Examples with CloudEncryptionKeys com.sequenceiq.cloudbreak.cloud.model.CloudEncryptionKeys used on opensource projects

Search in sources :

Example 6 with CloudEncryptionKeys

use of com.sequenceiq.cloudbreak.cloud.model.CloudEncryptionKeys in project cloudbreak by hortonworks.

the class EnvironmentPlatformResourceController method getEncryptionKeys.

@Override
@CheckPermissionByResourceCrn(action = AuthorizationResourceAction.DESCRIBE_ENVIRONMENT)
public PlatformEncryptionKeysResponse getEncryptionKeys(@ResourceCrn String environmentCrn, String region, String platformVariant, String availabilityZone) {
    String accountId = getAccountId();
    validateEnvironmentCrnPattern(environmentCrn);
    PlatformResourceRequest request = platformParameterService.getPlatformResourceRequestByEnvironment(accountId, environmentCrn, region, platformVariant, availabilityZone, null);
    LOGGER.info("Get /platform_resources/encryption_keys, request: {}", request);
    CloudEncryptionKeys encryptionKeys = platformParameterService.getEncryptionKeys(request);
    PlatformEncryptionKeysResponse response = cloudEncryptionKeysToPlatformEncryptionKeysV1ResponseConverter.convert(encryptionKeys);
    LOGGER.info("Resp /platform_resources/encryption_keys, request: {}, ipPools: {}, response: {}", request, encryptionKeys, response);
    return response;
}
Also used : PlatformEncryptionKeysResponse(com.sequenceiq.environment.api.v1.platformresource.model.PlatformEncryptionKeysResponse) PlatformResourceRequest(com.sequenceiq.environment.platformresource.PlatformResourceRequest) CloudEncryptionKeys(com.sequenceiq.cloudbreak.cloud.model.CloudEncryptionKeys) CheckPermissionByResourceCrn(com.sequenceiq.authorization.annotation.CheckPermissionByResourceCrn)

Example 7 with CloudEncryptionKeys

use of com.sequenceiq.cloudbreak.cloud.model.CloudEncryptionKeys in project cloudbreak by hortonworks.

the class EncryptionKeyArnValidator method validate.

public ValidationResult validate(EnvironmentValidationDto environmentValidationDto) {
    String encryptionKeyArn = Optional.ofNullable(environmentValidationDto).map(EnvironmentValidationDto::getEnvironmentDto).map(environmentDto -> environmentDto.getParameters()).map(ParametersDto::getAwsParametersDto).map(AwsParametersDto::getAwsDiskEncryptionParametersDto).map(AwsDiskEncryptionParametersDto::getEncryptionKeyArn).orElse(null);
    ValidationResult.ValidationResultBuilder validationResultBuilder = ValidationResult.builder();
    if (encryptionKeyArn == null || encryptionKeyArn.isEmpty()) {
        return validationResultBuilder.build();
    }
    EnvironmentDto environmentDto = environmentValidationDto.getEnvironmentDto();
    CloudCredential cloudCredential = credentialToCloudCredentialConverter.convert(environmentDto.getCredential());
    ExtendedCloudCredential extendedCloudCredential = new ExtendedCloudCredential(cloudCredential, environmentDto.getCloudPlatform(), environmentDto.getDescription(), environmentDto.getCreator(), environmentDto.getAccountId(), entitlementService.getEntitlements(environmentDto.getAccountId()));
    Region region = region(environmentDto.getLocation().getName());
    CloudPlatformVariant cloudPlatformVariant = new CloudPlatformVariant(Platform.platform(environmentDto.getCloudPlatform()), null);
    try {
        CloudEncryptionKeys encryptionKeys = retryService.testWith2SecDelayMax15Times(() -> cloudPlatformConnectors.get(cloudPlatformVariant).platformResources().encryptionKeys(extendedCloudCredential, region, Collections.emptyMap()));
        if (encryptionKeys.getCloudEncryptionKeys().stream().map(CloudEncryptionKey::getName).noneMatch(s -> s.equals(encryptionKeyArn))) {
            validationResultBuilder.error("The provided encryption key does not exist in the given region's encryption key list for this credential.");
        }
    } catch (Exception e) {
        LOGGER.error("An unexpected error occurred while trying to fetch the KMS keys from AWS");
        throw e;
    }
    return validationResultBuilder.build();
}
Also used : AwsParametersDto(com.sequenceiq.environment.parameter.dto.AwsParametersDto) ExtendedCloudCredential(com.sequenceiq.cloudbreak.cloud.model.ExtendedCloudCredential) ExtendedCloudCredential(com.sequenceiq.cloudbreak.cloud.model.ExtendedCloudCredential) CloudCredential(com.sequenceiq.cloudbreak.cloud.model.CloudCredential) EnvironmentDto(com.sequenceiq.environment.environment.dto.EnvironmentDto) Region(com.sequenceiq.cloudbreak.cloud.model.Region) CloudPlatformVariant(com.sequenceiq.cloudbreak.cloud.model.CloudPlatformVariant) ValidationResult(com.sequenceiq.cloudbreak.validation.ValidationResult) CloudEncryptionKeys(com.sequenceiq.cloudbreak.cloud.model.CloudEncryptionKeys)

