Package io.fathom.cloud.compute.services

Source Code of io.fathom.cloud.compute.services.Ec2DatacenterManager$CredentialsProvider

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
package io.fathom.cloud.compute.services;

import io.fathom.cloud.compute.scheduler.SchedulerHost;
import io.fathom.cloud.protobuf.CloudModel.HostData;
import io.fathom.cloud.protobuf.CloudModel.HostGroupData;
import io.fathom.cloud.protobuf.CloudModel.HostGroupSecretData;
import io.fathom.cloud.protobuf.CloudModel.HostGroupType;

import java.io.IOException;
import java.net.URI;
import java.text.ParseException;
import java.util.Date;

import com.amazonaws.AmazonClientException;
import com.amazonaws.auth.AWSCredentials;
import com.amazonaws.auth.BasicAWSCredentials;
import com.amazonaws.auth.BasicSessionCredentials;
import com.amazonaws.auth.InstanceProfileCredentialsProvider;
import com.amazonaws.internal.EC2MetadataClient;
import com.amazonaws.services.ec2.AmazonEC2Client;
import com.amazonaws.util.DateUtils;
import com.amazonaws.util.json.JSONException;
import com.amazonaws.util.json.JSONObject;
import com.google.common.base.Strings;

public class Ec2DatacenterManager implements DatacenterManager {

    final HostGroupData hostGroupData;
    AmazonEC2Client ec2Client;

    public Ec2DatacenterManager(HostGroupData hostGroupData, HostGroupSecretData secretData) {
        this.hostGroupData = hostGroupData;

        if (hostGroupData.getHostGroupType() != HostGroupType.HOST_GROUP_TYPE_AMAZON_EC2) {
            throw new IllegalStateException();
        }

        if (secretData.hasUsername()) {
            String accessKey = secretData.getUsername();
            String secretKey = secretData.getPassword();
            AWSCredentials awsCredentials = new BasicAWSCredentials(accessKey, secretKey);
            ec2Client = new AmazonEC2Client(awsCredentials);
        }
    }

    public AmazonEC2Client getEc2Client(SchedulerHost host) {
        if (this.ec2Client != null) {
            return this.ec2Client;
        }

        CredentialsProvider credentialsProvider = new CredentialsProvider(host);
        AmazonEC2Client ec2Client = new AmazonEC2Client(credentialsProvider);
        return ec2Client;
    }

    /**
     * Borrowed from AWS SDK (Apache licensed)
     * InstanceProfileCredentialsProvider
     */
    class CredentialsProvider extends InstanceProfileCredentialsProvider {
        private final SchedulerHost host;

        protected volatile AWSCredentials credentials;
        protected volatile Date credentialsExpiration;

        public CredentialsProvider(SchedulerHost host) {
            this.host = host;
        }

        @Override
        public AWSCredentials getCredentials() {
            if (needsToLoadCredentials()) {
                loadCredentials();
            }
            if (expired()) {
                throw new AmazonClientException(
                        "The credentials received from the Amazon EC2 metadata service have expired");
            }

            return credentials;
        }

        private boolean expired() {
            if (credentialsExpiration != null) {
                if (credentialsExpiration.getTime() < System.currentTimeMillis()) {
                    return true;
                }
            }

            return false;
        }

        private synchronized void loadCredentials() {
            if (needsToLoadCredentials()) {
                try {
                    // String credentialsResponse = new
                    // EC2MetadataClient().getDefaultCredentials();
                    String credentialsResponse = getDefaultCredentials();

                    JSONObject jsonObject = new JSONObject(credentialsResponse);

                    if (jsonObject.has("Token")) {
                        credentials = new BasicSessionCredentials(jsonObject.getString("AccessKeyId"),
                                jsonObject.getString("SecretAccessKey"), jsonObject.getString("Token"));
                    } else {
                        credentials = new BasicAWSCredentials(jsonObject.getString("AccessKeyId"),
                                jsonObject.getString("SecretAccessKey"));
                    }

                    if (jsonObject.has("Expiration")) {
                        /*
                         * TODO: The expiration string comes in a different
                         * format than what we deal with in other parts of the
                         * SDK, so we have to convert it to the ISO8601 syntax
                         * we expect.
                         */
                        String expiration = jsonObject.getString("Expiration");
                        expiration = expiration.replaceAll("\\+0000$", "Z");

                        credentialsExpiration = new DateUtils().parseIso8601Date(expiration);
                    }
                } catch (IOException e) {
                    throw new AmazonClientException("Unable to load credentials from Amazon EC2 metadata service", e);
                } catch (JSONException e) {
                    throw new AmazonClientException("Unable to parse credentials from Amazon EC2 metadata service", e);
                } catch (ParseException e) {
                    throw new AmazonClientException(
                            "Unable to parse credentials expiration date from Amazon EC2 metadata service", e);
                }
            }

        }

        private String getDefaultCredentials() throws IOException {
            String securityCredentialsList = readResource(EC2MetadataClient.SECURITY_CREDENTIALS_RESOURCE);

            securityCredentialsList = securityCredentialsList.trim();
            String[] securityCredentials = securityCredentialsList.split("\n");
            if (securityCredentials.length == 0) {
                return null;
            }

            String securityCredentialsName = securityCredentials[0];

            return readResource(EC2MetadataClient.SECURITY_CREDENTIALS_RESOURCE + securityCredentialsName);
        }

        private String readResource(String resourcePath) throws IOException {
            String url = "http://169.254.169.254" + resourcePath;

            URI uri = URI.create(url);
            return host.fetchUrl(uri);
        }
    }

    public String findHost(SchedulerHost host) {
        HostData hostData = host.getHostData();
        if (hostData.getHostGroup() != hostGroupData.getId()) {
            throw new IllegalStateException();
        }

        String providerId = hostData.getProviderId();
        if (Strings.isNullOrEmpty(providerId)) {
            throw new IllegalStateException();
        }

        return providerId;
    }

}
TOP

Related Classes of io.fathom.cloud.compute.services.Ec2DatacenterManager$CredentialsProvider

  • com.amazonaws.auth.AWSCredentials
  • com.amazonaws.auth.BasicAWSCredentials
  • com.amazonaws.auth.BasicSessionCredentials
  • com.amazonaws.services.ec2.AmazonEC2Client
  • com.amazonaws.util.DateUtils
  • com.amazonaws.util.json.JSONObject
  • io.fathom.cloud.compute.actions.network.Ec2VirtualIpMapper
  • io.fathom.cloud.compute.scheduler.InstanceScheduler
  • io.fathom.cloud.protobuf.CloudModel.HostData
  • java.net.URI
    • TOP
    Copyright © 2018 www.massapi.com. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.