Example 36 with AwsCredentialView
use of com.sequenceiq.cloudbreak.cloud.aws.common.view.AwsCredentialView in project cloudbreak by hortonworks.
the class AwsPublicKeyConnector method exists.
@Override
public boolean exists(PublicKeyDescribeRequest request) {
LOGGER.debug("Describe public key {} in {} region on AWS", request.getPublicKeyId(), request.getRegion());
AwsCredentialView awsCredential = new AwsCredentialView(request.getCredential());
try {
AmazonEc2Client client = awsClient.createEc2Client(awsCredential, request.getRegion());
return exists(client, request.getPublicKeyId());
} catch (Exception e) {
String errorMessage = String.format("Failed to describe public key [%s:'%s', region: '%s'], detailed message: %s", getType(awsCredential), getAwsId(awsCredential), request.getRegion(), e.getMessage());
LOGGER.error(errorMessage, e);
}
return false;
}
Also used :
AwsCredentialView(com.sequenceiq.cloudbreak.cloud.aws.common.view.AwsCredentialView)
AmazonEc2Client(com.sequenceiq.cloudbreak.cloud.aws.common.client.AmazonEc2Client)
AmazonServiceException(com.amazonaws.AmazonServiceException)
CloudConnectorException(com.sequenceiq.cloudbreak.cloud.exception.CloudConnectorException)
Example 37 with AwsCredentialView
use of com.sequenceiq.cloudbreak.cloud.aws.common.view.AwsCredentialView in project cloudbreak by hortonworks.
the class AwsCredentialConnector method verifyIamRoleIsAssumable.
private CDPServicePolicyVerificationResponses verifyIamRoleIsAssumable(CloudCredential cloudCredential, List<String> services, Map<String, String> experiencePrerequisites) {
AwsCredentialView awsCredential = credentialViewProvider.createAwsCredentialView(cloudCredential);
CDPServicePolicyVerificationResponses credentialStatus;
Map<String, String> servicesWithPolicies = new HashMap<>();
services.forEach(service -> experiencePrerequisites.keySet().stream().filter(AwsCredentialConnector::isPolicyServiceMatchesForName).findFirst().ifPresent(policyKey -> servicesWithPolicies.put(service, experiencePrerequisites.get(policyKey))));
try {
credentialClient.retrieveSessionCredentials(awsCredential);
credentialStatus = verifyCredentialsPermission(awsCredential, servicesWithPolicies);
} catch (AmazonClientException ae) {
String errorMessage = getErrorMessageForAwsClientException(awsCredential, ae);
LOGGER.warn(errorMessage, ae);
credentialStatus = new CDPServicePolicyVerificationResponses(getServiceStatus(services, errorMessage));
} catch (AwsConfusedDeputyException confusedDeputyEx) {
credentialStatus = new CDPServicePolicyVerificationResponses(getServiceStatus(services, confusedDeputyEx.getMessage()));
} catch (RuntimeException e) {
String errorMessage = String.format("Unable to verify credential: check if the role '%s' exists and it's created with the correct external ID. " + "Cause: '%s'", awsCredential.getRoleArn(), e.getMessage());
LOGGER.warn(errorMessage, e);
credentialStatus = new CDPServicePolicyVerificationResponses(getServiceStatus(services, errorMessage));
}
return credentialStatus;
}
Also used :
AwsCredentialView(com.sequenceiq.cloudbreak.cloud.aws.common.view.AwsCredentialView)
CDPServicePolicyVerificationResponse(com.sequenceiq.cloudbreak.cloud.model.CDPServicePolicyVerificationResponse)
CloudContext(com.sequenceiq.cloudbreak.cloud.context.CloudContext)
LoggerFactory(org.slf4j.LoggerFactory)
HashMap(java.util.HashMap)
StringUtils(org.apache.commons.lang3.StringUtils)
StringUtils.isNotEmpty(org.apache.commons.lang3.StringUtils.isNotEmpty)
AwsPermissionMissingException(com.sequenceiq.cloudbreak.cloud.aws.common.exception.AwsPermissionMissingException)
HashSet(java.util.HashSet)
Inject(javax.inject.Inject)
Value(org.springframework.beans.factory.annotation.Value)
Strings(com.google.common.base.Strings)
AwsCredentialViewProvider(com.sequenceiq.cloudbreak.cloud.aws.common.view.AwsCredentialViewProvider)
