Examples with Credentials com.aliyuncs.sts.model.v20150401.AssumeRoleResponse.Credentials used on opensource projects

Example 1 with Credentials

use of com.aliyuncs.sts.model.v20150401.AssumeRoleResponse.Credentials in project fc-java-sdk by aliyun.

the class FunctionComputeClientTest method overrideFCClient.

public FunctionComputeClient overrideFCClient(boolean useSts, boolean useHttps) throws com.aliyuncs.exceptions.ClientException {
    if (useSts) {
        Credentials creds = getAssumeRoleCredentials(null);
        FunctionComputeClient fcClient = new FunctionComputeClient(new Config(REGION, ACCOUNT_ID, creds.getAccessKeyId(), creds.getAccessKeySecret(), creds.getSecurityToken(), useHttps));
        if (!Strings.isNullOrEmpty(ENDPOINT)) {
            fcClient.setEndpoint(ENDPOINT);
        }
        return fcClient;
    }
    return new FunctionComputeClient(new Config(REGION, ACCOUNT_ID, ACCESS_KEY, SECRET_KEY, null, useHttps));
}

Example 2 with Credentials

use of com.aliyuncs.sts.model.v20150401.AssumeRoleResponse.Credentials in project fc-java-sdk by aliyun.

the class FunctionComputeClientTest method getAssumeRoleCredentials.

private Credentials getAssumeRoleCredentials(String policy) throws com.aliyuncs.exceptions.ClientException {
    IClientProfile profile = DefaultProfile.getProfile(REGION, ACCESS_KEY, SECRET_KEY);
    // DefaultProfile.addEndpoint("sts.us-west-1.aliyuncs.com", "us-west-1", "Sts", "sts.us-west-1.aliyuncs.com");
    DefaultAcsClient client = new DefaultAcsClient(profile);
    AssumeRoleRequest request = new AssumeRoleRequest();
    request.setVersion(STS_API_VERSION);
    request.setMethod(MethodType.POST);
    request.setProtocol(ProtocolType.HTTPS);
    request.setRoleArn(STS_ROLE);
    request.setRoleSessionName("test-session");
    if (policy != null) {
        request.setPolicy(policy);
    }
    AssumeRoleResponse stsResponse;
    try {
        stsResponse = client.getAcsResponse(request);
    } catch (com.aliyuncs.exceptions.ClientException e) {
        throw new RuntimeException(e);
    }
    String accessKey = stsResponse.getCredentials().getAccessKeyId();
    String secretKey = stsResponse.getCredentials().getAccessKeySecret();
    String stsToken = stsResponse.getCredentials().getSecurityToken();
    assertNotNull(accessKey);
    assertNotNull(secretKey);
    assertNotNull(stsToken);
    return stsResponse.getCredentials();
}

Example 3 with Credentials

use of com.aliyuncs.sts.model.v20150401.AssumeRoleResponse.Credentials in project fc-java-sdk by aliyun.

the class FunctionComputeClientTest method testCreateServiceStsTokenNoPassRole.

@Test
public void testCreateServiceStsTokenNoPassRole() throws com.aliyuncs.exceptions.ClientException {
    // Use a policy that does not have ram:PassRole, this policy will intersect with the role policy
    // Access denied is expected if using STS without PassRole allowed
    // Policy intersection doc: https://help.aliyun.com/document_detail/31935.html
    String policy = "{\"Version\": \"1\",\"Statement\": [{\"Effect\": \"Allow\",\"Action\": [\"fc:*\"],\"Resource\": [\"*\"]}]}";
    Credentials creds = getAssumeRoleCredentials(policy);
    client = new FunctionComputeClient(new Config(REGION, ACCOUNT_ID, creds.getAccessKeyId(), creds.getAccessKeySecret(), creds.getSecurityToken(), false));
    try {
        createService(SERVICE_NAME);
        fail("ClientException is expected");
    } catch (ClientException e) {
        assertTrue(e.getErrorMessage(), e.getErrorMessage().contains("the caller is not authorized to perform 'ram:PassRole'"));
    }
}