Example 1 with AWSSecurityTokenServiceAsync
use of com.amazonaws.services.securitytoken.AWSSecurityTokenServiceAsync in project photon-model by vmware.
the class AWSUtils method getArnSessionCredentialsAsync.
/**
* Authenticates and returns a DeferredResult set of session credentials for a valid ARN that
* authorizes this system's account ID (validated through
* {@link #AWS_MASTER_ACCOUNT_ACCESS_KEY_PROPERTY} and
* {@link #AWS_MASTER_ACCOUNT_SECRET_KEY_PROPERTY}) and the externalId parameter.
*
* If the system properties are unset, then this call will automatically fail.
*
* @param arn The Amazon Resource Name to validate.
* @param externalId The external ID this ARN has authorized.
* @param region The region to validate within.
* @param executorService The executor service to issue the request.
*/
public static DeferredResult<Credentials> getArnSessionCredentialsAsync(String arn, String externalId, String region, ExecutorService executorService) {
AWSCredentialsProvider serviceAwsCredentials;
try {
serviceAwsCredentials = new AWSStaticCredentialsProvider(new BasicAWSCredentials(AWS_MASTER_ACCOUNT_ACCESS_KEY, AWS_MASTER_ACCOUNT_SECRET_KEY));
} catch (Throwable t) {
return DeferredResult.failed(t);
}
AWSSecurityTokenServiceAsync awsSecurityTokenServiceAsync = AWSSecurityTokenServiceAsyncClientBuilder.standard().withRegion(region).withCredentials(serviceAwsCredentials).withExecutorFactory(() -> executorService).build();
AssumeRoleRequest assumeRoleRequest = new AssumeRoleRequest().withRoleArn(arn).withRoleSessionName(UUID.randomUUID().toString()).withDurationSeconds(getArnSessionDurationSeconds()).withExternalId(externalId);
DeferredResult<AssumeRoleResult> r = new DeferredResult<>();
OperationContext operationContext = OperationContext.getOperationContext();
awsSecurityTokenServiceAsync.assumeRoleAsync(assumeRoleRequest, new AsyncHandler<AssumeRoleRequest, AssumeRoleResult>() {
@Override
public void onSuccess(AssumeRoleRequest request, AssumeRoleResult result) {
OperationContext.restoreOperationContext(operationContext);
r.complete(result);
}
@Override
public void onError(Exception ex) {
OperationContext.restoreOperationContext(operationContext);
r.fail(ex);
}
});
return r.thenApply(AssumeRoleResult::getCredentials);
}
Also used :
OperationContext(com.vmware.xenon.common.OperationContext)
AssumeRoleRequest(com.amazonaws.services.securitytoken.model.AssumeRoleRequest)
AWSSecurityTokenServiceAsync(com.amazonaws.services.securitytoken.AWSSecurityTokenServiceAsync)
AssumeRoleResult(com.amazonaws.services.securitytoken.model.AssumeRoleResult)
BasicAWSCredentials(com.amazonaws.auth.BasicAWSCredentials)
AWSSecurityTokenServiceException(com.amazonaws.services.securitytoken.model.AWSSecurityTokenServiceException)
AmazonServiceException(com.amazonaws.AmazonServiceException)
AmazonClientException(com.amazonaws.AmazonClientException)
AmazonEC2Exception(com.amazonaws.services.ec2.model.AmazonEC2Exception)
AWSStaticCredentialsProvider(com.amazonaws.auth.AWSStaticCredentialsProvider)
AWSCredentialsProvider(com.amazonaws.auth.AWSCredentialsProvider)
DeferredResult(com.vmware.xenon.common.DeferredResult)
Aggregations
AmazonClientException (com.amazonaws.AmazonClientException)1
AmazonServiceException (com.amazonaws.AmazonServiceException)1
AWSCredentialsProvider (com.amazonaws.auth.AWSCredentialsProvider)1
AWSStaticCredentialsProvider (com.amazonaws.auth.AWSStaticCredentialsProvider)1
BasicAWSCredentials (com.amazonaws.auth.BasicAWSCredentials)1
AmazonEC2Exception (com.amazonaws.services.ec2.model.AmazonEC2Exception)1
AWSSecurityTokenServiceAsync (com.amazonaws.services.securitytoken.AWSSecurityTokenServiceAsync)1
AWSSecurityTokenServiceException (com.amazonaws.services.securitytoken.model.AWSSecurityTokenServiceException)1
AssumeRoleRequest (com.amazonaws.services.securitytoken.model.AssumeRoleRequest)1
AssumeRoleResult (com.amazonaws.services.securitytoken.model.AssumeRoleResult)1
DeferredResult (com.vmware.xenon.common.DeferredResult)1
OperationContext (com.vmware.xenon.common.OperationContext)1
