Examples with SecretException com.netflix.spinnaker.kork.secrets.SecretException used on opensource projects

Example 1 with SecretException

use of com.netflix.spinnaker.kork.secrets.SecretException in project kork by spinnaker.

the class SecretsManagerSecretEngine method getSecretString.

private byte[] getSecretString(String secretRegion, String secretName, String secretKey) {
    if (!cache.containsKey(secretName)) {
        String secretString = getSecretValue(secretRegion, secretName).getSecretString();
        try {
            Map<String, String> map = mapper.readValue(secretString, Map.class);
            cache.put(secretName, map);
        } catch (JsonProcessingException | IllegalArgumentException e) {
            throw new SecretException(String.format("Failed to parse secret when using AWS Secrets Manager to fetch: [secretName: %s, secretRegion: %s, secretKey: %s]", secretName, secretRegion, secretKey), e);
        }
    }
    return Optional.ofNullable(cache.get(secretName).get(secretKey)).orElseThrow(() -> new SecretException(String.format("Specified key not found in AWS Secrets Manager: [secretName: %s, secretRegion: %s, secretKey: %s]", secretName, secretRegion, secretKey))).getBytes();
}

Example 2 with SecretException

use of com.netflix.spinnaker.kork.secrets.SecretException in project kork by spinnaker.

the class GcsSecretEngine method downloadRemoteFile.

@Override
protected InputStream downloadRemoteFile(EncryptedSecret encryptedSecret) {
    String bucket = encryptedSecret.getParams().get(STORAGE_BUCKET);
    String objName = encryptedSecret.getParams().get(STORAGE_FILE_URI);
    log.info("Getting contents of object {} from bucket {}", objName, bucket);
    try {
        Storage storage = getStorage();
        return storage.objects().get(bucket, objName).executeMediaAsInputStream();
    } catch (IOException e) {
        throw new SecretException(String.format("Error reading contents of GCS. Bucket: %s, Object: %s.\nError: %s", bucket, objName, e.toString()));
    }
}

Example 3 with SecretException

use of com.netflix.spinnaker.kork.secrets.SecretException in project kork by spinnaker.

the class S3SecretEngine method downloadRemoteFile.

@Override
protected InputStream downloadRemoteFile(EncryptedSecret encryptedSecret) throws IOException {
    String region = encryptedSecret.getParams().get(STORAGE_REGION);
    String bucket = encryptedSecret.getParams().get(STORAGE_BUCKET);
    String objName = encryptedSecret.getParams().get(STORAGE_FILE_URI);
    AmazonS3ClientBuilder s3ClientBuilder = AmazonS3ClientBuilder.standard();
    if (this.s3ConfigurationProperties.isPresent()) {
        S3ConfigurationProperties s3ConfigurationProperties = this.s3ConfigurationProperties.get();
        if (!StringUtils.isBlank(s3ConfigurationProperties.getEndpointUrl())) {
            s3ClientBuilder.setEndpointConfiguration(new AwsClientBuilder.EndpointConfiguration(s3ConfigurationProperties.getEndpointUrl(), region));
            s3ClientBuilder.setPathStyleAccessEnabled(s3ConfigurationProperties.isPathStyleAccessEnabled());
        } else {
            throw new SecretException(String.format("Endpoint not found in properties: s3.secret.endpoint-url"));
        }
    } else {
        s3ClientBuilder = s3ClientBuilder.withRegion(region);
    }
    AmazonS3 s3Client = s3ClientBuilder.build();
    try {
        if (!s3Client.doesBucketExistV2(bucket)) {
            throw new SecretException(String.format("S3 Bucket does not exist. Bucket: %s, Region: %s", bucket, region));
        }
        S3Object s3Object = s3Client.getObject(bucket, objName);
        return s3Object.getObjectContent();
    } catch (AmazonS3Exception ex) {
        StringBuilder sb = new StringBuilder("Error reading contents of S3 -- ");
        if (403 == ex.getStatusCode()) {
            sb.append(String.format("Unauthorized access. Check connectivity and permissions to the bucket. -- Bucket: %s, Object: %s, Region: %s.\n" + "Error: %s ", bucket, objName, region, ex.toString()));
        } else if (404 == ex.getStatusCode()) {
            sb.append(String.format("Not found. Does secret file exist? -- Bucket: %s, Object: %s, Region: %s.\nError: %s", bucket, objName, region, ex.toString()));
        } else {
            sb.append(String.format("Error: %s", ex.toString()));
        }
        throw new SecretException(sb.toString(), ex);
    } catch (AmazonClientException ex) {
        throw new SecretException(String.format("Error reading contents of S3. Bucket: %s, Object: %s, Region: %s.\nError: %s", bucket, objName, region, ex.toString()), ex);
    }
}

Example 4 with SecretException

use of com.netflix.spinnaker.kork.secrets.SecretException in project kork by spinnaker.

the class SecretsManagerSecretEngine method getSecretValue.

protected GetSecretValueResult getSecretValue(String secretRegion, String secretName) {
    AWSSecretsManager client = AWSSecretsManagerClientBuilder.standard().withRegion(secretRegion).build();
    GetSecretValueRequest getSecretValueRequest = new GetSecretValueRequest().withSecretId(secretName);
    try {
        return client.getSecretValue(getSecretValueRequest);
    } catch (AWSSecretsManagerException e) {
        throw new SecretException(String.format("An error occurred when using AWS Secrets Manager to fetch: [secretName: %s, secretRegion: %s]", secretName, secretRegion), e);
    }
}