Search in sources :

Example 36 with AwsCredentialView

use of com.sequenceiq.cloudbreak.cloud.aws.common.view.AwsCredentialView in project cloudbreak by hortonworks.

the class AwsPublicKeyConnector method exists.

@Override
public boolean exists(PublicKeyDescribeRequest request) {
    LOGGER.debug("Describe public key {} in {} region on AWS", request.getPublicKeyId(), request.getRegion());
    AwsCredentialView awsCredential = new AwsCredentialView(request.getCredential());
    try {
        AmazonEc2Client client = awsClient.createEc2Client(awsCredential, request.getRegion());
        return exists(client, request.getPublicKeyId());
    } catch (Exception e) {
        String errorMessage = String.format("Failed to describe public key [%s:'%s', region: '%s'], detailed message: %s", getType(awsCredential), getAwsId(awsCredential), request.getRegion(), e.getMessage());
        LOGGER.error(errorMessage, e);
    }
    return false;
}
Also used : AwsCredentialView(com.sequenceiq.cloudbreak.cloud.aws.common.view.AwsCredentialView) AmazonEc2Client(com.sequenceiq.cloudbreak.cloud.aws.common.client.AmazonEc2Client) AmazonServiceException(com.amazonaws.AmazonServiceException) CloudConnectorException(com.sequenceiq.cloudbreak.cloud.exception.CloudConnectorException)

Example 37 with AwsCredentialView

use of com.sequenceiq.cloudbreak.cloud.aws.common.view.AwsCredentialView in project cloudbreak by hortonworks.

the class AwsCredentialConnector method verifyIamRoleIsAssumable.

private CDPServicePolicyVerificationResponses verifyIamRoleIsAssumable(CloudCredential cloudCredential, List<String> services, Map<String, String> experiencePrerequisites) {
    AwsCredentialView awsCredential = credentialViewProvider.createAwsCredentialView(cloudCredential);
    CDPServicePolicyVerificationResponses credentialStatus;
    Map<String, String> servicesWithPolicies = new HashMap<>();
    services.forEach(service -> experiencePrerequisites.keySet().stream().filter(AwsCredentialConnector::isPolicyServiceMatchesForName).findFirst().ifPresent(policyKey -> servicesWithPolicies.put(service, experiencePrerequisites.get(policyKey))));
    try {
        credentialClient.retrieveSessionCredentials(awsCredential);
        credentialStatus = verifyCredentialsPermission(awsCredential, servicesWithPolicies);
    } catch (AmazonClientException ae) {
        String errorMessage = getErrorMessageForAwsClientException(awsCredential, ae);
        LOGGER.warn(errorMessage, ae);
        credentialStatus = new CDPServicePolicyVerificationResponses(getServiceStatus(services, errorMessage));
    } catch (AwsConfusedDeputyException confusedDeputyEx) {
        credentialStatus = new CDPServicePolicyVerificationResponses(getServiceStatus(services, confusedDeputyEx.getMessage()));
    } catch (RuntimeException e) {
        String errorMessage = String.format("Unable to verify credential: check if the role '%s' exists and it's created with the correct external ID. " + "Cause: '%s'", awsCredential.getRoleArn(), e.getMessage());
        LOGGER.warn(errorMessage, e);
        credentialStatus = new CDPServicePolicyVerificationResponses(getServiceStatus(services, errorMessage));
    }
    return credentialStatus;
}
Also used : AwsCredentialView(com.sequenceiq.cloudbreak.cloud.aws.common.view.AwsCredentialView) CDPServicePolicyVerificationResponse(com.sequenceiq.cloudbreak.cloud.model.CDPServicePolicyVerificationResponse) CloudContext(com.sequenceiq.cloudbreak.cloud.context.CloudContext) LoggerFactory(org.slf4j.LoggerFactory) HashMap(java.util.HashMap) StringUtils(org.apache.commons.lang3.StringUtils) StringUtils.isNotEmpty(org.apache.commons.lang3.StringUtils.isNotEmpty) AwsPermissionMissingException(com.sequenceiq.cloudbreak.cloud.aws.common.exception.AwsPermissionMissingException) HashSet(java.util.HashSet) Inject(javax.inject.Inject) Value(org.springframework.beans.factory.annotation.Value) Strings(com.google.common.base.Strings) AwsCredentialViewProvider(com.sequenceiq.cloudbreak.cloud.aws.common.view.AwsCredentialViewProvider) StringUtils.isNoneEmpty(org.apache.commons.lang3.StringUtils.isNoneEmpty) AwsCredentialView(com.sequenceiq.cloudbreak.cloud.aws.common.view.AwsCredentialView) AuthenticatedContext(com.sequenceiq.cloudbreak.cloud.context.AuthenticatedContext) Service(org.springframework.stereotype.Service) Map(java.util.Map) CredentialPrerequisitesResponse(com.sequenceiq.cloudbreak.cloud.response.CredentialPrerequisitesResponse) CredentialType(com.sequenceiq.common.model.CredentialType) StringUtils.isEmpty(org.apache.commons.lang3.StringUtils.isEmpty) CDPServicePolicyVerificationResponses(com.sequenceiq.cloudbreak.cloud.model.CDPServicePolicyVerificationResponses) Logger(org.slf4j.Logger) CredentialVerificationContext(com.sequenceiq.cloudbreak.cloud.model.credential.CredentialVerificationContext) Set(java.util.Set) AwsCredentialPrerequisites(com.sequenceiq.cloudbreak.cloud.response.AwsCredentialPrerequisites) CloudCredential(com.sequenceiq.cloudbreak.cloud.model.CloudCredential) CredentialStatus(com.sequenceiq.cloudbreak.cloud.model.CredentialStatus) CredentialConnector(com.sequenceiq.cloudbreak.cloud.CredentialConnector) AwsConfusedDeputyException(com.sequenceiq.cloudbreak.cloud.aws.common.exception.AwsConfusedDeputyException) PERMISSIONS_MISSING(com.sequenceiq.cloudbreak.cloud.model.CredentialStatus.PERMISSIONS_MISSING) List(java.util.List) CloudCredentialStatus(com.sequenceiq.cloudbreak.cloud.model.CloudCredentialStatus) PolicyServiceName(com.sequenceiq.cloudbreak.experience.PolicyServiceName) AmazonClientException(com.amazonaws.AmazonClientException) HashMap(java.util.HashMap) AmazonClientException(com.amazonaws.AmazonClientException) CDPServicePolicyVerificationResponses(com.sequenceiq.cloudbreak.cloud.model.CDPServicePolicyVerificationResponses) AwsConfusedDeputyException(com.sequenceiq.cloudbreak.cloud.aws.common.exception.AwsConfusedDeputyException)

