Search in sources :

Example 1 with CloudUnauthorizedException

use of com.sequenceiq.cloudbreak.cloud.exception.CloudUnauthorizedException in project cloudbreak by hortonworks.

the class AwsPlatformResources method getAccessConfigByRole.

private Set<CloudAccessConfig> getAccessConfigByRole(AmazonIdentityManagementClient client) {
    LOGGER.info("Get all Roles from Amazon");
    String queryFailedMessage = "Could not get roles from Amazon: ";
    try {
        boolean finished = false;
        String marker = null;
        List<Role> roles = new LinkedList<>();
        while (!finished) {
            ListRolesRequest listRolesRequest = new ListRolesRequest();
            listRolesRequest.setMaxItems(fetchMaxItems);
            if (isNotEmpty(marker)) {
                listRolesRequest.setMarker(marker);
            }
            LOGGER.debug("About to fetch roles...");
            ListRolesResult listRolesResult = client.listRoles(listRolesRequest);
            roles.addAll(listRolesResult.getRoles());
            if (listRolesResult.isTruncated()) {
                marker = listRolesResult.getMarker();
            } else {
                finished = true;
            }
        }
        return roles.stream().map(this::roleToCloudAccessConfig).collect(Collectors.toSet());
    } catch (AmazonServiceException ase) {
        if (ase.getStatusCode() == UNAUTHORIZED) {
            String policyMessage = "Could not get roles because the user does not have enough permission. ";
            LOGGER.error(policyMessage + ase.getMessage(), ase);
            throw new CloudUnauthorizedException(ase.getErrorMessage(), ase);
        } else {
            LOGGER.info(queryFailedMessage + ase.getMessage(), ase);
            throw new CloudConnectorException(ase.getMessage(), ase);
        }
    } catch (Exception e) {
        LOGGER.warn(queryFailedMessage + e.getMessage(), e);
        throw new CloudConnectorException(e.getMessage(), e);
    }
}
Also used : Role(com.amazonaws.services.identitymanagement.model.Role) CloudConnectorException(com.sequenceiq.cloudbreak.cloud.exception.CloudConnectorException) ListRolesRequest(com.amazonaws.services.identitymanagement.model.ListRolesRequest) ListRolesResult(com.amazonaws.services.identitymanagement.model.ListRolesResult) AmazonServiceException(com.amazonaws.AmazonServiceException) LinkedList(java.util.LinkedList) CloudUnauthorizedException(com.sequenceiq.cloudbreak.cloud.exception.CloudUnauthorizedException) AmazonServiceException(com.amazonaws.AmazonServiceException) CloudConnectorException(com.sequenceiq.cloudbreak.cloud.exception.CloudConnectorException) IOException(java.io.IOException) SdkClientException(com.amazonaws.SdkClientException) AmazonEC2Exception(com.amazonaws.services.ec2.model.AmazonEC2Exception) PermanentlyFailedException(com.sequenceiq.cloudbreak.util.PermanentlyFailedException) CloudUnauthorizedException(com.sequenceiq.cloudbreak.cloud.exception.CloudUnauthorizedException)

Example 2 with CloudUnauthorizedException

use of com.sequenceiq.cloudbreak.cloud.exception.CloudUnauthorizedException in project cloudbreak by hortonworks.

the class AwsPlatformResources method getAccessConfigByInstanceProfile.

