Examples with CloudS3View com.sequenceiq.cloudbreak.cloud.model.filesystem.CloudS3View used on opensource projects

Example 11 with CloudS3View

use of com.sequenceiq.cloudbreak.cloud.model.filesystem.CloudS3View in project cloudbreak by hortonworks.

the class AwsDataAccessRolePermissionValidatorTest method testGetPolicyJsonReplacements.

@Test
@Override
public void testGetPolicyJsonReplacements() {
    String storageLocationBaseStr = "bucket/cluster";
    String bucket = "bucket";
    String dynamodbTableName = "tableName";
    Map<String, String> expectedPolicyJsonReplacements = Map.ofEntries(Map.entry("${ARN_PARTITION}", "aws"), Map.entry("${STORAGE_LOCATION_BASE}", storageLocationBaseStr), Map.entry("${DATALAKE_BUCKET}", bucket), Map.entry("${DYNAMODB_TABLE_NAME}", dynamodbTableName));
    StorageLocationBase storageLocationBase = new StorageLocationBase();
    storageLocationBase.setValue(storageLocationBaseStr);
    CloudS3View cloudFileSystem = new CloudS3View(CloudIdentityType.ID_BROKER);
    cloudFileSystem.setS3GuardDynamoTableName(dynamodbTableName);
    cloudFileSystem.setInstanceProfile("arn:aws:iam::11111111111:instance-profile/instanceprofile");
    Map<String, String> policyJsonReplacements = awsDataAccessRolePermissionValidator.getPolicyJsonReplacements(storageLocationBase, cloudFileSystem);
    assertThat(policyJsonReplacements).isEqualTo(expectedPolicyJsonReplacements);
}

Example 12 with CloudS3View

use of com.sequenceiq.cloudbreak.cloud.model.filesystem.CloudS3View in project cloudbreak by hortonworks.

the class AwsDataAccessRolePermissionValidatorTest method testCollectPolicies.

@Test
@Override
public void testCollectPolicies() {
    ArgumentCaptor<Map<String, String>> replacementsCaptor = ArgumentCaptor.forClass(Map.class);
    when(awsIamService.getPolicy(eq("policyFile1"), replacementsCaptor.capture())).thenReturn(new Policy());
    CloudS3View cloudFileSystem = new CloudS3View(CloudIdentityType.ID_BROKER);
    StorageLocationBase storageLocationBase1 = new StorageLocationBase();
    storageLocationBase1.setType(CloudStorageCdpService.HIVE_METASTORE_WAREHOUSE);
    storageLocationBase1.setValue("s3a://bucket/cluster/hive/metadata");
    cloudFileSystem.setLocations(List.of(storageLocationBase1));
    cloudFileSystem.setInstanceProfile("arn:aws:iam::11111111111:instance-profile/instanceprofile");
    List<Policy> policies = getValidator().collectPolicies(cloudFileSystem, List.of("policyFile1"));
    assertEquals(1, policies.size());
    Map<String, String> replacements = replacementsCaptor.getValue();
    assertEquals("bucket/cluster/hive/metadata", replacements.get("${STORAGE_LOCATION_BASE}"));
    assertEquals("bucket", replacements.get("${DATALAKE_BUCKET}"));
    assertEquals("", replacements.get("${DYNAMODB_TABLE_NAME}"));
}

Example 13 with CloudS3View

use of com.sequenceiq.cloudbreak.cloud.model.filesystem.CloudS3View in project cloudbreak by hortonworks.

the class AwsRangerAuditRolePermissionValidatorTest method testGetPolicyJsonReplacementsNoDynamodb.

@Test
@Override
public void testGetPolicyJsonReplacementsNoDynamodb() {
    String storageLocationBaseStr = "bucket/cluster";
    String bucket = "bucket";
    Map<String, String> expectedPolicyJsonReplacements = Map.ofEntries(Map.entry("${ARN_PARTITION}", "aws"), Map.entry("${STORAGE_LOCATION_BASE}", storageLocationBaseStr), Map.entry("${DATALAKE_BUCKET}", bucket), Map.entry("${DYNAMODB_TABLE_NAME}", ""));
    StorageLocationBase storageLocationBase = new StorageLocationBase();
    storageLocationBase.setValue(storageLocationBaseStr);
    CloudS3View cloudFileSystem = new CloudS3View(CloudIdentityType.ID_BROKER);
    cloudFileSystem.setInstanceProfile("arn:aws:iam::11111111111:instance-profile/instanceprofile");
    Map<String, String> policyJsonReplacements = awsRangerAuditRolePermissionValidator.getPolicyJsonReplacements(storageLocationBase, cloudFileSystem);
    assertThat(policyJsonReplacements).isEqualTo(expectedPolicyJsonReplacements);
}

