Search in sources :

Example 11 with BasicSessionCredentials

use of com.amazonaws.auth.BasicSessionCredentials in project athenz by yahoo.

the class CloudStoreTest method testGetS3Client.

@Test
public void testGetS3Client() {
    System.setProperty(ZTS_PROP_AWS_PUBLIC_CERT, "src/test/resources/aws_public.crt");
    CloudStore store = new CloudStore();
    store.credentials = new BasicSessionCredentials("accessKey", "secretKey", "token");
    store.awsEnabled = true;
    store.awsRegion = "us-west-2";
    assertNotNull(store.getS3Client());
    assertNotNull(store.getS3Client());
    store.close();
}
Also used : BasicSessionCredentials(com.amazonaws.auth.BasicSessionCredentials) Test(org.testng.annotations.Test)

Example 12 with BasicSessionCredentials

use of com.amazonaws.auth.BasicSessionCredentials in project athenz by yahoo.

the class CloudStore method fetchRoleCredentials.

boolean fetchRoleCredentials() {
    if (awsRole == null || awsRole.isEmpty()) {
        LOGGER.error("CloudStore: awsRole is not available to fetch role credentials");
        return false;
    }
    final String creds = getMetaData("/meta-data/iam/security-credentials/" + awsRole);
    if (creds == null) {
        return false;
    }
    Struct credsStruct = JSON.fromString(creds, Struct.class);
    if (credsStruct == null) {
        LOGGER.error("CloudStore: unable to parse role credentials data: {}", creds);
        return false;
    }
    String accessKeyId = credsStruct.getString("AccessKeyId");
    String secretAccessKey = credsStruct.getString("SecretAccessKey");
    String token = credsStruct.getString("Token");
    credentials = new BasicSessionCredentials(accessKeyId, secretAccessKey, token);
    return true;
}
Also used : BasicSessionCredentials(com.amazonaws.auth.BasicSessionCredentials) Struct(com.yahoo.rdl.Struct)

Example 13 with BasicSessionCredentials

use of com.amazonaws.auth.BasicSessionCredentials in project gradle-s3-build-cache by myniva.

the class AwsS3BuildCacheServiceFactory method createS3Client.

private AmazonS3 createS3Client(AwsS3BuildCache config) {
    AmazonS3 s3;
    try {
        AmazonS3ClientBuilder s3Builder = AmazonS3ClientBuilder.standard();
        if (!isNullOrEmpty(config.getAwsAccessKeyId()) && !isNullOrEmpty(config.getAwsSecretKey()) && !isNullOrEmpty(config.getSessionToken())) {
            s3Builder.withCredentials(new AWSStaticCredentialsProvider(new BasicSessionCredentials(config.getAwsAccessKeyId(), config.getAwsSecretKey(), config.getSessionToken())));
        } else if (!isNullOrEmpty(config.getAwsAccessKeyId()) && !isNullOrEmpty(config.getAwsSecretKey())) {
            s3Builder.withCredentials(new AWSStaticCredentialsProvider(new BasicAWSCredentials(config.getAwsAccessKeyId(), config.getAwsSecretKey())));
        }
        addHttpHeaders(s3Builder, config);
        if (isNullOrEmpty(config.getEndpoint())) {
            s3Builder.withRegion(config.getRegion());
        } else {
            s3Builder.withEndpointConfiguration(new AwsClientBuilder.EndpointConfiguration(config.getEndpoint(), config.getRegion()));
        }
        s3 = s3Builder.build();
    } catch (SdkClientException e) {
        logger.debug("Error while building AWS S3 client: {}", e.getMessage());
        throw new GradleException("Creation of S3 build cache failed; cannot create S3 client", e);
    }
    return s3;
}
Also used : AmazonS3(com.amazonaws.services.s3.AmazonS3) AWSStaticCredentialsProvider(com.amazonaws.auth.AWSStaticCredentialsProvider) BasicSessionCredentials(com.amazonaws.auth.BasicSessionCredentials) SdkClientException(com.amazonaws.SdkClientException) AmazonS3ClientBuilder(com.amazonaws.services.s3.AmazonS3ClientBuilder) GradleException(org.gradle.api.GradleException) AwsClientBuilder(com.amazonaws.client.builder.AwsClientBuilder) BasicAWSCredentials(com.amazonaws.auth.BasicAWSCredentials)

Example 14 with BasicSessionCredentials

use of com.amazonaws.auth.BasicSessionCredentials in project herd by FINRAOS.

the class S3DaoImpl method getAmazonS3.

