use of org.finra.herd.dao.exception.CredStashGetCredentialFailedException in project herd by FINRAOS.
the class RelationalTableRegistrationHelperServiceImplTest method testGetPasswordCredStashException.
@Test
public void testGetPasswordCredStashException() throws Exception {
// Mock the external calls.
when(configurationHelper.getProperty(ConfigurationValue.CREDSTASH_RELATIONAL_STORAGE_ENCRYPTION_CONTEXT)).thenReturn(CREDSTASH_ENCRYPTION_CONTEXT);
when(credStashHelper.getCredentialFromCredStash(CREDSTASH_ENCRYPTION_CONTEXT, USER_CREDENTIAL_NAME)).thenThrow(new CredStashGetCredentialFailedException(ERROR_MESSAGE));
// Try to call the method under test.
try {
relationalTableRegistrationHelperServiceImpl.getPassword(new RelationalStorageAttributesDto(JDBC_URL, USERNAME, USER_CREDENTIAL_NAME));
fail();
} catch (IllegalStateException e) {
assertEquals(String.format("%s: %s", CredStashGetCredentialFailedException.class.getName(), ERROR_MESSAGE), e.getMessage());
}
// Verify the external calls.
verify(configurationHelper).getProperty(ConfigurationValue.CREDSTASH_RELATIONAL_STORAGE_ENCRYPTION_CONTEXT);
verify(credStashHelper).getCredentialFromCredStash(CREDSTASH_ENCRYPTION_CONTEXT, USER_CREDENTIAL_NAME);
verifyNoMoreInteractionsHelper();
}
use of org.finra.herd.dao.exception.CredStashGetCredentialFailedException in project herd by FINRAOS.
the class CredStashHelperTest method testGetCredentialFromCredStashEmptyPasswordValue.
@Test
public void testGetCredentialFromCredStashEmptyPasswordValue() throws Exception {
// Build AWS parameters.
AwsParamsDto awsParamsDto = new AwsParamsDto(NO_AWS_ACCESS_KEY, NO_AWS_SECRET_KEY, NO_SESSION_TOKEN, HTTP_PROXY_HOST, HTTP_PROXY_PORT);
// Build AWS client configuration.
ClientConfiguration clientConfiguration = new ClientConfiguration();
// Create CredStash encryption context map.
Map<String, String> credStashEncryptionContextMap = new HashMap<>();
credStashEncryptionContextMap.put(KEY, VALUE);
// Mock the CredStash.
CredStash credStash = mock(CredStash.class);
when(credStash.getCredential(USER_CREDENTIAL_NAME, credStashEncryptionContextMap)).thenReturn(EMPTY_STRING);
// Mock the external calls.
when(configurationHelper.getProperty(ConfigurationValue.CREDSTASH_AWS_REGION_NAME)).thenReturn(AWS_REGION_NAME);
when(configurationHelper.getProperty(ConfigurationValue.CREDSTASH_TABLE_NAME)).thenReturn(TABLE_NAME);
when(awsHelper.getAwsParamsDto()).thenReturn(awsParamsDto);
when(awsHelper.getClientConfiguration(awsParamsDto)).thenReturn(clientConfiguration);
when(credStashFactory.getCredStash(AWS_REGION_NAME, TABLE_NAME, clientConfiguration)).thenReturn(credStash);
when(jsonHelper.unmarshallJsonToObject(Map.class, CREDSTASH_ENCRYPTION_CONTEXT)).thenReturn(credStashEncryptionContextMap);
// Try to call the method under test.
try {
credStashHelper.getCredentialFromCredStash(CREDSTASH_ENCRYPTION_CONTEXT, USER_CREDENTIAL_NAME);
fail();
} catch (CredStashGetCredentialFailedException e) {
assertEquals(String.format("Failed to obtain the keystore or truststore credential from credstash. " + "credStashAwsRegion=%s credStashTableName=%s credStashEncryptionContext=%s credentialName=%s", AWS_REGION_NAME, TABLE_NAME, CREDSTASH_ENCRYPTION_CONTEXT, USER_CREDENTIAL_NAME), e.getMessage());
}
// Verify the external calls.
verify(configurationHelper).getProperty(ConfigurationValue.CREDSTASH_AWS_REGION_NAME);
verify(configurationHelper).getProperty(ConfigurationValue.CREDSTASH_TABLE_NAME);
verify(awsHelper).getAwsParamsDto();
verify(awsHelper).getClientConfiguration(awsParamsDto);
verify(credStashFactory).getCredStash(AWS_REGION_NAME, TABLE_NAME, clientConfiguration);
verify(jsonHelper).unmarshallJsonToObject(Map.class, CREDSTASH_ENCRYPTION_CONTEXT);
verify(credStash).getCredential(USER_CREDENTIAL_NAME, credStashEncryptionContextMap);
verifyNoMoreInteractions(credStash);
verifyNoMoreInteractionsHelper();
}
use of org.finra.herd.dao.exception.CredStashGetCredentialFailedException in project herd by FINRAOS.
the class CredStashHelperTest method testGetCredentialFromCredStashException.
@Test
public void testGetCredentialFromCredStashException() throws Exception {
// Build AWS parameters.
AwsParamsDto awsParamsDto = new AwsParamsDto(NO_AWS_ACCESS_KEY, NO_AWS_SECRET_KEY, NO_SESSION_TOKEN, HTTP_PROXY_HOST, HTTP_PROXY_PORT);
// Build AWS client configuration.
ClientConfiguration clientConfiguration = new ClientConfiguration();
// Create CredStash encryption context map.
Map<String, String> credStashEncryptionContextMap = new HashMap<>();
credStashEncryptionContextMap.put(KEY, VALUE);
// Mock the CredStash.
CredStash credStash = mock(CredStash.class);
when(credStash.getCredential(USER_CREDENTIAL_NAME, credStashEncryptionContextMap)).thenThrow(new Exception(ERROR_MESSAGE));
// Mock the external calls.
when(configurationHelper.getProperty(ConfigurationValue.CREDSTASH_AWS_REGION_NAME)).thenReturn(AWS_REGION_NAME);
when(configurationHelper.getProperty(ConfigurationValue.CREDSTASH_TABLE_NAME)).thenReturn(TABLE_NAME);
when(awsHelper.getAwsParamsDto()).thenReturn(awsParamsDto);
when(awsHelper.getClientConfiguration(awsParamsDto)).thenReturn(clientConfiguration);
when(credStashFactory.getCredStash(AWS_REGION_NAME, TABLE_NAME, clientConfiguration)).thenReturn(credStash);
when(jsonHelper.unmarshallJsonToObject(Map.class, CREDSTASH_ENCRYPTION_CONTEXT)).thenReturn(credStashEncryptionContextMap);
// Try to call the method under test.
try {
credStashHelper.getCredentialFromCredStash(CREDSTASH_ENCRYPTION_CONTEXT, USER_CREDENTIAL_NAME);
fail();
} catch (CredStashGetCredentialFailedException e) {
assertEquals(String.format("Failed to obtain the keystore or truststore credential from credstash. Reason: %s " + "credStashAwsRegion=%s credStashTableName=%s credStashEncryptionContext=%s credentialName=%s", ERROR_MESSAGE, AWS_REGION_NAME, TABLE_NAME, CREDSTASH_ENCRYPTION_CONTEXT, USER_CREDENTIAL_NAME), e.getMessage());
}
// Verify the external calls.
verify(configurationHelper).getProperty(ConfigurationValue.CREDSTASH_AWS_REGION_NAME);
verify(configurationHelper).getProperty(ConfigurationValue.CREDSTASH_TABLE_NAME);
verify(awsHelper).getAwsParamsDto();
verify(awsHelper).getClientConfiguration(awsParamsDto);
verify(credStashFactory).getCredStash(AWS_REGION_NAME, TABLE_NAME, clientConfiguration);
verify(jsonHelper).unmarshallJsonToObject(Map.class, CREDSTASH_ENCRYPTION_CONTEXT);
verify(credStash).getCredential(USER_CREDENTIAL_NAME, credStashEncryptionContextMap);
verifyNoMoreInteractions(credStash);
verifyNoMoreInteractionsHelper();
}
use of org.finra.herd.dao.exception.CredStashGetCredentialFailedException in project herd by FINRAOS.
the class JestClientFactoryTest method testGetJestClientCredStashException.
@Test
public void testGetJestClientCredStashException() throws Exception {
// Mock the external calls.
when(configurationHelper.getProperty(ConfigurationValue.ELASTICSEARCH_REST_CLIENT_HOSTNAME)).thenReturn(ELASTICSEARCH_HOSTNAME);
when(configurationHelper.getProperty(ConfigurationValue.ELASTICSEARCH_REST_CLIENT_PORT, Integer.class)).thenReturn(ELASTICSEARCH_PORT);
when(configurationHelper.getProperty(ConfigurationValue.ELASTICSEARCH_REST_CLIENT_SCHEME)).thenReturn("https");
when(configurationHelper.getProperty(ConfigurationValue.ELASTICSEARCH_REST_CLIENT_READ_TIMEOUT, Integer.class)).thenReturn(READ_TIMEOUT);
when(configurationHelper.getProperty(ConfigurationValue.ELASTICSEARCH_REST_CLIENT_CONNECTION_TIMEOUT, Integer.class)).thenReturn(CONNECTION_TIMEOUT);
when(configurationHelper.getProperty(ConfigurationValue.ELASTICSEARCH_REST_CLIENT_USERNAME)).thenReturn(USERNAME);
when(configurationHelper.getProperty(ConfigurationValue.ELASTICSEARCH_REST_CLIENT_USERCREDENTIALNAME)).thenReturn(USER_CREDENTIAL_NAME);
when(configurationHelper.getProperty(ConfigurationValue.CREDSTASH_ENCRYPTION_CONTEXT)).thenReturn(CREDSTASH_ENCRYPTION_CONTEXT);
when(credStashHelper.getCredentialFromCredStash(CREDSTASH_ENCRYPTION_CONTEXT, USER_CREDENTIAL_NAME)).thenThrow(new CredStashGetCredentialFailedException(ERROR_MESSAGE));
// Try to call the method under test.
