Search in sources :

Example 1 with CredentialStatus

use of com.sequenceiq.cloudbreak.cloud.model.CredentialStatus in project cloudbreak by hortonworks.

the class AwsCredentialConnector method verifyIamRoleIsAssumable.

private CDPServicePolicyVerificationResponses verifyIamRoleIsAssumable(CloudCredential cloudCredential, List<String> services, Map<String, String> experiencePrerequisites) {
    AwsCredentialView awsCredential = credentialViewProvider.createAwsCredentialView(cloudCredential);
    CDPServicePolicyVerificationResponses credentialStatus;
    Map<String, String> servicesWithPolicies = new HashMap<>();
    services.forEach(service -> experiencePrerequisites.keySet().stream().filter(AwsCredentialConnector::isPolicyServiceMatchesForName).findFirst().ifPresent(policyKey -> servicesWithPolicies.put(service, experiencePrerequisites.get(policyKey))));
    try {
        credentialClient.retrieveSessionCredentials(awsCredential);
        credentialStatus = verifyCredentialsPermission(awsCredential, servicesWithPolicies);
    } catch (AmazonClientException ae) {
        String errorMessage = getErrorMessageForAwsClientException(awsCredential, ae);
        LOGGER.warn(errorMessage, ae);
        credentialStatus = new CDPServicePolicyVerificationResponses(getServiceStatus(services, errorMessage));
    } catch (AwsConfusedDeputyException confusedDeputyEx) {
        credentialStatus = new CDPServicePolicyVerificationResponses(getServiceStatus(services, confusedDeputyEx.getMessage()));
    } catch (RuntimeException e) {
        String errorMessage = String.format("Unable to verify credential: check if the role '%s' exists and it's created with the correct external ID. " + "Cause: '%s'", awsCredential.getRoleArn(), e.getMessage());
        LOGGER.warn(errorMessage, e);
        credentialStatus = new CDPServicePolicyVerificationResponses(getServiceStatus(services, errorMessage));
    }
    return credentialStatus;
}
Also used : AwsCredentialView(com.sequenceiq.cloudbreak.cloud.aws.common.view.AwsCredentialView) CDPServicePolicyVerificationResponse(com.sequenceiq.cloudbreak.cloud.model.CDPServicePolicyVerificationResponse) CloudContext(com.sequenceiq.cloudbreak.cloud.context.CloudContext) LoggerFactory(org.slf4j.LoggerFactory) HashMap(java.util.HashMap) StringUtils(org.apache.commons.lang3.StringUtils) StringUtils.isNotEmpty(org.apache.commons.lang3.StringUtils.isNotEmpty) AwsPermissionMissingException(com.sequenceiq.cloudbreak.cloud.aws.common.exception.AwsPermissionMissingException) HashSet(java.util.HashSet) Inject(javax.inject.Inject) Value(org.springframework.beans.factory.annotation.Value) Strings(com.google.common.base.Strings) AwsCredentialViewProvider(com.sequenceiq.cloudbreak.cloud.aws.common.view.AwsCredentialViewProvider) StringUtils.isNoneEmpty(org.apache.commons.lang3.StringUtils.isNoneEmpty) AwsCredentialView(com.sequenceiq.cloudbreak.cloud.aws.common.view.AwsCredentialView) AuthenticatedContext(com.sequenceiq.cloudbreak.cloud.context.AuthenticatedContext) Service(org.springframework.stereotype.Service) Map(java.util.Map) CredentialPrerequisitesResponse(com.sequenceiq.cloudbreak.cloud.response.CredentialPrerequisitesResponse) CredentialType(com.sequenceiq.common.model.CredentialType) StringUtils.isEmpty(org.apache.commons.lang3.StringUtils.isEmpty) CDPServicePolicyVerificationResponses(com.sequenceiq.cloudbreak.cloud.model.CDPServicePolicyVerificationResponses) Logger(org.slf4j.Logger) CredentialVerificationContext(com.sequenceiq.cloudbreak.cloud.model.credential.CredentialVerificationContext) Set(java.util.Set) AwsCredentialPrerequisites(com.sequenceiq.cloudbreak.cloud.response.AwsCredentialPrerequisites) CloudCredential(com.sequenceiq.cloudbreak.cloud.model.CloudCredential) CredentialStatus(com.sequenceiq.cloudbreak.cloud.model.CredentialStatus) CredentialConnector(com.sequenceiq.cloudbreak.cloud.CredentialConnector) AwsConfusedDeputyException(com.sequenceiq.cloudbreak.cloud.aws.common.exception.AwsConfusedDeputyException) PERMISSIONS_MISSING(com.sequenceiq.cloudbreak.cloud.model.CredentialStatus.PERMISSIONS_MISSING) List(java.util.List) CloudCredentialStatus(com.sequenceiq.cloudbreak.cloud.model.CloudCredentialStatus) PolicyServiceName(com.sequenceiq.cloudbreak.experience.PolicyServiceName) AmazonClientException(com.amazonaws.AmazonClientException) HashMap(java.util.HashMap) AmazonClientException(com.amazonaws.AmazonClientException) CDPServicePolicyVerificationResponses(com.sequenceiq.cloudbreak.cloud.model.CDPServicePolicyVerificationResponses) AwsConfusedDeputyException(com.sequenceiq.cloudbreak.cloud.aws.common.exception.AwsConfusedDeputyException)

Aggregations

AmazonClientException (com.amazonaws.AmazonClientException)1 Strings (com.google.common.base.Strings)1 CredentialConnector (com.sequenceiq.cloudbreak.cloud.CredentialConnector)1 AwsConfusedDeputyException (com.sequenceiq.cloudbreak.cloud.aws.common.exception.AwsConfusedDeputyException)1 AwsPermissionMissingException (com.sequenceiq.cloudbreak.cloud.aws.common.exception.AwsPermissionMissingException)1 AwsCredentialView (com.sequenceiq.cloudbreak.cloud.aws.common.view.AwsCredentialView)1 AwsCredentialViewProvider (com.sequenceiq.cloudbreak.cloud.aws.common.view.AwsCredentialViewProvider)1 AuthenticatedContext (com.sequenceiq.cloudbreak.cloud.context.AuthenticatedContext)1 CloudContext (com.sequenceiq.cloudbreak.cloud.context.CloudContext)1 CDPServicePolicyVerificationResponse (com.sequenceiq.cloudbreak.cloud.model.CDPServicePolicyVerificationResponse)1 CDPServicePolicyVerificationResponses (com.sequenceiq.cloudbreak.cloud.model.CDPServicePolicyVerificationResponses)1 CloudCredential (com.sequenceiq.cloudbreak.cloud.model.CloudCredential)1 CloudCredentialStatus (com.sequenceiq.cloudbreak.cloud.model.CloudCredentialStatus)1 CredentialStatus (com.sequenceiq.cloudbreak.cloud.model.CredentialStatus)1 PERMISSIONS_MISSING (com.sequenceiq.cloudbreak.cloud.model.CredentialStatus.PERMISSIONS_MISSING)1 CredentialVerificationContext (com.sequenceiq.cloudbreak.cloud.model.credential.CredentialVerificationContext)1 AwsCredentialPrerequisites (com.sequenceiq.cloudbreak.cloud.response.AwsCredentialPrerequisites)1 CredentialPrerequisitesResponse (com.sequenceiq.cloudbreak.cloud.response.CredentialPrerequisitesResponse)1 PolicyServiceName (com.sequenceiq.cloudbreak.experience.PolicyServiceName)1 CredentialType (com.sequenceiq.common.model.CredentialType)1