use of com.sequenceiq.cloudbreak.cloud.model.CDPServicePolicyVerificationResponses in project cloudbreak by hortonworks.
the class AwsCredentialConnectorTest method testVerifyByServiceIfRoleBasedCredentialVerificationThrowsAmazonClientExceptionThenFailed503StatusShouldReturn.
@Test
public void testVerifyByServiceIfRoleBasedCredentialVerificationThrowsAmazonClientExceptionThenFailed503StatusShouldReturn() throws IOException {
URL url = Resources.getResource("definitions/aws-environment-minimal-policy.json");
String awsEnvPolicy = Resources.toString(url, UTF_8);
String encodedAwsEnvPolicy = Base64.getEncoder().encodeToString(awsEnvPolicy.getBytes());
List<String> services = List.of("ml");
Map<String, String> experiencePrerequisites = Map.of("ml", encodedAwsEnvPolicy);
String roleArn = "someRoleArn";
when(credentialView.getRoleArn()).thenReturn(roleArn);
String exceptionMessageComesFromSdk = "Unable to verify AWS credential due to: 'SomethingTerribleHappened'";
Exception sdkException = new AmazonClientException("SomethingTerribleHappened");
when(awsPlatformParameters.getEnvironmentMinimalPoliciesJson()).thenReturn(Map.of(PolicyType.PUBLIC, encodedAwsEnvPolicy, PolicyType.GOV, encodedAwsEnvPolicy));
when(credentialClient.retrieveSessionCredentials(any())).thenThrow(sdkException);
CDPServicePolicyVerificationResponses result = underTest.verifyByServices(authenticatedContext, services, experiencePrerequisites);
assertNotNull(result);
assertEquals(result.getResults().size(), 1);
assertEquals(result.getResults().stream().findFirst().get().getServiceName(), "ml");
assertEquals(result.getResults().stream().findFirst().get().getServiceStatus(), exceptionMessageComesFromSdk);
assertEquals(result.getResults().stream().findFirst().get().getStatusCode(), 503);
}
use of com.sequenceiq.cloudbreak.cloud.model.CDPServicePolicyVerificationResponses in project cloudbreak by hortonworks.
the class AwsCredentialConnectorTest method testVerifyByServiceIfRoleBasedCredentialVerificationThrowsSdkBaseExceptionThenFailed503StatusShouldReturn.
@Test
public void testVerifyByServiceIfRoleBasedCredentialVerificationThrowsSdkBaseExceptionThenFailed503StatusShouldReturn() throws IOException {
URL url = Resources.getResource("definitions/aws-environment-minimal-policy.json");
String awsEnvPolicy = Resources.toString(url, UTF_8);
String encodedAwsEnvPolicy = Base64.getEncoder().encodeToString(awsEnvPolicy.getBytes());
List<String> services = List.of("ml");
Map<String, String> experiencePrerequisites = Map.of("ml", encodedAwsEnvPolicy);
String roleArn = "someRoleArn";
when(credentialView.getRoleArn()).thenReturn(roleArn);
String exceptionMessageComesFromSdk = "SomethingTerribleHappened!";
String expectedExceptionMessage = String.format("Unable to verify credential: check if the role '%s' exists and it's created with the correct " + "external ID. Cause: '%s'", roleArn, exceptionMessageComesFromSdk);
Exception sdkException = new SdkBaseException(exceptionMessageComesFromSdk);
when(awsPlatformParameters.getEnvironmentMinimalPoliciesJson()).thenReturn(Map.of(PolicyType.PUBLIC, encodedAwsEnvPolicy, PolicyType.GOV, encodedAwsEnvPolicy));
when(credentialClient.retrieveSessionCredentials(any())).thenThrow(sdkException);
CDPServicePolicyVerificationResponses result = underTest.verifyByServices(authenticatedContext, services, experiencePrerequisites);
assertNotNull(result);
assertEquals(result.getResults().size(), 1);
assertEquals(result.getResults().stream().findFirst().get().getServiceName(), "ml");
assertEquals(result.getResults().stream().findFirst().get().getServiceStatus(), expectedExceptionMessage);
assertEquals(result.getResults().stream().findFirst().get().getStatusCode(), 503);
}
use of com.sequenceiq.cloudbreak.cloud.model.CDPServicePolicyVerificationResponses in project cloudbreak by hortonworks.
the class AwsCredentialConnectorTest method testVerifyByServiceIfOnlyKeyBasedCredentialWithAccessKeyAndRoleBasedNOTDefinedShouldThrowException.
