Override
public Set<Algorithm> getKeys(final Path file, final LoginCallback prompt) throws BackgroundException {
final Path container = containerService.getContainer(file);
final Set<Algorithm> keys = super.getKeys(container, prompt);
if (container.isRoot()) {
return keys;
}
try {
final AWSKMS client = this.client(container);
try {
final Map<String, String> aliases = new HashMap<>();
for (AliasListEntry entry : client.listAliases().getAliases()) {
aliases.put(entry.getTargetKeyId(), entry.getAliasName());
}
for (KeyListEntry entry : client.listKeys().getKeys()) {
keys.add(new AliasedAlgorithm(entry, aliases.get(entry.getKeyId())));
}
} catch (AmazonClientException e) {
throw new AmazonServiceExceptionMappingService().map("Cannot read AWS KMS configuration", e);
} finally {
client.shutdown();
}
} catch (AccessDeniedException e) {
log.warn(String.format("Ignore failure reading keys from KMS. %s", e.getMessage()));
keys.add(SSE_KMS_DEFAULT);
}
return keys;
}
Also used :
Path(ch.cyberduck.core.Path)
AliasListEntry(com.amazonaws.services.kms.model.AliasListEntry)
AccessDeniedException(ch.cyberduck.core.exception.AccessDeniedException)
HashMap(java.util.HashMap)
AmazonClientException(com.amazonaws.AmazonClientException)
AmazonServiceExceptionMappingService(ch.cyberduck.core.aws.AmazonServiceExceptionMappingService)
AWSKMS(com.amazonaws.services.kms.AWSKMS)
KeyListEntry(com.amazonaws.services.kms.model.KeyListEntry)
Example 2 with AliasListEntry
use of com.amazonaws.services.kms.model.AliasListEntry in project cloudbreak by hortonworks.
the class AwsPlatformResourcesTest method aliasListEntry.
private AliasListEntry aliasListEntry(int i) {
AliasListEntry aliasListEntry = new AliasListEntry();
aliasListEntry.setAliasArn(String.format("key-%s", i));
aliasListEntry.setAliasName(String.format("%s", i));
aliasListEntry.setTargetKeyId(String.format("%s", i));
return aliasListEntry;
}
Also used :
AliasListEntry(com.amazonaws.services.kms.model.AliasListEntry)
Example 3 with AliasListEntry
use of com.amazonaws.services.kms.model.AliasListEntry in project aws-doc-sdk-examples by awsdocs.
the class ListAliases method main.
public static void main(String[] args) {
AWSKMS kmsClient = AWSKMSClientBuilder.standard().build();
// List the aliases in this AWS account
//
Integer limit = 10;
String nextMarker = null;
do {
ListAliasesRequest req = new ListAliasesRequest().withMarker(nextMarker).withLimit(limit);
ListAliasesResult result = kmsClient.listAliases(req);
for (AliasListEntry alias : result.getAliases()) {
System.out.printf("Found an alias named \"%s\".%n", alias.getAliasName());
}
nextMarker = result.getNextMarker();
} while (nextMarker != null);
}
Also used :
ListAliasesResult(com.amazonaws.services.kms.model.ListAliasesResult)
AliasListEntry(com.amazonaws.services.kms.model.AliasListEntry)
ListAliasesRequest(com.amazonaws.services.kms.model.ListAliasesRequest)
AWSKMS(com.amazonaws.services.kms.AWSKMS)
Example 4 with AliasListEntry
use of com.amazonaws.services.kms.model.AliasListEntry in project cloudbreak by hortonworks.
the class AwsPlatformResourcesTest method collectEncryptionKeysWhenWeGetBackInfoThenItShouldReturnListWithElements.
@Test
public void collectEncryptionKeysWhenWeGetBackInfoThenItShouldReturnListWithElements() {
ListKeysResult listKeysResult = new ListKeysResult();
Set<KeyListEntry> listEntries = new HashSet<>();
listEntries.add(keyListEntry(1));
listEntries.add(keyListEntry(2));
listEntries.add(keyListEntry(3));
listEntries.add(keyListEntry(4));
listKeysResult.setKeys(listEntries);
DescribeKeyResult describeKeyResult = new DescribeKeyResult();
describeKeyResult.setKeyMetadata(new KeyMetadata());
ListAliasesResult describeAliasResult = new ListAliasesResult();
Set<AliasListEntry> aliasListEntries = new HashSet<>();
aliasListEntries.add(aliasListEntry(1));
aliasListEntries.add(aliasListEntry(2));
aliasListEntries.add(aliasListEntry(3));
aliasListEntries.add(aliasListEntry(4));
describeAliasResult.setAliases(aliasListEntries);
when(awsClient.createAWSKMS(any(AwsCredentialView.class), anyString())).thenReturn(awskmsClient);
when(awskmsClient.listKeys(any(ListKeysRequest.class))).thenReturn(listKeysResult);
when(awskmsClient.describeKey(any(DescribeKeyRequest.class))).thenReturn(describeKeyResult);
when(awskmsClient.listAliases(any(ListAliasesRequest.class))).thenReturn(describeAliasResult);
CloudEncryptionKeys cloudEncryptionKeys = underTest.encryptionKeys(cloudCredential, region("London"), new HashMap<>());
assertEquals(4L, cloudEncryptionKeys.getCloudEncryptionKeys().size());
}
Also used :
ListAliasesResult(com.amazonaws.services.kms.model.ListAliasesResult)
AliasListEntry(com.amazonaws.services.kms.model.AliasListEntry)
DescribeKeyRequest(com.amazonaws.services.kms.model.DescribeKeyRequest)
ListKeysRequest(com.amazonaws.services.kms.model.ListKeysRequest)
CloudEncryptionKeys(com.sequenceiq.cloudbreak.cloud.model.CloudEncryptionKeys)
AwsCredentialView(com.sequenceiq.cloudbreak.cloud.aws.common.view.AwsCredentialView)
KeyListEntry(com.amazonaws.services.kms.model.KeyListEntry)
KeyMetadata(com.amazonaws.services.kms.model.KeyMetadata)
DescribeKeyResult(com.amazonaws.services.kms.model.DescribeKeyResult)
ListKeysResult(com.amazonaws.services.kms.model.ListKeysResult)
ListAliasesRequest(com.amazonaws.services.kms.model.ListAliasesRequest)
HashSet(java.util.HashSet)
Test(org.junit.jupiter.api.Test)
Example 5 with AliasListEntry
use of com.amazonaws.services.kms.model.AliasListEntry in project cloudbreak by hortonworks.
the class AwsPlatformResources method encryptionKeys.
@Override
public CloudEncryptionKeys encryptionKeys(ExtendedCloudCredential cloudCredential, Region region, Map<String, String> filters) {
String queryFailedMessage = "Could not get encryption keys from Amazon: ";
CloudEncryptionKeys cloudEncryptionKeys = new CloudEncryptionKeys(new HashSet<>());
AwsCredentialView awsCredentialView = new AwsCredentialView(cloudCredential);
AmazonKmsClient client = awsClient.createAWSKMS(awsCredentialView, region.value());
try {
ListKeysRequest listKeysRequest = new ListKeysRequest();
ListKeysResult listKeysResult = client.listKeys(listKeysRequest);
ListAliasesResult listAliasesResult = client.listAliases(new ListAliasesRequest());
for (AliasListEntry keyListEntry : listAliasesResult.getAliases()) {
try {
listKeysResult.getKeys().stream().filter(item -> item.getKeyId().equals(keyListEntry.getTargetKeyId())).findFirst().ifPresent(item -> {
DescribeKeyRequest describeKeyRequest = new DescribeKeyRequest().withKeyId(item.getKeyId());
DescribeKeyResult describeKeyResult = client.describeKey(describeKeyRequest);
Map<String, Object> meta = new HashMap<>();
meta.put("aWSAccountId", describeKeyResult.getKeyMetadata().getAWSAccountId());
meta.put("creationDate", describeKeyResult.getKeyMetadata().getCreationDate());
meta.put("enabled", describeKeyResult.getKeyMetadata().getEnabled());
meta.put("expirationModel", describeKeyResult.getKeyMetadata().getExpirationModel());
meta.put("keyManager", describeKeyResult.getKeyMetadata().getKeyManager());
meta.put("keyState", describeKeyResult.getKeyMetadata().getKeyState());
meta.put("keyUsage", describeKeyResult.getKeyMetadata().getKeyUsage());
meta.put("origin", describeKeyResult.getKeyMetadata().getOrigin());
meta.put("validTo", describeKeyResult.getKeyMetadata().getValidTo());
