Search in sources :

Example 1 with CredStash

use of org.finra.herd.dao.credstash.CredStash in project herd by FINRAOS.

the class CredStashHelperTest method testGetCredentialFromCredStashEmptyPasswordValue.

@Test
public void testGetCredentialFromCredStashEmptyPasswordValue() throws Exception {
    // Build AWS parameters.
    AwsParamsDto awsParamsDto = new AwsParamsDto(NO_AWS_ACCESS_KEY, NO_AWS_SECRET_KEY, NO_SESSION_TOKEN, HTTP_PROXY_HOST, HTTP_PROXY_PORT);
    // Build AWS client configuration.
    ClientConfiguration clientConfiguration = new ClientConfiguration();
    // Create CredStash encryption context map.
    Map<String, String> credStashEncryptionContextMap = new HashMap<>();
    credStashEncryptionContextMap.put(KEY, VALUE);
    // Mock the CredStash.
    CredStash credStash = mock(CredStash.class);
    when(credStash.getCredential(USER_CREDENTIAL_NAME, credStashEncryptionContextMap)).thenReturn(EMPTY_STRING);
    // Mock the external calls.
    when(configurationHelper.getProperty(ConfigurationValue.CREDSTASH_AWS_REGION_NAME)).thenReturn(AWS_REGION_NAME);
    when(configurationHelper.getProperty(ConfigurationValue.CREDSTASH_TABLE_NAME)).thenReturn(TABLE_NAME);
    when(awsHelper.getAwsParamsDto()).thenReturn(awsParamsDto);
    when(awsHelper.getClientConfiguration(awsParamsDto)).thenReturn(clientConfiguration);
    when(credStashFactory.getCredStash(AWS_REGION_NAME, TABLE_NAME, clientConfiguration)).thenReturn(credStash);
    when(jsonHelper.unmarshallJsonToObject(Map.class, CREDSTASH_ENCRYPTION_CONTEXT)).thenReturn(credStashEncryptionContextMap);
    // Try to call the method under test.
    try {
        credStashHelper.getCredentialFromCredStash(CREDSTASH_ENCRYPTION_CONTEXT, USER_CREDENTIAL_NAME);
        fail();
    } catch (CredStashGetCredentialFailedException e) {
        assertEquals(String.format("Failed to obtain the keystore or truststore credential from credstash. " + "credStashAwsRegion=%s credStashTableName=%s credStashEncryptionContext=%s credentialName=%s", AWS_REGION_NAME, TABLE_NAME, CREDSTASH_ENCRYPTION_CONTEXT, USER_CREDENTIAL_NAME), e.getMessage());
    }
    // Verify the external calls.
    verify(configurationHelper).getProperty(ConfigurationValue.CREDSTASH_AWS_REGION_NAME);
    verify(configurationHelper).getProperty(ConfigurationValue.CREDSTASH_TABLE_NAME);
    verify(awsHelper).getAwsParamsDto();
    verify(awsHelper).getClientConfiguration(awsParamsDto);
    verify(credStashFactory).getCredStash(AWS_REGION_NAME, TABLE_NAME, clientConfiguration);
    verify(jsonHelper).unmarshallJsonToObject(Map.class, CREDSTASH_ENCRYPTION_CONTEXT);
    verify(credStash).getCredential(USER_CREDENTIAL_NAME, credStashEncryptionContextMap);
    verifyNoMoreInteractions(credStash);
    verifyNoMoreInteractionsHelper();
}
Also used : AwsParamsDto(org.finra.herd.model.dto.AwsParamsDto) HashMap(java.util.HashMap) CredStash(org.finra.herd.dao.credstash.CredStash) ClientConfiguration(com.amazonaws.ClientConfiguration) CredStashGetCredentialFailedException(org.finra.herd.dao.exception.CredStashGetCredentialFailedException) Test(org.junit.Test) AbstractDaoTest(org.finra.herd.dao.AbstractDaoTest)

Example 2 with CredStash

use of org.finra.herd.dao.credstash.CredStash in project herd by FINRAOS.

the class CredStashHelperTest method testGetCredentialFromCredStashException.

@Test
public void testGetCredentialFromCredStashException() throws Exception {
    // Build AWS parameters.
    AwsParamsDto awsParamsDto = new AwsParamsDto(NO_AWS_ACCESS_KEY, NO_AWS_SECRET_KEY, NO_SESSION_TOKEN, HTTP_PROXY_HOST, HTTP_PROXY_PORT);
    // Build AWS client configuration.
    ClientConfiguration clientConfiguration = new ClientConfiguration();
    // Create CredStash encryption context map.
    Map<String, String> credStashEncryptionContextMap = new HashMap<>();
    credStashEncryptionContextMap.put(KEY, VALUE);
    // Mock the CredStash.
    CredStash credStash = mock(CredStash.class);
    when(credStash.getCredential(USER_CREDENTIAL_NAME, credStashEncryptionContextMap)).thenThrow(new Exception(ERROR_MESSAGE));
    // Mock the external calls.
    when(configurationHelper.getProperty(ConfigurationValue.CREDSTASH_AWS_REGION_NAME)).thenReturn(AWS_REGION_NAME);
    when(configurationHelper.getProperty(ConfigurationValue.CREDSTASH_TABLE_NAME)).thenReturn(TABLE_NAME);
    when(awsHelper.getAwsParamsDto()).thenReturn(awsParamsDto);
    when(awsHelper.getClientConfiguration(awsParamsDto)).thenReturn(clientConfiguration);
    when(credStashFactory.getCredStash(AWS_REGION_NAME, TABLE_NAME, clientConfiguration)).thenReturn(credStash);
    when(jsonHelper.unmarshallJsonToObject(Map.class, CREDSTASH_ENCRYPTION_CONTEXT)).thenReturn(credStashEncryptionContextMap);
    // Try to call the method under test.
    try {
        credStashHelper.getCredentialFromCredStash(CREDSTASH_ENCRYPTION_CONTEXT, USER_CREDENTIAL_NAME);
        fail();
    } catch (CredStashGetCredentialFailedException e) {
        assertEquals(String.format("Failed to obtain the keystore or truststore credential from credstash. Reason: %s " + "credStashAwsRegion=%s credStashTableName=%s credStashEncryptionContext=%s credentialName=%s", ERROR_MESSAGE, AWS_REGION_NAME, TABLE_NAME, CREDSTASH_ENCRYPTION_CONTEXT, USER_CREDENTIAL_NAME), e.getMessage());
    }
    // Verify the external calls.
    verify(configurationHelper).getProperty(ConfigurationValue.CREDSTASH_AWS_REGION_NAME);
    verify(configurationHelper).getProperty(ConfigurationValue.CREDSTASH_TABLE_NAME);
    verify(awsHelper).getAwsParamsDto();
    verify(awsHelper).getClientConfiguration(awsParamsDto);
    verify(credStashFactory).getCredStash(AWS_REGION_NAME, TABLE_NAME, clientConfiguration);
    verify(jsonHelper).unmarshallJsonToObject(Map.class, CREDSTASH_ENCRYPTION_CONTEXT);
    verify(credStash).getCredential(USER_CREDENTIAL_NAME, credStashEncryptionContextMap);
    verifyNoMoreInteractions(credStash);
    verifyNoMoreInteractionsHelper();
}
Also used : AwsParamsDto(org.finra.herd.model.dto.AwsParamsDto) HashMap(java.util.HashMap) CredStash(org.finra.herd.dao.credstash.CredStash) ClientConfiguration(com.amazonaws.ClientConfiguration) CredStashGetCredentialFailedException(org.finra.herd.dao.exception.CredStashGetCredentialFailedException) CredStashGetCredentialFailedException(org.finra.herd.dao.exception.CredStashGetCredentialFailedException) Test(org.junit.Test) AbstractDaoTest(org.finra.herd.dao.AbstractDaoTest)

Example 3 with CredStash

use of org.finra.herd.dao.credstash.CredStash in project herd by FINRAOS.

the class JestClientFactoryTest method testGetJestClientHttp.

