use of com.sequenceiq.cloudbreak.cloud.aws.common.client.AmazonKmsClient in project cloudbreak by hortonworks.
the class AwsPlatformResources method encryptionKeys.
@Override
public CloudEncryptionKeys encryptionKeys(ExtendedCloudCredential cloudCredential, Region region, Map<String, String> filters) {
String queryFailedMessage = "Could not get encryption keys from Amazon: ";
CloudEncryptionKeys cloudEncryptionKeys = new CloudEncryptionKeys(new HashSet<>());
AwsCredentialView awsCredentialView = new AwsCredentialView(cloudCredential);
AmazonKmsClient client = awsClient.createAWSKMS(awsCredentialView, region.value());
try {
ListKeysRequest listKeysRequest = new ListKeysRequest();
ListKeysResult listKeysResult = client.listKeys(listKeysRequest);
ListAliasesResult listAliasesResult = client.listAliases(new ListAliasesRequest());
for (AliasListEntry keyListEntry : listAliasesResult.getAliases()) {
try {
listKeysResult.getKeys().stream().filter(item -> item.getKeyId().equals(keyListEntry.getTargetKeyId())).findFirst().ifPresent(item -> {
DescribeKeyRequest describeKeyRequest = new DescribeKeyRequest().withKeyId(item.getKeyId());
DescribeKeyResult describeKeyResult = client.describeKey(describeKeyRequest);
Map<String, Object> meta = new HashMap<>();
meta.put("aWSAccountId", describeKeyResult.getKeyMetadata().getAWSAccountId());
meta.put("creationDate", describeKeyResult.getKeyMetadata().getCreationDate());
meta.put("enabled", describeKeyResult.getKeyMetadata().getEnabled());
meta.put("expirationModel", describeKeyResult.getKeyMetadata().getExpirationModel());
meta.put("keyManager", describeKeyResult.getKeyMetadata().getKeyManager());
meta.put("keyState", describeKeyResult.getKeyMetadata().getKeyState());
meta.put("keyUsage", describeKeyResult.getKeyMetadata().getKeyUsage());
meta.put("origin", describeKeyResult.getKeyMetadata().getOrigin());
meta.put("validTo", describeKeyResult.getKeyMetadata().getValidTo());
if (!CloudConstants.AWS.equalsIgnoreCase(describeKeyResult.getKeyMetadata().getKeyManager())) {
CloudEncryptionKey key = new CloudEncryptionKey(item.getKeyArn(), describeKeyResult.getKeyMetadata().getKeyId(), describeKeyResult.getKeyMetadata().getDescription(), keyListEntry.getAliasName().replace("alias/", ""), meta);
cloudEncryptionKeys.getCloudEncryptionKeys().add(key);
}
});
} catch (AmazonServiceException e) {
if (e.getStatusCode() == UNAUTHORIZED) {
String policyMessage = "Could not get encryption keys because the user does not have enough permission.";
LOGGER.error(policyMessage, e);
} else {
LOGGER.info(queryFailedMessage, e);
}
} catch (Exception e) {
LOGGER.warn(queryFailedMessage, e);
}
}
} catch (AmazonServiceException ase) {
if (ase.getStatusCode() == UNAUTHORIZED) {
String policyMessage = "Could not get encryption keys because the user does not have enough permission.";
LOGGER.error(policyMessage, ase);
throw new CloudUnauthorizedException(policyMessage, ase);
} else {
LOGGER.info(queryFailedMessage, ase);
throw new CloudConnectorException(queryFailedMessage + ase.getMessage(), ase);
}
} catch (Exception e) {
LOGGER.warn(queryFailedMessage, e);
throw new CloudConnectorException(queryFailedMessage + e.getMessage(), e);
}
return cloudEncryptionKeys;
}
Aggregations