private Set<CloudAccessConfig> getAccessConfigByInstanceProfile(AmazonIdentityManagementClient client) {
    LOGGER.info("Get all Instance profiles from Amazon");
    String queryFailedMessage = "Could not get instance profiles from Amazon: ";
    try {
        boolean finished = false;
        String marker = null;
        Set<InstanceProfile> instanceProfiles = new LinkedHashSet<>();
        while (!finished) {
            ListInstanceProfilesRequest listInstanceProfilesRequest = new ListInstanceProfilesRequest();
            listInstanceProfilesRequest.setMaxItems(fetchMaxItems);
            if (isNotEmpty(marker)) {
                listInstanceProfilesRequest.setMarker(marker);
            }
            LOGGER.debug("About to fetch instance profiles...");
            ListInstanceProfilesResult listInstanceProfilesResult = client.listInstanceProfiles(listInstanceProfilesRequest);
            List<InstanceProfile> fetchedInstanceProfiles = listInstanceProfilesResult.getInstanceProfiles();
            instanceProfiles.addAll(fetchedInstanceProfiles);
            if (listInstanceProfilesResult.isTruncated()) {
                marker = listInstanceProfilesResult.getMarker();
            } else {
                finished = true;
            }
        }
        LOGGER.debug("The total of {} instance profile(s) has fetched.", instanceProfiles.size());
        return instanceProfiles.stream().map(this::instanceProfileToCloudAccessConfig).collect(Collectors.toSet());
    } catch (AmazonServiceException ase) {
        if (ase.getStatusCode() == UNAUTHORIZED) {
            LOGGER.error("Could not get instance profiles because the user does not have enough permission.", ase);
            throw new CloudUnauthorizedException(ase.getMessage(), ase);
        } else {
            LOGGER.info(queryFailedMessage, ase);
            throw new CloudConnectorException(ase.getMessage(), ase);
        }
    } catch (Exception e) {
        LOGGER.warn(queryFailedMessage, e);
        throw new CloudConnectorException(queryFailedMessage + e.getMessage(), e);
    }
}
Also used : LinkedHashSet(java.util.LinkedHashSet) ListInstanceProfilesRequest(com.amazonaws.services.identitymanagement.model.ListInstanceProfilesRequest) CloudConnectorException(com.sequenceiq.cloudbreak.cloud.exception.CloudConnectorException) InstanceProfile(com.amazonaws.services.identitymanagement.model.InstanceProfile) AmazonServiceException(com.amazonaws.AmazonServiceException) ListInstanceProfilesResult(com.amazonaws.services.identitymanagement.model.ListInstanceProfilesResult) CloudUnauthorizedException(com.sequenceiq.cloudbreak.cloud.exception.CloudUnauthorizedException) AmazonServiceException(com.amazonaws.AmazonServiceException) CloudConnectorException(com.sequenceiq.cloudbreak.cloud.exception.CloudConnectorException) IOException(java.io.IOException) SdkClientException(com.amazonaws.SdkClientException) AmazonEC2Exception(com.amazonaws.services.ec2.model.AmazonEC2Exception) PermanentlyFailedException(com.sequenceiq.cloudbreak.util.PermanentlyFailedException) CloudUnauthorizedException(com.sequenceiq.cloudbreak.cloud.exception.CloudUnauthorizedException)

Example 3 with CloudUnauthorizedException

use of com.sequenceiq.cloudbreak.cloud.exception.CloudUnauthorizedException in project cloudbreak by hortonworks.

the class AwsPlatformResources method encryptionKeys.

