use of com.amazonaws.services.kms.model.DescribeKeyResult in project cerberus by Nike-Inc.
the class KmsServiceTest method test_validatePolicy_validates_policy_when_validate_interval_has_passed.
@Test
public void test_validatePolicy_validates_policy_when_validate_interval_has_passed() {
String kmsKeyArn = "kms key arn";
String awsIamRoleRecordId = "aws iam role record id";
String kmsCMKRegion = "kmsCMKRegion";
String policy = "policy";
OffsetDateTime lastValidated = OffsetDateTime.of(2016, 1, 1, 1, 1, 1, 1, ZoneOffset.UTC);
OffsetDateTime now = OffsetDateTime.now();
AWSKMSClient client = mock(AWSKMSClient.class);
when(client.describeKey(anyObject())).thenReturn(new DescribeKeyResult().withKeyMetadata(new KeyMetadata().withKeyState(KeyState.Enabled)));
when(kmsClientFactory.getClient(kmsCMKRegion)).thenReturn(client);
GetKeyPolicyResult result = mock(GetKeyPolicyResult.class);
when(result.getPolicy()).thenReturn(policy);
when(client.getKeyPolicy(new GetKeyPolicyRequest().withKeyId(kmsKeyArn).withPolicyName("default"))).thenReturn(result);
when(kmsPolicyService.isPolicyValid(policy)).thenReturn(true);
AwsIamRoleKmsKeyRecord kmsKey = mock(AwsIamRoleKmsKeyRecord.class);
when(kmsKey.getAwsIamRoleId()).thenReturn(awsIamRoleRecordId);
when(kmsKey.getAwsKmsKeyId()).thenReturn(kmsKeyArn);
when(kmsKey.getAwsRegion()).thenReturn(kmsCMKRegion);
when(kmsKey.getLastValidatedTs()).thenReturn(lastValidated);
when(awsIamRoleDao.getKmsKey(awsIamRoleRecordId, kmsCMKRegion)).thenReturn(Optional.of(kmsKey));
when(dateTimeSupplier.get()).thenReturn(now);
kmsService.validateKeyAndPolicy(kmsKey, kmsKeyArn);
verify(client, times(1)).getKeyPolicy(new GetKeyPolicyRequest().withKeyId(kmsKeyArn).withPolicyName("default"));
verify(kmsPolicyService, times(1)).isPolicyValid(policy);
}
use of com.amazonaws.services.kms.model.DescribeKeyResult in project aws-doc-sdk-examples by awsdocs.
the class ViewCustomerMasterKey method main.
public static void main(String[] args) {
final String USAGE = "To run this example, supply a key id or ARN\n" + "Usage: ViewCustomerMasterKey <key-id>\n" + "Example: ViewCustomerMasterKey 1234abcd-12ab-34cd-56ef-1234567890ab\n";
if (args.length != 1) {
System.out.println(USAGE);
System.exit(1);
}
String keyId = args[0];
AWSKMS kmsClient = AWSKMSClientBuilder.standard().build();
// Describe a CMK
DescribeKeyRequest req = new DescribeKeyRequest().withKeyId(keyId);
DescribeKeyResult result = kmsClient.describeKey(req);
KeyMetadata metadata = result.getKeyMetadata();
System.out.printf("%-15s %s%n", "KeyId:", keyId);
System.out.printf("%-15s %s%n", "Arn:", metadata.getArn());
System.out.printf("%-15s %s%n", "CreationDate:", metadata.getCreationDate());
System.out.printf("%-15s %s%n", "Description:", metadata.getDescription());
System.out.printf("%-15s %s%n", "KeyUsage:", metadata.getKeyUsage());
System.out.printf("%-15s %s%n", "KeyState:", metadata.getKeyState());
System.out.printf("%-15s %s%n", "Origin:", metadata.getOrigin());
System.out.printf("%-15s %s%n", "KeyManager:", metadata.getKeyManager());
}
use of com.amazonaws.services.kms.model.DescribeKeyResult in project cloudbreak by hortonworks.
the class AwsPlatformResourcesTest method collectEncryptionKeysWhenWeGetBackInfoThenItShouldReturnListWithElements.
@Test
public void collectEncryptionKeysWhenWeGetBackInfoThenItShouldReturnListWithElements() {
ListKeysResult listKeysResult = new ListKeysResult();
Set<KeyListEntry> listEntries = new HashSet<>();
listEntries.add(keyListEntry(1));
listEntries.add(keyListEntry(2));
listEntries.add(keyListEntry(3));
listEntries.add(keyListEntry(4));
listKeysResult.setKeys(listEntries);
DescribeKeyResult describeKeyResult = new DescribeKeyResult();
describeKeyResult.setKeyMetadata(new KeyMetadata());
ListAliasesResult describeAliasResult = new ListAliasesResult();
Set<AliasListEntry> aliasListEntries = new HashSet<>();
aliasListEntries.add(aliasListEntry(1));
aliasListEntries.add(aliasListEntry(2));
aliasListEntries.add(aliasListEntry(3));
aliasListEntries.add(aliasListEntry(4));
describeAliasResult.setAliases(aliasListEntries);
when(awsClient.createAWSKMS(any(AwsCredentialView.class), anyString())).thenReturn(awskmsClient);
when(awskmsClient.listKeys(any(ListKeysRequest.class))).thenReturn(listKeysResult);
when(awskmsClient.describeKey(any(DescribeKeyRequest.class))).thenReturn(describeKeyResult);
when(awskmsClient.listAliases(any(ListAliasesRequest.class))).thenReturn(describeAliasResult);
CloudEncryptionKeys cloudEncryptionKeys = underTest.encryptionKeys(cloudCredential, region("London"), new HashMap<>());
assertEquals(4L, cloudEncryptionKeys.getCloudEncryptionKeys().size());
}
use of com.amazonaws.services.kms.model.DescribeKeyResult in project cloudbreak by hortonworks.