if (!CloudConstants.AWS.equalsIgnoreCase(describeKeyResult.getKeyMetadata().getKeyManager())) {
CloudEncryptionKey key = new CloudEncryptionKey(item.getKeyArn(), describeKeyResult.getKeyMetadata().getKeyId(), describeKeyResult.getKeyMetadata().getDescription(), keyListEntry.getAliasName().replace("alias/", ""), meta);
cloudEncryptionKeys.getCloudEncryptionKeys().add(key);
}
});
} catch (AmazonServiceException e) {
if (e.getStatusCode() == UNAUTHORIZED) {
String policyMessage = "Could not get encryption keys because the user does not have enough permission.";
LOGGER.error(policyMessage, e);
} else {
LOGGER.info(queryFailedMessage, e);
}
} catch (Exception e) {
LOGGER.warn(queryFailedMessage, e);
}
}
} catch (AmazonServiceException ase) {
if (ase.getStatusCode() == UNAUTHORIZED) {
String policyMessage = "Could not get encryption keys because the user does not have enough permission.";
LOGGER.error(policyMessage, ase);
throw new CloudUnauthorizedException(policyMessage, ase);
} else {
LOGGER.info(queryFailedMessage, ase);
throw new CloudConnectorException(queryFailedMessage + ase.getMessage(), ase);
}
} catch (Exception e) {
LOGGER.warn(queryFailedMessage, e);
throw new CloudConnectorException(queryFailedMessage + e.getMessage(), e);
}
return cloudEncryptionKeys;
}
Also used :
ListAliasesResult(com.amazonaws.services.kms.model.ListAliasesResult)
AliasListEntry(com.amazonaws.services.kms.model.AliasListEntry)
AmazonKmsClient(com.sequenceiq.cloudbreak.cloud.aws.common.client.AmazonKmsClient)
HashMap(java.util.HashMap)
CloudConnectorException(com.sequenceiq.cloudbreak.cloud.exception.CloudConnectorException)
DescribeKeyRequest(com.amazonaws.services.kms.model.DescribeKeyRequest)
ListKeysRequest(com.amazonaws.services.kms.model.ListKeysRequest)
CloudEncryptionKeys(com.sequenceiq.cloudbreak.cloud.model.CloudEncryptionKeys)
CloudUnauthorizedException(com.sequenceiq.cloudbreak.cloud.exception.CloudUnauthorizedException)
AmazonServiceException(com.amazonaws.AmazonServiceException)
CloudConnectorException(com.sequenceiq.cloudbreak.cloud.exception.CloudConnectorException)
IOException(java.io.IOException)
SdkClientException(com.amazonaws.SdkClientException)
AmazonEC2Exception(com.amazonaws.services.ec2.model.AmazonEC2Exception)
PermanentlyFailedException(com.sequenceiq.cloudbreak.util.PermanentlyFailedException)
AwsCredentialView(com.sequenceiq.cloudbreak.cloud.aws.common.view.AwsCredentialView)
CloudEncryptionKey(com.sequenceiq.cloudbreak.cloud.model.CloudEncryptionKey)
DescribeKeyResult(com.amazonaws.services.kms.model.DescribeKeyResult)
AmazonServiceException(com.amazonaws.AmazonServiceException)
ListKeysResult(com.amazonaws.services.kms.model.ListKeysResult)
ListAliasesRequest(com.amazonaws.services.kms.model.ListAliasesRequest)
CloudUnauthorizedException(com.sequenceiq.cloudbreak.cloud.exception.CloudUnauthorizedException)
Aggregations
AliasListEntry (com.amazonaws.services.kms.model.AliasListEntry)5
ListAliasesRequest (com.amazonaws.services.kms.model.ListAliasesRequest)3
ListAliasesResult (com.amazonaws.services.kms.model.ListAliasesResult)3
AWSKMS (com.amazonaws.services.kms.AWSKMS)2
DescribeKeyRequest (com.amazonaws.services.kms.model.DescribeKeyRequest)2
DescribeKeyResult (com.amazonaws.services.kms.model.DescribeKeyResult)2
KeyListEntry (com.amazonaws.services.kms.model.KeyListEntry)2
ListKeysRequest (com.amazonaws.services.kms.model.ListKeysRequest)2
ListKeysResult (com.amazonaws.services.kms.model.ListKeysResult)2
AwsCredentialView (com.sequenceiq.cloudbreak.cloud.aws.common.view.AwsCredentialView)2
CloudEncryptionKeys (com.sequenceiq.cloudbreak.cloud.model.CloudEncryptionKeys)2
HashMap (java.util.HashMap)2
Path (ch.cyberduck.core.Path)1
AmazonServiceExceptionMappingService (ch.cyberduck.core.aws.AmazonServiceExceptionMappingService)1
AccessDeniedException (ch.cyberduck.core.exception.AccessDeniedException)1
AmazonClientException (com.amazonaws.AmazonClientException)1
AmazonServiceException (com.amazonaws.AmazonServiceException)1
SdkClientException (com.amazonaws.SdkClientException)1
AmazonEC2Exception (com.amazonaws.services.ec2.model.AmazonEC2Exception)1
KeyMetadata (com.amazonaws.services.kms.model.KeyMetadata)1
