本文整理汇总了Java中com.amazonaws.services.securitytoken.AWSSecurityTokenServiceClient类的典型用法代码示例。如果您正苦于以下问题:Java AWSSecurityTokenServiceClient类的具体用法?Java AWSSecurityTokenServiceClient怎么用?Java AWSSecurityTokenServiceClient使用的例子?那么, 这里精选的类代码示例或许可以为您提供帮助。
AWSSecurityTokenServiceClient类属于com.amazonaws.services.securitytoken包,在下文中一共展示了AWSSecurityTokenServiceClient类的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。
示例1: getCredentials
import com.amazonaws.services.securitytoken.AWSSecurityTokenServiceClient; //导入依赖的package包/类
@Override
public AWSCredentials getCredentials() {
AWSCredentialsProvider credentialsProvider = AWSClientFactory.getBasicCredentialsOrDefaultChain(accessKey, secretKey);
AWSCredentials initialCredentials = credentialsProvider.getCredentials();
if (iamRoleArn.isEmpty()) {
return initialCredentials;
} else {
AssumeRoleRequest assumeRequest = new AssumeRoleRequest()
.withRoleArn(iamRoleArn)
.withExternalId(externalId)
.withDurationSeconds(3600)
.withRoleSessionName("CodeBuild-Jenkins-Plugin");
AssumeRoleResult assumeResult = new AWSSecurityTokenServiceClient(initialCredentials).assumeRole(assumeRequest);
return new BasicSessionCredentials(
assumeResult.getCredentials().getAccessKeyId(),
assumeResult.getCredentials().getSecretAccessKey(),
assumeResult.getCredentials().getSessionToken());
}
}
示例2: getInstanceClient
import com.amazonaws.services.securitytoken.AWSSecurityTokenServiceClient; //导入依赖的package包/类
AWSSecurityTokenServiceClient getInstanceClient(AWSAttestationData info) {
String access = info.getAccess();
if (access == null || access.isEmpty()) {
LOGGER.error("getInstanceClient: No access key id available in instance document");
return null;
}
String secret = info.getSecret();
if (secret == null || secret.isEmpty()) {
LOGGER.error("getInstanceClient: No secret access key available in instance document");
return null;
}
String token = info.getToken();
if (token == null || token.isEmpty()) {
LOGGER.error("getInstanceClient: No token available in instance document");
return null;
}
BasicSessionCredentials creds = new BasicSessionCredentials(access, secret, token);
return new AWSSecurityTokenServiceClient(creds);
}
示例3: assumeRole
import com.amazonaws.services.securitytoken.AWSSecurityTokenServiceClient; //导入依赖的package包/类
@Override
public AssumeRoleResult assumeRole(AWSSecurityTokenServiceClient awsSecurityTokenServiceClient, AssumeRoleRequest assumeRoleRequest)
{
assertNotNull(assumeRoleRequest);
if (assumeRoleRequest.getPolicy() != null && assumeRoleRequest.getPolicy().equals(MockAwsOperationsHelper.AMAZON_THROTTLING_EXCEPTION))
{
AmazonServiceException throttlingException = new AmazonServiceException("test throttling exception");
throttlingException.setErrorCode("ThrottlingException");
throw throttlingException;
}
AssumeRoleResult assumeRoleResult = new AssumeRoleResult();
assumeRoleResult.setCredentials(new Credentials(MOCK_AWS_ASSUMED_ROLE_ACCESS_KEY, MOCK_AWS_ASSUMED_ROLE_SECRET_KEY, MOCK_AWS_ASSUMED_ROLE_SESSION_TOKEN,
new Date(System.currentTimeMillis() + 1000 * assumeRoleRequest.getDurationSeconds())));
return assumeRoleResult;
}
示例4: getSessionCredentials
import com.amazonaws.services.securitytoken.AWSSecurityTokenServiceClient; //导入依赖的package包/类
/**
* Creates a new session credential that is valid for 12 hours
*
* @return an authenticated {@link Credentials} for the new session token
*/
private Credentials getSessionCredentials() {
// Create a new session with the user credentials for the service instance
AWSSecurityTokenServiceClient stsClient =
new AWSSecurityTokenServiceClient(new BasicAWSCredentials(
amazonProperties.getAws().getAccessKeyId(),
