Example 1 with DecodeAuthorizationMessageRequest
use of com.amazonaws.services.securitytoken.model.DecodeAuthorizationMessageRequest in project cloudbreak by hortonworks.
the class AwsEncodedAuthorizationFailureMessageDecoder method getResultMessage.
private String getResultMessage(AwsCredentialView credentialView, String region, String encodedMessage) {
AmazonSecurityTokenServiceClient awsSts = awsClient.createSecurityTokenService(credentialView, region);
DecodeAuthorizationMessageRequest decodeAuthorizationMessageRequest = new DecodeAuthorizationMessageRequest().withEncodedMessage(encodedMessage);
DecodeAuthorizationMessageResult decodeAuthorizationMessageResult = awsSts.decodeAuthorizationMessage(decodeAuthorizationMessageRequest);
String decodedMessage = decodeAuthorizationMessageResult.getDecodedMessage();
Json authorizationError = new Json(decodedMessage);
String action = authorizationError.getValue("context.action");
String resource = authorizationError.getValue("context.resource");
return String.format("Your AWS credential is not authorized to perform action %s on resource %s. " + "Please contact your system administrator to update your AWS policy.", action, resource);
}
Also used :
DecodeAuthorizationMessageResult(com.amazonaws.services.securitytoken.model.DecodeAuthorizationMessageResult)
DecodeAuthorizationMessageRequest(com.amazonaws.services.securitytoken.model.DecodeAuthorizationMessageRequest)
Json(com.sequenceiq.cloudbreak.common.json.Json)
AmazonSecurityTokenServiceClient(com.sequenceiq.cloudbreak.cloud.aws.common.client.AmazonSecurityTokenServiceClient)
Example 2 with DecodeAuthorizationMessageRequest
use of com.amazonaws.services.securitytoken.model.DecodeAuthorizationMessageRequest in project cloudbreak by hortonworks.
the class AwsEncodedAuthorizationFailureMessageDecoderTest method shouldDecodeEncodedMessage.
@Test
void shouldDecodeEncodedMessage() {
String result = underTest.decodeAuthorizationFailureMessageIfNeeded(awsCredentialView, REGION, ENCODED_AUTHORIZATION_FAILURE_MESSAGE);
assertThat(result).isEqualTo("Your AWS credential is not authorized to perform action ec2:CreateSecurityGroup on resource " + "arn:aws:ec2:eu-central-1:123456789101:vpc/vpc-id. Please contact your system administrator to update your AWS policy.");
verify(awsClient).createSecurityTokenService(awsCredentialView, REGION);
verify(awsSecurityTokenService).decodeAuthorizationMessage(requestCaptor.capture());
DecodeAuthorizationMessageRequest request = requestCaptor.getValue();
assertThat(request.getEncodedMessage()).isEqualTo("encoded-message");
}
Also used :
DecodeAuthorizationMessageRequest(com.amazonaws.services.securitytoken.model.DecodeAuthorizationMessageRequest)
Test(org.junit.jupiter.api.Test)
Aggregations
DecodeAuthorizationMessageRequest (com.amazonaws.services.securitytoken.model.DecodeAuthorizationMessageRequest)2
DecodeAuthorizationMessageResult (com.amazonaws.services.securitytoken.model.DecodeAuthorizationMessageResult)1
AmazonSecurityTokenServiceClient (com.sequenceiq.cloudbreak.cloud.aws.common.client.AmazonSecurityTokenServiceClient)1
Json (com.sequenceiq.cloudbreak.common.json.Json)1
Test (org.junit.jupiter.api.Test)1
