diff options
Diffstat (limited to 'jdisc-cloud-aws/src/main/java/com')
-rw-r--r-- | jdisc-cloud-aws/src/main/java/com/yahoo/jdisc/cloud/aws/AwsParameterStoreValidationHandler.java | 122 |
1 files changed, 122 insertions, 0 deletions
diff --git a/jdisc-cloud-aws/src/main/java/com/yahoo/jdisc/cloud/aws/AwsParameterStoreValidationHandler.java b/jdisc-cloud-aws/src/main/java/com/yahoo/jdisc/cloud/aws/AwsParameterStoreValidationHandler.java new file mode 100644 index 00000000000..34a20831761 --- /dev/null +++ b/jdisc-cloud-aws/src/main/java/com/yahoo/jdisc/cloud/aws/AwsParameterStoreValidationHandler.java @@ -0,0 +1,122 @@ +// Copyright Verizon Media. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. +package com.yahoo.jdisc.cloud.aws; + +import com.amazonaws.auth.AWSCredentials; +import com.yahoo.container.jdisc.HttpRequest; +import com.yahoo.container.jdisc.HttpResponse; +import com.yahoo.container.jdisc.LoggingRequestHandler; +import com.yahoo.container.jdisc.secretstore.SecretNotFoundException; +import com.yahoo.io.IOUtils; +import com.yahoo.restapi.ErrorResponse; +import com.yahoo.restapi.SlimeJsonResponse; +import com.yahoo.slime.Cursor; +import com.yahoo.slime.Slime; +import com.yahoo.slime.SlimeUtils; +import com.yahoo.yolean.Exceptions; + +import javax.inject.Inject; +import java.io.IOException; +import java.io.InputStream; +import java.util.logging.Level; + +/** + * Attempts to validate the AWS Systems Manager Parameter Store settings to see if we can + * run a working Vespa Cloud Secret Store with them. + * + * @author ogronnesby + */ +public class AwsParameterStoreValidationHandler extends LoggingRequestHandler { + + private final VespaAwsCredentialsProvider credentialsProvider; + + @Inject + public AwsParameterStoreValidationHandler(Context ctx) { + this(ctx, new VespaAwsCredentialsProvider()); + } + + + public AwsParameterStoreValidationHandler(Context ctx, VespaAwsCredentialsProvider credentialsProvider) { + super(ctx); + this.credentialsProvider = credentialsProvider; + } + + + @Override + public HttpResponse handle(HttpRequest request) { + try { + switch (request.getMethod()) { + case GET: return handleGET(); + case POST: return handlePOST(request); + default: return ErrorResponse.methodNotAllowed("Method '" + request.getMethod() + "' is not supported"); + } + } catch (RuntimeException e) { + log.log(Level.WARNING, "Unexpected error handling '" + request.getUri() + "'", e); + return ErrorResponse.internalServerError(Exceptions.toMessageString(e)); + } + } + + private HttpResponse handleGET() { + return new SlimeJsonResponse(); + } + + private HttpResponse handlePOST(HttpRequest request) { + var json = toSlime(request.getData()); + var settings = AwsSettings.fromSlime(json); + + var response = new Slime(); + var root = response.get(); + settings.toSlime(response.get().setObject("settings")); + + try { + var store = new AwsParameterStore(this.credentialsProvider, settings.role, settings.externalId); + store.getSecret("vespa-secret"); + root.setString("status", "ok"); + } catch (RuntimeException e) { + root.setString("status", "error"); + var error = root.setArray("errors").addObject(); + error.setString("message", Exceptions.toMessageString(e)); + } + + return new SlimeJsonResponse(response); + } + + private Slime toSlime(InputStream jsonStream) { + try { + byte[] jsonBytes = IOUtils.readBytes(jsonStream, 1000 * 1000); + return SlimeUtils.jsonToSlime(jsonBytes); + } catch (IOException e) { + throw new RuntimeException(); + } + } + + private static class AwsSettings { + String name; + String role; + String awsId; + String externalId; + + AwsSettings(String name, String role, String awsId, String externalId) { + this.name = name; + this.role = role; + this.awsId = awsId; + this.externalId = externalId; + } + + static AwsSettings fromSlime(Slime slime) { + var json = slime.get(); + return new AwsSettings( + json.field("name").asString(), + json.field("role").asString(), + json.field("awsId").asString(), + json.field("externalId").asString() + ); + } + + void toSlime(Cursor slime) { + slime.setString("name", name); + slime.setString("role", role); + slime.setString("awsId", awsId); + slime.setString("externalId", "*****"); + } + } +} |