下面列出了com.amazonaws.services.s3.model.Tag#com.amazonaws.auth.AWSStaticCredentialsProvider 实例代码,或者点击链接到github查看源代码,也可以在右侧发表评论。
/**
* Gets the credentials.
*
* @param account the account
* @param roleName the role name
* @return the credentials
*/
public BasicSessionCredentials getCredentials(String account,String roleName){
BasicSessionCredentials baseAccntCreds = getBaseAccountCredentials(baseAccount,baseRegion,roleName);
if(baseAccount.equals(account)){
return baseAccntCreds;
}
AWSSecurityTokenServiceClientBuilder stsBuilder = AWSSecurityTokenServiceClientBuilder.standard().withCredentials( new AWSStaticCredentialsProvider(baseAccntCreds)).withRegion(baseRegion);
AWSSecurityTokenService stsClient = stsBuilder.build();
AssumeRoleRequest assumeRequest = new AssumeRoleRequest().withRoleArn(getRoleArn(account,roleName)).withRoleSessionName("pic-ro-"+account);
AssumeRoleResult assumeResult = stsClient.assumeRole(assumeRequest);
return new BasicSessionCredentials(
assumeResult.getCredentials()
.getAccessKeyId(), assumeResult.getCredentials().getSecretAccessKey(),
assumeResult.getCredentials().getSessionToken());
}
/**
* Fetch CloudTrails info.
*
* @param temporaryCredentials the temporary credentials
* @param account the account
* @return the map
*/
public static Map<String,List<Trail>> fetchCloudTrails(BasicSessionCredentials temporaryCredentials, String skipRegions,String account, String accountName){
log.info("Fetch CloudTrails info start");
Map<String,List<Trail>> cloudTrails = new LinkedHashMap<>();
String expPrefix = InventoryConstants.ERROR_PREFIX_CODE+account + "\",\"Message\": \"Exception in fetching info for resource in specific region\" ,\"type\": \"Cloud Trail\" , \"region\":\"" ;
for(Region region : RegionUtils.getRegions()){
try{
if(!skipRegions.contains(region.getName())){
AWSCloudTrail cloudTrailClient = AWSCloudTrailClientBuilder.standard().withCredentials(new AWSStaticCredentialsProvider(temporaryCredentials)).withRegion(region.getName()).build();
DescribeTrailsResult rslt = cloudTrailClient.describeTrails();
List<Trail> trailTemp = rslt.getTrailList();
if(! trailTemp.isEmpty() ){
cloudTrails.put(account+delimiter+accountName+delimiter+region.getName(), trailTemp);
}
}
}catch(Exception e){
if(region.isServiceSupported(AmazonRDS.ENDPOINT_PREFIX)){
log.warn(expPrefix+ region.getName()+InventoryConstants.ERROR_CAUSE +e.getMessage()+"\"}");
ErrorManageUtil.uploadError(account,region.getName(),"cloudtrail",e.getMessage());
}
}
}
return cloudTrails;
}
private void initAmazonS3() {
BasicAWSCredentials credentials = new BasicAWSCredentials(
fileClientConfig.getAccessKey(), fileClientConfig.getSecretKey());
ClientConfiguration clientConfig = new ClientConfiguration();
clientConfig.setSignerOverride("S3SignerType");
String region = fileClientConfig.getRegion() == null ? FileClientConfiguration.US_EAST_1 : fileClientConfig.getRegion();
this.amazonS3 = AmazonS3ClientBuilder.standard()
.withCredentials(new AWSStaticCredentialsProvider(credentials))
.withClientConfiguration(clientConfig)
.withEndpointConfiguration(
new AwsClientBuilder.EndpointConfiguration(
fileClientConfig.getEndpoint(),
region))
.withPathStyleAccessEnabled(fileClientConfig.getWithPath())
.build();
}
@Test
public void testAssumeRoleStaticCredentials()
throws Exception
{
Configuration config = new Configuration(false);
config.set(S3_ACCESS_KEY, "test_access_key");
config.set(S3_SECRET_KEY, "test_secret_key");
config.set(S3_IAM_ROLE, "test_role");
try (PrestoS3FileSystem fs = new PrestoS3FileSystem()) {
fs.initialize(new URI("s3n://test-bucket/"), config);
AWSCredentialsProvider tokenService = getStsCredentialsProvider(fs, "test_role");
assertInstanceOf(tokenService, AWSStaticCredentialsProvider.class);
AWSCredentials credentials = tokenService.getCredentials();
assertEquals(credentials.getAWSAccessKeyId(), "test_access_key");
assertEquals(credentials.getAWSSecretKey(), "test_secret_key");
}
}
/**
* Fetch NAT gateway info test.
*
* @throws Exception the exception
*/
@SuppressWarnings("static-access")
@Test
public void fetchNATGatewayInfoTest() throws Exception {
mockStatic(AmazonEC2ClientBuilder.class);
AmazonEC2 ec2Client = PowerMockito.mock(AmazonEC2.class);
AmazonEC2ClientBuilder amazonEC2ClientBuilder = PowerMockito.mock(AmazonEC2ClientBuilder.class);
AWSStaticCredentialsProvider awsStaticCredentialsProvider = PowerMockito.mock(AWSStaticCredentialsProvider.class);
PowerMockito.whenNew(AWSStaticCredentialsProvider.class).withAnyArguments().thenReturn(awsStaticCredentialsProvider);
when(amazonEC2ClientBuilder.standard()).thenReturn(amazonEC2ClientBuilder);
when(amazonEC2ClientBuilder.withCredentials(anyObject())).thenReturn(amazonEC2ClientBuilder);
when(amazonEC2ClientBuilder.withRegion(anyString())).thenReturn(amazonEC2ClientBuilder);
when(amazonEC2ClientBuilder.build()).thenReturn(ec2Client);
DescribeNatGatewaysResult describeNatGatewaysResult = new DescribeNatGatewaysResult();
List<NatGateway> natGatwayList = new ArrayList<>();
natGatwayList.add(new NatGateway());
describeNatGatewaysResult.setNatGateways(natGatwayList);
when(ec2Client.describeNatGateways(anyObject())).thenReturn(describeNatGatewaysResult);
assertThat(inventoryUtil.fetchNATGatewayInfo(new BasicSessionCredentials("awsAccessKey", "awsSecretKey", "sessionToken"),
"skipRegions", "account","accountName").size(), is(1));
}
/**
* Fetch route tables test.
*
* @throws Exception the exception
*/
@SuppressWarnings("static-access")
@Test
public void fetchRouteTablesTest() throws Exception {
mockStatic(AmazonEC2ClientBuilder.class);
AmazonEC2 ec2Client = PowerMockito.mock(AmazonEC2.class);
AmazonEC2ClientBuilder amazonEC2ClientBuilder = PowerMockito.mock(AmazonEC2ClientBuilder.class);
AWSStaticCredentialsProvider awsStaticCredentialsProvider = PowerMockito.mock(AWSStaticCredentialsProvider.class);
PowerMockito.whenNew(AWSStaticCredentialsProvider.class).withAnyArguments().thenReturn(awsStaticCredentialsProvider);
when(amazonEC2ClientBuilder.standard()).thenReturn(amazonEC2ClientBuilder);
when(amazonEC2ClientBuilder.withCredentials(anyObject())).thenReturn(amazonEC2ClientBuilder);
when(amazonEC2ClientBuilder.withRegion(anyString())).thenReturn(amazonEC2ClientBuilder);
when(amazonEC2ClientBuilder.build()).thenReturn(ec2Client);
DescribeRouteTablesResult describeRouteTablesResult = new DescribeRouteTablesResult();
List<RouteTable> routeTableList = new ArrayList<>();
routeTableList.add(new RouteTable());
describeRouteTablesResult.setRouteTables(routeTableList);
when(ec2Client.describeRouteTables()).thenReturn(describeRouteTablesResult);
assertThat(ec2InventoryUtil.fetchRouteTables(new BasicSessionCredentials("awsAccessKey", "awsSecretKey", "sessionToken"),
"skipRegions", "account","accountName").size(), is(1));
}
/**
* Fetch reserved instances test.
*
* @throws Exception the exception
*/
@SuppressWarnings("static-access")
@Test
public void fetchReservedInstancesTest() throws Exception {
mockStatic(AmazonEC2ClientBuilder.class);
AmazonEC2 ec2Client = PowerMockito.mock(AmazonEC2.class);
AmazonEC2ClientBuilder amazonEC2ClientBuilder = PowerMockito.mock(AmazonEC2ClientBuilder.class);
AWSStaticCredentialsProvider awsStaticCredentialsProvider = PowerMockito.mock(AWSStaticCredentialsProvider.class);
PowerMockito.whenNew(AWSStaticCredentialsProvider.class).withAnyArguments().thenReturn(awsStaticCredentialsProvider);
when(amazonEC2ClientBuilder.standard()).thenReturn(amazonEC2ClientBuilder);
when(amazonEC2ClientBuilder.withCredentials(anyObject())).thenReturn(amazonEC2ClientBuilder);
when(amazonEC2ClientBuilder.withRegion(anyString())).thenReturn(amazonEC2ClientBuilder);
when(amazonEC2ClientBuilder.build()).thenReturn(ec2Client);
DescribeReservedInstancesResult describeReservedInstancesResult = new DescribeReservedInstancesResult();
List<ReservedInstances> reservedInstancesList = new ArrayList<>();
reservedInstancesList.add(new ReservedInstances());
describeReservedInstancesResult.setReservedInstances(reservedInstancesList);
when(ec2Client.describeReservedInstances()).thenReturn(describeReservedInstancesResult);
assertThat(ec2InventoryUtil.fetchReservedInstances(new BasicSessionCredentials("awsAccessKey", "awsSecretKey", "sessionToken"),
"skipRegions", "account","accountName").size(), is(1));
}
/**
* Fetch RDSDB snapshots test.
*
* @throws Exception the exception
*/
@SuppressWarnings("static-access")
@Test
public void fetchRDSDBSnapshotsTest() throws Exception {
mockStatic(AmazonRDSClientBuilder.class);
AmazonRDS rdsClient = PowerMockito.mock(AmazonRDS.class);
AmazonRDSClientBuilder amazonRDSClientBuilder = PowerMockito.mock(AmazonRDSClientBuilder.class);
AWSStaticCredentialsProvider awsStaticCredentialsProvider = PowerMockito.mock(AWSStaticCredentialsProvider.class);
PowerMockito.whenNew(AWSStaticCredentialsProvider.class).withAnyArguments().thenReturn(awsStaticCredentialsProvider);
when(amazonRDSClientBuilder.standard()).thenReturn(amazonRDSClientBuilder);
when(amazonRDSClientBuilder.withCredentials(anyObject())).thenReturn(amazonRDSClientBuilder);
when(amazonRDSClientBuilder.withRegion(anyString())).thenReturn(amazonRDSClientBuilder);
when(amazonRDSClientBuilder.build()).thenReturn(rdsClient);
DescribeDBSnapshotsResult describeDBSnapshotsResult = new DescribeDBSnapshotsResult();
List<DBSnapshot> snapshots = new ArrayList<>();
snapshots.add(new DBSnapshot());
describeDBSnapshotsResult.setDBSnapshots(snapshots);
when(rdsClient.describeDBSnapshots(anyObject())).thenReturn(describeDBSnapshotsResult);
assertThat(inventoryUtil.fetchRDSDBSnapshots(new BasicSessionCredentials("awsAccessKey", "awsSecretKey", "sessionToken"),
"skipRegions", "account","accountName").size(), is(1));
}
/**
* Fetch direct connections.
*
* @param temporaryCredentials the temporary credentials
* @param skipRegions the skip regions
* @param accountId the accountId
* @return the map
*/
public static Map<String,List<Connection>> fetchDirectConnections(BasicSessionCredentials temporaryCredentials, String skipRegions,String accountId,String accountName) {
Map<String,List<Connection>> connectionMap = new LinkedHashMap<>();
String expPrefix = "{\"errcode\": \"NO_RES_REG\" ,\"accountId\": \""+accountId + "\",\"Message\": \"Exception in fetching info for resource in specific region\" ,\"type\": \"Direct Connections\" , \"region\":\"" ;
for(Region region : RegionUtils.getRegions()) {
try{
if(!skipRegions.contains(region.getName())){
AmazonDirectConnectClient directConnectClient = (AmazonDirectConnectClient) AmazonDirectConnectClientBuilder.standard().withCredentials(new AWSStaticCredentialsProvider(temporaryCredentials)).withRegion(region.getName()).build();
List<Connection> connectionList = directConnectClient.describeConnections().getConnections();
if(!connectionList.isEmpty() ) {
log.debug("Account : " + accountId + " Type : Direct Connections "+ region.getName()+" >> " + connectionList.size());
connectionMap.put(accountId+delimiter+accountName+delimiter+region.getName(), connectionList);
}
}
}catch(Exception e){
log.warn(expPrefix+ region.getName()+"\", \"cause\":\"" +e.getMessage()+"\"}");
ErrorManageUtil.uploadError(accountId,region.getName(),"directconnect",e.getMessage());
}
}
return connectionMap;
}
/**
* Fetch SSM info test.
*
* @throws Exception the exception
*/
@SuppressWarnings("static-access")
@Test
public void fetchSSMInfoTest() throws Exception {
mockStatic(AWSSimpleSystemsManagementClientBuilder.class);
AWSSimpleSystemsManagement ssmClient = PowerMockito.mock(AWSSimpleSystemsManagement.class);
AWSSimpleSystemsManagementClientBuilder simpleSystemsManagementClientBuilder = PowerMockito.mock(AWSSimpleSystemsManagementClientBuilder.class);
AWSStaticCredentialsProvider awsStaticCredentialsProvider = PowerMockito.mock(AWSStaticCredentialsProvider.class);
PowerMockito.whenNew(AWSStaticCredentialsProvider.class).withAnyArguments().thenReturn(awsStaticCredentialsProvider);
when(simpleSystemsManagementClientBuilder.standard()).thenReturn(simpleSystemsManagementClientBuilder);
when(simpleSystemsManagementClientBuilder.withCredentials(anyObject())).thenReturn(simpleSystemsManagementClientBuilder);
when(simpleSystemsManagementClientBuilder.withRegion(anyString())).thenReturn(simpleSystemsManagementClientBuilder);
when(simpleSystemsManagementClientBuilder.build()).thenReturn(ssmClient);
DescribeInstanceInformationResult describeInstanceInfoRslt = new DescribeInstanceInformationResult();
List<InstanceInformation> ssmInstanceListTemp = new ArrayList<>();
ssmInstanceListTemp.add(new InstanceInformation());
describeInstanceInfoRslt.setInstanceInformationList(ssmInstanceListTemp);
when(ssmClient.describeInstanceInformation(anyObject())).thenReturn(describeInstanceInfoRslt);
assertThat(ec2InventoryUtil.fetchSSMInfo(new BasicSessionCredentials("awsAccessKey", "awsSecretKey", "sessionToken"),
"skipRegions", "account","accountName").size(), is(1));
}
/**
* Fetch volumet info test.
*
* @throws Exception the exception
*/
@SuppressWarnings("static-access")
@Test
public void fetchVolumetInfoTest() throws Exception {
mockStatic(AmazonEC2ClientBuilder.class);
AmazonEC2 ec2Client = PowerMockito.mock(AmazonEC2.class);
AmazonEC2ClientBuilder amazonEC2ClientBuilder = PowerMockito.mock(AmazonEC2ClientBuilder.class);
AWSStaticCredentialsProvider awsStaticCredentialsProvider = PowerMockito.mock(AWSStaticCredentialsProvider.class);
PowerMockito.whenNew(AWSStaticCredentialsProvider.class).withAnyArguments().thenReturn(awsStaticCredentialsProvider);
when(amazonEC2ClientBuilder.standard()).thenReturn(amazonEC2ClientBuilder);
when(amazonEC2ClientBuilder.withCredentials(anyObject())).thenReturn(amazonEC2ClientBuilder);
when(amazonEC2ClientBuilder.withRegion(anyString())).thenReturn(amazonEC2ClientBuilder);
when(amazonEC2ClientBuilder.build()).thenReturn(ec2Client);
DescribeVolumesResult describeVolumesResult = new DescribeVolumesResult();
List<Volume> volumeList = new ArrayList<>();
volumeList.add(new Volume());
describeVolumesResult.setVolumes(volumeList);
when(ec2Client.describeVolumes()).thenReturn(describeVolumesResult);
assertThat(inventoryUtil.fetchVolumetInfo(new BasicSessionCredentials("awsAccessKey", "awsSecretKey", "sessionToken"),
"skipRegions", "account","accountName").size(), is(1));
}
/**
* Sets the default root object.
*
* @param temporaryCredentials the temporary credentials
* @param cloudFrontList the cloud front list
*/
private static void setConfigDetails(BasicSessionCredentials temporaryCredentials, List<CloudFrontVH> cloudFrontList){
String[] regions = {"us-east-2","us-west-1"};
int index = 0;
AmazonCloudFront amazonCloudFront = AmazonCloudFrontClientBuilder.standard().withCredentials(new AWSStaticCredentialsProvider(temporaryCredentials)).withRegion(regions[index]).build();
for(CloudFrontVH cfVH: cloudFrontList){
try{
DistributionConfig distConfig = amazonCloudFront.getDistributionConfig(new GetDistributionConfigRequest().withId(cfVH.getDistSummary().getId())).getDistributionConfig();
cfVH.setDefaultRootObject(distConfig.getDefaultRootObject());
cfVH.setBucketName(distConfig.getLogging().getBucket());
cfVH.setAccessLogEnabled(distConfig.getLogging().getEnabled());
}catch(Exception e){
index = index==0?1:0;
amazonCloudFront = AmazonCloudFrontClientBuilder.standard().withCredentials(new AWSStaticCredentialsProvider(temporaryCredentials)).withRegion(regions[index]).build();
}
}
}
/**
* Fetch elastic IP addresses.
*
* @param temporaryCredentials the temporary credentials
* @param skipRegions the skip regions
* @param accountId the accountId
* @return the map
*/
public static Map<String,List<Address>> fetchElasticIPAddresses(BasicSessionCredentials temporaryCredentials, String skipRegions,String accountId,String accountName){
Map<String,List<Address>> elasticIPMap = new LinkedHashMap<>();
AmazonEC2 ec2Client ;
String expPrefix = InventoryConstants.ERROR_PREFIX_CODE+accountId + InventoryConstants.ERROR_PREFIX_EC2 ;
for(Region region : RegionUtils.getRegions()) {
try{
if(!skipRegions.contains(region.getName())){
ec2Client = AmazonEC2ClientBuilder.standard().withCredentials(new AWSStaticCredentialsProvider(temporaryCredentials)).withRegion(region.getName()).build();
List<Address> elasticIPList = ec2Client.describeAddresses().getAddresses();
if(!elasticIPList.isEmpty() ) {
log.debug(InventoryConstants.ACCOUNT + accountId + " Type : EC2 Elastic IP "+ region.getName()+" >> " + elasticIPList.size());
elasticIPMap.put(accountId+delimiter+accountName+delimiter+region.getName(), elasticIPList);
}
}
}catch(Exception e){
log.warn(expPrefix+ region.getName()+InventoryConstants.ERROR_CAUSE +e.getMessage()+"\"}");
ErrorManageUtil.uploadError(accountId,region.getName(),"elasticip",e.getMessage());
}
}
return elasticIPMap;
}
/**
* Fetch internet gateway.
*
* @param temporaryCredentials the temporary credentials
* @param skipRegions the skip regions
* @param accountId the accountId
* @return the map
*/
public static Map<String,List<InternetGateway>> fetchInternetGateway(BasicSessionCredentials temporaryCredentials, String skipRegions,String accountId,String accountName){
Map<String,List<InternetGateway>> internetGatewayMap = new LinkedHashMap<>();
AmazonEC2 ec2Client ;
String expPrefix = InventoryConstants.ERROR_PREFIX_CODE+accountId + "\",\"Message\": \"Exception in fetching info for resource in specific region\" ,\"type\": \"internetgateway\" , \"region\":\"" ;
for(Region region : RegionUtils.getRegions()) {
try{
if(!skipRegions.contains(region.getName())){
ec2Client = AmazonEC2ClientBuilder.standard().withCredentials(new AWSStaticCredentialsProvider(temporaryCredentials)).withRegion(region.getName()).build();
List<InternetGateway> internetGatewayList = ec2Client.describeInternetGateways().getInternetGateways();
if(!internetGatewayList.isEmpty() ) {
log.debug(InventoryConstants.ACCOUNT + accountId + " Type : EC2 Internet Gateway "+ region.getName()+" >> " + internetGatewayList.size());
internetGatewayMap.put(accountId+delimiter+accountName+delimiter+region.getName(), internetGatewayList);
}
}
}catch(Exception e){
log.warn(expPrefix+ region.getName()+InventoryConstants.ERROR_CAUSE +e.getMessage()+"\"}");
ErrorManageUtil.uploadError(accountId,region.getName(),"internetgateway",e.getMessage());
}
}
return internetGatewayMap;
}
/**
* Fetch VPN gateway.
