Search in sources :

Example 1 with AwsCredentialView

use of com.sequenceiq.cloudbreak.cloud.aws.common.view.AwsCredentialView in project cloudbreak by hortonworks.

the class LoadBalancerRecreatorService method recreate.

@Override
public void recreate(CreateResourcesRequest request, AwsContext awsContext, AuthenticatedContext ac) throws Exception {
    LOGGER.info("Launching elastic load balancers");
    CloudCredential cloudCredential = ac.getCloudCredential();
    String region = ac.getCloudContext().getLocation().getRegion().value();
    AwsCredentialView awsCredentialView = new AwsCredentialView(cloudCredential);
    AmazonElasticLoadBalancingClient elasticLoadBalancingClient = commonAwsClient.createElasticLoadBalancingClient(awsCredentialView, region);
    CloudStack cloudStack = request.getCloudStack();
    loadBalancerLaunchService.launchLoadBalancerResources(ac, cloudStack, persistenceNotifier, elasticLoadBalancingClient, false);
    List<CloudLoadBalancerMetadata> cloudLoadBalancerMetadata = collectLoadBalancerMetadata(ac, ac.getCloudContext().getId());
    Stack stack = stackService.getByIdWithLists(ac.getCloudContext().getId());
    metadataSetupService.saveLoadBalancerMetadata(stack, cloudLoadBalancerMetadata);
}
Also used : AwsCredentialView(com.sequenceiq.cloudbreak.cloud.aws.common.view.AwsCredentialView) AmazonElasticLoadBalancingClient(com.sequenceiq.cloudbreak.cloud.aws.common.client.AmazonElasticLoadBalancingClient) CloudCredential(com.sequenceiq.cloudbreak.cloud.model.CloudCredential) CloudStack(com.sequenceiq.cloudbreak.cloud.model.CloudStack) CloudLoadBalancerMetadata(com.sequenceiq.cloudbreak.cloud.model.CloudLoadBalancerMetadata) Stack(com.sequenceiq.cloudbreak.domain.stack.Stack) CloudStack(com.sequenceiq.cloudbreak.cloud.model.CloudStack)

Example 2 with AwsCredentialView

use of com.sequenceiq.cloudbreak.cloud.aws.common.view.AwsCredentialView in project cloudbreak by hortonworks.

the class AwsCredentialVerifierTest method verifyCredentialAndThrowFailExceptionBecauseOrganizatioRuleTest.

