本文整理汇总了Java中com.amazonaws.services.securitytoken.model.GetCallerIdentityRequest类的典型用法代码示例。如果您正苦于以下问题:Java GetCallerIdentityRequest类的具体用法?Java GetCallerIdentityRequest怎么用?Java GetCallerIdentityRequest使用的例子?那么恭喜您, 这里精选的类代码示例或许可以为您提供帮助。
GetCallerIdentityRequest类属于com.amazonaws.services.securitytoken.model包,在下文中一共展示了GetCallerIdentityRequest类的8个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。
示例1: getCmsSystemProperties
import com.amazonaws.services.securitytoken.model.GetCallerIdentityRequest; //导入依赖的package包/类
/**
* Get generated CMS properties that are not set by the user
* @return - System configured properties
*/
public Properties getCmsSystemProperties() {
final BaseOutputs baseOutputs = getBaseStackOutputs();
final BaseParameters baseParameters = getBaseStackParameters();
final VaultParameters vaultParameters = getVaultStackParamters();
final Optional<String> cmsVaultToken = getCmsVaultToken();
final Optional<String> cmsDatabasePassword = getCmsDatabasePassword();
final GetCallerIdentityResult callerIdentity = securityTokenService.getCallerIdentity(
new GetCallerIdentityRequest());
final String rootUserArn = String.format("arn:aws:iam::%s:root", callerIdentity.getAccount());
final Properties properties = new Properties();
properties.put(VAULT_ADDR_KEY, String.format("https://%s", cnameToHost(vaultParameters.getCname())));
properties.put(VAULT_TOKEN_KEY, cmsVaultToken.get());
properties.put(ROOT_USER_ARN_KEY, rootUserArn);
properties.put(ADMIN_ROLE_ARN_KEY, baseParameters.getAccountAdminArn());
properties.put(CMS_ROLE_ARN_KEY, baseOutputs.getCmsIamRoleArn());
properties.put(JDBC_URL_KEY, baseOutputs.getCmsDbJdbcConnectionString());
properties.put(JDBC_USERNAME_KEY, ConfigConstants.DEFAULT_CMS_DB_NAME);
properties.put(JDBC_PASSWORD_KEY, cmsDatabasePassword.get());
return properties;
}
示例2: getAccount
import com.amazonaws.services.securitytoken.model.GetCallerIdentityRequest; //导入依赖的package包/类
public static String getAccount(AWSCredentialsProvider awsCredentialsProvider, ClientConfiguration clientConfiguration) {
AWSSecurityTokenService client = AWSSecurityTokenServiceClientBuilder.standard()
.withCredentials(awsCredentialsProvider)
.withClientConfiguration(transformAndVerifyOrThrow(clientConfiguration))
.withRegion(RegionResolver.getRegion())
.build();
GetCallerIdentityRequest request = new GetCallerIdentityRequest();
GetCallerIdentityResult result = client.getCallerIdentity(request);
return result.getAccount();
}
示例3: verifyInstanceIdentity
import com.amazonaws.services.securitytoken.model.GetCallerIdentityRequest; //导入依赖的package包/类
public boolean verifyInstanceIdentity(AWSAttestationData info, final String awsAccount) {
GetCallerIdentityRequest req = new GetCallerIdentityRequest();
try {
AWSSecurityTokenServiceClient client = getInstanceClient(info);
if (client == null) {
LOGGER.error("verifyInstanceIdentity - unable to get AWS STS client object");
return false;
}
GetCallerIdentityResult res = client.getCallerIdentity(req);
if (res == null) {
LOGGER.error("verifyInstanceIdentity - unable to get caller identity");
return false;
}
String arn = "arn:aws:sts::" + awsAccount + ":assumed-role/" + info.getRole() + "/";
if (!res.getArn().startsWith(arn)) {
LOGGER.error("verifyInstanceIdentity - ARN mismatch - request: {} caller-idenity: {}",
arn, res.getArn());
return false;
}
return true;
} catch (Exception ex) {
LOGGER.error("CloudStore: verifyInstanceIdentity - unable get caller identity: {}",
ex.getMessage());
return false;
}
}
示例4: getTokenServiceClient
import com.amazonaws.services.securitytoken.model.GetCallerIdentityRequest; //导入依赖的package包/类
@Override
