Examples with AwsConfusedDeputyException com.sequenceiq.cloudbreak.cloud.aws.common.exception.AwsConfusedDeputyException used on opensource projects

Search in sources :

Example 1 with AwsConfusedDeputyException

use of com.sequenceiq.cloudbreak.cloud.aws.common.exception.AwsConfusedDeputyException in project cloudbreak by hortonworks.

the class AwsCredentialConnectorTest method testVerifyByServiceIfRoleBasedCredentialVerificationThrowsAwsConfusedDeputyExceptionThenFailed503StatusShouldReturn.

@Test
public void testVerifyByServiceIfRoleBasedCredentialVerificationThrowsAwsConfusedDeputyExceptionThenFailed503StatusShouldReturn() throws IOException {
    URL url = Resources.getResource("definitions/aws-environment-minimal-policy.json");
    String awsEnvPolicy = Resources.toString(url, UTF_8);
    String encodedAwsEnvPolicy = Base64.getEncoder().encodeToString(awsEnvPolicy.getBytes());
    List<String> services = List.of("ml");
    Map<String, String> experiencePrerequisites = Map.of("ml", encodedAwsEnvPolicy);
    String roleArn = "someRoleArn";
    when(credentialView.getRoleArn()).thenReturn(roleArn);
    String exceptionMessageComesFromSdk = "Unable to verify credential: check if the role 'someRoleArn' exists " + "and it's created with the correct external ID. Cause: 'SomethingTerribleHappened!!";
    Exception sdkException = new AwsConfusedDeputyException("SomethingTerribleHappened");
    when(awsPlatformParameters.getEnvironmentMinimalPoliciesJson()).thenReturn(Map.of(PolicyType.PUBLIC, encodedAwsEnvPolicy, PolicyType.GOV, encodedAwsEnvPolicy));
    when(credentialClient.retrieveSessionCredentials(any())).thenThrow(sdkException);
    CDPServicePolicyVerificationResponses result = underTest.verifyByServices(authenticatedContext, services, experiencePrerequisites);
    assertNotNull(result);
    assertEquals(result.getResults().size(), 1);
    assertEquals(result.getResults().stream().findFirst().get().getServiceName(), "ml");
    assertEquals(result.getResults().stream().findFirst().get().getServiceStatus(), "SomethingTerribleHappened");
    assertEquals(result.getResults().stream().findFirst().get().getStatusCode(), 503);
}
Also used : CDPServicePolicyVerificationResponses(com.sequenceiq.cloudbreak.cloud.model.CDPServicePolicyVerificationResponses) AwsConfusedDeputyException(com.sequenceiq.cloudbreak.cloud.aws.common.exception.AwsConfusedDeputyException) URL(java.net.URL) SdkBaseException(com.amazonaws.SdkBaseException) AwsPermissionMissingException(com.sequenceiq.cloudbreak.cloud.aws.common.exception.AwsPermissionMissingException) ExpectedException(org.junit.rules.ExpectedException) IOException(java.io.IOException) AwsConfusedDeputyException(com.sequenceiq.cloudbreak.cloud.aws.common.exception.AwsConfusedDeputyException) AmazonClientException(com.amazonaws.AmazonClientException) Test(org.junit.Test)

Example 2 with AwsConfusedDeputyException

use of com.sequenceiq.cloudbreak.cloud.aws.common.exception.AwsConfusedDeputyException in project cloudbreak by hortonworks.

the class AwsCredentialConnector method verifyIamRoleIsAssumable.

