Skip to content
This repository has been archived by the owner on Jan 12, 2024. It is now read-only.

Commit

Permalink
Add an API error for when an arn entered into the dashboard is invalid
Browse files Browse the repository at this point in the history
  • Loading branch information
fieldju committed Dec 11, 2016
1 parent 8d0089b commit fe767e0
Show file tree
Hide file tree
Showing 2 changed files with 22 additions and 6 deletions.
16 changes: 11 additions & 5 deletions src/main/java/com/nike/cerberus/error/DefaultApiError.java
Original file line number Diff line number Diff line change
Expand Up @@ -141,11 +141,6 @@ public enum DefaultApiError implements ApiError {
*/
SDB_OWNER_TOO_LONG(99214, "Owner may not exceed 255 characters.", HttpServletResponse.SC_BAD_REQUEST),

/**
* SDB has too many owners
*/
SDB_TOO_MANY_OWNERS(99221, "The SDB has more than one owners!", HttpServletResponse.SC_INTERNAL_SERVER_ERROR),

/**
* The AWS region specified is invalid.
*/
Expand Down Expand Up @@ -176,11 +171,22 @@ public enum DefaultApiError implements ApiError {
*/
SDB_OWNER_IN_USER_GROUP_PERMS(99220, "The owner can not be included in the user group permissions.", HttpServletResponse.SC_BAD_REQUEST),

/**
* SDB has too many owners
*/
SDB_TOO_MANY_OWNERS(99221, "The SDB has more than one owners!", HttpServletResponse.SC_INTERNAL_SERVER_ERROR),

/**
* Authentication error for when a user attempts to login and MFA is required but not setup on their account.
*/
MFA_SETUP_REQUIRED(99222, "MFA is required but the user has not set up any factors.", HttpServletResponse.SC_BAD_REQUEST),


/**
* The IAM Role + Region don't have a KMS key provisioned to encrypt the auth response.
*/
AUTH_IAM_ROLE_REJECTED(99223, "KMS rejected the IAM Role ARN with an InvalidArnException.", HttpServletResponse.SC_INTERNAL_SERVER_ERROR),

/**
* Generic not found error.
*/
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,7 @@
import com.amazonaws.services.kms.AWSKMSClient;
import com.amazonaws.services.kms.model.EncryptRequest;
import com.amazonaws.services.kms.model.EncryptResult;
import com.amazonaws.services.kms.model.InvalidArnException;
import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.google.common.collect.Maps;
Expand Down Expand Up @@ -155,7 +156,16 @@ public AuthResponse mfaCheck(final MfaCheckRequest mfaCheckRequest) {
* @return Encrypted auth response
*/
public IamRoleAuthResponse authenticate(IamRoleCredentials credentials) {
final String keyId = getKeyId(credentials);
final String keyId;
try {
keyId = getKeyId(credentials);
} catch (InvalidArnException e) {
throw ApiException.newBuilder()
.withApiErrors(DefaultApiError.AUTH_IAM_ROLE_REJECTED)
.withExceptionCause(e)
.withExceptionMessage("Failed to lazily provision KMS key for arn:aws:iam::%s:role/%s in region: %s")
.build();
}

final Set<String> policies = buildPolicySet(credentials.getAccountId(), credentials.getRoleName());

Expand Down

0 comments on commit fe767e0

Please sign in to comment.