/** * Validates the configured IAM profile. * * @param configuration the configuration to be validated * @param accumulator the exception condition accumulator * @param localizationContext the localization context */ @VisibleForTesting void checkIamProfileName(Configured configuration, PluginExceptionConditionAccumulator accumulator, LocalizationContext localizationContext) { String iamProfileName = configuration.getConfigurationValue(IAM_PROFILE_NAME, localizationContext); if (iamProfileName != null) { AmazonIdentityManagementClient iamClient = provider.getIdentityManagementClient(); try { iamClient.getInstanceProfile(new GetInstanceProfileRequest() .withInstanceProfileName(iamProfileName)); } catch (NoSuchEntityException e) { addError(accumulator, IAM_PROFILE_NAME, localizationContext, null, INVALID_IAM_PROFILE_NAME_MSG, iamProfileName); } } }
public static boolean groupExists(SecretsGroupManager secretsGroupManager, SecretsGroupIdentifier identifier) { try { secretsGroupManager.info(identifier); return true; } catch (NoSuchElementException | ResourceNotFoundException | NoSuchEntityException e) { return false; } }
/** * Checks if the server certificate is present. * * @param name The server certificate name * @return If present */ public boolean isServerCertificatePresent(final String name) { try { client.getServerCertificate(new GetServerCertificateRequest().withServerCertificateName(name)); return true; } catch (final NoSuchEntityException nsee) { return false; } }
/** * Gets the ARN for the specified server certificate name. * * @param name The server certificate name * @return ARN */ public Optional<String> getServerCertificateArn(final String name) { try { final GetServerCertificateResult serverCertificateResult = client.getServerCertificate(new GetServerCertificateRequest().withServerCertificateName(name)); return Optional.of(serverCertificateResult.getServerCertificate().getServerCertificateMetadata().getArn()); } catch (final NoSuchEntityException nsee) { return Optional.empty(); } }
/** * Gets the ID for the specified server certificate name. * * @param name The server certificate name * @return ID */ public Optional<String> getServerCertificateId(final String name) { try { final GetServerCertificateResult serverCertificateResult = client.getServerCertificate(new GetServerCertificateRequest().withServerCertificateName(name)); return Optional.of(serverCertificateResult.getServerCertificate() .getServerCertificateMetadata().getServerCertificateId()); } catch (final NoSuchEntityException nsee) { return Optional.empty(); } }
public String createIAMRoleIfNotExist(String roleName) { GetRoleRequest getRoleRequest = new GetRoleRequest() .withRoleName(roleName); try { GetRoleResult getRoleResult = identityManagement.getRole(getRoleRequest); return getRoleResult.getRole().getArn(); } catch (NoSuchEntityException e) { CreateRoleRequest request = new CreateRoleRequest().withRoleName(roleName) .withAssumeRolePolicyDocument("{\"Version\": \"2008-10-17\"," + "\"Statement\": [" + "{" + "\"Sid\": \"1\"," + "\"Effect\": \"Allow\"," + "\"Principal\": {" + "\"Service\": \"elastictranscoder.amazonaws.com\"" + "}," + "\"Action\": \"sts:AssumeRole\"" + "}" + "]" + "}"); CreateRoleResult roleResult = identityManagement.createRole(request); PutRolePolicyRequest putRolePolicyRequest = new PutRolePolicyRequest() .withPolicyName("s3video_generated_policy") .withPolicyDocument("{\"Version\":\"2008-10-17\",\"Statement\":[{\"Sid\":\"1\",\"Effect\":\"Allow\",\"Action\":[\"s3:ListBucket\",\"s3:Put*\",\"s3:Get*\",\"s3:*MultipartUpload*\"],\"Resource\":\"*\"},{\"Sid\":\"2\",\"Effect\":\"Allow\",\"Action\":\"sns:Publish\",\"Resource\":\"*\"},{\"Sid\":\"3\",\"Effect\":\"Deny\",\"Action\":[\"s3:*Policy*\",\"sns:*Permission*\",\"sns:*Delete*\",\"s3:*Delete*\",\"sns:*Remove*\"],\"Resource\":\"*\"}]}") .withRoleName(roleName); identityManagement.putRolePolicy(putRolePolicyRequest); return roleResult.getRole().getArn(); } }
public Optional<Policy> findRolePolicy(String roleName, String policyName) { logger.info("find role policy, roleName={}, policyName={}", roleName, policyName); try { GetRolePolicyResult result = iam.getRolePolicy(new GetRolePolicyRequest() .withRoleName(roleName) .withPolicyName(policyName)); String policyJSON = Encodings.decodeURL(result.getPolicyDocument()); return Optional.of(Policy.fromJson(policyJSON)); } catch (NoSuchEntityException e) { return Optional.empty(); } }
/** * @inheritDoc */ @Override public void deleteInstanceProfile( String profileName, Identity identity ) { AmazonIdentityManagement iam = ActivityUtils.createClient( AmazonIdentityManagementClient.class, identity ); String roleName = profileName + "-role"; try { GetInstanceProfileResult profileResult = iam.getInstanceProfile( new GetInstanceProfileRequest().withInstanceProfileName( profileName ) ); if ( !profileResult.getInstanceProfile().getRoles().isEmpty() ) { iam.removeRoleFromInstanceProfile( new RemoveRoleFromInstanceProfileRequest().withInstanceProfileName( profileName ).withRoleName( roleName ) ); } iam.deleteInstanceProfile( new DeleteInstanceProfileRequest().withInstanceProfileName( profileName ) ); } catch ( NoSuchEntityException e ) { LOG.info( "Instance profile is already gone: " + profileName ); } ActivityUtils.deleteRole( roleName, iam ); }