@Test
public void verifyCredentialAndThrowFailExceptionBecauseOrganizatioRuleTest() throws IOException {
    URL url = Resources.getResource("definitions/aws-environment-minimal-policy.json");
    String awsEnvPolicy = Resources.toString(url, Charsets.UTF_8);
    String encodedAwsEnvPolicy = Base64.getEncoder().encodeToString(awsEnvPolicy.getBytes());
    Map<String, Object> awsParameters = new HashMap<>();
    awsParameters.put("accessKey", "a");
    awsParameters.put("secretKey", "b");
    CloudCredential cloudCredential = new CloudCredential("id", "name", awsParameters, "acc", false);
    AmazonIdentityManagementClient amazonIdentityManagement = mock(AmazonIdentityManagementClient.class);
    when(awsClient.createAmazonIdentityManagement(any(AwsCredentialView.class))).thenReturn(amazonIdentityManagement);
    AmazonSecurityTokenServiceClient awsSecurityTokenService = mock(AmazonSecurityTokenServiceClient.class);
    GetCallerIdentityResult getCallerIdentityResult = new GetCallerIdentityResult();
    getCallerIdentityResult.setArn("arn");
    when(awsSecurityTokenService.getCallerIdentity(any(GetCallerIdentityRequest.class))).thenReturn(getCallerIdentityResult);
    when(awsClient.createSecurityTokenService(any(AwsCredentialView.class))).thenReturn(awsSecurityTokenService);
    ArgumentCaptor<SimulatePrincipalPolicyRequest> requestArgumentCaptor = ArgumentCaptor.forClass(SimulatePrincipalPolicyRequest.class);
    AtomicInteger i = new AtomicInteger();
    when(amazonIdentityManagement.simulatePrincipalPolicy(requestArgumentCaptor.capture())).thenAnswer(invocation -> {
        SimulatePrincipalPolicyResult simulatePrincipalPolicyResult = new SimulatePrincipalPolicyResult();
        ArrayList<EvaluationResult> evaluationResults = new ArrayList<>();
        evaluationResults.add(new EvaluationResult().withEvalDecision("deny").withOrganizationsDecisionDetail(new OrganizationsDecisionDetail().withAllowedByOrganizations(true)).withEvalActionName("denied_action1_" + i).withEvalResourceName("aws:ec2"));
        evaluationResults.add(new EvaluationResult().withEvalDecision("deny").withOrganizationsDecisionDetail(new OrganizationsDecisionDetail().withAllowedByOrganizations(false)).withEvalActionName("denied_action2_" + i).withEvalResourceName("aws:ec2"));
        evaluationResults.add(new EvaluationResult().withEvalDecision("deny").withOrganizationsDecisionDetail(new OrganizationsDecisionDetail().withAllowedByOrganizations(false)).withEvalActionName("denied_action3_" + i).withEvalResourceName("aws:ec2"));
        evaluationResults.add(new EvaluationResult().withEvalDecision("accept").withOrganizationsDecisionDetail(new OrganizationsDecisionDetail().withAllowedByOrganizations(true)).withEvalActionName("accepted_action_" + i).withEvalResourceName("*"));
        simulatePrincipalPolicyResult.setEvaluationResults(evaluationResults);
        i.getAndIncrement();
        return simulatePrincipalPolicyResult;
    });
    try {
        awsCredentialVerifier.validateAws(new AwsCredentialView(cloudCredential), encodedAwsEnvPolicy);
        fail("It shoud throw verification exception");
    } catch (AwsPermissionMissingException e) {
        assertThat(e.getMessage(), CoreMatchers.containsString("denied_action1_0 : aws:ec2,"));
        assertThat(e.getMessage(), CoreMatchers.containsString("denied_action2_0 : aws:ec2 -> Denied by Organization Rule,"));
        assertThat(e.getMessage(), CoreMatchers.containsString("denied_action3_0 : aws:ec2 -> Denied by Organization Rule,"));
        assertThat(e.getMessage(), not(CoreMatchers.containsString("accepted_action")));
    }
    List<SimulatePrincipalPolicyRequest> allSimulatePrincipalPolicyRequest = requestArgumentCaptor.getAllValues();
    int simulateRequestNumber = 5;
    assertEquals("expect if " + simulateRequestNumber + " simulate request has been sent", simulateRequestNumber, allSimulatePrincipalPolicyRequest.size());
    allSimulatePrincipalPolicyRequest.forEach(simulatePrincipalPolicyRequest -> assertEquals("arn", simulatePrincipalPolicyRequest.getPolicySourceArn()));
}
Also used : AwsPermissionMissingException(com.sequenceiq.cloudbreak.cloud.aws.common.exception.AwsPermissionMissingException) AmazonIdentityManagementClient(com.sequenceiq.cloudbreak.cloud.aws.common.client.AmazonIdentityManagementClient) HashMap(java.util.HashMap) CloudCredential(com.sequenceiq.cloudbreak.cloud.model.CloudCredential) OrganizationsDecisionDetail(com.amazonaws.services.identitymanagement.model.OrganizationsDecisionDetail) ArrayList(java.util.ArrayList) URL(java.net.URL) EvaluationResult(com.amazonaws.services.identitymanagement.model.EvaluationResult) AwsCredentialView(com.sequenceiq.cloudbreak.cloud.aws.common.view.AwsCredentialView) AtomicInteger(java.util.concurrent.atomic.AtomicInteger) SimulatePrincipalPolicyRequest(com.amazonaws.services.identitymanagement.model.SimulatePrincipalPolicyRequest) GetCallerIdentityRequest(com.amazonaws.services.securitytoken.model.GetCallerIdentityRequest) AmazonSecurityTokenServiceClient(com.sequenceiq.cloudbreak.cloud.aws.common.client.AmazonSecurityTokenServiceClient) SimulatePrincipalPolicyResult(com.amazonaws.services.identitymanagement.model.SimulatePrincipalPolicyResult) GetCallerIdentityResult(com.amazonaws.services.securitytoken.model.GetCallerIdentityResult) Test(org.junit.Test)

Example 3 with AwsCredentialView

use of com.sequenceiq.cloudbreak.cloud.aws.common.view.AwsCredentialView in project cloudbreak by hortonworks.

the class AwsCredentialVerifierTest method verifyCredentialTest.

