Examples with AWSEnvironment org.finra.gatekeeper.services.aws.model.AWSEnvironment used on opensource projects

Example 1 with AWSEnvironment

use of org.finra.gatekeeper.services.aws.model.AWSEnvironment in project Gatekeeper by FINRAOS.

the class GrantAccessServiceTask method execute.

/**
 * This makes the calls (keypair, ssm, and email) for granting access.
 *
 * @param execution the Activiti object
 * @throws Exception for anything that goes wrong
 */
public void execute(DelegateExecution execution) throws Exception {
    if (execution.getVariable("attempts") == null) {
        execution.setVariable("attempts", 1);
    } else {
        execution.setVariable("attempts", (Integer) execution.getVariable("attempts") + 1);
    }
    AccessRequest accessRequest = (AccessRequest) execution.getVariable("accessRequest");
    logger.info("Granting Access to " + accessRequest);
    try {
        // Prepare parameters
        AWSEnvironment env = new AWSEnvironment(accessRequest.getAccount(), accessRequest.getRegion());
        logger.info("Environment for this access request is " + env.getAccount() + " ( " + env.getRegion() + " )");
        // bundle up the role -> db -> schema/table offerings
        Map<String, Map<RoleType, List<String>>> schemasForRequest = new HashMap<>();
        for (AWSRdsDatabase db : accessRequest.getAwsRdsInstances()) {
            schemasForRequest.put(db.getName(), databaseConnectionService.getAvailableSchemasForDb(db));
        }
        // Do all of this for each user in the request
        for (User u : accessRequest.getUsers()) {
            // have to apply the roles to each user in the request
            for (UserRole role : accessRequest.getRoles()) {
                // Generate keypair
                String password = passwordGenerationService.generatePassword();
                if (password == null) {
                    throw new GatekeeperException("Could not generate Password");
                }
                RoleType roleType = RoleType.valueOf(role.getRole().toUpperCase());
                Map<String, Boolean> createStatus = databaseConnectionService.grantAccess(accessRequest.getAwsRdsInstances(), u.getUserId(), roleType, password, accessRequest.getDays());
                if (createStatus.values().stream().allMatch(item -> item == Boolean.FALSE)) {
                    throw new GatekeeperException("Could not create user account on any DB instances");
                }
                // Send email with private key
                emailServiceWrapper.notifyOfCredentials(accessRequest, u, roleType, password, schemasForRequest);
            }
        }
    } catch (Exception e) {
        emailServiceWrapper.notifyAdminsOfFailure(accessRequest, e);
        execution.setVariable("requestStatus", RequestStatus.APPROVAL_ERROR);
        throw e;
    }
    if (execution.getVariable("requestStatus") == null) {
        execution.setVariable("requestStatus", RequestStatus.GRANTED);
    }
}

Example 2 with AWSEnvironment

use of org.finra.gatekeeper.services.aws.model.AWSEnvironment in project Gatekeeper by FINRAOS.

the class Ec2LookupServiceTests method before.

@Before
public void before() {
    awsEnvironment = new AWSEnvironment("Dev", "us-west-2");
    mockedResult = new DescribeInstancesResult();
    mockedResult.setReservations(Arrays.asList(new Reservation[] { fakeInstance("i-12345", "1.2.3.4", "TestOne", "TEP", "Linux"), fakeInstance("i-abcde", "123.2.3.4", "TestOneTwo", "TST", "Linux"), fakeInstance("i-123ab", "456.2.3.4", "HelloOne", "TEP", "Linux"), fakeInstance("i-456cd", "123.22.3.4", "HelloTwo", "TEP", "Linux"), fakeInstance("i-12347", "132.23.43.4", "TestThree", "TEP", "Linux") }));
    Mockito.when(gatekeeperEC2Properties.getAppIdentityTag()).thenReturn("Application");
    Mockito.when(awsSessionService.getEC2Session(any())).thenReturn(amazonEC2Client);
    Mockito.when(amazonEC2Client.describeInstances(any())).thenReturn(mockedResult);
}