Example 38 with AwsCredentialView

use of com.sequenceiq.cloudbreak.cloud.aws.common.view.AwsCredentialView in project cloudbreak by hortonworks.

the class AwsCredentialConnector method verifyByServices.

@Override
public CDPServicePolicyVerificationResponses verifyByServices(AuthenticatedContext authenticatedContext, List<String> services, Map<String, String> experiencePrerequisites) {
    CloudCredential credential = authenticatedContext.getCloudCredential();
    LOGGER.debug("Create credential: {}", credential);
    AwsCredentialView awsCredential = credentialViewProvider.createAwsCredentialView(credential);
    String roleArn = awsCredential.getRoleArn();
    String accessKey = awsCredential.getAccessKey();
    String secretKey = awsCredential.getSecretKey();
    CDPServicePolicyVerificationResponses result;
    if (isNoneEmpty(roleArn, accessKey, secretKey)) {
        String message = "Please only provide the 'role arn' or the 'access' and 'secret key'";
        result = new CDPServicePolicyVerificationResponses(getServiceStatus(services, message));
    } else if (isNotEmpty(roleArn)) {
        result = verifyIamRoleIsAssumable(credential, services, experiencePrerequisites);
    } else if (isEmpty(accessKey) || isEmpty(secretKey)) {
        String message = "Please provide both the 'access' and 'secret key'";
        result = new CDPServicePolicyVerificationResponses(getServiceStatus(services, message));
    } else {
        String message = "We do not support to verify 'access' and 'secret key'";
        result = new CDPServicePolicyVerificationResponses(getServiceStatus(services, message));
    }
    return result;
}
Also used : AwsCredentialView(com.sequenceiq.cloudbreak.cloud.aws.common.view.AwsCredentialView) CloudCredential(com.sequenceiq.cloudbreak.cloud.model.CloudCredential) CDPServicePolicyVerificationResponses(com.sequenceiq.cloudbreak.cloud.model.CDPServicePolicyVerificationResponses)

Example 39 with AwsCredentialView

use of com.sequenceiq.cloudbreak.cloud.aws.common.view.AwsCredentialView in project cloudbreak by hortonworks.

the class AwsCredentialConnector method verify.

