From 367a32b645473cd9909fe5391af573613f3c739c Mon Sep 17 00:00:00 2001 From: Kirik0 Date: Mon, 1 Aug 2022 07:38:16 -1000 Subject: [PATCH 01/10] Added OAuth support for membership fetching endpoint --- .../fidelius/services/CredentialsService.java | 8 +- .../fidelius/services/MembershipService.java | 18 ++- .../services/auth/FideliusRoleService.java | 12 +- .../fidelius/services/rest/RESTService.java | 110 ++++++++++++++++++ .../services/MembershipServiceTest.java | 10 +- 5 files changed, 141 insertions(+), 17 deletions(-) diff --git a/fidelius-service/src/main/java/org/finra/fidelius/services/CredentialsService.java b/fidelius-service/src/main/java/org/finra/fidelius/services/CredentialsService.java index a4b1c48..91fc05c 100644 --- a/fidelius-service/src/main/java/org/finra/fidelius/services/CredentialsService.java +++ b/fidelius-service/src/main/java/org/finra/fidelius/services/CredentialsService.java @@ -104,16 +104,16 @@ public class CredentialsService { @Value("${fidelius.rotate.uri:}") private Optional rotateUri; - @Value("${fidelius.auth.oauth.tokenUrl:}") + @Value("${fidelius.rotate.oauth.tokenUrl:}") private Optional tokenUrl; - @Value("${fidelius.auth.oauth.tokenUri:}") + @Value("${fidelius.rotate.oauth.tokenUri:}") private Optional tokenUri; - @Value("${fidelius.auth.oauth.clientId:}") + @Value("${fidelius.rotate.oauth.clientId:}") private Optional clientId; - @Value("${fidelius.auth.oauth.clientSecret:}") + @Value("${fidelius.rotate.oauth.clientSecret:}") private Optional clientSecret; private final static String RDS = "rds"; diff --git a/fidelius-service/src/main/java/org/finra/fidelius/services/MembershipService.java b/fidelius-service/src/main/java/org/finra/fidelius/services/MembershipService.java index e597f2c..cb64d70 100644 --- a/fidelius-service/src/main/java/org/finra/fidelius/services/MembershipService.java +++ b/fidelius-service/src/main/java/org/finra/fidelius/services/MembershipService.java @@ -17,13 +17,27 @@ package org.finra.fidelius.services; +import com.google.common.cache.CacheBuilder; +import com.google.common.cache.CacheLoader; +import com.google.common.cache.LoadingCache; +import org.dmfs.httpessentials.client.HttpRequestExecutor; +import org.dmfs.httpessentials.httpurlconnection.HttpUrlConnectionExecutor; +import org.dmfs.oauth2.client.*; +import org.dmfs.oauth2.client.grants.ClientCredentialsGrant; +import org.dmfs.oauth2.client.scope.BasicScope; +import org.dmfs.rfc3986.encoding.Precoded; +import org.dmfs.rfc3986.uris.LazyUri; +import org.dmfs.rfc5545.Duration; import org.finra.fidelius.model.membership.Membership; import org.finra.fidelius.services.rest.RESTService; import org.springframework.beans.factory.annotation.Value; import org.springframework.stereotype.Service; import javax.inject.Inject; +import java.net.URI; import java.util.List; +import java.util.Optional; +import java.util.concurrent.TimeUnit; @Service public class MembershipService { @@ -37,8 +51,8 @@ public class MembershipService { @Value("${fidelius.membership-server-uri}") protected String membershipServerUri; - public List getAllMemberships() { - Membership memberships = restService.makeCall(membershipServerUrl, membershipServerUri, Membership.class); + public List getAllMemberships(String userName) { + Membership memberships = restService.makeCall(membershipServerUrl, membershipServerUri, Membership.class, userName); memberships.getMemberships().replaceAll(String::toUpperCase); return memberships.getMemberships(); diff --git a/fidelius-service/src/main/java/org/finra/fidelius/services/auth/FideliusRoleService.java b/fidelius-service/src/main/java/org/finra/fidelius/services/auth/FideliusRoleService.java index f9e0b37..f8194df 100644 --- a/fidelius-service/src/main/java/org/finra/fidelius/services/auth/FideliusRoleService.java +++ b/fidelius-service/src/main/java/org/finra/fidelius/services/auth/FideliusRoleService.java @@ -65,7 +65,7 @@ public class FideliusRoleService { .expireAfterWrite(10L, TimeUnit.MINUTES) .build(new CacheLoader>>() { public Optional> load(String userName) throws Exception { - return Optional.ofNullable(loadLdapUserMasterMemberships()); + return Optional.ofNullable(loadLdapUserMasterMemberships(userName)); } }); @@ -75,7 +75,7 @@ public Optional> load(String userName) throws Exception { .expireAfterWrite(10L, TimeUnit.MINUTES) .build(new CacheLoader>>() { public Optional> load(String userName) throws Exception { - return Optional.ofNullable(loadLdapUserOpsMemberships()); + return Optional.ofNullable(loadLdapUserOpsMemberships(userName)); } }); @@ -185,13 +185,13 @@ public String fetchAwsAccountId(String accountAlias) { return accountService.getAccountByAlias(accountAlias).getAccountId(); } - private List loadLdapUserMasterMemberships(){ + private List loadLdapUserMasterMemberships(String userName){ List memberships = new ArrayList<>(); fideliusAuthorizationService.getMasterMemberships(masterPattern, opsPattern).forEach((membership) -> { Matcher m = masterPattern.matcher(membership); if(m.find()) { try { - memberships.addAll(membershipService.getAllMemberships()); + memberships.addAll(membershipService.getAllMemberships(userName)); } catch(Exception e) { logger.error("Error getting Master role memberships", e); e.printStackTrace(); @@ -201,13 +201,13 @@ private List loadLdapUserMasterMemberships(){ return memberships; } - private List loadLdapUserOpsMemberships(){ + private List loadLdapUserOpsMemberships(String userName){ List memberships = new ArrayList<>(); fideliusAuthorizationService.getOpsMemberships(masterPattern, opsPattern).forEach((membership) -> { Matcher m = opsPattern.matcher(membership); if(m.find()) { try { - memberships.addAll(membershipService.getAllMemberships()); + memberships.addAll(membershipService.getAllMemberships(userName)); } catch(Exception e) { logger.error("Error getting Ops role memberships", e); e.printStackTrace(); diff --git a/fidelius-service/src/main/java/org/finra/fidelius/services/rest/RESTService.java b/fidelius-service/src/main/java/org/finra/fidelius/services/rest/RESTService.java index cbbf0d3..11833a0 100644 --- a/fidelius-service/src/main/java/org/finra/fidelius/services/rest/RESTService.java +++ b/fidelius-service/src/main/java/org/finra/fidelius/services/rest/RESTService.java @@ -17,15 +17,125 @@ package org.finra.fidelius.services.rest; +import com.google.common.cache.CacheBuilder; +import com.google.common.cache.CacheLoader; +import com.google.common.cache.LoadingCache; +import org.dmfs.httpessentials.client.HttpRequestExecutor; +import org.dmfs.httpessentials.httpurlconnection.HttpUrlConnectionExecutor; +import org.dmfs.oauth2.client.*; +import org.dmfs.oauth2.client.grants.ClientCredentialsGrant; +import org.dmfs.oauth2.client.scope.BasicScope; +import org.dmfs.rfc3986.encoding.Precoded; +import org.dmfs.rfc3986.uris.LazyUri; +import org.dmfs.rfc5545.Duration; +import org.finra.fidelius.services.CredentialsService; +import org.finra.fidelius.services.auth.FideliusRoleService; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.beans.factory.annotation.Value; +import org.springframework.http.HttpEntity; +import org.springframework.http.HttpHeaders; +import org.springframework.http.HttpMethod; import org.springframework.stereotype.Component; import org.springframework.web.client.RestTemplate; +import javax.inject.Inject; +import java.net.URI; +import java.util.Optional; +import java.util.concurrent.TimeUnit; + @Component public class RESTService { + @Value("${fidelius.auth.oauth.clientId:}") + private Optional clientId; + + @Value("${fidelius.auth.oauth.clientSecret:}") + private Optional clientSecret; + + @Value("${fidelius.auth.oauth.tokenUrl:}") + private Optional tokenUrl; + + @Value("${fidelius.auth.oauth.tokenUri:}") + private Optional tokenUri; + + private Logger logger = LoggerFactory.getLogger(RESTService.class); + + private LoadingCache> userOAuth2TokenCache = CacheBuilder.newBuilder() + .maximumSize(1000L) + .concurrencyLevel(10) + .expireAfterWrite(60L, TimeUnit.MINUTES) + .build(new CacheLoader>() { + public Optional load(String user) throws Exception { + return Optional.ofNullable(getOAuth2Header(clientId.get(), clientSecret.get())); + } + }); + public T makeCall(String url, String uri, Class clazz) { RestTemplate restTemplate = new RestTemplate(); String completeUrl = String.format("%s/%s", url, uri); return restTemplate.getForObject(completeUrl, clazz); } + + public T makeCall(String url, String uri, Class clazz, String userName) { + if(oAuth2ConfigProvided()) { + logger.info("OAuth config detected. Fetching token."); + String bearerToken = getOAuth2Token(userName); + return makeCallWithOAuthToken(url, uri, clazz, bearerToken); + } + return makeCall(url, uri, clazz); + } + + public T makeCallWithOAuthToken(String url, String uri, Class clazz, String bearerToken) { + RestTemplate restTemplate = new RestTemplate(); + String completeUrl = String.format("%s/%s", url, uri); + HttpHeaders headers = new HttpHeaders(); + headers.set("Authorization", bearerToken); + HttpEntity requestEntity = new HttpEntity<>(headers); + return restTemplate.exchange(completeUrl, HttpMethod.GET, requestEntity, clazz).getBody(); + } + + private String getOAuth2Header(String username, String password) { + String token = getOAuth2Token(username, password); + if(token.isEmpty()) { + logger.error("Unable to fetch access token."); + return ""; + } + logger.info("Access token fetched."); + return String.format("Bearer %s", token); + } + + private String getOAuth2Token(String username, String password) { + HttpRequestExecutor executor = new HttpUrlConnectionExecutor(); + // Create OAuth2 provider + OAuth2AuthorizationProvider provider = new BasicOAuth2AuthorizationProvider( + URI.create(tokenUrl.get() + "/" + tokenUri.get()), + URI.create(tokenUrl.get() + "/" + tokenUri.get()), + new Duration(1,0,600) //Default expiration time if server does not respond + ); + // Create OAuth2 client credentials + OAuth2ClientCredentials credentials = new BasicOAuth2ClientCredentials(username, password); + //Create OAuth2 client + OAuth2Client client = new BasicOAuth2Client( + provider, + credentials, + new LazyUri(new Precoded("http://localhost")) + ); + try { + OAuth2AccessToken token = new ClientCredentialsGrant(client, new BasicScope("scope")).accessToken(executor); + return token.accessToken().toString(); + } catch(Exception e) { + logger.error("Exception occurred while fetching access token."); + } + return ""; + } + + public String getOAuth2Token(String user) { + return userOAuth2TokenCache.getUnchecked(user).get(); + } + + public boolean oAuth2ConfigProvided() { + return clientId.isPresent() && clientSecret.isPresent() && tokenUrl.isPresent() && tokenUri.isPresent() + && !clientId.get().equals("") && !clientSecret.get().equals("") && !tokenUrl.get().equals("") && !tokenUri.get().equals(""); + } } diff --git a/fidelius-service/src/test/java/org/finra/fidelius/services/MembershipServiceTest.java b/fidelius-service/src/test/java/org/finra/fidelius/services/MembershipServiceTest.java index b1ef235..5414f3c 100644 --- a/fidelius-service/src/test/java/org/finra/fidelius/services/MembershipServiceTest.java +++ b/fidelius-service/src/test/java/org/finra/fidelius/services/MembershipServiceTest.java @@ -68,9 +68,9 @@ public void getAllMemberships() throws Exception { when(restService.makeCall(any(), any(), any())).thenReturn(response); - Assert.assertTrue(membershipService.getAllMemberships().contains("APPLICATION1")); - Assert.assertTrue(membershipService.getAllMemberships().contains("APPLICATION2")); - Assert.assertTrue(membershipService.getAllMemberships().contains("APPLICATION3")); + Assert.assertTrue(membershipService.getAllMemberships("testUser").contains("APPLICATION1")); + Assert.assertTrue(membershipService.getAllMemberships("testUser").contains("APPLICATION2")); + Assert.assertTrue(membershipService.getAllMemberships("testUser").contains("APPLICATION3")); } @@ -79,7 +79,7 @@ public void getEmptyMemberships() throws Exception { when(restService.makeCall(any(), any(), any())).thenReturn(new Membership()); - Assert.assertTrue(membershipService.getAllMemberships().size() == 0); + Assert.assertTrue(membershipService.getAllMemberships("testUser").size() == 0); } -} \ No newline at end of file +} From 46758caba185e10ee502a07ec14380e7bdf44c1d Mon Sep 17 00:00:00 2001 From: Kirik0 Date: Mon, 1 Aug 2022 07:41:00 -1000 Subject: [PATCH 02/10] Updated docs for oauth config --- documentation/prequisites/configuration.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/documentation/prequisites/configuration.md b/documentation/prequisites/configuration.md index 8c699e0..218516c 100644 --- a/documentation/prequisites/configuration.md +++ b/documentation/prequisites/configuration.md @@ -70,3 +70,7 @@ Note: providing the following configuration will enable OAuth 2.0 for the API ca | fidelius.auth.oauth.clientSecret | The Client Secret used when fetching the OAuth 2.0 token. | string | | fidelius.auth.oauth.tokenUrl | The Endpoint Fidelius calls to fetch the OAuth 2.0 token. | string | | fidelius.auth.oauth.tokenUri | The Endpoint URI Fidelius uses to fetch the OAuth 2.0 token. | string | + | fidelius.rotate.oauth.clientId | The Client ID used when fetching the OAuth 2.0 token for the secret rotation endpoint. | string | + | fidelius.rotate.oauth.clientSecret | The Client Secret used when fetching the OAuth 2.0 token for the secret rotation endpoint. | string | + | fidelius.rotate.oauth.tokenUrl | The Endpoint Fidelius calls to fetch the OAuth 2.0 token for the secret rotation endpoint. | string | + | fidelius.rotate.oauth.tokenUri | The Endpoint URI Fidelius uses to fetch the OAuth 2.0 token for the secret rotation endpoint. | string | From 4af592a4560b8eb39f545bf1ddb5c9ba08d5dc07 Mon Sep 17 00:00:00 2001 From: Kirik0 Date: Mon, 1 Aug 2022 08:09:12 -1000 Subject: [PATCH 03/10] Fixed unit test for memberships fetch --- .../org/finra/fidelius/services/MembershipServiceTest.java | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/fidelius-service/src/test/java/org/finra/fidelius/services/MembershipServiceTest.java b/fidelius-service/src/test/java/org/finra/fidelius/services/MembershipServiceTest.java index 5414f3c..25771b6 100644 --- a/fidelius-service/src/test/java/org/finra/fidelius/services/MembershipServiceTest.java +++ b/fidelius-service/src/test/java/org/finra/fidelius/services/MembershipServiceTest.java @@ -66,7 +66,7 @@ public void getAllMemberships() throws Exception { Membership response = new Membership(node); - when(restService.makeCall(any(), any(), any())).thenReturn(response); + when(restService.makeCall(any(), any(), any(), any())).thenReturn(response); Assert.assertTrue(membershipService.getAllMemberships("testUser").contains("APPLICATION1")); Assert.assertTrue(membershipService.getAllMemberships("testUser").contains("APPLICATION2")); @@ -77,7 +77,7 @@ public void getAllMemberships() throws Exception { @Test public void getEmptyMemberships() throws Exception { - when(restService.makeCall(any(), any(), any())).thenReturn(new Membership()); + when(restService.makeCall(any(), any(), any(), any())).thenReturn(new Membership()); Assert.assertTrue(membershipService.getAllMemberships("testUser").size() == 0); From c11e03019beebf6eaf97c8df9425c722d37226e3 Mon Sep 17 00:00:00 2001 From: Kirik0 Date: Fri, 5 Aug 2022 06:54:26 -1000 Subject: [PATCH 04/10] Additional security headers --- .../finra/fidelius/authfilter/UserHeaderFilter.java | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/fidelius-service/src/main/java/org/finra/fidelius/authfilter/UserHeaderFilter.java b/fidelius-service/src/main/java/org/finra/fidelius/authfilter/UserHeaderFilter.java index d4e58d4..b60dd98 100644 --- a/fidelius-service/src/main/java/org/finra/fidelius/authfilter/UserHeaderFilter.java +++ b/fidelius-service/src/main/java/org/finra/fidelius/authfilter/UserHeaderFilter.java @@ -24,6 +24,7 @@ import javax.servlet.*; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequestWrapper; +import javax.servlet.http.HttpServletResponse; import java.io.IOException; import java.security.Principal; import java.util.Optional; @@ -65,11 +66,18 @@ public void init(FilterConfig filterConfig) throws ServletException { public void doFilter(ServletRequest req, ServletResponse res, FilterChain filterChain) throws IOException, ServletException { HttpServletRequest httpReq = (HttpServletRequest) req; + HttpServletResponse httpRes = (HttpServletResponse) res; + httpRes.setHeader("Content-Security-Policy", + "default-src 'self' 'unsafe-inline' 'unsafe-eval'; frame-ancestors *.finra.org"); + httpRes.setHeader("X-XSS-Protection", + "1; mode=block"); + httpRes.setHeader("X-Frame-Options", + "DENY"); Optional userProfile = userProfileParser.parse(httpReq); if (userProfile.isPresent()) { - filterChain.doFilter(new UserProfileRequestWrapper(httpReq, userProfile.get()), res); + filterChain.doFilter(new UserProfileRequestWrapper(httpReq, userProfile.get()), httpRes); } else { - filterChain.doFilter(httpReq, res); + filterChain.doFilter(httpReq, httpRes); } } From 7f1afb9207f799a2c5fe10b1666abe90856dc9bd Mon Sep 17 00:00:00 2001 From: Kirik0 Date: Mon, 8 Aug 2022 07:15:49 -1000 Subject: [PATCH 05/10] Made Content-Security-Policy header configurable --- documentation/prequisites/configuration.md | 21 ++++++++++--------- .../fidelius/authfilter/UserHeaderFilter.java | 16 ++++++++++++-- .../org/finra/fidelius/config/AppConfig.java | 11 ++++++++-- 3 files changed, 34 insertions(+), 14 deletions(-) diff --git a/documentation/prequisites/configuration.md b/documentation/prequisites/configuration.md index 218516c..330bc45 100644 --- a/documentation/prequisites/configuration.md +++ b/documentation/prequisites/configuration.md @@ -37,16 +37,17 @@ Currently Fidelius only supports authorization through LDAP, the application exp ## Application -| Property | Description | Type | -|------------------------------------------------ |------------------------------------------------------------------------------------ |-------- | -| fidelius.membership-server-url | The endpoint of the service Fidelius uses to fetch the Ops/Master memberships | string | -| fidelius.membership-server-uri | The URI Fidelius can use to call the membership service for OPS/Master memberships | string | -| fidelius.dynamoTable | Name of DynamoDB table to be used to store secrets. | string | -| fidelius.kmsKey | KMS key used to encrypt/decrypt secrets. | string | -| fidelius.rotate.url | Secret rotation endpoint URL. | string | -| fidelius.rotate.uri | Secret rotation endpoint URI. | string | -| fidelius.validActiveDirectoryRegularExpression | Regular Expression used to validate secrets marked labeled Active Directory. | string | -| fidelius.validActiveDirectoryDescription | Description of Regular Expression to guide users to enter valid secret | string | +| Property | Description | Type | +|------------------------------------------------ |------------------------------------------------------------------------------------------------------------------- |-------- | +| fidelius.membership-server-url | The endpoint of the service Fidelius uses to fetch the Ops/Master memberships | string | +| fidelius.membership-server-uri | The URI Fidelius can use to call the membership service for OPS/Master memberships | string | +| fidelius.dynamoTable | Name of DynamoDB table to be used to store secrets. | string | +| fidelius.javax.contentSecurityPolicy | (Optional) Content-Security-Policy header to be appended to "default-src 'self' 'unsafe-inline' 'unsafe-eval'; " | string | +| fidelius.kmsKey | KMS key used to encrypt/decrypt secrets. | string | +| fidelius.rotate.url | Secret rotation endpoint URL. | string | +| fidelius.rotate.uri | Secret rotation endpoint URI. | string | +| fidelius.validActiveDirectoryRegularExpression | Regular Expression used to validate secrets marked labeled Active Directory. | string | +| fidelius.validActiveDirectoryDescription | Description of Regular Expression to guide users to enter valid secret | string | ### AWS diff --git a/fidelius-service/src/main/java/org/finra/fidelius/authfilter/UserHeaderFilter.java b/fidelius-service/src/main/java/org/finra/fidelius/authfilter/UserHeaderFilter.java index b60dd98..86466ee 100644 --- a/fidelius-service/src/main/java/org/finra/fidelius/authfilter/UserHeaderFilter.java +++ b/fidelius-service/src/main/java/org/finra/fidelius/authfilter/UserHeaderFilter.java @@ -34,6 +34,8 @@ public class UserHeaderFilter implements Filter { private UserParser userProfileParser; + private String contentSecurityPolicy; + private class UserProfileRequestWrapper extends HttpServletRequestWrapper { private IFideliusUserProfile userProfile; @@ -53,6 +55,11 @@ public UserHeaderFilter(UserParser userProfileParser) { this.userProfileParser = userProfileParser; } + public UserHeaderFilter(UserParser userProfileParser, String contentSecurityPolicy) { + this.userProfileParser = userProfileParser; + this.contentSecurityPolicy = contentSecurityPolicy; + } + public UserHeaderFilter(UserParser... userProfileParsers) { this.userProfileParser = new CompositeParser(userProfileParsers); } @@ -67,8 +74,13 @@ public void doFilter(ServletRequest req, ServletResponse res, FilterChain filterChain) throws IOException, ServletException { HttpServletRequest httpReq = (HttpServletRequest) req; HttpServletResponse httpRes = (HttpServletResponse) res; - httpRes.setHeader("Content-Security-Policy", - "default-src 'self' 'unsafe-inline' 'unsafe-eval'; frame-ancestors *.finra.org"); + if(contentSecurityPolicy != null && !contentSecurityPolicy.equals("")) { + httpRes.setHeader("Content-Security-Policy", + "default-src 'self' 'unsafe-inline' 'unsafe-eval'; " + contentSecurityPolicy); + } else { + httpRes.setHeader("Content-Security-Policy", + "default-src 'self' 'unsafe-inline' 'unsafe-eval'"); + } httpRes.setHeader("X-XSS-Protection", "1; mode=block"); httpRes.setHeader("X-Frame-Options", diff --git a/fidelius-service/src/main/java/org/finra/fidelius/config/AppConfig.java b/fidelius-service/src/main/java/org/finra/fidelius/config/AppConfig.java index 60f2217..cce4193 100644 --- a/fidelius-service/src/main/java/org/finra/fidelius/config/AppConfig.java +++ b/fidelius-service/src/main/java/org/finra/fidelius/config/AppConfig.java @@ -70,6 +70,9 @@ public class AppConfig { @Value("${fidelius.aws.proxyPort:}") private Optional proxyPort; + @Value("${fidelius.javax.contentSecurityPolicy:}") + private Optional contentSecurityPolicy; + private final Logger logger = LoggerFactory.getLogger(AppConfig.class); private final String userIdHeader; @@ -133,7 +136,11 @@ public Docket api() { @AutoConfigureOrder(Ordered.HIGHEST_PRECEDENCE) public FilterRegistrationBean