Example 1 with CloudUnauthorizedException
use of com.sequenceiq.cloudbreak.cloud.exception.CloudUnauthorizedException in project cloudbreak by hortonworks.
the class AwsPlatformResources method getAccessConfigByRole.
private Set<CloudAccessConfig> getAccessConfigByRole(AmazonIdentityManagementClient client) {
LOGGER.info("Get all Roles from Amazon");
String queryFailedMessage = "Could not get roles from Amazon: ";
try {
boolean finished = false;
String marker = null;
List<Role> roles = new LinkedList<>();
while (!finished) {
ListRolesRequest listRolesRequest = new ListRolesRequest();
listRolesRequest.setMaxItems(fetchMaxItems);
if (isNotEmpty(marker)) {
listRolesRequest.setMarker(marker);
}
LOGGER.debug("About to fetch roles...");
ListRolesResult listRolesResult = client.listRoles(listRolesRequest);
roles.addAll(listRolesResult.getRoles());
if (listRolesResult.isTruncated()) {
marker = listRolesResult.getMarker();
} else {
finished = true;
}
}
return roles.stream().map(this::roleToCloudAccessConfig).collect(Collectors.toSet());
} catch (AmazonServiceException ase) {
if (ase.getStatusCode() == UNAUTHORIZED) {
String policyMessage = "Could not get roles because the user does not have enough permission. ";
LOGGER.error(policyMessage + ase.getMessage(), ase);
throw new CloudUnauthorizedException(ase.getErrorMessage(), ase);
} else {
LOGGER.info(queryFailedMessage + ase.getMessage(), ase);
throw new CloudConnectorException(ase.getMessage(), ase);
}
} catch (Exception e) {
LOGGER.warn(queryFailedMessage + e.getMessage(), e);
throw new CloudConnectorException(e.getMessage(), e);
}
}
Also used :
Role(com.amazonaws.services.identitymanagement.model.Role)
CloudConnectorException(com.sequenceiq.cloudbreak.cloud.exception.CloudConnectorException)
ListRolesRequest(com.amazonaws.services.identitymanagement.model.ListRolesRequest)
ListRolesResult(com.amazonaws.services.identitymanagement.model.ListRolesResult)
AmazonServiceException(com.amazonaws.AmazonServiceException)
LinkedList(java.util.LinkedList)
CloudUnauthorizedException(com.sequenceiq.cloudbreak.cloud.exception.CloudUnauthorizedException)
AmazonServiceException(com.amazonaws.AmazonServiceException)
CloudConnectorException(com.sequenceiq.cloudbreak.cloud.exception.CloudConnectorException)
IOException(java.io.IOException)
SdkClientException(com.amazonaws.SdkClientException)
AmazonEC2Exception(com.amazonaws.services.ec2.model.AmazonEC2Exception)
PermanentlyFailedException(com.sequenceiq.cloudbreak.util.PermanentlyFailedException)
CloudUnauthorizedException(com.sequenceiq.cloudbreak.cloud.exception.CloudUnauthorizedException)
Example 2 with CloudUnauthorizedException
use of com.sequenceiq.cloudbreak.cloud.exception.CloudUnauthorizedException in project cloudbreak by hortonworks.
the class AwsPlatformResources method getAccessConfigByInstanceProfile.