Example 8 with CloudEncryptionKeys

use of com.sequenceiq.cloudbreak.cloud.model.CloudEncryptionKeys in project cloudbreak by hortonworks.

the class AwsPlatformResourcesTest method collectEncryptionKeysWhenWeGetBackInfoThenItShouldReturnListWithElements.

@Test
public void collectEncryptionKeysWhenWeGetBackInfoThenItShouldReturnListWithElements() {
    ListKeysResult listKeysResult = new ListKeysResult();
    Set<KeyListEntry> listEntries = new HashSet<>();
    listEntries.add(keyListEntry(1));
    listEntries.add(keyListEntry(2));
    listEntries.add(keyListEntry(3));
    listEntries.add(keyListEntry(4));
    listKeysResult.setKeys(listEntries);
    DescribeKeyResult describeKeyResult = new DescribeKeyResult();
    describeKeyResult.setKeyMetadata(new KeyMetadata());
    ListAliasesResult describeAliasResult = new ListAliasesResult();
    Set<AliasListEntry> aliasListEntries = new HashSet<>();
    aliasListEntries.add(aliasListEntry(1));
    aliasListEntries.add(aliasListEntry(2));
    aliasListEntries.add(aliasListEntry(3));
    aliasListEntries.add(aliasListEntry(4));
    describeAliasResult.setAliases(aliasListEntries);
    when(awsClient.createAWSKMS(any(AwsCredentialView.class), anyString())).thenReturn(awskmsClient);
    when(awskmsClient.listKeys(any(ListKeysRequest.class))).thenReturn(listKeysResult);
    when(awskmsClient.describeKey(any(DescribeKeyRequest.class))).thenReturn(describeKeyResult);
    when(awskmsClient.listAliases(any(ListAliasesRequest.class))).thenReturn(describeAliasResult);
    CloudEncryptionKeys cloudEncryptionKeys = underTest.encryptionKeys(cloudCredential, region("London"), new HashMap<>());
    assertEquals(4L, cloudEncryptionKeys.getCloudEncryptionKeys().size());
}
Also used : ListAliasesResult(com.amazonaws.services.kms.model.ListAliasesResult) AliasListEntry(com.amazonaws.services.kms.model.AliasListEntry) DescribeKeyRequest(com.amazonaws.services.kms.model.DescribeKeyRequest) ListKeysRequest(com.amazonaws.services.kms.model.ListKeysRequest) CloudEncryptionKeys(com.sequenceiq.cloudbreak.cloud.model.CloudEncryptionKeys) AwsCredentialView(com.sequenceiq.cloudbreak.cloud.aws.common.view.AwsCredentialView) KeyListEntry(com.amazonaws.services.kms.model.KeyListEntry) KeyMetadata(com.amazonaws.services.kms.model.KeyMetadata) DescribeKeyResult(com.amazonaws.services.kms.model.DescribeKeyResult) ListKeysResult(com.amazonaws.services.kms.model.ListKeysResult) ListAliasesRequest(com.amazonaws.services.kms.model.ListAliasesRequest) HashSet(java.util.HashSet) Test(org.junit.jupiter.api.Test)

Example 9 with CloudEncryptionKeys

use of com.sequenceiq.cloudbreak.cloud.model.CloudEncryptionKeys in project cloudbreak by hortonworks.

the class GcpPlatformResources method encryptionKeys.

@Override
public CloudEncryptionKeys encryptionKeys(ExtendedCloudCredential cloudCredential, Region region, Map<String, String> filters) {
    CloudKMS cloudKMS;
    try {
        cloudKMS = gcpCloudKMSFactory.buildCloudKMS(cloudCredential);
    } catch (Exception e) {
        LOGGER.warn("Failed to build CloudKMS client.", e);
        return new CloudEncryptionKeys(new HashSet<>());
    }
    String projectId = gcpStackUtil.getProjectId(cloudCredential);
    Set<CloudEncryptionKey> cloudEncryptionKeys = getKeyRingList(cloudKMS, projectId, region.getRegionName()).stream().parallel().map(KeyRing::getName).map(toCryptoKeyPathList(cloudKMS, projectId, region.getRegionName())).flatMap(Set::stream).collect(Collectors.toSet());
    return new CloudEncryptionKeys(cloudEncryptionKeys);
}
Also used : CloudEncryptionKey(com.sequenceiq.cloudbreak.cloud.model.CloudEncryptionKey) CloudKMS(com.google.api.services.cloudkms.v1.CloudKMS) IOException(java.io.IOException) TokenResponseException(com.google.api.client.auth.oauth2.TokenResponseException) CloudEncryptionKeys(com.sequenceiq.cloudbreak.cloud.model.CloudEncryptionKeys) HashSet(java.util.HashSet)

Example 10 with CloudEncryptionKeys

use of com.sequenceiq.cloudbreak.cloud.model.CloudEncryptionKeys in project cloudbreak by hortonworks.

the class AwsPlatformResources method encryptionKeys.

@Override
public CloudEncryptionKeys encryptionKeys(ExtendedCloudCredential cloudCredential, Region region, Map<String, String> filters) {
    String queryFailedMessage = "Could not get encryption keys from Amazon: ";
    CloudEncryptionKeys cloudEncryptionKeys = new CloudEncryptionKeys(new HashSet<>());
    AwsCredentialView awsCredentialView = new AwsCredentialView(cloudCredential);
    AmazonKmsClient client = awsClient.createAWSKMS(awsCredentialView, region.value());
    try {
        ListKeysRequest listKeysRequest = new ListKeysRequest();
        ListKeysResult listKeysResult = client.listKeys(listKeysRequest);
        ListAliasesResult listAliasesResult = client.listAliases(new ListAliasesRequest());
        for (AliasListEntry keyListEntry : listAliasesResult.getAliases()) {
            try {
                listKeysResult.getKeys().stream().filter(item -> item.getKeyId().equals(keyListEntry.getTargetKeyId())).findFirst().ifPresent(item -> {
                    DescribeKeyRequest describeKeyRequest = new DescribeKeyRequest().withKeyId(item.getKeyId());
                    DescribeKeyResult describeKeyResult = client.describeKey(describeKeyRequest);
                    Map<String, Object> meta = new HashMap<>();
                    meta.put("aWSAccountId", describeKeyResult.getKeyMetadata().getAWSAccountId());
                    meta.put("creationDate", describeKeyResult.getKeyMetadata().getCreationDate());
                    meta.put("enabled", describeKeyResult.getKeyMetadata().getEnabled());
                    meta.put("expirationModel", describeKeyResult.getKeyMetadata().getExpirationModel());
                    meta.put("keyManager", describeKeyResult.getKeyMetadata().getKeyManager());
                    meta.put("keyState", describeKeyResult.getKeyMetadata().getKeyState());
                    meta.put("keyUsage", describeKeyResult.getKeyMetadata().getKeyUsage());
                    meta.put("origin", describeKeyResult.getKeyMetadata().getOrigin());
                    meta.put("validTo", describeKeyResult.getKeyMetadata().getValidTo());
                    if (!CloudConstants.AWS.equalsIgnoreCase(describeKeyResult.getKeyMetadata().getKeyManager())) {
                        CloudEncryptionKey key = new CloudEncryptionKey(item.getKeyArn(), describeKeyResult.getKeyMetadata().getKeyId(), describeKeyResult.getKeyMetadata().getDescription(), keyListEntry.getAliasName().replace("alias/", ""), meta);
                        cloudEncryptionKeys.getCloudEncryptionKeys().add(key);
                    }
                });
            } catch (AmazonServiceException e) {
                if (e.getStatusCode() == UNAUTHORIZED) {
                    String policyMessage = "Could not get encryption keys because the user does not have enough permission.";
                    LOGGER.error(policyMessage, e);
                } else {
                    LOGGER.info(queryFailedMessage, e);
                }
            } catch (Exception e) {
                LOGGER.warn(queryFailedMessage, e);
            }
        }
    } catch (AmazonServiceException ase) {
        if (ase.getStatusCode() == UNAUTHORIZED) {
            String policyMessage = "Could not get encryption keys because the user does not have enough permission.";
            LOGGER.error(policyMessage, ase);
            throw new CloudUnauthorizedException(policyMessage, ase);
        } else {
            LOGGER.info(queryFailedMessage, ase);
            throw new CloudConnectorException(queryFailedMessage + ase.getMessage(), ase);
        }
    } catch (Exception e) {
        LOGGER.warn(queryFailedMessage, e);
        throw new CloudConnectorException(queryFailedMessage + e.getMessage(), e);
    }
    return cloudEncryptionKeys;
}
Also used : ListAliasesResult(com.amazonaws.services.kms.model.ListAliasesResult) AliasListEntry(com.amazonaws.services.kms.model.AliasListEntry) AmazonKmsClient(com.sequenceiq.cloudbreak.cloud.aws.common.client.AmazonKmsClient) HashMap(java.util.HashMap) CloudConnectorException(com.sequenceiq.cloudbreak.cloud.exception.CloudConnectorException) DescribeKeyRequest(com.amazonaws.services.kms.model.DescribeKeyRequest) ListKeysRequest(com.amazonaws.services.kms.model.ListKeysRequest) CloudEncryptionKeys(com.sequenceiq.cloudbreak.cloud.model.CloudEncryptionKeys) CloudUnauthorizedException(com.sequenceiq.cloudbreak.cloud.exception.CloudUnauthorizedException) AmazonServiceException(com.amazonaws.AmazonServiceException) CloudConnectorException(com.sequenceiq.cloudbreak.cloud.exception.CloudConnectorException) IOException(java.io.IOException) SdkClientException(com.amazonaws.SdkClientException) AmazonEC2Exception(com.amazonaws.services.ec2.model.AmazonEC2Exception) PermanentlyFailedException(com.sequenceiq.cloudbreak.util.PermanentlyFailedException) AwsCredentialView(com.sequenceiq.cloudbreak.cloud.aws.common.view.AwsCredentialView) CloudEncryptionKey(com.sequenceiq.cloudbreak.cloud.model.CloudEncryptionKey) DescribeKeyResult(com.amazonaws.services.kms.model.DescribeKeyResult) AmazonServiceException(com.amazonaws.AmazonServiceException) ListKeysResult(com.amazonaws.services.kms.model.ListKeysResult) ListAliasesRequest(com.amazonaws.services.kms.model.ListAliasesRequest) CloudUnauthorizedException(com.sequenceiq.cloudbreak.cloud.exception.CloudUnauthorizedException)

Aggregations

CloudEncryptionKeys (com.sequenceiq.cloudbreak.cloud.model.CloudEncryptionKeys)11 CloudEncryptionKey (com.sequenceiq.cloudbreak.cloud.model.CloudEncryptionKey)6 ValidationResult (com.sequenceiq.cloudbreak.validation.ValidationResult)3 PlatformEncryptionKeysResponse (com.sequenceiq.environment.api.v1.platformresource.model.PlatformEncryptionKeysResponse)3 EnvironmentDto (com.sequenceiq.environment.environment.dto.EnvironmentDto)3 Test (org.junit.jupiter.api.Test)3 AliasListEntry (com.amazonaws.services.kms.model.AliasListEntry)2 DescribeKeyRequest (com.amazonaws.services.kms.model.DescribeKeyRequest)2 DescribeKeyResult (com.amazonaws.services.kms.model.DescribeKeyResult)2 ListAliasesRequest (com.amazonaws.services.kms.model.ListAliasesRequest)2 ListAliasesResult (com.amazonaws.services.kms.model.ListAliasesResult)2 ListKeysRequest (com.amazonaws.services.kms.model.ListKeysRequest)2 ListKeysResult (com.amazonaws.services.kms.model.ListKeysResult)2 AwsCredentialView (com.sequenceiq.cloudbreak.cloud.aws.common.view.AwsCredentialView)2 CloudPlatformVariant (com.sequenceiq.cloudbreak.cloud.model.CloudPlatformVariant)2 EnvironmentValidationDto (com.sequenceiq.environment.environment.dto.EnvironmentValidationDto)2 PlatformResourceRequest (com.sequenceiq.environment.platformresource.PlatformResourceRequest)2 IOException (java.io.IOException)2 HashSet (java.util.HashSet)2 Supplier (java.util.function.Supplier)2
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial