Example 1 with AWSCredentialsProvider
use of com.amazonaws.auth.AWSCredentialsProvider in project druid by druid-io.
the class TestAWSCredentialsProvider method testWithFileSessionCredentials.
@Test
public void testWithFileSessionCredentials() throws IOException {
AWSCredentialsConfig config = EasyMock.createMock(AWSCredentialsConfig.class);
EasyMock.expect(config.getAccessKey()).andReturn("");
EasyMock.expect(config.getSecretKey()).andReturn("");
File file = folder.newFile();
PrintWriter out = new PrintWriter(file.getAbsolutePath());
out.println("sessionToken=sessionTokenSample\nsecretKey=secretKeySample\naccessKey=accessKeySample");
out.close();
EasyMock.expect(config.getFileSessionCredentials()).andReturn(file.getAbsolutePath()).atLeastOnce();
EasyMock.replay(config);
AWSCredentialsProvider provider = awsModule.getAWSCredentialsProvider(config);
AWSCredentials credentials = provider.getCredentials();
assertTrue(credentials instanceof AWSSessionCredentials);
AWSSessionCredentials sessionCredentials = (AWSSessionCredentials) credentials;
assertEquals(sessionCredentials.getAWSAccessKeyId(), "accessKeySample");
assertEquals(sessionCredentials.getAWSSecretKey(), "secretKeySample");
assertEquals(sessionCredentials.getSessionToken(), "sessionTokenSample");
// try to create
s3Module.getRestS3Service(provider);
}
Also used :
AWSSessionCredentials(com.amazonaws.auth.AWSSessionCredentials)
AWSCredentialsConfig(io.druid.common.aws.AWSCredentialsConfig)
File(java.io.File)
AWSCredentials(com.amazonaws.auth.AWSCredentials)
AWSCredentialsProvider(com.amazonaws.auth.AWSCredentialsProvider)
PrintWriter(java.io.PrintWriter)
Test(org.junit.Test)
Example 2 with AWSCredentialsProvider
use of com.amazonaws.auth.AWSCredentialsProvider in project elasticsearch by elastic.
the class AwsEc2ServiceImplTests method testAWSCredentialsWithSystemProviders.
public void testAWSCredentialsWithSystemProviders() {
AWSCredentialsProvider credentialsProvider = AwsEc2ServiceImpl.buildCredentials(logger, Settings.EMPTY);
assertThat(credentialsProvider, instanceOf(DefaultAWSCredentialsProviderChain.class));
}
Also used :
DefaultAWSCredentialsProviderChain(com.amazonaws.auth.DefaultAWSCredentialsProviderChain)
AWSCredentialsProvider(com.amazonaws.auth.AWSCredentialsProvider)
Example 3 with AWSCredentialsProvider
use of com.amazonaws.auth.AWSCredentialsProvider in project elasticsearch by elastic.
the class InternalAwsS3Service method client.
@Override
public synchronized AmazonS3 client(Settings repositorySettings, Integer maxRetries, boolean useThrottleRetries, Boolean pathStyleAccess) {
String clientName = CLIENT_NAME.get(repositorySettings);
String foundEndpoint = findEndpoint(logger, repositorySettings, settings, clientName);
AWSCredentialsProvider credentials = buildCredentials(logger, deprecationLogger, settings, repositorySettings, clientName);
Tuple<String, String> clientDescriptor = new Tuple<>(foundEndpoint, credentials.getCredentials().getAWSAccessKeyId());
AmazonS3Client client = clients.get(clientDescriptor);
if (client != null) {
return client;
}
client = new AmazonS3Client(credentials, buildConfiguration(logger, repositorySettings, settings, clientName, maxRetries, foundEndpoint, useThrottleRetries));
if (pathStyleAccess != null) {
client.setS3ClientOptions(new S3ClientOptions().withPathStyleAccess(pathStyleAccess));
}
if (!foundEndpoint.isEmpty()) {
client.setEndpoint(foundEndpoint);
}
clients.put(clientDescriptor, client);
return client;
}
Also used :
AmazonS3Client(com.amazonaws.services.s3.AmazonS3Client)
S3ClientOptions(com.amazonaws.services.s3.S3ClientOptions)
SecureString(org.elasticsearch.common.settings.SecureString)
AWSCredentialsProvider(com.amazonaws.auth.AWSCredentialsProvider)
Tuple(org.elasticsearch.common.collect.Tuple)
Example 4 with AWSCredentialsProvider
use of com.amazonaws.auth.AWSCredentialsProvider in project hadoop by apache.
the class AWSCredentialProviderList method getCredentials.
/**
* Iterate through the list of providers, to find one with credentials.
* If {@link #reuseLastProvider} is true, then it is re-used.
* @return a set of credentials (possibly anonymous), for authenticating.
*/
@Override
public AWSCredentials getCredentials() {
checkNotEmpty();
if (reuseLastProvider && lastProvider != null) {
return lastProvider.getCredentials();
}
AmazonClientException lastException = null;
for (AWSCredentialsProvider provider : providers) {
try {
AWSCredentials credentials = provider.getCredentials();
if ((credentials.getAWSAccessKeyId() != null && credentials.getAWSSecretKey() != null) || (credentials instanceof AnonymousAWSCredentials)) {
lastProvider = provider;
LOG.debug("Using credentials from {}", provider);
return credentials;
}
} catch (AmazonClientException e) {
lastException = e;
LOG.debug("No credentials provided by {}: {}", provider, e.toString(), e);
}
}
// no providers had any credentials. Rethrow the last exception
// or create a new one.