private CDPServicePolicyVerificationResponses verifyIamRoleIsAssumable(CloudCredential cloudCredential, List<String> services, Map<String, String> experiencePrerequisites) {
    AwsCredentialView awsCredential = credentialViewProvider.createAwsCredentialView(cloudCredential);
    CDPServicePolicyVerificationResponses credentialStatus;
    Map<String, String> servicesWithPolicies = new HashMap<>();
    services.forEach(service -> experiencePrerequisites.keySet().stream().filter(AwsCredentialConnector::isPolicyServiceMatchesForName).findFirst().ifPresent(policyKey -> servicesWithPolicies.put(service, experiencePrerequisites.get(policyKey))));
    try {
        credentialClient.retrieveSessionCredentials(awsCredential);
        credentialStatus = verifyCredentialsPermission(awsCredential, servicesWithPolicies);
    } catch (AmazonClientException ae) {
        String errorMessage = getErrorMessageForAwsClientException(awsCredential, ae);
        LOGGER.warn(errorMessage, ae);
        credentialStatus = new CDPServicePolicyVerificationResponses(getServiceStatus(services, errorMessage));
    } catch (AwsConfusedDeputyException confusedDeputyEx) {
        credentialStatus = new CDPServicePolicyVerificationResponses(getServiceStatus(services, confusedDeputyEx.getMessage()));
    } catch (RuntimeException e) {
        String errorMessage = String.format("Unable to verify credential: check if the role '%s' exists and it's created with the correct external ID. " + "Cause: '%s'", awsCredential.getRoleArn(), e.getMessage());
        LOGGER.warn(errorMessage, e);
        credentialStatus = new CDPServicePolicyVerificationResponses(getServiceStatus(services, errorMessage));
    }
    return credentialStatus;
}
Also used : AwsCredentialView(com.sequenceiq.cloudbreak.cloud.aws.common.view.AwsCredentialView) CDPServicePolicyVerificationResponse(com.sequenceiq.cloudbreak.cloud.model.CDPServicePolicyVerificationResponse) CloudContext(com.sequenceiq.cloudbreak.cloud.context.CloudContext) LoggerFactory(org.slf4j.LoggerFactory) HashMap(java.util.HashMap) StringUtils(org.apache.commons.lang3.StringUtils) StringUtils.isNotEmpty(org.apache.commons.lang3.StringUtils.isNotEmpty) AwsPermissionMissingException(com.sequenceiq.cloudbreak.cloud.aws.common.exception.AwsPermissionMissingException) HashSet(java.util.HashSet) Inject(javax.inject.Inject) Value(org.springframework.beans.factory.annotation.Value) Strings(com.google.common.base.Strings) AwsCredentialViewProvider(com.sequenceiq.cloudbreak.cloud.aws.common.view.AwsCredentialViewProvider) StringUtils.isNoneEmpty(org.apache.commons.lang3.StringUtils.isNoneEmpty) AwsCredentialView(com.sequenceiq.cloudbreak.cloud.aws.common.view.AwsCredentialView) AuthenticatedContext(com.sequenceiq.cloudbreak.cloud.context.AuthenticatedContext) Service(org.springframework.stereotype.Service) Map(java.util.Map) CredentialPrerequisitesResponse(com.sequenceiq.cloudbreak.cloud.response.CredentialPrerequisitesResponse) CredentialType(com.sequenceiq.common.model.CredentialType) StringUtils.isEmpty(org.apache.commons.lang3.StringUtils.isEmpty) CDPServicePolicyVerificationResponses(com.sequenceiq.cloudbreak.cloud.model.CDPServicePolicyVerificationResponses) Logger(org.slf4j.Logger) CredentialVerificationContext(com.sequenceiq.cloudbreak.cloud.model.credential.CredentialVerificationContext) Set(java.util.Set) AwsCredentialPrerequisites(com.sequenceiq.cloudbreak.cloud.response.AwsCredentialPrerequisites) CloudCredential(com.sequenceiq.cloudbreak.cloud.model.CloudCredential) CredentialStatus(com.sequenceiq.cloudbreak.cloud.model.CredentialStatus) CredentialConnector(com.sequenceiq.cloudbreak.cloud.CredentialConnector) AwsConfusedDeputyException(com.sequenceiq.cloudbreak.cloud.aws.common.exception.AwsConfusedDeputyException) PERMISSIONS_MISSING(com.sequenceiq.cloudbreak.cloud.model.CredentialStatus.PERMISSIONS_MISSING) List(java.util.List) CloudCredentialStatus(com.sequenceiq.cloudbreak.cloud.model.CloudCredentialStatus) PolicyServiceName(com.sequenceiq.cloudbreak.experience.PolicyServiceName) AmazonClientException(com.amazonaws.AmazonClientException) HashMap(java.util.HashMap) AmazonClientException(com.amazonaws.AmazonClientException) CDPServicePolicyVerificationResponses(com.sequenceiq.cloudbreak.cloud.model.CDPServicePolicyVerificationResponses) AwsConfusedDeputyException(com.sequenceiq.cloudbreak.cloud.aws.common.exception.AwsConfusedDeputyException)

Example 3 with AwsConfusedDeputyException

use of com.sequenceiq.cloudbreak.cloud.aws.common.exception.AwsConfusedDeputyException in project cloudbreak by hortonworks.

the class AwsCredentialConnectorTest method testVerifyByServiceIfRoleBasedCredentialVerificationThrowsSdkBaseExceptionThenFailedStatusShouldReturn.