@Override
public CloudCredentialStatus verify(AuthenticatedContext authenticatedContext, CredentialVerificationContext credentialVerificationContext) {
    CloudCredential credential = authenticatedContext.getCloudCredential();
    LOGGER.debug("Create credential: {}", credential);
    AwsCredentialView awsCredential = credentialViewProvider.createAwsCredentialView(credential);
    String roleArn = awsCredential.getRoleArn();
    String accessKey = awsCredential.getAccessKey();
    String secretKey = awsCredential.getSecretKey();
    CloudCredentialStatus result;
    if (isNoneEmpty(roleArn, accessKey, secretKey)) {
        String message = "Please only provide the 'role arn' or the 'access' and 'secret key'";
        result = new CloudCredentialStatus(credential, CredentialStatus.FAILED, new Exception(message), message);
    } else if (isNotEmpty(roleArn)) {
        result = verifyIamRoleIsAssumable(credential, credentialVerificationContext);
    } else if (isEmpty(accessKey) || isEmpty(secretKey)) {
        String message = "Please provide both the 'access' and 'secret key'";
        result = new CloudCredentialStatus(credential, CredentialStatus.FAILED, new Exception(message), message);
    } else {
        result = verifyAccessKeySecretKeyIsAssumable(credential);
    }
    return result;
}
Also used : AwsCredentialView(com.sequenceiq.cloudbreak.cloud.aws.common.view.AwsCredentialView) CloudCredential(com.sequenceiq.cloudbreak.cloud.model.CloudCredential) AwsPermissionMissingException(com.sequenceiq.cloudbreak.cloud.aws.common.exception.AwsPermissionMissingException) AwsConfusedDeputyException(com.sequenceiq.cloudbreak.cloud.aws.common.exception.AwsConfusedDeputyException) AmazonClientException(com.amazonaws.AmazonClientException) CloudCredentialStatus(com.sequenceiq.cloudbreak.cloud.model.CloudCredentialStatus)

Example 40 with AwsCredentialView

use of com.sequenceiq.cloudbreak.cloud.aws.common.view.AwsCredentialView in project cloudbreak by hortonworks.

the class AwsCredentialConnector method verifyAccessKeySecretKeyIsAssumable.

private CloudCredentialStatus verifyAccessKeySecretKeyIsAssumable(CloudCredential cloudCredential) {
    AwsCredentialView awsCredential = new AwsCredentialView(cloudCredential);
    CloudCredentialStatus credentialStatus = new CloudCredentialStatus(cloudCredential, CredentialStatus.VERIFIED);
    try {
        boolean defaultRegionChanged = determineDefaultRegionViaDescribingRegions(cloudCredential);
        credentialStatus = verifyCredentialsPermission(cloudCredential, awsCredential, credentialStatus);
        if (defaultRegionChanged) {
            credentialStatus = new CloudCredentialStatus(credentialStatus, defaultRegionChanged);
        }
    } catch (AmazonClientException ae) {
        String errorMessage = "Unable to verify AWS credentials: " + "please make sure the access key and secret key is correct. " + ae.getMessage();
        LOGGER.debug(errorMessage, ae);
        credentialStatus = new CloudCredentialStatus(cloudCredential, CredentialStatus.FAILED, ae, errorMessage);
    } catch (RuntimeException e) {
        String errorMessage = String.format("Could not verify keys '%s': check if the keys exists. %s", awsCredential.getAccessKey(), e.getMessage());
        LOGGER.warn(errorMessage, e);
        credentialStatus = new CloudCredentialStatus(cloudCredential, CredentialStatus.FAILED, e, errorMessage);
    }
    return credentialStatus;
}
Also used : AwsCredentialView(com.sequenceiq.cloudbreak.cloud.aws.common.view.AwsCredentialView) AmazonClientException(com.amazonaws.AmazonClientException) CloudCredentialStatus(com.sequenceiq.cloudbreak.cloud.model.CloudCredentialStatus)

Aggregations

AwsCredentialView (com.sequenceiq.cloudbreak.cloud.aws.common.view.AwsCredentialView)94 AmazonEc2Client (com.sequenceiq.cloudbreak.cloud.aws.common.client.AmazonEc2Client)32 CloudConnectorException (com.sequenceiq.cloudbreak.cloud.exception.CloudConnectorException)32 List (java.util.List)25 AmazonServiceException (com.amazonaws.AmazonServiceException)22 AmazonCloudFormationClient (com.sequenceiq.cloudbreak.cloud.aws.client.AmazonCloudFormationClient)21 Logger (org.slf4j.Logger)21 Inject (javax.inject.Inject)20 ArrayList (java.util.ArrayList)19 Collectors (java.util.stream.Collectors)19 CloudInstance (com.sequenceiq.cloudbreak.cloud.model.CloudInstance)18 Group (com.sequenceiq.cloudbreak.cloud.model.Group)18 Set (java.util.Set)18 CloudResource (com.sequenceiq.cloudbreak.cloud.model.CloudResource)17 CloudStack (com.sequenceiq.cloudbreak.cloud.model.CloudStack)17 Map (java.util.Map)16 LoggerFactory (org.slf4j.LoggerFactory)16 AuthenticatedContext (com.sequenceiq.cloudbreak.cloud.context.AuthenticatedContext)15 Service (org.springframework.stereotype.Service)15 AmazonAutoScalingClient (com.sequenceiq.cloudbreak.cloud.aws.client.AmazonAutoScalingClient)14