/**
 * Gets a new S3 client based on the specified parameters. The HTTP proxy information will be added if the host and port are specified in the parameters.
 *
 * @param params the parameters.
 *
 * @return the Amazon S3 client.
 */
private AmazonS3Client getAmazonS3(S3FileTransferRequestParamsDto params) {
    AmazonS3Client amazonS3Client;
    ClientConfiguration clientConfiguration = new ClientConfiguration().withRetryPolicy(retryPolicyFactory.getRetryPolicy());
    // Set the proxy configuration, if proxy is specified.
    if (StringUtils.isNotBlank(params.getHttpProxyHost()) && params.getHttpProxyPort() != null) {
        clientConfiguration.setProxyHost(params.getHttpProxyHost());
        clientConfiguration.setProxyPort(params.getHttpProxyPort());
    }
    // Sign all S3 API's with V4 signing.
    // AmazonS3Client.upgradeToSigV4 already has some scenarios where it will "upgrade" the signing approach to use V4 if not already present (e.g.
    // GetObjectRequest and KMS PutObjectRequest), but setting it here (especially when KMS is used) will ensure it isn't missed when required (e.g.
    // copying objects between KMS encrypted buckets). Otherwise, AWS will return a bad request error and retry which isn't desirable.
    clientConfiguration.setSignerOverride(SIGNER_OVERRIDE_V4);
    // Set the optional socket timeout, if configured.
    if (params.getSocketTimeout() != null) {
        clientConfiguration.setSocketTimeout(params.getSocketTimeout());
    }
    // Create an S3 client using passed in credentials and HTTP proxy information.
    if (StringUtils.isNotBlank(params.getAwsAccessKeyId()) && StringUtils.isNotBlank(params.getAwsSecretKey()) && StringUtils.isNotBlank(params.getSessionToken())) {
        // Create an S3 client using basic session credentials.
        amazonS3Client = new AmazonS3Client(new BasicSessionCredentials(params.getAwsAccessKeyId(), params.getAwsSecretKey(), params.getSessionToken()), clientConfiguration);
    } else {
        // Create an S3 client using AWS credentials provider.
        amazonS3Client = new AmazonS3Client(getAWSCredentialsProvider(params), clientConfiguration);
    }
    // Set the optional endpoint, if specified.
    if (StringUtils.isNotBlank(params.getS3Endpoint())) {
        LOGGER.info("Configured S3 Endpoint: " + params.getS3Endpoint());
        amazonS3Client.setEndpoint(params.getS3Endpoint());
    }
    // Return the newly created client.
    return amazonS3Client;
}
Also used : AmazonS3Client(com.amazonaws.services.s3.AmazonS3Client) BasicSessionCredentials(com.amazonaws.auth.BasicSessionCredentials) ClientConfiguration(com.amazonaws.ClientConfiguration)

Example 15 with BasicSessionCredentials

use of com.amazonaws.auth.BasicSessionCredentials in project aws-iam-ldap-bridge by denismo.

the class IAMSecretKeyValidator method verifyIAMPassword.

@Override
public boolean verifyIAMPassword(Entry user, String pw) throws LdapInvalidAttributeValueException, LdapAuthenticationException {
    boolean role = false;
    AWSCredentials creds;
    if (isRole(user)) {
        role = true;
        String[] parts = pw.split("\\|");
        if (parts == null || parts.length < 3)
            throw new LdapAuthenticationException();
        creds = new BasicSessionCredentials(parts[0], parts[1], parts[2]);
    } else {
        creds = new BasicAWSCredentials(user.get("accessKey").getString(), pw);
    }
    LOG.debug("Verifying {} {} with accessKey <hidden> and secretKey <hidden>", role ? "role" : "user", user.get("uid").getString());
    AmazonIdentityManagementClient client = new AmazonIdentityManagementClient(creds);
    try {
        client.getAccountSummary();
    } catch (AmazonClientException e) {
        System.err.println(e.getMessage());
        return false;
    } finally {
        client.shutdown();
    }
    return true;
}
Also used : AmazonIdentityManagementClient(com.amazonaws.services.identitymanagement.AmazonIdentityManagementClient) LdapAuthenticationException(org.apache.directory.api.ldap.model.exception.LdapAuthenticationException) BasicSessionCredentials(com.amazonaws.auth.BasicSessionCredentials) AmazonClientException(com.amazonaws.AmazonClientException) BasicAWSCredentials(com.amazonaws.auth.BasicAWSCredentials) AWSCredentials(com.amazonaws.auth.AWSCredentials) BasicAWSCredentials(com.amazonaws.auth.BasicAWSCredentials)

Aggregations

BasicSessionCredentials (com.amazonaws.auth.BasicSessionCredentials)28 AWSStaticCredentialsProvider (com.amazonaws.auth.AWSStaticCredentialsProvider)9 BasicAWSCredentials (com.amazonaws.auth.BasicAWSCredentials)8 Credentials (com.amazonaws.services.securitytoken.model.Credentials)6 AWSCredentials (com.amazonaws.auth.AWSCredentials)5 AWSCredentialsProvider (com.amazonaws.auth.AWSCredentialsProvider)5 AmazonS3Client (com.amazonaws.services.s3.AmazonS3Client)5 Test (org.junit.Test)5 AssumeRoleRequest (com.amazonaws.services.securitytoken.model.AssumeRoleRequest)4 AssumeRoleResult (com.amazonaws.services.securitytoken.model.AssumeRoleResult)4 AmazonServiceException (com.amazonaws.AmazonServiceException)3 ClientConfiguration (com.amazonaws.ClientConfiguration)3 SdkClientException (com.amazonaws.SdkClientException)3 AmazonS3 (com.amazonaws.services.s3.AmazonS3)3 AmazonClientException (com.amazonaws.AmazonClientException)2 ProfileCredentialsProvider (com.amazonaws.auth.profile.ProfileCredentialsProvider)2 ObjectListing (com.amazonaws.services.s3.model.ObjectListing)2 AWSSecurityTokenService (com.amazonaws.services.securitytoken.AWSSecurityTokenService)2 IOException (java.io.IOException)2 AWSCredentialsProviderChain (com.amazonaws.auth.AWSCredentialsProviderChain)1