amazonProperties.getAws().getAccessKeySecret()));
// Start a new session for managing a service instance's bucket
GetSessionTokenRequest getSessionTokenRequest =
new GetSessionTokenRequest().withDurationSeconds(43200);
// Get the session token for the service instance's bucket
sessionCredentials = stsClient.getSessionToken(getSessionTokenRequest).getCredentials();
return sessionCredentials;
}
示例5: getSessionCredentials
import com.amazonaws.services.securitytoken.AWSSecurityTokenServiceClient; //导入依赖的package包/类
/**
* Creates a new session credential that is valid for 12 hours
*
* @return an authenticated {@link Credentials} for the new session token
*/
private Credentials getSessionCredentials() {
// Create a new session with the user credentials for the service instance
AWSSecurityTokenServiceClient stsClient =
new AWSSecurityTokenServiceClient(new BasicAWSCredentials(accessKeyId, accessKeySecret));
// Start a new session for managing a service instance's bucket
GetSessionTokenRequest getSessionTokenRequest =
new GetSessionTokenRequest().withDurationSeconds(43200);
// Get the session token for the service instance's bucket
sessionCredentials = stsClient.getSessionToken(getSessionTokenRequest).getCredentials();
return sessionCredentials;
}
示例6: getClientForAccount
import com.amazonaws.services.securitytoken.AWSSecurityTokenServiceClient; //导入依赖的package包/类
private AmazonEC2Client getClientForAccount(final String accountId, final Region region) {
final AWSSecurityTokenServiceClient stsClient = new AWSSecurityTokenServiceClient(new ProfileCredentialsProvider());
final AssumeRoleRequest assumeRequest = new AssumeRoleRequest().withRoleArn(
"arn:aws:iam::ACCOUNT_ID:role/fullstop-role")
.withDurationSeconds(3600).withRoleSessionName(
"fullstop-role");
final AssumeRoleResult assumeResult = stsClient.assumeRole(assumeRequest);
final BasicSessionCredentials temporaryCredentials = new BasicSessionCredentials(
assumeResult.getCredentials()
.getAccessKeyId(), assumeResult.getCredentials().getSecretAccessKey(),
assumeResult.getCredentials().getSessionToken());
final AmazonEC2Client amazonEC2Client = new AmazonEC2Client(temporaryCredentials);
amazonEC2Client.setRegion(region);
return amazonEC2Client;
}
示例7: getCredentials
import com.amazonaws.services.securitytoken.AWSSecurityTokenServiceClient; //导入依赖的package包/类
public AWSCredentials getCredentials() {
AWSCredentials initialCredentials = new BasicAWSCredentials(accessKey, secretKey.getPlainText());
if (StringUtils.isBlank(iamRoleArn)) {
return initialCredentials;
} else {
// Handle the case of delegation to instance profile
if (StringUtils.isBlank(accessKey) && StringUtils.isBlank(secretKey.getPlainText()) ) {
initialCredentials = (new InstanceProfileCredentialsProvider()).getCredentials();
}
AssumeRoleRequest assumeRequest = createAssumeRoleRequest(iamRoleArn);
AssumeRoleResult assumeResult = new AWSSecurityTokenServiceClient(initialCredentials).assumeRole(assumeRequest);
return new BasicSessionCredentials(
assumeResult.getCredentials().getAccessKeyId(),
assumeResult.getCredentials().getSecretAccessKey(),
assumeResult.getCredentials().getSessionToken());
}
}
示例8: assumeRoleAndGetCredentials
import com.amazonaws.services.securitytoken.AWSSecurityTokenServiceClient; //导入依赖的package包/类
private void assumeRoleAndGetCredentials() {
int defaultRequestedExpiryTimeInMinutes = jets3tProperties.getIntProperty("aws.session-credentials.expiry-time.to-be-requested", 60);
com.amazonaws.auth.AWSCredentials awsCredentials = new BasicAWSCredentials(iamAccessKey, iamSecretKey);
AWSSecurityTokenServiceClient stsClient =