private Set<CloudAccessConfig> getAccessConfigByInstanceProfile(AmazonIdentityManagementClient client) {
LOGGER.info("Get all Instance profiles from Amazon");
String queryFailedMessage = "Could not get instance profiles from Amazon: ";
try {
boolean finished = false;
String marker = null;
Set<InstanceProfile> instanceProfiles = new LinkedHashSet<>();
while (!finished) {
ListInstanceProfilesRequest listInstanceProfilesRequest = new ListInstanceProfilesRequest();
listInstanceProfilesRequest.setMaxItems(fetchMaxItems);
if (isNotEmpty(marker)) {
listInstanceProfilesRequest.setMarker(marker);
}
LOGGER.debug("About to fetch instance profiles...");
ListInstanceProfilesResult listInstanceProfilesResult = client.listInstanceProfiles(listInstanceProfilesRequest);
List<InstanceProfile> fetchedInstanceProfiles = listInstanceProfilesResult.getInstanceProfiles();
instanceProfiles.addAll(fetchedInstanceProfiles);
if (listInstanceProfilesResult.isTruncated()) {
marker = listInstanceProfilesResult.getMarker();
} else {
finished = true;
}
}
LOGGER.debug("The total of {} instance profile(s) has fetched.", instanceProfiles.size());
return instanceProfiles.stream().map(this::instanceProfileToCloudAccessConfig).collect(Collectors.toSet());
} catch (AmazonServiceException ase) {
if (ase.getStatusCode() == UNAUTHORIZED) {
LOGGER.error("Could not get instance profiles because the user does not have enough permission.", ase);
throw new CloudUnauthorizedException(ase.getMessage(), ase);
} else {
LOGGER.info(queryFailedMessage, ase);
throw new CloudConnectorException(ase.getMessage(), ase);
}
} catch (Exception e) {
LOGGER.warn(queryFailedMessage, e);
throw new CloudConnectorException(queryFailedMessage + e.getMessage(), e);
}
}
Also used :
LinkedHashSet(java.util.LinkedHashSet)
ListInstanceProfilesRequest(com.amazonaws.services.identitymanagement.model.ListInstanceProfilesRequest)
CloudConnectorException(com.sequenceiq.cloudbreak.cloud.exception.CloudConnectorException)
InstanceProfile(com.amazonaws.services.identitymanagement.model.InstanceProfile)
AmazonServiceException(com.amazonaws.AmazonServiceException)
ListInstanceProfilesResult(com.amazonaws.services.identitymanagement.model.ListInstanceProfilesResult)
CloudUnauthorizedException(com.sequenceiq.cloudbreak.cloud.exception.CloudUnauthorizedException)
AmazonServiceException(com.amazonaws.AmazonServiceException)
CloudConnectorException(com.sequenceiq.cloudbreak.cloud.exception.CloudConnectorException)
IOException(java.io.IOException)
SdkClientException(com.amazonaws.SdkClientException)
AmazonEC2Exception(com.amazonaws.services.ec2.model.AmazonEC2Exception)
PermanentlyFailedException(com.sequenceiq.cloudbreak.util.PermanentlyFailedException)
CloudUnauthorizedException(com.sequenceiq.cloudbreak.cloud.exception.CloudUnauthorizedException)
Example 3 with CloudUnauthorizedException
use of com.sequenceiq.cloudbreak.cloud.exception.CloudUnauthorizedException in project cloudbreak by hortonworks.
the class AwsPlatformResources method encryptionKeys.
@Override
public CloudEncryptionKeys encryptionKeys(ExtendedCloudCredential cloudCredential, Region region, Map<String, String> filters) {
String queryFailedMessage = "Could not get encryption keys from Amazon: ";
CloudEncryptionKeys cloudEncryptionKeys = new CloudEncryptionKeys(new HashSet<>());
AwsCredentialView awsCredentialView = new AwsCredentialView(cloudCredential);
AmazonKmsClient client = awsClient.createAWSKMS(awsCredentialView, region.value());
try {
ListKeysRequest listKeysRequest = new ListKeysRequest();
ListKeysResult listKeysResult = client.listKeys(listKeysRequest);
ListAliasesResult listAliasesResult = client.listAliases(new ListAliasesRequest());
for (AliasListEntry keyListEntry : listAliasesResult.getAliases()) {
try {
listKeysResult.getKeys().stream().filter(item -> item.getKeyId().equals(keyListEntry.getTargetKeyId())).findFirst().ifPresent(item -> {
