use of com.sequenceiq.cloudbreak.cloud.aws.common.view.AwsCredentialView in project cloudbreak by hortonworks.
the class LoadBalancerRecreatorService method recreate.
@Override
public void recreate(CreateResourcesRequest request, AwsContext awsContext, AuthenticatedContext ac) throws Exception {
LOGGER.info("Launching elastic load balancers");
CloudCredential cloudCredential = ac.getCloudCredential();
String region = ac.getCloudContext().getLocation().getRegion().value();
AwsCredentialView awsCredentialView = new AwsCredentialView(cloudCredential);
AmazonElasticLoadBalancingClient elasticLoadBalancingClient = commonAwsClient.createElasticLoadBalancingClient(awsCredentialView, region);
CloudStack cloudStack = request.getCloudStack();
loadBalancerLaunchService.launchLoadBalancerResources(ac, cloudStack, persistenceNotifier, elasticLoadBalancingClient, false);
List<CloudLoadBalancerMetadata> cloudLoadBalancerMetadata = collectLoadBalancerMetadata(ac, ac.getCloudContext().getId());
Stack stack = stackService.getByIdWithLists(ac.getCloudContext().getId());
metadataSetupService.saveLoadBalancerMetadata(stack, cloudLoadBalancerMetadata);
}
use of com.sequenceiq.cloudbreak.cloud.aws.common.view.AwsCredentialView in project cloudbreak by hortonworks.
the class AwsCredentialVerifierTest method verifyCredentialAndThrowFailExceptionBecauseOrganizatioRuleTest.
@Test
public void verifyCredentialAndThrowFailExceptionBecauseOrganizatioRuleTest() throws IOException {
URL url = Resources.getResource("definitions/aws-environment-minimal-policy.json");
String awsEnvPolicy = Resources.toString(url, Charsets.UTF_8);
String encodedAwsEnvPolicy = Base64.getEncoder().encodeToString(awsEnvPolicy.getBytes());
Map<String, Object> awsParameters = new HashMap<>();
awsParameters.put("accessKey", "a");
awsParameters.put("secretKey", "b");
CloudCredential cloudCredential = new CloudCredential("id", "name", awsParameters, "acc", false);
AmazonIdentityManagementClient amazonIdentityManagement = mock(AmazonIdentityManagementClient.class);
when(awsClient.createAmazonIdentityManagement(any(AwsCredentialView.class))).thenReturn(amazonIdentityManagement);
AmazonSecurityTokenServiceClient awsSecurityTokenService = mock(AmazonSecurityTokenServiceClient.class);
GetCallerIdentityResult getCallerIdentityResult = new GetCallerIdentityResult();
getCallerIdentityResult.setArn("arn");
when(awsSecurityTokenService.getCallerIdentity(any(GetCallerIdentityRequest.class))).thenReturn(getCallerIdentityResult);
when(awsClient.createSecurityTokenService(any(AwsCredentialView.class))).thenReturn(awsSecurityTokenService);
ArgumentCaptor<SimulatePrincipalPolicyRequest> requestArgumentCaptor = ArgumentCaptor.forClass(SimulatePrincipalPolicyRequest.class);
AtomicInteger i = new AtomicInteger();
when(amazonIdentityManagement.simulatePrincipalPolicy(requestArgumentCaptor.capture())).thenAnswer(invocation -> {
SimulatePrincipalPolicyResult simulatePrincipalPolicyResult = new SimulatePrincipalPolicyResult();
ArrayList<EvaluationResult> evaluationResults = new ArrayList<>();
evaluationResults.add(new EvaluationResult().withEvalDecision("deny").withOrganizationsDecisionDetail(new OrganizationsDecisionDetail().withAllowedByOrganizations(true)).withEvalActionName("denied_action1_" + i).withEvalResourceName("aws:ec2"));
evaluationResults.add(new EvaluationResult().withEvalDecision("deny").withOrganizationsDecisionDetail(new OrganizationsDecisionDetail().withAllowedByOrganizations(false)).withEvalActionName("denied_action2_" + i).withEvalResourceName("aws:ec2"));
evaluationResults.add(new EvaluationResult().withEvalDecision("deny").withOrganizationsDecisionDetail(new OrganizationsDecisionDetail().withAllowedByOrganizations(false)).withEvalActionName("denied_action3_" + i).withEvalResourceName("aws:ec2"));
evaluationResults.add(new EvaluationResult().withEvalDecision("accept").withOrganizationsDecisionDetail(new OrganizationsDecisionDetail().withAllowedByOrganizations(true)).withEvalActionName("accepted_action_" + i).withEvalResourceName("*"));
simulatePrincipalPolicyResult.setEvaluationResults(evaluationResults);
i.getAndIncrement();
return simulatePrincipalPolicyResult;
});
try {
awsCredentialVerifier.validateAws(new AwsCredentialView(cloudCredential), encodedAwsEnvPolicy);
fail("It shoud throw verification exception");
} catch (AwsPermissionMissingException e) {
assertThat(e.getMessage(), CoreMatchers.containsString("denied_action1_0 : aws:ec2,"));
assertThat(e.getMessage(), CoreMatchers.containsString("denied_action2_0 : aws:ec2 -> Denied by Organization Rule,"));
assertThat(e.getMessage(), CoreMatchers.containsString("denied_action3_0 : aws:ec2 -> Denied by Organization Rule,"));
assertThat(e.getMessage(), not(CoreMatchers.containsString("accepted_action")));
}
List<SimulatePrincipalPolicyRequest> allSimulatePrincipalPolicyRequest = requestArgumentCaptor.getAllValues();
int simulateRequestNumber = 5;
assertEquals("expect if " + simulateRequestNumber + " simulate request has been sent", simulateRequestNumber, allSimulatePrincipalPolicyRequest.size());
allSimulatePrincipalPolicyRequest.forEach(simulatePrincipalPolicyRequest -> assertEquals("arn", simulatePrincipalPolicyRequest.getPolicySourceArn()));
}
use of com.sequenceiq.cloudbreak.cloud.aws.common.view.AwsCredentialView in project cloudbreak by hortonworks.
the class AwsCredentialVerifierTest method verifyCredentialTest.
