private void fillKeysFromIamTaskRole(Environment env) throws IOException { // before giving up, attempt to discover whether we're running in an ECS Container, // in which case, AWS_CONTAINER_CREDENTIALS_RELATIVE_URI will exist as an env var. String uri = env.getEnvVar(Constants.ECS_CREDENTIALS_ENV_VAR_NAME); if (uri == null) { throw new IllegalArgumentException("Could not acquire credentials! " + "Did not find declared AWS access key or IAM Role, and could not discover IAM Task Role or default role."); } uri = IAM_TASK_ROLE_ENDPOINT + uri; String json = ""; try { json = retrieveRoleFromURI(uri); parseAndStoreRoleCreds(json); } catch (Exception io) { throw new InvalidConfigurationException("Unable to retrieve credentials from IAM Task Role. " + "URI: " + uri + ". \n HTTP Response content: " + json, io); } }
@Override protected Document parse(InputStream inputStream) throws Exception { DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance(); dbf.setNamespaceAware(true); dbf.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true); DocumentBuilder builder = dbf.newDocumentBuilder(); try { return builder.parse(inputStream); } catch (Exception e) { String msg = "Failed to parse config" + LINE_SEPARATOR + "Exception: " + e.getMessage() + LINE_SEPARATOR + "Hazelcast Jet startup interrupted."; LOGGER.severe(msg); throw new InvalidConfigurationException(e.getMessage(), e); } finally { IOUtil.closeResource(inputStream); } }
public AwsDiscoveryStrategy(Map<String, Comparable> properties) { super(LOGGER, properties); this.port = getOrDefault(PORT.getDefinition(), NetworkConfig.DEFAULT_PORT); try { this.aws = new AWSClient(getAwsConfig()); } catch (IllegalArgumentException e) { throw new InvalidConfigurationException("AWS configuration is not valid", e); } }
private void fillKeysFromIamRole() { try { String query = IAM_SECURITY_CREDENTIALS_URI.concat(awsConfig.getIamRole()); String uri = INSTANCE_METADATA_URI.concat(query); String json = retrieveRoleFromURI(uri); parseAndStoreRoleCreds(json); } catch (Exception io) { throw new InvalidConfigurationException("Unable to retrieve credentials from IAM Role: " + awsConfig.getIamRole(), io); } }
public AWSClient(AwsConfig awsConfig) { if (awsConfig == null) { throw new IllegalArgumentException("AwsConfig is required!"); } this.awsConfig = awsConfig; this.endpoint = awsConfig.getHostHeader(); if (awsConfig.getRegion() != null && awsConfig.getRegion().length() > 0) { if (!awsConfig.getHostHeader().startsWith("ec2.")) { throw new InvalidConfigurationException("HostHeader should start with \"ec2.\" prefix"); } setEndpoint(awsConfig.getHostHeader().replace("ec2.", "ec2." + awsConfig.getRegion() + ".")); } }
@Test(expected = InvalidConfigurationException.class) public void hostHeaderMalformed() throws Exception { final Map<String, Comparable> props = new HashMap<String, Comparable>(); props.put("access-key", "test-value"); props.put("secret-key", "test-value"); props.put("host-header", "test-value"); createStrategy(props); }
@Test(expected = InvalidConfigurationException.class) public void testAwsClient_withInvalidHostHeader() { AwsConfig awsConfig = new AwsConfig(); awsConfig.setIamRole("test"); awsConfig.setHostHeader("ec3.amazonaws.com.cn"); new AWSClient(awsConfig); }
@Test(timeout = TIMEOUT_FACTOR * CALL_SERVICE_TIMEOUT, expected = InvalidConfigurationException.class) public void test_RetrieveMetaData_Timeout() { final String nonRoutable = "http://10.255.255.254"; AwsConfig awsConfig = new AwsConfig(); awsConfig.setConnectionTimeoutSeconds((int) TimeUnit.MILLISECONDS.toSeconds(CALL_SERVICE_TIMEOUT)); DescribeInstances describeInstances = new DescribeInstances(awsConfig); describeInstances.retrieveRoleFromURI(nonRoutable); }
private static int getInt(FilterConfig filterConfig, Properties properties, String paramName, int defaultValue) { String value = getValue(filterConfig, properties, paramName); if (StringUtil.isNullOrEmptyAfterTrim(value)) { return defaultValue; } else { try { return Integer.parseInt(value); } catch (NumberFormatException e) { throw new InvalidConfigurationException(paramName + " needs to be an integer: (" + value + ")"); } } }
private static URL getConfigUrl(final ServletContext ctx, final String configLocation) { URL configUrl = null; try { configUrl = ctx.getResource(configLocation); } catch (MalformedURLException ignore) { LOGGER.info("Ignored MalformedURLException"); } if (configUrl == null) { configUrl = ConfigLoader.locateConfig(configLocation); } if (configUrl == null) { throw new InvalidConfigurationException("Could not load configuration '" + configLocation + "'"); } return configUrl; }
@Test public void testInstanceName_withConfigLocation() throws Exception { expectedException.expect(InvalidConfigurationException.class); expectedException.expectMessage( allOf(containsString("session-ttl-seconds"), containsString("config-location"))); Properties properties = new Properties(); properties.setProperty("instance-name", "instance-1"); properties.setProperty("session-ttl-seconds", "20"); properties.setProperty("config-location", "some.xml"); WebFilterConfig.create(emptyFilterConfig, properties); }
@Test public void testUseClient_withConfigLocation() throws Exception { expectedException.expect(InvalidConfigurationException.class); expectedException.expectMessage(containsString("config-location")); Properties properties = new Properties(); properties.setProperty("use-client", "true"); properties.setProperty("config-location", "some.xml"); WebFilterConfig.create(emptyFilterConfig, properties); }
protected Map<String, String> getKeysFromIamRole() { try { URL url = new URL("http", IAM_ROLE_ENDPOINT, query); BufferedReader reader = new BufferedReader(new InputStreamReader(url.openStream(), "UTF-8")); return parseIamRole(reader); } catch (IOException io) { throw new InvalidConfigurationException("Invalid Aws Configuration"); } }
private InetAddress mapAddress(String address) { if (address == null) { return null; } try { return InetAddress.getByName(address); } catch (UnknownHostException e) { throw new InvalidConfigurationException("Address '" + address + "' could not be resolved"); } }
public void buildTagConfig() { final String tagKeys = getOrNull(JCloudsProperties.TAG_KEYS); final String tagValues = getOrNull(JCloudsProperties.TAG_VALUES); if (tagKeys != null && tagValues != null) { List<String> keysList = Arrays.asList(tagKeys.split(",")); List<String> valueList = Arrays.asList(tagValues.split(",")); if (keysList.size() != valueList.size()) { throw new InvalidConfigurationException("Tags keys and value count does not match."); } for (int i = 0; i < keysList.size(); i++) { tagPairs.add(new AbstractMap.SimpleImmutableEntry<String, String>(keysList.get(i), valueList.get(i))); } } }
public String getCredentialFromFile(String provider, String credentialPath) throws IllegalArgumentException { try { String fileContents = Files.toString(new File(credentialPath), Charsets.UTF_8); if (provider.equals(GOOGLE_COMPUTE_ENGINE)) { Supplier<Credentials> credentialSupplier = new GoogleCredentialsFromJson(fileContents); return credentialSupplier.get().credential; } return fileContents; } catch (IOException e) { throw new InvalidConfigurationException("Failed to retrieve the private key from the file: " + credentialPath, e); } }
public ContextBuilder newContextBuilder(final String cloudProvider, final String identity, final String credential, final String roleName) { try { if (roleName != null && (identity != null || credential != null)) { throw new InvalidConfigurationException("IAM role is configured," + " identity or credential property is not allowed."); } if (roleName != null && !cloudProvider.equals(AWS_EC2)) { throw new InvalidConfigurationException("IAM role is only supported with aws-ec2," + " your cloud provider is " + cloudProvider); } if (cloudProvider.equals(AWS_EC2) && roleName != null) { Supplier<Credentials> credentialsSupplier = new Supplier<Credentials>() { @Override public Credentials get() { return new IAMRoleCredentialSupplierBuilder(). withRoleName(roleName).build(); } }; return ContextBuilder.newBuilder(cloudProvider).credentialsSupplier(credentialsSupplier); } else { checkNotNull(identity, "Cloud provider identity is not set"); checkNotNull(credential, "Cloud provider credential is not set"); return ContextBuilder.newBuilder(cloudProvider).credentials(identity, credential); } } catch (NoSuchElementException e) { throw new InvalidConfigurationException("Unrecognized cloud-provider [" + cloudProvider + "]"); } }
@Test(expected = InvalidConfigurationException.class) public void test_invalid_config_when_both_IAM_and_credential_set() { String propertiesUnderTest = "<property name=\"provider\">aws-ec2</property>" + "<property name=\"role-name\">test</property>" + "<property name=\"identity\">test</property>" + "<property name=\"credential\">test</property>"; String configXML = configTemplate.replace("${PROPERTIES_PLACE_HOLDER}", propertiesUnderTest); Config config = new XmlConfigBuilder(new ByteArrayInputStream(stringToBytes(configXML))).build(); Hazelcast.newHazelcastInstance(config); }
@Test(expected = InvalidConfigurationException.class) public void test_invalid_config_when_IAM_role_is_configured_with_nonEc2_Provider() { String propertiesUnderTest = "<property name=\"provider\">google-compute-engine</property>" + "<property name=\"role-name\">test</property>"; String configXML = configTemplate.replace("${PROPERTIES_PLACE_HOLDER}", propertiesUnderTest); Config config = new XmlConfigBuilder(new ByteArrayInputStream(stringToBytes(configXML))).build(); Hazelcast.newHazelcastInstance(config); }
@Test(expected = InvalidConfigurationException.class) public void test_invalid_config_when_tag_keys_and_values_have_different_sizes() { String propertiesUnderTest = "<property name=\"provider\">aws-ec2</property>" + "<property name=\"identity\">test</property>" + "<property name=\"credential\">test</property>" + "<property name=\"tag-keys\">tag1,tag2,tag3</property>" + "<property name=\"tag-values\">tag1,tag2</property>"; String configXML = configTemplate.replace("${PROPERTIES_PLACE_HOLDER}", propertiesUnderTest); Config config = new XmlConfigBuilder(new ByteArrayInputStream(stringToBytes(configXML))).build(); Hazelcast.newHazelcastInstance(config); }
@Test(expected = InvalidConfigurationException.class) public void test_invalid_config_when_port_config_exceed_max_value() { String propertiesUnderTest = "<property name=\"provider\">aws-ec2</property>" + "<property name=\"identity\">test</property>" + "<property name=\"credential\">test</property>" + "<property name=\"hz-port\">78000</property>"; String configXML = configTemplate.replace("${PROPERTIES_PLACE_HOLDER}", propertiesUnderTest); Config config = new XmlConfigBuilder(new ByteArrayInputStream(stringToBytes(configXML))).build(); Hazelcast.newHazelcastInstance(config); }
@Test(expected = InvalidConfigurationException.class) public void test_invalid_config_when_port_config_smaller_than_min_value() { String propertiesUnderTest = "<property name=\"provider\">aws-ec2</property>" + "<property name=\"identity\">test</property>" + "<property name=\"credential\">test</property>" + "<property name=\"hz-port\">-1</property>"; String configXML = configTemplate.replace("${PROPERTIES_PLACE_HOLDER}", propertiesUnderTest); Config config = new XmlConfigBuilder(new ByteArrayInputStream(stringToBytes(configXML))).build(); Hazelcast.newHazelcastInstance(config); }
@Test(expected = InvalidConfigurationException.class) public void parseIamRole_withInvalidAwsConfiguration() { new IAMRoleCredentialSupplierBuilder().getKeysFromIamRole(); }
@Test(expected = InvalidConfigurationException.class) public void test_getCredentialFromFile_when_IOException() { ComputeServiceBuilder builder = new ComputeServiceBuilder(new HashMap<String, Comparable>()); builder.getCredentialFromFile("google-compute-engine", "blahblah.json"); }
@Test(expected = InvalidConfigurationException.class) public void test_InvalidCloudProvider() { ComputeServiceBuilder builder = new ComputeServiceBuilder(new HashMap<String, Comparable>()); builder.newContextBuilder("invalid-cloud-provider", "identity", "credential", null); }
