use of com.sequenceiq.cloudbreak.cloud.aws.common.view.AwsCredentialView in project cloudbreak by hortonworks.
the class AwsPublicKeyConnector method exists.
@Override
public boolean exists(PublicKeyDescribeRequest request) {
LOGGER.debug("Describe public key {} in {} region on AWS", request.getPublicKeyId(), request.getRegion());
AwsCredentialView awsCredential = new AwsCredentialView(request.getCredential());
try {
AmazonEc2Client client = awsClient.createEc2Client(awsCredential, request.getRegion());
return exists(client, request.getPublicKeyId());
} catch (Exception e) {
String errorMessage = String.format("Failed to describe public key [%s:'%s', region: '%s'], detailed message: %s", getType(awsCredential), getAwsId(awsCredential), request.getRegion(), e.getMessage());
LOGGER.error(errorMessage, e);
}
return false;
}
use of com.sequenceiq.cloudbreak.cloud.aws.common.view.AwsCredentialView in project cloudbreak by hortonworks.
the class AwsCredentialConnector method verifyIamRoleIsAssumable.
private CDPServicePolicyVerificationResponses verifyIamRoleIsAssumable(CloudCredential cloudCredential, List<String> services, Map<String, String> experiencePrerequisites) {
AwsCredentialView awsCredential = credentialViewProvider.createAwsCredentialView(cloudCredential);
CDPServicePolicyVerificationResponses credentialStatus;
Map<String, String> servicesWithPolicies = new HashMap<>();
services.forEach(service -> experiencePrerequisites.keySet().stream().filter(AwsCredentialConnector::isPolicyServiceMatchesForName).findFirst().ifPresent(policyKey -> servicesWithPolicies.put(service, experiencePrerequisites.get(policyKey))));
try {
credentialClient.retrieveSessionCredentials(awsCredential);
credentialStatus = verifyCredentialsPermission(awsCredential, servicesWithPolicies);
} catch (AmazonClientException ae) {
String errorMessage = getErrorMessageForAwsClientException(awsCredential, ae);
LOGGER.warn(errorMessage, ae);
credentialStatus = new CDPServicePolicyVerificationResponses(getServiceStatus(services, errorMessage));
} catch (AwsConfusedDeputyException confusedDeputyEx) {
credentialStatus = new CDPServicePolicyVerificationResponses(getServiceStatus(services, confusedDeputyEx.getMessage()));
} catch (RuntimeException e) {
String errorMessage = String.format("Unable to verify credential: check if the role '%s' exists and it's created with the correct external ID. " + "Cause: '%s'", awsCredential.getRoleArn(), e.getMessage());
LOGGER.warn(errorMessage, e);
credentialStatus = new CDPServicePolicyVerificationResponses(getServiceStatus(services, errorMessage));
}
return credentialStatus;
}
use of com.sequenceiq.cloudbreak.cloud.aws.common.view.AwsCredentialView in project cloudbreak by hortonworks.
the class AwsCredentialConnector method verifyByServices.
@Override
public CDPServicePolicyVerificationResponses verifyByServices(AuthenticatedContext authenticatedContext, List<String> services, Map<String, String> experiencePrerequisites) {
CloudCredential credential = authenticatedContext.getCloudCredential();
LOGGER.debug("Create credential: {}", credential);
AwsCredentialView awsCredential = credentialViewProvider.createAwsCredentialView(credential);
String roleArn = awsCredential.getRoleArn();
String accessKey = awsCredential.getAccessKey();
String secretKey = awsCredential.getSecretKey();
CDPServicePolicyVerificationResponses result;
if (isNoneEmpty(roleArn, accessKey, secretKey)) {
String message = "Please only provide the 'role arn' or the 'access' and 'secret key'";
result = new CDPServicePolicyVerificationResponses(getServiceStatus(services, message));
} else if (isNotEmpty(roleArn)) {
result = verifyIamRoleIsAssumable(credential, services, experiencePrerequisites);
} else if (isEmpty(accessKey) || isEmpty(secretKey)) {
String message = "Please provide both the 'access' and 'secret key'";
result = new CDPServicePolicyVerificationResponses(getServiceStatus(services, message));
} else {
String message = "We do not support to verify 'access' and 'secret key'";
result = new CDPServicePolicyVerificationResponses(getServiceStatus(services, message));
}
return result;
}
use of com.sequenceiq.cloudbreak.cloud.aws.common.view.AwsCredentialView in project cloudbreak by hortonworks.
the class AwsCredentialConnector method verify.
@Override
public CloudCredentialStatus verify(AuthenticatedContext authenticatedContext, CredentialVerificationContext credentialVerificationContext) {
CloudCredential credential = authenticatedContext.getCloudCredential();
LOGGER.debug("Create credential: {}", credential);
AwsCredentialView awsCredential = credentialViewProvider.createAwsCredentialView(credential);
String roleArn = awsCredential.getRoleArn();
String accessKey = awsCredential.getAccessKey();
String secretKey = awsCredential.getSecretKey();
CloudCredentialStatus result;
if (isNoneEmpty(roleArn, accessKey, secretKey)) {
String message = "Please only provide the 'role arn' or the 'access' and 'secret key'";
result = new CloudCredentialStatus(credential, CredentialStatus.FAILED, new Exception(message), message);
} else if (isNotEmpty(roleArn)) {
result = verifyIamRoleIsAssumable(credential, credentialVerificationContext);
} else if (isEmpty(accessKey) || isEmpty(secretKey)) {
String message = "Please provide both the 'access' and 'secret key'";
result = new CloudCredentialStatus(credential, CredentialStatus.FAILED, new Exception(message), message);
} else {
result = verifyAccessKeySecretKeyIsAssumable(credential);
}
return result;
}
use of com.sequenceiq.cloudbreak.cloud.aws.common.view.AwsCredentialView in project cloudbreak by hortonworks.
the class AwsCredentialConnector method verifyAccessKeySecretKeyIsAssumable.
private CloudCredentialStatus verifyAccessKeySecretKeyIsAssumable(CloudCredential cloudCredential) {
AwsCredentialView awsCredential = new AwsCredentialView(cloudCredential);
CloudCredentialStatus credentialStatus = new CloudCredentialStatus(cloudCredential, CredentialStatus.VERIFIED);
try {
boolean defaultRegionChanged = determineDefaultRegionViaDescribingRegions(cloudCredential);
credentialStatus = verifyCredentialsPermission(cloudCredential, awsCredential, credentialStatus);
if (defaultRegionChanged) {
credentialStatus = new CloudCredentialStatus(credentialStatus, defaultRegionChanged);
}
} catch (AmazonClientException ae) {
String errorMessage = "Unable to verify AWS credentials: " + "please make sure the access key and secret key is correct. " + ae.getMessage();
LOGGER.debug(errorMessage, ae);
credentialStatus = new CloudCredentialStatus(cloudCredential, CredentialStatus.FAILED, ae, errorMessage);
} catch (RuntimeException e) {
String errorMessage = String.format("Could not verify keys '%s': check if the keys exists. %s", awsCredential.getAccessKey(), e.getMessage());
LOGGER.warn(errorMessage, e);
credentialStatus = new CloudCredentialStatus(cloudCredential, CredentialStatus.FAILED, e, errorMessage);
}
return credentialStatus;
}
Aggregations