DescribeKeyRequest describeKeyRequest = new DescribeKeyRequest().withKeyId(item.getKeyId());
DescribeKeyResult describeKeyResult = client.describeKey(describeKeyRequest);
Map<String, Object> meta = new HashMap<>();
meta.put("aWSAccountId", describeKeyResult.getKeyMetadata().getAWSAccountId());
meta.put("creationDate", describeKeyResult.getKeyMetadata().getCreationDate());
meta.put("enabled", describeKeyResult.getKeyMetadata().getEnabled());
meta.put("expirationModel", describeKeyResult.getKeyMetadata().getExpirationModel());
meta.put("keyManager", describeKeyResult.getKeyMetadata().getKeyManager());
meta.put("keyState", describeKeyResult.getKeyMetadata().getKeyState());
meta.put("keyUsage", describeKeyResult.getKeyMetadata().getKeyUsage());
meta.put("origin", describeKeyResult.getKeyMetadata().getOrigin());
meta.put("validTo", describeKeyResult.getKeyMetadata().getValidTo());
if (!CloudConstants.AWS.equalsIgnoreCase(describeKeyResult.getKeyMetadata().getKeyManager())) {
CloudEncryptionKey key = new CloudEncryptionKey(item.getKeyArn(), describeKeyResult.getKeyMetadata().getKeyId(), describeKeyResult.getKeyMetadata().getDescription(), keyListEntry.getAliasName().replace("alias/", ""), meta);
cloudEncryptionKeys.getCloudEncryptionKeys().add(key);
}
});
} catch (AmazonServiceException e) {
if (e.getStatusCode() == UNAUTHORIZED) {
String policyMessage = "Could not get encryption keys because the user does not have enough permission.";
LOGGER.error(policyMessage, e);
} else {
LOGGER.info(queryFailedMessage, e);
}
} catch (Exception e) {
LOGGER.warn(queryFailedMessage, e);
}
}
} catch (AmazonServiceException ase) {
if (ase.getStatusCode() == UNAUTHORIZED) {
String policyMessage = "Could not get encryption keys because the user does not have enough permission.";
LOGGER.error(policyMessage, ase);
throw new CloudUnauthorizedException(policyMessage, ase);
} else {
LOGGER.info(queryFailedMessage, ase);
throw new CloudConnectorException(queryFailedMessage + ase.getMessage(), ase);
}
} catch (Exception e) {
LOGGER.warn(queryFailedMessage, e);
throw new CloudConnectorException(queryFailedMessage + e.getMessage(), e);
}
return cloudEncryptionKeys;
}
Also used :
ListAliasesResult(com.amazonaws.services.kms.model.ListAliasesResult)
AliasListEntry(com.amazonaws.services.kms.model.AliasListEntry)
AmazonKmsClient(com.sequenceiq.cloudbreak.cloud.aws.common.client.AmazonKmsClient)
HashMap(java.util.HashMap)
CloudConnectorException(com.sequenceiq.cloudbreak.cloud.exception.CloudConnectorException)
DescribeKeyRequest(com.amazonaws.services.kms.model.DescribeKeyRequest)
ListKeysRequest(com.amazonaws.services.kms.model.ListKeysRequest)
CloudEncryptionKeys(com.sequenceiq.cloudbreak.cloud.model.CloudEncryptionKeys)
CloudUnauthorizedException(com.sequenceiq.cloudbreak.cloud.exception.CloudUnauthorizedException)
AmazonServiceException(com.amazonaws.AmazonServiceException)
CloudConnectorException(com.sequenceiq.cloudbreak.cloud.exception.CloudConnectorException)
IOException(java.io.IOException)
SdkClientException(com.amazonaws.SdkClientException)
AmazonEC2Exception(com.amazonaws.services.ec2.model.AmazonEC2Exception)
PermanentlyFailedException(com.sequenceiq.cloudbreak.util.PermanentlyFailedException)
AwsCredentialView(com.sequenceiq.cloudbreak.cloud.aws.common.view.AwsCredentialView)
CloudEncryptionKey(com.sequenceiq.cloudbreak.cloud.model.CloudEncryptionKey)
DescribeKeyResult(com.amazonaws.services.kms.model.DescribeKeyResult)
AmazonServiceException(com.amazonaws.AmazonServiceException)
ListKeysResult(com.amazonaws.services.kms.model.ListKeysResult)
ListAliasesRequest(com.amazonaws.services.kms.model.ListAliasesRequest)
CloudUnauthorizedException(com.sequenceiq.cloudbreak.cloud.exception.CloudUnauthorizedException)
Example 4 with CloudUnauthorizedException
use of com.sequenceiq.cloudbreak.cloud.exception.CloudUnauthorizedException in project cloudbreak by hortonworks.
the class GetPlatformAccessConfigsHandler method accept.
