Search in sources :

Example 1 with CredentialProvider

use of org.apache.flink.connector.aws.config.AWSConfigConstants.CredentialProvider in project flink by apache.

the class AWSUtil method getCredentialsProvider.

/**
 * If the provider is ASSUME_ROLE, then the credentials for assuming this role are determined
 * recursively.
 *
 * @param configProps the configuration properties
 * @param configPrefix the prefix of the config properties for this credentials provider, e.g.
 *     aws.credentials.provider for the base credentials provider,
 *     aws.credentials.provider.role.provider for the credentials provider for assuming a role,
 *     and so on.
 */
private static AWSCredentialsProvider getCredentialsProvider(final Properties configProps, final String configPrefix) {
    CredentialProvider credentialProviderType = AWSAsyncSinkUtil.getCredentialProviderType(configProps, configPrefix);
    switch(credentialProviderType) {
        case ENV_VAR:
            return new EnvironmentVariableCredentialsProvider();
        case SYS_PROP:
            return new SystemPropertiesCredentialsProvider();
        case PROFILE:
            String profileName = configProps.getProperty(AWSConfigConstants.profileName(configPrefix), null);
            String profileConfigPath = configProps.getProperty(AWSConfigConstants.profilePath(configPrefix), null);
            return (profileConfigPath == null) ? new ProfileCredentialsProvider(profileName) : new ProfileCredentialsProvider(profileConfigPath, profileName);
        case BASIC:
            return new AWSCredentialsProvider() {

                @Override
                public AWSCredentials getCredentials() {
                    return new BasicAWSCredentials(configProps.getProperty(AWSConfigConstants.accessKeyId(configPrefix)), configProps.getProperty(AWSConfigConstants.secretKey(configPrefix)));
                }

                @Override
                public void refresh() {
                // do nothing
                }
            };
        case ASSUME_ROLE:
            final AWSSecurityTokenService baseCredentials = AWSSecurityTokenServiceClientBuilder.standard().withCredentials(getCredentialsProvider(configProps, AWSConfigConstants.roleCredentialsProvider(configPrefix))).withRegion(configProps.getProperty(AWSConfigConstants.AWS_REGION)).build();
            return new STSAssumeRoleSessionCredentialsProvider.Builder(configProps.getProperty(AWSConfigConstants.roleArn(configPrefix)), configProps.getProperty(AWSConfigConstants.roleSessionName(configPrefix))).withExternalId(configProps.getProperty(AWSConfigConstants.externalId(configPrefix))).withStsClient(baseCredentials).build();
        case WEB_IDENTITY_TOKEN:
            return WebIdentityTokenCredentialsProvider.builder().roleArn(configProps.getProperty(AWSConfigConstants.roleArn(configPrefix), null)).roleSessionName(configProps.getProperty(AWSConfigConstants.roleSessionName(configPrefix), null)).webIdentityTokenFile(configProps.getProperty(AWSConfigConstants.webIdentityTokenFile(configPrefix), null)).build();
        case AUTO:
            return new DefaultAWSCredentialsProviderChain();
        default:
            throw new IllegalArgumentException("Credential provider not supported: " + credentialProviderType);
    }
}
Also used : DefaultAWSCredentialsProviderChain(com.amazonaws.auth.DefaultAWSCredentialsProviderChain) STSAssumeRoleSessionCredentialsProvider(com.amazonaws.auth.STSAssumeRoleSessionCredentialsProvider) SystemPropertiesCredentialsProvider(com.amazonaws.auth.SystemPropertiesCredentialsProvider) EnvironmentVariableCredentialsProvider(com.amazonaws.auth.EnvironmentVariableCredentialsProvider) CredentialProvider(org.apache.flink.connector.aws.config.AWSConfigConstants.CredentialProvider) ProfileCredentialsProvider(com.amazonaws.auth.profile.ProfileCredentialsProvider) AWSSecurityTokenService(com.amazonaws.services.securitytoken.AWSSecurityTokenService) AWSCredentialsProvider(com.amazonaws.auth.AWSCredentialsProvider) BasicAWSCredentials(com.amazonaws.auth.BasicAWSCredentials)

Example 2 with CredentialProvider

use of org.apache.flink.connector.aws.config.AWSConfigConstants.CredentialProvider in project flink by apache.

the class AWSGeneralUtil method validateAwsConfiguration.

