Example 21 with Region
use of com.amazonaws.services.s3.model.Region in project athenz by yahoo.
the class AwsPrivateKeyStoreTest method testGetPrivateKeyAlgorithmException.
@Test
public void testGetPrivateKeyAlgorithmException() {
final String bucketName = "my_bucket";
final String keyName = "my_key";
final String algKeyName = "my_key.rsa";
final String keyId = "my_key_id";
System.setProperty("athenz.aws.s3.region", "us-east-1");
System.setProperty("athenz.aws.zts.bucket_name", bucketName);
System.setProperty("athenz.aws.zts.key_name", keyName);
System.setProperty("athenz.aws.zts.key_id_name", keyId);
AmazonS3 s3 = mock(AmazonS3.class);
AWSKMS kms = mock(AWSKMS.class);
Mockito.when(s3.getObject(bucketName, algKeyName)).thenThrow(new IndexOutOfBoundsException());
AwsPrivateKeyStore awsPrivateKeyStore = new AwsPrivateKeyStore(s3, kms);
assertNull(awsPrivateKeyStore.getPrivateKey("zts", "testServerHostName", "us-east-1", "rsa"));
System.clearProperty("athenz.aws.s3.region");
System.clearProperty("athenz.aws.zts.bucket_name");
System.clearProperty("athenz.aws.zts.key_name");
System.clearProperty("athenz.aws.zts.key_id_name");
}Example 22 with Region
use of com.amazonaws.services.s3.model.Region in project athenz by yahoo.
the class AwsPrivateKeyStoreTest method testGetEncryptedDataException.
@Test
public void testGetEncryptedDataException() {
System.setProperty("athenz.aws.s3.region", "us-east-1");
System.setProperty(ATHENZ_AWS_KMS_REGION, "us-east-1");
String bucketName = "my_bucket";
String keyName = "my_key";
String expected = "my_value";
AmazonS3 s3 = mock(AmazonS3.class);
AWSKMS kms = mock(AWSKMS.class);
S3Object s3Object = mock(S3Object.class);
Mockito.when(s3.getObject(bucketName, keyName)).thenReturn(s3Object);
given(s3Object.getObjectContent()).willAnswer(invocation -> {
throw new IOException();
});
ByteBuffer buffer = ByteBuffer.wrap(expected.getBytes());
DecryptResult decryptResult = mock(DecryptResult.class);
Mockito.when(kms.decrypt(Mockito.any(DecryptRequest.class))).thenReturn(decryptResult);
Mockito.when(decryptResult.getPlaintext()).thenReturn(buffer);
System.setProperty("athenz.aws.store_kms_decrypt", "true");
AwsPrivateKeyStore awsPrivateKeyStore = new AwsPrivateKeyStore();
AwsPrivateKeyStore spyAWS = Mockito.spy(awsPrivateKeyStore);
doReturn(s3).when(spyAWS).getS3();
doReturn(kms).when(spyAWS).getKMS();
assertEquals(spyAWS.getKMS(), kms);
System.clearProperty("athenz.aws.s3.region");
System.clearProperty(ATHENZ_AWS_KMS_REGION);
}
Also used :
AmazonS3(com.amazonaws.services.s3.AmazonS3)
DecryptResult(com.amazonaws.services.kms.model.DecryptResult)
S3Object(com.amazonaws.services.s3.model.S3Object)
IOException(java.io.IOException)
ByteBuffer(java.nio.ByteBuffer)
DecryptRequest(com.amazonaws.services.kms.model.DecryptRequest)
AWSKMS(com.amazonaws.services.kms.AWSKMS)
Test(org.testng.annotations.Test)
Example 23 with Region
use of com.amazonaws.services.s3.model.Region in project athenz by yahoo.
the class AwsPrivateKeyStoreTest method testGetPrivateKeyAlgorithm.