StringUtils.isNoneEmpty(org.apache.commons.lang3.StringUtils.isNoneEmpty)
AwsCredentialView(com.sequenceiq.cloudbreak.cloud.aws.common.view.AwsCredentialView)
AuthenticatedContext(com.sequenceiq.cloudbreak.cloud.context.AuthenticatedContext)
Service(org.springframework.stereotype.Service)
Map(java.util.Map)
CredentialPrerequisitesResponse(com.sequenceiq.cloudbreak.cloud.response.CredentialPrerequisitesResponse)
CredentialType(com.sequenceiq.common.model.CredentialType)
StringUtils.isEmpty(org.apache.commons.lang3.StringUtils.isEmpty)
CDPServicePolicyVerificationResponses(com.sequenceiq.cloudbreak.cloud.model.CDPServicePolicyVerificationResponses)
Logger(org.slf4j.Logger)
CredentialVerificationContext(com.sequenceiq.cloudbreak.cloud.model.credential.CredentialVerificationContext)
Set(java.util.Set)
AwsCredentialPrerequisites(com.sequenceiq.cloudbreak.cloud.response.AwsCredentialPrerequisites)
CloudCredential(com.sequenceiq.cloudbreak.cloud.model.CloudCredential)
CredentialStatus(com.sequenceiq.cloudbreak.cloud.model.CredentialStatus)
CredentialConnector(com.sequenceiq.cloudbreak.cloud.CredentialConnector)
AwsConfusedDeputyException(com.sequenceiq.cloudbreak.cloud.aws.common.exception.AwsConfusedDeputyException)
PERMISSIONS_MISSING(com.sequenceiq.cloudbreak.cloud.model.CredentialStatus.PERMISSIONS_MISSING)
List(java.util.List)
CloudCredentialStatus(com.sequenceiq.cloudbreak.cloud.model.CloudCredentialStatus)
PolicyServiceName(com.sequenceiq.cloudbreak.experience.PolicyServiceName)
AmazonClientException(com.amazonaws.AmazonClientException)
HashMap(java.util.HashMap)
AmazonClientException(com.amazonaws.AmazonClientException)
CDPServicePolicyVerificationResponses(com.sequenceiq.cloudbreak.cloud.model.CDPServicePolicyVerificationResponses)
AwsConfusedDeputyException(com.sequenceiq.cloudbreak.cloud.aws.common.exception.AwsConfusedDeputyException)
Example 38 with AwsCredentialView
use of com.sequenceiq.cloudbreak.cloud.aws.common.view.AwsCredentialView in project cloudbreak by hortonworks.
the class AwsCredentialConnector method verifyByServices.
@Override
public CDPServicePolicyVerificationResponses verifyByServices(AuthenticatedContext authenticatedContext, List<String> services, Map<String, String> experiencePrerequisites) {
CloudCredential credential = authenticatedContext.getCloudCredential();
LOGGER.debug("Create credential: {}", credential);
AwsCredentialView awsCredential = credentialViewProvider.createAwsCredentialView(credential);
String roleArn = awsCredential.getRoleArn();
String accessKey = awsCredential.getAccessKey();
String secretKey = awsCredential.getSecretKey();
CDPServicePolicyVerificationResponses result;
if (isNoneEmpty(roleArn, accessKey, secretKey)) {
String message = "Please only provide the 'role arn' or the 'access' and 'secret key'";
result = new CDPServicePolicyVerificationResponses(getServiceStatus(services, message));
} else if (isNotEmpty(roleArn)) {
result = verifyIamRoleIsAssumable(credential, services, experiencePrerequisites);
} else if (isEmpty(accessKey) || isEmpty(secretKey)) {
String message = "Please provide both the 'access' and 'secret key'";
result = new CDPServicePolicyVerificationResponses(getServiceStatus(services, message));
} else {
String message = "We do not support to verify 'access' and 'secret key'";
result = new CDPServicePolicyVerificationResponses(getServiceStatus(services, message));
}
return result;
}
Also used :
AwsCredentialView(com.sequenceiq.cloudbreak.cloud.aws.common.view.AwsCredentialView)
CloudCredential(com.sequenceiq.cloudbreak.cloud.model.CloudCredential)
CDPServicePolicyVerificationResponses(com.sequenceiq.cloudbreak.cloud.model.CDPServicePolicyVerificationResponses)
Example 39 with AwsCredentialView
use of com.sequenceiq.cloudbreak.cloud.aws.common.view.AwsCredentialView in project cloudbreak by hortonworks.
the class AwsCredentialConnector method verify.