@Test
public void verifyCredentialTest() throws IOException, AwsPermissionMissingException {
    URL url = Resources.getResource("definitions/aws-environment-minimal-policy.json");
    String awsEnvPolicy = Resources.toString(url, Charsets.UTF_8);
    String encodedAwsEnvPolicy = Base64.getEncoder().encodeToString(awsEnvPolicy.getBytes());
    Map<String, Object> awsParameters = new HashMap<>();
    awsParameters.put("accessKey", "a");
    awsParameters.put("secretKey", "b");
    CloudCredential cloudCredential = new CloudCredential("id", "name", awsParameters, "acc", false);
    AmazonIdentityManagementClient amazonIdentityManagement = mock(AmazonIdentityManagementClient.class);
    when(awsClient.createAmazonIdentityManagement(any(AwsCredentialView.class))).thenReturn(amazonIdentityManagement);
    AmazonSecurityTokenServiceClient awsSecurityTokenService = mock(AmazonSecurityTokenServiceClient.class);
    GetCallerIdentityResult getCallerIdentityResult = new GetCallerIdentityResult();
    getCallerIdentityResult.setArn("arn");
    when(awsSecurityTokenService.getCallerIdentity(any(GetCallerIdentityRequest.class))).thenReturn(getCallerIdentityResult);
    when(awsClient.createSecurityTokenService(any(AwsCredentialView.class))).thenReturn(awsSecurityTokenService);
    ArgumentCaptor<SimulatePrincipalPolicyRequest> requestArgumentCaptor = ArgumentCaptor.forClass(SimulatePrincipalPolicyRequest.class);
    SimulatePrincipalPolicyResult simulatePrincipalPolicyResult = new SimulatePrincipalPolicyResult();
    ArrayList<EvaluationResult> evaluationResults = new ArrayList<>();
    evaluationResults.add(new EvaluationResult().withEvalDecision("accept").withOrganizationsDecisionDetail(new OrganizationsDecisionDetail().withAllowedByOrganizations(true)).withEvalActionName("accepted_action1").withEvalResourceName("aws:ec2"));
    evaluationResults.add(new EvaluationResult().withEvalDecision("accept").withOrganizationsDecisionDetail(new OrganizationsDecisionDetail().withAllowedByOrganizations(true)).withEvalActionName("accepted_action2").withEvalResourceName("aws:ec2"));
    evaluationResults.add(new EvaluationResult().withEvalDecision("accept").withOrganizationsDecisionDetail(new OrganizationsDecisionDetail().withAllowedByOrganizations(true)).withEvalActionName("accepted_action3").withEvalResourceName("aws:ec2"));
    evaluationResults.add(new EvaluationResult().withEvalDecision("accept").withOrganizationsDecisionDetail(new OrganizationsDecisionDetail().withAllowedByOrganizations(true)).withEvalActionName("accepted_action4").withEvalResourceName("*"));
    simulatePrincipalPolicyResult.setEvaluationResults(evaluationResults);
    when(amazonIdentityManagement.simulatePrincipalPolicy(requestArgumentCaptor.capture())).thenReturn(simulatePrincipalPolicyResult);
    awsCredentialVerifier.validateAws(new AwsCredentialView(cloudCredential), encodedAwsEnvPolicy);
}
Also used : AmazonIdentityManagementClient(com.sequenceiq.cloudbreak.cloud.aws.common.client.AmazonIdentityManagementClient) HashMap(java.util.HashMap) CloudCredential(com.sequenceiq.cloudbreak.cloud.model.CloudCredential) OrganizationsDecisionDetail(com.amazonaws.services.identitymanagement.model.OrganizationsDecisionDetail) ArrayList(java.util.ArrayList) URL(java.net.URL) EvaluationResult(com.amazonaws.services.identitymanagement.model.EvaluationResult) AwsCredentialView(com.sequenceiq.cloudbreak.cloud.aws.common.view.AwsCredentialView) SimulatePrincipalPolicyRequest(com.amazonaws.services.identitymanagement.model.SimulatePrincipalPolicyRequest) GetCallerIdentityRequest(com.amazonaws.services.securitytoken.model.GetCallerIdentityRequest) AmazonSecurityTokenServiceClient(com.sequenceiq.cloudbreak.cloud.aws.common.client.AmazonSecurityTokenServiceClient) SimulatePrincipalPolicyResult(com.amazonaws.services.identitymanagement.model.SimulatePrincipalPolicyResult) GetCallerIdentityResult(com.amazonaws.services.securitytoken.model.GetCallerIdentityResult) Test(org.junit.Test)