private void testGetPrivateKeyAlgorithm(final String service) throws IOException {
final String bucketName = "my_bucket";
final String keyName = "my_key";
final String algKeyName = "my_key.rsa";
final String keyId = "my_key_id";
final String algKeyId = "my_key_id.rsa";
final String expectedKeyId = "1";
System.setProperty("athenz.aws.s3.region", "us-east-1");
System.setProperty("athenz.aws." + service + ".bucket_name", bucketName);
System.setProperty("athenz.aws." + service + ".key_name", keyName);
System.setProperty("athenz.aws." + service + ".key_id_name", keyId);
AmazonS3 s3 = mock(AmazonS3.class);
AWSKMS kms = mock(AWSKMS.class);
S3Object s3ObjectKey = mock(S3Object.class);
Mockito.when(s3.getObject(bucketName, algKeyName)).thenReturn(s3ObjectKey);
File privKeyFile = new File("src/test/resources/unit_test_zts_private.pem");
final String privKey = new String(Files.readAllBytes(privKeyFile.toPath()), StandardCharsets.UTF_8);
InputStream isKey = new ByteArrayInputStream(privKey.getBytes());
S3ObjectInputStream s3ObjectKeyInputStream = new S3ObjectInputStream(isKey, null);
Mockito.when(s3ObjectKey.getObjectContent()).thenReturn(s3ObjectKeyInputStream);
S3Object s3ObjectKeyId = mock(S3Object.class);
Mockito.when(s3.getObject(bucketName, algKeyId)).thenReturn(s3ObjectKeyId);
InputStream isKeyId = new ByteArrayInputStream(expectedKeyId.getBytes());
S3ObjectInputStream s3ObjectKeyIdInputStream = new S3ObjectInputStream(isKeyId, null);
Mockito.when(s3ObjectKeyId.getObjectContent()).thenReturn(s3ObjectKeyIdInputStream);
AwsPrivateKeyStore awsPrivateKeyStore = new AwsPrivateKeyStore(s3, kms);
ServerPrivateKey serverPrivateKey = awsPrivateKeyStore.getPrivateKey(service, "testServerHostName", "us-east-1", "rsa");
assertNotNull(serverPrivateKey);
assertNotNull(serverPrivateKey.getKey());
assertEquals(serverPrivateKey.getAlgorithm().toString(), "RS256");
assertEquals(serverPrivateKey.getId(), "1");
System.clearProperty("athenz.aws.s3.region");
System.clearProperty("athenz.aws." + service + ".bucket_name");
System.clearProperty("athenz.aws." + service + ".key_name");
System.clearProperty("athenz.aws." + service + ".key_id_name");
}
Also used :
AmazonS3(com.amazonaws.services.s3.AmazonS3)
ByteArrayInputStream(java.io.ByteArrayInputStream)
ByteArrayInputStream(java.io.ByteArrayInputStream)
S3ObjectInputStream(com.amazonaws.services.s3.model.S3ObjectInputStream)
InputStream(java.io.InputStream)
S3ObjectInputStream(com.amazonaws.services.s3.model.S3ObjectInputStream)
S3Object(com.amazonaws.services.s3.model.S3Object)
File(java.io.File)
ServerPrivateKey(com.yahoo.athenz.auth.ServerPrivateKey)
AWSKMS(com.amazonaws.services.kms.AWSKMS)
Example 24 with Region
use of com.amazonaws.services.s3.model.Region in project bender by Nextdoor.
the class Bender method invokeS3Handler.
protected static void invokeS3Handler(String source_file) throws HandlerException {
/*
* https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html
* https://docs.aws.amazon.com/AmazonS3/latest/dev/notification-content-structure.html
*/
String awsRegion = "us-east-1";
String eventName = "s3:ObjectCreated:Put";
String eventSource = "aws:s3";
String eventVersion = "2.0";
String s3ConfigurationId = "cli-id";
String s3SchemaVersion = "1.0";
S3BucketEntity s3BucketEntity = null;
S3ObjectEntity s3ObjectEntity = null;
/*
* Make sure the URL was submitted properly
*
* Split the s3://bucket/object path into an S3BucketEntity and S3ObjectEntity object
*/
try {
AmazonS3URI s3URI = new AmazonS3URI(source_file);
s3BucketEntity = new S3BucketEntity(s3URI.getBucket(), null, null);
s3ObjectEntity = new S3ObjectEntity(s3URI.getKey(), 1L, null, null);
} catch (IllegalArgumentException e) {
logger.error("Invalid source_file URL supplied (" + source_file + "): " + e);
System.exit(1);
}
/*
* Override the AWS Region if its supplied
*/
if (System.getenv("AWS_REGION") != null) {
awsRegion = System.getenv("AWS_REGION");
}
/*
* Set the arrival timestamp as the function run time.
*/
DateTime eventTime = new DateTime().toDateTime();
/*
* Generate our context/handler objects.. we'll be populating them shortly.
*/
TestContext ctx = getContext();
S3Handler handler = new S3Handler();
/*
* Create a S3EventNotification event
*/
S3Entity s3Entity = new S3Entity(s3ConfigurationId, s3BucketEntity, s3ObjectEntity, s3SchemaVersion);
S3EventNotificationRecord rec = new S3EventNotificationRecord(awsRegion, eventName, eventSource, eventTime.toString(), eventVersion, null, null, s3Entity, null);
List<S3EventNotificationRecord> notifications = new ArrayList<S3EventNotificationRecord>(2);
notifications.add(rec);
S3EventNotification s3event = new S3EventNotification(notifications);
/*
* Invoke handler
*/
handler.handler(s3event, ctx);
handler.shutdown();
}
Also used :
S3Entity(com.amazonaws.services.s3.event.S3EventNotification.S3Entity)
S3Handler(com.nextdoor.bender.handler.s3.S3Handler)
TestContext(com.nextdoor.bender.aws.TestContext)
ArrayList(java.util.ArrayList)
AmazonS3URI(com.amazonaws.services.s3.AmazonS3URI)
DateTime(org.joda.time.DateTime)
S3BucketEntity(com.amazonaws.services.s3.event.S3EventNotification.S3BucketEntity)
S3EventNotification(com.amazonaws.services.s3.event.S3EventNotification)
S3ObjectEntity(com.amazonaws.services.s3.event.S3EventNotification.S3ObjectEntity)
S3EventNotificationRecord(com.amazonaws.services.s3.event.S3EventNotification.S3EventNotificationRecord)
Example 25 with Region
use of com.amazonaws.services.s3.model.Region in project kork by spinnaker.
the class S3SecretEngine method downloadRemoteFile.
