Example 51 with AwsCredentialView
use of com.sequenceiq.cloudbreak.cloud.aws.common.view.AwsCredentialView in project cloudbreak by hortonworks.
the class AwsPlatformResources method encryptionKeys.
@Override
public CloudEncryptionKeys encryptionKeys(ExtendedCloudCredential cloudCredential, Region region, Map<String, String> filters) {
String queryFailedMessage = "Could not get encryption keys from Amazon: ";
CloudEncryptionKeys cloudEncryptionKeys = new CloudEncryptionKeys(new HashSet<>());
AwsCredentialView awsCredentialView = new AwsCredentialView(cloudCredential);
AmazonKmsClient client = awsClient.createAWSKMS(awsCredentialView, region.value());
try {
ListKeysRequest listKeysRequest = new ListKeysRequest();
ListKeysResult listKeysResult = client.listKeys(listKeysRequest);
ListAliasesResult listAliasesResult = client.listAliases(new ListAliasesRequest());
for (AliasListEntry keyListEntry : listAliasesResult.getAliases()) {
try {
listKeysResult.getKeys().stream().filter(item -> item.getKeyId().equals(keyListEntry.getTargetKeyId())).findFirst().ifPresent(item -> {
DescribeKeyRequest describeKeyRequest = new DescribeKeyRequest().withKeyId(item.getKeyId());
DescribeKeyResult describeKeyResult = client.describeKey(describeKeyRequest);
Map<String, Object> meta = new HashMap<>();
meta.put("aWSAccountId", describeKeyResult.getKeyMetadata().getAWSAccountId());
meta.put("creationDate", describeKeyResult.getKeyMetadata().getCreationDate());
meta.put("enabled", describeKeyResult.getKeyMetadata().getEnabled());
meta.put("expirationModel", describeKeyResult.getKeyMetadata().getExpirationModel());
meta.put("keyManager", describeKeyResult.getKeyMetadata().getKeyManager());
meta.put("keyState", describeKeyResult.getKeyMetadata().getKeyState());
meta.put("keyUsage", describeKeyResult.getKeyMetadata().getKeyUsage());
meta.put("origin", describeKeyResult.getKeyMetadata().getOrigin());
meta.put("validTo", describeKeyResult.getKeyMetadata().getValidTo());
if (!CloudConstants.AWS.equalsIgnoreCase(describeKeyResult.getKeyMetadata().getKeyManager())) {
CloudEncryptionKey key = new CloudEncryptionKey(item.getKeyArn(), describeKeyResult.getKeyMetadata().getKeyId(), describeKeyResult.getKeyMetadata().getDescription(), keyListEntry.getAliasName().replace("alias/", ""), meta);
cloudEncryptionKeys.getCloudEncryptionKeys().add(key);
}
});
} catch (AmazonServiceException e) {
if (e.getStatusCode() == UNAUTHORIZED) {
String policyMessage = "Could not get encryption keys because the user does not have enough permission.";
LOGGER.error(policyMessage, e);
} else {
LOGGER.info(queryFailedMessage, e);
}
} catch (Exception e) {
LOGGER.warn(queryFailedMessage, e);
}
}
} catch (AmazonServiceException ase) {
if (ase.getStatusCode() == UNAUTHORIZED) {
String policyMessage = "Could not get encryption keys because the user does not have enough permission.";
LOGGER.error(policyMessage, ase);
throw new CloudUnauthorizedException(policyMessage, ase);
} else {
LOGGER.info(queryFailedMessage, ase);
throw new CloudConnectorException(queryFailedMessage + ase.getMessage(), ase);
}
} catch (Exception e) {
LOGGER.warn(queryFailedMessage, e);
throw new CloudConnectorException(queryFailedMessage + e.getMessage(), e);
}
return cloudEncryptionKeys;
}
Also used :
ListAliasesResult(com.amazonaws.services.kms.model.ListAliasesResult)
AliasListEntry(com.amazonaws.services.kms.model.AliasListEntry)
AmazonKmsClient(com.sequenceiq.cloudbreak.cloud.aws.common.client.AmazonKmsClient)
HashMap(java.util.HashMap)
CloudConnectorException(com.sequenceiq.cloudbreak.cloud.exception.CloudConnectorException)
DescribeKeyRequest(com.amazonaws.services.kms.model.DescribeKeyRequest)
ListKeysRequest(com.amazonaws.services.kms.model.ListKeysRequest)
CloudEncryptionKeys(com.sequenceiq.cloudbreak.cloud.model.CloudEncryptionKeys)
CloudUnauthorizedException(com.sequenceiq.cloudbreak.cloud.exception.CloudUnauthorizedException)
AmazonServiceException(com.amazonaws.AmazonServiceException)
CloudConnectorException(com.sequenceiq.cloudbreak.cloud.exception.CloudConnectorException)
IOException(java.io.IOException)
SdkClientException(com.amazonaws.SdkClientException)
AmazonEC2Exception(com.amazonaws.services.ec2.model.AmazonEC2Exception)
PermanentlyFailedException(com.sequenceiq.cloudbreak.util.PermanentlyFailedException)
AwsCredentialView(com.sequenceiq.cloudbreak.cloud.aws.common.view.AwsCredentialView)
CloudEncryptionKey(com.sequenceiq.cloudbreak.cloud.model.CloudEncryptionKey)
DescribeKeyResult(com.amazonaws.services.kms.model.DescribeKeyResult)
AmazonServiceException(com.amazonaws.AmazonServiceException)
ListKeysResult(com.amazonaws.services.kms.model.ListKeysResult)
ListAliasesRequest(com.amazonaws.services.kms.model.ListAliasesRequest)
CloudUnauthorizedException(com.sequenceiq.cloudbreak.cloud.exception.CloudUnauthorizedException)
Example 52 with AwsCredentialView
use of com.sequenceiq.cloudbreak.cloud.aws.common.view.AwsCredentialView in project cloudbreak by hortonworks.
the class AwsPlatformResources method sshKeys.
@Override
public CloudSshKeys sshKeys(ExtendedCloudCredential cloudCredential, Region region, Map<String, String> filters) {
Map<String, Set<CloudSshKey>> result = new HashMap<>();
if (region != null && !Strings.isNullOrEmpty(region.value())) {
CloudRegions regions = regions(cloudCredential, region, new HashMap<>(), true);
for (Region actualRegion : regions.getCloudRegions().keySet()) {
// If region is provided then should filter for those region
if (regionMatch(actualRegion, region)) {
Set<CloudSshKey> cloudSshKeys = new HashSet<>();
AmazonEc2Client ec2Client = awsClient.createEc2Client(new AwsCredentialView(cloudCredential), actualRegion.value());
// create sshkey filter view
PlatformResourceSshKeyFilterView filter = new PlatformResourceSshKeyFilterView(filters);
DescribeKeyPairsRequest describeKeyPairsRequest = new DescribeKeyPairsRequest();
// If the filtervalue is provided then we should filter only for those securitygroups
if (!Strings.isNullOrEmpty(filter.getKeyName())) {
describeKeyPairsRequest.withKeyNames(filter.getKeyName());
}
for (KeyPairInfo keyPairInfo : ec2Client.describeKeyPairs(describeKeyPairsRequest).getKeyPairs()) {
Map<String, Object> properties = new HashMap<>();
properties.put("fingerPrint", keyPairInfo.getKeyFingerprint());
cloudSshKeys.add(new CloudSshKey(keyPairInfo.getKeyName(), properties));
}
result.put(actualRegion.value(), cloudSshKeys);
}
}
}
return new CloudSshKeys(result);
}
Also used :
PlatformResourceSshKeyFilterView(com.sequenceiq.cloudbreak.cloud.model.view.PlatformResourceSshKeyFilterView)
Set(java.util.Set)
LinkedHashSet(java.util.LinkedHashSet)
HashSet(java.util.HashSet)
DescribeKeyPairsRequest(com.amazonaws.services.ec2.model.DescribeKeyPairsRequest)
KeyPairInfo(com.amazonaws.services.ec2.model.KeyPairInfo)
HashMap(java.util.HashMap)
CloudRegions(com.sequenceiq.cloudbreak.cloud.model.CloudRegions)
CloudSshKeys(com.sequenceiq.cloudbreak.cloud.model.CloudSshKeys)
CloudSshKey(com.sequenceiq.cloudbreak.cloud.model.CloudSshKey)
AwsCredentialView(com.sequenceiq.cloudbreak.cloud.aws.common.view.AwsCredentialView)
Region(com.sequenceiq.cloudbreak.cloud.model.Region)
AmazonEc2Client(com.sequenceiq.cloudbreak.cloud.aws.common.client.AmazonEc2Client)
LinkedHashSet(java.util.LinkedHashSet)
HashSet(java.util.HashSet)
Example 53 with AwsCredentialView
use of com.sequenceiq.cloudbreak.cloud.aws.common.view.AwsCredentialView in project cloudbreak by hortonworks.
the class AwsPlatformResources method regions.
@Override
@Cacheable(cacheNames = "cloudResourceRegionCache", key = "{ #cloudCredential?.id, #availabilityZonesNeeded }")
public CloudRegions regions(ExtendedCloudCredential cloudCredential, Region region, Map<String, String> filters, boolean availabilityZonesNeeded) {
AmazonEc2Client ec2Client = awsClient.createEc2Client(new AwsCredentialView(cloudCredential));
Map<Region, List<AvailabilityZone>> regionListMap = new HashMap<>();
Map<Region, String> displayNames = new HashMap<>();
Map<Region, Coordinate> coordinates = new HashMap<>();
DescribeRegionsResult describeRegionsResult = describeRegionsResult(ec2Client);
String defaultRegion = awsDefaultZoneProvider.getDefaultZone(cloudCredential);
for (com.amazonaws.services.ec2.model.Region awsRegion : describeRegionsResult.getRegions()) {
if (!enabledRegions.contains(region(awsRegion.getRegionName()))) {
continue;
}
if (region == null || Strings.isNullOrEmpty(region.value()) || awsRegion.getRegionName().equals(region.value())) {
try {
fetchAZsIfNeeded(availabilityZonesNeeded, regionListMap, awsRegion, cloudCredential);
} catch (AmazonEC2Exception e) {
LOGGER.info("Failed to retrieve AZ from Region: {}!", awsRegion.getRegionName(), e);
}
addDisplayName(displayNames, awsRegion);
addCoordinate(coordinates, awsRegion);
}
}
if (region != null && !Strings.isNullOrEmpty(region.value())) {
defaultRegion = region.value();
}
return new CloudRegions(regionListMap, displayNames, coordinates, defaultRegion, true);
}
Also used :
HashMap(java.util.HashMap)
CloudRegions(com.sequenceiq.cloudbreak.cloud.model.CloudRegions)
AwsCredentialView(com.sequenceiq.cloudbreak.cloud.aws.common.view.AwsCredentialView)
DescribeRegionsResult(com.amazonaws.services.ec2.model.DescribeRegionsResult)
Coordinate(com.sequenceiq.cloudbreak.cloud.model.Coordinate)
Region(com.sequenceiq.cloudbreak.cloud.model.Region)
Collections.singletonList(java.util.Collections.singletonList)
ArrayList(java.util.ArrayList)
List(java.util.List)
LinkedList(java.util.LinkedList)
AmazonEc2Client(com.sequenceiq.cloudbreak.cloud.aws.common.client.AmazonEc2Client)
AmazonEC2Exception(com.amazonaws.services.ec2.model.AmazonEC2Exception)
Cacheable(org.springframework.cache.annotation.Cacheable)
Example 54 with AwsCredentialView
use of com.sequenceiq.cloudbreak.cloud.aws.common.view.AwsCredentialView in project cloudbreak by hortonworks.
the class AwsPlatformResources method gateways.
@Override
public CloudGateWays gateways(ExtendedCloudCredential cloudCredential, Region region, Map<String, String> filters) {
Map<String, Set<CloudGateWay>> resultCloudGateWayMap = new HashMap<>();
if (region != null && !Strings.isNullOrEmpty(region.value())) {
CloudRegions regions = regions(cloudCredential, region, filters, true);
for (Entry<Region, List<AvailabilityZone>> regionListEntry : regions.getCloudRegions().entrySet()) {
if (regionListEntry.getKey().value().equals(region.value())) {
AmazonEc2Client ec2Client = awsClient.createEc2Client(new AwsCredentialView(cloudCredential), regionListEntry.getKey().value());
DescribeInternetGatewaysRequest describeInternetGatewaysRequest = new DescribeInternetGatewaysRequest();
DescribeInternetGatewaysResult describeInternetGatewaysResult = ec2Client.describeInternetGateways(describeInternetGatewaysRequest);
Set<CloudGateWay> gateWays = new HashSet<>();
for (InternetGateway internetGateway : describeInternetGatewaysResult.getInternetGateways()) {
CloudGateWay cloudGateWay = new CloudGateWay();
cloudGateWay.setId(internetGateway.getInternetGatewayId());
cloudGateWay.setName(internetGateway.getInternetGatewayId());
Collection<String> vpcs = new ArrayList<>();
for (InternetGatewayAttachment internetGatewayAttachment : internetGateway.getAttachments()) {
vpcs.add(internetGatewayAttachment.getVpcId());
}
Map<String, Object> properties = new HashMap<>();
properties.put("attachment", vpcs);
cloudGateWay.setProperties(properties);
gateWays.add(cloudGateWay);
}
