Examples with AssumeRoleRequest com.amazonaws.services.securitytoken.model.AssumeRoleRequest used on opensource projects

Search in sources :

Example 11 with AssumeRoleRequest

use of com.amazonaws.services.securitytoken.model.AssumeRoleRequest in project herd by FINRAOS.

the class StsDaoImpl method getTemporarySecurityCredentials.

/**
 * Returns a set of temporary security credentials (consisting of an access key ID, a secret access key, and a security token) that can be used to access
 * the specified AWS resource.
 *
 * @param sessionName the session name that will be associated with the temporary credentials. The session name must be the same for an initial set of
 * credentials and an extended set of credentials if credentials are to be refreshed. The session name also is used to identify the user in AWS logs so it
 * should be something unique and useful to identify the caller/use.
 * @param awsRoleArn the AWS ARN for the role required to provide access to the specified AWS resource
 * @param awsRoleDurationSeconds the duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) to 3600 seconds (1 hour).
 * @param policy the temporary policy to apply to this request
 *
 * @return the assumed session credentials
 */
@Override
public Credentials getTemporarySecurityCredentials(AwsParamsDto awsParamsDto, String sessionName, String awsRoleArn, int awsRoleDurationSeconds, Policy policy) {
    // Construct a new AWS security token service client using the specified client configuration to access Amazon S3.
    // A credentials provider chain will be used that searches for credentials in this order:
    // - Environment Variables - AWS_ACCESS_KEY_ID and AWS_SECRET_KEY
    // - Java System Properties - aws.accessKeyId and aws.secretKey
    // - Instance Profile Credentials - delivered through the Amazon EC2 metadata service
    // Get client configuration.
    ClientConfiguration clientConfiguration = awsHelper.getClientConfiguration(awsParamsDto);
    // Build STS client.
    AWSSecurityTokenService awsSecurityTokenService = AWSSecurityTokenServiceClientBuilder.standard().withClientConfiguration(clientConfiguration).withRegion(awsParamsDto.getAwsRegionName()).build();
    // Create the request.
    AssumeRoleRequest assumeRoleRequest = new AssumeRoleRequest();
    assumeRoleRequest.setRoleSessionName(sessionName);
    assumeRoleRequest.setRoleArn(awsRoleArn);
    assumeRoleRequest.setDurationSeconds(awsRoleDurationSeconds);
    if (policy != null) {
        assumeRoleRequest.setPolicy(policy.toJson());
    }
    // Get the temporary security credentials.
    AssumeRoleResult assumeRoleResult = stsOperations.assumeRole(awsSecurityTokenService, assumeRoleRequest);
    return assumeRoleResult.getCredentials();
}
Also used : AssumeRoleRequest(com.amazonaws.services.securitytoken.model.AssumeRoleRequest) AssumeRoleResult(com.amazonaws.services.securitytoken.model.AssumeRoleResult) AWSSecurityTokenService(com.amazonaws.services.securitytoken.AWSSecurityTokenService) ClientConfiguration(com.amazonaws.ClientConfiguration)

Example 12 with AssumeRoleRequest

use of com.amazonaws.services.securitytoken.model.AssumeRoleRequest in project herd by FINRAOS.

the class StsDaoTest method testGetTemporarySecurityCredentialsMissingOptionalParameters.

@Test
public void testGetTemporarySecurityCredentialsMissingOptionalParameters() {
    // Create an AWS parameters DTO without proxy settings.
    AwsParamsDto awsParamsDto = new AwsParamsDto();
    awsParamsDto.setAwsRegionName(AWS_REGION_NAME);
    // Build AWS client configuration.
    ClientConfiguration clientConfiguration = new ClientConfiguration();
    // Specify the duration, in seconds, of the role session.
    int awsRoleDurationSeconds = INTEGER_VALUE;
    // Create the expected assume role request.
    AssumeRoleRequest assumeRoleRequest = new AssumeRoleRequest().withRoleArn(AWS_ROLE_ARN).withRoleSessionName(SESSION_NAME).withDurationSeconds(awsRoleDurationSeconds);
    // Create AWS credentials for API authentication.
    Credentials credentials = new Credentials();
    credentials.setAccessKeyId(AWS_ASSUMED_ROLE_ACCESS_KEY);
    credentials.setSecretAccessKey(AWS_ASSUMED_ROLE_SECRET_KEY);
    credentials.setSessionToken(AWS_ASSUMED_ROLE_SESSION_TOKEN);
    // Create an assume role result.
    AssumeRoleResult assumeRoleResult = new AssumeRoleResult();
    assumeRoleResult.setCredentials(credentials);
    // Mock the external calls.
    when(awsHelper.getClientConfiguration(awsParamsDto)).thenReturn(clientConfiguration);
    when(stsOperations.assumeRole(any(AWSSecurityTokenServiceClient.class), eq(assumeRoleRequest))).thenReturn(assumeRoleResult);
    // Call the method under test. Please note that we do not specify an IAM policy.
    Credentials result = stsDaoImpl.getTemporarySecurityCredentials(awsParamsDto, SESSION_NAME, AWS_ROLE_ARN, awsRoleDurationSeconds, null);
    // Verify the external calls.
    verify(awsHelper).getClientConfiguration(awsParamsDto);
    verify(stsOperations).assumeRole(any(AWSSecurityTokenServiceClient.class), eq(assumeRoleRequest));
    verifyNoMoreInteractionsHelper();
    // Validate the returned object.
    assertEquals(credentials, result);
}
Also used : AssumeRoleRequest(com.amazonaws.services.securitytoken.model.AssumeRoleRequest) AwsParamsDto(org.finra.herd.model.dto.AwsParamsDto) AWSSecurityTokenServiceClient(com.amazonaws.services.securitytoken.AWSSecurityTokenServiceClient) AssumeRoleResult(com.amazonaws.services.securitytoken.model.AssumeRoleResult) ClientConfiguration(com.amazonaws.ClientConfiguration) Credentials(com.amazonaws.services.securitytoken.model.Credentials) Test(org.junit.Test)

Example 13 with AssumeRoleRequest

use of com.amazonaws.services.securitytoken.model.AssumeRoleRequest in project Gatekeeper by FINRAOS.

the class AwsSessionService method getFreshCredentials.

private BasicSessionCredentials getFreshCredentials(AWSEnvironment environment) throws GatekeeperException {
    logger.info("Assuming role for environment " + environment.getAccount() + " on region " + environment.getRegion() + " with timeout of " + (sessionTimeout / 1000) + " seconds (with " + (sessionTimeoutPad / 1000) + " padding.)");
    AssumeRoleRequest assumeRequest = new AssumeRoleRequest().withRoleArn(getRoleArn(environment.getAccount())).withDurationSeconds((sessionTimeout + sessionTimeoutPad) / 1000).withRoleSessionName("GATEKEEPER_APP");
    AssumeRoleResult assumeResult = awsSecurityTokenServiceClient.assumeRole(assumeRequest);
    return new BasicSessionCredentials(assumeResult.getCredentials().getAccessKeyId(), assumeResult.getCredentials().getSecretAccessKey(), assumeResult.getCredentials().getSessionToken());
}
Also used : AssumeRoleRequest(com.amazonaws.services.securitytoken.model.AssumeRoleRequest) BasicSessionCredentials(com.amazonaws.auth.BasicSessionCredentials) AssumeRoleResult(com.amazonaws.services.securitytoken.model.AssumeRoleResult)

Example 14 with AssumeRoleRequest

use of com.amazonaws.services.securitytoken.model.AssumeRoleRequest in project cloudbreak by hortonworks.

the class AwsSessionCredentialClient method retrieveSessionCredentials.

public AwsSessionCredentials retrieveSessionCredentials(AwsCredentialView awsCredential) {
    String externalId = awsCredential.getExternalId();
    AssumeRoleRequest assumeRoleRequest = new AssumeRoleRequest().withDurationSeconds(DEFAULT_SESSION_CREDENTIALS_DURATION).withExternalId(StringUtils.isEmpty(externalId) ? deprecatedExternalId : externalId).withRoleArn(awsCredential.getRoleArn()).withRoleSessionName(roleSessionName);
    LOGGER.debug("Trying to assume role with role arn {}", awsCredential.getRoleArn());
    return getAwsSessionCredentialsAndAssumeRole(awsCredential, assumeRoleRequest);
}
Also used : AssumeRoleRequest(com.amazonaws.services.securitytoken.model.AssumeRoleRequest)

Example 15 with AssumeRoleRequest

use of com.amazonaws.services.securitytoken.model.AssumeRoleRequest in project cloud-pipeline by epam.

the class S3TemporaryCredentials method generate.

@Override
public AbstractTemporaryCredentials generate(List<DataStorageAction> actions) {
    String policy = createPolicyWithPermissions(actions);
    AssumeRoleRequest assumeRoleRequest = new AssumeRoleRequest().withDurationSeconds(getDuration()).withPolicy(policy).withRoleSessionName(sessionName).withRoleArn(getRole());
    AWSSecurityTokenServiceClientBuilder builder = AWSSecurityTokenServiceClientBuilder.standard();
    builder.setRegion(getAwsRegionId());
    builder.setCredentials(DefaultAWSCredentialsProviderChain.getInstance());
    AssumeRoleResult assumeRoleResult = builder.build().assumeRole(assumeRoleRequest);
    Credentials resultingCredentials = assumeRoleResult.getCredentials();
    setAccessKey(resultingCredentials.getSecretAccessKey());
    setKeyId(resultingCredentials.getAccessKeyId());
    setToken(resultingCredentials.getSessionToken());
    setExpirationTime(expirationTimeWithUTC(resultingCredentials.getExpiration()));
    setRegion(getAwsRegionId());
    return this;
}
Also used : AssumeRoleRequest(com.amazonaws.services.securitytoken.model.AssumeRoleRequest) AWSSecurityTokenServiceClientBuilder(com.amazonaws.services.securitytoken.AWSSecurityTokenServiceClientBuilder) AssumeRoleResult(com.amazonaws.services.securitytoken.model.AssumeRoleResult) AbstractTemporaryCredentials(com.epam.pipeline.entity.datastorage.AbstractTemporaryCredentials) Credentials(com.amazonaws.services.securitytoken.model.Credentials)

Aggregations

AssumeRoleRequest (com.amazonaws.services.securitytoken.model.AssumeRoleRequest)32 AssumeRoleResult (com.amazonaws.services.securitytoken.model.AssumeRoleResult)21 Credentials (com.amazonaws.services.securitytoken.model.Credentials)11 BasicSessionCredentials (com.amazonaws.auth.BasicSessionCredentials)10 AWSSecurityTokenService (com.amazonaws.services.securitytoken.AWSSecurityTokenService)8 AWSSecurityTokenServiceClient (com.amazonaws.services.securitytoken.AWSSecurityTokenServiceClient)6 AmazonServiceException (com.amazonaws.AmazonServiceException)4 AWSStaticCredentialsProvider (com.amazonaws.auth.AWSStaticCredentialsProvider)4 Test (org.testng.annotations.Test)4 ClientConfiguration (com.amazonaws.ClientConfiguration)3 AWSCredentialsProvider (com.amazonaws.auth.AWSCredentialsProvider)3 BasicAWSCredentials (com.amazonaws.auth.BasicAWSCredentials)3 AWSSecurityTokenServiceException (com.amazonaws.services.securitytoken.model.AWSSecurityTokenServiceException)3 AWSCredentials (com.amazonaws.auth.AWSCredentials)2 AWSSessionCredentials (com.amazonaws.auth.AWSSessionCredentials)2 AWSSecurityTokenServiceAsync (com.amazonaws.services.securitytoken.AWSSecurityTokenServiceAsync)2 AWSTemporaryCredentials (com.yahoo.athenz.zts.AWSTemporaryCredentials)2 ResourceException (com.yahoo.athenz.zts.ResourceException)2 ExecutionException (java.util.concurrent.ExecutionException)2 TimeoutException (java.util.concurrent.TimeoutException)2
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial