Example 1 with AssumeRoleRequest
use of com.amazonaws.services.securitytoken.model.AssumeRoleRequest in project SimianArmy by Netflix.
the class STSAssumeRoleSessionCredentialsProvider method startSession.
/**
* Starts a new session by sending a request to the AWS Security Token
* Service (STS) to assume a Role using the long lived AWS credentials. This
* class then vends the short lived session credentials for the assumed Role
* sent back from STS.
*/
private void startSession() {
AssumeRoleResult assumeRoleResult = securityTokenService.assumeRole(new AssumeRoleRequest().withRoleArn(roleArn).withDurationSeconds(DEFAULT_DURATION_SECONDS).withRoleSessionName("SimianArmy"));
Credentials stsCredentials = assumeRoleResult.getCredentials();
sessionCredentials = new BasicSessionCredentials(stsCredentials.getAccessKeyId(), stsCredentials.getSecretAccessKey(), stsCredentials.getSessionToken());
sessionCredentialsExpiration = stsCredentials.getExpiration();
}
Also used :
AssumeRoleRequest(com.amazonaws.services.securitytoken.model.AssumeRoleRequest)
BasicSessionCredentials(com.amazonaws.auth.BasicSessionCredentials)
AssumeRoleResult(com.amazonaws.services.securitytoken.model.AssumeRoleResult)
AWSSessionCredentials(com.amazonaws.auth.AWSSessionCredentials)
Credentials(com.amazonaws.services.securitytoken.model.Credentials)
AWSCredentials(com.amazonaws.auth.AWSCredentials)
BasicSessionCredentials(com.amazonaws.auth.BasicSessionCredentials)
Example 2 with AssumeRoleRequest
use of com.amazonaws.services.securitytoken.model.AssumeRoleRequest in project athenz by yahoo.
the class ZTSClient method assumeAWSRole.
Credentials assumeAWSRole(String account, String roleName) {
try {
AssumeRoleRequest req = getAssumeRoleRequest(account, roleName);
AWSSecurityTokenServiceClient client = new AWSSecurityTokenServiceClient();
AssumeRoleResult res = client.assumeRole(req);
return res.getCredentials();
} catch (Exception ex) {
LOG.error("assumeAWSRole - unable to assume role: " + ex.getMessage());
return null;
}
}
Also used :
AssumeRoleRequest(com.amazonaws.services.securitytoken.model.AssumeRoleRequest)
AWSSecurityTokenServiceClient(com.amazonaws.services.securitytoken.AWSSecurityTokenServiceClient)
AssumeRoleResult(com.amazonaws.services.securitytoken.model.AssumeRoleResult)
OperatorCreationException(org.bouncycastle.operator.OperatorCreationException)
UnsupportedEncodingException(java.io.UnsupportedEncodingException)
CertificateParsingException(java.security.cert.CertificateParsingException)
CryptoException(com.yahoo.athenz.auth.util.CryptoException)
IOException(java.io.IOException)
JsonProcessingException(com.fasterxml.jackson.core.JsonProcessingException)
SSLPeerUnverifiedException(javax.net.ssl.SSLPeerUnverifiedException)
Example 3 with AssumeRoleRequest
use of com.amazonaws.services.securitytoken.model.AssumeRoleRequest in project athenz by yahoo.
the class ZTSClientTest method testGetAssumeRoleRequest.
@Test
public void testGetAssumeRoleRequest() {
ZTSClient client = new ZTSClient("http://localhost:4080");
AssumeRoleRequest req = client.getAssumeRoleRequest("1234", "role1");
assertNotNull(req);
assertEquals(req.getRoleArn(), "arn:aws:iam::1234:role/role1");
assertEquals(req.getRoleSessionName(), "role1");
client.close();
}
Also used :
AssumeRoleRequest(com.amazonaws.services.securitytoken.model.AssumeRoleRequest)
Test(org.testng.annotations.Test)
Example 4 with AssumeRoleRequest
use of com.amazonaws.services.securitytoken.model.AssumeRoleRequest in project athenz by yahoo.
the class CloudStore method getAssumeRoleRequest.
AssumeRoleRequest getAssumeRoleRequest(String account, String roleName, String principal) {
// assume the target role to get the credentials for the client
// aws format is arn:aws:iam::<account-id>:role/<role-name>
String arn = "arn:aws:iam::" + account + ":role/" + roleName;
AssumeRoleRequest req = new AssumeRoleRequest();
req.setRoleArn(arn);
req.setRoleSessionName(principal);
return req;
}
Also used :
AssumeRoleRequest(com.amazonaws.services.securitytoken.model.AssumeRoleRequest)
Example 5 with AssumeRoleRequest
use of com.amazonaws.services.securitytoken.model.AssumeRoleRequest in project athenz by yahoo.
the class CloudStoreTest method testGetAssumeRoleRequest.
@Test
public void testGetAssumeRoleRequest() {
CloudStore store = new CloudStore(null);
AssumeRoleRequest req = store.getAssumeRoleRequest("1234", "admin", "sys.auth.zts");
assertEquals("arn:aws:iam::1234:role/admin", req.getRoleArn());
assertEquals("sys.auth.zts", req.getRoleSessionName());
store.close();
}
Also used :
AssumeRoleRequest(com.amazonaws.services.securitytoken.model.AssumeRoleRequest)
CloudStore(com.yahoo.athenz.zts.store.CloudStore)
Test(org.testng.annotations.Test)
Aggregations
AssumeRoleRequest (com.amazonaws.services.securitytoken.model.AssumeRoleRequest)15
AssumeRoleResult (com.amazonaws.services.securitytoken.model.AssumeRoleResult)11
AWSSecurityTokenServiceClient (com.amazonaws.services.securitytoken.AWSSecurityTokenServiceClient)7
BasicSessionCredentials (com.amazonaws.auth.BasicSessionCredentials)4
Credentials (com.amazonaws.services.securitytoken.model.Credentials)4
RetryPolicy (com.amazonaws.retry.RetryPolicy)2
AwsParamsDto (org.finra.herd.model.dto.AwsParamsDto)2
Test (org.junit.Test)2
Test (org.testng.annotations.Test)2
AmazonClientException (com.amazonaws.AmazonClientException)1
AmazonServiceException (com.amazonaws.AmazonServiceException)1
ClientConfiguration (com.amazonaws.ClientConfiguration)1
AWSCredentials (com.amazonaws.auth.AWSCredentials)1
AWSCredentialsProvider (com.amazonaws.auth.AWSCredentialsProvider)1
AWSSessionCredentials (com.amazonaws.auth.AWSSessionCredentials)1
AWSStaticCredentialsProvider (com.amazonaws.auth.AWSStaticCredentialsProvider)1
BasicAWSCredentials (com.amazonaws.auth.BasicAWSCredentials)1
InstanceProfileCredentialsProvider (com.amazonaws.auth.InstanceProfileCredentialsProvider)1
Policy (com.amazonaws.auth.policy.Policy)1
AmazonEC2Exception (com.amazonaws.services.ec2.model.AmazonEC2Exception)1
