com.amazonaws.services.securitytoken.model.AWSSecurityTokenServiceException Java Examples

The following examples show how to use com.amazonaws.services.securitytoken.model.AWSSecurityTokenServiceException. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: AwsIamConnector.java    From titus-control-plane with Apache License 2.0 5 votes vote down vote up 
@Override
public Mono<Void> canAgentAssume(String iamRoleName) {
    return Mono.defer(() -> {
        long startTime = registry.clock().wallTime();

        // Check cache first
        Either<Boolean, Throwable> lastCheck = canAssumeCache.getIfPresent(iamRoleName);
        if (lastCheck != null) {
            return lastCheck.hasValue() ? Mono.empty() : Mono.error(lastCheck.getError());
        }

        // Must call AWS STS service
        return AwsReactorExt
                .<AssumeRoleRequest, AssumeRoleResult>toMono(
                        () -> new AssumeRoleRequest()
                                .withRoleSessionName("titusIamRoleValidation")
                                .withRoleArn(iamRoleName)
                                .withDurationSeconds(MIN_ASSUMED_ROLE_DURATION_SEC),
                        stsAgentClient::assumeRoleAsync
                )
                .flatMap(response -> {
                    logger.debug("Assumed into: {}", iamRoleName);
                    canAssumeCache.put(iamRoleName, Either.ofValue(true));
                    connectorMetrics.success(IamConnectorMetrics.IamMethods.CanAgentAssume, startTime);
                    return Mono.<Void>empty();
                })
                .onErrorMap(error -> {
                    logger.debug("Error: {}", error.getMessage());
                    connectorMetrics.failure(IamConnectorMetrics.IamMethods.CanAgentAssume, error, startTime);

                    String errorCode = ((AWSSecurityTokenServiceException) error).getErrorCode();
                    if ("AccessDenied".equals(errorCode)) {
                        // STS service returns access denied error with no additional clues. To get more insight we
                        // would have to make a call to IAM service, but this would require access to all client accounts.
                        IamConnectorException cannotAssumeError = IamConnectorException.iamRoleCannotAssume(iamRoleName, configuration.getDataPlaneAgentRoleArn());
                        canAssumeCache.put(iamRoleName, Either.ofError(cannotAssumeError));
                        return cannotAssumeError;
                    }
                    return IamConnectorException.iamRoleUnexpectedError(iamRoleName, error.getMessage());
                });
    });
}
Example #2
Source File: JobExceptionHandlerImpl.java    From fullstop with Apache License 2.0 5 votes vote down vote up 
@Override
public void onException(Exception e, Map<String, String> context) {
    if (e instanceof AmazonServiceException) {
        final AmazonServiceException a = (AmazonServiceException) e;
        if (a.getErrorCode().equals("RequestLimitExceeded")) {
            logWarn("RequestLimitExceeded", context);
        } else if (a instanceof AWSSecurityTokenServiceException) {
            logWarn(a.toString(), context);
        } else {
            logError(a, context);
        }
    } else {
        logError(e, context);
    }
}
Example #3
Source File: JobExceptionHandlerImplTest.java    From fullstop with Apache License 2.0 4 votes vote down vote up 
@Test
public void onStsException() throws Exception {
    final AmazonServiceException  exception = new AWSSecurityTokenServiceException("bla");
    exception.setErrorCode("SomethingElse");
    jobExceptionHandler.onException(exception, ImmutableMap.of("aws_account", "111222333444"));
}