Examples with AssumeRoleResult com.amazonaws.services.securitytoken.model.AssumeRoleResult used on opensource projects

Search in sources :

Example 6 with AssumeRoleResult

use of com.amazonaws.services.securitytoken.model.AssumeRoleResult in project Gatekeeper by FINRAOS.

the class AwsSessionService method getFreshCredentials.

private BasicSessionCredentials getFreshCredentials(AWSEnvironment environment) throws GatekeeperException {
    logger.info("Assuming role for environment " + environment.getAccount() + " on region " + environment.getRegion() + " with timeout of " + (sessionTimeout / 1000) + " seconds (with " + (sessionTimeoutPad / 1000) + " padding.)");
    AssumeRoleRequest assumeRequest = new AssumeRoleRequest().withRoleArn(getRoleArn(environment.getAccount())).withDurationSeconds((sessionTimeout + sessionTimeoutPad) / 1000).withRoleSessionName("GATEKEEPER_APP");
    AssumeRoleResult assumeResult = awsSecurityTokenServiceClient.assumeRole(assumeRequest);
    return new BasicSessionCredentials(assumeResult.getCredentials().getAccessKeyId(), assumeResult.getCredentials().getSecretAccessKey(), assumeResult.getCredentials().getSessionToken());
}
Also used : AssumeRoleRequest(com.amazonaws.services.securitytoken.model.AssumeRoleRequest) BasicSessionCredentials(com.amazonaws.auth.BasicSessionCredentials) AssumeRoleResult(com.amazonaws.services.securitytoken.model.AssumeRoleResult)

Example 7 with AssumeRoleResult

use of com.amazonaws.services.securitytoken.model.AssumeRoleResult in project cloudbreak by hortonworks.

the class AwsSessionCredentialClient method retrieveSessionCredentials.

public BasicSessionCredentials retrieveSessionCredentials(AwsCredentialView awsCredential) {
    LOGGER.debug("retrieving session credential");
    AWSSecurityTokenServiceClient client = awsSecurityTokenServiceClient();
    AssumeRoleRequest assumeRoleRequest = new AssumeRoleRequest().withDurationSeconds(DEFAULT_SESSION_CREDENTIALS_DURATION).withExternalId(externalId).withRoleArn(awsCredential.getRoleArn()).withRoleSessionName("hadoop-provisioning");
    AssumeRoleResult result = client.assumeRole(assumeRoleRequest);
    return new BasicSessionCredentials(result.getCredentials().getAccessKeyId(), result.getCredentials().getSecretAccessKey(), result.getCredentials().getSessionToken());
}
Also used : AssumeRoleRequest(com.amazonaws.services.securitytoken.model.AssumeRoleRequest) BasicSessionCredentials(com.amazonaws.auth.BasicSessionCredentials) AWSSecurityTokenServiceClient(com.amazonaws.services.securitytoken.AWSSecurityTokenServiceClient) AssumeRoleResult(com.amazonaws.services.securitytoken.model.AssumeRoleResult)

Example 8 with AssumeRoleResult

use of com.amazonaws.services.securitytoken.model.AssumeRoleResult in project eureka by Netflix.

the class AwsAsgUtil method initializeStsSession.

private Credentials initializeStsSession(String asgAccount) {
    AWSSecurityTokenService sts = new AWSSecurityTokenServiceClient(new InstanceProfileCredentialsProvider());
    String region = clientConfig.getRegion();
    if (!region.equals("us-east-1")) {
        sts.setEndpoint("sts." + region + ".amazonaws.com");
    }
    String roleName = serverConfig.getListAutoScalingGroupsRoleName();
    String roleArn = "arn:aws:iam::" + asgAccount + ":role/" + roleName;
    AssumeRoleResult assumeRoleResult = sts.assumeRole(new AssumeRoleRequest().withRoleArn(roleArn).withRoleSessionName("sts-session-" + asgAccount));
    return assumeRoleResult.getCredentials();
}
Also used : InstanceProfileCredentialsProvider(com.amazonaws.auth.InstanceProfileCredentialsProvider) AssumeRoleRequest(com.amazonaws.services.securitytoken.model.AssumeRoleRequest) AWSSecurityTokenServiceClient(com.amazonaws.services.securitytoken.AWSSecurityTokenServiceClient) AssumeRoleResult(com.amazonaws.services.securitytoken.model.AssumeRoleResult) AWSSecurityTokenService(com.amazonaws.services.securitytoken.AWSSecurityTokenService)

Example 9 with AssumeRoleResult

use of com.amazonaws.services.securitytoken.model.AssumeRoleResult in project SimianArmy by Netflix.

the class STSAssumeRoleSessionCredentialsProvider method startSession.