*
* @param temporaryCredentials the temporary credentials
* @param skipRegions the skip regions
* @param accountId the accountId
* @return the map
*/
public static Map<String,List<VpnGateway>> fetchVPNGateway(BasicSessionCredentials temporaryCredentials, String skipRegions,String accountId,String accountName){
Map<String,List<VpnGateway>> vpnGatewayMap = new LinkedHashMap<>();
AmazonEC2 ec2Client ;
String expPrefix = InventoryConstants.ERROR_PREFIX_CODE+accountId + "\",\"Message\": \"Exception in fetching info for resource in specific region\" ,\"type\": \"vpngateway\" , \"region\":\"" ;
for(Region region : RegionUtils.getRegions()) {
try{
if(!skipRegions.contains(region.getName())){
ec2Client = AmazonEC2ClientBuilder.standard().withCredentials(new AWSStaticCredentialsProvider(temporaryCredentials)).withRegion(region.getName()).build();
List<VpnGateway> vpnGatewayList = ec2Client.describeVpnGateways().getVpnGateways();
if(!vpnGatewayList.isEmpty() ) {
log.debug(InventoryConstants.ACCOUNT + accountId + " Type : EC2 VPN Gateway "+ region.getName()+" >> " + vpnGatewayList.size());
vpnGatewayMap.put(accountId+delimiter+accountName+delimiter+region.getName(), vpnGatewayList);
}
}
}catch(Exception e){
log.warn(expPrefix+ region.getName()+InventoryConstants.ERROR_CAUSE +e.getMessage()+"\"}");
ErrorManageUtil.uploadError(accountId,region.getName(),"vpngateway",e.getMessage());
}
}
return vpnGatewayMap;
}
/**
* Fetch customer gateway.
*
* @param temporaryCredentials the temporary credentials
* @param skipRegions the skip regions
* @param accountId the accountId
* @return the map
*/
public static Map<String,List<CustomerGateway>> fetchCustomerGateway(BasicSessionCredentials temporaryCredentials, String skipRegions,String accountId,String accountName){
Map<String,List<CustomerGateway>> customerGatewayMap = new LinkedHashMap<>();
AmazonEC2 ec2Client ;
String expPrefix = InventoryConstants.ERROR_PREFIX_CODE+accountId + "\",\"Message\": \"Exception in fetching info for resource in specific region\" ,\"type\": \"customergateway\" , \"region\":\"" ;
for(Region region : RegionUtils.getRegions()) {
try{
if(!skipRegions.contains(region.getName())){
ec2Client = AmazonEC2ClientBuilder.standard().withCredentials(new AWSStaticCredentialsProvider(temporaryCredentials)).withRegion(region.getName()).build();
List<CustomerGateway> customerGatewayList = ec2Client.describeCustomerGateways().getCustomerGateways();
if(!customerGatewayList.isEmpty() ) {
log.debug(InventoryConstants.ACCOUNT + accountId + " Type : EC2 Customer Gateway "+ region.getName()+" >> " + customerGatewayList.size());
customerGatewayMap.put(accountId+delimiter+accountName+delimiter+region.getName(), customerGatewayList);
}
}
}catch(Exception e){
log.warn(expPrefix+ region.getName()+InventoryConstants.ERROR_CAUSE +e.getMessage()+"\"}");
ErrorManageUtil.uploadError(accountId,region.getName(),"customergateway",e.getMessage());
}
}
return customerGatewayMap;
}
/**
* Fetch VPN connections.
*
* @param temporaryCredentials the temporary credentials
* @param skipRegions the skip regions
* @param accountId the accountId
* @return the map
*/
public static Map<String,List<VpnConnection>> fetchVPNConnections(BasicSessionCredentials temporaryCredentials, String skipRegions,String accountId,String accountName){
Map<String,List<VpnConnection>> vpnConnectionMap = new LinkedHashMap<>();
AmazonEC2 ec2Client ;
String expPrefix = InventoryConstants.ERROR_PREFIX_CODE+accountId + "\",\"Message\": \"Exception in fetching info for resource in specific region\" ,\"type\": \"vpnconnection\" , \"region\":\"" ;
for(Region region : RegionUtils.getRegions()) {
try{
if(!skipRegions.contains(region.getName())){
ec2Client = AmazonEC2ClientBuilder.standard().withCredentials(new AWSStaticCredentialsProvider(temporaryCredentials)).withRegion(region.getName()).build();
List<VpnConnection> vpnConnectionsList = ec2Client.describeVpnConnections().getVpnConnections();
if(!vpnConnectionsList.isEmpty() ) {
log.debug(InventoryConstants.ACCOUNT + accountId + " Type : EC2 VPN Connections"+ region.getName()+" >> " + vpnConnectionsList.size());
vpnConnectionMap.put(accountId+delimiter+accountName+delimiter+region.getName(), vpnConnectionsList);
}
}
}catch(Exception e){
log.warn(expPrefix+ region.getName()+InventoryConstants.ERROR_CAUSE +e.getMessage()+"\"}");
ErrorManageUtil.uploadError(accountId,region.getName(),"vpnconnection",e.getMessage());
}
}
return vpnConnectionMap;
}
/**
* Fetch reserved instances.
*
* @param temporaryCredentials the temporary credentials
* @param skipRegions the skip regions
* @param accountId the accountId
* @return the map
*/
public static Map<String,List<ReservedInstances>> fetchReservedInstances(BasicSessionCredentials temporaryCredentials, String skipRegions,String accountId,String accountName){
Map<String,List<ReservedInstances>> reservedInstancesMap = new LinkedHashMap<>();
AmazonEC2 ec2Client ;
String expPrefix = InventoryConstants.ERROR_PREFIX_CODE+accountId + InventoryConstants.ERROR_PREFIX_EC2 ;
for(Region region : RegionUtils.getRegions()) {
try{
if(!skipRegions.contains(region.getName())){
ec2Client = AmazonEC2ClientBuilder.standard().withCredentials(new AWSStaticCredentialsProvider(temporaryCredentials)).withRegion(region.getName()).build();
List<ReservedInstances> reservedInstancesList = ec2Client.describeReservedInstances().getReservedInstances();
if(!reservedInstancesList.isEmpty() ) {
log.debug(InventoryConstants.ACCOUNT + accountId + " Type : reservedinstance"+ region.getName()+" >> " + reservedInstancesList.size());
reservedInstancesMap.put(accountId+delimiter+accountName+delimiter+region.getName(), reservedInstancesList);
}
}
}catch(Exception e){
log.warn(expPrefix+ region.getName()+InventoryConstants.ERROR_CAUSE +e.getMessage()+"\"}");
ErrorManageUtil.uploadError(accountId,region.getName(),"reservedinstance",e.getMessage());
}
}
return reservedInstancesMap;
}
/**
* Fetch internet gateway test.
*
* @throws Exception the exception
*/
@SuppressWarnings("static-access")
@Test
public void fetchInternetGatewayTest() throws Exception {
mockStatic(AmazonEC2ClientBuilder.class);
AmazonEC2 ec2Client = PowerMockito.mock(AmazonEC2.class);
AmazonEC2ClientBuilder amazonEC2ClientBuilder = PowerMockito.mock(AmazonEC2ClientBuilder.class);
AWSStaticCredentialsProvider awsStaticCredentialsProvider = PowerMockito.mock(AWSStaticCredentialsProvider.class);
PowerMockito.whenNew(AWSStaticCredentialsProvider.class).withAnyArguments().thenReturn(awsStaticCredentialsProvider);
when(amazonEC2ClientBuilder.standard()).thenReturn(amazonEC2ClientBuilder);
when(amazonEC2ClientBuilder.withCredentials(anyObject())).thenReturn(amazonEC2ClientBuilder);
when(amazonEC2ClientBuilder.withRegion(anyString())).thenReturn(amazonEC2ClientBuilder);
when(amazonEC2ClientBuilder.build()).thenReturn(ec2Client);
DescribeInternetGatewaysResult describeInternetGatewaysResult = new DescribeInternetGatewaysResult();
List<InternetGateway> internetGatewayList = new ArrayList<>();
internetGatewayList.add(new InternetGateway());
describeInternetGatewaysResult.setInternetGateways(internetGatewayList);
when(ec2Client.describeInternetGateways()).thenReturn(describeInternetGatewaysResult);
assertThat(ec2InventoryUtil.fetchInternetGateway(new BasicSessionCredentials("awsAccessKey", "awsSecretKey", "sessionToken"),
"skipRegions", "account","accountName").size(), is(1));
}
public AmazonWebServicesClientProxy(final boolean inHandshakeMode,
final LoggerProxy loggerProxy,
final Credentials credentials,
final Supplier<Long> remainingTimeToExecute,
final DelayFactory override) {
this.inHandshakeMode = inHandshakeMode;
this.loggerProxy = loggerProxy;
this.remainingTimeInMillis = remainingTimeToExecute;
BasicSessionCredentials basicSessionCredentials = new BasicSessionCredentials(credentials.getAccessKeyId(),
credentials.getSecretAccessKey(),
credentials.getSessionToken());
this.v1CredentialsProvider = new AWSStaticCredentialsProvider(basicSessionCredentials);
AwsSessionCredentials awsSessionCredentials = AwsSessionCredentials.create(credentials.getAccessKeyId(),
credentials.getSecretAccessKey(), credentials.getSessionToken());
this.v2CredentialsProvider = StaticCredentialsProvider.create(awsSessionCredentials);
this.override = Objects.requireNonNull(override);
}
/**
* Gets the credentials.
*
* @param account the account
* @param roleName the role name
* @return the credentials
*/
public BasicSessionCredentials getCredentials(String account,String roleName){
BasicSessionCredentials baseAccntCreds = getBaseAccountCredentials(roleName);
if(baseAccount.equals(account)){
return baseAccntCreds;
}
AWSSecurityTokenServiceClientBuilder stsBuilder = AWSSecurityTokenServiceClientBuilder.standard().withCredentials( new AWSStaticCredentialsProvider(baseAccntCreds)).withRegion(baseRegion);
AWSSecurityTokenService stsClient = stsBuilder.build();
AssumeRoleRequest assumeRequest = new AssumeRoleRequest().withRoleArn(getRoleArn(account,roleName)).withRoleSessionName("pic-ro-"+account);
AssumeRoleResult assumeResult = stsClient.assumeRole(assumeRequest);
return new BasicSessionCredentials(
assumeResult.getCredentials()
.getAccessKeyId(), assumeResult.getCredentials().getSecretAccessKey(),
assumeResult.getCredentials().getSessionToken());
}
/**
* Fetch S 3 info test test exception.
*
* @throws Exception the exception
*/
@SuppressWarnings("static-access")
@Test
public void fetchS3InfoTestTest_Exception() throws Exception {
mockStatic(AmazonS3ClientBuilder.class);
AmazonS3 amazonS3Client = PowerMockito.mock(AmazonS3.class);
AmazonS3ClientBuilder amazonRDSClientBuilder = PowerMockito.mock(AmazonS3ClientBuilder.class);
AWSStaticCredentialsProvider awsStaticCredentialsProvider = PowerMockito.mock(AWSStaticCredentialsProvider.class);
PowerMockito.whenNew(AWSStaticCredentialsProvider.class).withAnyArguments().thenReturn(awsStaticCredentialsProvider);
when(amazonRDSClientBuilder.standard()).thenReturn(amazonRDSClientBuilder);
when(amazonRDSClientBuilder.withCredentials(anyObject())).thenReturn(amazonRDSClientBuilder);
when(amazonRDSClientBuilder.withRegion(anyString())).thenReturn(amazonRDSClientBuilder);
when(amazonRDSClientBuilder.build()).thenReturn(amazonS3Client);
List<Bucket> s3buckets = new ArrayList<>();
Bucket bucket = new Bucket();
bucket.setName("name");
s3buckets.add(bucket);
when(amazonS3Client.listBuckets()).thenReturn(s3buckets);
when(amazonS3Client.getBucketLocation(anyString())).thenThrow(new AmazonServiceException("Error"));
assertThat(inventoryUtil.fetchS3Info(new BasicSessionCredentials("awsAccessKey", "awsSecretKey", "sessionToken"),
"skipRegions", "account","accountName").size(), is(0));
}
/**
* Fetch subnets.
*
* @param temporaryCredentials the temporary credentials
* @param skipRegions the skip regions
* @param accountId the accountId
* @param accountName the account name
* @return the map
*/
public static Map<String,List<Subnet>> fetchSubnets(BasicSessionCredentials temporaryCredentials, String skipRegions,String accountId,String accountName) {
Map<String,List<Subnet>> subnets = new LinkedHashMap<>();
AmazonEC2 ec2Client ;
String expPrefix = InventoryConstants.ERROR_PREFIX_CODE+accountId + "\",\"Message\": \"Exception in fetching info for resource in specific region\" ,\"type\": \"Subnet\" , \"region\":\"" ;
for(Region region : RegionUtils.getRegions()){
try{
if(!skipRegions.contains(region.getName())){
ec2Client = AmazonEC2ClientBuilder.standard().withCredentials(new AWSStaticCredentialsProvider(temporaryCredentials)).withRegion(region.getName()).build();
DescribeSubnetsResult rslt = ec2Client.describeSubnets();
List<Subnet> subnetsTemp =rslt.getSubnets();
if(! subnetsTemp.isEmpty() ){
log.debug(InventoryConstants.ACCOUNT + accountId +" Type : Subnet "+region.getName() + " >> "+subnetsTemp.size());
subnets.put(accountId+delimiter+accountName+delimiter+region.getName(),subnetsTemp);
}
}
}catch(Exception e){
log.warn(expPrefix+ region.getName()+InventoryConstants.ERROR_CAUSE +e.getMessage()+"\"}");
ErrorManageUtil.uploadError(accountId,region.getName(),"subnet",e.getMessage());
}
}
return subnets;
}
/**
* Fetch volumet info.
*
* @param temporaryCredentials the temporary credentials
* @param skipRegions the skip regions
* @param accountId the accountId
* @param accountName the account name
* @return the map
*/
public static Map<String,List<Volume>> fetchVolumetInfo(BasicSessionCredentials temporaryCredentials, String skipRegions,String accountId,String accountName) {
Map<String,List<Volume>> volumeList = new LinkedHashMap<>();
AmazonEC2 ec2Client ;
String expPrefix = InventoryConstants.ERROR_PREFIX_CODE+accountId + "\",\"Message\": \"Exception in fetching info for resource in specific region\" ,\"type\": \"Volume\" , \"region\":\"" ;
for(Region region : RegionUtils.getRegions()){
try{
if(!skipRegions.contains(region.getName())){
ec2Client = AmazonEC2ClientBuilder.standard().withCredentials(new AWSStaticCredentialsProvider(temporaryCredentials)).withRegion(region.getName()).build();
DescribeVolumesResult rslt = ec2Client.describeVolumes(); // No need to paginate as all volumes will be returned.