@Test
public void testGetJestClientHttp() {
    // Mock the CredStash.
    CredStash credStash = mock(CredStash.class);
    // Mock the external calls.
    when(configurationHelper.getProperty(ConfigurationValue.ELASTICSEARCH_REST_CLIENT_HOSTNAME)).thenReturn(ELASTICSEARCH_HOSTNAME);
    when(configurationHelper.getProperty(ConfigurationValue.ELASTICSEARCH_REST_CLIENT_PORT, Integer.class)).thenReturn(ELASTICSEARCH_PORT);
    when(configurationHelper.getProperty(ConfigurationValue.ELASTICSEARCH_REST_CLIENT_SCHEME)).thenReturn("http");
    when(configurationHelper.getProperty(ConfigurationValue.ELASTICSEARCH_REST_CLIENT_READ_TIMEOUT, Integer.class)).thenReturn(READ_TIMEOUT);
    when(configurationHelper.getProperty(ConfigurationValue.ELASTICSEARCH_REST_CLIENT_CONNECTION_TIMEOUT, Integer.class)).thenReturn(CONNECTION_TIMEOUT);
    // Call the method under test.
    JestClient jestClient = jestClientFactory.getJestClient();
    // Verify the external calls.
    verify(configurationHelper).getProperty(ConfigurationValue.ELASTICSEARCH_REST_CLIENT_HOSTNAME);
    verify(configurationHelper).getProperty(ConfigurationValue.ELASTICSEARCH_REST_CLIENT_PORT, Integer.class);
    verify(configurationHelper).getProperty(ConfigurationValue.ELASTICSEARCH_REST_CLIENT_SCHEME);
    verify(configurationHelper).getProperty(ConfigurationValue.ELASTICSEARCH_REST_CLIENT_READ_TIMEOUT, Integer.class);
    verify(configurationHelper).getProperty(ConfigurationValue.ELASTICSEARCH_REST_CLIENT_CONNECTION_TIMEOUT, Integer.class);
    verifyNoMoreInteractions(credStash);
    verifyNoMoreInteractionsHelper();
    // Validate the results.
    assertNotNull(jestClient);
}
Also used : CredStash(org.finra.herd.dao.credstash.CredStash) JestClient(io.searchbox.client.JestClient) Test(org.junit.Test)

Example 4 with CredStash

use of org.finra.herd.dao.credstash.CredStash in project herd by FINRAOS.

the class CredStashHelperTest method testGetCredentialFromCredStash.

@Test
public void testGetCredentialFromCredStash() throws Exception {
    // Build AWS parameters.
    AwsParamsDto awsParamsDto = new AwsParamsDto(NO_AWS_ACCESS_KEY, NO_AWS_SECRET_KEY, NO_SESSION_TOKEN, HTTP_PROXY_HOST, HTTP_PROXY_PORT);
    // Build AWS client configuration.
    ClientConfiguration clientConfiguration = new ClientConfiguration();
    // Create CredStash encryption context map.
    Map<String, String> credStashEncryptionContextMap = new HashMap<>();
    credStashEncryptionContextMap.put(KEY, VALUE);
    // Mock the CredStash.
    CredStash credStash = mock(CredStash.class);
    when(credStash.getCredential(USER_CREDENTIAL_NAME, credStashEncryptionContextMap)).thenReturn(PASSWORD);
    // Mock the external calls.
    when(configurationHelper.getProperty(ConfigurationValue.CREDSTASH_AWS_REGION_NAME)).thenReturn(AWS_REGION_NAME);
    when(configurationHelper.getProperty(ConfigurationValue.CREDSTASH_TABLE_NAME)).thenReturn(TABLE_NAME);
    when(awsHelper.getAwsParamsDto()).thenReturn(awsParamsDto);
    when(awsHelper.getClientConfiguration(awsParamsDto)).thenReturn(clientConfiguration);
    when(credStashFactory.getCredStash(AWS_REGION_NAME, TABLE_NAME, clientConfiguration)).thenReturn(credStash);
    when(jsonHelper.unmarshallJsonToObject(Map.class, CREDSTASH_ENCRYPTION_CONTEXT)).thenReturn(credStashEncryptionContextMap);
    // Call the method under test.
    String result = credStashHelper.getCredentialFromCredStash(CREDSTASH_ENCRYPTION_CONTEXT, USER_CREDENTIAL_NAME);
    // Verify the external calls.
    verify(configurationHelper).getProperty(ConfigurationValue.CREDSTASH_AWS_REGION_NAME);
    verify(configurationHelper).getProperty(ConfigurationValue.CREDSTASH_TABLE_NAME);
    verify(awsHelper).getAwsParamsDto();
    verify(awsHelper).getClientConfiguration(awsParamsDto);
    verify(credStashFactory).getCredStash(AWS_REGION_NAME, TABLE_NAME, clientConfiguration);
    verify(jsonHelper).unmarshallJsonToObject(Map.class, CREDSTASH_ENCRYPTION_CONTEXT);
    verify(credStash).getCredential(USER_CREDENTIAL_NAME, credStashEncryptionContextMap);
    verifyNoMoreInteractions(credStash);
    verifyNoMoreInteractionsHelper();
    // Validate the results.
    assertEquals(PASSWORD, result);
}
Also used : AwsParamsDto(org.finra.herd.model.dto.AwsParamsDto) HashMap(java.util.HashMap) CredStash(org.finra.herd.dao.credstash.CredStash) ClientConfiguration(com.amazonaws.ClientConfiguration) Test(org.junit.Test) AbstractDaoTest(org.finra.herd.dao.AbstractDaoTest)