Example 14 with CloudS3View

use of com.sequenceiq.cloudbreak.cloud.model.filesystem.CloudS3View in project cloudbreak by hortonworks.

the class AwsIDBrokerObjectStorageValidator method validateObjectStorage.

public ValidationResult validateObjectStorage(AmazonIdentityManagementClient iam, SpiFileSystem spiFileSystem, String logsLocationBase, String backupLocationBase, ValidationResultBuilder resultBuilder) {
    List<CloudFileSystemView> cloudFileSystems = spiFileSystem.getCloudFileSystems();
    for (CloudFileSystemView cloudFileSystemView : cloudFileSystems) {
        CloudS3View cloudFileSystem = (CloudS3View) cloudFileSystemView;
        String instanceProfileArn = cloudFileSystem.getInstanceProfile();
        InstanceProfile instanceProfile = awsIamService.getInstanceProfile(iam, instanceProfileArn, cloudFileSystem.getCloudIdentityType(), resultBuilder);
        if (instanceProfile != null) {
            CloudIdentityType cloudIdentityType = cloudFileSystem.getCloudIdentityType();
            if (CloudIdentityType.ID_BROKER.equals(cloudIdentityType)) {
                validateIDBroker(iam, instanceProfile, cloudFileSystem, resultBuilder);
            } else if (CloudIdentityType.LOG.equals(cloudIdentityType)) {
                validateLog(iam, instanceProfile, cloudFileSystem, logsLocationBase, backupLocationBase, resultBuilder);
            }
        }
    }
    return resultBuilder.build();
}

Example 15 with CloudS3View

use of com.sequenceiq.cloudbreak.cloud.model.filesystem.CloudS3View in project cloudbreak by hortonworks.

the class CloudFormationTemplateBuilderTest method buildTestWithVPCAndIGWAndVpcSubnets.

@Test
public void buildTestWithVPCAndIGWAndVpcSubnets() {
    String vpcSubnet = "10.0.0.0/24";
    List<String> vpcSubnets = List.of(vpcSubnet);
    Security security = new Security(getDefaultSecurityRules(), List.of(), true);
    CloudS3View logView = new CloudS3View(CloudIdentityType.LOG);
    logView.setInstanceProfile(INSTANCE_PROFILE);
    List<Group> groups = List.of(createDefaultGroup("master", InstanceGroupType.CORE, ROOT_VOLUME_SIZE, security, Optional.of(logView)));
    cloudStack = createDefaultCloudStack(groups, getDefaultCloudStackParameters(), getDefaultCloudStackTags());
    // WHEN
    modelContext = new ModelContext().withAuthenticatedContext(authenticatedContext).withStack(cloudStack).withExistingVpc(true).withExistingIGW(true).withExistingSubnetCidr(singletonList(existingSubnetCidr)).withExistinVpcCidr(vpcSubnets).mapPublicIpOnLaunch(false).withEnableInstanceProfile(true).withInstanceProfileAvailable(true).withOutboundInternetTraffic(OutboundInternetTraffic.ENABLED).withTemplate(awsCloudFormationTemplate);
    String templateString = cloudFormationTemplateBuilder.build(modelContext);
    // THEN
    Assertions.assertThat(JsonUtil.isValid(templateString)).overridingErrorMessage("Invalid JSON: " + templateString).isTrue();
    assertThat(templateString, containsString("InstanceProfile"));
    assertThat(templateString, containsString("VPCId"));
    assertThat(templateString, not(containsString("SubnetCIDR")));
    assertThat(templateString, containsString("SubnetId"));
    assertThat(templateString, not(containsString("SubnetConfig")));
    assertThat(templateString, not(containsString("\"AttachGateway\"")));
    assertThat(templateString, not(containsString("\"InternetGateway\"")));
    assertThat(templateString, containsString("AvailabilitySet"));
    assertThat(templateString, containsString("SecurityGroupIngress"));
    assertThat(templateString, not(containsString("EIP")));
    assertThat(templateString, containsString("{ \"IpProtocol\" : \"icmp\", \"FromPort\" : \"-1\", \"ToPort\" : \"-1\", \"CidrIp\" : " + "\"10.0.0.0/24\"} ,{ \"IpProtocol\" : \"tcp\", \"FromPort\" : \"0\", \"ToPort\" : \"65535\", \"CidrIp\" : \"10.0.0.0/24\"} ,{ \"IpProtocol\" " + ": \"udp\", \"FromPort\" : \"0\", \"ToPort\" : \"65535\", \"CidrIp\" : \"10.0.0.0/24\"}"));
}