Example 1 with AccountMappingBase
use of com.sequenceiq.common.api.cloudstorage.AccountMappingBase in project cloudbreak by hortonworks.
the class StackV4RequestToTemplatePreparationObjectConverterTest method testStackInputAccountMappings.
@Test
public void testStackInputAccountMappings() {
when(cloudStorageValidationUtil.isCloudStorageConfigured(any(CloudStorageRequest.class))).thenReturn(true);
CloudStorageRequest cloudStorage = mock(CloudStorageRequest.class);
when(cluster.getCloudStorage()).thenReturn(cloudStorage);
AccountMappingBase accountMapping = new AccountMappingBase();
accountMapping.setGroupMappings(GROUP_MAPPINGS);
accountMapping.setUserMappings(USER_MAPPINGS);
when(cloudStorage.getAccountMapping()).thenReturn(accountMapping);
TemplatePreparationObject result = underTest.convert(source);
AccountMappingView accountMappingView = result.getAccountMappingView();
assertNotNull(accountMappingView);
assertEquals(GROUP_MAPPINGS, accountMappingView.getGroupMappings());
assertEquals(USER_MAPPINGS, accountMappingView.getUserMappings());
}
Also used :
TemplatePreparationObject(com.sequenceiq.cloudbreak.template.TemplatePreparationObject)
AccountMappingBase(com.sequenceiq.common.api.cloudstorage.AccountMappingBase)
CloudStorageRequest(com.sequenceiq.common.api.cloudstorage.CloudStorageRequest)
AccountMappingView(com.sequenceiq.cloudbreak.template.views.AccountMappingView)
Test(org.junit.Test)
Example 2 with AccountMappingBase
use of com.sequenceiq.common.api.cloudstorage.AccountMappingBase in project cloudbreak by hortonworks.
the class StackRequestManifesterTest method testSetupCloudStorageAccountMappingWhenCloudStorageWithExistingAccountMappingAndEmptyMaps.
@Test
public void testSetupCloudStorageAccountMappingWhenCloudStorageWithExistingAccountMappingAndEmptyMaps() {
when(stackV4Request.getCluster()).thenReturn(clusterV4Request);
when(stackV4Request.getName()).thenReturn(STACK_NAME);
clusterV4Request.setCloudStorage(cloudStorage);
AccountMappingBase accountMapping = new AccountMappingBase();
cloudStorage.setAccountMapping(accountMapping);
underTest.setupCloudStorageAccountMapping(stackV4Request, ENVIRONMENT_CRN, IdBrokerMappingSource.IDBMMS, CLOUD_PLATFORM_AWS);
assertThat(clusterV4Request.getCloudStorage()).isSameAs(cloudStorage);
assertThat(clusterV4Request.getCloudStorage().getAccountMapping()).isSameAs(accountMapping);
assertThat(clusterV4Request.getCloudStorage().getAccountMapping().getGroupMappings()).isEmpty();
assertThat(clusterV4Request.getCloudStorage().getAccountMapping().getUserMappings()).isEmpty();
}
Also used :
AccountMappingBase(com.sequenceiq.common.api.cloudstorage.AccountMappingBase)
Test(org.junit.jupiter.api.Test)
ParameterizedTest(org.junit.jupiter.params.ParameterizedTest)
Example 3 with AccountMappingBase
use of com.sequenceiq.common.api.cloudstorage.AccountMappingBase in project cloudbreak by hortonworks.
the class StackRequestManifester method setupCloudStorageAccountMapping.
@VisibleForTesting
void setupCloudStorageAccountMapping(StackV4Request stackRequest, String environmentCrn, IdBrokerMappingSource mappingSource, String cloudPlatform) {
String stackName = stackRequest.getName();
CloudStorageRequest cloudStorage = stackRequest.getCluster().getCloudStorage();
if (cloudStorage != null && cloudStorage.getAccountMapping() == null) {
// getAccountMapping() == null means we need to fetch mappings from IDBMMS.
if (mappingSource == IdBrokerMappingSource.IDBMMS) {
LOGGER.info("Fetching account mappings from IDBMMS associated with environment {} for stack {}.", environmentCrn, stackName);
MappingsConfig mappingsConfig;
try {
// Must pass the internal actor here as this operation is internal-use only; requests with other actors will be always rejected.