/**
 * Validates configuration properties related to Amazon AWS service.
 *
 * @param config the properties to setup credentials and region
 */
public static void validateAwsConfiguration(Properties config) {
    if (config.containsKey(AWSConfigConstants.AWS_CREDENTIALS_PROVIDER)) {
        validateCredentialProvider(config);
        // if BASIC type is used, also check that the Access Key ID and Secret Key is supplied
        CredentialProvider credentialsProviderType = getCredentialProviderType(config, AWSConfigConstants.AWS_CREDENTIALS_PROVIDER);
        if (credentialsProviderType == CredentialProvider.BASIC) {
            if (!config.containsKey(AWSConfigConstants.AWS_ACCESS_KEY_ID) || !config.containsKey(AWSConfigConstants.AWS_SECRET_ACCESS_KEY)) {
                throw new IllegalArgumentException("Please set values for AWS Access Key ID ('" + AWSConfigConstants.AWS_ACCESS_KEY_ID + "') " + "and Secret Key ('" + AWSConfigConstants.AWS_SECRET_ACCESS_KEY + "') when using the BASIC AWS credential provider type.");
            }
        }
    }
    if (config.containsKey(AWSConfigConstants.AWS_REGION)) {
        // specified AWS Region name must be recognizable
        if (!isValidRegion(getRegion(config))) {
            StringBuilder sb = new StringBuilder();
            for (Region region : Region.regions()) {
                sb.append(region).append(", ");
            }
            throw new IllegalArgumentException("Invalid AWS region set in config. Valid values are: " + sb.toString());
        }
    }
}
Also used : CredentialProvider(org.apache.flink.connector.aws.config.AWSConfigConstants.CredentialProvider) Region(software.amazon.awssdk.regions.Region)

Example 3 with CredentialProvider

use of org.apache.flink.connector.aws.config.AWSConfigConstants.CredentialProvider in project flink by apache.

the class AWSGeneralUtilTest method testGetCredentialsProviderTypeWebIdentityToken.

@Test
public void testGetCredentialsProviderTypeWebIdentityToken() {
    Properties testConfig = TestUtil.properties(AWS_CREDENTIALS_PROVIDER, "WEB_IDENTITY_TOKEN");
    CredentialProvider type = AWSGeneralUtil.getCredentialProviderType(testConfig, AWS_CREDENTIALS_PROVIDER);
    assertEquals(WEB_IDENTITY_TOKEN, type);
}
Also used : CredentialProvider(org.apache.flink.connector.aws.config.AWSConfigConstants.CredentialProvider) Properties(java.util.Properties) Test(org.junit.Test)

Example 4 with CredentialProvider

use of org.apache.flink.connector.aws.config.AWSConfigConstants.CredentialProvider in project flink by apache.

the class AWSGeneralUtilTest method testGetCredentialsProviderTypeAssumeRole.

@Test
public void testGetCredentialsProviderTypeAssumeRole() {
    Properties testConfig = TestUtil.properties(AWS_CREDENTIALS_PROVIDER, "ASSUME_ROLE");
    CredentialProvider type = AWSGeneralUtil.getCredentialProviderType(testConfig, AWS_CREDENTIALS_PROVIDER);
    assertEquals(ASSUME_ROLE, type);
}
Also used : CredentialProvider(org.apache.flink.connector.aws.config.AWSConfigConstants.CredentialProvider) Properties(java.util.Properties) Test(org.junit.Test)

Aggregations

CredentialProvider (org.apache.flink.connector.aws.config.AWSConfigConstants.CredentialProvider)4 Properties (java.util.Properties)2 Test (org.junit.Test)2 AWSCredentialsProvider (com.amazonaws.auth.AWSCredentialsProvider)1 BasicAWSCredentials (com.amazonaws.auth.BasicAWSCredentials)1 DefaultAWSCredentialsProviderChain (com.amazonaws.auth.DefaultAWSCredentialsProviderChain)1 EnvironmentVariableCredentialsProvider (com.amazonaws.auth.EnvironmentVariableCredentialsProvider)1 STSAssumeRoleSessionCredentialsProvider (com.amazonaws.auth.STSAssumeRoleSessionCredentialsProvider)1 SystemPropertiesCredentialsProvider (com.amazonaws.auth.SystemPropertiesCredentialsProvider)1 ProfileCredentialsProvider (com.amazonaws.auth.profile.ProfileCredentialsProvider)1 AWSSecurityTokenService (com.amazonaws.services.securitytoken.AWSSecurityTokenService)1 Region (software.amazon.awssdk.regions.Region)1