try {
jestClientFactory.getJestClient();
fail();
} catch (IllegalStateException e) {
assertEquals(String.format("%s: %s", CredStashGetCredentialFailedException.class.getName(), ERROR_MESSAGE), e.getMessage());
}
// Verify the external calls.
verify(configurationHelper).getProperty(ConfigurationValue.ELASTICSEARCH_REST_CLIENT_HOSTNAME);
verify(configurationHelper).getProperty(ConfigurationValue.ELASTICSEARCH_REST_CLIENT_PORT, Integer.class);
verify(configurationHelper).getProperty(ConfigurationValue.ELASTICSEARCH_REST_CLIENT_SCHEME);
verify(configurationHelper).getProperty(ConfigurationValue.ELASTICSEARCH_REST_CLIENT_READ_TIMEOUT, Integer.class);
verify(configurationHelper).getProperty(ConfigurationValue.ELASTICSEARCH_REST_CLIENT_CONNECTION_TIMEOUT, Integer.class);
verify(configurationHelper).getProperty(ConfigurationValue.ELASTICSEARCH_REST_CLIENT_USERNAME);
verify(configurationHelper).getProperty(ConfigurationValue.ELASTICSEARCH_REST_CLIENT_USERCREDENTIALNAME);
verify(configurationHelper).getProperty(ConfigurationValue.CREDSTASH_ENCRYPTION_CONTEXT);
verify(credStashHelper).getCredentialFromCredStash(CREDSTASH_ENCRYPTION_CONTEXT, USER_CREDENTIAL_NAME);
verifyNoMoreInteractionsHelper();
}
use of org.finra.herd.dao.exception.CredStashGetCredentialFailedException in project herd by FINRAOS.
the class CredStashHelper method getCredentialFromCredStash.
/**
* Gets a password from the credstash.
*
* @param credStashEncryptionContext the encryption context
* @param credentialName the credential name
*
* @return the password
* @throws CredStashGetCredentialFailedException if CredStash fails to get a credential
*/
@Retryable(maxAttempts = 3, value = CredStashGetCredentialFailedException.class, backoff = @Backoff(delay = 5000, multiplier = 2))
public String getCredentialFromCredStash(String credStashEncryptionContext, String credentialName) throws CredStashGetCredentialFailedException {
// Get the credstash table name and credential names for the keystore and truststore.
String credStashAwsRegion = configurationHelper.getProperty(ConfigurationValue.CREDSTASH_AWS_REGION_NAME);
String credStashTableName = configurationHelper.getProperty(ConfigurationValue.CREDSTASH_TABLE_NAME);
// Log configuration values and input parameters.
LOGGER.info("credStashAwsRegion={} credStashTableName={} credStashEncryptionContext={} credentialName={}", credStashAwsRegion, credStashTableName, credStashEncryptionContext, credentialName);
// Get the AWS client configuration.
ClientConfiguration clientConfiguration = awsHelper.getClientConfiguration(awsHelper.getAwsParamsDto());
// Get the keystore and truststore passwords from Credstash.
CredStash credstash = credStashFactory.getCredStash(credStashAwsRegion, credStashTableName, clientConfiguration);
// Try to obtain the credentials from cred stash.
String password = null;
String errorMessage = null;
try {
// Convert the JSON config file version of the encryption context to a Java Map class.
@SuppressWarnings("unchecked") Map<String, String> credstashEncryptionContextMap = jsonHelper.unmarshallJsonToObject(Map.class, credStashEncryptionContext);
// Get the keystore and truststore passwords from credstash.
password = credstash.getCredential(credentialName, credstashEncryptionContextMap);
} catch (Exception exception) {
LOGGER.error("Caught exception when attempting to get a credential value from CredStash.", exception);
errorMessage = exception.getMessage();
}
// as credentials from cred stash, then throw a CredStashGetCredentialFailedException.
if (StringUtils.isEmpty(password)) {
throw new CredStashGetCredentialFailedException(String.format("Failed to obtain the keystore or truststore credential from credstash.%s " + "credStashAwsRegion=%s credStashTableName=%s credStashEncryptionContext=%s credentialName=%s", StringUtils.isNotBlank(errorMessage) ? " Reason: " + errorMessage : "", credStashAwsRegion, credStashTableName, credStashEncryptionContext, credentialName));
}
// Return the keystore and truststore passwords in a map.
return password;
}
Aggregations