mappingsConfig = idbmmsClient.getMappingsConfig(regionAwareInternalCrnGeneratorFactory.iam().getInternalCrnForServiceAsString(), environmentCrn, Optional.empty());
validateMappingsConfig(mappingsConfig, stackRequest);
} catch (IdbmmsOperationException e) {
throw new BadRequestException(String.format("Unable to get mappings: %s", e.getMessage()), e);
}
AccountMappingBase accountMapping = new AccountMappingBase();
accountMapping.setGroupMappings(mappingsConfig.getGroupMappings());
accountMapping.setUserMappings(mappingsConfig.getActorMappings());
cloudStorage.setAccountMapping(accountMapping);
LOGGER.info("Initial account mappings fetched from IDBMMS: {}", JsonUtil.writeValueAsStringSilent(accountMapping));
} else {
LOGGER.info("IDBMMS usage is disabled for environment {}. Proceeding with {} mappings for stack {}.", environmentCrn, mappingSource == IdBrokerMappingSource.MOCK && (CloudPlatform.AWS.name().equals(cloudPlatform) || CloudPlatform.AZURE.name().equals(cloudPlatform) || CloudPlatform.GCP.name().equals(cloudPlatform)) ? "mock" : "missing", stackName);
}
} else {
// getAccountMapping() != null is possible only in case of SdxInternalClusterRequest, in which case the user-given values will be honored.
LOGGER.info("{} for stack {} in environment {}.", cloudStorage == null ? "Cloud storage is disabled" : "Applying user-provided mappings", stackName, environmentCrn);
}
}
Also used :
AccountMappingBase(com.sequenceiq.common.api.cloudstorage.AccountMappingBase)
CloudStorageRequest(com.sequenceiq.common.api.cloudstorage.CloudStorageRequest)
MappingsConfig(com.sequenceiq.cloudbreak.idbmms.model.MappingsConfig)
IdbmmsOperationException(com.sequenceiq.cloudbreak.idbmms.exception.IdbmmsOperationException)
BadRequestException(com.sequenceiq.cloudbreak.common.exception.BadRequestException)
VisibleForTesting(com.google.common.annotations.VisibleForTesting)
Example 4 with AccountMappingBase
use of com.sequenceiq.common.api.cloudstorage.AccountMappingBase in project cloudbreak by hortonworks.
the class StorageValidationService method validateObjectStorage.
public ObjectStorageValidateResponse validateObjectStorage(String credentialCrn, SdxCloudStorageRequest sdxCloudStorageRequest, String blueprintName, String clusterName, String dataAccessRole, String rangerAuditRole) {
CredentialResponse credentialResponse = environmentClientService.getCredentialByCrn(credentialCrn);
String attributes = secretService.getByResponse(credentialResponse.getAttributes());
CloudCredential cloudCredential = new CloudCredential(credentialResponse.getCrn(), credentialResponse.getName(), new Json(attributes).getMap(), credentialResponse.getAccountId(), credentialResponse.isVerifyPermissions());
CloudStorageRequest cloudStorageRequest = cloudStorageManifester.initSdxCloudStorageRequest(credentialResponse.getCloudPlatform(), blueprintName, clusterName, sdxCloudStorageRequest);
AccountMappingBase accountMapping = new AccountMappingBase();
Map<String, String> userMapping = getUserMapping(dataAccessRole, rangerAuditRole);
accountMapping.setUserMappings(userMapping);
cloudStorageRequest.setAccountMapping(accountMapping);
ObjectStorageValidateRequest objectStorageValidateRequest = ObjectStorageValidateRequest.builder().withCloudPlatform(credentialResponse.getCloudPlatform()).withCredential(cloudCredential).withCloudStorageRequest(cloudStorageRequest).build();
return ThreadBasedUserCrnProvider.doAsInternalActor(regionAwareInternalCrnGeneratorFactory.iam().getInternalCrnForServiceAsString(), () -> cloudProviderServicesV4Endpoint.validateObjectStorage(objectStorageValidateRequest));
}
Also used :
AccountMappingBase(com.sequenceiq.common.api.cloudstorage.AccountMappingBase)
CloudStorageRequest(com.sequenceiq.common.api.cloudstorage.CloudStorageRequest)
SdxCloudStorageRequest(com.sequenceiq.sdx.api.model.SdxCloudStorageRequest)
CloudCredential(com.sequenceiq.cloudbreak.cloud.model.CloudCredential)
CredentialResponse(com.sequenceiq.environment.api.v1.credential.model.response.CredentialResponse)
Json(com.sequenceiq.cloudbreak.common.json.Json)
ObjectStorageValidateRequest(com.sequenceiq.cloudbreak.cloud.model.objectstorage.ObjectStorageValidateRequest)
Example 5 with AccountMappingBase
use of com.sequenceiq.common.api.cloudstorage.AccountMappingBase in project cloudbreak by hortonworks.