userProfileFilterRegistration() { FilterRegistrationBean userProfileFilterRegistration = new FilterRegistrationBean(); - userProfileFilterRegistration.setFilter(new UserHeaderFilter(new SSOParser(userIdHeader))); + if(contentSecurityPolicy.isPresent() && !contentSecurityPolicy.get().isEmpty()) { + userProfileFilterRegistration.setFilter(new UserHeaderFilter(new SSOParser(userIdHeader), contentSecurityPolicy.get())); + } else { + userProfileFilterRegistration.setFilter(new UserHeaderFilter(new SSOParser(userIdHeader))); + } userProfileFilterRegistration.setOrder(0); return userProfileFilterRegistration; } @@ -177,4 +184,4 @@ public FideliusAuthorizationService fideliusLDAPAuthorizationService(LdapTemplat fideliusUserProfileSupplier, fideliusAuthProperties); } -} \ No newline at end of file +} From f25ae7a5f8b20aacf8ce7722745cd857b01a412a Mon Sep 17 00:00:00 2001 From: Kirik0 Date: Thu, 11 Aug 2022 06:55:54 -1000 Subject: [PATCH 06/10] Added Content-Security-Policy to UI --- fidelius-ui/src/index.html | 1 + 1 file changed, 1 insertion(+) diff --git a/fidelius-ui/src/index.html b/fidelius-ui/src/index.html index b3d404b..df0172c 100755 --- a/fidelius-ui/src/index.html +++ b/fidelius-ui/src/index.html @@ -23,6 +23,7 @@ Fidelius + From 92ebff0c08e675aa0057fb08dafd3873e1b18e29 Mon Sep 17 00:00:00 2001 From: Kirik0 Date: Wed, 31 Aug 2022 11:54:19 -1000 Subject: [PATCH 07/10] Updated Fidelius backend and SDK to use AWS SDK v2 --- fidelius-sdk/pom.xml | 54 ++- .../org/finra/fidelius/CredModelMapper.java | 24 +- .../org/finra/fidelius/FideliusClient.java | 155 ++++--- .../java/org/finra/fidelius/JCredStash.java | 267 ++++++----- .../finra/fidelius/MetadataModelMapper.java | 22 +- .../finra/fidelius/FideliusClientTests.java | 85 +--- .../org/finra/fidelius/JCredStashTest.java | 122 +++-- fidelius-service/pom.xml | 39 +- .../org/finra/fidelius/config/AppConfig.java | 25 +- .../fidelius/factories/AWSSessionFactory.java | 27 +- .../org/finra/fidelius/model/Credential.java | 27 ++ .../fidelius/model/aws/AWSEnvironment.java | 8 +- .../finra/fidelius/model/db/DBCredential.java | 11 +- .../fidelius/services/CredentialsService.java | 228 +++++----- .../fidelius/services/FideliusService.java | 13 +- .../fidelius/services/MigrateService.java | 65 +-- .../services/aws/AWSSessionService.java | 112 ++--- .../services/aws/DynamoDBService.java | 61 +-- .../services/CredentialsServiceTest.java | 426 +++++++++--------- .../fidelius/services/MigrateServiceTest.java | 204 +++++---- .../services/aws/DynamoDBServiceTest.java | 54 +-- 21 files changed, 1017 insertions(+), 1012 deletions(-) diff --git a/fidelius-sdk/pom.xml b/fidelius-sdk/pom.xml index 594a636..ba327ce 100644 --- a/fidelius-sdk/pom.xml +++ b/fidelius-sdk/pom.xml @@ -78,44 +78,60 @@ - 1.11.767 + 2.16.60 + + + + software.amazon.awssdk + bom + ${aws.version} + pom + import + + + + - aws-java-sdk-core - com.amazonaws - ${aws.version} + software.amazon.awssdk + apache-client + + + + software.amazon.awssdk + auth + + + + software.amazon.awssdk + dynamodb - com.amazonaws - aws-java-sdk-dynamodb - ${aws.version} + software.amazon.awssdk + ec2 - com.amazonaws - aws-java-sdk-kms - ${aws.version} + software.amazon.awssdk + kms - com.amazonaws - aws-java-sdk-ec2 - ${aws.version} + software.amazon.awssdk + lambda - com.amazonaws - aws-java-sdk-sts - ${aws.version} + software.amazon.awssdk + rds - com.amazonaws - aws-java-sdk-lambda - ${aws.version} + software.amazon.awssdk + sts diff --git a/fidelius-sdk/src/main/java/org/finra/fidelius/CredModelMapper.java b/fidelius-sdk/src/main/java/org/finra/fidelius/CredModelMapper.java index aa306e3..c93b453 100644 --- a/fidelius-sdk/src/main/java/org/finra/fidelius/CredModelMapper.java +++ b/fidelius-sdk/src/main/java/org/finra/fidelius/CredModelMapper.java @@ -17,7 +17,7 @@ package org.finra.fidelius; -import com.amazonaws.services.dynamodbv2.model.AttributeValue; +import software.amazon.awssdk.services.dynamodb.model.AttributeValue; import java.util.HashMap; import java.util.Map; @@ -31,28 +31,28 @@ private enum DynamoAttributes{ public static Map toDynamo(EncryptedCredential encryptedCredential){ HashMap dynamoRow = new HashMap<>(); - dynamoRow.put(DynamoAttributes.name.name(), new AttributeValue(encryptedCredential.getFullName())); - dynamoRow.put(DynamoAttributes.version.name(), new AttributeValue(encryptedCredential.getVersion())); - dynamoRow.put(DynamoAttributes.key.name(), new AttributeValue(encryptedCredential.getDatakey())); - dynamoRow.put(DynamoAttributes.contents.name(), new AttributeValue(encryptedCredential.getCredential())); - dynamoRow.put(DynamoAttributes.hmac.name(), new AttributeValue(encryptedCredential.getHmac())); + dynamoRow.put(DynamoAttributes.name.name(), AttributeValue.builder().s(encryptedCredential.getFullName()).build()); + dynamoRow.put(DynamoAttributes.version.name(), AttributeValue.builder().s(encryptedCredential.getVersion()).build()); + dynamoRow.put(DynamoAttributes.key.name(), AttributeValue.builder().s(encryptedCredential.getDatakey()).build()); + dynamoRow.put(DynamoAttributes.contents.name(), AttributeValue.builder().s(encryptedCredential.getCredential()).build()); + dynamoRow.put(DynamoAttributes.hmac.name(), AttributeValue.builder().s(encryptedCredential.getHmac()).build()); if(encryptedCredential.getUpdateBy()!=null) - dynamoRow.put(DynamoAttributes.updatedBy.name(), new AttributeValue(encryptedCredential.getUpdateBy())); + dynamoRow.put(DynamoAttributes.updatedBy.name(), AttributeValue.builder().s(encryptedCredential.getUpdateBy()).build()); if(encryptedCredential.getUpdateOn()!=null) - dynamoRow.put(DynamoAttributes.updatedOn.name(), new AttributeValue(encryptedCredential.getUpdateOn())); + dynamoRow.put(DynamoAttributes.updatedOn.name(), AttributeValue.builder().s(encryptedCredential.getUpdateOn()).build()); if(encryptedCredential.getSdlc()!=null) - dynamoRow.put(DynamoAttributes.sdlc.name(), new AttributeValue(encryptedCredential.getSdlc())); + dynamoRow.put(DynamoAttributes.sdlc.name(), AttributeValue.builder().s(encryptedCredential.getSdlc()).build()); if(encryptedCredential.getComponent()!= null) - dynamoRow.put(DynamoAttributes.component.name(), new AttributeValue(encryptedCredential.getComponent())); + dynamoRow.put(DynamoAttributes.component.name(), AttributeValue.builder().s(encryptedCredential.getComponent()).build()); return dynamoRow; } - public static EncryptedCredential fromDynamo(Map dynamoCred){ + public static EncryptedCredential fromDynamo(Map dynamoCred){ return new EncryptedCredential() .setFullName(getAttributeValue(DynamoAttributes.name.name(), dynamoCred)) .setCredential(getAttributeValue(DynamoAttributes.contents.name(),dynamoCred)) @@ -68,7 +68,7 @@ public static EncryptedCredential fromDynamo(Map dynamoCr private static String getAttributeValue(String name, Map dynamoCred){ AttributeValue attributeValue = dynamoCred.get(name); if(attributeValue!=null){ - return attributeValue.getS(); + return attributeValue.s(); } return null; } diff --git a/fidelius-sdk/src/main/java/org/finra/fidelius/FideliusClient.java b/fidelius-sdk/src/main/java/org/finra/fidelius/FideliusClient.java index 279ee06..ef47a40 100755 --- a/fidelius-sdk/src/main/java/org/finra/fidelius/FideliusClient.java +++ b/fidelius-sdk/src/main/java/org/finra/fidelius/FideliusClient.java @@ -17,34 +17,41 @@ package org.finra.fidelius; -import java.util.Collections; +import java.net.URI; import java.util.HashMap; import java.util.List; import java.util.Map; -import com.amazonaws.ClientConfiguration; -import com.amazonaws.auth.AWSCredentialsProvider; -import com.amazonaws.auth.DefaultAWSCredentialsProviderChain; -import com.amazonaws.regions.*; -import com.amazonaws.retry.PredefinedRetryPolicies; -import com.amazonaws.services.dynamodbv2.AmazonDynamoDB; -import com.amazonaws.services.dynamodbv2.AmazonDynamoDBClientBuilder; -import com.amazonaws.services.ec2.AmazonEC2; -import com.amazonaws.services.ec2.AmazonEC2ClientBuilder; -import com.amazonaws.services.ec2.model.*; -import com.amazonaws.services.lambda.AWSLambda; -import com.amazonaws.services.lambda.AWSLambdaClientBuilder; -import com.amazonaws.services.lambda.model.*; -import com.amazonaws.services.kms.AWSKMS; -import com.amazonaws.services.kms.AWSKMSClientBuilder; -import com.amazonaws.services.securitytoken.AWSSecurityTokenService; -import com.amazonaws.services.securitytoken.AWSSecurityTokenServiceClientBuilder; -import com.amazonaws.services.securitytoken.model.GetCallerIdentityRequest; -import com.amazonaws.util.EC2MetadataUtils; import com.fasterxml.jackson.databind.ObjectMapper; import org.apache.commons.lang3.exception.ExceptionUtils; import org.slf4j.Logger; import org.slf4j.LoggerFactory; +import software.amazon.awssdk.auth.credentials.AwsCredentialsProvider; +import software.amazon.awssdk.auth.credentials.AwsCredentialsProviderChain; +import software.amazon.awssdk.auth.credentials.DefaultCredentialsProvider; +import software.amazon.awssdk.awscore.retry.AwsRetryPolicy; +import software.amazon.awssdk.core.client.config.ClientOverrideConfiguration; +import software.amazon.awssdk.core.client.config.SdkClientConfiguration; +import software.amazon.awssdk.core.internal.http.loader.DefaultSdkHttpClientBuilder; +import software.amazon.awssdk.http.SdkHttpClient; +import software.amazon.awssdk.http.apache.ApacheHttpClient; +import software.amazon.awssdk.http.apache.ProxyConfiguration; +import software.amazon.awssdk.http.apache.internal.impl.ApacheSdkHttpClient; +import software.amazon.awssdk.regions.internal.util.EC2MetadataUtils; +import software.amazon.awssdk.services.dynamodb.DynamoDbClient; +import software.amazon.awssdk.services.dynamodb.DynamoDbClientBuilder; +import software.amazon.awssdk.services.ec2.Ec2Client; +import software.amazon.awssdk.services.ec2.Ec2ClientBuilder; +import software.amazon.awssdk.services.ec2.model.*; +import software.amazon.awssdk.services.kms.KmsClient; +import software.amazon.awssdk.services.kms.KmsClientBuilder; +import software.amazon.awssdk.services.lambda.LambdaClient; +import software.amazon.awssdk.services.lambda.LambdaClientBuilder; +import software.amazon.awssdk.services.sts.StsClient; +import software.amazon.awssdk.services.sts.StsClientBuilder; +import software.amazon.awssdk.services.sts.model.GetCallerIdentityRequest; + +import javax.swing.plaf.synth.Region; public class FideliusClient { @@ -52,79 +59,86 @@ public class FideliusClient { private static final ObjectMapper OBJECT_MAPPER = new ObjectMapper(); protected EnvConfig envConfig; + protected ProxyConfiguration proxyConfig; protected JCredStash jCredStash; - protected AWSSecurityTokenService awsSecurityTokenService; + protected StsClient stsClient; - private final AmazonEC2 client; - private final AWSLambda lambda; + private final Ec2Client ec2Client; + private final LambdaClient lambdaClient; public FideliusClient() { - this(null, new DefaultAWSCredentialsProviderChain()); + this(null, AwsCredentialsProviderChain.builder().addCredentialsProvider(DefaultCredentialsProvider.create()).build()); } public FideliusClient(String region) { - this(null, new DefaultAWSCredentialsProviderChain(), region); + this(null, AwsCredentialsProviderChain.builder().addCredentialsProvider(DefaultCredentialsProvider.create()).build(), region); } - public FideliusClient(ClientConfiguration clientConf, AWSCredentialsProvider provider) { + public FideliusClient(ClientOverrideConfiguration clientConf, AwsCredentialsProvider provider) { this(clientConf, provider, null); } - public FideliusClient(ClientConfiguration clientConf, AWSCredentialsProvider provider, String region) { + public FideliusClient(ClientOverrideConfiguration clientConf, AwsCredentialsProvider provider, String region) { envConfig = new EnvConfig(); - ClientConfiguration kmsEc2ClientConfiguration = clientConf; + ClientOverrideConfiguration kmsEc2ClientConfiguration = clientConf; if(clientConf==null){ clientConf = defaultClientConfiguration(envConfig); - clientConf.setRetryPolicy(PredefinedRetryPolicies.DYNAMODB_DEFAULT); kmsEc2ClientConfiguration = defaultClientConfiguration(envConfig); - kmsEc2ClientConfiguration.setRetryPolicy(PredefinedRetryPolicies.getDefaultRetryPolicyWithCustomMaxRetries(5)); } - AmazonDynamoDBClientBuilder ddbBuilder = AmazonDynamoDBClientBuilder.standard() - .withCredentials(provider) - .withClientConfiguration(clientConf); + DynamoDbClientBuilder dynamoDbBuilder = DynamoDbClient.builder() + .credentialsProvider(provider) + .overrideConfiguration(clientConf); - AWSKMSClientBuilder kmsBuilder = AWSKMSClientBuilder.standard() - .withCredentials(provider) - .withClientConfiguration(kmsEc2ClientConfiguration); + KmsClientBuilder kmsBuilder = KmsClient.builder() + .credentialsProvider(provider) + .overrideConfiguration(kmsEc2ClientConfiguration); - AWSSecurityTokenServiceClientBuilder stsBuilder = AWSSecurityTokenServiceClientBuilder.standard() - .withClientConfiguration(clientConf) - .withCredentials(provider); + StsClientBuilder stsBuilder = StsClient.builder() + .overrideConfiguration(clientConf) + .credentialsProvider(provider); - AmazonEC2ClientBuilder clientBuilder = AmazonEC2ClientBuilder.standard() - .withCredentials(provider) - .withClientConfiguration(kmsEc2ClientConfiguration); + Ec2ClientBuilder clientBuilder = Ec2Client.builder() + .credentialsProvider(provider) + .overrideConfiguration(kmsEc2ClientConfiguration); - AWSLambdaClientBuilder lambdaClientBuilder = AWSLambdaClientBuilder.standard() - .withClientConfiguration(clientConf) - .withCredentials(provider); + LambdaClientBuilder lambdaClientBuilder = LambdaClient.builder() + .credentialsProvider(provider) + .overrideConfiguration(clientConf); if(region != null){ - Regions regionEnum = Regions.fromName(region); - ddbBuilder.withRegion(regionEnum); - kmsBuilder.withRegion(regionEnum); - stsBuilder.withRegion(regionEnum); - clientBuilder.withRegion(regionEnum); - lambdaClientBuilder.withRegion(regionEnum); + software.amazon.awssdk.regions.Region awsRegion = software.amazon.awssdk.regions.Region.of(region); + dynamoDbBuilder = dynamoDbBuilder.region(awsRegion); + kmsBuilder = kmsBuilder.region(awsRegion); + stsBuilder = stsBuilder.region(awsRegion); + clientBuilder = clientBuilder.region(awsRegion); + lambdaClientBuilder = lambdaClientBuilder.region(awsRegion); } - lambda = lambdaClientBuilder.build(); - client = clientBuilder.build(); - awsSecurityTokenService = stsBuilder.build(); - jCredStash = new JCredStash(ddbBuilder.build(), kmsBuilder.build(), awsSecurityTokenService); + if(envConfig.hasProxyEnv()) { + SdkHttpClient sdkHttpClient = ApacheHttpClient.builder() + .proxyConfiguration(proxyConfig).build(); + dynamoDbBuilder = dynamoDbBuilder.httpClient(sdkHttpClient); + kmsBuilder = kmsBuilder.httpClient(sdkHttpClient); + stsBuilder = stsBuilder.httpClient(sdkHttpClient); + clientBuilder = clientBuilder.httpClient(sdkHttpClient); + lambdaClientBuilder = lambdaClientBuilder.httpClient(sdkHttpClient); + } + lambdaClient = lambdaClientBuilder.build(); + ec2Client = clientBuilder.build(); + stsClient = stsBuilder.build(); + jCredStash = new JCredStash(dynamoDbBuilder.build(), kmsBuilder.build(), stsClient); } - protected void setFideliusClient(AmazonDynamoDB ddb, AWSKMS kms) { - jCredStash = new JCredStash(ddb, kms, awsSecurityTokenService); + protected void setFideliusClient(DynamoDbClient ddb, KmsClient kms) { + jCredStash = new JCredStash(ddb, kms, stsClient); } - protected ClientConfiguration defaultClientConfiguration(EnvConfig envConfig){ - ClientConfiguration clientConfiguration = new ClientConfiguration(); + protected ClientOverrideConfiguration defaultClientConfiguration(EnvConfig envConfig){ + ClientOverrideConfiguration clientConfiguration = ClientOverrideConfiguration.builder().retryPolicy(AwsRetryPolicy.defaultRetryPolicy()).build(); if(envConfig.hasProxyEnv()) { - clientConfiguration.setProxyHost(envConfig.getProxy()); - clientConfiguration.setProxyPort(Integer.parseInt(envConfig.getPort())); + proxyConfig = ProxyConfiguration.builder().endpoint(URI.create(envConfig.getProxy() + ":" + envConfig.getPort())).build(); } return clientConfiguration; } @@ -161,23 +175,23 @@ protected HashMap getEC2Tags() { String instanceID = EC2MetadataUtils.getInstanceId(); - DescribeInstancesRequest instancesRequest = new DescribeInstancesRequest().withInstanceIds(instanceID); - DescribeInstancesResult instancesResult = client.describeInstances(instancesRequest); + DescribeInstancesRequest instancesRequest = DescribeInstancesRequest.builder().instanceIds(instanceID).build(); + DescribeInstancesResponse instancesResult = ec2Client.describeInstances(instancesRequest); // There should only be one Instance with identical instanceID - List reservations = instancesResult.getReservations(); + List reservations = instancesResult.reservations(); if (reservations.size() > 1) { return null; } Reservation reservation = reservations.get(0); - Instance instance = reservation.getInstances().get(0); - List tagList = instance.getTags(); + Instance instance = reservation.instances().get(0); + List tagList = instance.tags(); HashMap tagMap = new HashMap(); for (Tag t : tagList) { - if (t.getKey().equals(Constants.FID_CONTEXT_APPLICATION) || t.getKey().equals(Constants.FID_CONTEXT_SDLC) || t.getKey().equals(Constants.FID_CONTEXT_COMPONENT)) - tagMap.put(t.getKey(), t.getValue()); + if (t.key().equals(Constants.FID_CONTEXT_APPLICATION) || t.key().equals(Constants.FID_CONTEXT_SDLC) || t.key().equals(Constants.FID_CONTEXT_COMPONENT)) + tagMap.put(t.key(), t.value()); } return tagMap; } @@ -245,7 +259,7 @@ protected String getUser() throws Exception { } protected String getUserIdentity() throws Exception { - return awsSecurityTokenService.getCallerIdentity(new GetCallerIdentityRequest()).getArn(); + return stsClient.getCallerIdentity(GetCallerIdentityRequest.builder().build()).arn(); } /** @@ -507,6 +521,9 @@ protected void deleteCredential(String name, String application, String sdlc, logger.info("User "+ user + " deleted credential " + prefixedName); } catch (RuntimeException e) { // Credential not found logger.info("Credential " + prefixedName + " not found. [" + e.toString() + "] "); + for(StackTraceElement ste : e.getStackTrace()) { + logger.error(ste.toString()); + } throw new RuntimeException(e); } } diff --git a/fidelius-sdk/src/main/java/org/finra/fidelius/JCredStash.java b/fidelius-sdk/src/main/java/org/finra/fidelius/JCredStash.java index 5c3dea1..e5c7a3e 100644 --- a/fidelius-sdk/src/main/java/org/finra/fidelius/JCredStash.java +++ b/fidelius-sdk/src/main/java/org/finra/fidelius/JCredStash.java @@ -17,30 +17,19 @@ package org.finra.fidelius; -import com.amazonaws.ClientConfiguration; -import com.amazonaws.auth.AWSCredentialsProvider; -import com.amazonaws.services.dynamodbv2.AmazonDynamoDB; - -import com.amazonaws.services.dynamodbv2.AmazonDynamoDBClientBuilder; -import com.amazonaws.services.dynamodbv2.document.*; -import com.amazonaws.services.dynamodbv2.document.spec.QuerySpec; -import com.amazonaws.services.dynamodbv2.document.utils.NameMap; -import com.amazonaws.services.dynamodbv2.document.utils.ValueMap; -import com.amazonaws.services.dynamodbv2.model.*; -import com.amazonaws.services.kms.AWSKMS; -import com.amazonaws.services.kms.AWSKMSClientBuilder; -import com.amazonaws.services.kms.model.DecryptRequest; -import com.amazonaws.services.kms.model.DecryptResult; -import com.amazonaws.services.kms.model.GenerateDataKeyRequest; -import com.amazonaws.services.kms.model.GenerateDataKeyResult; -import com.amazonaws.services.securitytoken.AWSSecurityTokenService; -import com.amazonaws.services.securitytoken.AWSSecurityTokenServiceClient; -import com.amazonaws.services.securitytoken.model.GetCallerIdentityRequest; import org.apache.commons.codec.binary.Base64; -import com.amazonaws.services.dynamodbv2.document.BatchWriteItemOutcome; -import com.amazonaws.services.dynamodbv2.document.DynamoDB; -import com.amazonaws.services.dynamodbv2.document.Item; -import com.amazonaws.services.dynamodbv2.document.TableWriteItems; +import software.amazon.awssdk.auth.credentials.AwsCredentialsProvider; +import software.amazon.awssdk.core.SdkBytes; +import software.amazon.awssdk.core.client.config.ClientOverrideConfiguration; +import software.amazon.awssdk.services.dynamodb.DynamoDbClient; +import software.amazon.awssdk.services.dynamodb.model.*; +import software.amazon.awssdk.services.kms.KmsClient; +import software.amazon.awssdk.services.kms.model.DecryptRequest; +import software.amazon.awssdk.services.kms.model.DecryptResponse; +import software.amazon.awssdk.services.kms.model.GenerateDataKeyRequest; +import software.amazon.awssdk.services.kms.model.GenerateDataKeyResponse; +import software.amazon.awssdk.services.sts.StsClient; +import software.amazon.awssdk.services.sts.model.GetCallerIdentityRequest; import java.io.UnsupportedEncodingException; import java.nio.ByteBuffer; @@ -49,87 +38,109 @@ import java.util.