@Override
public CloudCredentialStatus verify(AuthenticatedContext authenticatedContext, CredentialVerificationContext credentialVerificationContext) {
CloudCredential credential = authenticatedContext.getCloudCredential();
LOGGER.debug("Create credential: {}", credential);
AwsCredentialView awsCredential = credentialViewProvider.createAwsCredentialView(credential);
String roleArn = awsCredential.getRoleArn();
String accessKey = awsCredential.getAccessKey();
String secretKey = awsCredential.getSecretKey();
CloudCredentialStatus result;
if (isNoneEmpty(roleArn, accessKey, secretKey)) {
String message = "Please only provide the 'role arn' or the 'access' and 'secret key'";
result = new CloudCredentialStatus(credential, CredentialStatus.FAILED, new Exception(message), message);
} else if (isNotEmpty(roleArn)) {
result = verifyIamRoleIsAssumable(credential, credentialVerificationContext);
} else if (isEmpty(accessKey) || isEmpty(secretKey)) {
String message = "Please provide both the 'access' and 'secret key'";
result = new CloudCredentialStatus(credential, CredentialStatus.FAILED, new Exception(message), message);
} else {
result = verifyAccessKeySecretKeyIsAssumable(credential);
}
return result;
}
Also used :
AwsCredentialView(com.sequenceiq.cloudbreak.cloud.aws.common.view.AwsCredentialView)
CloudCredential(com.sequenceiq.cloudbreak.cloud.model.CloudCredential)
AwsPermissionMissingException(com.sequenceiq.cloudbreak.cloud.aws.common.exception.AwsPermissionMissingException)
AwsConfusedDeputyException(com.sequenceiq.cloudbreak.cloud.aws.common.exception.AwsConfusedDeputyException)
AmazonClientException(com.amazonaws.AmazonClientException)
CloudCredentialStatus(com.sequenceiq.cloudbreak.cloud.model.CloudCredentialStatus)
Example 40 with AwsCredentialView
use of com.sequenceiq.cloudbreak.cloud.aws.common.view.AwsCredentialView in project cloudbreak by hortonworks.
the class AwsCredentialConnector method verifyAccessKeySecretKeyIsAssumable.
private CloudCredentialStatus verifyAccessKeySecretKeyIsAssumable(CloudCredential cloudCredential) {
AwsCredentialView awsCredential = new AwsCredentialView(cloudCredential);
CloudCredentialStatus credentialStatus = new CloudCredentialStatus(cloudCredential, CredentialStatus.VERIFIED);
try {
boolean defaultRegionChanged = determineDefaultRegionViaDescribingRegions(cloudCredential);
credentialStatus = verifyCredentialsPermission(cloudCredential, awsCredential, credentialStatus);
if (defaultRegionChanged) {
credentialStatus = new CloudCredentialStatus(credentialStatus, defaultRegionChanged);
}
} catch (AmazonClientException ae) {
String errorMessage = "Unable to verify AWS credentials: " + "please make sure the access key and secret key is correct. " + ae.getMessage();
LOGGER.debug(errorMessage, ae);
credentialStatus = new CloudCredentialStatus(cloudCredential, CredentialStatus.FAILED, ae, errorMessage);
} catch (RuntimeException e) {
String errorMessage = String.format("Could not verify keys '%s': check if the keys exists. %s", awsCredential.getAccessKey(), e.getMessage());
LOGGER.warn(errorMessage, e);
credentialStatus = new CloudCredentialStatus(cloudCredential, CredentialStatus.FAILED, e, errorMessage);
}
return credentialStatus;
}
Also used :
AwsCredentialView(com.sequenceiq.cloudbreak.cloud.aws.common.view.AwsCredentialView)
AmazonClientException(com.amazonaws.AmazonClientException)
CloudCredentialStatus(com.sequenceiq.cloudbreak.cloud.model.CloudCredentialStatus)
Aggregations
AwsCredentialView (com.sequenceiq.cloudbreak.cloud.aws.common.view.AwsCredentialView)94
AmazonEc2Client (com.sequenceiq.cloudbreak.cloud.aws.common.client.AmazonEc2Client)32
CloudConnectorException (com.sequenceiq.cloudbreak.cloud.exception.CloudConnectorException)32
List (java.util.List)25
AmazonServiceException (com.amazonaws.AmazonServiceException)22
AmazonCloudFormationClient (com.sequenceiq.cloudbreak.cloud.aws.client.AmazonCloudFormationClient)21
Logger (org.slf4j.Logger)21
Inject (javax.inject.Inject)20
ArrayList (java.util.ArrayList)19
Collectors (java.util.stream.Collectors)19
CloudInstance (com.sequenceiq.cloudbreak.cloud.model.CloudInstance)18
Group (com.sequenceiq.cloudbreak.cloud.model.Group)18
Set (java.util.Set)18
CloudResource (com.sequenceiq.cloudbreak.cloud.model.CloudResource)17
CloudStack (com.sequenceiq.cloudbreak.cloud.model.CloudStack)17
Map (java.util.Map)16
LoggerFactory (org.slf4j.LoggerFactory)16
AuthenticatedContext (com.sequenceiq.cloudbreak.cloud.context.AuthenticatedContext)15
Service (org.springframework.stereotype.Service)15
AmazonAutoScalingClient (com.sequenceiq.cloudbreak.cloud.aws.client.AmazonAutoScalingClient)14
