use of com.amazonaws.auth.BasicSessionCredentials in project athenz by yahoo.
the class CloudStoreTest method testGetS3Client.
@Test
public void testGetS3Client() {
System.setProperty(ZTS_PROP_AWS_PUBLIC_CERT, "src/test/resources/aws_public.crt");
CloudStore store = new CloudStore();
store.credentials = new BasicSessionCredentials("accessKey", "secretKey", "token");
store.awsEnabled = true;
store.awsRegion = "us-west-2";
assertNotNull(store.getS3Client());
assertNotNull(store.getS3Client());
store.close();
}
use of com.amazonaws.auth.BasicSessionCredentials in project athenz by yahoo.
the class CloudStore method fetchRoleCredentials.
boolean fetchRoleCredentials() {
if (awsRole == null || awsRole.isEmpty()) {
LOGGER.error("CloudStore: awsRole is not available to fetch role credentials");
return false;
}
final String creds = getMetaData("/meta-data/iam/security-credentials/" + awsRole);
if (creds == null) {
return false;
}
Struct credsStruct = JSON.fromString(creds, Struct.class);
if (credsStruct == null) {
LOGGER.error("CloudStore: unable to parse role credentials data: {}", creds);
return false;
}
String accessKeyId = credsStruct.getString("AccessKeyId");
String secretAccessKey = credsStruct.getString("SecretAccessKey");
String token = credsStruct.getString("Token");
credentials = new BasicSessionCredentials(accessKeyId, secretAccessKey, token);
return true;
}
use of com.amazonaws.auth.BasicSessionCredentials in project gradle-s3-build-cache by myniva.
the class AwsS3BuildCacheServiceFactory method createS3Client.
private AmazonS3 createS3Client(AwsS3BuildCache config) {
AmazonS3 s3;
try {
AmazonS3ClientBuilder s3Builder = AmazonS3ClientBuilder.standard();
if (!isNullOrEmpty(config.getAwsAccessKeyId()) && !isNullOrEmpty(config.getAwsSecretKey()) && !isNullOrEmpty(config.getSessionToken())) {
s3Builder.withCredentials(new AWSStaticCredentialsProvider(new BasicSessionCredentials(config.getAwsAccessKeyId(), config.getAwsSecretKey(), config.getSessionToken())));
} else if (!isNullOrEmpty(config.getAwsAccessKeyId()) && !isNullOrEmpty(config.getAwsSecretKey())) {
s3Builder.withCredentials(new AWSStaticCredentialsProvider(new BasicAWSCredentials(config.getAwsAccessKeyId(), config.getAwsSecretKey())));
}
addHttpHeaders(s3Builder, config);
if (isNullOrEmpty(config.getEndpoint())) {
s3Builder.withRegion(config.getRegion());
} else {
s3Builder.withEndpointConfiguration(new AwsClientBuilder.EndpointConfiguration(config.getEndpoint(), config.getRegion()));
}
s3 = s3Builder.build();
} catch (SdkClientException e) {
logger.debug("Error while building AWS S3 client: {}", e.getMessage());
throw new GradleException("Creation of S3 build cache failed; cannot create S3 client", e);
}
return s3;
}
use of com.amazonaws.auth.BasicSessionCredentials in project herd by FINRAOS.
the class S3DaoImpl method getAmazonS3.
/**
* Gets a new S3 client based on the specified parameters. The HTTP proxy information will be added if the host and port are specified in the parameters.
*
* @param params the parameters.
*
* @return the Amazon S3 client.
*/
private AmazonS3Client getAmazonS3(S3FileTransferRequestParamsDto params) {
AmazonS3Client amazonS3Client;
ClientConfiguration clientConfiguration = new ClientConfiguration().withRetryPolicy(retryPolicyFactory.getRetryPolicy());
// Set the proxy configuration, if proxy is specified.
if (StringUtils.isNotBlank(params.getHttpProxyHost()) && params.getHttpProxyPort() != null) {
clientConfiguration.setProxyHost(params.getHttpProxyHost());
clientConfiguration.setProxyPort(params.getHttpProxyPort());
}
// Sign all S3 API's with V4 signing.
// AmazonS3Client.upgradeToSigV4 already has some scenarios where it will "upgrade" the signing approach to use V4 if not already present (e.g.
// GetObjectRequest and KMS PutObjectRequest), but setting it here (especially when KMS is used) will ensure it isn't missed when required (e.g.
// copying objects between KMS encrypted buckets). Otherwise, AWS will return a bad request error and retry which isn't desirable.
clientConfiguration.setSignerOverride(SIGNER_OVERRIDE_V4);
// Set the optional socket timeout, if configured.
if (params.getSocketTimeout() != null) {
clientConfiguration.setSocketTimeout(params.getSocketTimeout());
}
// Create an S3 client using passed in credentials and HTTP proxy information.
if (StringUtils.isNotBlank(params.getAwsAccessKeyId()) && StringUtils.isNotBlank(params.getAwsSecretKey()) && StringUtils.isNotBlank(params.getSessionToken())) {
// Create an S3 client using basic session credentials.
amazonS3Client = new AmazonS3Client(new BasicSessionCredentials(params.getAwsAccessKeyId(), params.getAwsSecretKey(), params.getSessionToken()), clientConfiguration);
} else {
// Create an S3 client using AWS credentials provider.
amazonS3Client = new AmazonS3Client(getAWSCredentialsProvider(params), clientConfiguration);
}
// Set the optional endpoint, if specified.
if (StringUtils.isNotBlank(params.getS3Endpoint())) {
LOGGER.info("Configured S3 Endpoint: " + params.getS3Endpoint());
amazonS3Client.setEndpoint(params.getS3Endpoint());
}
// Return the newly created client.
return amazonS3Client;
}
use of com.amazonaws.auth.BasicSessionCredentials in project aws-iam-ldap-bridge by denismo.
the class IAMSecretKeyValidator method verifyIAMPassword.
@Override
public boolean verifyIAMPassword(Entry user, String pw) throws LdapInvalidAttributeValueException, LdapAuthenticationException {
boolean role = false;
AWSCredentials creds;
if (isRole(user)) {
role = true;
String[] parts = pw.split("\\|");
if (parts == null || parts.length < 3)
throw new LdapAuthenticationException();
creds = new BasicSessionCredentials(parts[0], parts[1], parts[2]);
} else {
creds = new BasicAWSCredentials(user.get("accessKey").getString(), pw);
}
LOG.debug("Verifying {} {} with accessKey <hidden> and secretKey <hidden>", role ? "role" : "user", user.get("uid").getString());
AmazonIdentityManagementClient client = new AmazonIdentityManagementClient(creds);
try {
client.getAccountSummary();
} catch (AmazonClientException e) {
System.err.println(e.getMessage());
return false;
} finally {
client.shutdown();
}
return true;
}
Aggregations