@Override
protected InputStream downloadRemoteFile(EncryptedSecret encryptedSecret) throws IOException {
String region = encryptedSecret.getParams().get(STORAGE_REGION);
String bucket = encryptedSecret.getParams().get(STORAGE_BUCKET);
String objName = encryptedSecret.getParams().get(STORAGE_FILE_URI);
AmazonS3ClientBuilder s3ClientBuilder = AmazonS3ClientBuilder.standard();
if (this.s3ConfigurationProperties.isPresent()) {
S3ConfigurationProperties s3ConfigurationProperties = this.s3ConfigurationProperties.get();
if (!StringUtils.isBlank(s3ConfigurationProperties.getEndpointUrl())) {
s3ClientBuilder.setEndpointConfiguration(new AwsClientBuilder.EndpointConfiguration(s3ConfigurationProperties.getEndpointUrl(), region));
s3ClientBuilder.setPathStyleAccessEnabled(s3ConfigurationProperties.isPathStyleAccessEnabled());
} else {
throw new SecretException(String.format("Endpoint not found in properties: s3.secret.endpoint-url"));
}
} else {
s3ClientBuilder = s3ClientBuilder.withRegion(region);
}
AmazonS3 s3Client = s3ClientBuilder.build();
try {
if (!s3Client.doesBucketExistV2(bucket)) {
throw new SecretException(String.format("S3 Bucket does not exist. Bucket: %s, Region: %s", bucket, region));
}
S3Object s3Object = s3Client.getObject(bucket, objName);
return s3Object.getObjectContent();
} catch (AmazonS3Exception ex) {
StringBuilder sb = new StringBuilder("Error reading contents of S3 -- ");
if (403 == ex.getStatusCode()) {
sb.append(String.format("Unauthorized access. Check connectivity and permissions to the bucket. -- Bucket: %s, Object: %s, Region: %s.\n" + "Error: %s ", bucket, objName, region, ex.toString()));
} else if (404 == ex.getStatusCode()) {
sb.append(String.format("Not found. Does secret file exist? -- Bucket: %s, Object: %s, Region: %s.\nError: %s", bucket, objName, region, ex.toString()));
} else {
sb.append(String.format("Error: %s", ex.toString()));
}
throw new SecretException(sb.toString(), ex);
} catch (AmazonClientException ex) {
throw new SecretException(String.format("Error reading contents of S3. Bucket: %s, Object: %s, Region: %s.\nError: %s", bucket, objName, region, ex.toString()), ex);
}
}
Also used :
SecretException(com.netflix.spinnaker.kork.secrets.SecretException)
AmazonS3(com.amazonaws.services.s3.AmazonS3)
AmazonS3ClientBuilder(com.amazonaws.services.s3.AmazonS3ClientBuilder)
AmazonClientException(com.amazonaws.AmazonClientException)
AwsClientBuilder(com.amazonaws.client.builder.AwsClientBuilder)
S3Object(com.amazonaws.services.s3.model.S3Object)
AmazonS3Exception(com.amazonaws.services.s3.model.AmazonS3Exception)
Aggregations
AmazonS3 (com.amazonaws.services.s3.AmazonS3)18
AmazonS3Client (com.amazonaws.services.s3.AmazonS3Client)17
IOException (java.io.IOException)12
AmazonServiceException (com.amazonaws.AmazonServiceException)11
AmazonS3Exception (com.amazonaws.services.s3.model.AmazonS3Exception)11
Test (org.junit.Test)10
AmazonClientException (com.amazonaws.AmazonClientException)9
BasicAWSCredentials (com.amazonaws.auth.BasicAWSCredentials)9
Regions (com.amazonaws.regions.Regions)9
HashMap (java.util.HashMap)9
Date (java.util.Date)8
Map (java.util.Map)8
ClientConfiguration (com.amazonaws.ClientConfiguration)7
AmazonS3ClientBuilder (com.amazonaws.services.s3.AmazonS3ClientBuilder)7
S3Object (com.amazonaws.services.s3.model.S3Object)7
AWSKMS (com.amazonaws.services.kms.AWSKMS)6
TransferManager (com.amazonaws.services.s3.transfer.TransferManager)6
ByteArrayInputStream (java.io.ByteArrayInputStream)6
FileNotFoundException (java.io.FileNotFoundException)6
InputStream (java.io.InputStream)6