@Test
public void testVerifyByServiceIfOnlyKeyBasedCredentialWithAccessKeyAndRoleBasedNOTDefinedShouldThrowException() throws IOException {
URL url = Resources.getResource("definitions/aws-environment-minimal-policy.json");
String awsEnvPolicy = Resources.toString(url, UTF_8);
String encodedAwsEnvPolicy = Base64.getEncoder().encodeToString(awsEnvPolicy.getBytes());
List<String> services = List.of("ml");
Map<String, String> experiencePrerequisites = Map.of("ml", encodedAwsEnvPolicy);
String roleArn = "someRoleArn";
when(credentialView.getAccessKey()).thenReturn(roleArn);
when(credentialView.getRoleArn()).thenReturn(null);
when(credentialView.getSecretKey()).thenReturn(null);
String exceptionMessageComesFromSdk = "Please provide both the 'access' and 'secret key'";
when(awsPlatformParameters.getEnvironmentMinimalPoliciesJson()).thenReturn(Map.of(PolicyType.PUBLIC, encodedAwsEnvPolicy, PolicyType.GOV, encodedAwsEnvPolicy));
CDPServicePolicyVerificationResponses result = underTest.verifyByServices(authenticatedContext, services, experiencePrerequisites);
assertNotNull(result);
assertEquals(result.getResults().size(), 1);
assertEquals(result.getResults().stream().findFirst().get().getServiceName(), "ml");
assertEquals(result.getResults().stream().findFirst().get().getServiceStatus(), exceptionMessageComesFromSdk);
assertEquals(result.getResults().stream().findFirst().get().getStatusCode(), 503);
}
use of com.sequenceiq.cloudbreak.cloud.model.CDPServicePolicyVerificationResponses in project cloudbreak by hortonworks.
the class AwsCredentialConnectorTest method testVerifyByServiceIfRoleBasedCredentialVerificationThrowsAwsConfusedDeputyExceptionThenFailed503StatusShouldReturn.
@Test
public void testVerifyByServiceIfRoleBasedCredentialVerificationThrowsAwsConfusedDeputyExceptionThenFailed503StatusShouldReturn() throws IOException {
URL url = Resources.getResource("definitions/aws-environment-minimal-policy.json");
String awsEnvPolicy = Resources.toString(url, UTF_8);
String encodedAwsEnvPolicy = Base64.getEncoder().encodeToString(awsEnvPolicy.getBytes());
List<String> services = List.of("ml");
Map<String, String> experiencePrerequisites = Map.of("ml", encodedAwsEnvPolicy);
String roleArn = "someRoleArn";
when(credentialView.getRoleArn()).thenReturn(roleArn);
String exceptionMessageComesFromSdk = "Unable to verify credential: check if the role 'someRoleArn' exists " + "and it's created with the correct external ID. Cause: 'SomethingTerribleHappened!!";
Exception sdkException = new AwsConfusedDeputyException("SomethingTerribleHappened");
when(awsPlatformParameters.getEnvironmentMinimalPoliciesJson()).thenReturn(Map.of(PolicyType.PUBLIC, encodedAwsEnvPolicy, PolicyType.GOV, encodedAwsEnvPolicy));
when(credentialClient.retrieveSessionCredentials(any())).thenThrow(sdkException);
CDPServicePolicyVerificationResponses result = underTest.verifyByServices(authenticatedContext, services, experiencePrerequisites);
assertNotNull(result);
assertEquals(result.getResults().size(), 1);
assertEquals(result.getResults().stream().findFirst().get().getServiceName(), "ml");
assertEquals(result.getResults().stream().findFirst().get().getServiceStatus(), "SomethingTerribleHappened");
assertEquals(result.getResults().stream().findFirst().get().getStatusCode(), 503);
}
use of com.sequenceiq.cloudbreak.cloud.model.CDPServicePolicyVerificationResponses in project cloudbreak by hortonworks.
the class AwsCredentialConnector method verifyIamRoleIsAssumable.
private CDPServicePolicyVerificationResponses verifyIamRoleIsAssumable(CloudCredential cloudCredential, List<String> services, Map<String, String> experiencePrerequisites) {
AwsCredentialView awsCredential = credentialViewProvider.createAwsCredentialView(cloudCredential);
CDPServicePolicyVerificationResponses credentialStatus;
Map<String, String> servicesWithPolicies = new HashMap<>();
services.forEach(service -> experiencePrerequisites.keySet().stream().filter(AwsCredentialConnector::isPolicyServiceMatchesForName).findFirst().ifPresent(policyKey -> servicesWithPolicies.put(service, experiencePrerequisites.get(policyKey))));
try {
credentialClient.retrieveSessionCredentials(awsCredential);
credentialStatus = verifyCredentialsPermission(awsCredential, servicesWithPolicies);
} catch (AmazonClientException ae) {
String errorMessage = getErrorMessageForAwsClientException(awsCredential, ae);
LOGGER.warn(errorMessage, ae);
credentialStatus = new CDPServicePolicyVerificationResponses(getServiceStatus(services, errorMessage));
} catch (AwsConfusedDeputyException confusedDeputyEx) {
credentialStatus = new CDPServicePolicyVerificationResponses(getServiceStatus(services, confusedDeputyEx.getMessage()));
} catch (RuntimeException e) {
String errorMessage = String.format("Unable to verify credential: check if the role '%s' exists and it's created with the correct external ID. " + "Cause: '%s'", awsCredential.getRoleArn(), e.getMessage());
LOGGER.warn(errorMessage, e);
credentialStatus = new CDPServicePolicyVerificationResponses(getServiceStatus(services, errorMessage));
}
return credentialStatus;
}
Aggregations