the class AwsPlatformResources method encryptionKeys.
@Override
public CloudEncryptionKeys encryptionKeys(ExtendedCloudCredential cloudCredential, Region region, Map<String, String> filters) {
String queryFailedMessage = "Could not get encryption keys from Amazon: ";
CloudEncryptionKeys cloudEncryptionKeys = new CloudEncryptionKeys(new HashSet<>());
AwsCredentialView awsCredentialView = new AwsCredentialView(cloudCredential);
AmazonKmsClient client = awsClient.createAWSKMS(awsCredentialView, region.value());
try {
ListKeysRequest listKeysRequest = new ListKeysRequest();
ListKeysResult listKeysResult = client.listKeys(listKeysRequest);
ListAliasesResult listAliasesResult = client.listAliases(new ListAliasesRequest());
for (AliasListEntry keyListEntry : listAliasesResult.getAliases()) {
try {
listKeysResult.getKeys().stream().filter(item -> item.getKeyId().equals(keyListEntry.getTargetKeyId())).findFirst().ifPresent(item -> {
DescribeKeyRequest describeKeyRequest = new DescribeKeyRequest().withKeyId(item.getKeyId());
DescribeKeyResult describeKeyResult = client.describeKey(describeKeyRequest);
Map<String, Object> meta = new HashMap<>();
meta.put("aWSAccountId", describeKeyResult.getKeyMetadata().getAWSAccountId());
meta.put("creationDate", describeKeyResult.getKeyMetadata().getCreationDate());
meta.put("enabled", describeKeyResult.getKeyMetadata().getEnabled());
meta.put("expirationModel", describeKeyResult.getKeyMetadata().getExpirationModel());
meta.put("keyManager", describeKeyResult.getKeyMetadata().getKeyManager());
meta.put("keyState", describeKeyResult.getKeyMetadata().getKeyState());
meta.put("keyUsage", describeKeyResult.getKeyMetadata().getKeyUsage());
meta.put("origin", describeKeyResult.getKeyMetadata().getOrigin());
meta.put("validTo", describeKeyResult.getKeyMetadata().getValidTo());
if (!CloudConstants.AWS.equalsIgnoreCase(describeKeyResult.getKeyMetadata().getKeyManager())) {
CloudEncryptionKey key = new CloudEncryptionKey(item.getKeyArn(), describeKeyResult.getKeyMetadata().getKeyId(), describeKeyResult.getKeyMetadata().getDescription(), keyListEntry.getAliasName().replace("alias/", ""), meta);
cloudEncryptionKeys.getCloudEncryptionKeys().add(key);
}
});
} catch (AmazonServiceException e) {
if (e.getStatusCode() == UNAUTHORIZED) {
String policyMessage = "Could not get encryption keys because the user does not have enough permission.";
LOGGER.error(policyMessage, e);
} else {
LOGGER.info(queryFailedMessage, e);
}
} catch (Exception e) {
LOGGER.warn(queryFailedMessage, e);
}
}
} catch (AmazonServiceException ase) {
if (ase.getStatusCode() == UNAUTHORIZED) {
String policyMessage = "Could not get encryption keys because the user does not have enough permission.";
LOGGER.error(policyMessage, ase);
throw new CloudUnauthorizedException(policyMessage, ase);
} else {
LOGGER.info(queryFailedMessage, ase);
throw new CloudConnectorException(queryFailedMessage + ase.getMessage(), ase);
}
} catch (Exception e) {
LOGGER.warn(queryFailedMessage, e);
throw new CloudConnectorException(queryFailedMessage + e.getMessage(), e);
}
return cloudEncryptionKeys;
}
use of com.amazonaws.services.kms.model.DescribeKeyResult in project cerberus by Nike-Inc.
the class KmsServiceTest method test_getKmsKeyState_happy.
@Test
public void test_getKmsKeyState_happy() {
String awsRegion = "aws region";
String kmsKeyId = "kms key id";
String state = "state";
AWSKMSClient kmsClient = mock(AWSKMSClient.class);
when(kmsClientFactory.getClient(awsRegion)).thenReturn(kmsClient);
when(kmsClient.describeKey(anyObject())).thenReturn(new DescribeKeyResult().withKeyMetadata(new KeyMetadata().withKeyState(state)));
String result = kmsService.getKmsKeyState(kmsKeyId, awsRegion);
assertEquals(state, result);
}
Aggregations