Example 1 with AWSTemporaryCredentials
use of com.yahoo.athenz.zts.AWSTemporaryCredentials in project athenz by yahoo.
the class CloudStore method assumeAWSRole.
public AWSTemporaryCredentials assumeAWSRole(String account, String roleName, String principal) {
if (!awsEnabled) {
throw new ResourceException(ResourceException.INTERNAL_SERVER_ERROR, "AWS Support not enabled");
}
AssumeRoleRequest req = getAssumeRoleRequest(account, roleName, principal);
AWSTemporaryCredentials tempCreds = null;
try {
AWSSecurityTokenServiceClient client = getTokenServiceClient();
AssumeRoleResult res = client.assumeRole(req);
Credentials awsCreds = res.getCredentials();
tempCreds = new AWSTemporaryCredentials().setAccessKeyId(awsCreds.getAccessKeyId()).setSecretAccessKey(awsCreds.getSecretAccessKey()).setSessionToken(awsCreds.getSessionToken()).setExpiration(Timestamp.fromMillis(awsCreds.getExpiration().getTime()));
} catch (Exception ex) {
LOGGER.error("CloudStore: assumeAWSRole - unable to assume role: " + ex.getMessage());
return null;
}
return tempCreds;
}
Also used :
AssumeRoleRequest(com.amazonaws.services.securitytoken.model.AssumeRoleRequest)
AWSSecurityTokenServiceClient(com.amazonaws.services.securitytoken.AWSSecurityTokenServiceClient)
ResourceException(com.yahoo.athenz.zts.ResourceException)
AssumeRoleResult(com.amazonaws.services.securitytoken.model.AssumeRoleResult)
AWSTemporaryCredentials(com.yahoo.athenz.zts.AWSTemporaryCredentials)
BasicSessionCredentials(com.amazonaws.auth.BasicSessionCredentials)
Credentials(com.amazonaws.services.securitytoken.model.Credentials)
AWSTemporaryCredentials(com.yahoo.athenz.zts.AWSTemporaryCredentials)
TimeoutException(java.util.concurrent.TimeoutException)
ResourceException(com.yahoo.athenz.zts.ResourceException)
ExecutionException(java.util.concurrent.ExecutionException)
Example 2 with AWSTemporaryCredentials
use of com.yahoo.athenz.zts.AWSTemporaryCredentials in project athenz by yahoo.
the class CloudStoreTest method testAssumeAWSRole.
@Test
public void testAssumeAWSRole() {
MockCloudStore cloudStore = new MockCloudStore();
cloudStore.awsEnabled = true;
AssumeRoleResult mockResult = Mockito.mock(AssumeRoleResult.class);
Credentials creds = Mockito.mock(Credentials.class);
Mockito.when(creds.getAccessKeyId()).thenReturn("accesskeyid");
Mockito.when(creds.getSecretAccessKey()).thenReturn("secretaccesskey");
Mockito.when(creds.getSessionToken()).thenReturn("sessiontoken");
Mockito.when(creds.getExpiration()).thenReturn(new Date());
Mockito.when(mockResult.getCredentials()).thenReturn(creds);
cloudStore.setAssumeRoleResult(mockResult);
cloudStore.setAssumeAWSRole(true);
AWSTemporaryCredentials awsCreds = cloudStore.assumeAWSRole("account", "syncer", "athenz.syncer");
assertNotNull(awsCreds);
assertEquals(awsCreds.getAccessKeyId(), "accesskeyid");
assertEquals(awsCreds.getSessionToken(), "sessiontoken");
assertEquals(awsCreds.getSecretAccessKey(), "secretaccesskey");
}
Also used :
AssumeRoleResult(com.amazonaws.services.securitytoken.model.AssumeRoleResult)
AWSTemporaryCredentials(com.yahoo.athenz.zts.AWSTemporaryCredentials)
AWSTemporaryCredentials(com.yahoo.athenz.zts.AWSTemporaryCredentials)
BasicSessionCredentials(com.amazonaws.auth.BasicSessionCredentials)
Credentials(com.amazonaws.services.securitytoken.model.Credentials)
Date(java.util.Date)
Test(org.testng.annotations.Test)
Aggregations
BasicSessionCredentials (com.amazonaws.auth.BasicSessionCredentials)2
AssumeRoleResult (com.amazonaws.services.securitytoken.model.AssumeRoleResult)2
Credentials (com.amazonaws.services.securitytoken.model.Credentials)2
AWSTemporaryCredentials (com.yahoo.athenz.zts.AWSTemporaryCredentials)2
AWSSecurityTokenServiceClient (com.amazonaws.services.securitytoken.AWSSecurityTokenServiceClient)1
AssumeRoleRequest (com.amazonaws.services.securitytoken.model.AssumeRoleRequest)1
ResourceException (com.yahoo.athenz.zts.ResourceException)1
Date (java.util.Date)1
ExecutionException (java.util.concurrent.ExecutionException)1
TimeoutException (java.util.concurrent.TimeoutException)1
Test (org.testng.annotations.Test)1