the class ObjectStorageValidateRequestDecorator method decorateWithMockAccountMapping.
public void decorateWithMockAccountMapping(ObjectStorageValidateRequest request) {
if (request.getCloudStorageRequest().getAccountMapping() == null) {
Map<String, String> groupMappings = null;
Map<String, String> userMappings = null;
String adminGroupName = request.getMockAccountMappingSettings().getAdminGroupName();
switch(request.getCloudPlatform()) {
case AWS:
if (adminGroupName != null) {
groupMappings = awsMockAccountMappingService.getGroupMappings(request.getMockAccountMappingSettings().getRegion(), request.getCredential(), adminGroupName);
}
userMappings = awsMockAccountMappingService.getUserMappings(request.getMockAccountMappingSettings().getRegion(), request.getCredential());
break;
case AZURE:
if (adminGroupName != null) {
groupMappings = azureMockAccountMappingService.getGroupMappings(AzureMockAccountMappingService.MSI_RESOURCE_GROUP_NAME, request.getCredential(), adminGroupName);
}
userMappings = azureMockAccountMappingService.getUserMappings(AzureMockAccountMappingService.MSI_RESOURCE_GROUP_NAME, request.getCredential());
break;
case GCP:
if (adminGroupName != null) {
groupMappings = gcpMockAccountMappingService.getGroupMappings(request.getMockAccountMappingSettings().getRegion(), request.getCredential(), adminGroupName);
}
userMappings = gcpMockAccountMappingService.getUserMappings(request.getMockAccountMappingSettings().getRegion(), request.getCredential());
break;
default:
}
AccountMappingBase accountMappingBase = new AccountMappingBase();
accountMappingBase.setGroupMappings(groupMappings);
accountMappingBase.setUserMappings(userMappings);
request.getCloudStorageRequest().setAccountMapping(accountMappingBase);
}
}
Also used :
AccountMappingBase(com.sequenceiq.common.api.cloudstorage.AccountMappingBase)
Aggregations
AccountMappingBase (com.sequenceiq.common.api.cloudstorage.AccountMappingBase)12
CloudStorageRequest (com.sequenceiq.common.api.cloudstorage.CloudStorageRequest)3
Test (org.junit.jupiter.api.Test)3
ParameterizedTest (org.junit.jupiter.params.ParameterizedTest)3
Role (com.amazonaws.services.identitymanagement.model.Role)2
TreeSet (java.util.TreeSet)2
Policy (com.amazonaws.auth.policy.Policy)1
AmazonIdentityManagementException (com.amazonaws.services.identitymanagement.model.AmazonIdentityManagementException)1
EvaluationResult (com.amazonaws.services.identitymanagement.model.EvaluationResult)1
VisibleForTesting (com.google.common.annotations.VisibleForTesting)1
Identity (com.microsoft.azure.management.msi.Identity)1
CloudCredential (com.sequenceiq.cloudbreak.cloud.model.CloudCredential)1
CloudAdlsGen2View (com.sequenceiq.cloudbreak.cloud.model.filesystem.CloudAdlsGen2View)1
ObjectStorageValidateRequest (com.sequenceiq.cloudbreak.cloud.model.objectstorage.ObjectStorageValidateRequest)1
BadRequestException (com.sequenceiq.cloudbreak.common.exception.BadRequestException)1
Json (com.sequenceiq.cloudbreak.common.json.Json)1
IdbmmsOperationException (com.sequenceiq.cloudbreak.idbmms.exception.IdbmmsOperationException)1
MappingsConfig (com.sequenceiq.cloudbreak.idbmms.model.MappingsConfig)1
TemplatePreparationObject (com.sequenceiq.cloudbreak.template.TemplatePreparationObject)1
AccountMappingView (com.sequenceiq.cloudbreak.template.views.AccountMappingView)1