Example 3 with AWSEnvironment

use of org.finra.gatekeeper.services.aws.model.AWSEnvironment in project Gatekeeper by FINRAOS.

the class AccessRequestService method updateInstanceStatus.

public AccessRequest updateInstanceStatus(AccessRequest accessRequest) {
    AWSEnvironment environment = new AWSEnvironment(accessRequest.getAccount(), accessRequest.getRegion());
    List<AWSInstance> requestedInstances = accessRequest.getInstances();
    List<String> instanceIds = requestedInstances.stream().map(instance -> instance.getInstanceId()).collect(Collectors.toList());
    Map<String, String> instances = ssmService.checkInstancesWithSsm(environment, instanceIds);
    requestedInstances.forEach(instance -> instance.setStatus(instances.get(instance.getInstanceId()) != null ? instances.get(instance.getInstanceId()) : "Unknown"));
    accessRequest.setInstances(requestedInstances);
    accessRequestRepository.save(accessRequest);
    return accessRequest;
}

Example 4 with AWSEnvironment

use of org.finra.gatekeeper.services.aws.model.AWSEnvironment in project Gatekeeper by FINRAOS.

the class AwsSessionServiceTests method testExceptionThrown.

/**
 * Verifies the gatekeeper exception gets tossed if a bad environment is provided.
 */
@Test
public void testExceptionThrown() {
    String env = "Test";
    awsEnvironment = new AWSEnvironment(env, "us-east-2");
    when(accountInformationService.getAccountByAlias("Test")).thenReturn(null);
    try {
        awsSessionService.getEC2Session(awsEnvironment);
    } catch (Exception e) {
        Assert.assertEquals("Message with no alias is correct ", "org.finra.gatekeeper.exception.GatekeeperException: No account found with alias: " + env, e.getMessage());
    }
}

Example 5 with AWSEnvironment

use of org.finra.gatekeeper.services.aws.model.AWSEnvironment in project Gatekeeper by FINRAOS.

the class AwsSessionServiceTests method before.

@Before
public void before() {
    awsEnvironment = new AWSEnvironment("Dev", "us-west-2");
    Mockito.when(gatekeeperAwsProperties.getSessionTimeout()).thenReturn(900000);
    Mockito.when(gatekeeperAwsProperties.getSessionTimeoutPad()).thenReturn(60000);
    Mockito.when(gatekeeperAwsProperties.getProxyHost()).thenReturn("testproxy");
    Mockito.when(gatekeeperAwsProperties.getProxyPort()).thenReturn("100");
    List<Region> regions = new ArrayList<>();
    Region testRegion1 = new Region();
    Region testRegion2 = new Region();
    testRegion1.setName("us-west-2");
    testRegion2.setName("us-east-1");
    regions.add(testRegion1);
    regions.add(testRegion2);
    Account fakeAccount = new Account();
    fakeAccount.setAccountId(123L);
    fakeAccount.setAlias("hello");
    fakeAccount.setRegions(regions);
    fakeAccount.setSdlc("Test");
    fakeAccount.setName("Test Account");
    AssumeRoleResult fakeRoleResult = new AssumeRoleResult();
    // ( ͡° ͜ʖ ͡°)
    Credentials fakeFreshCredentials = new Credentials();
    fakeFreshCredentials.setAccessKeyId("testing");
    fakeFreshCredentials.setSecretAccessKey("s3cr3t");
    fakeFreshCredentials.setSessionToken("s35510nt0k3n");
    fakeRoleResult.setCredentials(fakeFreshCredentials);
    when(accountInformationService.getAccountByAlias("Dev")).thenReturn(fakeAccount);
    when(awsSecurityTokenServiceClient.assumeRole(any())).thenReturn(fakeRoleResult);
    when(awsSessionFactory.createEc2Session(any())).thenReturn(amazonEC2Client);
    when(awsSessionFactory.createSsmSession(any())).thenReturn(awsSimpleSystemsManagementClient);
}