*; public class JCredStash { - protected AmazonDynamoDB amazonDynamoDBClient; - protected AWSKMS awskmsClient; + protected DynamoDbClient dynamoDbClient; + protected KmsClient kmsClient; protected CredStashCrypto cryptoImpl; - protected AWSSecurityTokenService awsSecurityTokenService; - protected DynamoDB dynamoDB; + protected StsClient stsClient; + protected static List TABLE_HEADERS = Arrays.asList("name", "component", "sdlc", "contents", "version", "updatedBy", "updatedOn", "key", "hmac", "source", "sourceType"); protected JCredStash() { - this.amazonDynamoDBClient = AmazonDynamoDBClientBuilder.defaultClient(); - this.awskmsClient = AWSKMSClientBuilder.defaultClient(); + this.dynamoDbClient = DynamoDbClient.builder().build(); + this.kmsClient = KmsClient.builder().build(); this.cryptoImpl = new CredStashBouncyCastleCrypto(); - this.awsSecurityTokenService = AWSSecurityTokenServiceClient.builder().withClientConfiguration(new ClientConfiguration()).build(); - this.dynamoDB = new DynamoDB(amazonDynamoDBClient); + this.stsClient = StsClient.builder().overrideConfiguration(ClientOverrideConfiguration.builder().build()).build(); } - protected JCredStash(AWSCredentialsProvider awsCredentialsProvider) { - this.amazonDynamoDBClient = AmazonDynamoDBClientBuilder.standard() - .withCredentials(awsCredentialsProvider) + protected JCredStash(AwsCredentialsProvider awsCredentialsProvider) { + this.dynamoDbClient = DynamoDbClient.builder() + .credentialsProvider(awsCredentialsProvider) .build(); - this.awskmsClient = AWSKMSClientBuilder.standard() - .withCredentials(awsCredentialsProvider) + this.kmsClient = KmsClient.builder() + .credentialsProvider(awsCredentialsProvider) .build(); this.cryptoImpl = new CredStashBouncyCastleCrypto(); - this.awsSecurityTokenService = AWSSecurityTokenServiceClient.builder().withClientConfiguration(new ClientConfiguration()).build(); - this.dynamoDB = new DynamoDB(amazonDynamoDBClient); + this.stsClient = StsClient.builder().overrideConfiguration(ClientOverrideConfiguration.builder().build()).build(); } - protected JCredStash(AmazonDynamoDB amazonDynamoDBClient, AWSKMS awskmsClient) { - this.amazonDynamoDBClient = amazonDynamoDBClient; - this.awskmsClient = awskmsClient; + protected JCredStash(DynamoDbClient amazonDynamoDBClient, KmsClient awskmsClient) { + this.dynamoDbClient = amazonDynamoDBClient; + this.kmsClient = awskmsClient; this.cryptoImpl = new CredStashBouncyCastleCrypto(); - this.awsSecurityTokenService = AWSSecurityTokenServiceClient.builder().withClientConfiguration(new ClientConfiguration()).build(); - this.dynamoDB = new DynamoDB(amazonDynamoDBClient); + this.stsClient = StsClient.builder().overrideConfiguration(ClientOverrideConfiguration.builder().build()).build(); } - protected JCredStash(AmazonDynamoDB amazonDynamoDBClient, AWSKMS awskmsClient, AWSSecurityTokenService awsSecurityTokenService) { - this.amazonDynamoDBClient = amazonDynamoDBClient; - this.awskmsClient = awskmsClient; + protected JCredStash(DynamoDbClient dynamoDbClient, KmsClient kmsClient, StsClient stsClient) { + this.dynamoDbClient = dynamoDbClient; + this.kmsClient = kmsClient; this.cryptoImpl = new CredStashBouncyCastleCrypto(); - this.awsSecurityTokenService = awsSecurityTokenService; - this.dynamoDB = new DynamoDB(amazonDynamoDBClient); + this.stsClient = stsClient; } protected Map readDynamoItem(String tableName, String secret) { // TODO: allow multiple secrets to be fetched by pattern or list // TODO: allow specific version to be fetched - QueryResult queryResult = amazonDynamoDBClient.query(new QueryRequest(tableName) - .withLimit(1) - .withScanIndexForward(false) - .withConsistentRead(true) - .addKeyConditionsEntry("name", new Condition() - .withComparisonOperator(ComparisonOperator.EQ) - .withAttributeValueList(new AttributeValue(secret))) + Map keyConditions = new HashMap<>(); + keyConditions.put("name", Condition.builder() + .attributeValueList( + AttributeValue.builder().s(secret).build() + ) + .comparisonOperator(ComparisonOperator.EQ) + .build()); + keyConditions.put("version", Condition.builder() + .attributeValueList( + AttributeValue.builder().s("0").build() + ) + .comparisonOperator(ComparisonOperator.BEGINS_WITH) + .build()); + QueryResponse queryResponse = dynamoDbClient.query(QueryRequest.builder() + .tableName(tableName) + .limit(1) + .scanIndexForward(false) + .consistentRead(true) + .keyConditions(keyConditions) + .build() ); - if(queryResult.getCount() == 0) { + if(queryResponse.count() == 0) { throw new RuntimeException("Secret " + secret + " could not be found"); } - Map item = queryResult.getItems().get(0); + Map item = queryResponse.items().get(0); return item; } - protected QueryResult getCredentials(String tableName, String secret) { - QueryRequest queryRequest = new QueryRequest(tableName) - .withScanIndexForward(false) - .withConsistentRead(true) - .addKeyConditionsEntry("name", new Condition() - .withComparisonOperator(ComparisonOperator.EQ) - .withAttributeValueList(new AttributeValue(secret))); + protected QueryResponse getCredentials(String tableName, String secret) { + Map keyConditions = new HashMap<>(); + keyConditions.put("name", Condition.builder() + .attributeValueList( + AttributeValue.builder().s(secret).build() + ) + .comparisonOperator(ComparisonOperator.EQ) + .build()); + keyConditions.put("version", Condition.builder() + .attributeValueList( + AttributeValue.builder().s("0").build() + ) + .comparisonOperator(ComparisonOperator.BEGINS_WITH) + .build()); + QueryRequest queryRequest = QueryRequest.builder() + .tableName(tableName) + .scanIndexForward(false) + .consistentRead(true) + .keyConditions(keyConditions) + .build(); - QueryResult queryResult = amazonDynamoDBClient.query(queryRequest); + QueryResponse queryResponse = dynamoDbClient.query(queryRequest); - if(queryResult.getCount() == 0) { + if(queryResponse.count() == 0) { throw new RuntimeException("Secret " + secret + " could not be found"); } - return queryResult; + return queryResponse; } protected String getUpdatedBy() throws Exception { try { - return awsSecurityTokenService.getCallerIdentity(new GetCallerIdentityRequest()).getArn(); + return stsClient.getCallerIdentity(GetCallerIdentityRequest.builder().build()).arn(); } catch(Exception e){ throw new RuntimeException("Error getting user"); } @@ -138,37 +149,33 @@ protected String getUpdatedBy() throws Exception { private ByteBuffer decryptKeyWithKMS(byte[] encryptedKeyBytes, Map context) { ByteBuffer blob = ByteBuffer.wrap(encryptedKeyBytes); - DecryptResult decryptResult = awskmsClient.decrypt(new DecryptRequest().withCiphertextBlob(blob).withEncryptionContext(context)); + DecryptResponse decryptResponse = kmsClient.decrypt(DecryptRequest.builder().ciphertextBlob(SdkBytes.fromByteBuffer(blob)).encryptionContext(context).build()); - return decryptResult.getPlaintext(); + return decryptResponse.plaintext().asByteBuffer(); } protected int getHighestVersion(String name, String tableName) { + HashMap attributeName = new HashMap(); + HashMap attributeValue = new HashMap(); + attributeName.put("#n", "name"); + attributeValue.put(":v_name", AttributeValue.builder().s(name).build()); + QueryRequest spec = QueryRequest.builder() + .tableName(tableName) + .scanIndexForward(false) + .consistentRead(true) + .keyConditionExpression("#n = :v_name") + .expressionAttributeValues(attributeValue) + .expressionAttributeNames(attributeName) + .projectionExpression("version") + .build(); - DynamoDB dynamoDB = new DynamoDB(amazonDynamoDBClient); - Table table = dynamoDB.getTable(tableName); - - QuerySpec spec = new QuerySpec() - .withScanIndexForward(false) - .withConsistentRead(true) - .withKeyConditionExpression("#n = :v_name") - .withValueMap(new ValueMap() - .withString(":v_name", name) - ) - .withNameMap(new NameMap() - .with("#n", "name") - ) - .withProjectionExpression("version"); - - ItemCollection items = table.query(spec); + List> items = dynamoDbClient.query(spec).items(); - Integer maxVersion = 0; - Iterator iter = items.iterator(); - while (iter.hasNext()) { - Item next = iter.next(); - Integer version = new Integer((String) next.get("version")); - if (version.compareTo(maxVersion) > 0) { - maxVersion = version.intValue(); + int maxVersion = 0; + for(Map item : items) { + int version = Integer.parseInt(item.get("version").s()); + if(version > maxVersion) { + maxVersion = version; } } return maxVersion; @@ -219,12 +226,13 @@ protected String decrypt(EncryptedCredential encryptedCredential, Map context){ // generate a 64 byte key with KMS // half for data encryption, other half for HMAC - GenerateDataKeyRequest dataKeyRequest = new GenerateDataKeyRequest() - .withKeyId(kmsKey) - .withEncryptionContext(context) - .withNumberOfBytes(64); - GenerateDataKeyResult dataKeyResult = awskmsClient.generateDataKey(dataKeyRequest); - byte[] resultArray = dataKeyResult.getPlaintext().array(); + GenerateDataKeyRequest dataKeyRequest = GenerateDataKeyRequest.builder() + .keyId(kmsKey) + .encryptionContext(context) + .numberOfBytes(64) + .build(); + GenerateDataKeyResponse dataKeyResponse = kmsClient.generateDataKey(dataKeyRequest); + byte[] resultArray = dataKeyResponse.plaintext().asByteArray(); byte[] dataKey = Arrays.copyOfRange(resultArray, 0, 32); byte[] hmacKey = Arrays.copyOfRange(resultArray, 32, resultArray.length); @@ -234,7 +242,7 @@ protected EncryptedCredential encrypt(String name, String credential, String ver CredStashBouncyCastleCrypto crypto = new CredStashBouncyCastleCrypto(); byte[] encryptedContents = crypto.encrypt(dataKey, credential.getBytes()); byte[] hmac = crypto.digest(hmacKey, encryptedContents); - byte[] wrappedKey = dataKeyResult.getCiphertextBlob().array(); + byte[] wrappedKey = dataKeyResponse.ciphertextBlob().asByteArray(); // format the hmac digest as a string containing only hexadecimal digits // see: @@ -314,10 +322,13 @@ protected void putSecret(String tableName, String secretName, String contents, S HashMap cond = new HashMap<>(); cond.put("#n", "name"); - PutItemRequest request = new PutItemRequest(tableName, data) - .withConditionExpression("attribute_not_exists(#n)") - .withExpressionAttributeNames(cond); - amazonDynamoDBClient.putItem(request); + PutItemRequest request = PutItemRequest.builder() + .tableName(tableName) + .item(data) + .conditionExpression("attribute_not_exists(#n)") + .expressionAttributeNames(cond) + .build(); + dynamoDbClient.putItem(request); } protected void putMetadata(String tableName, String secretName, String version, String sourceType, @@ -343,22 +354,29 @@ protected void putMetadata(String tableName, String secretName, String version, HashMap cond = new HashMap<>(); cond.put("#n", "name"); - PutItemRequest request = new PutItemRequest(tableName, data) - .withConditionExpression("attribute_not_exists(#n)") - .withExpressionAttributeNames(cond); - amazonDynamoDBClient.putItem(request); + PutItemRequest request = PutItemRequest.builder() + .tableName(tableName) + .item(data) + .conditionExpression("attribute_not_exists(#n)") + .expressionAttributeNames(cond) + .build(); + dynamoDbClient.putItem(request); } protected void deleteSecret(String tableName, String secretName) throws InterruptedException { - QueryResult queryResult = getCredentials(tableName, secretName); - - TableWriteItems itemsToDelete = new TableWriteItems(tableName); - for ( Map item :queryResult.getItems()) { - itemsToDelete.addHashAndRangePrimaryKeyToDelete( - "name", item.get("name").getS(), - "version", item.get("version").getS()); + QueryResponse queryResponse = getCredentials(tableName, secretName); + Map> writeRequestMap = new HashMap<>(); + List writeRequests = new ArrayList<>(); + for (Map item : queryResponse.items()) { + Map preppedItemMap = filterItemMapForDeletion(item); + WriteRequest writeRequest = WriteRequest.builder() + .deleteRequest(DeleteRequest.builder().key(preppedItemMap).build() + ).build(); + writeRequests.add(writeRequest); } + writeRequestMap.put(tableName, writeRequests); + BatchWriteItemRequest batchWriteItemRequest = BatchWriteItemRequest.builder().requestItems(writeRequestMap).build(); Map> unprocessed = null ; int attempts = 0; @@ -368,18 +386,19 @@ protected void deleteSecret(String tableName, String secretName) throws Interrup Thread.sleep((1 << attempts) * 1000); } attempts++; - BatchWriteItemOutcome outcome; - if (unprocessed == null || unprocessed.size() > 0) { - // handle initial request - outcome = dynamoDB.batchWriteItem(itemsToDelete); - } else { - // handle unprocessed items - outcome = dynamoDB.batchWriteItemUnprocessed(unprocessed); - } - unprocessed = outcome.getUnprocessedItems(); + BatchWriteItemResponse batchWriteItemResponse = dynamoDbClient.batchWriteItem(batchWriteItemRequest); + unprocessed = batchWriteItemResponse.unprocessedItems(); + batchWriteItemRequest = BatchWriteItemRequest.builder().requestItems(unprocessed).build(); } while (unprocessed.size() > 0 && attempts < 6); if(unprocessed.size() > 0) throw new RuntimeException("Error deleting secret " + secretName + " with " + unprocessed.size() + " versions not deleted"); } + + private Map filterItemMapForDeletion(Map items) { + HashMap populatedItem = new HashMap<>(); + populatedItem.put("name", items.get("name")); + populatedItem.put("version", items.get("version")); + return populatedItem; + } } diff --git a/fidelius-sdk/src/main/java/org/finra/fidelius/MetadataModelMapper.java b/fidelius-sdk/src/main/java/org/finra/fidelius/MetadataModelMapper.java index 8b723d3..60af831 100644 --- a/fidelius-sdk/src/main/java/org/finra/fidelius/MetadataModelMapper.java +++ b/fidelius-sdk/src/main/java/org/finra/fidelius/MetadataModelMapper.java @@ -17,7 +17,7 @@ package org.finra.fidelius; -import com.amazonaws.services.dynamodbv2.model.AttributeValue; +import software.amazon.awssdk.services.dynamodb.model.AttributeValue; import java.util.HashMap; import java.util.Map; @@ -31,27 +31,27 @@ private enum DynamoAttributes{ public static Map toDynamo(MetadataParameters metadataParameters){ HashMap dynamoRow = new HashMap<>(); - dynamoRow.put(DynamoAttributes.name.name(), new AttributeValue(metadataParameters.getFullName())); - dynamoRow.put(DynamoAttributes.version.name(), new AttributeValue(metadataParameters.getVersion())); - dynamoRow.put(DynamoAttributes.sourceType.name(), new AttributeValue(metadataParameters.getSourceType())); - dynamoRow.put(DynamoAttributes.source.name(), new AttributeValue(metadataParameters.getSource())); + dynamoRow.put(DynamoAttributes.name.name(), AttributeValue.builder().s(metadataParameters.getFullName()).build()); + dynamoRow.put(DynamoAttributes.version.name(), AttributeValue.builder().s(metadataParameters.getVersion()).build()); + dynamoRow.put(DynamoAttributes.sourceType.name(), AttributeValue.builder().s(metadataParameters.getSourceType()).build()); + dynamoRow.put(DynamoAttributes.source.name(), AttributeValue.builder().s(metadataParameters.getSource()).build()); if(metadataParameters.getUpdateBy()!=null) - dynamoRow.put(DynamoAttributes.updatedBy.name(), new AttributeValue(metadataParameters.getUpdateBy())); + dynamoRow.put(DynamoAttributes.updatedBy.name(), AttributeValue.builder().s(metadataParameters.getUpdateBy()).build()); if(metadataParameters.getUpdateOn()!=null) - dynamoRow.put(DynamoAttributes.updatedOn.name(), new AttributeValue(metadataParameters.getUpdateOn())); + dynamoRow.put(DynamoAttributes.updatedOn.name(), AttributeValue.builder().s(metadataParameters.getUpdateOn()).build()); if(metadataParameters.getSdlc()!=null) - dynamoRow.put(DynamoAttributes.sdlc.name(), new AttributeValue(metadataParameters.getSdlc())); + dynamoRow.put(DynamoAttributes.sdlc.name(), AttributeValue.builder().s(metadataParameters.getSdlc()).build()); if(metadataParameters.getComponent()!= null) - dynamoRow.put(DynamoAttributes.component.name(), new AttributeValue(metadataParameters.getComponent())); + dynamoRow.put(DynamoAttributes.component.name(), AttributeValue.builder().s(metadataParameters.getComponent()).build()); return dynamoRow; } - public static MetadataParameters fromDynamo(Map dynamoCred){ + public static MetadataParameters fromDynamo(Map dynamoCred){ return new MetadataParameters() .setFullName(getAttributeValue(DynamoAttributes.name.name(), dynamoCred)) .setVersion(getAttributeValue(DynamoAttributes.version.name(),dynamoCred)) @@ -66,7 +66,7 @@ public static MetadataParameters fromDynamo(Map dynamoCre private static String getAttributeValue(String name, Map dynamoCred){ AttributeValue attributeValue = dynamoCred.get(name); if(attributeValue!=null){ - return attributeValue.getS(); + return attributeValue.s(); } return null; } diff --git a/fidelius-sdk/src/test/java/org/finra/fidelius/FideliusClientTests.java b/fidelius-sdk/src/test/java/org/finra/fidelius/FideliusClientTests.java index 55564d9..80c7631 100644 --- a/fidelius-sdk/src/test/java/org/finra/fidelius/FideliusClientTests.java +++ b/fidelius-sdk/src/test/java/org/finra/fidelius/FideliusClientTests.java @@ -18,10 +18,8 @@ package org.finra.fidelius; -import com.amazonaws.ClientConfiguration; -import com.amazonaws.services.securitytoken.AWSSecurityTokenService; -import com.amazonaws.services.securitytoken.model.GetCallerIdentityRequest; import org.junit.Assert; +import org.junit.Ignore; import org.junit.Test; import org.junit.runner.RunWith; import org.powermock.api.mockito.PowerMockito; @@ -30,6 +28,10 @@ import org.powermock.modules.junit4.PowerMockRunner; import org.slf4j.Logger; import org.slf4j.LoggerFactory; +import software.amazon.awssdk.core.client.config.ClientOverrideConfiguration; +import software.amazon.awssdk.http.SdkHttpClient; +import software.amazon.awssdk.services.sts.StsClient; +import software.amazon.awssdk.services.sts.model.GetCallerIdentityRequest; import java.util.HashMap; @@ -389,65 +391,6 @@ public void testNoTagsNoEnvNoParms() throws Exception { doThrow(new Exception("Application or SDLC not specified and cannot be retrieved from tags or environment.")).when(fideliusClient).putCredential("somecred","somepwd",null,null,null,"sometable","somekey"); - } - - @Test - public void testProxyConfig() throws Exception { - - JCredStash jCredStashMock = mock(JCredStash.class); - - HashMap envMap = new HashMap(); - envMap.put("CRED_PROXY","someproxy"); - envMap.put("CRED_PORT","1000"); - - EnvConfig envConfigMock = spy(new EnvConfig()); - when(envConfigMock.getEnvVars()).thenReturn(envMap); - PowerMockito.whenNew(EnvConfig.class).withNoArguments().thenReturn(envConfigMock); - - - ClientConfiguration clientConfigurationMock = spy(new ClientConfiguration()); - PowerMockito.whenNew(ClientConfiguration.class).withAnyArguments().thenReturn(clientConfigurationMock); - - - FideliusClient jCredStashFx = spy(new FideliusClient()); - - jCredStashFx.jCredStash = jCredStashMock; - - Assert.assertEquals(clientConfigurationMock.getProxyHost(), "someproxy"); - Assert.assertEquals(clientConfigurationMock.getProxyPort(), 1000); - - - - } - - @Test - public void testNoProxyConfig() throws Exception { - - JCredStash jCredStashMock = mock(JCredStash.class); - - HashMap envMap = new HashMap(); - - EnvConfig envConfigMock = spy(new EnvConfig()); - when(envConfigMock.getEnvVars()).thenReturn(envMap); - PowerMockito.whenNew(EnvConfig.class).withNoArguments().thenReturn(envConfigMock); - - - ClientConfiguration clientConfigurationMock = spy(new ClientConfiguration()); - PowerMockito.whenNew(ClientConfiguration.class).withAnyArguments().thenReturn(clientConfigurationMock); - - - FideliusClient fideliusClient = spy(new FideliusClient()); - - fideliusClient.jCredStash = jCredStashMock; - - Assert.assertEquals(clientConfigurationMock.getProxyHost(), null); - Assert.assertEquals(clientConfigurationMock.getProxyPort(), -1); - - Assert.assertEquals(envConfigMock.getProxy(),null); - Assert.assertEquals(envConfigMock.getPort(),null); - Assert.assertFalse(envConfigMock.hasProxyEnv()); - - } @Test(expected = RuntimeException.class) @@ -612,12 +555,12 @@ public void usernameGetsLoggedOnGetCredentialWithoutUserNamePassed() throws Exce public void errorWhenFailToGetUserOnGetCredential() throws Exception { JCredStash jCredStashMock = spy(JCredStash.class); FideliusClient fideliusClient = spy(FideliusClient.class); - AWSSecurityTokenService awsSecurityTokenService = spy(AWSSecurityTokenService.class); + StsClient awsSecurityTokenService = spy(StsClient.class); - doThrow(new RuntimeException("AWS Cannot get Identity Error")).when(awsSecurityTokenService).getCallerIdentity(new GetCallerIdentityRequest()); + doThrow(new RuntimeException("AWS Cannot get Identity Error")).when(awsSecurityTokenService).getCallerIdentity(any(GetCallerIdentityRequest.class)); fideliusClient.jCredStash = jCredStashMock; - fideliusClient.awsSecurityTokenService = awsSecurityTokenService; + fideliusClient.stsClient = awsSecurityTokenService; String result = fideliusClient.getCredential("secret", "app", "dev", "component", "table"); @@ -630,7 +573,7 @@ public void errorWhenFailToGetUserOnGetCredential() throws Exception { public void errorWhenFailToGetUserOnPutCredential() throws Exception { JCredStash jCredStashMock = spy(JCredStash.class); FideliusClient fideliusClient = spy(FideliusClient.class); - AWSSecurityTokenService awsSecurityTokenService = spy(AWSSecurityTokenService.class); + StsClient awsSecurityTokenService = spy(StsClient.class); HashMap context = new HashMap(); context.put("Application", "APP"); context.put("SDLC", "dev"); @@ -639,10 +582,10 @@ public void errorWhenFailToGetUserOnPutCredential() throws Exception { doNothing().when(jCredStashMock).putSecret(anyString(), anyString(), anyString(), anyString(), anyString(), anyString(), anyMapOf(String.class, String.class)); doReturn(0).when(jCredStashMock).getHighestVersion(anyString(), anyString()); - doThrow(new RuntimeException("AWS Cannot get Identity Error")).when(awsSecurityTokenService).getCallerIdentity(new GetCallerIdentityRequest()); + doThrow(new RuntimeException("AWS Cannot get Identity Error")).when(awsSecurityTokenService).getCallerIdentity(any(GetCallerIdentityRequest.class)); fideliusClient.jCredStash = jCredStashMock; - fideliusClient.awsSecurityTokenService = awsSecurityTokenService; + fideliusClient.stsClient = awsSecurityTokenService; fideliusClient.putCredential("somecred","somepwd","someapp","somesdlc",null,"sometable", null, "somekey"); } @@ -653,13 +596,13 @@ public void errorWhenFailToGetUserOnPutCredential() throws Exception { public void errorWhenFailToGetUserOnDeleteCredential() throws Exception { JCredStash jCredStashMock = spy(JCredStash.class); FideliusClient fideliusClient = spy(FideliusClient.class); - AWSSecurityTokenService awsSecurityTokenService = spy(AWSSecurityTokenService.class); + StsClient awsSecurityTokenService = spy(StsClient.class); - doThrow(new RuntimeException("AWS Cannot get Identity Error")).when(awsSecurityTokenService).getCallerIdentity(new GetCallerIdentityRequest()); + doThrow(new RuntimeException("AWS Cannot get Identity Error")).when(awsSecurityTokenService).getCallerIdentity(any(GetCallerIdentityRequest.class)); doNothing().when(jCredStashMock).deleteSecret(anyString(), anyString()); fideliusClient.jCredStash = jCredStashMock; - fideliusClient.awsSecurityTokenService = awsSecurityTokenService; + fideliusClient.stsClient = awsSecurityTokenService; fideliusClient.deleteCredential("secret", "app", "dev", "component", "table", null); } diff --git a/fidelius-sdk/src/test/java/org/finra/fidelius/JCredStashTest.java b/fidelius-sdk/src/test/java/org/finra/fidelius/JCredStashTest.java index b22105a..4a860e4 100644 --- a/fidelius-sdk/src/test/java/org/finra/fidelius/JCredStashTest.java +++ b/fidelius-sdk/src/test/java/org/finra/fidelius/JCredStashTest.java @@ -17,20 +17,17 @@ package org.finra.fidelius; -import com.amazonaws.services.dynamodbv2.AmazonDynamoDBClient; -import com.amazonaws.services.dynamodbv2.document.BatchWriteItemOutcome; -import com.amazonaws.services.dynamodbv2.document.DynamoDB; -import com.amazonaws.services.dynamodbv2.document.TableWriteItems; -import com.amazonaws.services.dynamodbv2.model.*; -import com.amazonaws.services.securitytoken.AWSSecurityTokenService; -import com.amazonaws.services.securitytoken.model.GetCallerIdentityResult; import org.junit.Test; import org.junit.runner.RunWith; -import org.mockito.Mockito; import org.powermock.api.mockito.PowerMockito; import org.powermock.core.classloader.annotations.PowerMockIgnore; import org.powermock.core.classloader.annotations.PrepareForTest; import org.powermock.modules.junit4.PowerMockRunner; +import software.amazon.awssdk.services.dynamodb.DynamoDbClient; +import software.amazon.awssdk.services.dynamodb.model.