Example 5 with CredStash

use of org.finra.herd.dao.credstash.CredStash in project herd by FINRAOS.

the class CredStashHelper method getCredentialFromCredStash.

/**
 * Gets a password from the credstash.
 *
 * @param credStashEncryptionContext the encryption context
 * @param credentialName the credential name
 *
 * @return the password
 * @throws CredStashGetCredentialFailedException if CredStash fails to get a credential
 */
@Retryable(maxAttempts = 3, value = CredStashGetCredentialFailedException.class, backoff = @Backoff(delay = 5000, multiplier = 2))
public String getCredentialFromCredStash(String credStashEncryptionContext, String credentialName) throws CredStashGetCredentialFailedException {
    // Get the credstash table name and credential names for the keystore and truststore.
    String credStashAwsRegion = configurationHelper.getProperty(ConfigurationValue.CREDSTASH_AWS_REGION_NAME);
    String credStashTableName = configurationHelper.getProperty(ConfigurationValue.CREDSTASH_TABLE_NAME);
    // Log configuration values and input parameters.
    LOGGER.info("credStashAwsRegion={} credStashTableName={} credStashEncryptionContext={} credentialName={}", credStashAwsRegion, credStashTableName, credStashEncryptionContext, credentialName);
    // Get the AWS client configuration.
    ClientConfiguration clientConfiguration = awsHelper.getClientConfiguration(awsHelper.getAwsParamsDto());
    // Get the keystore and truststore passwords from Credstash.
    CredStash credstash = credStashFactory.getCredStash(credStashAwsRegion, credStashTableName, clientConfiguration);
    // Try to obtain the credentials from cred stash.
    String password = null;
    String errorMessage = null;
    try {
        // Convert the JSON config file version of the encryption context to a Java Map class.
        @SuppressWarnings("unchecked") Map<String, String> credstashEncryptionContextMap = jsonHelper.unmarshallJsonToObject(Map.class, credStashEncryptionContext);
        // Get the keystore and truststore passwords from credstash.
        password = credstash.getCredential(credentialName, credstashEncryptionContextMap);
    } catch (Exception exception) {
        LOGGER.error("Caught exception when attempting to get a credential value from CredStash.", exception);
        errorMessage = exception.getMessage();
    }
    // as credentials from cred stash, then throw a CredStashGetCredentialFailedException.
    if (StringUtils.isEmpty(password)) {
        throw new CredStashGetCredentialFailedException(String.format("Failed to obtain the keystore or truststore credential from credstash.%s " + "credStashAwsRegion=%s credStashTableName=%s credStashEncryptionContext=%s credentialName=%s", StringUtils.isNotBlank(errorMessage) ? " Reason: " + errorMessage : "", credStashAwsRegion, credStashTableName, credStashEncryptionContext, credentialName));
    }
    // Return the keystore and truststore passwords in a map.
    return password;
}
Also used : CredStash(org.finra.herd.dao.credstash.CredStash) ClientConfiguration(com.amazonaws.ClientConfiguration) CredStashGetCredentialFailedException(org.finra.herd.dao.exception.CredStashGetCredentialFailedException) CredStashGetCredentialFailedException(org.finra.herd.dao.exception.CredStashGetCredentialFailedException) Retryable(org.springframework.retry.annotation.Retryable)

Aggregations

CredStash (org.finra.herd.dao.credstash.CredStash)5 ClientConfiguration (com.amazonaws.ClientConfiguration)4 Test (org.junit.Test)4 HashMap (java.util.HashMap)3 AbstractDaoTest (org.finra.herd.dao.AbstractDaoTest)3 CredStashGetCredentialFailedException (org.finra.herd.dao.exception.CredStashGetCredentialFailedException)3 AwsParamsDto (org.finra.herd.model.dto.AwsParamsDto)3 JestClient (io.searchbox.client.JestClient)1 Retryable (org.springframework.retry.annotation.Retryable)1