package de.widdix.awsec2ssh;
import com.amazonaws.auth.*;
import com.amazonaws.services.ec2.AmazonEC2;
import com.amazonaws.services.ec2.AmazonEC2ClientBuilder;
import com.amazonaws.services.ec2.model.*;
import com.amazonaws.services.identitymanagement.AmazonIdentityManagement;
import com.amazonaws.services.identitymanagement.AmazonIdentityManagementClientBuilder;
import com.amazonaws.services.identitymanagement.model.*;
import com.amazonaws.services.securitytoken.AWSSecurityTokenService;
import com.amazonaws.services.securitytoken.AWSSecurityTokenServiceClientBuilder;
import com.jcraft.jsch.JSch;
import com.jcraft.jsch.JSchException;
import com.jcraft.jsch.KeyPair;
import java.io.ByteArrayOutputStream;
import java.util.List;
import java.util.UUID;
public abstract class AAWSTest extends ATest {
public final static String IAM_SESSION_NAME = "aws-ec2-ssh";
protected final AWSCredentialsProvider credentialsProvider;
private AmazonEC2 ec2;
private AmazonIdentityManagement iam;
public AAWSTest() {
super();
if (Config.has(Config.Key.IAM_ROLE_ARN)) {
final AWSSecurityTokenService sts = AWSSecurityTokenServiceClientBuilder.standard().withCredentials(new DefaultAWSCredentialsProviderChain()).build();
this.credentialsProvider = new STSAssumeRoleSessionCredentialsProvider.Builder(Config.get(Config.Key.IAM_ROLE_ARN), IAM_SESSION_NAME).withStsClient(sts).build();
} else {
this.credentialsProvider = new DefaultAWSCredentialsProviderChain();
}
this.ec2 = AmazonEC2ClientBuilder.standard().withCredentials(this.credentialsProvider).build();
this.iam = AmazonIdentityManagementClientBuilder.standard().withCredentials(this.credentialsProvider).build();
}
protected final User createUser(final String userName) throws JSchException {
final JSch jsch = new JSch();
final KeyPair keyPair = KeyPair.genKeyPair(jsch, KeyPair.RSA, 2048);
final ByteArrayOutputStream osPublicKey = new ByteArrayOutputStream();
final ByteArrayOutputStream osPrivateKey = new ByteArrayOutputStream();
keyPair.writePublicKey(osPublicKey, userName);
keyPair.writePrivateKey(osPrivateKey);
final byte[] sshPrivateKeyBlob = osPrivateKey.toByteArray();
final String sshPublicKeyBody = osPublicKey.toString();
this.iam.createUser(new CreateUserRequest().withUserName(userName));
final UploadSSHPublicKeyResult res = this.iam.uploadSSHPublicKey(new UploadSSHPublicKeyRequest().withUserName(userName).withSSHPublicKeyBody(sshPublicKeyBody));
return new User(userName, sshPrivateKeyBlob, res.getSSHPublicKey().getSSHPublicKeyId());
}
protected final void deleteUser(final String userName) {
if (Config.get(Config.Key.DELETION_POLICY).equals("delete")) {
final ListSSHPublicKeysResult res = this.iam.listSSHPublicKeys(new ListSSHPublicKeysRequest().withUserName(userName));
this.iam.deleteSSHPublicKey(new DeleteSSHPublicKeyRequest().withUserName(userName).withSSHPublicKeyId(res.getSSHPublicKeys().get(0).getSSHPublicKeyId()));
this.iam.deleteUser(new DeleteUserRequest().withUserName(userName));
}
}
protected final Vpc getDefaultVPC() {
final DescribeVpcsResult res = this.ec2.describeVpcs(new DescribeVpcsRequest().withFilters(new Filter().withName("isDefault").withValues("true")));
return res.getVpcs().get(0);
}
protected final List<Subnet> getDefaultSubnets() {
final DescribeSubnetsResult res = this.ec2.describeSubnets(new DescribeSubnetsRequest().withFilters(new Filter().withName("defaultForAz").withValues("true")));
return res.getSubnets();
}
protected final SecurityGroup getDefaultSecurityGroup() {
final Vpc vpc = this.getDefaultVPC();
final DescribeSecurityGroupsResult res = this.ec2.describeSecurityGroups(new DescribeSecurityGroupsRequest().withFilters(
new Filter().withName("vpc-id").withValues(vpc.getVpcId()),
new Filter().withName("group-name").withValues("default")
));
return res.getSecurityGroups().get(0);
}
protected final String random8String() {
final String uuid = UUID.randomUUID().toString().replace("-", "").toLowerCase();
final int beginIndex = (int) (Math.random() * (uuid.length() - 7));
final int endIndex = beginIndex + 7;
return "r" + uuid.substring(beginIndex, endIndex); // must begin [a-z]
}
}