String message = "No AWS Credentials provided by " + listProviderNames();
if (lastException != null) {
message += ": " + lastException;
}
throw new AmazonClientException(message, lastException);
}
Also used :
AmazonClientException(com.amazonaws.AmazonClientException)
AnonymousAWSCredentials(com.amazonaws.auth.AnonymousAWSCredentials)
AnonymousAWSCredentials(com.amazonaws.auth.AnonymousAWSCredentials)
AWSCredentials(com.amazonaws.auth.AWSCredentials)
AWSCredentialsProvider(com.amazonaws.auth.AWSCredentialsProvider)
Example 5 with AWSCredentialsProvider
use of com.amazonaws.auth.AWSCredentialsProvider in project hadoop by apache.
the class ITestS3ATemporaryCredentials method testSTS.
/**
* Test use of STS for requesting temporary credentials.
*
* The property test.sts.endpoint can be set to point this at different
* STS endpoints. This test will use the AWS credentials (if provided) for
* S3A tests to request temporary credentials, then attempt to use those
* credentials instead.
*
* @throws IOException
*/
@Test
public void testSTS() throws IOException {
Configuration conf = getContract().getConf();
if (!conf.getBoolean(TEST_STS_ENABLED, true)) {
skip("STS functional tests disabled");
}
S3xLoginHelper.Login login = S3AUtils.getAWSAccessKeys(URI.create("s3a://foobar"), conf);
if (!login.hasLogin()) {
skip("testSTS disabled because AWS credentials not configured");
}
AWSCredentialsProvider parentCredentials = new BasicAWSCredentialsProvider(login.getUser(), login.getPassword());
String stsEndpoint = conf.getTrimmed(TEST_STS_ENDPOINT, "");
AWSSecurityTokenServiceClient stsClient;
stsClient = new AWSSecurityTokenServiceClient(parentCredentials);
if (!stsEndpoint.isEmpty()) {
LOG.debug("STS Endpoint ={}", stsEndpoint);
stsClient.setEndpoint(stsEndpoint);
}
GetSessionTokenRequest sessionTokenRequest = new GetSessionTokenRequest();
sessionTokenRequest.setDurationSeconds(900);
GetSessionTokenResult sessionTokenResult;
sessionTokenResult = stsClient.getSessionToken(sessionTokenRequest);
Credentials sessionCreds = sessionTokenResult.getCredentials();
String childAccessKey = sessionCreds.getAccessKeyId();
conf.set(ACCESS_KEY, childAccessKey);
String childSecretKey = sessionCreds.getSecretAccessKey();
conf.set(SECRET_KEY, childSecretKey);
String sessionToken = sessionCreds.getSessionToken();
conf.set(SESSION_TOKEN, sessionToken);
conf.set(AWS_CREDENTIALS_PROVIDER, PROVIDER_CLASS);
try (S3AFileSystem fs = S3ATestUtils.createTestFileSystem(conf)) {
createAndVerifyFile(fs, path("testSTS"), TEST_FILE_SIZE);
}
// now create an invalid set of credentials by changing the session
// token
conf.set(SESSION_TOKEN, "invalid-" + sessionToken);
try (S3AFileSystem fs = S3ATestUtils.createTestFileSystem(conf)) {
createAndVerifyFile(fs, path("testSTSInvalidToken"), TEST_FILE_SIZE);
fail("Expected an access exception, but file access to " + fs.getUri() + " was allowed: " + fs);
} catch (AWSS3IOException ex) {
LOG.info("Expected Exception: {}", ex.toString());
LOG.debug("Expected Exception: {}", ex, ex);
}
}
Also used :
Configuration(org.apache.hadoop.conf.Configuration)
GetSessionTokenResult(com.amazonaws.services.securitytoken.model.GetSessionTokenResult)
AWSSecurityTokenServiceClient(com.amazonaws.services.securitytoken.AWSSecurityTokenServiceClient)
S3xLoginHelper(org.apache.hadoop.fs.s3native.S3xLoginHelper)
GetSessionTokenRequest(com.amazonaws.services.securitytoken.model.GetSessionTokenRequest)
AWSCredentialsProvider(com.amazonaws.auth.AWSCredentialsProvider)
Credentials(com.amazonaws.services.securitytoken.model.Credentials)
AWSCredentials(com.amazonaws.auth.AWSCredentials)
Test(org.junit.Test)
Aggregations
AWSCredentialsProvider (com.amazonaws.auth.AWSCredentialsProvider)84
Test (org.junit.Test)42
DefaultAWSCredentialsProviderChain (com.amazonaws.auth.DefaultAWSCredentialsProviderChain)22
TestRunner (org.apache.nifi.util.TestRunner)15
AWSCredentials (com.amazonaws.auth.AWSCredentials)13
ClientConfiguration (com.amazonaws.ClientConfiguration)12
BasicAWSCredentials (com.amazonaws.auth.BasicAWSCredentials)12
AmazonS3Client (com.amazonaws.services.s3.AmazonS3Client)12
AWSStaticCredentialsProvider (com.amazonaws.auth.AWSStaticCredentialsProvider)9
PropertyDescriptor (org.apache.nifi.components.PropertyDescriptor)8
Properties (java.util.Properties)7
PrepareForTest (org.powermock.core.classloader.annotations.PrepareForTest)7
AWSCredentialsProviderChain (com.amazonaws.auth.AWSCredentialsProviderChain)6
STSAssumeRoleSessionCredentialsProvider (com.amazonaws.auth.STSAssumeRoleSessionCredentialsProvider)6
ArrayList (java.util.ArrayList)6
AnonymousAWSCredentials (com.amazonaws.auth.AnonymousAWSCredentials)5
SystemPropertiesCredentialsProvider (com.amazonaws.auth.SystemPropertiesCredentialsProvider)5
ProfileCredentialsProvider (com.amazonaws.auth.profile.ProfileCredentialsProvider)5
Region (com.amazonaws.regions.Region)5
List (java.util.List)5