*; +import software.amazon.awssdk.services.sts.StsClient; +import software.amazon.awssdk.services.sts.model.GetCallerIdentityRequest; +import software.amazon.awssdk.services.sts.model.GetCallerIdentityResponse; import java.util.*; @@ -41,25 +38,26 @@ @PowerMockIgnore( {"javax.management.*","javax.net.ssl.*"}) public class JCredStashTest { - private QueryResult getMockQueryResult(int numberOfResults){ + private QueryResponse getMockQueryResult(int numberOfResults){ - Collection> collection = new ArrayList<>(); + Collection> collection = new ArrayList<>(); for (int i = 0; i < numberOfResults; i++) { Map map = new HashMap<>(); - map.put("updatedBy", new AttributeValue("arn:aws:sts::123456789876:assumed-role/private_aws_application_dev/L25000")); - map.put("contents", new AttributeValue("BvmeuWljKK9oMFDSTKHW10HWyw==")); - map.put("hmac", new AttributeValue("6416846cd12b6c45305fc3202092af143378809bf2c5378ab0a12a24d68ac19d==")); - map.put("name", new AttributeValue("APP.dev.loadtesting3913==")); - map.put("version", new AttributeValue("000000000000000000" + (i+1))); - map.put("key", new AttributeValue("AQEBAHiR3vsV8dujB9GydJpKBtZhC3nKVikt90I4dcYRRv5e3wAAAKIwgZ8GCSqGSIb3DQEHBqCBkTCBjgIBADCBiAYJKoZIhvcNAQcBMB4GCWCGSAFlAwQBLjARBAw7QrBVksiA")); + map.put("updatedBy", AttributeValue.builder().s("arn:aws:sts::123456789876:assumed-role/private_aws_application_dev/L25000").build()); + map.put("contents", AttributeValue.builder().s("BvmeuWljKK9oMFDSTKHW10HWyw==").build()); + map.put("hmac", AttributeValue.builder().s("6416846cd12b6c45305fc3202092af143378809bf2c5378ab0a12a24d68ac19d==").build()); + map.put("name", AttributeValue.builder().s("APP.dev.loadtesting3913==").build()); + map.put("version", AttributeValue.builder().s("000000000000000000" + (i+1)).build()); + map.put("key", AttributeValue.builder().s("AQEBAHiR3vsV8dujB9GydJpKBtZhC3nKVikt90I4dcYRRv5e3wAAAKIwgZ8GCSqGSIb3DQEHBqCBkTCBjgIBADCBiAYJKoZIhvcNAQcBMB4GCWCGSAFlAwQBLjARBAw7QrBVksiA").build()); collection.add(map); } - QueryResult queryResult = new QueryResult(); - queryResult.setItems(collection); - queryResult.setCount(numberOfResults); - queryResult.setScannedCount(numberOfResults); + QueryResponse queryResult = QueryResponse.builder() + .items(collection) + .count(numberOfResults) + .scannedCount(numberOfResults) + .build(); return queryResult; } @@ -67,81 +65,75 @@ private QueryResult getMockQueryResult(int numberOfResults){ @Test public void testDeletingCredentialWith2Versions() throws Exception { - QueryResult queryResult = getMockQueryResult(2); - AmazonDynamoDBClient amazonDynamoDBClient = spy(AmazonDynamoDBClient.class); - DynamoDB dynamoDB = mock(DynamoDB.class); + QueryResponse queryResult = getMockQueryResult(2); + DynamoDbClient amazonDynamoDBClient = spy(DynamoDbClient.class); + DynamoDbClient dynamoDB = mock(DynamoDbClient.class); JCredStash jCredStash = new JCredStash(); - BatchWriteItemResult result = new BatchWriteItemResult().withUnprocessedItems(new HashMap<>()); - BatchWriteItemOutcome outcome = new BatchWriteItemOutcome(result); + BatchWriteItemResponse result = BatchWriteItemResponse.builder().unprocessedItems(new HashMap<>()).build(); - jCredStash.amazonDynamoDBClient = amazonDynamoDBClient; - jCredStash.dynamoDB = dynamoDB; + jCredStash.dynamoDbClient = amazonDynamoDBClient; - doReturn(queryResult).when(amazonDynamoDBClient).query(anyObject()); - doReturn(outcome).when(dynamoDB).batchWriteItem(any(TableWriteItems.class)); + doReturn(queryResult).when(amazonDynamoDBClient).query(any(QueryRequest.class)); + doReturn(result).when(amazonDynamoDBClient).batchWriteItem(any(BatchWriteItemRequest.class)); jCredStash.deleteSecret("test", "secret"); - verify(dynamoDB,times(1)).batchWriteItem(any(TableWriteItems.class)); + verify(dynamoDB,times(1)).batchWriteItem(any(BatchWriteItemRequest.class)); } @Test public void testDeletingCredentialWith1Versions() throws Exception { - QueryResult queryResult = getMockQueryResult(1); - AmazonDynamoDBClient amazonDynamoDBClient = spy(AmazonDynamoDBClient.class); - DynamoDB dynamoDB = mock(DynamoDB.class); + QueryResponse queryResult = getMockQueryResult(1); + DynamoDbClient amazonDynamoDBClient = spy(DynamoDbClient.class); + DynamoDbClient dynamoDB = mock(DynamoDbClient.class); JCredStash jCredStash = new JCredStash(); - BatchWriteItemResult result = new BatchWriteItemResult().withUnprocessedItems(new HashMap<>()); - BatchWriteItemOutcome outcome = new BatchWriteItemOutcome(result); + BatchWriteItemResponse result = BatchWriteItemResponse.builder().unprocessedItems(new HashMap<>()).build(); - jCredStash.amazonDynamoDBClient = amazonDynamoDBClient; - jCredStash.dynamoDB = dynamoDB; + jCredStash.dynamoDbClient = amazonDynamoDBClient; - doReturn(queryResult).when(amazonDynamoDBClient).query(anyObject()); - doReturn(outcome).when(dynamoDB).batchWriteItem(any(TableWriteItems.class)); + doReturn(queryResult).when(amazonDynamoDBClient).query(any(QueryRequest.class)); + doReturn(result).when(amazonDynamoDBClient).batchWriteItem(any(BatchWriteItemRequest.class)); jCredStash.deleteSecret("test", "secret"); - verify(dynamoDB,times(1)).batchWriteItem(any(TableWriteItems.class)); + verify(dynamoDB,times(1)).batchWriteItem(any(BatchWriteItemRequest.class)); } @Test(expected = RuntimeException.class) public void testDeletingCredentialFailed() throws Exception, InterruptedException { - QueryResult queryResult = getMockQueryResult(1); - AmazonDynamoDBClient amazonDynamoDBClient = spy(AmazonDynamoDBClient.class); - DynamoDB dynamoDB = mock(DynamoDB.class); + QueryResponse queryResult = getMockQueryResult(1); + DynamoDbClient amazonDynamoDBClient = spy(DynamoDbClient.class); + DynamoDbClient dynamoDB = mock(DynamoDbClient.class); JCredStash jCredStash = new JCredStash(); //Add unprocessed item HashMap> unprocessedItem = new HashMap<>(); unprocessedItem.put("secret", new ArrayList<>()); - BatchWriteItemResult result = new BatchWriteItemResult().withUnprocessedItems(unprocessedItem); - BatchWriteItemOutcome outcome = new BatchWriteItemOutcome(result); + BatchWriteItemResponse result = BatchWriteItemResponse.builder().unprocessedItems(unprocessedItem).build(); - jCredStash.amazonDynamoDBClient = amazonDynamoDBClient; - jCredStash.dynamoDB = dynamoDB; + jCredStash.dynamoDbClient = amazonDynamoDBClient; PowerMockito.mockStatic(Thread.class); - doReturn(queryResult).when(amazonDynamoDBClient).query(anyObject()); - doReturn(outcome).when(dynamoDB).batchWriteItem(any(TableWriteItems.class)); + doReturn(queryResult).when(amazonDynamoDBClient).query(any(QueryRequest.class)); + doReturn(result).when(dynamoDB).batchWriteItem(any(BatchWriteItemRequest.class)); jCredStash.deleteSecret("test", "secret"); - verify(dynamoDB,times(1)).batchWriteItem(any(TableWriteItems.class)); + verify(dynamoDB,times(1)).batchWriteItem(any(BatchWriteItemRequest.class)); } @Test(expected = RuntimeException.class) public void testDeletingCredentialNotFound() throws Exception { - QueryResult queryResult = getMockQueryResult(0); - AmazonDynamoDBClient amazonDynamoDBClient = spy(AmazonDynamoDBClient.class); + QueryResponse queryResult = getMockQueryResult(0); + DynamoDbClient amazonDynamoDBClient = spy(DynamoDbClient.class); JCredStash jCredStash = new JCredStash(); - jCredStash.amazonDynamoDBClient = amazonDynamoDBClient; + jCredStash.dynamoDbClient = amazonDynamoDBClient; - doReturn(queryResult).when(amazonDynamoDBClient).query(anyObject()); - doReturn(new DeleteItemResult()).when(amazonDynamoDBClient).deleteItem(anyObject()); + doReturn(queryResult).when(amazonDynamoDBClient).query(any(QueryRequest.class)); + doReturn(DeleteItemResponse.builder().build()).when(amazonDynamoDBClient).deleteItem(any(DeleteItemRequest.class)); jCredStash.deleteSecret("test", "secret"); } @@ -150,12 +142,13 @@ public void testDeletingCredentialNotFound() throws Exception { public void getUpdatedByShouldReturnCurrentIAMUser() throws Exception{ JCredStash jCredStash = new JCredStash(); - AWSSecurityTokenService awsSecurityTokenService = spy(AWSSecurityTokenService.class); - GetCallerIdentityResult callerIdentityResult = new GetCallerIdentityResult(); - callerIdentityResult.setArn("arn:aws:sts::123456789876:assumed-role/private_aws_application_dev/L25000"); - jCredStash.awsSecurityTokenService = awsSecurityTokenService; + StsClient awsSecurityTokenService = spy(StsClient.class); + GetCallerIdentityResponse callerIdentityResult = GetCallerIdentityResponse.builder() + .arn("arn:aws:sts::123456789876:assumed-role/private_aws_application_dev/L25000") + .build(); + jCredStash.stsClient = awsSecurityTokenService; - doReturn(callerIdentityResult).when(awsSecurityTokenService).getCallerIdentity(anyObject()); + doReturn(callerIdentityResult).when(awsSecurityTokenService).getCallerIdentity(any(GetCallerIdentityRequest.class)); String user = jCredStash.getUpdatedBy(); @@ -166,11 +159,12 @@ public void getUpdatedByShouldReturnCurrentIAMUser() throws Exception{ public void returnErrorGettingUser() throws Exception{ JCredStash jCredStash = new JCredStash(); - AWSSecurityTokenService awsSecurityTokenService = spy(AWSSecurityTokenService.class); - GetCallerIdentityResult callerIdentityResult = new GetCallerIdentityResult(); - callerIdentityResult.setArn("arn:aws:sts::123456789876:assumed-role/private_aws_application_dev/L25000"); + StsClient awsSecurityTokenService = spy(StsClient.class); + GetCallerIdentityResponse callerIdentityResult = GetCallerIdentityResponse.builder() + .arn("arn:aws:sts::123456789876:assumed-role/private_aws_application_dev/L25000") + .build(); - doReturn(callerIdentityResult).when(awsSecurityTokenService).getCallerIdentity(anyObject()); + doReturn(callerIdentityResult).when(awsSecurityTokenService).getCallerIdentity(any(GetCallerIdentityRequest.class)); String user = jCredStash.getUpdatedBy(); diff --git a/fidelius-service/pom.xml b/fidelius-service/pom.xml index 6a2e039..f26b6d4 100644 --- a/fidelius-service/pom.xml +++ b/fidelius-service/pom.xml @@ -40,12 +40,24 @@ 1.7.12 2.0.1 1.0.6.RELEASE - 1.11.767 + 2.16.60 4.0.3.RELEASE 1.9.2 1.15 + + + + software.amazon.awssdk + bom + ${aws.sdk.version} + pom + import + + + + @@ -105,21 +117,28 @@ - com.amazonaws - aws-java-sdk-core - ${aws.sdk.version} + software.amazon.awssdk + auth + + + + software.amazon.awssdk + dynamodb + + + + software.amazon.awssdk + kms - com.amazonaws - aws-java-sdk - ${aws.sdk.version} + software.amazon.awssdk + rds - com.amazonaws - aws-java-sdk-sts - ${aws.sdk.version} + software.amazon.awssdk + sts diff --git a/fidelius-service/src/main/java/org/finra/fidelius/config/AppConfig.java b/fidelius-service/src/main/java/org/finra/fidelius/config/AppConfig.java index cce4193..b5fed2c 100644 --- a/fidelius-service/src/main/java/org/finra/fidelius/config/AppConfig.java +++ b/fidelius-service/src/main/java/org/finra/fidelius/config/AppConfig.java @@ -17,9 +17,6 @@ package org.finra.fidelius.config; -import com.amazonaws.ClientConfiguration; -import com.amazonaws.retry.PredefinedRetryPolicies; -import com.amazonaws.services.securitytoken.AWSSecurityTokenServiceClient; import org.finra.fidelius.authfilter.UserHeaderFilter; import org.finra.fidelius.authfilter.parser.IFideliusUserProfile; import org.finra.fidelius.authfilter.parser.SSOParser; @@ -43,6 +40,9 @@ import org.springframework.ldap.core.support.LdapContextSource; import org.springframework.web.context.request.RequestContextHolder; import org.springframework.web.context.request.ServletRequestAttributes; +import software.amazon.awssdk.core.client.config.ClientOverrideConfiguration; +import software.amazon.awssdk.core.retry.RetryPolicy; +import software.amazon.awssdk.services.sts.StsClient; import springfox.documentation.builders.PathSelectors; import springfox.documentation.builders.RequestHandlerSelectors; import springfox.documentation.spi.DocumentationType; @@ -87,7 +87,7 @@ public class AppConfig { private final FideliusAuthProperties fideliusAuthProperties; @Autowired - private ClientConfiguration clientConfiguration; + private ClientOverrideConfiguration clientConfiguration; public AppConfig(FideliusAuthProperties fideliusAuthProperties){ //LDAP @@ -102,20 +102,19 @@ public AppConfig(FideliusAuthProperties fideliusAuthProperties){ } @Bean - public ClientConfiguration clientConfiguration() { - final ClientConfiguration clientConfiguration = new ClientConfiguration(); - clientConfiguration.setRetryPolicy(PredefinedRetryPolicies.DYNAMODB_DEFAULT); - if (this.proxyHost.isPresent() && this.proxyPort.isPresent()) { - clientConfiguration.setProxyHost(this.proxyHost.get()); - clientConfiguration.setProxyPort(this.proxyPort.get()); - } + public ClientOverrideConfiguration clientConfiguration() { + final ClientOverrideConfiguration clientConfiguration = ClientOverrideConfiguration.builder() + .retryPolicy(RetryPolicy.defaultRetryPolicy()) + .build(); return clientConfiguration; } @Bean - public AWSSecurityTokenServiceClient awsSecurityTokenServiceClient() { - return new AWSSecurityTokenServiceClient(this.clientConfiguration); + public StsClient awsSecurityTokenServiceClient() { + return StsClient.builder() + .overrideConfiguration(this.clientConfiguration) + .build(); } @Configuration diff --git a/fidelius-service/src/main/java/org/finra/fidelius/factories/AWSSessionFactory.java b/fidelius-service/src/main/java/org/finra/fidelius/factories/AWSSessionFactory.java index 6a826fe..26bdb81 100644 --- a/fidelius-service/src/main/java/org/finra/fidelius/factories/AWSSessionFactory.java +++ b/fidelius-service/src/main/java/org/finra/fidelius/factories/AWSSessionFactory.java @@ -17,11 +17,14 @@ package org.finra.fidelius.factories; -import com.amazonaws.ClientConfiguration; -import com.amazonaws.auth.BasicSessionCredentials; -import com.amazonaws.services.dynamodbv2.AmazonDynamoDBClient; -import com.amazonaws.services.securitytoken.AWSSecurityTokenServiceClient; import org.springframework.stereotype.Component; +import software.amazon.awssdk.auth.credentials.AwsBasicCredentials; +import software.amazon.awssdk.auth.credentials.AwsCredentialsProvider; +import software.amazon.awssdk.auth.credentials.StaticCredentialsProvider; +import software.amazon.awssdk.core.client.config.ClientOverrideConfiguration; +import software.amazon.awssdk.regions.Region; +import software.amazon.awssdk.services.dynamodb.DynamoDbClient; +import software.amazon.awssdk.services.sts.StsClient; import javax.inject.Inject; @@ -29,13 +32,19 @@ public class AWSSessionFactory { @Inject - private ClientConfiguration clientConfiguration; + private ClientOverrideConfiguration clientConfiguration; - public AmazonDynamoDBClient createDynamoDBClient(BasicSessionCredentials basicSessionCredentials) { - return new AmazonDynamoDBClient(basicSessionCredentials, clientConfiguration); + public DynamoDbClient createDynamoDBClient(AwsCredentialsProvider awsCredentialsProvider, Region region) { + return DynamoDbClient.builder() + .credentialsProvider(awsCredentialsProvider) + .region(region) + .overrideConfiguration(clientConfiguration) + .build(); } - public AWSSecurityTokenServiceClient createSecurityTokenServiceClient() { - return new AWSSecurityTokenServiceClient(clientConfiguration); + public StsClient createSecurityTokenServiceClient() { + return StsClient.builder() + .overrideConfiguration(clientConfiguration) + .build(); } } diff --git a/fidelius-service/src/main/java/org/finra/fidelius/model/Credential.java b/fidelius-service/src/main/java/org/finra/fidelius/model/Credential.java index 72ce34f..0cb964c 100644 --- a/fidelius-service/src/main/java/org/finra/fidelius/model/Credential.java +++ b/fidelius-service/src/main/java/org/finra/fidelius/model/Credential.java @@ -20,6 +20,7 @@ import org.finra.fidelius.model.validators.IsValidActiveDirectoryPassword; import org.hibernate.validator.constraints.NotBlank; import org.jvnet.hk2.annotations.Optional; +import software.amazon.awssdk.services.dynamodb.model.AttributeValue; import javax.validation.constraints.NotNull; import javax.validation.constraints.Pattern; @@ -94,6 +95,32 @@ public Credential(String shortKey, String longKey, String account, String region } } + public Credential(String shortKey, AttributeValue longKey, String account, String region, String application, AttributeValue environment, + AttributeValue component, String lastUpdatedBy, AttributeValue lastUpdatedDate) { + this.shortKey = shortKey; + this.longKey = longKey.s(); + this.account = account; + this.region = region; + this.application = application; + this.environment = environment.s(); + if(component != null) { + this.component = component.s(); + } else { + this.component = null; + } + if(lastUpdatedBy != null) { + this.lastUpdatedBy = lastUpdatedBy; + } else { + this.lastUpdatedBy = null; + } + if(lastUpdatedDate != null) + try { + this.lastUpdatedDate = ZonedDateTime.parse(lastUpdatedDate.s()); + } catch(DateTimeParseException exception) { + + } + } + public Credential(String shortKey, String longKey, String account, String region, String application, String environment, String component, String lastUpdatedBy, String lastUpdatedDate, String source, String sourceType) { this.shortKey = shortKey; diff --git a/fidelius-service/src/main/java/org/finra/fidelius/model/aws/AWSEnvironment.java b/fidelius-service/src/main/java/org/finra/fidelius/model/aws/AWSEnvironment.java index 681c6b4..a0e40f2 100644 --- a/fidelius-service/src/main/java/org/finra/fidelius/model/aws/AWSEnvironment.java +++ b/fidelius-service/src/main/java/org/finra/fidelius/model/aws/AWSEnvironment.java @@ -17,21 +17,23 @@ package org.finra.fidelius.model.aws; +import software.amazon.awssdk.regions.Region; + public class AWSEnvironment { private String account; - private String region; + private Region region; public AWSEnvironment(String account, String region) { + this.region = Region.of(region); this.account = account; - this.region = region; } public String getAccount() { return account; } - public String getRegion() { + public Region getRegion() { return region; } } diff --git a/fidelius-service/src/main/java/org/finra/fidelius/model/db/DBCredential.java b/fidelius-service/src/main/java/org/finra/fidelius/model/db/DBCredential.java index 0c87be7..2a14a04 100644 --- a/fidelius-service/src/main/java/org/finra/fidelius/model/db/DBCredential.java +++ b/fidelius-service/src/main/java/org/finra/fidelius/model/db/DBCredential.java @@ -17,11 +17,9 @@ package org.finra.fidelius.model.db; -import com.amazonaws.services.dynamodbv2.datamodeling.*; import java.util.regex.Matcher; import java.util.regex.Pattern; -@DynamoDBTable(tableName = "") public class DBCredential { private String name; @@ -31,7 +29,6 @@ public class DBCredential { private String sdlc; private String component; - @DynamoDBHashKey(attributeName = "name") public String getName() { return name; } @@ -39,7 +36,6 @@ public void setName(String name) { this.name = name; } - @DynamoDBRangeKey(attributeName = "version") public String getVersion() { return version; } @@ -47,7 +43,6 @@ public void setVersion(String version) { this.version = version; } - @DynamoDBAttribute(attributeName = "updatedBy") public String getUpdatedBy() { return updatedBy; } @@ -55,7 +50,6 @@ public void setUpdatedBy(String updatedBy) { this.updatedBy = updatedBy; } - @DynamoDBAttribute(attributeName = "updatedOn") public String getUpdatedDate() { return updatedDate; } @@ -63,7 +57,6 @@ public void setUpdatedDate(String updatedDate) { this.updatedDate = updatedDate; } - @DynamoDBAttribute(attributeName = "sdlc") public String getSdlc(){ if (sdlc != null && !sdlc.isEmpty()) { return sdlc; @@ -73,7 +66,6 @@ public String getSdlc(){ } public void setSdlc(String sdlc){ this.sdlc = sdlc;} - @DynamoDBAttribute(attributeName = "component") public String getComponent() { if (component != null && !component.isEmpty()) { return component; @@ -83,7 +75,7 @@ public String getComponent() { } public void setComponent(String component){ this.component = component;} - @DynamoDBIgnore + public String getShortKey() { if(component != null && !component.isEmpty()) return name.split("\\."+component+"\\."+sdlc+"\\.")[1]; @@ -96,7 +88,6 @@ public String getShortKey() { } } - @DynamoDBIgnore @Override public String toString() { return "DBCredential{" + diff --git a/fidelius-service/src/main/java/org/finra/fidelius/services/CredentialsService.java b/fidelius-service/src/main/java/org/finra/fidelius/services/CredentialsService.java index 91fc05c..372b5e1 100644 --- a/fidelius-service/src/main/java/org/finra/fidelius/services/CredentialsService.java +++ b/fidelius-service/src/main/java/org/finra/fidelius/services/CredentialsService.java @@ -17,18 +17,10 @@ package org.finra.fidelius.services; -import com.amazonaws.services.dynamodbv2.AmazonDynamoDBClient; -import com.amazonaws.services.dynamodbv2.datamodeling.DynamoDBMapper; -import com.amazonaws.services.dynamodbv2.datamodeling.DynamoDBQueryExpression; -import com.amazonaws.services.dynamodbv2.datamodeling.DynamoDBScanExpression; -import com.amazonaws.services.dynamodbv2.model.AttributeValue; -import com.amazonaws.services.kms.AWSKMSClient; -import com.amazonaws.services.rds.AmazonRDSClient; -import com.amazonaws.services.rds.model.*; -import com.amazonaws.services.securitytoken.model.AWSSecurityTokenServiceException; import com.google.common.cache.CacheBuilder; import com.google.common.cache.CacheLoader; import com.google.common.cache.LoadingCache; +import javassist.runtime.Desc; import org.dmfs.httpessentials.client.HttpRequestExecutor; import org.dmfs.httpessentials.httpurlconnection.HttpUrlConnectionExecutor; import org.dmfs.oauth2.client.*; @@ -44,7 +36,6 @@ import org.finra.fidelius.model.Metadata; import org.finra.fidelius.model.rotate.RotateRequest; import org.finra.fidelius.model.aws.AWSEnvironment; -import org.finra.fidelius.model.db.DBCredential; import org.finra.fidelius.services.account.AccountsService; import org.finra.fidelius.services.auth.FideliusRoleService; import org.finra.fidelius.services.aws.AWSSessionService; @@ -60,11 +51,21 @@ import org.springframework.stereotype.Service; import org.springframework.web.client.HttpStatusCodeException; import org.springframework.web.client.RestTemplate; +import software.amazon.awssdk.services.dynamodb.DynamoDbClient; +import software.amazon.awssdk.services.dynamodb.model.AttributeValue; +import software.amazon.awssdk.services.dynamodb.model.QueryRequest; +import software.amazon.awssdk.services.dynamodb.model.ScanRequest; +import software.amazon.awssdk.services.kms.KmsClient; +import software.amazon.awssdk.services.rds.RdsClient; +import software.amazon.awssdk.services.rds.model.*; +import software.amazon.awssdk.services.sts.model.StsException; import javax.inject.Inject; import java.net.URI; import java.util.*; import java.util.concurrent.TimeUnit; +import java.util.regex.Matcher; +import java.util.regex.Pattern; import java.util.stream.Collectors; @Service @@ -119,6 +120,13 @@ public class CredentialsService { private final static String RDS = "rds"; private final static String AURORA = "aurora"; + public final static String NAME = "name"; + public final static String VERSION = "version"; + public final static String UPDATED_BY = "updatedBy"; + public final static String UPDATED_ON = "updatedOn"; + public final static String SDLC = "sdlc"; + public final static String COMPONENT = "component"; + private Logger logger = LoggerFactory.getLogger(CredentialsService.class); private RestTemplate restTemplate; @@ -140,10 +148,10 @@ public Optional load(String user) throws Exception { */ protected void setFideliusEnvironment(String account, String region) { AWSEnvironment awsEnvironment = new AWSEnvironment(account, region); - AmazonDynamoDBClient dynamoDBClient; + DynamoDbClient dynamoDBClient; try { dynamoDBClient = awsSessionService.getDynamoDBClient(awsEnvironment); - } catch (AWSSecurityTokenServiceException ex) { + } catch (StsException ex) { String message = String.format("Not authorized to access credential table on account: %s in region: %s", account, region); logger.error(message, ex); throw new FideliusException(message, HttpStatus.FORBIDDEN); @@ -152,8 +160,8 @@ protected void setFideliusEnvironment(String account, String region) { logger.error(message, re); throw new FideliusException(message, HttpStatus.INTERNAL_SERVER_ERROR); } - AWSKMSClient awskmsClient = awsSessionService.getKmsClient(awsEnvironment); - fideliusService.setFideliusClient(dynamoDBClient, awskmsClient); + KmsClient kmsClient = awsSessionService.getKmsClient(awsEnvironment); + fideliusService.setFideliusClient(dynamoDBClient, kmsClient); } /** @@ -162,12 +170,12 @@ protected void setFideliusEnvironment(String account, String region) { * @param account AWS account * @param region AWS Region */ - protected AmazonRDSClient setRDSClient(String account, String region) { + protected RdsClient setRDSClient(String account, String region) { AWSEnvironment awsEnvironment = new AWSEnvironment(account, region); - AmazonRDSClient amazonRDSClient; + RdsClient rdsClient; try { - amazonRDSClient = awsSessionService.getRdsClient(awsEnvironment); - } catch (AWSSecurityTokenServiceException ex) { + rdsClient = awsSessionService.getRdsClient(awsEnvironment); + } catch (StsException ex) { String message = String.format("Not authorized to access rds on account: %s in region: %s", account, region); logger.error(message, ex); throw new FideliusException(message, HttpStatus.FORBIDDEN); @@ -176,52 +184,52 @@ protected AmazonRDSClient setRDSClient(String account, String region) { logger.error(message, re); throw new FideliusException(message, HttpStatus.INTERNAL_SERVER_ERROR); } - return amazonRDSClient; + return rdsClient; } @PreAuthorize("@fideliusRoleService.isAuthorized(#application, #account, \"LIST_CREDENTIALS\")") public List getAllCredentials(String tableName, String account, String region, String application) throws FideliusException{ logger.info(String.format("Getting all credentials for app %s using account %s and region %s.", application, account, region)); + AWSEnvironment awsEnvironment = new AWSEnvironment(account, region); List results = new ArrayList<>(); + DynamoDbClient dynamoDbClient = awsSessionService.getDynamoDBClient(awsEnvironment); - DynamoDBMapper mapper = dynamoDBService.createMapper(account, region, tableName); setFideliusEnvironment(account, region); Map ean = new HashMap<>(); - ean.put("#tempname", "name"); + ean.put("#tempname", NAME); Map eav = new HashMap<>(); - eav.put(":key", new AttributeValue().withS(application + ".")); - - StringBuilder sb = new StringBuilder(); - sb.append("begins_with (#tempname, :key)"); + eav.put(":key", AttributeValue.builder().s(application + ".").build()); - DynamoDBScanExpression queryExp = new DynamoDBScanExpression() - .withFilterExpression(sb.toString()) - .withExpressionAttributeValues(eav) - .withExpressionAttributeNames(ean); + ScanRequest scanRequest = ScanRequest.builder() + .tableName(tableName) + .filterExpression("begins_with (#tempname, :key)") + .expressionAttributeNames(ean) + .expressionAttributeValues(eav) + .build(); - List queryResults = dynamoDBService.scanDynamoDB(queryExp, DBCredential.class, mapper); + List> queryResults = dynamoDBService.scanDynamoDB(scanRequest, dynamoDbClient); // Gets only latest version of each credential - Map credentials = getLatestCredentialVersion(queryResults); + Map> credentials = getLatestCredentialVersion(queryResults); - for (DBCredential dbCredential : credentials.values()) { - if(dbCredential.getSdlc() == null){ - logger.info(String.format("Credential %s missing attributes. Attempting to add missing attributes: ", dbCredential.getName())); + for (Map dbCredential : credentials.values()) { + if(dbCredential.get(SDLC) == null){ + logger.info(String.format("Credential %s missing attributes. Attempting to add missing attributes: ", dbCredential.get(NAME))); dbCredential = migrateService.guessCredentialProperties(dbCredential); } try { - Credential credential = new Credential(dbCredential.getShortKey(), dbCredential.getName(), account, region, application, - dbCredential.getSdlc(), dbCredential.getComponent(), splitRoleARN(dbCredential.getUpdatedBy()), - dbCredential.getUpdatedDate()); + Credential credential = new Credential(getShortKey(dbCredential), dbCredential.get(NAME), account, region, application, + dbCredential.get(SDLC), dbCredential.get(COMPONENT), splitRoleARN(dbCredential.get(UPDATED_BY)), + dbCredential.get(UPDATED_ON)); if(credential.getEnvironment() != null) results.add(credential); }catch (Exception e){ - logger.error("Error parsing key " + dbCredential.getName(), e); + logger.error("Error parsing key " + dbCredential.get(NAME), e); } } logger.info(String.format("%2d credentials for application %s successfully retrieved.",results.size(), application)); @@ -235,36 +243,39 @@ public List getAllCredentials(String tableName, String account, Stri @PreAuthorize("@fideliusRoleService.isAuthorized(#application, #account, \"LIST_CREDENTIALS\")") public Credential getCredential(String account, String region, String application, String longKey) throws FideliusException { - DynamoDBMapper mapper = dynamoDBService.createMapper(account, region, tableName); + AWSEnvironment awsEnvironment = new AWSEnvironment(account, region); + DynamoDbClient dynamoDbClient = awsSessionService.getDynamoDBClient(awsEnvironment); setFideliusEnvironment(account, region); Map ean = new HashMap<>(); - ean.put("#tempname", "name"); + ean.put("#tempname", NAME); Map eav = new HashMap<>(); - eav.put(":key", new AttributeValue().withS(longKey)); + eav.put(":key", AttributeValue.builder().s(longKey).build()); - DynamoDBQueryExpression queryExpression = new DynamoDBQueryExpression() - .withExpressionAttributeNames(ean) - .withKeyConditionExpression("#tempname = :key") - .withExpressionAttributeValues(eav); - List queryResults = dynamoDBService.queryDynamoDB(queryExpression, DBCredential.class, mapper); + QueryRequest queryRequest = QueryRequest.builder() + .tableName(tableName) + .expressionAttributeNames(ean) + .keyConditionExpression("#tempname = :key") + .expressionAttributeValues(eav) + .build(); + List> queryResults = dynamoDBService.queryDynamoDB(queryRequest, dynamoDbClient); // Gets only latest version of each credential - Map credentials = getLatestCredentialVersion(queryResults); + Map> credentials = getLatestCredentialVersion(queryResults); try { - DBCredential dbCredential = credentials.values().stream().findFirst().get(); - if(dbCredential.getSdlc() == null) { + Map dbCredential = credentials.values().stream().findFirst().get(); + if(dbCredential.get(SDLC) == null) { dbCredential = migrateService.migrateCredential(dbCredential, fideliusService); } try { - return (new Credential(dbCredential.getShortKey(), dbCredential.getName(), account, region, application, - dbCredential.getSdlc(), dbCredential.getComponent(), splitRoleARN(dbCredential.getUpdatedBy()), - dbCredential.getUpdatedDate())); + return (new Credential(getShortKey(dbCredential), dbCredential.get(NAME), account, region, application, + dbCredential.get(CredentialsService.SDLC), dbCredential.get(CredentialsService.COMPONENT), splitRoleARN(dbCredential.get(CredentialsService.UPDATED_BY)), + dbCredential.get(CredentialsService.UPDATED_ON))); }catch (Exception e){ - logger.error("Error parsing key " + dbCredential.getName(), e); + logger.error("Error parsing key " + dbCredential.get(CredentialsService.NAME).s(), e); } } catch (NoSuchElementException e) { logger.error("Credential " + longKey + " not found" , e); @@ -278,7 +289,8 @@ public Credential getCredential(String account, String region, String applicatio public List getCredentialHistory(String tableName, String account, String region, String application, String environment, String component, String key, boolean isMetadata) throws FideliusException { List results = new ArrayList<>(); - DynamoDBMapper mapper = dynamoDBService.createMapper(account, region, tableName); + AWSEnvironment awsEnvironment = new AWSEnvironment(account, region); + DynamoDbClient dynamoDbClient = awsSessionService.getDynamoDBClient(awsEnvironment); setFideliusEnvironment(account, region); StringBuilder fullKeyBuilder = new StringBuilder(); @@ -293,21 +305,23 @@ public List getCredentialHistory(String tableName, String account, fullKeyBuilder.append(String.format(".%s", key)); Map ean = new HashMap<>(); - ean.put("#tempname", "name"); + ean.put("#tempname", NAME); Map eav = new HashMap<>(); - eav.put(":key", new AttributeValue().withS(fullKeyBuilder.toString())); + eav.put(":key", AttributeValue.builder().s(fullKeyBuilder.toString()).build()); - DynamoDBQueryExpression queryExpression = new DynamoDBQueryExpression() - .withExpressionAttributeNames(ean) - .withKeyConditionExpression("#tempname = :key") - .withExpressionAttributeValues(eav); + QueryRequest queryRequest = QueryRequest.builder() + .tableName(tableName) + .expressionAttributeNames(ean) + .keyConditionExpression("#tempname = :key") + .expressionAttributeValues(eav) + .build(); logger.info(String.format("Retrieving history of credential/metadata %s using account %s and region %s", fullKeyBuilder, account, region)); - List queryResults = dynamoDBService.queryDynamoDB(queryExpression, DBCredential.class, mapper); + List> queryResults = dynamoDBService.queryDynamoDB(queryRequest, dynamoDbClient); - for (DBCredential dbCred : queryResults) { - results.add(new HistoryEntry(new Integer(dbCred.getVersion()), splitRoleARN(dbCred.getUpdatedBy()), dbCred.getUpdatedDate())); + for (Map dbCred : queryResults) { + results.add(new HistoryEntry(Integer.parseInt(dbCred.get(VERSION).s()), splitRoleARN(dbCred.get(UPDATED_BY)), dbCred.get(UPDATED_ON).s())); } logger.info(String.format("Found %d entries for credential/metadata %s.", results.size(), fullKeyBuilder)); @@ -646,10 +660,10 @@ private String isValidMetadata(Metadata metadata){ return ""; } - private String splitRoleARN(String roleARN) { + private String splitRoleARN(AttributeValue roleARN) { if (roleARN == null) return null; - String[] roleTokens = roleARN.split(":assumed-role/"); + String[] roleTokens = roleARN.s().split(":assumed-role/"); if (roleTokens.length > 1){ return roleTokens[1]; } else { @@ -657,14 +671,14 @@ private String splitRoleARN(String roleARN) { } } - private Map getLatestCredentialVersion(List queryResults) { - Map credentials = new HashMap<>(); - for (DBCredential dbCredential : queryResults) { - if (!credentials.containsKey(dbCredential.getName())) { - credentials.put(dbCredential.getName(), dbCredential); + private Map> getLatestCredentialVersion(List> queryResults) { + Map> credentials = new HashMap<>(); + for (Map dbCredential : queryResults) { + if (!credentials.containsKey(dbCredential.get("name").s())) { + credentials.put(dbCredential.get("name").s(), dbCredential); } - else if (credentials.get(dbCredential.getName()).getVersion().compareTo(dbCredential.getVersion()) < 1) { - credentials.replace(dbCredential.getName(), dbCredential); + else if (Integer.parseInt(credentials.get(dbCredential.get("name").s()).get("version").s()) < Integer.parseInt(dbCredential.get("version").s())) { + credentials.replace(dbCredential.get("name").s(), dbCredential); } } @@ -676,32 +690,32 @@ private List getAllRDS(String account, String region, String application logger.info(String.format("Getting all RDS for account %s and region %s.", account, region)); List results = new ArrayList<>(); - AmazonRDSClient amazonRDSClient = setRDSClient(account, region); - Filter rdsEngineFilter = new Filter().withName("engine").withValues("postgres", "mysql", "oracle-se2", "oracle-ee", "custom-oracle-ee","oracle-ee-cdb", "oracle-se2-cdb"); - DescribeDBInstancesResult response = amazonRDSClient.describeDBInstances(new DescribeDBInstancesRequest().withFilters(rdsEngineFilter)); - List dbList = response.getDBInstances(); + RdsClient rdsClient = setRDSClient(account, region); + Filter rdsEngineFilter = Filter.builder().name("engine").values("postgres", "mysql", "oracle-se2", "oracle-ee", "custom-oracle-ee","oracle-ee-cdb", "oracle-se2-cdb").build(); + DescribeDbInstancesResponse response = rdsClient.describeDBInstances(DescribeDbInstancesRequest.builder().filters(rdsEngineFilter).build()); + List dbList = response.dbInstances(); for(DBInstance db: dbList) { - if(db.getDBInstanceIdentifier().startsWith(application.toLowerCase())){ - results.add(db.getDBInstanceIdentifier()); + if(db.dbInstanceIdentifier().startsWith(application.toLowerCase())){ + results.add(db.dbInstanceIdentifier()); } } - while(response.getMarker() != null){ - response = amazonRDSClient.describeDBInstances(new DescribeDBInstancesRequest().withMarker(response.getMarker()).withFilters(rdsEngineFilter)); - dbList = response.getDBInstances(); + while(response.marker() != null){ + response = rdsClient.describeDBInstances(DescribeDbInstancesRequest.builder().marker(response.marker()).filters(rdsEngineFilter).build()); + dbList = response.dbInstances(); for(DBInstance db: dbList) { - if(db.getDBInstanceIdentifier().startsWith(application.toLowerCase())){ - results.add(db.getDBInstanceIdentifier()); + if(db.dbInstanceIdentifier().startsWith(application.toLowerCase())){ + results.add(db.dbInstanceIdentifier()); } } } - while(response.getMarker() != null){ - response = amazonRDSClient.describeDBInstances(new DescribeDBInstancesRequest().withMarker(response.getMarker()).withFilters(rdsEngineFilter)); - dbList = response.getDBInstances(); + while(response.marker() != null){ + response = rdsClient.describeDBInstances(DescribeDbInstancesRequest.builder().marker(response.marker()).filters(rdsEngineFilter).build()); + dbList = response.dbInstances(); for(DBInstance db: dbList) { - results.add(db.getDBInstanceIdentifier()); + results.add(db.dbInstanceIdentifier()); } } @@ -713,35 +727,27 @@ private List getAllAuroraRegionalCluster(String account, String region, logger.info(String.format("Getting all Aurora clusters for account %s and region %s.", account, region)); List results = new ArrayList<>(); - AmazonRDSClient amazonRDSClient = setRDSClient(account, region); + RdsClient amazonRDSClient = setRDSClient(account, region); - DescribeDBClustersResult response = amazonRDSClient.describeDBClusters(); - List dbClusterList = response.getDBClusters(); + DescribeDbClustersResponse response = amazonRDSClient.describeDBClusters(); + List dbClusterList = response.dbClusters(); for(DBCluster cluster: dbClusterList) { - if(cluster.getDBClusterIdentifier().startsWith(application.toLowerCase())){ - results.add(cluster.getDBClusterIdentifier()); + if(cluster.dbClusterIdentifier().startsWith(application.toLowerCase())){ + results.add(cluster.dbClusterIdentifier()); } } - while(response.getMarker() != null){ - response = amazonRDSClient.describeDBClusters(new DescribeDBClustersRequest().withMarker(response.getMarker())); - dbClusterList = response.getDBClusters(); + while(response.marker() != null){ + response = amazonRDSClient.describeDBClusters(DescribeDbClustersRequest.builder().marker(response.marker()).build()); + dbClusterList = response.dbClusters(); for(DBCluster cluster: dbClusterList) { - if(cluster.getDBClusterIdentifier().startsWith(application.toLowerCase())){ - results.add(cluster.getDBClusterIdentifier()); + if(cluster.dbClusterIdentifier().startsWith(application.toLowerCase())){ + results.add(cluster.dbClusterIdentifier()); } } } - while(response.getMarker() != null){ - response = amazonRDSClient.describeDBClusters(new DescribeDBClustersRequest().withMarker(response.getMarker())); - dbClusterList = response.getDBClusters(); - for(DBCluster cluster: dbClusterList) { - results.add(cluster.getDBClusterIdentifier()); - } - } - return results; } @@ -759,6 +765,18 @@ public List getSourceTypes(){ return Arrays.asList(sourceTypes.split(",")); } + public static String getShortKey(Map secret) { + if(secret.get("component") != null && !secret.get("component").s().isEmpty()) + return secret.get("name").s().split("\\."+secret.get("component").s()+"\\."+secret.get("sdlc").s()+"\\.")[1]; + else { + Pattern p = Pattern.compile("([-\\w]+)\\.([-\\w]+)\\.(\\S+)"); + Matcher m = p.matcher(secret.get("name").s()); + if(m.matches()) + return m.group(3); + return secret.get("name").s(); + } + } + private String getOAuth2Header(String username, String password) { String token = getOAuth2Token(username, password); if(token.isEmpty()) { diff --git a/fidelius-service/src/main/java/org/finra/fidelius/services/FideliusService.java b/fidelius-service/src/main/java/org/finra/fidelius/services/FideliusService.java index 72252a3..0b14efc 100644 --- a/fidelius-service/src/main/java/org/finra/fidelius/services/FideliusService.java +++ b/fidelius-service/src/main/java/org/finra/fidelius/services/FideliusService.java @@ -16,14 +16,13 @@ */ package org.finra.fidelius.services; - -import com.amazonaws.ClientConfiguration; -import com.amazonaws.auth.AWSCredentialsProvider; -import com.amazonaws.services.dynamodbv2.AmazonDynamoDBClient; -import com.amazonaws.services.kms.AWSKMSClient; import org.finra.fidelius.FideliusClient; import org.finra.fidelius.MetadataParameters; import org.springframework.stereotype.Service; +import software.amazon.awssdk.auth.credentials.AwsCredentialsProvider; +import software.amazon.awssdk.core.client.config.ClientOverrideConfiguration; +import software.amazon.awssdk.services.dynamodb.DynamoDbClient; +import software.amazon.awssdk.services.kms.KmsClient; @Service public class FideliusService extends FideliusClient { @@ -36,11 +35,11 @@ public FideliusService(String region) { super(region); } - public FideliusService(ClientConfiguration clientConfiguration, AWSCredentialsProvider provider, String region) { + public FideliusService(ClientOverrideConfiguration clientConfiguration, AwsCredentialsProvider provider, String region) { super(clientConfiguration, provider, region); } - public void setFideliusClient(AmazonDynamoDBClient dynamoDBClient, AWSKMSClient awskmsClient){ + public void setFideliusClient(DynamoDbClient dynamoDBClient, KmsClient awskmsClient){ super.setFideliusClient(dynamoDBClient, awskmsClient); } diff --git a/fidelius-service/src/main/java/org/finra/fidelius/services/MigrateService.java b/fidelius-service/src/main/java/org/finra/fidelius/services/MigrateService.java index 3cf46bd..d17f691 100644 --- a/fidelius-service/src/main/java/org/finra/fidelius/services/MigrateService.java +++ b/fidelius-service/src/main/java/org/finra/fidelius/services/MigrateService.java @@ -17,12 +17,14 @@ package org.finra.fidelius.services; -import com.amazonaws.services.dynamodbv2.datamodeling.DynamoDBMapper; -import org.finra.fidelius.model.db.DBCredential; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Value; import org.springframework.stereotype.Service; +import software.amazon.awssdk.services.dynamodb.model.AttributeValue; + +import java.util.HashMap; +import java.util.Map; import java.util.regex.Matcher; import java.util.regex.Pattern; @@ -54,44 +56,44 @@ public class MigrateService { private Logger logger = LoggerFactory.getLogger(MigrateService.class); - public DBCredential migrateCredential(DBCredential dbCredential, FideliusService fideliusService) { + public Map migrateCredential(Map dbCredential, FideliusService fideliusService) { this.fideliusService = fideliusService; - Matcher threeFieldsMatcher = threeFieldsPattern.matcher(dbCredential.getName()); - Matcher fourFieldsMatcher = fourFieldsPattern.matcher(dbCredential.getName()); - Matcher extraFieldsMatcher = extraFieldsPattern.matcher(dbCredential.getName()); + Matcher threeFieldsMatcher = threeFieldsPattern.matcher(dbCredential.get(CredentialsService.NAME).s()); + Matcher fourFieldsMatcher = fourFieldsPattern.matcher(dbCredential.get(CredentialsService.NAME).s()); + Matcher extraFieldsMatcher = extraFieldsPattern.matcher(dbCredential.get(CredentialsService.NAME).s()); if (threeFieldsMatcher.matches()) { - logger.info("3 Fields: " + dbCredential.getName()); + logger.info("3 Fields: " + dbCredential.get(CredentialsService.NAME).s()); try { String key = threeFieldsMatcher.group(3); String ags = threeFieldsMatcher.group(1); String sdlc = threeFieldsMatcher.group(2); migrate(ags, sdlc, null, key, dbCredential); } catch (Exception e) { - logger.error("Error migrating " + dbCredential.getName()); + logger.error("Error migrating " + dbCredential.get(CredentialsService.NAME).s()); } } - if (fourFieldsMatcher.matches() && dbCredential.getSdlc() == null) { - logger.info("4 Fields: " + dbCredential.getName()); + if (fourFieldsMatcher.matches() && dbCredential.get(CredentialsService.SDLC) == null) { + logger.info("4 Fields: " + dbCredential.get(CredentialsService.NAME).s()); migrate(fourFieldsMatcher, dbCredential); } - if (extraFieldsMatcher.matches() && dbCredential.getSdlc() == null) { - logger.info("More than 4 Fields: " + dbCredential.getName()); + if (extraFieldsMatcher.matches() && dbCredential.get(CredentialsService.SDLC) == null) { + logger.info("More than 4 Fields: " + dbCredential.get(CredentialsService.NAME).s()); migrate(extraFieldsMatcher, dbCredential); } - if(dbCredential.getSdlc() != null) - logger.info("Successfully retrieved " + dbCredential.getName()); + if(dbCredential.get(CredentialsService.SDLC) != null) + logger.info("Successfully retrieved " + dbCredential.get(CredentialsService.NAME).s()); else { - logger.error("Failed to migrate: " + dbCredential.getName()); + logger.error("Failed to migrate: " + dbCredential.get(CredentialsService.NAME).s()); } return dbCredential; } - private void migrate(String ags, String sdlc, String component, String key, DBCredential dbCredential) throws Exception{ + private void migrate(String ags, String sdlc, String component, String key, Map dbCredential) throws Exception{ String user = "FideliusMigrateTask"; String credentialSecret = fideliusService.getCredential(key,ags,sdlc,component, tableName, user); @@ -99,14 +101,14 @@ private void migrate(String ags, String sdlc, String component, String key, DBCr if(credentialSecret == null) throw new Exception("Error retrieving key"); else { - logger.info(dbCredential.getName() + " retrieved"); - dbCredential.setSdlc(sdlc); + logger.info(dbCredential.get(CredentialsService.NAME).s() + " retrieved"); + dbCredential.put(CredentialsService.SDLC, AttributeValue.builder().s(sdlc).build()); if(component != null) - dbCredential.setComponent(component); + dbCredential.put(CredentialsService.COMPONENT, AttributeValue.builder().s(component).build()); } } - private void migrate(Matcher matcher, DBCredential dbCredential){ + private void migrate(Matcher matcher, Map dbCredential){ try { String key = matcher.group(4); String ags = matcher.group(1); @@ -114,35 +116,36 @@ private void migrate(Matcher matcher, DBCredential dbCredential){ String component = matcher.group(2); migrate(ags, sdlc, component, key, dbCredential); } catch(Exception e){ - logger.error("Error retrieving " + dbCredential.getName(), e.getMessage()); + logger.error("Error retrieving " + dbCredential.get(CredentialsService.NAME).s(), e.getMessage()); try { String key = matcher.group(3)+"."