@Override public int hashCode() { final int prime = 31; int hashCode = 1; hashCode = prime * hashCode + ((getUserName() == null) ? 0 : getUserName().hashCode()); hashCode = prime * hashCode + ((getAccessKeyId() == null) ? 0 : getAccessKeyId().hashCode()); hashCode = prime * hashCode + ((getStatus() == null) ? 0 : getStatus().hashCode()); hashCode = prime * hashCode + ((getCreateDate() == null) ? 0 : getCreateDate().hashCode()); return hashCode; }
public AccessKeyMetadata unmarshall(StaxUnmarshallerContext context) throws Exception { AccessKeyMetadata accessKeyMetadata = new AccessKeyMetadata(); int originalDepth = context.getCurrentDepth(); int targetDepth = originalDepth + 1; accessKeyMetadata.setUserName(StringStaxUnmarshaller.getInstance().unmarshall(context)); continue; accessKeyMetadata.setAccessKeyId(StringStaxUnmarshaller.getInstance().unmarshall(context)); continue; accessKeyMetadata.setStatus(StringStaxUnmarshaller.getInstance().unmarshall(context)); continue; accessKeyMetadata.setCreateDate(DateStaxUnmarshallerFactory.getInstance("iso8601").unmarshall(context)); continue;
private Map<?, ?> metaMap(final AccessKeyMetadata accessKey) { return ImmutableMap.builder() .put("access_key_id", accessKey.getAccessKeyId()) .put("user_name", accessKey.getUserName()) .put("access_key_created", accessKey.getCreateDate()) .build(); } }
private List<AccessKeyMetadata> verifyAwsKeys(String username, UserInfo userInfo) { userInfo.getKeys().clear(); try { List<AccessKeyMetadata> keys = awsUserDAO.getAwsAccessKeys(username); if (keys == null || keys.isEmpty() || keys.stream().noneMatch(k -> "Active".equalsIgnoreCase(k.getStatus()))) { throw new DlabException("Cannot get aws access key for user " + username); } keys.forEach(e -> userInfo.addKey(e.getAccessKeyId(), e.getStatus())); return keys; } catch (RuntimeException e) { throw new DlabException("Please contact AWS administrator to activate your Access Key", e); } } }
else if(latestKey.getCreateDate().before(meta.getCreateDate())) int age = (int)Math.ceil((System.currentTimeMillis() - latestKey.getCreateDate().getTime()) / (1000.0*60*60*24)); log_.info("Deleting access key " + meta.getAccessKeyId() + " created on " + meta.getCreateDate()); .withAccessKeyId(meta.getAccessKeyId()) .withUserName(userName) ); log_.error("Failed to delete access key " + meta.getAccessKeyId() + " created on " + meta.getCreateDate(), e);
private Map<String, String> getAccessMap( List<AccessKeyMetadata> accessKeyMetadatas, String userId) { Map<String, String> accessMap = new HashMap<>(); for (AccessKeyMetadata keyMetadata : accessKeyMetadatas) { if (keyMetadata.getAccessKeyId() != null) { accessMap.put(keyMetadata.getAccessKeyId(), userId); } } return accessMap; }
/** * This utility method is for calculating the duration between last rotation and current date * Returns true, if rotation exceeds 90 days. * Returns false otherwise. * * @param accessKeyMetadatas * @return boolean */ private boolean anyAccessKeysNotRotatedForLong(List<AccessKeyMetadata> accessKeyMetadatas) { Boolean keyNotRotated = Boolean.FALSE; for(AccessKeyMetadata accessKeyMetadata : accessKeyMetadatas){ //Skip the inactive keys if(accessKeyMetadata.getStatus().equals(StatusType.Inactive.toString())){ continue; } Date keyCreationDate = accessKeyMetadata.getCreateDate(); DateTime creationDate = new DateTime(keyCreationDate); DateTime currentDate = new DateTime(); if(Days.daysBetween(creationDate, currentDate).getDays() > PacmanRuleConstants.ACCESSKEY_ROTATION_DURATION){ keyNotRotated = Boolean.TRUE; } } return keyNotRotated; }
void writeViolation(final String accountId, final AccessKeyMetadata accessKey) { log.info("Found user {} with expired access key {} in account {}", accessKey.getUserName(), accessKey.getAccessKeyId(), accountId); violationSink.put( new ViolationBuilder() .withAccountId(accountId) .withRegion(NoPasswordViolationWriter.NO_REGION) .withEventId("check-access-key_" + accessKey.getAccessKeyId()) .withType(ACTIVE_KEY_TOO_OLD) .withPluginFullyQualifiedClassName(KeyRotationJob.class) .withMetaInfo(metaMap(accessKey)) .build()); }
private static Predicate<AccessKeyMetadata> activity(final String value) { return t -> value.equals(t.getStatus()); }
private static Predicate<AccessKeyMetadata> withDaysOlderThan(final int days) { return t -> (t.getCreateDate().getTime() < LocalDate.now().minusDays(days).toDate().getTime()); }
public static void awsKeys(UserInfoBuilder b, List<AccessKeyMetadata> keyMetadata) { LOG.debug("AWS Keys {}",keyMetadata); LongAdder counter = new LongAdder(); if(keyMetadata != null) { keyMetadata.forEach(k -> { String key = k.getAccessKeyId(); String status = k.getStatus(); if ("Active".equalsIgnoreCase(status)) { counter.increment(); } b.userInfo.addKey(key, status); }); } if( counter.intValue() == 0 ) { b.awsKeyError = new RuntimeException("Please contact AWS administrator to activate your Access Key"); } b.setMask( AWS_KEYS ); }
log.debug(String.format("Delete access key %s for user %s", key, username)); client.deleteAccessKey(new DeleteAccessKeyRequest(username, key.getAccessKeyId()));
@Override public boolean equals(Object obj) { if (this == obj) return true; if (obj == null) return false; if (obj instanceof AccessKeyMetadata == false) return false; AccessKeyMetadata other = (AccessKeyMetadata) obj; if (other.getUserName() == null ^ this.getUserName() == null) return false; if (other.getUserName() != null && other.getUserName().equals(this.getUserName()) == false) return false; if (other.getAccessKeyId() == null ^ this.getAccessKeyId() == null) return false; if (other.getAccessKeyId() != null && other.getAccessKeyId().equals(this.getAccessKeyId()) == false) return false; if (other.getStatus() == null ^ this.getStatus() == null) return false; if (other.getStatus() != null && other.getStatus().equals(this.getStatus()) == false) return false; if (other.getCreateDate() == null ^ this.getCreateDate() == null) return false; if (other.getCreateDate() != null && other.getCreateDate().equals(this.getCreateDate()) == false) return false; return true; }
if(!CollectionUtils.isEmpty(accessKeys)){ accessKeys.stream().forEach(accesskeyInfo -> { GetAccessKeyLastUsedResult accessKeyLastUsedResult = iamClient.getAccessKeyLastUsed(new GetAccessKeyLastUsedRequest().withAccessKeyId(accesskeyInfo.getAccessKeyId())); AccessKeyMetadataVH accessKeyVH = new AccessKeyMetadataVH(accesskeyInfo); accessKeysTemp.add(accessKeyVH);
public AccessKeyMetadata unmarshall(StaxUnmarshallerContext context) throws Exception { AccessKeyMetadata accessKeyMetadata = new AccessKeyMetadata(); int originalDepth = context.getCurrentDepth(); int targetDepth = originalDepth + 1; accessKeyMetadata.setUserName(StringStaxUnmarshaller.getInstance().unmarshall(context)); continue; accessKeyMetadata.setAccessKeyId(StringStaxUnmarshaller.getInstance().unmarshall(context)); continue; accessKeyMetadata.setStatus(StringStaxUnmarshaller.getInstance().unmarshall(context)); continue; accessKeyMetadata.setCreateDate(DateStaxUnmarshallerFactory.getInstance("iso8601").unmarshall(context)); continue;
/** * Returns a string representation of this object. This is useful for testing and debugging. Sensitive data will be * redacted from this string using a placeholder value. * * @return A string representation of this object. * * @see java.lang.Object#toString() */ @Override public String toString() { StringBuilder sb = new StringBuilder(); sb.append("{"); if (getUserName() != null) sb.append("UserName: ").append(getUserName()).append(","); if (getAccessKeyId() != null) sb.append("AccessKeyId: ").append(getAccessKeyId()).append(","); if (getStatus() != null) sb.append("Status: ").append(getStatus()).append(","); if (getCreateDate() != null) sb.append("CreateDate: ").append(getCreateDate()); sb.append("}"); return sb.toString(); }
@Override public int hashCode() { final int prime = 31; int hashCode = 1; hashCode = prime * hashCode + ((getUserName() == null) ? 0 : getUserName().hashCode()); hashCode = prime * hashCode + ((getAccessKeyId() == null) ? 0 : getAccessKeyId().hashCode()); hashCode = prime * hashCode + ((getStatus() == null) ? 0 : getStatus().hashCode()); hashCode = prime * hashCode + ((getCreateDate() == null) ? 0 : getCreateDate().hashCode()); return hashCode; }
@Override public boolean equals(Object obj) { if (this == obj) return true; if (obj == null) return false; if (obj instanceof AccessKeyMetadata == false) return false; AccessKeyMetadata other = (AccessKeyMetadata) obj; if (other.getUserName() == null ^ this.getUserName() == null) return false; if (other.getUserName() != null && other.getUserName().equals(this.getUserName()) == false) return false; if (other.getAccessKeyId() == null ^ this.getAccessKeyId() == null) return false; if (other.getAccessKeyId() != null && other.getAccessKeyId().equals(this.getAccessKeyId()) == false) return false; if (other.getStatus() == null ^ this.getStatus() == null) return false; if (other.getStatus() != null && other.getStatus().equals(this.getStatus()) == false) return false; if (other.getCreateDate() == null ^ this.getCreateDate() == null) return false; if (other.getCreateDate() != null && other.getCreateDate().equals(this.getCreateDate()) == false) return false; return true; }
/** * Instantiates a new access key metadata VH. * * @param access the access */ public AccessKeyMetadataVH(AccessKeyMetadata access){ this.setAccessKeyId(access.getAccessKeyId()); this.setCreateDate(access.getCreateDate()); this.setUserName(access.getUserName()); this.setStatus(access.getStatus()); }
/** * Returns a string representation of this object. This is useful for testing and debugging. Sensitive data will be * redacted from this string using a placeholder value. * * @return A string representation of this object. * * @see java.lang.Object#toString() */ @Override public String toString() { StringBuilder sb = new StringBuilder(); sb.append("{"); if (getUserName() != null) sb.append("UserName: ").append(getUserName()).append(","); if (getAccessKeyId() != null) sb.append("AccessKeyId: ").append(getAccessKeyId()).append(","); if (getStatus() != null) sb.append("Status: ").append(getStatus()).append(","); if (getCreateDate() != null) sb.append("CreateDate: ").append(getCreateDate()); sb.append("}"); return sb.toString(); }