@Test
public void verifyCredentialTest() throws IOException, AwsPermissionMissingException {
URL url = Resources.getResource("definitions/aws-environment-minimal-policy.json");
String awsEnvPolicy = Resources.toString(url, Charsets.UTF_8);
String encodedAwsEnvPolicy = Base64.getEncoder().encodeToString(awsEnvPolicy.getBytes());
Map<String, Object> awsParameters = new HashMap<>();
awsParameters.put("accessKey", "a");
awsParameters.put("secretKey", "b");
CloudCredential cloudCredential = new CloudCredential("id", "name", awsParameters, "acc", false);
AmazonIdentityManagementClient amazonIdentityManagement = mock(AmazonIdentityManagementClient.class);
when(awsClient.createAmazonIdentityManagement(any(AwsCredentialView.class))).thenReturn(amazonIdentityManagement);
AmazonSecurityTokenServiceClient awsSecurityTokenService = mock(AmazonSecurityTokenServiceClient.class);
GetCallerIdentityResult getCallerIdentityResult = new GetCallerIdentityResult();
getCallerIdentityResult.setArn("arn");
when(awsSecurityTokenService.getCallerIdentity(any(GetCallerIdentityRequest.class))).thenReturn(getCallerIdentityResult);
when(awsClient.createSecurityTokenService(any(AwsCredentialView.class))).thenReturn(awsSecurityTokenService);
ArgumentCaptor<SimulatePrincipalPolicyRequest> requestArgumentCaptor = ArgumentCaptor.forClass(SimulatePrincipalPolicyRequest.class);
SimulatePrincipalPolicyResult simulatePrincipalPolicyResult = new SimulatePrincipalPolicyResult();
ArrayList<EvaluationResult> evaluationResults = new ArrayList<>();
evaluationResults.add(new EvaluationResult().withEvalDecision("accept").withOrganizationsDecisionDetail(new OrganizationsDecisionDetail().withAllowedByOrganizations(true)).withEvalActionName("accepted_action1").withEvalResourceName("aws:ec2"));
evaluationResults.add(new EvaluationResult().withEvalDecision("accept").withOrganizationsDecisionDetail(new OrganizationsDecisionDetail().withAllowedByOrganizations(true)).withEvalActionName("accepted_action2").withEvalResourceName("aws:ec2"));
evaluationResults.add(new EvaluationResult().withEvalDecision("accept").withOrganizationsDecisionDetail(new OrganizationsDecisionDetail().withAllowedByOrganizations(true)).withEvalActionName("accepted_action3").withEvalResourceName("aws:ec2"));
evaluationResults.add(new EvaluationResult().withEvalDecision("accept").withOrganizationsDecisionDetail(new OrganizationsDecisionDetail().withAllowedByOrganizations(true)).withEvalActionName("accepted_action4").withEvalResourceName("*"));
simulatePrincipalPolicyResult.setEvaluationResults(evaluationResults);
when(amazonIdentityManagement.simulatePrincipalPolicy(requestArgumentCaptor.capture())).thenReturn(simulatePrincipalPolicyResult);
awsCredentialVerifier.validateAws(new AwsCredentialView(cloudCredential), encodedAwsEnvPolicy);
}
use of com.sequenceiq.cloudbreak.cloud.aws.common.view.AwsCredentialView in project cloudbreak by hortonworks.
the class AwsAttachmentResourceBuilder method getAmazonEc2Client.
private AmazonEc2Client getAmazonEc2Client(AuthenticatedContext auth) {
AwsCredentialView credentialView = new AwsCredentialView(auth.getCloudCredential());
String regionName = auth.getCloudContext().getLocation().getRegion().value();
return awsClient.createEc2Client(credentialView, regionName);
}
use of com.sequenceiq.cloudbreak.cloud.aws.common.view.AwsCredentialView in project cloudbreak by hortonworks.
the class AwsNetworkService method getVpcCidrs.
public List<String> getVpcCidrs(AuthenticatedContext ac, AwsNetworkView awsNetworkView) {
if (awsNetworkView.isExistingVPC()) {
String region = ac.getCloudContext().getLocation().getRegion().value();
AmazonEc2Client ec2Client = awsClient.createEc2Client(new AwsCredentialView(ac.getCloudCredential()), region);
DescribeVpcsRequest vpcRequest = new DescribeVpcsRequest().withVpcIds(awsNetworkView.getExistingVpc());
Vpc vpc = ec2Client.describeVpcs(vpcRequest).getVpcs().get(0);
List<String> cidrBlockAssociationSet = vpc.getCidrBlockAssociationSet().stream().map(VpcCidrBlockAssociation::getCidrBlock).collect(Collectors.toList());
LOGGER.info("VPC associated CIDR blocks: [{}]", cidrBlockAssociationSet);
return cidrBlockAssociationSet;
} else {
return Collections.emptyList();
}
}
Aggregations