+matcher.group(4); String ags = matcher.group(1); String sdlc = matcher.group(2); migrate(ags, sdlc, null, key, dbCredential); } catch(Exception e1){ - logger.error("Error retrieving " + dbCredential.getName(), e.getMessage()); + logger.error("Error retrieving " + dbCredential.get(CredentialsService.NAME).s(), e.getMessage()); } } } - public DBCredential guessCredentialProperties(DBCredential dbCredential) { - Matcher threeFieldsMatcher = threeFieldsPattern.matcher(dbCredential.getName()); + public Map guessCredentialProperties(Map dbCredential) { + Matcher threeFieldsMatcher = threeFieldsPattern.matcher(dbCredential.get("name").s()); + Map updatedDbCredential = new HashMap<>(dbCredential); if (threeFieldsMatcher.matches()) { - logger.info("Parsing " + dbCredential.getName()); - String sdlc = threeFieldsMatcher.group(2); - dbCredential.setSdlc(sdlc); + logger.info("Parsing " + dbCredential.get("name").s()); + String sdlc = threeFieldsMatcher.group(2); + updatedDbCredential.put("sdlc", AttributeValue.builder().s(sdlc).build()); } else{ try { - String sdlc = dbCredential.getName().split("\\.")[1]; - dbCredential.setSdlc(sdlc); + String sdlc = dbCredential.get("name").s().split("\\.")[1]; + updatedDbCredential.put("sdlc", AttributeValue.builder().s(sdlc).build()); } catch (Exception e) { - logger.error("Error parsing key " + dbCredential.getName()); + logger.error("Error parsing key " + dbCredential.get("name").s()); } } - return dbCredential; + return updatedDbCredential; } } diff --git a/fidelius-service/src/main/java/org/finra/fidelius/services/aws/AWSSessionService.java b/fidelius-service/src/main/java/org/finra/fidelius/services/aws/AWSSessionService.java index 7e0b796..1838c3e 100644 --- a/fidelius-service/src/main/java/org/finra/fidelius/services/aws/AWSSessionService.java +++ b/fidelius-service/src/main/java/org/finra/fidelius/services/aws/AWSSessionService.java @@ -17,19 +17,6 @@ package org.finra.fidelius.services.aws; -import com.amazonaws.auth.AWSStaticCredentialsProvider; -import com.amazonaws.auth.BasicSessionCredentials; -import com.amazonaws.client.builder.AwsClientBuilder; -import com.amazonaws.regions.Region; -import com.amazonaws.regions.Regions; -import com.amazonaws.services.dynamodbv2.AmazonDynamoDBClient; -import com.amazonaws.services.kms.AWSKMSClient; -import com.amazonaws.services.kms.AWSKMSClientBuilder; -import com.amazonaws.services.rds.AmazonRDSClient; -import com.amazonaws.services.rds.AmazonRDSClientBuilder; -import com.amazonaws.services.securitytoken.AWSSecurityTokenServiceClient; -import com.amazonaws.services.securitytoken.model.AssumeRoleRequest; -import com.amazonaws.services.securitytoken.model.AssumeRoleResult; import com.google.common.base.Throwables; import com.google.common.cache.CacheBuilder; import com.google.common.cache.CacheLoader; @@ -43,6 +30,18 @@ import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Value; import org.springframework.stereotype.Component; +import software.amazon.awssdk.auth.credentials.AwsBasicCredentials; +import software.amazon.awssdk.auth.credentials.AwsCredentials; +import software.amazon.awssdk.auth.credentials.StaticCredentialsProvider; +import software.amazon.awssdk.services.dynamodb.DynamoDbClient; +import software.amazon.awssdk.services.kms.KmsClient; +import software.amazon.awssdk.services.kms.KmsClientBuilder; +import software.amazon.awssdk.services.rds.RdsClient; +import software.amazon.awssdk.services.sts.StsClient; +import software.amazon.awssdk.services.sts.auth.StsAssumeRoleCredentialsProvider; +import software.amazon.awssdk.services.sts.model.AssumeRoleRequest; +import software.amazon.awssdk.services.sts.model.AssumeRoleResponse; +import software.amazon.awssdk.services.sts.model.Credentials; import javax.inject.Inject; import java.util.concurrent.ExecutionException; @@ -66,36 +65,57 @@ public class AWSSessionService { private Logger logger = LoggerFactory.getLogger(AWSSessionService.class); - private LoadingCache credentialCache = CacheBuilder.newBuilder() + private LoadingCache credentialCache = CacheBuilder.newBuilder() .maximumSize(100) .concurrencyLevel(10) .refreshAfterWrite(360 * 1000, TimeUnit.MILLISECONDS) - .build(new CacheLoader() { + .build(new CacheLoader() { @Override - public BasicSessionCredentials load(AWSEnvironment environment) throws Exception { + public Credentials load(AWSEnvironment environment) throws Exception { return getFreshCredentials(environment); } }); - private BasicSessionCredentials getFreshCredentials(AWSEnvironment environment) throws Exception{ + private Credentials getFreshCredentials(AWSEnvironment environment) throws Exception{ String roleArn = getRoleArn(environment.getAccount(), assumeRole); logger.info("Assuming to role: " + roleArn + " for environment " + environment.getAccount() + " on region " + environment.getRegion() + " with timeout of " + (sessionTimeout / 1000) + " seconds (with " + (sessionTimeoutPad / 1000) + " padding.)"); - AssumeRoleRequest assumeRequest = new AssumeRoleRequest() - .withRoleArn(roleArn) - .withDurationSeconds((sessionTimeout + sessionTimeoutPad) / 1000) - .withRoleSessionName("CREDSTSH_APP"); + AssumeRoleRequest assumeRequest = AssumeRoleRequest.builder() + .roleArn(roleArn) + .durationSeconds((sessionTimeout + sessionTimeoutPad) / 1000) + .roleSessionName("CREDSTSH_APP") + .build(); + + AssumeRoleResponse assumeRoleResponse = awsSessionFactory.createSecurityTokenServiceClient().assumeRole(assumeRequest); + + return assumeRoleResponse.credentials(); - AssumeRoleResult assumeResult = awsSessionFactory.createSecurityTokenServiceClient().assumeRole(assumeRequest); + } - return new BasicSessionCredentials( - assumeResult.getCredentials().getAccessKeyId(), - assumeResult.getCredentials().getSecretAccessKey(), - assumeResult.getCredentials().getSessionToken()); + private StsAssumeRoleCredentialsProvider getStsAssumeRoleCredentialsProvider(AWSEnvironment environment){ + try { + String roleArn = getRoleArn(environment.getAccount(), assumeRole); + StsClient stsClient = awsSessionFactory.createSecurityTokenServiceClient(); + AssumeRoleRequest assumeRoleRequest = formAssumeRoleRequest(roleArn); + return StsAssumeRoleCredentialsProvider.builder() + .stsClient(stsClient) + .refreshRequest(assumeRoleRequest) + .build(); + } catch (Exception e) { + Throwables.throwIfUnchecked(e.getCause()); + } + return null; + } + private AssumeRoleRequest formAssumeRoleRequest(String roleArn) { + return AssumeRoleRequest.builder() + .roleArn(roleArn) + .durationSeconds((sessionTimeout + sessionTimeoutPad) / 1000) + .roleSessionName("CREDSTSH_APP") + .build(); } private String getRoleArn(String alias, String role) throws Exception { @@ -114,36 +134,26 @@ private String getRoleArn(String alias, String role) throws Exception { return sb.toString(); } - public AmazonDynamoDBClient getDynamoDBClient(AWSEnvironment env) { - BasicSessionCredentials creds = null; - try { - creds = credentialCache.getUnchecked(env); - } catch (UncheckedExecutionException ue) { - Throwables.throwIfUnchecked(ue.getCause()); - } - AmazonDynamoDBClient dynamoClient = awsSessionFactory.createDynamoDBClient(creds); - dynamoClient.setRegion(Region.getRegion(Regions.fromName(env.getRegion()))); - return dynamoClient; + public DynamoDbClient getDynamoDBClient(AWSEnvironment env) { + StsAssumeRoleCredentialsProvider stsAssumeRoleCredentialsProvider = getStsAssumeRoleCredentialsProvider(env); + return awsSessionFactory.createDynamoDBClient(stsAssumeRoleCredentialsProvider, env.getRegion()); } - public AWSKMSClient getKmsClient(AWSEnvironment environment) { - BasicSessionCredentials credentials = credentialCache.getUnchecked(environment); - AWSKMSClient awsKmsClient = (AWSKMSClient) AWSKMSClientBuilder - .standard() - .withCredentials(new AWSStaticCredentialsProvider(credentials)) - .withRegion(environment.getRegion()) + public KmsClient getKmsClient(AWSEnvironment env) { + StsAssumeRoleCredentialsProvider stsAssumeRoleCredentialsProvider = getStsAssumeRoleCredentialsProvider(env); + return KmsClient + .builder() + .credentialsProvider(stsAssumeRoleCredentialsProvider) + .region(env.getRegion()) .build(); - - return awsKmsClient; } - public AmazonRDSClient getRdsClient(AWSEnvironment environment){ - BasicSessionCredentials credentials = credentialCache.getUnchecked(environment); - - return (AmazonRDSClient) AmazonRDSClientBuilder - .standard() - .withCredentials(new AWSStaticCredentialsProvider(credentials)) - .withRegion(environment.getRegion()) + public RdsClient getRdsClient(AWSEnvironment env){ + StsAssumeRoleCredentialsProvider stsAssumeRoleCredentialsProvider = getStsAssumeRoleCredentialsProvider(env); + return RdsClient + .builder() + .credentialsProvider(stsAssumeRoleCredentialsProvider) + .region(env.getRegion()) .build(); } diff --git a/fidelius-service/src/main/java/org/finra/fidelius/services/aws/DynamoDBService.java b/fidelius-service/src/main/java/org/finra/fidelius/services/aws/DynamoDBService.java index 39596db..8a78e36 100644 --- a/fidelius-service/src/main/java/org/finra/fidelius/services/aws/DynamoDBService.java +++ b/fidelius-service/src/main/java/org/finra/fidelius/services/aws/DynamoDBService.java @@ -17,22 +17,20 @@ package org.finra.fidelius.services.aws; -import com.amazonaws.services.dynamodbv2.AmazonDynamoDBClient; -import com.amazonaws.services.dynamodbv2.datamodeling.*; -import com.amazonaws.services.dynamodbv2.model.ProvisionedThroughputExceededException; -import com.amazonaws.services.dynamodbv2.datamodeling.DynamoDBQueryExpression; -import com.amazonaws.services.dynamodbv2.model.ResourceNotFoundException; -import com.amazonaws.services.securitytoken.model.AWSSecurityTokenServiceException; import org.finra.fidelius.exceptions.FideliusException; import org.finra.fidelius.model.aws.AWSEnvironment; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.http.HttpStatus; import org.springframework.stereotype.Component; +import software.amazon.awssdk.services.dynamodb.DynamoDbClient; +import software.amazon.awssdk.services.dynamodb.model.*; +import software.amazon.awssdk.services.sts.model.StsException; import javax.inject.Inject; import java.util.ArrayList; import java.util.List; +import java.util.Map; @Component public class DynamoDBService { @@ -42,19 +40,19 @@ public class DynamoDBService { private Logger logger = LoggerFactory.getLogger(DynamoDBService.class); - public List scanDynamoDB(DynamoDBScanExpression scanExp, Class clazz, DynamoDBMapper mapper) { + public List> scanDynamoDB(ScanRequest scanRequest, DynamoDbClient dynamoDbClient) { logger.info("Scanning DynamoDB table..."); - List queryResults = null; + List> queryResults = null; long startTime = System.currentTimeMillis(); try { - PaginatedScanList scanResults = mapper.scan(clazz, scanExp); - queryResults = new ArrayList<>(scanResults); - } catch (ProvisionedThroughputExceededException pte) { - logger.error("Provisioned Throughput Exceeded. ", pte); - } catch (ResourceNotFoundException rnf) { - String message = "Credential table not found!"; - logger.error(message, rnf); - throw new FideliusException(message, HttpStatus.NOT_FOUND); + ScanResponse scanResponse = dynamoDbClient.scan(scanRequest); + queryResults = new ArrayList<>(scanResponse.items()); + } catch (ProvisionedThroughputExceededException pte) { + logger.error("Provisioned Throughput Exceeded. ", pte); + } catch (ResourceNotFoundException rnf) { + String message = "Credential table not found!"; + logger.error(message, rnf); + throw new FideliusException(message, HttpStatus.NOT_FOUND); } if (queryResults == null) { @@ -67,12 +65,12 @@ public List scanDynamoDB(DynamoDBScanExpression scanExp, Class clazz, return queryResults; } - public List queryDynamoDB(DynamoDBQueryExpression queryRequest, Class clazz, DynamoDBMapper dynamoDBMapper){ - List queryResults = null; + public List> queryDynamoDB(QueryRequest queryRequest, DynamoDbClient dynamoDbClient){ + QueryResponse queryResults = null; logger.info("Querying DynamoDB table..."); long startTime = System.currentTimeMillis(); try { - queryResults = dynamoDBMapper.query(clazz, queryRequest); + queryResults = dynamoDbClient.query(queryRequest); } catch (ProvisionedThroughputExceededException pte) { logger.error("Provisioned Throughput Exceeded. ", pte); } catch (ResourceNotFoundException rnf) { @@ -88,29 +86,6 @@ public List queryDynamoDB(DynamoDBQueryExpression queryRequest, Class c logger.info(String.format("Query completed in %.3f seconds", (System.currentTimeMillis() - startTime) / 1000.0)); } - return queryResults; - } - - // Creates a new DynamoDBMapper object - public DynamoDBMapper createMapper(String account, String region, String tableName) { - AWSEnvironment awsenv = new AWSEnvironment(account, region); - - AmazonDynamoDBClient dbclient; - try { - dbclient = awsSessionService.getDynamoDBClient(awsenv); - } catch (AWSSecurityTokenServiceException ex) { - String message = String.format("User not authorized to access credential table on account: %s in region: %s", account, region); - logger.error(message, ex); - throw new FideliusException(message, HttpStatus.FORBIDDEN); - } catch (RuntimeException re) { - String message = re.getMessage(); - logger.error(message, re); - throw new FideliusException(message, HttpStatus.INTERNAL_SERVER_ERROR); - } - - DynamoDBMapperConfig config = new DynamoDBMapperConfig.Builder() - .withTableNameOverride(DynamoDBMapperConfig.TableNameOverride.withTableNameReplacement(tableName)) - .build(); - return new DynamoDBMapper(dbclient, config); + return queryResults.items(); } } diff --git a/fidelius-service/src/test/java/org/finra/fidelius/services/CredentialsServiceTest.java b/fidelius-service/src/test/java/org/finra/fidelius/services/CredentialsServiceTest.java index 8fc293e..15706ef 100644 --- a/fidelius-service/src/test/java/org/finra/fidelius/services/CredentialsServiceTest.java +++ b/fidelius-service/src/test/java/org/finra/fidelius/services/CredentialsServiceTest.java @@ -17,8 +17,6 @@ package org.finra.fidelius.services; -import com.amazonaws.services.dynamodbv2.AmazonDynamoDBClient; -import com.amazonaws.services.kms.AWSKMSClient; import org.finra.fidelius.FideliusClient; import org.finra.fidelius.authfilter.parser.FideliusUserProfile; import org.finra.fidelius.exceptions.FideliusException; @@ -44,11 +42,12 @@ import org.springframework.boot.test.mock.mockito.MockBeans; import org.springframework.test.context.ActiveProfiles; import org.springframework.test.context.junit4.SpringRunner; +import software.amazon.awssdk.services.dynamodb.DynamoDbClient; +import software.amazon.awssdk.services.dynamodb.model.AttributeValue; +import software.amazon.awssdk.services.kms.KmsClient; import javax.inject.Inject; -import java.util.ArrayList; -import java.util.List; -import java.util.NoSuchElementException; +import java.util.*; import static org.junit.Assert.*; @@ -85,8 +84,8 @@ public class CredentialsServiceTest { public void setUp() throws Exception { MockitoAnnotations.initMocks(this); when(fideliusService.getCredential(anyString(), anyString(), anyString(), anyString(), anyString(), anyString())).thenReturn("Secret"); - when(awsSessionService.getDynamoDBClient(any())).thenReturn(new AmazonDynamoDBClient()); - when(awsSessionService.getKmsClient(any())).thenReturn(new AWSKMSClient()); + when(awsSessionService.getDynamoDBClient(any())).thenReturn(DynamoDbClient.builder().build()); + when(awsSessionService.getKmsClient(any())).thenReturn(KmsClient.builder().build()); FideliusUserEntry profile = new FideliusUserEntry("name", "test", "email@email.com", "John Johnson"); when(fideliusRoleService.getUserProfile()).thenReturn(profile); @@ -94,29 +93,29 @@ public void setUp() throws Exception { @Test public void getAllCredentialsShouldBeAbleToObtainCredentialsWithAndWithoutComponents() { - List fakeData = new ArrayList<>(); + List> fakeData = new ArrayList<>(); - DBCredential fakeCred1 = new DBCredential(); - fakeCred1.setName("APP.TestComponent.dev.testKey"); - fakeCred1.setSdlc("dev"); - fakeCred1.setComponent("TestComponent"); - fakeCred1.setVersion("0001"); - fakeCred1.setUpdatedBy("Jon Snow"); - fakeCred1.setUpdatedDate("2018-04-04T12:51:37.803Z"); + Map fakeCred1 = new HashMap<>(); + fakeCred1.put(CredentialsService.NAME, AttributeValue.builder().s("APP.TestComponent.dev.testKey").build()); + fakeCred1.put(CredentialsService.SDLC, AttributeValue.builder().s("dev").build()); + fakeCred1.put(CredentialsService.COMPONENT, AttributeValue.builder().s("TestComponent").build()); + fakeCred1.put(CredentialsService.VERSION, AttributeValue.builder().s("0001").build()); + fakeCred1.put(CredentialsService.UPDATED_BY, AttributeValue.builder().s("Jon Snow").build()); + fakeCred1.put(CredentialsService.UPDATED_ON, AttributeValue.builder().s("2018-04-04T12:51:37.803Z").build()); - DBCredential fakeCred2 = new DBCredential(); - fakeCred2.setName("APP.dev.testKey2"); - fakeCred2.setVersion("0001"); - fakeCred2.setUpdatedBy("Ned Stark"); - fakeCred2.setUpdatedDate("2018-04-04T12:51:37.803Z"); + Map fakeCred2 = new HashMap<>(); + fakeCred2.put(CredentialsService.NAME, AttributeValue.builder().s("APP.dev.testKey2").build()); + fakeCred2.put(CredentialsService.VERSION, AttributeValue.builder().s("0001").build()); + fakeCred2.put(CredentialsService.UPDATED_BY, AttributeValue.builder().s("Ned Stark").build()); + fakeCred2.put(CredentialsService.UPDATED_ON, AttributeValue.builder().s("2018-04-04T12:51:37.803Z").build()); - DBCredential fakeCred3 = fakeCred2; - fakeCred3.setSdlc("dev"); + Map fakeCred3 = fakeCred2; + fakeCred3.put(CredentialsService.SDLC, AttributeValue.builder().s("dev").build()); fakeData.add(fakeCred1); fakeData.add(fakeCred2); - when(dynamoDBService.scanDynamoDB(any(), eq(DBCredential.class), any())).thenReturn(fakeData); + when(dynamoDBService.scanDynamoDB(any(), any())).thenReturn(fakeData); when(migrateService.migrateCredential(any(), any())).thenReturn(fakeCred3); List expectedCreds = new ArrayList<>(); @@ -125,95 +124,96 @@ public void getAllCredentialsShouldBeAbleToObtainCredentialsWithAndWithoutCompon expectedCreds.add(new Credential("testKey", "APP.TestComponent.dev.testKey", "some-account", "region", "APP", "dev", "TestComponent", "Jon Snow", "2018-04-04T12:51:37.803Z")); - assertTrue(credentialsService.getAllCredentials("table", "some-account", "region", "APP").equals(expectedCreds)); + assertEquals(expectedCreds, credentialsService.getAllCredentials("table", "some-account", "region", "APP")); } @Test public void getAllCredentialsShouldBeAbleToHandleLegacyCredentialEntries() { - List fakeData = new ArrayList<>(); + List> fakeData = new ArrayList<>(); - DBCredential fakeCred1 = new DBCredential(); - fakeCred1.setName("APP.TestComponent.dev.testKey"); - fakeCred1.setSdlc("dev"); - fakeCred1.setComponent("TestComponent"); - fakeCred1.setVersion("0001"); + Map fakeCred1 = new HashMap<>(); + fakeCred1.put(CredentialsService.NAME, AttributeValue.builder().s("APP.TestComponent.dev.testKey").build()); + fakeCred1.put(CredentialsService.SDLC, AttributeValue.builder().s("dev").build()); + fakeCred1.put(CredentialsService.COMPONENT, AttributeValue.builder().s("TestComponent").build()); + fakeCred1.put(CredentialsService.VERSION, AttributeValue.builder().s("0001").build()); fakeData.add(fakeCred1); - when(dynamoDBService.scanDynamoDB(any(), eq(DBCredential.class), any())).thenReturn(fakeData); + when(dynamoDBService.scanDynamoDB(any(), any())).thenReturn(fakeData); credentialsService.getAllCredentials("table", "dev", "us-east-1", "APP"); } @Test public void getCredentialHistoryShouldBeAbleToHandleLegacyCredentialEntries() { - List fakeData = new ArrayList<>(); + List> fakeData = new ArrayList<>(); - DBCredential fakeCred1 = new DBCredential(); - fakeCred1.setName("APP.TestComponent.dev.testKey"); - fakeCred1.setSdlc("dev"); - fakeCred1.setComponent("TestComponent"); - fakeCred1.setVersion("0001"); + Map fakeCred1 = new HashMap<>(); + fakeCred1.put(CredentialsService.NAME, AttributeValue.builder().s("APP.TestComponent.dev.testKey").build()); + fakeCred1.put(CredentialsService.SDLC, AttributeValue.builder().s("dev").build()); + fakeCred1.put(CredentialsService.COMPONENT, AttributeValue.builder().s("TestComponent").build()); + fakeCred1.put(CredentialsService.VERSION, AttributeValue.builder().s("0001").build()); fakeData.add(fakeCred1); - when(dynamoDBService.scanDynamoDB(any(), eq(DBCredential.class), any())).thenReturn(fakeData); + when(dynamoDBService.scanDynamoDB(any(), any())).thenReturn(fakeData); credentialsService.getCredentialHistory("table", "dev", "us-east-1", "APP", "dev", "TestComponent", "testKey", false); } @Test public void getAllCredentialsShouldBeAbleToMigrateCredentialsWithEmptyComponent() { - List fakeData = new ArrayList<>(); - - DBCredential fakeCred1 = new DBCredential(); - fakeCred1.setName("APP.TestComponent.dev.testKey"); - fakeCred1.setComponent(""); - fakeCred1.setVersion("0001"); - fakeCred1.setUpdatedBy("Jon Snow"); - fakeCred1.setUpdatedDate("2018-04-04T12:51:37.803Z"); - - DBCredential fakeCred2 = new DBCredential(); - fakeCred2.setName("APP.dev.testKey2"); - fakeCred1.setComponent(""); - fakeCred1.setSdlc(""); - fakeCred2.setVersion("0001"); - fakeCred2.setUpdatedBy("Ned Stark"); - fakeCred2.setUpdatedDate("2018-04-04T12:51:37.803Z"); - - DBCredential fakeCred3 = new DBCredential(); - fakeCred3.setName("APP.dev.testKey3.extra"); - fakeCred3.setVersion("0001"); - fakeCred3.setUpdatedBy(""); - fakeCred3.setUpdatedDate(""); - - DBCredential fakeCred4 = new DBCredential(); - fakeCred4.setName("APP.TestComponent.dev.testKey"); - fakeCred4.setComponent("TestComponent"); - fakeCred4.setSdlc("dev"); - fakeCred4.setVersion("0001"); - fakeCred4.setUpdatedBy("Ned Stark"); - fakeCred4.setUpdatedDate("2018-04-04T12:51:37.803Z"); - - DBCredential fakeCred5 = new DBCredential(); - fakeCred5.setName("APP.dev.testKey2"); - fakeCred5.setSdlc("dev"); - fakeCred5.setVersion("0001"); - fakeCred5.setUpdatedBy("Ned Stark"); - fakeCred5.setUpdatedDate("2018-04-04T12:51:37.803Z"); - - DBCredential fakeCred6 = new DBCredential(); - fakeCred6.setName("APP.dev.testKey3.extra"); - fakeCred6.setSdlc("testKey3"); - fakeCred6.setComponent("dev"); - fakeCred6.setVersion("0001"); - fakeCred6.setUpdatedBy("Ned Stark"); - fakeCred6.setUpdatedDate("2018-04-04T12:51:37.803Z"); + List> fakeData = new ArrayList<>(); + + Map fakeCred1 = new HashMap<>(); + fakeCred1.put(CredentialsService.NAME, AttributeValue.builder().s("APP.TestComponent.dev.testKey").build()); + fakeCred1.put(CredentialsService.SDLC, AttributeValue.builder().s("dev").build()); + fakeCred1.put(CredentialsService.COMPONENT, AttributeValue.builder().s("").build()); + fakeCred1.put(CredentialsService.VERSION, AttributeValue.builder().s("0001").build()); + fakeCred1.put(CredentialsService.UPDATED_BY, AttributeValue.builder().s("Jon Snow").build()); + fakeCred1.put(CredentialsService.UPDATED_ON, AttributeValue.builder().s("2018-04-04T12:51:37.803Z").build()); + + Map fakeCred2 = new HashMap<>(); + fakeCred2.put(CredentialsService.NAME, AttributeValue.builder().s("APP.dev.testKey2").build()); + fakeCred2.put(CredentialsService.SDLC, AttributeValue.builder().s("").build()); + fakeCred2.put(CredentialsService.COMPONENT, AttributeValue.builder().s("").build()); + fakeCred2.put(CredentialsService.VERSION, AttributeValue.builder().s("0001").build()); + fakeCred2.put(CredentialsService.UPDATED_BY, AttributeValue.builder().s("Ned Stark").build()); + fakeCred2.put(CredentialsService.UPDATED_ON, AttributeValue.builder().s("2018-04-04T12:51:37.803Z").build()); + + Map fakeCred3 = new HashMap<>(); + fakeCred3.put(CredentialsService.NAME, AttributeValue.builder().s("APP.dev.testKey3.extra").build()); + fakeCred3.put(CredentialsService.VERSION, AttributeValue.builder().s("0001").build()); + fakeCred3.put(CredentialsService.UPDATED_BY, AttributeValue.builder().s("").build()); + fakeCred3.put(CredentialsService.UPDATED_ON, AttributeValue.builder().s("").build()); + + Map fakeCred4 = new HashMap<>(); + fakeCred4.put(CredentialsService.NAME, AttributeValue.builder().s("APP.TestComponent.dev.testKey").build()); + fakeCred4.put(CredentialsService.SDLC, AttributeValue.builder().s("dev").build()); + fakeCred4.put(CredentialsService.COMPONENT, AttributeValue.builder().s("TestComponent").build()); + fakeCred4.put(CredentialsService.VERSION, AttributeValue.builder().s("0001").build()); + fakeCred4.put(CredentialsService.UPDATED_BY, AttributeValue.builder().s("Ned Stark").build()); + fakeCred4.put(CredentialsService.UPDATED_ON, AttributeValue.builder().s("2018-04-04T12:51:37.803Z").build()); + + Map fakeCred5 = new HashMap<>(); + fakeCred5.put(CredentialsService.NAME, AttributeValue.builder().s("APP.dev.testKey2").build()); + fakeCred5.put(CredentialsService.SDLC, AttributeValue.builder().s("dev").build()); + fakeCred5.put(CredentialsService.VERSION, AttributeValue.builder().s("0001").build()); + fakeCred5.put(CredentialsService.UPDATED_BY, AttributeValue.builder().s("Ned Stark").build()); + fakeCred5.put(CredentialsService.UPDATED_ON, AttributeValue.builder().s("2018-04-04T12:51:37.803Z").build()); + + Map fakeCred6 = new HashMap<>(); + fakeCred6.put(CredentialsService.NAME, AttributeValue.builder().s("APP.dev.testKey3.extra").build()); + fakeCred6.put(CredentialsService.SDLC, AttributeValue.builder().s("testKey3").build()); + fakeCred6.put(CredentialsService.COMPONENT, AttributeValue.builder().s("dev").build()); + fakeCred6.put(CredentialsService.VERSION, AttributeValue.builder().s("0001").build()); + fakeCred6.put(CredentialsService.UPDATED_BY, AttributeValue.builder().s("Ned Stark").build()); + fakeCred6.put(CredentialsService.UPDATED_ON, AttributeValue.builder().s("2018-04-04T12:51:37.803Z").build()); fakeData.add(fakeCred1); fakeData.add(fakeCred2); fakeData.add(fakeCred3); - when(dynamoDBService.scanDynamoDB(any(), eq(DBCredential.class), any())).thenReturn(fakeData); + when(dynamoDBService.scanDynamoDB(any(), any())).thenReturn(fakeData); when(migrateService.guessCredentialProperties(fakeCred1)).thenReturn(fakeCred4); when(migrateService.guessCredentialProperties(fakeCred2)).thenReturn(fakeCred5); when(migrateService.guessCredentialProperties(fakeCred3)).thenReturn(fakeCred6); @@ -257,54 +257,54 @@ public void getAllCredentialsShouldBeAbleToMigrateCredentialsWithEmptyComponent( @Test public void getAllCredentialsShouldBeAbleToMigrateCredentialsWithoutSDLC() { - List fakeData = new ArrayList<>(); - - DBCredential fakeCred1 = new DBCredential(); - fakeCred1.setName("APP.TestComponent.dev.testKey"); - fakeCred1.setVersion("0001"); - fakeCred1.setUpdatedBy("Jon Snow"); - fakeCred1.setUpdatedDate("2018-04-04T12:51:37.803Z"); - - DBCredential fakeCred2 = new DBCredential(); - fakeCred2.setName("APP.dev.testKey2"); - fakeCred2.setVersion("0001"); - fakeCred2.setUpdatedBy("Ned Stark"); - fakeCred2.setUpdatedDate("2018-04-04T12:51:37.803Z"); - - DBCredential fakeCred3 = new DBCredential(); - fakeCred3.setName("APP.dev.testKey3.extra"); - fakeCred3.setVersion("0001"); - fakeCred3.setUpdatedBy("Ned Stark"); - fakeCred3.setUpdatedDate("2018-04-04T12:51:37.803Z"); - - DBCredential fakeCred4 = new DBCredential(); - fakeCred4.setName("APP.TestComponent.dev.testKey"); - fakeCred4.setComponent("TestComponent"); - fakeCred4.setSdlc("dev"); - fakeCred4.setVersion("0001"); - fakeCred4.setUpdatedBy("Ned Stark"); - fakeCred4.setUpdatedDate("2018-04-04T12:51:37.803Z"); - - DBCredential fakeCred5 = new DBCredential(); - fakeCred5.setName("APP.dev.testKey2"); - fakeCred5.setSdlc("dev"); - fakeCred5.setVersion("0001"); - fakeCred5.setUpdatedBy("Ned Stark"); - fakeCred5.setUpdatedDate("2018-04-04T12:51:37.803Z"); - - DBCredential fakeCred6 = new DBCredential(); - fakeCred6.setName("APP.dev.testKey3.extra"); - fakeCred6.setSdlc("testKey3"); - fakeCred6.setComponent("dev"); - fakeCred6.setVersion("0001"); - fakeCred6.setUpdatedBy("Ned Stark"); - fakeCred6.setUpdatedDate("2018-04-04T12:51:37.803Z"); + List> fakeData = new ArrayList<>(); + + Map fakeCred1 = new HashMap<>(); + fakeCred1.put(CredentialsService.NAME, AttributeValue.builder().s("APP.TestComponent.dev.testKey").build()); + fakeCred1.put(CredentialsService.VERSION, AttributeValue.builder().s("0001").build()); + fakeCred1.put(CredentialsService.UPDATED_BY, AttributeValue.builder().s("Jon Snow").build()); + fakeCred1.put(CredentialsService.UPDATED_ON, AttributeValue.builder().s("2018-04-04T12:51:37.803Z").build()); + + Map fakeCred2 = new HashMap<>(); + fakeCred2.put(CredentialsService.NAME, AttributeValue.builder().s("APP.dev.testKey2").build()); + fakeCred2.put(CredentialsService.VERSION, AttributeValue.builder().s("0001").build()); + fakeCred2.put(CredentialsService.UPDATED_BY, AttributeValue.builder().s("Ned Stark").build()); + fakeCred2.put(CredentialsService.UPDATED_ON, AttributeValue.builder().s("2018-04-04T12:51:37.803Z").build()); + + Map fakeCred3 = new HashMap<>(); + fakeCred3.put(CredentialsService.NAME, AttributeValue.builder().s("APP.dev.testKey3.extra").build()); + fakeCred3.put(CredentialsService.VERSION, AttributeValue.builder().s("0001").build()); + fakeCred3.put(CredentialsService.UPDATED_BY, AttributeValue.builder().s("Ned Stark").build()); + fakeCred3.put(CredentialsService.UPDATED_ON, AttributeValue.builder().s("2018-04-04T12:51:37.803Z").build()); + + Map fakeCred4 = new HashMap<>(); + fakeCred4.put(CredentialsService.NAME, AttributeValue.builder().s("APP.TestComponent.dev.testKey").build()); + fakeCred4.put(CredentialsService.SDLC, AttributeValue.builder().s("dev").build()); + fakeCred4.put(CredentialsService.COMPONENT, AttributeValue.builder().s("").build()); + fakeCred4.put(CredentialsService.VERSION, AttributeValue.builder().s("0001").build()); + fakeCred4.put(CredentialsService.UPDATED_BY, AttributeValue.builder().s("Ned Stark").build()); + fakeCred4.put(CredentialsService.UPDATED_ON, AttributeValue.builder().s("2018-04-04T12:51:37.803Z").build()); + + Map fakeCred5 = new HashMap<>(); + fakeCred5.put(CredentialsService.NAME, AttributeValue.builder().s("APP.dev.testKey2").build()); + fakeCred5.put(CredentialsService.SDLC, AttributeValue.builder().s("dev").build()); + fakeCred5.put(CredentialsService.VERSION, AttributeValue.builder().s("0001").build()); + fakeCred5.put(CredentialsService.UPDATED_BY, AttributeValue.builder().s("Ned Stark").build()); + fakeCred5.put(CredentialsService.UPDATED_ON, AttributeValue.builder().s("2018-04-04T12:51:37.803Z").build()); + + Map fakeCred6 = new HashMap<>(); + fakeCred6.put(CredentialsService.NAME, AttributeValue.builder().s("APP.dev.testKey3.extra").build()); + fakeCred6.put(CredentialsService.SDLC, AttributeValue.builder().s("testKey3").build()); + fakeCred6.put(CredentialsService.COMPONENT, AttributeValue.builder().s("dev").build()); + fakeCred6.put(CredentialsService.VERSION, AttributeValue.builder().s("0001").build()); + fakeCred6.put(CredentialsService.UPDATED_BY, AttributeValue.builder().s("Ned Stark").build()); + fakeCred6.put(CredentialsService.UPDATED_ON, AttributeValue.builder().s("2018-04-04T12:51:37.803Z").build()); fakeData.add(fakeCred1); fakeData.add(fakeCred2); fakeData.add(fakeCred3); - when(dynamoDBService.scanDynamoDB(any(), eq(DBCredential.class), any())).thenReturn(fakeData); + when(dynamoDBService.scanDynamoDB(any(), any())).thenReturn(fakeData); when(migrateService.guessCredentialProperties(fakeCred1)).thenReturn(fakeCred4); when(migrateService.guessCredentialProperties(fakeCred2)).thenReturn(fakeCred5); when(migrateService.guessCredentialProperties(fakeCred3)).thenReturn(fakeCred6); @@ -327,25 +327,25 @@ public void getAllCredentialsShouldBeAbleToMigrateCredentialsWithoutSDLC() { @Test public void getCredential() { - List fakeData = new ArrayList<>(); - - DBCredential fakeCred1 = new DBCredential(); - fakeCred1.setName("APP.TestComponent.dev.testKey"); - fakeCred1.setVersion("0001"); - fakeCred1.setUpdatedBy("Jon Snow"); - fakeCred1.setUpdatedDate("2018-04-04T12:51:37.803Z"); - - DBCredential fakeCred4 = new DBCredential(); - fakeCred4.setName("APP.TestComponent.dev.testKey"); - fakeCred4.setComponent("TestComponent"); - fakeCred4.setSdlc("dev"); - fakeCred4.setVersion("0001"); - fakeCred4.setUpdatedBy("Ned Stark"); - fakeCred4.setUpdatedDate("2018-04-04T12:51:37.803Z"); + List> fakeData = new ArrayList<>(); + + Map fakeCred1 = new HashMap<>(); + fakeCred1.put(CredentialsService.NAME, AttributeValue.builder().s("APP.TestComponent.dev.testKey").build()); + fakeCred1.put(CredentialsService.VERSION, AttributeValue.builder().s("0001").build()); + fakeCred1.put(CredentialsService.UPDATED_BY, AttributeValue.builder().s("Jon Snow").build()); + fakeCred1.put(CredentialsService.UPDATED_ON, AttributeValue.builder().s("2018-04-04T12:51:37.803Z").build()); + + Map fakeCred4 = new HashMap<>(); + fakeCred4.put(CredentialsService.NAME, AttributeValue.builder().s("APP.TestComponent.dev.testKey").build()); + fakeCred4.put(CredentialsService.SDLC, AttributeValue.builder().s("dev").build()); + fakeCred4.put(CredentialsService.COMPONENT, AttributeValue.builder().s("TestComponent").build()); + fakeCred4.put(CredentialsService.VERSION, AttributeValue.builder().s("0001").build()); + fakeCred4.put(CredentialsService.UPDATED_BY, AttributeValue.builder().s("Ned Stark").build()); + fakeCred4.put(CredentialsService.UPDATED_ON, AttributeValue.builder().s("2018-04-04T12:51:37.803Z").build()); fakeData.add(fakeCred1); - when(dynamoDBService.queryDynamoDB(any(), eq(DBCredential.class), any())).thenReturn(fakeData); + when(dynamoDBService.queryDynamoDB(any(), any())).thenReturn(fakeData); when(migrateService.migrateCredential(any(), any())).thenReturn(fakeCred4); Credential expectedCreds = new Credential("testKey", "APP.TestComponent.dev.testKey", "some-account", "region", "APP", "dev", @@ -358,23 +358,23 @@ public void getCredential() { @Test(expected = Exception.class) public void getCredentialFaliureToMigrate()throws Exception { - List fakeData = new ArrayList<>(); + List> fakeData = new ArrayList<>(); - DBCredential fakeCred1 = new DBCredential(); - fakeCred1.setName("APP.TestComponent.dev.testKey"); - fakeCred1.setVersion("0001"); - fakeCred1.setUpdatedBy("Jon Snow"); - fakeCred1.setUpdatedDate("2018-04-04T12:51:37.803Z"); + Map fakeCred1 = new HashMap<>(); + fakeCred1.put(CredentialsService.NAME, AttributeValue.builder().s("APP.TestComponent.dev.testKey").build()); + fakeCred1.put(CredentialsService.VERSION, AttributeValue.builder().s("0001").build()); + fakeCred1.put(CredentialsService.UPDATED_BY, AttributeValue.builder().s("Jon Snow").build()); + fakeCred1.put(CredentialsService.UPDATED_ON, AttributeValue.builder().s("2018-04-04T12:51:37.803Z").build()); - DBCredential fakeCred4 = new DBCredential(); - fakeCred4.setName("APP.TestComponent.dev.testKey"); - fakeCred4.setVersion("0001"); - fakeCred4.setUpdatedBy("Ned Stark"); - fakeCred4.setUpdatedDate("2018-04-04T12:51:37.803Z"); + Map fakeCred4 = new HashMap<>(); + fakeCred4.put(CredentialsService.NAME, AttributeValue.builder().s("APP.TestComponent.dev.testKey").build()); + fakeCred4.put(CredentialsService.VERSION, AttributeValue.builder().s("0001").build()); + fakeCred4.put(CredentialsService.UPDATED_BY, AttributeValue.builder().s("Ned Stark").build()); + fakeCred4.put(CredentialsService.UPDATED_ON, AttributeValue.builder().s("2018-04-04T12:51:37.803Z").build()); fakeData.add(fakeCred1); - when(dynamoDBService.queryDynamoDB(any(), eq(DBCredential.class), any())).thenReturn(fakeData); + when(dynamoDBService.queryDynamoDB(any(), any())).thenReturn(fakeData); when(migrateService.migrateCredential(any(), any())).thenReturn(null); Credential expectedCreds = new Credential("testKey", "APP.TestComponent.dev.testKey", "some-account", "region", "APP", "dev", @@ -388,23 +388,23 @@ public void getCredentialFaliureToMigrate()throws Exception { @Test public void getCredentialFaliureToFindCredential() { - List fakeData = new ArrayList<>(); + List> fakeData = new ArrayList<>(); - DBCredential fakeCred1 = new DBCredential(); - fakeCred1.setName("APP.TestComponent.dev.testKey"); - fakeCred1.setVersion("0001"); - fakeCred1.setUpdatedBy("Jon Snow"); - fakeCred1.setUpdatedDate("2018-04-04T12:51:37.803Z"); + Map fakeCred1 = new HashMap<>(); + fakeCred1.put(CredentialsService.NAME, AttributeValue.builder().s("APP.TestComponent.dev.testKey").build()); + fakeCred1.put(CredentialsService.VERSION, AttributeValue.builder().s("0001").build()); + fakeCred1.put(CredentialsService.UPDATED_BY, AttributeValue.builder().s("Jon Snow").build()); + fakeCred1.put(CredentialsService.UPDATED_ON, AttributeValue.builder().s("2018-04-04T12:51:37.803Z").build()); - DBCredential fakeCred4 = new DBCredential(); - fakeCred4.setName("APP.TestComponent.dev.testKey"); - fakeCred4.setVersion("0001"); - fakeCred4.setUpdatedBy("Ned Stark"); - fakeCred4.setUpdatedDate("2018-04-04T12:51:37.803Z"); + Map fakeCred4 = new HashMap<>(); + fakeCred4.put(CredentialsService.NAME, AttributeValue.builder().s("APP.TestComponent.dev.testKey").build()); + fakeCred4.put(CredentialsService.VERSION, AttributeValue.builder().s("0001").build()); + fakeCred4.put(CredentialsService.UPDATED_BY, AttributeValue.builder().s("Ned Stark").build()); + fakeCred4.put(CredentialsService.UPDATED_ON, AttributeValue.builder().s("2018-04-04T12:51:37.803Z").build()); fakeData.add(fakeCred1); - when(dynamoDBService.scanDynamoDB(any(), eq(DBCredential.class), any())).thenReturn(fakeData); + when(dynamoDBService.scanDynamoDB(any(), any())).thenReturn(fakeData); when(migrateService.migrateCredential(any(), any())).thenThrow(NoSuchElementException.class); Credential expectedCreds = new Credential("testKey", "APP.TestComponent.dev.testKey", "some-account", "region", "APP", "dev", @@ -419,28 +419,28 @@ public void getCredentialFaliureToFindCredential() { @Test public void getAllCredentialsShouldOnlyReturnLatestVersionOfCredentials() { - List fakeData = new ArrayList<>(); + List> fakeData = new ArrayList<>(); - DBCredential fakeCred1 = new DBCredential(); - fakeCred1.setName("APP.TestComponent.dev.testKey"); - fakeCred1.setVersion("0001"); - fakeCred1.setUpdatedBy("Jon Snow"); - fakeCred1.setUpdatedDate("2018-04-04T12:51:37.803Z"); + Map fakeCred1 = new HashMap<>(); + fakeCred1.put(CredentialsService.NAME, AttributeValue.builder().s("APP.TestComponent.dev.testKey").build()); + fakeCred1.put(CredentialsService.VERSION, AttributeValue.builder().s("0001").build()); + fakeCred1.put(CredentialsService.UPDATED_BY, AttributeValue.builder().s("Jon Snow").build()); + fakeCred1.put(CredentialsService.UPDATED_ON, AttributeValue.builder().s("2018-04-04T12:51:37.803Z").build()); - DBCredential fakeCred2 = new DBCredential(); - fakeCred2.setName("APP.TestComponent.dev.testKey"); - fakeCred2.setVersion("0002"); - fakeCred2.setUpdatedBy("Ned Stark"); - fakeCred2.setUpdatedDate("2018-04-04T12:51:37.803Z"); + Map fakeCred2 = new HashMap<>(); + fakeCred2.put(CredentialsService.NAME, AttributeValue.builder().s("APP.TestComponent.dev.testKey").build()); + fakeCred2.put(CredentialsService.VERSION, AttributeValue.builder().s("0002").build()); + fakeCred2.put(CredentialsService.UPDATED_BY, AttributeValue.builder().s("Ned Stark").build()); + fakeCred2.put(CredentialsService.UPDATED_ON, AttributeValue.builder().s("2018-04-04T12:51:37.803Z").build()); - DBCredential fakeCred3 = fakeCred2; - fakeCred3.setSdlc("dev"); - fakeCred3.setComponent("TestComponent"); + Map fakeCred3 = fakeCred2; + fakeCred3.put(CredentialsService.SDLC, AttributeValue.builder().s("dev").build()); + fakeCred3.put(CredentialsService.COMPONENT, AttributeValue.builder().s("TestComponent").build()); fakeData.add(fakeCred1); fakeData.add(fakeCred2); - when(dynamoDBService.scanDynamoDB(any(), eq(DBCredential.class), any())).thenReturn(fakeData); + when(dynamoDBService.scanDynamoDB(any(), any())).thenReturn(fakeData); List expectedCreds = new ArrayList<>(); expectedCreds.add(new Credential("testKey", "APP.TestComponent.dev.testKey", "my_account","region", "APP","dev", @@ -453,17 +453,17 @@ public void getAllCredentialsShouldOnlyReturnLatestVersionOfCredentials() { @Test public void getCredentialHistoryShouldBeAbleToCorrectlyCreateAHistoryObjectFromObtainedData() { - List fakeData = new ArrayList<>(); + List> fakeData = new ArrayList<>(); - DBCredential fakeCred = new DBCredential(); - fakeCred.setName("APP.dev.TestComponent.testKey"); - fakeCred.setVersion("0001"); - fakeCred.setUpdatedBy("Jon Snow"); - fakeCred.setUpdatedDate("2018-04-04T12:51:37.803Z"); + Map fakeCred = new HashMap<>(); + fakeCred.put(CredentialsService.NAME, AttributeValue.builder().s("APP.TestComponent.dev.testKey").build()); + fakeCred.put(CredentialsService.VERSION, AttributeValue.builder().s("0001").build()); + fakeCred.put(CredentialsService.UPDATED_BY, AttributeValue.builder().s("Jon Snow").build()); + fakeCred.put(CredentialsService.UPDATED_ON, AttributeValue.builder().s("2018-04-04T12:51:37.803Z").build()); fakeData.add(fakeCred); - when(dynamoDBService.queryDynamoDB(any(), eq(DBCredential.class), any())).thenReturn(fakeData); + when(dynamoDBService.queryDynamoDB(any(), any())).thenReturn(fakeData); List expectedHistory = new ArrayList<>(); HistoryEntry expectedEntry = new HistoryEntry(1, "Jon Snow", "2018-04-04T12:51:37.803Z"); @@ -580,13 +580,13 @@ public void putMetadata() throws Exception { @Test(expected = FideliusException.class) public void createCredentialShouldNotCreateDuplicateCredentials() throws FideliusException { - List fakeData = new ArrayList<>(); + List> fakeData = new ArrayList<>(); - DBCredential fakeCred = new DBCredential(); - fakeCred.setName("APP.dev.testComponent.testKey"); - fakeCred.setVersion("0001"); - fakeCred.setUpdatedBy("Jon Snow"); - fakeCred.setUpdatedDate("2018-04-04T12:51:37.803Z"); + Map fakeCred = new HashMap<>(); + fakeCred.put(CredentialsService.NAME, AttributeValue.builder().s("APP.dev.testComponent.testKey").build()); + fakeCred.put(CredentialsService.VERSION, AttributeValue.builder().s("0001").build()); + fakeCred.put(CredentialsService.UPDATED_BY, AttributeValue.builder().s("Jon Snow").build()); + fakeCred.put(CredentialsService.UPDATED_ON, AttributeValue.builder().s("2018-04-04T12:51:37.803Z").build()); fakeData.add(fakeCred); @@ -599,7 +599,7 @@ public void createCredentialShouldNotCreateDuplicateCredentials() throws Fideliu credential.setShortKey("testKey"); credential.setSecret("secretPassword"); - when(dynamoDBService.queryDynamoDB(any(), eq(DBCredential.class), any())).thenReturn(fakeData); + when(dynamoDBService.queryDynamoDB(any(), any())).thenReturn(fakeData); Credential result = credentialsService.createCredential(credential); } @@ -672,27 +672,27 @@ public void deleteMetadata() throws Exception { @Test public void getAllCredentialsShortensFullIAMRoleARNs() { - List fakeData = new ArrayList<>(); - - DBCredential fakeCred1 = new DBCredential(); - fakeCred1.setName("APP.TestComponent.dev.testKey"); - fakeCred1.setSdlc("dev"); - fakeCred1.setComponent("TestComponent"); - fakeCred1.setVersion("0001"); - fakeCred1.setUpdatedBy("arn:aws:sts::1234567890:assumed-role/private_aws_somerole_d/L25000"); - fakeCred1.setUpdatedDate("2018-04-04T12:51:37.803Z"); - - DBCredential fakeCred2 = new DBCredential(); - fakeCred2.setName("APP.dev.testKey2"); - fakeCred2.setSdlc("dev"); - fakeCred2.setVersion("0001"); - fakeCred2.setUpdatedBy("Ned Stark"); - fakeCred2.setUpdatedDate("2018-04-04T12:51:37.803Z"); + List> fakeData = new ArrayList<>(); + + Map fakeCred1 = new HashMap<>(); + fakeCred1.put(CredentialsService.NAME, AttributeValue.builder().s("APP.TestComponent.dev.testKey").build()); + fakeCred1.put(CredentialsService.SDLC, AttributeValue.builder().s("dev").build()); + fakeCred1.put(CredentialsService.COMPONENT, AttributeValue.builder().s("TestComponent").build()); + fakeCred1.put(CredentialsService.VERSION, AttributeValue.builder().s("0001").build()); + fakeCred1.put(CredentialsService.UPDATED_BY, AttributeValue.builder().s("arn:aws:sts::1234567890:assumed-role/private_aws_somerole_d/L25000").build()); + fakeCred1.put(CredentialsService.UPDATED_ON, AttributeValue.builder().s("2018-04-04T12:51:37.803Z").build()); + + Map