List of usage examples for com.amazonaws.services.kms AWSKMSClient AWSKMSClient
AWSKMSClient(AwsSyncClientParams clientParams, boolean endpointDiscoveryEnabled)
From source file:ch.cyberduck.core.kms.KMSEncryptionFeature.java
License:Open Source License
/** * @return List of IDs of KMS managed keys *//*from ww w .j a v a2 s . co m*/ @Override public Set<Algorithm> getKeys(final Path container, final LoginCallback prompt) throws BackgroundException { final Set<Algorithm> keys = super.getKeys(container, prompt); try { keys.addAll(this.authenticated(new Authenticated<Set<Algorithm>>() { @Override public Set<Algorithm> call() throws BackgroundException { // Create new IAM credentials final AWSKMSClient client = new AWSKMSClient(new com.amazonaws.auth.AWSCredentials() { @Override public String getAWSAccessKeyId() { return host.getCredentials().getUsername(); } @Override public String getAWSSecretKey() { return host.getCredentials().getPassword(); } }, configuration); final Location feature = session.getFeature(Location.class); final Location.Name region = feature.getLocation(containerService.getContainer(container)); client.setRegion(Region.getRegion(Regions.fromName(region.getIdentifier()))); try { final Map<String, String> aliases = new HashMap<String, String>(); for (AliasListEntry entry : client.listAliases().getAliases()) { aliases.put(entry.getTargetKeyId(), entry.getAliasName()); } final Set<Algorithm> keys = new HashSet<Algorithm>(); for (KeyListEntry entry : client.listKeys().getKeys()) { keys.add(new AliasedAlgorithm(entry, aliases.get(entry.getKeyId()), region)); } return keys; } catch (AmazonClientException e) { throw new AmazonServiceExceptionMappingService().map("Cannot read AWS KMS configuration", e); } finally { client.shutdown(); } } }, prompt)); } catch (AccessDeniedException e) { log.warn(String.format("Ignore failure reading keys from KMS. %s", e.getMessage())); keys.add(SSE_KMS_DEFAULT); } return keys; }
From source file:com.cloudera.director.aws.AWSProvider.java
License:Apache License
@Override protected ConfigurationValidator getResourceProviderConfigurationValidator( ResourceProviderMetadata resourceProviderMetadata) { ClientConfiguration clientConfiguration = getClientConfiguration(); ConfigurationValidator providerSpecificValidator; if (resourceProviderMetadata.getId().equals(EC2Provider.METADATA.getId())) { AmazonEC2Client client = new AmazonEC2Client(credentialsProvider, clientConfiguration); AmazonIdentityManagementClient identityManagementClient = new AmazonIdentityManagementClient( credentialsProvider, clientConfiguration); AWSKMSClient kmsClient = new AWSKMSClient(credentialsProvider, clientConfiguration); providerSpecificValidator = new EC2ProviderConfigurationValidator(client, identityManagementClient, kmsClient);/*from w w w.ja va 2 s .co m*/ } else if (resourceProviderMetadata.getId().equals(RDSProvider.METADATA.getId())) { AmazonRDSClient client = new AmazonRDSClient(credentialsProvider, clientConfiguration); providerSpecificValidator = new RDSProviderConfigurationValidator(client, rdsEndpoints); } else { throw new IllegalArgumentException("No such provider: " + resourceProviderMetadata.getId()); } return new CompositeConfigurationValidator(METADATA.getProviderConfigurationValidator(), providerSpecificValidator); }
From source file:com.cloudera.director.aws.AWSProvider.java
License:Apache License
/** * Creates an EC2 provider with the specified configuration. * * @param target the configuration//from ww w . j a v a2 s . c o m * @return the EC2 provider */ protected EC2Provider createEC2Provider(Configured target) { ClientConfiguration clientConfiguration = getClientConfiguration(); return new EC2Provider(target, ephemeralDeviceMappings, ebsMetadata, virtualizationMappings, awsFilters, awsTimeouts, new AmazonEC2Client(credentialsProvider, clientConfiguration), new AmazonIdentityManagementClient(credentialsProvider, clientConfiguration), new AWSKMSClient(credentialsProvider, clientConfiguration), getLocalizationContext()); }
From source file:org.finra.herd.dao.credstash.JCredStashWrapper.java
License:Apache License
/** * Constructor for the JCredStashWrapper * * @param region the aws region location of the KMS Client * @param tableName name of the credentials table * @param clientConfiguration the AWS client configuration *//* w ww .j av a 2s . c om*/ public JCredStashWrapper(String region, String tableName, ClientConfiguration clientConfiguration) { AWSCredentialsProvider provider = new DefaultAWSCredentialsProviderChain(); AmazonDynamoDBClient ddb = new AmazonDynamoDBClient(provider, clientConfiguration) .withRegion(Regions.fromName(region)); AWSKMSClient kms = new AWSKMSClient(provider, clientConfiguration).withRegion(Regions.fromName(region)); credstash = new JCredStash(tableName, ddb, kms, new CredStashBouncyCastleCrypto()); }