AWSSecurityTokenServiceClient getTokenServiceClient() {
AWSSecurityTokenServiceClient client = Mockito.mock(AWSSecurityTokenServiceClient.class);
Mockito.when(client.assumeRole(Mockito.any(AssumeRoleRequest.class))).thenReturn(assumeRoleResult);
Mockito.when(client.getCallerIdentity(Mockito.any(GetCallerIdentityRequest.class))).thenReturn(callerIdentityResult);
return client;
}
示例5: getSTSCredentialsProvider
import com.amazonaws.services.securitytoken.model.GetCallerIdentityRequest; //导入依赖的package包/类
private AWSCredentialsProvider getSTSCredentialsProvider(AWSCredentialsProvider awsCredentials, String region, String assumeRoleArn) {
AWSSecurityTokenService stsClient = AWSSecurityTokenServiceClientBuilder.standard()
.withRegion(region)
.withCredentials(awsCredentials)
.build();
String roleSessionName = String.format("API_KEY_%[email protected]_%s",
awsCredentials.getCredentials().getAWSAccessKeyId(),
stsClient.getCallerIdentity(new GetCallerIdentityRequest()).getAccount());
LOG.debug("Cross account role session name: " + roleSessionName);
return new STSAssumeRoleSessionCredentialsProvider.Builder(assumeRoleArn, roleSessionName)
.withStsClient(stsClient)
.build();
}
示例6: getAccountId
import com.amazonaws.services.securitytoken.model.GetCallerIdentityRequest; //导入依赖的package包/类
public String getAccountId() {
final GetCallerIdentityResult callerIdentity = tokenService.getCallerIdentity(new GetCallerIdentityRequest());
return callerIdentity.getAccount();
}
示例7: run
import com.amazonaws.services.securitytoken.model.GetCallerIdentityRequest; //导入依赖的package包/类
@Override
public void run(SetBackupAdminPrincipalsCommand command) {
GetCallerIdentityResult identityResult = sts.getCallerIdentity(new GetCallerIdentityRequest());
String accountId = identityResult.getAccount();
String rootArn = String.format("arn:aws:iam::%s:root", accountId);
String adminRoleArn = configStore.getAccountAdminArn().get();
Set<String> principals = new HashSet<>();
principals.add(rootArn);
principals.add(adminRoleArn);
principals.addAll(command.getAdditionalPrincipals());
configStore.storeBackupAdminIamPrincipals(principals);
if (! configStore.getRegionBackupBucketMap().isEmpty()) {
configStore.getRegionBackupBucketMap().forEach((region, backupRegionInfo) -> {
final List<Statement> statements = new LinkedList<>();
principals.forEach( principal -> {
log.debug("Adding principal: {} to the CMK Policy for region {}", principal, region);
statements.add(new Statement(Statement.Effect.Allow)
.withId("Principal " + principal + " Has All Actions")
.withPrincipals(new Principal(AWS_PROVIDER, principal, false))
.withActions(KMSActions.AllKMSActions)
.withResources(new Resource("*")));
});
Policy kmsPolicy = new Policy();
kmsPolicy.setStatements(statements);
String policyString = kmsPolicy.toJson();
log.debug("Updating key {} for region {} with policy {}", backupRegionInfo.getKmsCmkId(), region, policyString);
AWSKMS kms = AWSKMSClient.builder().withCredentials(getAWSCredentialsProviderChain()).withRegion(region).build();
PutKeyPolicyRequest request = new PutKeyPolicyRequest()
.withKeyId(backupRegionInfo.getKmsCmkId())
.withPolicyName("default")
.withBypassPolicyLockoutSafetyCheck(true)
.withPolicy(policyString);
kms.putKeyPolicy(request);
log.info("Successfully updated key {} in region {} to allow the following principals access {}",
backupRegionInfo.getKmsCmkId(), region, String.join(", ", principals));
});
}
}
示例8: getAccount
import com.amazonaws.services.securitytoken.model.GetCallerIdentityRequest; //导入依赖的package包/类
protected final String getAccount() {
return this.sts.getCallerIdentity(new GetCallerIdentityRequest()).getAccount();
}