/**
 * Starts a new session by sending a request to the AWS Security Token
 * Service (STS) to assume a Role using the long lived AWS credentials. This
 * class then vends the short lived session credentials for the assumed Role
 * sent back from STS.
 */
private void startSession() {
    AssumeRoleResult assumeRoleResult = securityTokenService.assumeRole(new AssumeRoleRequest().withRoleArn(roleArn).withDurationSeconds(DEFAULT_DURATION_SECONDS).withRoleSessionName("SimianArmy"));
    Credentials stsCredentials = assumeRoleResult.getCredentials();
    sessionCredentials = new BasicSessionCredentials(stsCredentials.getAccessKeyId(), stsCredentials.getSecretAccessKey(), stsCredentials.getSessionToken());
    sessionCredentialsExpiration = stsCredentials.getExpiration();
}
Also used : AssumeRoleRequest(com.amazonaws.services.securitytoken.model.AssumeRoleRequest) BasicSessionCredentials(com.amazonaws.auth.BasicSessionCredentials) AssumeRoleResult(com.amazonaws.services.securitytoken.model.AssumeRoleResult) AWSSessionCredentials(com.amazonaws.auth.AWSSessionCredentials) Credentials(com.amazonaws.services.securitytoken.model.Credentials) AWSCredentials(com.amazonaws.auth.AWSCredentials) BasicSessionCredentials(com.amazonaws.auth.BasicSessionCredentials)

Example 10 with AssumeRoleResult

use of com.amazonaws.services.securitytoken.model.AssumeRoleResult in project athenz by yahoo.

the class CloudStoreTest method testAssumeAWSRoleFailedCreds.

@Test
public void testAssumeAWSRoleFailedCreds() {
    MockCloudStore cloudStore = new MockCloudStore();
    cloudStore.awsEnabled = true;
    AssumeRoleResult mockResult = Mockito.mock(AssumeRoleResult.class);
    Credentials creds = Mockito.mock(Credentials.class);
    Mockito.when(creds.getAccessKeyId()).thenReturn("accesskeyid");
    Mockito.when(creds.getSecretAccessKey()).thenReturn("secretaccesskey");
    Mockito.when(creds.getSessionToken()).thenReturn("sessiontoken");
    Mockito.when(creds.getExpiration()).thenReturn(new Date());
    Mockito.when(mockResult.getCredentials()).thenReturn(creds);
    cloudStore.setAssumeRoleResult(mockResult);
    cloudStore.setReturnSuperAWSRole(true);
    // add our key to the invalid cache
    cloudStore.putInvalidCacheCreds(cloudStore.getCacheKey("account", "syncer", "athenz.syncer", null, null));
    StringBuilder errorMessage = new StringBuilder();
    assertNull(cloudStore.assumeAWSRole("account", "syncer", "athenz.syncer", null, null, errorMessage));
    errorMessage.setLength(0);
    assertNull(cloudStore.assumeAWSRole("account", "syncer", "athenz.syncer", null, null, errorMessage));
    // now set the timeout to 1 second and sleep that long and after
    // that our test case should work as before
    cloudStore.invalidCacheTimeout = 1;
    try {
        Thread.sleep(1000);
    } catch (InterruptedException ignored) {
    }
    errorMessage.setLength(0);
    assertNotNull(cloudStore.assumeAWSRole("account", "syncer", "athenz.syncer", null, null, errorMessage));
    cloudStore.close();
}
Also used : AssumeRoleResult(com.amazonaws.services.securitytoken.model.AssumeRoleResult) AWSTemporaryCredentials(com.yahoo.athenz.zts.AWSTemporaryCredentials) BasicSessionCredentials(com.amazonaws.auth.BasicSessionCredentials) Credentials(com.amazonaws.services.securitytoken.model.Credentials) Date(java.util.Date) Test(org.testng.annotations.Test)

Aggregations

AssumeRoleResult (com.amazonaws.services.securitytoken.model.AssumeRoleResult)17 AssumeRoleRequest (com.amazonaws.services.securitytoken.model.AssumeRoleRequest)13 Credentials (com.amazonaws.services.securitytoken.model.Credentials)10 BasicSessionCredentials (com.amazonaws.auth.BasicSessionCredentials)8 AWSSecurityTokenServiceClient (com.amazonaws.services.securitytoken.AWSSecurityTokenServiceClient)7 AmazonServiceException (com.amazonaws.AmazonServiceException)4 AWSTemporaryCredentials (com.yahoo.athenz.zts.AWSTemporaryCredentials)4 AWSSecurityTokenService (com.amazonaws.services.securitytoken.AWSSecurityTokenService)3 Date (java.util.Date)3 AWSStaticCredentialsProvider (com.amazonaws.auth.AWSStaticCredentialsProvider)2 RetryPolicy (com.amazonaws.retry.RetryPolicy)2 ResourceException (com.yahoo.athenz.zts.ResourceException)2 ExecutionException (java.util.concurrent.ExecutionException)2 TimeoutException (java.util.concurrent.TimeoutException)2 AwsParamsDto (org.finra.herd.model.dto.AwsParamsDto)2 Test (org.junit.Test)2 Test (org.testng.annotations.Test)2 AmazonClientException (com.amazonaws.AmazonClientException)1 ClientConfiguration (com.amazonaws.ClientConfiguration)1 SdkClientException (com.amazonaws.SdkClientException)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial