Search in sources :

Example 51 with AwsCredentialView

use of com.sequenceiq.cloudbreak.cloud.aws.common.view.AwsCredentialView in project cloudbreak by hortonworks.

the class AwsPlatformResources method encryptionKeys.

@Override
public CloudEncryptionKeys encryptionKeys(ExtendedCloudCredential cloudCredential, Region region, Map<String, String> filters) {
    String queryFailedMessage = "Could not get encryption keys from Amazon: ";
    CloudEncryptionKeys cloudEncryptionKeys = new CloudEncryptionKeys(new HashSet<>());
    AwsCredentialView awsCredentialView = new AwsCredentialView(cloudCredential);
    AmazonKmsClient client = awsClient.createAWSKMS(awsCredentialView, region.value());
    try {
        ListKeysRequest listKeysRequest = new ListKeysRequest();
        ListKeysResult listKeysResult = client.listKeys(listKeysRequest);
        ListAliasesResult listAliasesResult = client.listAliases(new ListAliasesRequest());
        for (AliasListEntry keyListEntry : listAliasesResult.getAliases()) {
            try {
                listKeysResult.getKeys().stream().filter(item -> item.getKeyId().equals(keyListEntry.getTargetKeyId())).findFirst().ifPresent(item -> {
                    DescribeKeyRequest describeKeyRequest = new DescribeKeyRequest().withKeyId(item.getKeyId());
                    DescribeKeyResult describeKeyResult = client.describeKey(describeKeyRequest);
                    Map<String, Object> meta = new HashMap<>();
                    meta.put("aWSAccountId", describeKeyResult.getKeyMetadata().getAWSAccountId());
                    meta.put("creationDate", describeKeyResult.getKeyMetadata().getCreationDate());
                    meta.put("enabled", describeKeyResult.getKeyMetadata().getEnabled());
                    meta.put("expirationModel", describeKeyResult.getKeyMetadata().getExpirationModel());
                    meta.put("keyManager", describeKeyResult.getKeyMetadata().getKeyManager());
                    meta.put("keyState", describeKeyResult.getKeyMetadata().getKeyState());
                    meta.put("keyUsage", describeKeyResult.getKeyMetadata().getKeyUsage());
                    meta.put("origin", describeKeyResult.getKeyMetadata().getOrigin());
                    meta.put("validTo", describeKeyResult.getKeyMetadata().getValidTo());
                    if (!CloudConstants.AWS.equalsIgnoreCase(describeKeyResult.getKeyMetadata().getKeyManager())) {
                        CloudEncryptionKey key = new CloudEncryptionKey(item.getKeyArn(), describeKeyResult.getKeyMetadata().getKeyId(), describeKeyResult.getKeyMetadata().getDescription(), keyListEntry.getAliasName().replace("alias/", ""), meta);
                        cloudEncryptionKeys.getCloudEncryptionKeys().add(key);
                    }
                });
            } catch (AmazonServiceException e) {
                if (e.getStatusCode() == UNAUTHORIZED) {
                    String policyMessage = "Could not get encryption keys because the user does not have enough permission.";
                    LOGGER.error(policyMessage, e);
                } else {
                    LOGGER.info(queryFailedMessage, e);
                }
            } catch (Exception e) {
                LOGGER.warn(queryFailedMessage, e);
            }
        }
    } catch (AmazonServiceException ase) {
        if (ase.getStatusCode() == UNAUTHORIZED) {
            String policyMessage = "Could not get encryption keys because the user does not have enough permission.";
            LOGGER.error(policyMessage, ase);
            throw new CloudUnauthorizedException(policyMessage, ase);
        } else {
            LOGGER.info(queryFailedMessage, ase);
            throw new CloudConnectorException(queryFailedMessage + ase.getMessage(), ase);
        }
    } catch (Exception e) {
        LOGGER.warn(queryFailedMessage, e);
        throw new CloudConnectorException(queryFailedMessage + e.getMessage(), e);
    }
    return cloudEncryptionKeys;
}
Also used : ListAliasesResult(com.amazonaws.services.kms.model.ListAliasesResult) AliasListEntry(com.amazonaws.services.kms.model.AliasListEntry) AmazonKmsClient(com.sequenceiq.cloudbreak.cloud.aws.common.client.AmazonKmsClient) HashMap(java.util.HashMap) CloudConnectorException(com.sequenceiq.cloudbreak.cloud.exception.CloudConnectorException) DescribeKeyRequest(com.amazonaws.services.kms.model.DescribeKeyRequest) ListKeysRequest(com.amazonaws.services.kms.model.ListKeysRequest) CloudEncryptionKeys(com.sequenceiq.cloudbreak.cloud.model.CloudEncryptionKeys) CloudUnauthorizedException(com.sequenceiq.cloudbreak.cloud.exception.CloudUnauthorizedException) AmazonServiceException(com.amazonaws.AmazonServiceException) CloudConnectorException(com.sequenceiq.cloudbreak.cloud.exception.CloudConnectorException) IOException(java.io.IOException) SdkClientException(com.amazonaws.SdkClientException) AmazonEC2Exception(com.amazonaws.services.ec2.model.AmazonEC2Exception) PermanentlyFailedException(com.sequenceiq.cloudbreak.util.PermanentlyFailedException) AwsCredentialView(com.sequenceiq.cloudbreak.cloud.aws.common.view.AwsCredentialView) CloudEncryptionKey(com.sequenceiq.cloudbreak.cloud.model.CloudEncryptionKey) DescribeKeyResult(com.amazonaws.services.kms.model.DescribeKeyResult) AmazonServiceException(com.amazonaws.AmazonServiceException) ListKeysResult(com.amazonaws.services.kms.model.ListKeysResult) ListAliasesRequest(com.amazonaws.services.kms.model.ListAliasesRequest) CloudUnauthorizedException(com.sequenceiq.cloudbreak.cloud.exception.CloudUnauthorizedException)

