Example usage for com.amazonaws.services.kms.model DescribeKeyRequest DescribeKeyRequest

List of usage examples for com.amazonaws.services.kms.model DescribeKeyRequest DescribeKeyRequest

  1. HOME
  2. Java
  3. com.amazonaws
  4. com.amazonaws.services.kms.model.*
  5. DescribeKeyRequest
  6. DescribeKeyRequest

Introduction

In this page you can find the example usage for com.amazonaws.services.kms.model DescribeKeyRequest DescribeKeyRequest.

Prototype

DescribeKeyRequest

Source Link

Usage

From source file:com.cloudera.director.aws.ec2.EC2InstanceTemplateConfigurationValidator.java

License:Apache License

/**
 * Validates the configuration for EBS volumes.
 *
 * @param kmsClient           the AWS KMS client
 * @param configuration       the configuration to be validated
 * @param accumulator         the exception condition accumulator
 * @param localizationContext the localization context
 *//*from www  . ja v  a2 s  . c  o m*/
@VisibleForTesting
void checkEbsVolumes(AWSKMSClient kmsClient, Configured configuration,
        PluginExceptionConditionAccumulator accumulator, LocalizationContext localizationContext) {
    String ebsVolumeCountString = configuration.getConfigurationValue(EBS_VOLUME_COUNT, localizationContext);

    int ebsVolumeCount;
    try {
        ebsVolumeCount = Integer.parseInt(ebsVolumeCountString);
    } catch (NumberFormatException e) {
        addError(accumulator, EBS_VOLUME_COUNT, localizationContext, null, INVALID_EBS_VOLUME_COUNT_FORMAT_MSG,
                ebsVolumeCountString);
        return;
    }

    if (ebsVolumeCount < 0 || ebsVolumeCount > MAX_VOLUMES_PER_INSTANCE) {
        addError(accumulator, EBS_VOLUME_COUNT, localizationContext, null, INVALID_EBS_VOLUME_COUNT_MSG,
                MAX_VOLUMES_PER_INSTANCE);
        return;
    }

    boolean enableEbsEncryption;

    enableEbsEncryption = Boolean.parseBoolean(
            configuration.getConfigurationValue(ENCRYPT_ADDITIONAL_EBS_VOLUMES, localizationContext));

    String kmsKeyId = configuration.getConfigurationValue(EBS_KMS_KEY_ID, localizationContext);

    if (ebsVolumeCount == 0) {

        // Disallow setting any EBS encryption configuration when not adding EBS
        // volumes. This makes it more apparent that encryption is done on the
        // added EBS volumes and not the root.

        if (enableEbsEncryption) {
            addError(accumulator, ENCRYPT_ADDITIONAL_EBS_VOLUMES, localizationContext, null,
                    INVALID_EBS_ENCRYPTION_MSG);
        }

        if (kmsKeyId != null) {
            addError(accumulator, EBS_KMS_KEY_ID, localizationContext, null, INVALID_EBS_ENCRYPTION_MSG);
        }
    }

    if (ebsVolumeCount > 0) {

        if (kmsKeyId != null) {
            if (!enableEbsEncryption) {
                addError(accumulator, EBS_KMS_KEY_ID, localizationContext, null,
                        INVALID_KMS_WHEN_ENCRYPTION_DISABLED_MSG);
            }
            // verify that we can find the key in KMS
            DescribeKeyRequest keyRequest = new DescribeKeyRequest().withKeyId(kmsKeyId);
            try {
                kmsClient.describeKey(keyRequest);
            } catch (NotFoundException ex) {
                addError(accumulator, EBS_KMS_KEY_ID, localizationContext, null, INVALID_KMS_NOT_FOUND_MESSAGE);
            } catch (AmazonServiceException ex) {
                if (ex.getErrorCode().equals("AccessDeniedException")) {
                    addError(accumulator, EBS_KMS_KEY_ID, localizationContext, null, KMS_KEY_DENIED_MESSAGE);
                } else {
                    addError(accumulator, EBS_KMS_KEY_ID, localizationContext, null,
                            "AmazonServiceException exception " + ex.getErrorMessage());
                }
            }
        }

        String strEbsVolumeSizeGiB = configuration.getConfigurationValue(EBS_VOLUME_SIZE_GIB,
                localizationContext);

        int ebsVolumeSizeGiB;
        try {
            ebsVolumeSizeGiB = Integer.parseInt(strEbsVolumeSizeGiB);
        } catch (NumberFormatException e) {
            addError(accumulator, EBS_VOLUME_SIZE_GIB, localizationContext, null,
                    INVALID_EBS_VOLUME_SIZE_FORMAT_MSG, strEbsVolumeSizeGiB);
            return;
        }

        String volumeType = configuration.getConfigurationValue(EBS_VOLUME_TYPE, localizationContext);
        EbsVolumeMetadata metadata;

        try {
            metadata = ebsMetadata.apply(volumeType);
        } catch (NullPointerException e) {
            addError(accumulator, EBS_VOLUME_TYPE, localizationContext, null,
                    "Volume type unknown: " + e.getMessage());
            return;
        } catch (IllegalStateException e) {
            addError(accumulator, EBS_VOLUME_TYPE, localizationContext, null,
                    "Malformed metadata: " + e.getMessage());
            return;
        }

        int minAllowableSize = metadata.getMinSizeGiB();
        int maxAllowableSize = metadata.getMaxSizeGiB();

        if (ebsVolumeSizeGiB > maxAllowableSize || ebsVolumeSizeGiB < minAllowableSize) {
            addError(accumulator, EBS_VOLUME_SIZE_GIB, localizationContext, null, VOLUME_SIZE_NOT_IN_RANGE_MSG,
                    volumeType, minAllowableSize, maxAllowableSize);
        }
    }
}