fakeCred2 = new HashMap<>(); + fakeCred1.put(CredentialsService.NAME, AttributeValue.builder().s("APP.dev.testKey2").build()); + fakeCred1.put(CredentialsService.SDLC, AttributeValue.builder().s("dev").build()); + fakeCred1.put(CredentialsService.VERSION, AttributeValue.builder().s("0001").build()); + fakeCred1.put(CredentialsService.UPDATED_BY, AttributeValue.builder().s("Ned Stark").build()); + fakeCred1.put(CredentialsService.UPDATED_ON, AttributeValue.builder().s("2018-04-04T12:51:37.803Z").build()); fakeData.add(fakeCred1); fakeData.add(fakeCred2); - when(dynamoDBService.scanDynamoDB(any(), eq(DBCredential.class), any())).thenReturn(fakeData); + when(dynamoDBService.scanDynamoDB(any(), any())).thenReturn(fakeData); List expectedCreds = new ArrayList<>(); expectedCreds.add(new Credential("testKey2", "APP.dev.testKey2", "some-account","region", "APP", "dev", diff --git a/fidelius-service/src/test/java/org/finra/fidelius/services/MigrateServiceTest.java b/fidelius-service/src/test/java/org/finra/fidelius/services/MigrateServiceTest.java index af9d667..caad45a 100644 --- a/fidelius-service/src/test/java/org/finra/fidelius/services/MigrateServiceTest.java +++ b/fidelius-service/src/test/java/org/finra/fidelius/services/MigrateServiceTest.java @@ -17,10 +17,6 @@ package org.finra.fidelius.services; -import com.amazonaws.services.dynamodbv2.AmazonDynamoDBClient; -import com.amazonaws.services.dynamodbv2.datamodeling.DynamoDBMapper; -import com.amazonaws.services.kms.AWSKMSClient; -import org.finra.fidelius.model.db.DBCredential; import org.finra.fidelius.services.aws.AWSSessionService; import org.finra.fidelius.services.aws.DynamoDBService; import org.junit.Assert; @@ -32,6 +28,12 @@ import org.mockito.MockitoAnnotations; import org.mockito.runners.MockitoJUnitRunner; import org.springframework.beans.factory.annotation.Value; +import software.amazon.awssdk.services.dynamodb.DynamoDbClient; +import software.amazon.awssdk.services.dynamodb.model.AttributeValue; +import software.amazon.awssdk.services.kms.KmsClient; + +import java.util.HashMap; +import java.util.Map; import static org.mockito.Matchers.any; import static org.mockito.Mockito.doReturn; @@ -52,9 +54,6 @@ public class MigrateServiceTest { @Mock private DynamoDBService dynamoDBService; - @Mock - private DynamoDBMapper mapper; - /** * Name of DynamoDb table that contains credentials */ @@ -64,224 +63,223 @@ public class MigrateServiceTest { @Before public void setUp() throws Exception { MockitoAnnotations.initMocks(this); - when(awsSessionService.getDynamoDBClient(any())).thenReturn(new AmazonDynamoDBClient()); - when(awsSessionService.getKmsClient(any())).thenReturn(new AWSKMSClient()); + when(awsSessionService.getDynamoDBClient(any())).thenReturn(DynamoDbClient.builder().build()); + when(awsSessionService.getKmsClient(any())).thenReturn(KmsClient.builder().build()); } @Test public void migrateCredentialWith3Fields() throws Exception { - DBCredential dbCredential = new DBCredential(); - dbCredential.setName("APP.dev.key"); + Map dbCredential = new HashMap<>(); + dbCredential.put("name", AttributeValue.builder().s("APP.dev.key").build()); doReturn("correct").when(fideliusService).getCredential("key", "APP", "dev", null, tableName, "FideliusMigrateTask"); - DBCredential result = migrateService.migrateCredential(dbCredential, fideliusService); + Map result = migrateService.migrateCredential(dbCredential, fideliusService); - Assert.assertEquals("dev", result.getSdlc()); - Assert.assertEquals(null, result.getComponent()); + Assert.assertEquals("dev", result.get("sdlc").s()); + Assert.assertNull(result.get("component")); } @Test public void migrateCredentialWith3FieldsAndSpecialCharacter() throws Exception { - DBCredential dbCredential = new DBCredential(); - dbCredential.setName("APP.dev."); + Map dbCredential = new HashMap<>(); + dbCredential.put("name", AttributeValue.builder().s("APP.dev.").build()); doReturn("correct").when(fideliusService).getCredential("", "APP", "dev", null, tableName, "FideliusMigrateTask"); - DBCredential result = migrateService.migrateCredential(dbCredential, fideliusService); + Map result = migrateService.migrateCredential(dbCredential, fideliusService); - Assert.assertEquals("dev", result.getSdlc()); - Assert.assertEquals(null, result.getComponent()); + Assert.assertEquals("dev", result.get("sdlc").s()); + Assert.assertNull(result.get("component")); } @Test public void guessCredentialWith3Fields() throws Exception { - DBCredential dbCredential = new DBCredential(); - dbCredential.setName("APP.dev.key"); + Map dbCredential = new HashMap<>(); + dbCredential.put("name", AttributeValue.builder().s("APP.dev.key").build()); - DBCredential result = migrateService.guessCredentialProperties(dbCredential); + Map result = migrateService.guessCredentialProperties(dbCredential); - Assert.assertEquals("dev", result.getSdlc()); - Assert.assertEquals(null, result.getComponent()); - Assert.assertEquals("key", result.getShortKey()); + Assert.assertEquals("dev", result.get("sdlc").s()); + Assert.assertNull(result.get("component")); + Assert.assertEquals("key", CredentialsService.getShortKey(result)); } @Test public void guessCredentialWith3FieldsAndSpecialCharacters() throws Exception { - DBCredential dbCredential = new DBCredential(); - dbCredential.setName("APP.dev-int. dbCredential = new HashMap<>(); + dbCredential.put("name", AttributeValue.builder().s("APP.dev-int. result = migrateService.guessCredentialProperties(dbCredential); - Assert.assertEquals("dev-int", result.getSdlc()); - Assert.assertEquals(null, result.getComponent()); - Assert.assertEquals(" dbCredential = new HashMap<>(); + dbCredential.put("name", AttributeValue.builder().s("APP.dev.key").build()); - DBCredential result = migrateService.migrateCredential(dbCredential, fideliusService); + Map result = migrateService.migrateCredential(dbCredential, fideliusService); - Assert.assertEquals(null, result.getSdlc()); - Assert.assertEquals(null, result.getComponent()); + Assert.assertNull(result.get("sdlc")); + Assert.assertNull(result.get("component")); } @Test public void migrateCredentialWith4FieldsAndNoComponent() throws Exception { - DBCredential dbCredential = new DBCredential(); - dbCredential.setName("APP.dev.secret.key"); + Map dbCredential = new HashMap<>(); + dbCredential.put("name", AttributeValue.builder().s("APP.dev.secret.key").build()); doReturn("correct").when(fideliusService).getCredential("secret.key", "APP", "dev", null, tableName, "FideliusMigrateTask"); - DBCredential result = migrateService.migrateCredential(dbCredential, fideliusService); + Map result = migrateService.migrateCredential(dbCredential, fideliusService); - Assert.assertEquals("dev", result.getSdlc()); - Assert.assertEquals(null, result.getComponent()); + Assert.assertEquals("dev", result.get("sdlc").s()); + Assert.assertNull(result.get("component")); } @Test public void migrateCredentialWith4FieldsAndComponent() throws Exception { - DBCredential dbCredential = new DBCredential(); - dbCredential.setName("APP.component.dev.key"); + Map dbCredential = new HashMap<>(); + dbCredential.put("name", AttributeValue.builder().s("APP.component.dev.key").build()); doReturn("correct").when(fideliusService).getCredential("key", "APP", "dev", "component", tableName, "FideliusMigrateTask"); - DBCredential result = migrateService.migrateCredential(dbCredential, fideliusService); + Map result = migrateService.migrateCredential(dbCredential, fideliusService); - Assert.assertEquals("dev", result.getSdlc()); - Assert.assertEquals("component", result.getComponent()); + Assert.assertEquals("dev", result.get("sdlc").s()); + Assert.assertEquals("component", result.get("component").s()); } @Test public void migrateCredentialWith4FieldsAndComponentShouldBeNull() throws Exception { - DBCredential dbCredential = new DBCredential(); - dbCredential.setName("APP.component.dev.key"); + Map dbCredential = new HashMap<>(); + dbCredential.put("name", AttributeValue.builder().s("APP.component.dev.key").build()); - DBCredential result = migrateService.migrateCredential(dbCredential, fideliusService); + Map result = migrateService.migrateCredential(dbCredential, fideliusService); - Assert.assertEquals(null, result.getSdlc()); - Assert.assertEquals(null, result.getComponent()); + Assert.assertNull(result.get("sdlc")); + Assert.assertNull(result.get("component")); } @Test public void guessCredentialWith4Fields() throws Exception { - DBCredential dbCredential = new DBCredential(); - dbCredential.setName("APP.component.dev.key"); + Map dbCredential = new HashMap<>(); + dbCredential.put("name", AttributeValue.builder().s("APP.component.dev.key").build()); - DBCredential result = migrateService.guessCredentialProperties(dbCredential); + Map result = migrateService.guessCredentialProperties(dbCredential); - Assert.assertEquals("component", result.getSdlc()); - Assert.assertEquals(null, result.getComponent()); - Assert.assertEquals("dev.key", result.getShortKey()); + Assert.assertEquals("component", result.get("sdlc").s()); + Assert.assertNull(result.get("component")); + Assert.assertEquals("dev.key", CredentialsService.getShortKey(result)); } @Test public void guessCredentialWith4FieldsAndSpecialCharacters() throws Exception { - DBCredential dbCredential = new DBCredential(); - dbCredential.setName("APP.dev-int.component."); - - DBCredential result = migrateService.guessCredentialProperties(dbCredential); + Map dbCredential = new HashMap<>(); + dbCredential.put("name", AttributeValue.builder().s("APP.dev-int.component.").build()); - Assert.assertEquals("dev-int", result.getSdlc()); - Assert.assertEquals(null, result.getComponent()); - Assert.assertEquals("component.", result.getShortKey()); + Map result = migrateService.guessCredentialProperties(dbCredential); + Assert.assertEquals("dev-int", result.get("sdlc").s()); + Assert.assertNull(result.get("component")); + Assert.assertEquals("component.", CredentialsService.getShortKey(result)); } @Test public void migrateCredentialWithMoreThan4FieldsAndNoComponent() throws Exception { - DBCredential dbCredential = new DBCredential(); - dbCredential.setName("APP.dev.secret.long.key"); + Map dbCredential = new HashMap<>(); + dbCredential.put("name", AttributeValue.builder().s("APP.dev.secret.long.key").build()); doReturn("correct").when(fideliusService).getCredential("secret.long.key", "APP", "dev", null, tableName, "FideliusMigrateTask"); - DBCredential result = migrateService.migrateCredential(dbCredential, fideliusService); + Map result = migrateService.migrateCredential(dbCredential, fideliusService); - Assert.assertEquals("dev", result.getSdlc()); - Assert.assertEquals(null, result.getComponent()); + Assert.assertEquals("dev", result.get("sdlc").s()); + Assert.assertNull(result.get("component")); } @Test public void migrateCredentialWithMoreThan4FieldsAndNoComponentSpecialCharacters() throws Exception { - DBCredential dbCredential = new DBCredential(); - dbCredential.setName("APP.dev-int.secret.'long. dbCredential = new HashMap<>(); + dbCredential.put("name", AttributeValue.builder().s("APP.dev-int.secret.'long. result = migrateService.migrateCredential(dbCredential, fideliusService); - Assert.assertEquals("dev-int", result.getSdlc()); - Assert.assertEquals(null, result.getComponent()); + Assert.assertEquals("dev-int", result.get("sdlc").s()); + Assert.assertNull(result.get("component")); } @Test public void migrateCredentialWithMoreThan4FieldsAndComponent() throws Exception { - DBCredential dbCredential = new DBCredential(); - dbCredential.setName("APP.component.dev.secret.long.key"); + Map dbCredential = new HashMap<>(); + dbCredential.put("name", AttributeValue.builder().s("APP.component.dev.secret.long.key").build()); doReturn("correct").when(fideliusService).getCredential("secret.long.key", "APP", "dev", "component", tableName, "FideliusMigrateTask"); - DBCredential result = migrateService.migrateCredential(dbCredential, fideliusService); + Map result = migrateService.migrateCredential(dbCredential, fideliusService); - Assert.assertEquals("dev", result.getSdlc()); - Assert.assertEquals("component", result.getComponent()); + Assert.assertEquals("dev", result.get("sdlc").s()); + Assert.assertEquals("component", result.get("component").s()); } @Test public void migrateCredentialWithMoreThan4FieldsAndComponentSpecialCharacters() throws Exception { - DBCredential dbCredential = new DBCredential(); - dbCredential.setName("APP.component.dev-int.secret.long."); + Map dbCredential = new HashMap<>(); + dbCredential.put("name", AttributeValue.builder().s("APP.component.dev-int.secret.long.").build()); doReturn("correct").when(fideliusService).getCredential("secret.long.", "APP", "dev-int", "component", tableName, "FideliusMigrateTask"); - DBCredential result = migrateService.migrateCredential(dbCredential, fideliusService); + Map result = migrateService.migrateCredential(dbCredential, fideliusService); - Assert.assertEquals("dev-int", result.getSdlc()); - Assert.assertEquals("component", result.getComponent()); + Assert.assertEquals("dev-int", result.get("sdlc").s()); + Assert.assertEquals("component", result.get("component").s()); } @Test public void guessCredentialWithMoreThan4Fields() throws Exception { - DBCredential dbCredential = new DBCredential(); - dbCredential.setName("APP.dev.secret.long.key"); + Map dbCredential = new HashMap<>(); + dbCredential.put("name", AttributeValue.builder().s("APP.dev.secret.long.key").build()); - DBCredential result = migrateService.guessCredentialProperties(dbCredential); + Map result = migrateService.guessCredentialProperties(dbCredential); - Assert.assertEquals("dev", result.getSdlc()); - Assert.assertEquals(null, result.getComponent()); - Assert.assertEquals("secret.long.key", result.getShortKey()); + Assert.assertEquals("dev", result.get("sdlc").s()); + Assert.assertNull(result.get("component")); + Assert.assertEquals("secret.long.key", CredentialsService.getShortKey(result)); } @Test public void guessCredentialWithMoreThan4FieldsAndCharacters() throws Exception { - DBCredential dbCredential = new DBCredential(); - dbCredential.setName("APP.dev-int.secret.long. dbCredential = new HashMap<>(); + dbCredential.put("name", AttributeValue.builder().s("APP.dev-int.secret.long. result = migrateService.guessCredentialProperties(dbCredential); - Assert.assertEquals("dev-int", result.getSdlc()); - Assert.assertEquals(null, result.getComponent()); - Assert.assertEquals("secret.long. dbCredential = new HashMap<>(); + dbCredential.put("name", AttributeValue.builder().s("APP.dev-int*.secret").build()); - DBCredential result = migrateService.guessCredentialProperties(dbCredential); + Map result = migrateService.guessCredentialProperties(dbCredential); - Assert.assertEquals("dev-int*", result.getSdlc()); - Assert.assertEquals(null, result.getComponent()); - Assert.assertEquals("APP.dev-int*.secret", result.getShortKey()); + Assert.assertEquals("dev-int*", result.get("sdlc").s()); + Assert.assertNull(result.get("component")); + Assert.assertEquals("APP.dev-int*.secret", CredentialsService.getShortKey(result)); } -} \ No newline at end of file +} diff --git a/fidelius-service/src/test/java/org/finra/fidelius/services/aws/DynamoDBServiceTest.java b/fidelius-service/src/test/java/org/finra/fidelius/services/aws/DynamoDBServiceTest.java index 3889748..c973f76 100644 --- a/fidelius-service/src/test/java/org/finra/fidelius/services/aws/DynamoDBServiceTest.java +++ b/fidelius-service/src/test/java/org/finra/fidelius/services/aws/DynamoDBServiceTest.java @@ -17,15 +17,6 @@ package org.finra.fidelius.services.aws; -import com.amazonaws.services.dynamodbv2.AmazonDynamoDBClient; -import com.amazonaws.services.dynamodbv2.datamodeling.DynamoDBMapper; -import com.amazonaws.services.dynamodbv2.datamodeling.DynamoDBQueryExpression; -import com.amazonaws.services.dynamodbv2.datamodeling.DynamoDBScanExpression; -import com.amazonaws.services.dynamodbv2.datamodeling.PaginatedScanList; -import com.amazonaws.services.dynamodbv2.model.ProvisionedThroughputExceededException; -import com.amazonaws.services.dynamodbv2.model.ResourceNotFoundException; -import com.amazonaws.services.securitytoken.model.AWSSecurityTokenServiceException; -import org.finra.fidelius.FideliusClient; import org.finra.fidelius.exceptions.FideliusException; import org.junit.Before; import org.junit.Test; @@ -34,18 +25,11 @@ import org.mockito.Mock; import org.mockito.MockitoAnnotations; import org.mockito.runners.MockitoJUnitRunner; -import org.springframework.beans.factory.annotation.Value; -import org.springframework.boot.test.context.SpringBootTest; -import org.springframework.test.context.ActiveProfiles; -import org.springframework.test.context.junit4.SpringRunner; +import software.amazon.awssdk.services.dynamodb.DynamoDbClient; +import software.amazon.awssdk.services.dynamodb.model.ProvisionedThroughputExceededException; +import software.amazon.awssdk.services.dynamodb.model.QueryRequest; +import software.amazon.awssdk.services.dynamodb.model.ScanRequest; -import javax.inject.Inject; - -import java.util.ArrayList; -import java.util.Arrays; -import java.util.List; - -import static org.junit.Assert.*; import static org.mockito.Matchers.any; import static org.mockito.Mockito.when; @@ -59,7 +43,7 @@ public class DynamoDBServiceTest { private DynamoDBService dynamoDBService; @Mock - private DynamoDBMapper fakeMapper; + private DynamoDbClient dynamoDbClient; @Before @@ -67,34 +51,16 @@ public void setUp() throws Exception { MockitoAnnotations.initMocks(this); } - @Test(expected = Exception.class) - public void createMapperShouldFailIfDBClientFailsToCreate() throws Exception { - when(awsSessionService.getDynamoDBClient(any())).thenThrow(new Exception()); - dynamoDBService.createMapper("BAD_ACCOUNT_NAME", "bad_region", "table"); - } - - @Test - public void createMapperShouldCompleteIfDBClientCreatesSuccessfully() throws Exception { - when(awsSessionService.getDynamoDBClient(any())).thenReturn(new AmazonDynamoDBClient()); - dynamoDBService.createMapper("some_account", "some_region", "table"); - } - @Test(expected = FideliusException.class) public void scanDynamoDBFailsAfterIntervalReaches60SecondsWhenRetryingOnThrottlingException() { - when(fakeMapper.scan(any(), any())).thenThrow(new ProvisionedThroughputExceededException("test")); - dynamoDBService.scanDynamoDB(new DynamoDBScanExpression(), Object.class, fakeMapper); - } - - @Test(expected = FideliusException.class) - public void createMapperShouldThrowFideliusExceptionIfCredentialAccessIsDenied() { - when(awsSessionService.getDynamoDBClient(any())).thenThrow(new AWSSecurityTokenServiceException("Access Denied")); - dynamoDBService.createMapper("some_account", "some_region", "table"); + when(dynamoDbClient.scan(any(ScanRequest.class))).thenThrow(ProvisionedThroughputExceededException.builder().message("test").build()); + dynamoDBService.scanDynamoDB(ScanRequest.builder().build(), dynamoDbClient); } @Test(expected = FideliusException.class) public void queryDynamoDBFailsAfterIntervalReaches60SecondsWhenRetryingOnThrottlingException() { - when(fakeMapper.query(any(), any())).thenThrow(new ProvisionedThroughputExceededException("test")); - dynamoDBService.queryDynamoDB(new DynamoDBQueryExpression(), Object.class, fakeMapper); + when(dynamoDbClient.query(any(QueryRequest.class))).thenThrow(ProvisionedThroughputExceededException.builder().message("test").build()); + dynamoDBService.queryDynamoDB(QueryRequest.builder().build(), dynamoDbClient); } -} \ No newline at end of file +} From 450d6323bd8e5311180d2ff8d74d288f4a23cc29 Mon Sep 17 00:00:00 2001 From: Kirik0 Date: Thu, 1 Sep 2022 06:27:14 -1000 Subject: [PATCH 08/10] Small fix for source names fetched for non-RDS/Aurora source types --- .../java/org/finra/fidelius/services/CredentialsService.java | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/fidelius-service/src/main/java/org/finra/fidelius/services/CredentialsService.java b/fidelius-service/src/main/java/org/finra/fidelius/services/CredentialsService.java index 372b5e1..32069a3 100644 --- a/fidelius-service/src/main/java/org/finra/fidelius/services/CredentialsService.java +++ b/fidelius-service/src/main/java/org/finra/fidelius/services/CredentialsService.java @@ -20,7 +20,6 @@ import com.google.common.cache.CacheBuilder; import com.google.common.cache.CacheLoader; import com.google.common.cache.LoadingCache; -import javassist.runtime.Desc; import org.dmfs.httpessentials.client.HttpRequestExecutor; import org.dmfs.httpessentials.httpurlconnection.HttpUrlConnectionExecutor; import org.dmfs.oauth2.client.*; @@ -752,13 +751,15 @@ private List getAllAuroraRegionalCluster(String account, String region, } public List getMetadataInfo(String account, String region, String sourceType, String application) throws Exception { + logger.info("Source type: " + sourceType); switch (sourceType) { case RDS: return getAllRDS(account, region, application); case AURORA: return getAllAuroraRegionalCluster(account, region, application); default: - throw new Exception("Please pass supported values for sourceType"); + logger.info("No source names to return for source type: " + sourceType); + return new ArrayList<>(); } } public List getSourceTypes(){ From 0d28667bda18b80a9cf131d86b0f9f3bfb00fc18 Mon Sep 17 00:00:00 2001 From: Kirik0 Date: Mon, 12 Sep 2022 07:56:04 -1000 Subject: [PATCH 09/10] Removed unused list --- fidelius-sdk/src/main/java/org/finra/fidelius/JCredStash.java | 1 - 1 file changed, 1 deletion(-) diff --git a/fidelius-sdk/src/main/java/org/finra/fidelius/JCredStash.java b/fidelius-sdk/src/main/java/org/finra/fidelius/JCredStash.java index e5c7a3e..ac693ff 100644 --- a/fidelius-sdk/src/main/java/org/finra/fidelius/JCredStash.java +++ b/fidelius-sdk/src/main/java/org/finra/fidelius/JCredStash.java @@ -42,7 +42,6 @@ public class JCredStash { protected KmsClient kmsClient; protected CredStashCrypto cryptoImpl; protected StsClient stsClient; - protected static List TABLE_HEADERS = Arrays.asList("name", "component", "sdlc", "contents", "version", "updatedBy", "updatedOn", "key", "hmac", "source", "sourceType"); protected JCredStash() { this.dynamoDbClient = DynamoDbClient.builder().build(); From b4e2ac780067425082451556b1433590d5806bb7 Mon Sep 17 00:00:00 2001 From: Kirik0 Date: Tue, 13 Sep 2022 06:33:02 -1000 Subject: [PATCH 10/10] Updated Maven compiler plugin --- fidelius-sdk/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fidelius-sdk/pom.xml b/fidelius-sdk/pom.xml index ba327ce..0534744 100644 --- a/fidelius-sdk/pom.xml +++ b/fidelius-sdk/pom.xml @@ -198,7 +198,7 @@ org.apache.maven.plugins maven-compiler-plugin - 3.6.1 + 3.10.1