List of usage examples for com.amazonaws.services.kms AWSKMSClient describeKey
@Override
public DescribeKeyResult describeKey(DescribeKeyRequest request)
Provides detailed information about a customer master key (CMK).
From source file:com.cloudera.director.aws.ec2.EC2InstanceTemplateConfigurationValidator.java
License:Apache License
/** * Validates the configuration for EBS volumes. * * @param kmsClient the AWS KMS client * @param configuration the configuration to be validated * @param accumulator the exception condition accumulator * @param localizationContext the localization context *//*from w w w. j a va2 s . c o m*/ @VisibleForTesting void checkEbsVolumes(AWSKMSClient kmsClient, Configured configuration, PluginExceptionConditionAccumulator accumulator, LocalizationContext localizationContext) { String ebsVolumeCountString = configuration.getConfigurationValue(EBS_VOLUME_COUNT, localizationContext); int ebsVolumeCount; try { ebsVolumeCount = Integer.parseInt(ebsVolumeCountString); } catch (NumberFormatException e) { addError(accumulator, EBS_VOLUME_COUNT, localizationContext, null, INVALID_EBS_VOLUME_COUNT_FORMAT_MSG, ebsVolumeCountString); return; } if (ebsVolumeCount < 0 || ebsVolumeCount > MAX_VOLUMES_PER_INSTANCE) { addError(accumulator, EBS_VOLUME_COUNT, localizationContext, null, INVALID_EBS_VOLUME_COUNT_MSG, MAX_VOLUMES_PER_INSTANCE); return; } boolean enableEbsEncryption; enableEbsEncryption = Boolean.parseBoolean( configuration.getConfigurationValue(ENCRYPT_ADDITIONAL_EBS_VOLUMES, localizationContext)); String kmsKeyId = configuration.getConfigurationValue(EBS_KMS_KEY_ID, localizationContext); if (ebsVolumeCount == 0) { // Disallow setting any EBS encryption configuration when not adding EBS // volumes. This makes it more apparent that encryption is done on the // added EBS volumes and not the root. if (enableEbsEncryption) { addError(accumulator, ENCRYPT_ADDITIONAL_EBS_VOLUMES, localizationContext, null, INVALID_EBS_ENCRYPTION_MSG); } if (kmsKeyId != null) { addError(accumulator, EBS_KMS_KEY_ID, localizationContext, null, INVALID_EBS_ENCRYPTION_MSG); } } if (ebsVolumeCount > 0) { if (kmsKeyId != null) { if (!enableEbsEncryption) { addError(accumulator, EBS_KMS_KEY_ID, localizationContext, null, INVALID_KMS_WHEN_ENCRYPTION_DISABLED_MSG); } // verify that we can find the key in KMS DescribeKeyRequest keyRequest = new DescribeKeyRequest().withKeyId(kmsKeyId); try { kmsClient.describeKey(keyRequest); } catch (NotFoundException ex) { addError(accumulator, EBS_KMS_KEY_ID, localizationContext, null, INVALID_KMS_NOT_FOUND_MESSAGE); } catch (AmazonServiceException ex) { if (ex.getErrorCode().equals("AccessDeniedException")) { addError(accumulator, EBS_KMS_KEY_ID, localizationContext, null, KMS_KEY_DENIED_MESSAGE); } else { addError(accumulator, EBS_KMS_KEY_ID, localizationContext, null, "AmazonServiceException exception " + ex.getErrorMessage()); } } } String strEbsVolumeSizeGiB = configuration.getConfigurationValue(EBS_VOLUME_SIZE_GIB, localizationContext); int ebsVolumeSizeGiB; try { ebsVolumeSizeGiB = Integer.parseInt(strEbsVolumeSizeGiB); } catch (NumberFormatException e) { addError(accumulator, EBS_VOLUME_SIZE_GIB, localizationContext, null, INVALID_EBS_VOLUME_SIZE_FORMAT_MSG, strEbsVolumeSizeGiB); return; } String volumeType = configuration.getConfigurationValue(EBS_VOLUME_TYPE, localizationContext); EbsVolumeMetadata metadata; try { metadata = ebsMetadata.apply(volumeType); } catch (NullPointerException e) { addError(accumulator, EBS_VOLUME_TYPE, localizationContext, null, "Volume type unknown: " + e.getMessage()); return; } catch (IllegalStateException e) { addError(accumulator, EBS_VOLUME_TYPE, localizationContext, null, "Malformed metadata: " + e.getMessage()); return; } int minAllowableSize = metadata.getMinSizeGiB(); int maxAllowableSize = metadata.getMaxSizeGiB(); if (ebsVolumeSizeGiB > maxAllowableSize || ebsVolumeSizeGiB < minAllowableSize) { addError(accumulator, EBS_VOLUME_SIZE_GIB, localizationContext, null, VOLUME_SIZE_NOT_IN_RANGE_MSG, volumeType, minAllowableSize, maxAllowableSize); } } }