new AWSSecurityTokenServiceClient(awsCredentials);
AssumeRoleRequest assumeRequest = new AssumeRoleRequest()
.withRoleArn(roleToBeAssumed)
.withDurationSeconds(defaultRequestedExpiryTimeInMinutes * 60)
.withRoleSessionName(DEFAULT_SESSION_NAME);
if(externalId != null) {
assumeRequest = assumeRequest.withExternalId(externalId);
}
AssumeRoleResult assumeResult =
stsClient.assumeRole(assumeRequest);
this.accessKey = assumeResult.getCredentials().getAccessKeyId();
this.secretKey = assumeResult.getCredentials().getSecretAccessKey();
this.sessionToken = assumeResult.getCredentials().getSessionToken();
this.expirationDate = assumeResult.getCredentials().getExpiration();
}
示例9: doCheckIamRoleArn
import com.amazonaws.services.securitytoken.AWSSecurityTokenServiceClient; //导入依赖的package包/类
public FormValidation doCheckIamRoleArn(@QueryParameter("proxyHost") final String proxyHost,
@QueryParameter("proxyPort") final String proxyPort,
@QueryParameter("accessKey") final String accessKey,
@QueryParameter("secretKey") final String secretKey,
@QueryParameter("iamRoleArn") final String iamRoleArn,
@QueryParameter("externalId") final String externalId) {
if (accessKey.isEmpty() || secretKey.isEmpty()) {
return FormValidation.error("AWS access and secret keys are required to use an IAM role for authorization");
}
if(iamRoleArn.isEmpty()) {
return FormValidation.ok();
}
try {
AWSCredentials initialCredentials = new BasicAWSCredentials(accessKey, secretKey);
AssumeRoleRequest assumeRequest = new AssumeRoleRequest()
.withRoleArn(iamRoleArn)
.withExternalId(externalId)
.withDurationSeconds(3600)
.withRoleSessionName("jenkins-codebuild-plugin");
new AWSSecurityTokenServiceClient(initialCredentials, getClientConfiguration(proxyHost, proxyPort)).assumeRole(assumeRequest);
} catch (Exception e) {
String errorMessage = e.getMessage();
if(errorMessage.length() >= ERROR_MESSAGE_MAX_LENGTH) {
errorMessage = errorMessage.substring(ERROR_MESSAGE_MAX_LENGTH);
}
return FormValidation.error("Authorization failed: " + errorMessage);
}
return FormValidation.ok("IAM role authorization successful.");
}
示例10: configure
import com.amazonaws.services.securitytoken.AWSSecurityTokenServiceClient; //导入依赖的package包/类
/**
* Binds all the Amazon services used.
*/
@Override
protected void configure() {
final Region region = Region.getRegion(Regions.fromName(regionName));
bind(AmazonEC2.class).toInstance(createAmazonClientInstance(AmazonEC2Client.class, region));
bind(AmazonCloudFormation.class).toInstance(createAmazonClientInstance(AmazonCloudFormationClient.class, region));
bind(AmazonIdentityManagement.class).toInstance(createAmazonClientInstance(AmazonIdentityManagementClient.class, region));
bind(AWSKMS.class).toInstance(createAmazonClientInstance(AWSKMSClient.class, region));
bind(AmazonS3.class).toInstance(createAmazonClientInstance(AmazonS3Client.class, region));
bind(AmazonAutoScaling.class).toInstance(createAmazonClientInstance(AmazonAutoScalingClient.class, region));
bind(AWSSecurityTokenService.class).toInstance(createAmazonClientInstance(AWSSecurityTokenServiceClient.class, region));
bind(AWSLambda.class).toInstance(createAmazonClientInstance(AWSLambdaClient.class, region));
bind(AmazonSNS.class).toInstance(createAmazonClientInstance(AmazonSNSClient.class, region));
}
示例11: verifyInstanceIdentity
import com.amazonaws.services.securitytoken.AWSSecurityTokenServiceClient; //导入依赖的package包/类
public boolean verifyInstanceIdentity(AWSAttestationData info, final String awsAccount) {
GetCallerIdentityRequest req = new GetCallerIdentityRequest();
try {
AWSSecurityTokenServiceClient client = getInstanceClient(info);