@Override
public CloudEncryptionKeys encryptionKeys(ExtendedCloudCredential cloudCredential, Region region, Map<String, String> filters) {
    String queryFailedMessage = "Could not get encryption keys from Amazon: ";
    CloudEncryptionKeys cloudEncryptionKeys = new CloudEncryptionKeys(new HashSet<>());
    AwsCredentialView awsCredentialView = new AwsCredentialView(cloudCredential);
    AmazonKmsClient client = awsClient.createAWSKMS(awsCredentialView, region.value());
    try {
        ListKeysRequest listKeysRequest = new ListKeysRequest();
        ListKeysResult listKeysResult = client.listKeys(listKeysRequest);
        ListAliasesResult listAliasesResult = client.listAliases(new ListAliasesRequest());
        for (AliasListEntry keyListEntry : listAliasesResult.getAliases()) {
            try {
                listKeysResult.getKeys().stream().filter(item -> item.getKeyId().equals(keyListEntry.getTargetKeyId())).findFirst().ifPresent(item -> {
                    DescribeKeyRequest describeKeyRequest = new DescribeKeyRequest().withKeyId(item.getKeyId());
                    DescribeKeyResult describeKeyResult = client.describeKey(describeKeyRequest);
                    Map<String, Object> meta = new HashMap<>();
                    meta.put("aWSAccountId", describeKeyResult.getKeyMetadata().getAWSAccountId());
                    meta.put("creationDate", describeKeyResult.getKeyMetadata().getCreationDate());
                    meta.put("enabled", describeKeyResult.getKeyMetadata().getEnabled());
                    meta.put("expirationModel", describeKeyResult.getKeyMetadata().getExpirationModel());
                    meta.put("keyManager", describeKeyResult.getKeyMetadata().getKeyManager());
                    meta.put("keyState", describeKeyResult.getKeyMetadata().getKeyState());
                    meta.put("keyUsage", describeKeyResult.getKeyMetadata().getKeyUsage());
                    meta.put("origin", describeKeyResult.getKeyMetadata().getOrigin());
                    meta.put("validTo", describeKeyResult.getKeyMetadata().getValidTo());
                    if (!CloudConstants.AWS.equalsIgnoreCase(describeKeyResult.getKeyMetadata().getKeyManager())) {
                        CloudEncryptionKey key = new CloudEncryptionKey(item.getKeyArn(), describeKeyResult.getKeyMetadata().getKeyId(), describeKeyResult.getKeyMetadata().getDescription(), keyListEntry.getAliasName().replace("alias/", ""), meta);
                        cloudEncryptionKeys.getCloudEncryptionKeys().add(key);
                    }
                });
            } catch (AmazonServiceException e) {
                if (e.getStatusCode() == UNAUTHORIZED) {
                    String policyMessage = "Could not get encryption keys because the user does not have enough permission.";
                    LOGGER.error(policyMessage, e);
                } else {
                    LOGGER.info(queryFailedMessage, e);
                }
            } catch (Exception e) {
                LOGGER.warn(queryFailedMessage, e);
            }
        }
    } catch (AmazonServiceException ase) {
        if (ase.getStatusCode() == UNAUTHORIZED) {
            String policyMessage = "Could not get encryption keys because the user does not have enough permission.";
            LOGGER.error(policyMessage, ase);
            throw new CloudUnauthorizedException(policyMessage, ase);
        } else {
            LOGGER.info(queryFailedMessage, ase);
            throw new CloudConnectorException(queryFailedMessage + ase.getMessage(), ase);
        }
    } catch (Exception e) {
        LOGGER.warn(queryFailedMessage, e);
        throw new CloudConnectorException(queryFailedMessage + e.getMessage(), e);
    }
    return cloudEncryptionKeys;
}
Also used : ListAliasesResult(com.amazonaws.services.kms.model.ListAliasesResult) AliasListEntry(com.amazonaws.services.kms.model.AliasListEntry) AmazonKmsClient(com.sequenceiq.cloudbreak.cloud.aws.common.client.AmazonKmsClient) HashMap(java.util.HashMap) CloudConnectorException(com.sequenceiq.cloudbreak.cloud.exception.CloudConnectorException) DescribeKeyRequest(com.amazonaws.services.kms.model.DescribeKeyRequest) ListKeysRequest(com.amazonaws.services.kms.model.ListKeysRequest) CloudEncryptionKeys(com.sequenceiq.cloudbreak.cloud.model.CloudEncryptionKeys) CloudUnauthorizedException(com.sequenceiq.cloudbreak.cloud.exception.CloudUnauthorizedException) AmazonServiceException(com.amazonaws.AmazonServiceException) CloudConnectorException(com.sequenceiq.cloudbreak.cloud.exception.CloudConnectorException) IOException(java.io.IOException) SdkClientException(com.amazonaws.SdkClientException) AmazonEC2Exception(com.amazonaws.services.ec2.model.AmazonEC2Exception) PermanentlyFailedException(com.sequenceiq.cloudbreak.util.PermanentlyFailedException) AwsCredentialView(com.sequenceiq.cloudbreak.cloud.aws.common.view.AwsCredentialView) CloudEncryptionKey(com.sequenceiq.cloudbreak.cloud.model.CloudEncryptionKey) DescribeKeyResult(com.amazonaws.services.kms.model.DescribeKeyResult) AmazonServiceException(com.amazonaws.AmazonServiceException) ListKeysResult(com.amazonaws.services.kms.model.ListKeysResult) ListAliasesRequest(com.amazonaws.services.kms.model.ListAliasesRequest) CloudUnauthorizedException(com.sequenceiq.cloudbreak.cloud.exception.CloudUnauthorizedException)

Example 4 with CloudUnauthorizedException

use of com.sequenceiq.cloudbreak.cloud.exception.CloudUnauthorizedException in project cloudbreak by hortonworks.

the class GetPlatformAccessConfigsHandler method accept.