List<Volume> volumeListTemp = rslt.getVolumes();
if( !volumeListTemp.isEmpty() ) {
log.debug(InventoryConstants.ACCOUNT + accountId +" Type : Volume "+region.getName() + " >> "+volumeListTemp.size());
volumeList.put(accountId+delimiter+accountName+delimiter+region.getName(),volumeListTemp);
}
}
}catch(Exception e){
log.warn(expPrefix+ region.getName()+InventoryConstants.ERROR_CAUSE +e.getMessage()+"\"}");
ErrorManageUtil.uploadError(accountId,region.getName(),"volume",e.getMessage());
}
}
return volumeList;
}
@Primary
@Bean
AmazonS3 testS3(@Value("${s3.port}") int port) {
return AmazonS3Client
.builder()
.withCredentials(new AWSStaticCredentialsProvider(new AnonymousAWSCredentials()))
.withEndpointConfiguration(new EndpointConfiguration("http://127.0.0.1:" + port, "us-west-2"))
.build();
}
/**
* Fetch direct connections virtual interfaces test exception.
*
* @throws Exception the exception
*/
@SuppressWarnings("static-access")
@Test
public void fetchDirectConnectionsVirtualInterfacesTest_Exception() throws Exception {
PowerMockito.whenNew(AWSStaticCredentialsProvider.class).withAnyArguments().thenThrow(new Exception());
assertThat(directConnectionInventoryUtil.fetchDirectConnectionsVirtualInterfaces(new BasicSessionCredentials("awsAccessKey", "awsSecretKey", "sessionToken"),
"skipRegions", "account","accountName").size(), is(0));
}
/**
* Fetch launch configurations test exception.
*
* @throws Exception the exception
*/
@SuppressWarnings("static-access")
@Test
public void fetchLaunchConfigurationsTest_Exception() throws Exception {
PowerMockito.whenNew(AWSStaticCredentialsProvider.class).withAnyArguments().thenThrow(new Exception());
assertThat(asgInventoryUtil.fetchLaunchConfigurations(new BasicSessionCredentials("awsAccessKey", "awsSecretKey", "sessionToken"),
"skipRegions", "account","accountName").size(), is(0));
}
/**
* Fetch IAM certificate info.
*
* @param temporaryCredentials the temporary credentials
* @param account the account
* @return the map
*/
public static Map<String,List<IAMCertificateVH>> fetchIAMCertificateInfo(BasicSessionCredentials temporaryCredentials, String skipRegions, String account, String accountName) {
log.info("Fetch IAMCertificate info start");
Map<String,List<IAMCertificateVH>> iamCertificateVH = new LinkedHashMap<>();
AmazonIdentityManagement amazonIdentityManagement;
List<ServerCertificateMetadata> listServerCertificatesMetadata = new ArrayList<>();
String serverCertificateName = null;
String arn = null;
Date expiryDate = null;
String expPrefix = InventoryConstants.ERROR_PREFIX_CODE+account + "\",\"Message\": \"Exception in fetching info for resource \" ,\"type\": \"IAMCertificate\"" ;
try {
amazonIdentityManagement = AmazonIdentityManagementClientBuilder.standard().withCredentials(new AWSStaticCredentialsProvider(temporaryCredentials))
.withRegion(InventoryConstants.REGION_US_WEST_2).build();
listServerCertificatesMetadata = amazonIdentityManagement.listServerCertificates(new ListServerCertificatesRequest())
.getServerCertificateMetadataList();
List<IAMCertificateVH> iamCerttList = new ArrayList<>();
if(!CollectionUtils.isEmpty(listServerCertificatesMetadata)) {
for (ServerCertificateMetadata serverCertIAMMetadata : listServerCertificatesMetadata) {
serverCertificateName = serverCertIAMMetadata.getServerCertificateName();
arn = serverCertIAMMetadata.getArn();
expiryDate = serverCertIAMMetadata.getExpiration();
IAMCertificateVH iamCertVH = new IAMCertificateVH();
iamCertVH.setServerCertificateName(serverCertificateName);
iamCertVH.setArn(arn);
iamCertVH.setExpiryDate(expiryDate);
iamCerttList.add(iamCertVH);
}
iamCertificateVH.put(account+delimiter+accountName, iamCerttList);
}else {
log.info("List is empty");
}
} catch (Exception e) {
log.error(expPrefix + InventoryConstants.ERROR_CAUSE + e.getMessage() + "\"}");
ErrorManageUtil.uploadError(account,"", "IAMCertificate", e.getMessage());
}
return iamCertificateVH;
}
private static AWSCredentials getStaticCredentials(Configuration config, PrestoS3FileSystem fileSystem, String uri)
throws IOException, URISyntaxException
{
fileSystem.initialize(new URI(uri), config);
AWSCredentialsProvider awsCredentialsProvider = getAwsCredentialsProvider(fileSystem);
assertInstanceOf(awsCredentialsProvider, AWSStaticCredentialsProvider.class);
return awsCredentialsProvider.getCredentials();
}
/**
* <p>
* Build an AWS cognito identity provider, based on the parameters defined in the CognitoResources interface.
* </p>
*
* @return
*/
protected AWSCognitoIdentityProvider getAmazonCognitoIdentityClient() {
AWSCredentials credentials = getCredentials(cognitoID, cognitoKey);
AWSCredentialsProvider credProvider = new AWSStaticCredentialsProvider( credentials );
AWSCognitoIdentityProvider client = AWSCognitoIdentityProviderClientBuilder.standard()
.withCredentials(credProvider)
.withRegion(region)
.build();
return client;
}