@Override
public void accept(Event<GetPlatformCloudAccessConfigsRequest> getPlatformCloudAccessConfigsRequest) {
LOGGER.debug("Received event: {}", getPlatformCloudAccessConfigsRequest);
GetPlatformCloudAccessConfigsRequest request = getPlatformCloudAccessConfigsRequest.getData();
try {
CloudPlatformVariant cloudPlatformVariant = new CloudPlatformVariant(Platform.platform(request.getExtendedCloudCredential().getCloudPlatform()), Variant.variant(request.getVariant()));
CloudAccessConfigs cloudAccessConfigs = cloudPlatformConnectors.get(cloudPlatformVariant).platformResources().accessConfigs(request.getExtendedCloudCredential(), Region.region(request.getRegion()), request.getFilters());
GetPlatformCloudAccessConfigsResult getPlatformCloudAccessConfigsResult = new GetPlatformCloudAccessConfigsResult(request.getResourceId(), cloudAccessConfigs);
request.getResult().onNext(getPlatformCloudAccessConfigsResult);
LOGGER.debug("Query platform access configs finished. {} access config(s) has returned.", getResultAccessConfigQuantityIfAvailable(getPlatformCloudAccessConfigsResult));
} catch (CloudUnauthorizedException e) {
request.getResult().onNext(new GetPlatformCloudAccessConfigsResult(EventStatus.PERMANENTLY_FAILED, e.getMessage(), e, request.getResourceId()));
} catch (Exception e) {
request.getResult().onNext(new GetPlatformCloudAccessConfigsResult(e.getMessage(), e, request.getResourceId()));
}
}
Also used :
GetPlatformCloudAccessConfigsResult(com.sequenceiq.cloudbreak.cloud.event.platform.GetPlatformCloudAccessConfigsResult)
CloudPlatformVariant(com.sequenceiq.cloudbreak.cloud.model.CloudPlatformVariant)
CloudAccessConfigs(com.sequenceiq.cloudbreak.cloud.model.CloudAccessConfigs)
GetPlatformCloudAccessConfigsRequest(com.sequenceiq.cloudbreak.cloud.event.platform.GetPlatformCloudAccessConfigsRequest)
CloudUnauthorizedException(com.sequenceiq.cloudbreak.cloud.exception.CloudUnauthorizedException)
CloudUnauthorizedException(com.sequenceiq.cloudbreak.cloud.exception.CloudUnauthorizedException)
Aggregations
CloudUnauthorizedException (com.sequenceiq.cloudbreak.cloud.exception.CloudUnauthorizedException)4
AmazonServiceException (com.amazonaws.AmazonServiceException)3
SdkClientException (com.amazonaws.SdkClientException)3
AmazonEC2Exception (com.amazonaws.services.ec2.model.AmazonEC2Exception)3
CloudConnectorException (com.sequenceiq.cloudbreak.cloud.exception.CloudConnectorException)3
PermanentlyFailedException (com.sequenceiq.cloudbreak.util.PermanentlyFailedException)3
IOException (java.io.IOException)3
InstanceProfile (com.amazonaws.services.identitymanagement.model.InstanceProfile)1
ListInstanceProfilesRequest (com.amazonaws.services.identitymanagement.model.ListInstanceProfilesRequest)1
ListInstanceProfilesResult (com.amazonaws.services.identitymanagement.model.ListInstanceProfilesResult)1
ListRolesRequest (com.amazonaws.services.identitymanagement.model.ListRolesRequest)1
ListRolesResult (com.amazonaws.services.identitymanagement.model.ListRolesResult)1
Role (com.amazonaws.services.identitymanagement.model.Role)1
AliasListEntry (com.amazonaws.services.kms.model.AliasListEntry)1
DescribeKeyRequest (com.amazonaws.services.kms.model.DescribeKeyRequest)1
DescribeKeyResult (com.amazonaws.services.kms.model.DescribeKeyResult)1
ListAliasesRequest (com.amazonaws.services.kms.model.ListAliasesRequest)1
ListAliasesResult (com.amazonaws.services.kms.model.ListAliasesResult)1
ListKeysRequest (com.amazonaws.services.kms.model.ListKeysRequest)1
ListKeysResult (com.amazonaws.services.kms.model.ListKeysResult)1
