use of org.apache.flink.connector.aws.config.AWSConfigConstants.CredentialProvider in project flink by apache.
the class AWSUtil method getCredentialsProvider.
/**
* If the provider is ASSUME_ROLE, then the credentials for assuming this role are determined
* recursively.
*
* @param configProps the configuration properties
* @param configPrefix the prefix of the config properties for this credentials provider, e.g.
* aws.credentials.provider for the base credentials provider,
* aws.credentials.provider.role.provider for the credentials provider for assuming a role,
* and so on.
*/
private static AWSCredentialsProvider getCredentialsProvider(final Properties configProps, final String configPrefix) {
CredentialProvider credentialProviderType = AWSAsyncSinkUtil.getCredentialProviderType(configProps, configPrefix);
switch(credentialProviderType) {
case ENV_VAR:
return new EnvironmentVariableCredentialsProvider();
case SYS_PROP:
return new SystemPropertiesCredentialsProvider();
case PROFILE:
String profileName = configProps.getProperty(AWSConfigConstants.profileName(configPrefix), null);
String profileConfigPath = configProps.getProperty(AWSConfigConstants.profilePath(configPrefix), null);
return (profileConfigPath == null) ? new ProfileCredentialsProvider(profileName) : new ProfileCredentialsProvider(profileConfigPath, profileName);
case BASIC:
return new AWSCredentialsProvider() {
@Override
public AWSCredentials getCredentials() {
return new BasicAWSCredentials(configProps.getProperty(AWSConfigConstants.accessKeyId(configPrefix)), configProps.getProperty(AWSConfigConstants.secretKey(configPrefix)));
}
@Override
public void refresh() {
// do nothing
}
};
case ASSUME_ROLE:
final AWSSecurityTokenService baseCredentials = AWSSecurityTokenServiceClientBuilder.standard().withCredentials(getCredentialsProvider(configProps, AWSConfigConstants.roleCredentialsProvider(configPrefix))).withRegion(configProps.getProperty(AWSConfigConstants.AWS_REGION)).build();
return new STSAssumeRoleSessionCredentialsProvider.Builder(configProps.getProperty(AWSConfigConstants.roleArn(configPrefix)), configProps.getProperty(AWSConfigConstants.roleSessionName(configPrefix))).withExternalId(configProps.getProperty(AWSConfigConstants.externalId(configPrefix))).withStsClient(baseCredentials).build();
case WEB_IDENTITY_TOKEN:
return WebIdentityTokenCredentialsProvider.builder().roleArn(configProps.getProperty(AWSConfigConstants.roleArn(configPrefix), null)).roleSessionName(configProps.getProperty(AWSConfigConstants.roleSessionName(configPrefix), null)).webIdentityTokenFile(configProps.getProperty(AWSConfigConstants.webIdentityTokenFile(configPrefix), null)).build();
case AUTO:
return new DefaultAWSCredentialsProviderChain();
default:
throw new IllegalArgumentException("Credential provider not supported: " + credentialProviderType);
}
}
use of org.apache.flink.connector.aws.config.AWSConfigConstants.CredentialProvider in project flink by apache.
the class AWSGeneralUtil method validateAwsConfiguration.
/**
* Validates configuration properties related to Amazon AWS service.
*
* @param config the properties to setup credentials and region
*/
public static void validateAwsConfiguration(Properties config) {
if (config.containsKey(AWSConfigConstants.AWS_CREDENTIALS_PROVIDER)) {
validateCredentialProvider(config);
// if BASIC type is used, also check that the Access Key ID and Secret Key is supplied
CredentialProvider credentialsProviderType = getCredentialProviderType(config, AWSConfigConstants.AWS_CREDENTIALS_PROVIDER);
if (credentialsProviderType == CredentialProvider.BASIC) {
if (!config.containsKey(AWSConfigConstants.AWS_ACCESS_KEY_ID) || !config.containsKey(AWSConfigConstants.AWS_SECRET_ACCESS_KEY)) {
throw new IllegalArgumentException("Please set values for AWS Access Key ID ('" + AWSConfigConstants.AWS_ACCESS_KEY_ID + "') " + "and Secret Key ('" + AWSConfigConstants.AWS_SECRET_ACCESS_KEY + "') when using the BASIC AWS credential provider type.");
}
}
}
if (config.containsKey(AWSConfigConstants.AWS_REGION)) {
// specified AWS Region name must be recognizable
if (!isValidRegion(getRegion(config))) {
StringBuilder sb = new StringBuilder();
for (Region region : Region.regions()) {
sb.append(region).append(", ");
}
throw new IllegalArgumentException("Invalid AWS region set in config. Valid values are: " + sb.toString());
}
}
}
use of org.apache.flink.connector.aws.config.AWSConfigConstants.CredentialProvider in project flink by apache.
the class AWSGeneralUtilTest method testGetCredentialsProviderTypeWebIdentityToken.
@Test
public void testGetCredentialsProviderTypeWebIdentityToken() {
Properties testConfig = TestUtil.properties(AWS_CREDENTIALS_PROVIDER, "WEB_IDENTITY_TOKEN");
CredentialProvider type = AWSGeneralUtil.getCredentialProviderType(testConfig, AWS_CREDENTIALS_PROVIDER);
assertEquals(WEB_IDENTITY_TOKEN, type);
}
use of org.apache.flink.connector.aws.config.AWSConfigConstants.CredentialProvider in project flink by apache.
the class AWSGeneralUtilTest method testGetCredentialsProviderTypeAssumeRole.
@Test
public void testGetCredentialsProviderTypeAssumeRole() {
Properties testConfig = TestUtil.properties(AWS_CREDENTIALS_PROVIDER, "ASSUME_ROLE");
CredentialProvider type = AWSGeneralUtil.getCredentialProviderType(testConfig, AWS_CREDENTIALS_PROVIDER);
assertEquals(ASSUME_ROLE, type);
}
Aggregations