Example 52 with AwsCredentialView

use of com.sequenceiq.cloudbreak.cloud.aws.common.view.AwsCredentialView in project cloudbreak by hortonworks.

the class AwsPlatformResources method sshKeys.

@Override
public CloudSshKeys sshKeys(ExtendedCloudCredential cloudCredential, Region region, Map<String, String> filters) {
    Map<String, Set<CloudSshKey>> result = new HashMap<>();
    if (region != null && !Strings.isNullOrEmpty(region.value())) {
        CloudRegions regions = regions(cloudCredential, region, new HashMap<>(), true);
        for (Region actualRegion : regions.getCloudRegions().keySet()) {
            // If region is provided then should filter for those region
            if (regionMatch(actualRegion, region)) {
                Set<CloudSshKey> cloudSshKeys = new HashSet<>();
                AmazonEc2Client ec2Client = awsClient.createEc2Client(new AwsCredentialView(cloudCredential), actualRegion.value());
                // create sshkey filter view
                PlatformResourceSshKeyFilterView filter = new PlatformResourceSshKeyFilterView(filters);
                DescribeKeyPairsRequest describeKeyPairsRequest = new DescribeKeyPairsRequest();
                // If the filtervalue is provided then we should filter only for those securitygroups
                if (!Strings.isNullOrEmpty(filter.getKeyName())) {
                    describeKeyPairsRequest.withKeyNames(filter.getKeyName());
                }
                for (KeyPairInfo keyPairInfo : ec2Client.describeKeyPairs(describeKeyPairsRequest).getKeyPairs()) {
                    Map<String, Object> properties = new HashMap<>();
                    properties.put("fingerPrint", keyPairInfo.getKeyFingerprint());
                    cloudSshKeys.add(new CloudSshKey(keyPairInfo.getKeyName(), properties));
                }
                result.put(actualRegion.value(), cloudSshKeys);
            }
        }
    }
    return new CloudSshKeys(result);
}
Also used : PlatformResourceSshKeyFilterView(com.sequenceiq.cloudbreak.cloud.model.view.PlatformResourceSshKeyFilterView) Set(java.util.Set) LinkedHashSet(java.util.LinkedHashSet) HashSet(java.util.HashSet) DescribeKeyPairsRequest(com.amazonaws.services.ec2.model.DescribeKeyPairsRequest) KeyPairInfo(com.amazonaws.services.ec2.model.KeyPairInfo) HashMap(java.util.HashMap) CloudRegions(com.sequenceiq.cloudbreak.cloud.model.CloudRegions) CloudSshKeys(com.sequenceiq.cloudbreak.cloud.model.CloudSshKeys) CloudSshKey(com.sequenceiq.cloudbreak.cloud.model.CloudSshKey) AwsCredentialView(com.sequenceiq.cloudbreak.cloud.aws.common.view.AwsCredentialView) Region(com.sequenceiq.cloudbreak.cloud.model.Region) AmazonEc2Client(com.sequenceiq.cloudbreak.cloud.aws.common.client.AmazonEc2Client) LinkedHashSet(java.util.LinkedHashSet) HashSet(java.util.HashSet)

Example 53 with AwsCredentialView

use of com.sequenceiq.cloudbreak.cloud.aws.common.view.AwsCredentialView in project cloudbreak by hortonworks.

the class AwsPlatformResources method regions.

@Override
@Cacheable(cacheNames = "cloudResourceRegionCache", key = "{ #cloudCredential?.id, #availabilityZonesNeeded }")
public CloudRegions regions(ExtendedCloudCredential cloudCredential, Region region, Map<String, String> filters, boolean availabilityZonesNeeded) {
    AmazonEc2Client ec2Client = awsClient.createEc2Client(new AwsCredentialView(cloudCredential));
    Map<Region, List<AvailabilityZone>> regionListMap = new HashMap<>();
    Map<Region, String> displayNames = new HashMap<>();
    Map<Region, Coordinate> coordinates = new HashMap<>();
    DescribeRegionsResult describeRegionsResult = describeRegionsResult(ec2Client);
    String defaultRegion = awsDefaultZoneProvider.getDefaultZone(cloudCredential);
    for (com.amazonaws.services.ec2.model.Region awsRegion : describeRegionsResult.getRegions()) {
        if (!enabledRegions.contains(region(awsRegion.getRegionName()))) {
            continue;
        }
        if (region == null || Strings.isNullOrEmpty(region.value()) || awsRegion.getRegionName().equals(region.value())) {
            try {
                fetchAZsIfNeeded(availabilityZonesNeeded, regionListMap, awsRegion, cloudCredential);
            } catch (AmazonEC2Exception e) {
                LOGGER.info("Failed to retrieve AZ from Region: {}!", awsRegion.getRegionName(), e);
            }
            addDisplayName(displayNames, awsRegion);
            addCoordinate(coordinates, awsRegion);
        }
    }
    if (region != null && !Strings.isNullOrEmpty(region.value())) {
        defaultRegion = region.value();
    }
    return new CloudRegions(regionListMap, displayNames, coordinates, defaultRegion, true);
}
Also used : HashMap(java.util.HashMap) CloudRegions(com.sequenceiq.cloudbreak.cloud.model.CloudRegions) AwsCredentialView(com.sequenceiq.cloudbreak.cloud.aws.common.view.AwsCredentialView) DescribeRegionsResult(com.amazonaws.services.ec2.model.DescribeRegionsResult) Coordinate(com.sequenceiq.cloudbreak.cloud.model.Coordinate) Region(com.sequenceiq.cloudbreak.cloud.model.Region) Collections.singletonList(java.util.Collections.singletonList) ArrayList(java.util.ArrayList) List(java.util.List) LinkedList(java.util.LinkedList) AmazonEc2Client(com.sequenceiq.cloudbreak.cloud.aws.common.client.AmazonEc2Client) AmazonEC2Exception(com.amazonaws.services.ec2.model.AmazonEC2Exception) Cacheable(org.springframework.cache.annotation.Cacheable)

Example 54 with AwsCredentialView

use of com.sequenceiq.cloudbreak.cloud.aws.common.view.AwsCredentialView in project cloudbreak by hortonworks.

the class AwsPlatformResources method gateways.

@Override
public CloudGateWays gateways(ExtendedCloudCredential cloudCredential, Region region, Map<String, String> filters) {
    Map<String, Set<CloudGateWay>> resultCloudGateWayMap = new HashMap<>();
    if (region != null && !Strings.isNullOrEmpty(region.value())) {
        CloudRegions regions = regions(cloudCredential, region, filters, true);
        for (Entry<Region, List<AvailabilityZone>> regionListEntry : regions.getCloudRegions().entrySet()) {
            if (regionListEntry.getKey().value().equals(region.value())) {
                AmazonEc2Client ec2Client = awsClient.createEc2Client(new AwsCredentialView(cloudCredential), regionListEntry.getKey().value());
                DescribeInternetGatewaysRequest describeInternetGatewaysRequest = new DescribeInternetGatewaysRequest();
                DescribeInternetGatewaysResult describeInternetGatewaysResult = ec2Client.describeInternetGateways(describeInternetGatewaysRequest);
                Set<CloudGateWay> gateWays = new HashSet<>();
                for (InternetGateway internetGateway : describeInternetGatewaysResult.getInternetGateways()) {
                    CloudGateWay cloudGateWay = new CloudGateWay();
                    cloudGateWay.setId(internetGateway.getInternetGatewayId());
                    cloudGateWay.setName(internetGateway.getInternetGatewayId());
                    Collection<String> vpcs = new ArrayList<>();
                    for (InternetGatewayAttachment internetGatewayAttachment : internetGateway.getAttachments()) {
                        vpcs.add(internetGatewayAttachment.getVpcId());
                    }
                    Map<String, Object> properties = new HashMap<>();
                    properties.put("attachment", vpcs);
                    cloudGateWay.setProperties(properties);
                    gateWays.add(cloudGateWay);
                }
                for (AvailabilityZone availabilityZone : regionListEntry.getValue()) {
                    resultCloudGateWayMap.put(availabilityZone.value(), gateWays);
                }
            }
        }
    }
    return new CloudGateWays(resultCloudGateWayMap);
}
Also used : DescribeInternetGatewaysResult(com.amazonaws.services.ec2.model.DescribeInternetGatewaysResult) Set(java.util.Set) LinkedHashSet(java.util.LinkedHashSet) HashSet(java.util.HashSet) HashMap(java.util.HashMap) ArrayList(java.util.ArrayList) CloudGateWays(com.sequenceiq.cloudbreak.cloud.model.CloudGateWays) CloudRegions(com.sequenceiq.cloudbreak.cloud.model.CloudRegions) InternetGatewayAttachment(com.amazonaws.services.ec2.model.InternetGatewayAttachment) AvailabilityZone(com.sequenceiq.cloudbreak.cloud.model.AvailabilityZone) DescribeInternetGatewaysRequest(com.amazonaws.services.ec2.model.DescribeInternetGatewaysRequest) CloudGateWay(com.sequenceiq.cloudbreak.cloud.model.CloudGateWay) AwsCredentialView(com.sequenceiq.cloudbreak.cloud.aws.common.view.AwsCredentialView) InternetGateway(com.amazonaws.services.ec2.model.InternetGateway) Region(com.sequenceiq.cloudbreak.cloud.model.Region) Collections.singletonList(java.util.Collections.singletonList) ArrayList(java.util.ArrayList) List(java.util.List) LinkedList(java.util.LinkedList) AmazonEc2Client(com.sequenceiq.cloudbreak.cloud.aws.common.client.AmazonEc2Client) LinkedHashSet(java.util.LinkedHashSet) HashSet(java.util.HashSet)

Example 55 with AwsCredentialView

use of com.sequenceiq.cloudbreak.cloud.aws.common.view.AwsCredentialView in project cloudbreak by hortonworks.

the class AwsPlatformResources method accessConfigs.

@Override
public CloudAccessConfigs accessConfigs(ExtendedCloudCredential cloudCredential, Region region, Map<String, String> filters) {
    CloudAccessConfigs cloudAccessConfigs = new CloudAccessConfigs(new HashSet<>());
    AwsCredentialView awsCredentialView = new AwsCredentialView(cloudCredential);
    AmazonIdentityManagementClient client = awsClient.createAmazonIdentityManagement(awsCredentialView);
    String accessConfigType = filters.get(CloudParameterConst.ACCESS_CONFIG_TYPE);
    Set<CloudAccessConfig> cloudAccessConfigSet;
    if (AwsAccessConfigType.ROLE.name().equals(accessConfigType)) {
        cloudAccessConfigSet = getAccessConfigByRole(client);
    } else {
        cloudAccessConfigSet = getAccessConfigByInstanceProfile(client);
    }
    cloudAccessConfigs.getCloudAccessConfigs().addAll(cloudAccessConfigSet);
    return cloudAccessConfigs;
}
Also used : AwsCredentialView(com.sequenceiq.cloudbreak.cloud.aws.common.view.AwsCredentialView) AmazonIdentityManagementClient(com.sequenceiq.cloudbreak.cloud.aws.common.client.AmazonIdentityManagementClient) CloudAccessConfig(com.sequenceiq.cloudbreak.cloud.model.CloudAccessConfig) CloudAccessConfigs(com.sequenceiq.cloudbreak.cloud.model.CloudAccessConfigs)

Aggregations

AwsCredentialView (com.sequenceiq.cloudbreak.cloud.aws.common.view.AwsCredentialView)94 AmazonEc2Client (com.sequenceiq.cloudbreak.cloud.aws.common.client.AmazonEc2Client)32 CloudConnectorException (com.sequenceiq.cloudbreak.cloud.exception.CloudConnectorException)32 List (java.util.List)25 AmazonServiceException (com.amazonaws.AmazonServiceException)22 AmazonCloudFormationClient (com.sequenceiq.cloudbreak.cloud.aws.client.AmazonCloudFormationClient)21 Logger (org.slf4j.Logger)21 Inject (javax.inject.Inject)20 ArrayList (java.util.ArrayList)19 Collectors (java.util.stream.Collectors)19 CloudInstance (com.sequenceiq.cloudbreak.cloud.model.CloudInstance)18 Group (com.sequenceiq.cloudbreak.cloud.model.Group)18 Set (java.util.Set)18 CloudResource (com.sequenceiq.cloudbreak.cloud.model.CloudResource)17 CloudStack (com.sequenceiq.cloudbreak.cloud.model.CloudStack)17 Map (java.util.Map)16 LoggerFactory (org.slf4j.LoggerFactory)16 AuthenticatedContext (com.sequenceiq.cloudbreak.cloud.context.AuthenticatedContext)15 Service (org.springframework.stereotype.Service)15 AmazonAutoScalingClient (com.sequenceiq.cloudbreak.cloud.aws.client.AmazonAutoScalingClient)14