if (client == null) {
LOGGER.error("verifyInstanceIdentity - unable to get AWS STS client object");
return false;
}
GetCallerIdentityResult res = client.getCallerIdentity(req);
if (res == null) {
LOGGER.error("verifyInstanceIdentity - unable to get caller identity");
return false;
}
String arn = "arn:aws:sts::" + awsAccount + ":assumed-role/" + info.getRole() + "/";
if (!res.getArn().startsWith(arn)) {
LOGGER.error("verifyInstanceIdentity - ARN mismatch - request: {} caller-idenity: {}",
arn, res.getArn());
return false;
}
return true;
} catch (Exception ex) {
LOGGER.error("CloudStore: verifyInstanceIdentity - unable get caller identity: {}",
ex.getMessage());
return false;
}
}
示例12: testVerifyInstanceIdentityNullIdentity
import com.amazonaws.services.securitytoken.AWSSecurityTokenServiceClient; //导入依赖的package包/类
@Test
public void testVerifyInstanceIdentityNullIdentity() {
MockInstanceAWSProvider provider = new MockInstanceAWSProvider();
provider.setIdentitySuper(true);
AWSSecurityTokenServiceClient mockClient = Mockito.mock(AWSSecurityTokenServiceClient.class);
Mockito.when(mockClient.getCallerIdentity(ArgumentMatchers.any())).thenReturn(null);
provider.setStsClient(mockClient);
AWSAttestationData info = new AWSAttestationData();
assertFalse(provider.verifyInstanceIdentity(info, "1234"));
}
示例13: testVerifyInstanceIdentityException
import com.amazonaws.services.securitytoken.AWSSecurityTokenServiceClient; //导入依赖的package包/类
@Test
public void testVerifyInstanceIdentityException() {
MockInstanceAWSProvider provider = new MockInstanceAWSProvider();
provider.setIdentitySuper(true);
AWSSecurityTokenServiceClient mockClient = Mockito.mock(AWSSecurityTokenServiceClient.class);
Mockito.when(mockClient.getCallerIdentity(ArgumentMatchers.any())).thenThrow(new ResourceException(101));
provider.setStsClient(mockClient);
AWSAttestationData info = new AWSAttestationData();
assertFalse(provider.verifyInstanceIdentity(info, "1234"));
}
示例14: testVerifyInstanceIdentityARNMismatch
import com.amazonaws.services.securitytoken.AWSSecurityTokenServiceClient; //导入依赖的package包/类
@Test
public void testVerifyInstanceIdentityARNMismatch() {
MockInstanceAWSProvider provider = new MockInstanceAWSProvider();
provider.setIdentitySuper(true);
AWSSecurityTokenServiceClient mockClient = Mockito.mock(AWSSecurityTokenServiceClient.class);
GetCallerIdentityResult result = Mockito.mock(GetCallerIdentityResult.class);
Mockito.when(result.getArn()).thenReturn("arn:aws:sts::1235:assumed-role/athenz.service/athenz.service");
Mockito.when(mockClient.getCallerIdentity(ArgumentMatchers.any())).thenReturn(result);
provider.setStsClient(mockClient);
AWSAttestationData info = new AWSAttestationData();
info.setRole("athenz.service");
assertFalse(provider.verifyInstanceIdentity(info, "1234"));
}
示例15: testVerifyInstanceIdentity
import com.amazonaws.services.securitytoken.AWSSecurityTokenServiceClient; //导入依赖的package包/类
@Test
public void testVerifyInstanceIdentity() {
MockInstanceAWSProvider provider = new MockInstanceAWSProvider();
provider.setIdentitySuper(true);
AWSSecurityTokenServiceClient mockClient = Mockito.mock(AWSSecurityTokenServiceClient.class);
GetCallerIdentityResult result = Mockito.mock(GetCallerIdentityResult.class);
Mockito.when(result.getArn()).thenReturn("arn:aws:sts::1234:assumed-role/athenz.service/athenz.service");
Mockito.when(mockClient.getCallerIdentity(ArgumentMatchers.any())).thenReturn(result);
provider.setStsClient(mockClient);
AWSAttestationData info = new AWSAttestationData();
info.setRole("athenz.service");
assertTrue(provider.verifyInstanceIdentity(info, "1234"));
}