Example 4 with AwsCredentialView

use of com.sequenceiq.cloudbreak.cloud.aws.common.view.AwsCredentialView in project cloudbreak by hortonworks.

the class AwsAttachmentResourceBuilder method getAmazonEc2Client.

private AmazonEc2Client getAmazonEc2Client(AuthenticatedContext auth) {
    AwsCredentialView credentialView = new AwsCredentialView(auth.getCloudCredential());
    String regionName = auth.getCloudContext().getLocation().getRegion().value();
    return awsClient.createEc2Client(credentialView, regionName);
}
Also used : AwsCredentialView(com.sequenceiq.cloudbreak.cloud.aws.common.view.AwsCredentialView)

Example 5 with AwsCredentialView

use of com.sequenceiq.cloudbreak.cloud.aws.common.view.AwsCredentialView in project cloudbreak by hortonworks.

the class AwsNetworkService method getVpcCidrs.

public List<String> getVpcCidrs(AuthenticatedContext ac, AwsNetworkView awsNetworkView) {
    if (awsNetworkView.isExistingVPC()) {
        String region = ac.getCloudContext().getLocation().getRegion().value();
        AmazonEc2Client ec2Client = awsClient.createEc2Client(new AwsCredentialView(ac.getCloudCredential()), region);
        DescribeVpcsRequest vpcRequest = new DescribeVpcsRequest().withVpcIds(awsNetworkView.getExistingVpc());
        Vpc vpc = ec2Client.describeVpcs(vpcRequest).getVpcs().get(0);
        List<String> cidrBlockAssociationSet = vpc.getCidrBlockAssociationSet().stream().map(VpcCidrBlockAssociation::getCidrBlock).collect(Collectors.toList());
        LOGGER.info("VPC associated CIDR blocks: [{}]", cidrBlockAssociationSet);
        return cidrBlockAssociationSet;
    } else {
        return Collections.emptyList();
    }
}
Also used : AwsCredentialView(com.sequenceiq.cloudbreak.cloud.aws.common.view.AwsCredentialView) DescribeVpcsRequest(com.amazonaws.services.ec2.model.DescribeVpcsRequest) Vpc(com.amazonaws.services.ec2.model.Vpc) AmazonEc2Client(com.sequenceiq.cloudbreak.cloud.aws.common.client.AmazonEc2Client)

Aggregations

AwsCredentialView (com.sequenceiq.cloudbreak.cloud.aws.common.view.AwsCredentialView)94 AmazonEc2Client (com.sequenceiq.cloudbreak.cloud.aws.common.client.AmazonEc2Client)32 CloudConnectorException (com.sequenceiq.cloudbreak.cloud.exception.CloudConnectorException)32 List (java.util.List)25 AmazonServiceException (com.amazonaws.AmazonServiceException)22 AmazonCloudFormationClient (com.sequenceiq.cloudbreak.cloud.aws.client.AmazonCloudFormationClient)21 Logger (org.slf4j.Logger)21 Inject (javax.inject.Inject)20 ArrayList (java.util.ArrayList)19 Collectors (java.util.stream.Collectors)19 CloudInstance (com.sequenceiq.cloudbreak.cloud.model.CloudInstance)18 Group (com.sequenceiq.cloudbreak.cloud.model.Group)18 Set (java.util.Set)18 CloudResource (com.sequenceiq.cloudbreak.cloud.model.CloudResource)17 CloudStack (com.sequenceiq.cloudbreak.cloud.model.CloudStack)17 Map (java.util.Map)16 LoggerFactory (org.slf4j.LoggerFactory)16 AuthenticatedContext (com.sequenceiq.cloudbreak.cloud.context.AuthenticatedContext)15 Service (org.springframework.stereotype.Service)15 AmazonAutoScalingClient (com.sequenceiq.cloudbreak.cloud.aws.client.AmazonAutoScalingClient)14