@Override
public void accept(Event<GetPlatformCloudAccessConfigsRequest> getPlatformCloudAccessConfigsRequest) {
    LOGGER.debug("Received event: {}", getPlatformCloudAccessConfigsRequest);
    GetPlatformCloudAccessConfigsRequest request = getPlatformCloudAccessConfigsRequest.getData();
    try {
        CloudPlatformVariant cloudPlatformVariant = new CloudPlatformVariant(Platform.platform(request.getExtendedCloudCredential().getCloudPlatform()), Variant.variant(request.getVariant()));
        CloudAccessConfigs cloudAccessConfigs = cloudPlatformConnectors.get(cloudPlatformVariant).platformResources().accessConfigs(request.getExtendedCloudCredential(), Region.region(request.getRegion()), request.getFilters());
        GetPlatformCloudAccessConfigsResult getPlatformCloudAccessConfigsResult = new GetPlatformCloudAccessConfigsResult(request.getResourceId(), cloudAccessConfigs);
        request.getResult().onNext(getPlatformCloudAccessConfigsResult);
        LOGGER.debug("Query platform access configs finished. {} access config(s) has returned.", getResultAccessConfigQuantityIfAvailable(getPlatformCloudAccessConfigsResult));
    } catch (CloudUnauthorizedException e) {
        request.getResult().onNext(new GetPlatformCloudAccessConfigsResult(EventStatus.PERMANENTLY_FAILED, e.getMessage(), e, request.getResourceId()));
    } catch (Exception e) {
        request.getResult().onNext(new GetPlatformCloudAccessConfigsResult(e.getMessage(), e, request.getResourceId()));
    }
}
Also used : GetPlatformCloudAccessConfigsResult(com.sequenceiq.cloudbreak.cloud.event.platform.GetPlatformCloudAccessConfigsResult) CloudPlatformVariant(com.sequenceiq.cloudbreak.cloud.model.CloudPlatformVariant) CloudAccessConfigs(com.sequenceiq.cloudbreak.cloud.model.CloudAccessConfigs) GetPlatformCloudAccessConfigsRequest(com.sequenceiq.cloudbreak.cloud.event.platform.GetPlatformCloudAccessConfigsRequest) CloudUnauthorizedException(com.sequenceiq.cloudbreak.cloud.exception.CloudUnauthorizedException) CloudUnauthorizedException(com.sequenceiq.cloudbreak.cloud.exception.CloudUnauthorizedException)

Aggregations

CloudUnauthorizedException (com.sequenceiq.cloudbreak.cloud.exception.CloudUnauthorizedException)4 AmazonServiceException (com.amazonaws.AmazonServiceException)3 SdkClientException (com.amazonaws.SdkClientException)3 AmazonEC2Exception (com.amazonaws.services.ec2.model.AmazonEC2Exception)3 CloudConnectorException (com.sequenceiq.cloudbreak.cloud.exception.CloudConnectorException)3 PermanentlyFailedException (com.sequenceiq.cloudbreak.util.PermanentlyFailedException)3 IOException (java.io.IOException)3 InstanceProfile (com.amazonaws.services.identitymanagement.model.InstanceProfile)1 ListInstanceProfilesRequest (com.amazonaws.services.identitymanagement.model.ListInstanceProfilesRequest)1 ListInstanceProfilesResult (com.amazonaws.services.identitymanagement.model.ListInstanceProfilesResult)1 ListRolesRequest (com.amazonaws.services.identitymanagement.model.ListRolesRequest)1 ListRolesResult (com.amazonaws.services.identitymanagement.model.ListRolesResult)1 Role (com.amazonaws.services.identitymanagement.model.Role)1 AliasListEntry (com.amazonaws.services.kms.model.AliasListEntry)1 DescribeKeyRequest (com.amazonaws.services.kms.model.DescribeKeyRequest)1 DescribeKeyResult (com.amazonaws.services.kms.model.DescribeKeyResult)1 ListAliasesRequest (com.amazonaws.services.kms.model.ListAliasesRequest)1 ListAliasesResult (com.amazonaws.services.kms.model.ListAliasesResult)1 ListKeysRequest (com.amazonaws.services.kms.model.ListKeysRequest)1 ListKeysResult (com.amazonaws.services.kms.model.ListKeysResult)1