for (AvailabilityZone availabilityZone : regionListEntry.getValue()) {
resultCloudGateWayMap.put(availabilityZone.value(), gateWays);
}
}
}
}
return new CloudGateWays(resultCloudGateWayMap);
}
Also used :
DescribeInternetGatewaysResult(com.amazonaws.services.ec2.model.DescribeInternetGatewaysResult)
Set(java.util.Set)
LinkedHashSet(java.util.LinkedHashSet)
HashSet(java.util.HashSet)
HashMap(java.util.HashMap)
ArrayList(java.util.ArrayList)
CloudGateWays(com.sequenceiq.cloudbreak.cloud.model.CloudGateWays)
CloudRegions(com.sequenceiq.cloudbreak.cloud.model.CloudRegions)
InternetGatewayAttachment(com.amazonaws.services.ec2.model.InternetGatewayAttachment)
AvailabilityZone(com.sequenceiq.cloudbreak.cloud.model.AvailabilityZone)
DescribeInternetGatewaysRequest(com.amazonaws.services.ec2.model.DescribeInternetGatewaysRequest)
CloudGateWay(com.sequenceiq.cloudbreak.cloud.model.CloudGateWay)
AwsCredentialView(com.sequenceiq.cloudbreak.cloud.aws.common.view.AwsCredentialView)
InternetGateway(com.amazonaws.services.ec2.model.InternetGateway)
Region(com.sequenceiq.cloudbreak.cloud.model.Region)
Collections.singletonList(java.util.Collections.singletonList)
ArrayList(java.util.ArrayList)
List(java.util.List)
LinkedList(java.util.LinkedList)
AmazonEc2Client(com.sequenceiq.cloudbreak.cloud.aws.common.client.AmazonEc2Client)
LinkedHashSet(java.util.LinkedHashSet)
HashSet(java.util.HashSet)
Example 55 with AwsCredentialView
use of com.sequenceiq.cloudbreak.cloud.aws.common.view.AwsCredentialView in project cloudbreak by hortonworks.
the class AwsPlatformResources method accessConfigs.
@Override
public CloudAccessConfigs accessConfigs(ExtendedCloudCredential cloudCredential, Region region, Map<String, String> filters) {
CloudAccessConfigs cloudAccessConfigs = new CloudAccessConfigs(new HashSet<>());
AwsCredentialView awsCredentialView = new AwsCredentialView(cloudCredential);
AmazonIdentityManagementClient client = awsClient.createAmazonIdentityManagement(awsCredentialView);
String accessConfigType = filters.get(CloudParameterConst.ACCESS_CONFIG_TYPE);
Set<CloudAccessConfig> cloudAccessConfigSet;
if (AwsAccessConfigType.ROLE.name().equals(accessConfigType)) {
cloudAccessConfigSet = getAccessConfigByRole(client);
} else {
cloudAccessConfigSet = getAccessConfigByInstanceProfile(client);
}
cloudAccessConfigs.getCloudAccessConfigs().addAll(cloudAccessConfigSet);
return cloudAccessConfigs;
}
Also used :
AwsCredentialView(com.sequenceiq.cloudbreak.cloud.aws.common.view.AwsCredentialView)
AmazonIdentityManagementClient(com.sequenceiq.cloudbreak.cloud.aws.common.client.AmazonIdentityManagementClient)
CloudAccessConfig(com.sequenceiq.cloudbreak.cloud.model.CloudAccessConfig)
CloudAccessConfigs(com.sequenceiq.cloudbreak.cloud.model.CloudAccessConfigs)
Aggregations
AwsCredentialView (com.sequenceiq.cloudbreak.cloud.aws.common.view.AwsCredentialView)94
AmazonEc2Client (com.sequenceiq.cloudbreak.cloud.aws.common.client.AmazonEc2Client)32
CloudConnectorException (com.sequenceiq.cloudbreak.cloud.exception.CloudConnectorException)32
List (java.util.List)25
AmazonServiceException (com.amazonaws.AmazonServiceException)22
AmazonCloudFormationClient (com.sequenceiq.cloudbreak.cloud.aws.client.AmazonCloudFormationClient)21
Logger (org.slf4j.Logger)21
Inject (javax.inject.Inject)20
ArrayList (java.util.ArrayList)19
Collectors (java.util.stream.Collectors)19
CloudInstance (com.sequenceiq.cloudbreak.cloud.model.CloudInstance)18
Group (com.sequenceiq.cloudbreak.cloud.model.Group)18
Set (java.util.Set)18
CloudResource (com.sequenceiq.cloudbreak.cloud.model.CloudResource)17
CloudStack (com.sequenceiq.cloudbreak.cloud.model.CloudStack)17
Map (java.util.Map)16
LoggerFactory (org.slf4j.LoggerFactory)16
AuthenticatedContext (com.sequenceiq.cloudbreak.cloud.context.AuthenticatedContext)15
Service (org.springframework.stereotype.Service)15
AmazonAutoScalingClient (com.sequenceiq.cloudbreak.cloud.aws.client.AmazonAutoScalingClient)14
