use of com.sequenceiq.cloudbreak.cloud.model.CredentialStatus in project cloudbreak by hortonworks.
the class AwsCredentialConnector method verifyIamRoleIsAssumable.
private CDPServicePolicyVerificationResponses verifyIamRoleIsAssumable(CloudCredential cloudCredential, List<String> services, Map<String, String> experiencePrerequisites) {
AwsCredentialView awsCredential = credentialViewProvider.createAwsCredentialView(cloudCredential);
CDPServicePolicyVerificationResponses credentialStatus;
Map<String, String> servicesWithPolicies = new HashMap<>();
services.forEach(service -> experiencePrerequisites.keySet().stream().filter(AwsCredentialConnector::isPolicyServiceMatchesForName).findFirst().ifPresent(policyKey -> servicesWithPolicies.put(service, experiencePrerequisites.get(policyKey))));
try {
credentialClient.retrieveSessionCredentials(awsCredential);
credentialStatus = verifyCredentialsPermission(awsCredential, servicesWithPolicies);
} catch (AmazonClientException ae) {
String errorMessage = getErrorMessageForAwsClientException(awsCredential, ae);
LOGGER.warn(errorMessage, ae);
credentialStatus = new CDPServicePolicyVerificationResponses(getServiceStatus(services, errorMessage));
} catch (AwsConfusedDeputyException confusedDeputyEx) {
credentialStatus = new CDPServicePolicyVerificationResponses(getServiceStatus(services, confusedDeputyEx.getMessage()));
} catch (RuntimeException e) {
String errorMessage = String.format("Unable to verify credential: check if the role '%s' exists and it's created with the correct external ID. " + "Cause: '%s'", awsCredential.getRoleArn(), e.getMessage());
LOGGER.warn(errorMessage, e);
credentialStatus = new CDPServicePolicyVerificationResponses(getServiceStatus(services, errorMessage));
}
return credentialStatus;
}
Aggregations