@Test
public void testVerifyByServiceIfRoleBasedCredentialVerificationThrowsSdkBaseExceptionThenFailedStatusShouldReturn() throws IOException {
    URL url = Resources.getResource("definitions/aws-environment-minimal-policy.json");
    String awsEnvPolicy = Resources.toString(url, UTF_8);
    String encodedAwsEnvPolicy = Base64.getEncoder().encodeToString(awsEnvPolicy.getBytes());
    List<String> services = List.of("ml");
    Map<String, String> experiencePrerequisites = Map.of("ml", encodedAwsEnvPolicy);
    String roleArn = "someRoleArn";
    when(credentialView.getRoleArn()).thenReturn(roleArn);
    String exceptionMessageComesFromSdk = "Unable to verify credential: check if the role 'someRoleArn' exists " + "and it's created with the correct external ID. Cause: 'SomethingTerribleHappened!!";
    Exception sdkException = new AwsConfusedDeputyException("SomethingTerribleHappened");
    when(awsPlatformParameters.getEnvironmentMinimalPoliciesJson()).thenReturn(Map.of(PolicyType.PUBLIC, encodedAwsEnvPolicy, PolicyType.GOV, encodedAwsEnvPolicy));
    when(credentialClient.retrieveSessionCredentials(any())).thenThrow(sdkException);
    CDPServicePolicyVerificationResponses result = underTest.verifyByServices(authenticatedContext, services, experiencePrerequisites);
    assertNotNull(result);
    assertEquals(result.getResults().size(), 1);
    assertEquals(result.getResults().stream().findFirst().get().getServiceName(), "ml");
    assertEquals(result.getResults().stream().findFirst().get().getServiceStatus(), "SomethingTerribleHappened");
    assertEquals(result.getResults().stream().findFirst().get().getStatusCode(), 503);
}
Also used : CDPServicePolicyVerificationResponses(com.sequenceiq.cloudbreak.cloud.model.CDPServicePolicyVerificationResponses) AwsConfusedDeputyException(com.sequenceiq.cloudbreak.cloud.aws.common.exception.AwsConfusedDeputyException) URL(java.net.URL) SdkBaseException(com.amazonaws.SdkBaseException) AwsPermissionMissingException(com.sequenceiq.cloudbreak.cloud.aws.common.exception.AwsPermissionMissingException) ExpectedException(org.junit.rules.ExpectedException) IOException(java.io.IOException) AwsConfusedDeputyException(com.sequenceiq.cloudbreak.cloud.aws.common.exception.AwsConfusedDeputyException) AmazonClientException(com.amazonaws.AmazonClientException) Test(org.junit.Test)

Example 4 with AwsConfusedDeputyException

use of com.sequenceiq.cloudbreak.cloud.aws.common.exception.AwsConfusedDeputyException in project cloudbreak by hortonworks.

the class AwsCredentialConnectorTest method testInternalAlternativeLookupShouldWorkFine.

@Test
public void testInternalAlternativeLookupShouldWorkFine() throws IOException {
    String awsEnvPolicy = Resources.toString(Resources.getResource("definitions/aws-environment-minimal-policy.json"), UTF_8);
    String encodedAwsEnvPolicy = Base64.getEncoder().encodeToString(awsEnvPolicy.getBytes());
    String service = MLX.getInternalAlternatives().stream().findFirst().get();
    List<String> services = List.of(service);
    Map<String, String> experiencePrerequisites = Map.of(MLX.getPublicName(), encodedAwsEnvPolicy);
    when(credentialView.getRoleArn()).thenReturn("someRoleArn");
    Exception sdkException = new AwsConfusedDeputyException("SomethingTerribleHappened");
    when(awsPlatformParameters.getEnvironmentMinimalPoliciesJson()).thenReturn(Map.of(PolicyType.PUBLIC, encodedAwsEnvPolicy, PolicyType.GOV, encodedAwsEnvPolicy));
    when(credentialClient.retrieveSessionCredentials(any())).thenThrow(sdkException);
    CDPServicePolicyVerificationResponses result = underTest.verifyByServices(authenticatedContext, services, experiencePrerequisites);
    assertNotNull(result);
    assertEquals(result.getResults().size(), 1);
    assertEquals(result.getResults().stream().findFirst().get().getServiceName(), service);
    assertEquals(result.getResults().stream().findFirst().get().getServiceStatus(), "SomethingTerribleHappened");
    assertEquals(result.getResults().stream().findFirst().get().getStatusCode(), 503);
}
Also used : CDPServicePolicyVerificationResponses(com.sequenceiq.cloudbreak.cloud.model.CDPServicePolicyVerificationResponses) AwsConfusedDeputyException(com.sequenceiq.cloudbreak.cloud.aws.common.exception.AwsConfusedDeputyException) SdkBaseException(com.amazonaws.SdkBaseException) AwsPermissionMissingException(com.sequenceiq.cloudbreak.cloud.aws.common.exception.AwsPermissionMissingException) ExpectedException(org.junit.rules.ExpectedException) IOException(java.io.IOException) AwsConfusedDeputyException(com.sequenceiq.cloudbreak.cloud.aws.common.exception.AwsConfusedDeputyException) AmazonClientException(com.amazonaws.AmazonClientException) Test(org.junit.Test)

Example 5 with AwsConfusedDeputyException

use of com.sequenceiq.cloudbreak.cloud.aws.common.exception.AwsConfusedDeputyException in project cloudbreak by hortonworks.

the class AwsCredentialConnector method verifyIamRoleIsAssumable.

private CloudCredentialStatus verifyIamRoleIsAssumable(CloudCredential cloudCredential, CredentialVerificationContext credentialVerificationContext) {
    AwsCredentialView awsCredential = credentialViewProvider.createAwsCredentialView(cloudCredential);
    CloudCredentialStatus credentialStatus = new CloudCredentialStatus(cloudCredential, CredentialStatus.VERIFIED);
    try {
        credentialClient.retrieveSessionCredentials(awsCredential);
        checkRoleIsAssumableWithoutExternalId(credentialVerificationContext, awsCredential);
        credentialStatus = verifyCredentialsPermission(cloudCredential, awsCredential, credentialStatus);
        credentialStatus = determineDefaultRegion(cloudCredential, credentialStatus);
    } catch (AmazonClientException ae) {
        String errorMessage = getErrorMessageForAwsClientException(awsCredential, ae);
        LOGGER.warn(errorMessage, ae);
        credentialStatus = new CloudCredentialStatus(cloudCredential, CredentialStatus.FAILED, ae, errorMessage);
    } catch (AwsConfusedDeputyException confusedDeputyEx) {
        credentialStatus = new CloudCredentialStatus(cloudCredential, CredentialStatus.FAILED, confusedDeputyEx, confusedDeputyEx.getMessage());
    } catch (RuntimeException e) {
        String errorMessage = String.format("Unable to verify credential: check if the role '%s' exists and it's created with the correct external ID. " + "Cause: '%s'", awsCredential.getRoleArn(), e.getMessage());
        LOGGER.warn(errorMessage, e);
        credentialStatus = new CloudCredentialStatus(cloudCredential, CredentialStatus.FAILED, e, errorMessage);
    }
    return credentialStatus;
}
Also used : AwsCredentialView(com.sequenceiq.cloudbreak.cloud.aws.common.view.AwsCredentialView) AmazonClientException(com.amazonaws.AmazonClientException) AwsConfusedDeputyException(com.sequenceiq.cloudbreak.cloud.aws.common.exception.AwsConfusedDeputyException) CloudCredentialStatus(com.sequenceiq.cloudbreak.cloud.model.CloudCredentialStatus)

Aggregations

AmazonClientException (com.amazonaws.AmazonClientException)5 AwsConfusedDeputyException (com.sequenceiq.cloudbreak.cloud.aws.common.exception.AwsConfusedDeputyException)5 AwsPermissionMissingException (com.sequenceiq.cloudbreak.cloud.aws.common.exception.AwsPermissionMissingException)4 CDPServicePolicyVerificationResponses (com.sequenceiq.cloudbreak.cloud.model.CDPServicePolicyVerificationResponses)4 SdkBaseException (com.amazonaws.SdkBaseException)3 IOException (java.io.IOException)3 Test (org.junit.Test)3 ExpectedException (org.junit.rules.ExpectedException)3 AwsCredentialView (com.sequenceiq.cloudbreak.cloud.aws.common.view.AwsCredentialView)2 CloudCredentialStatus (com.sequenceiq.cloudbreak.cloud.model.CloudCredentialStatus)2 URL (java.net.URL)2 Strings (com.google.common.base.Strings)1 CredentialConnector (com.sequenceiq.cloudbreak.cloud.CredentialConnector)1 AwsCredentialViewProvider (com.sequenceiq.cloudbreak.cloud.aws.common.view.AwsCredentialViewProvider)1 AuthenticatedContext (com.sequenceiq.cloudbreak.cloud.context.AuthenticatedContext)1 CloudContext (com.sequenceiq.cloudbreak.cloud.context.CloudContext)1 CDPServicePolicyVerificationResponse (com.sequenceiq.cloudbreak.cloud.model.CDPServicePolicyVerificationResponse)1 CloudCredential (com.sequenceiq.cloudbreak.cloud.model.CloudCredential)1 CredentialStatus (com.sequenceiq.cloudbreak.cloud.model.CredentialStatus)1 PERMISSIONS_MISSING (com.sequenceiq.cloudbreak.cloud.model.CredentialStatus.PERMISSIONS_MISSING)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial