software.amazon.awssdk.services.sts.model.StsException Java Examples

The following examples show how to use software.amazon.awssdk.services.sts.model.StsException. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: AwsAccount.java    From clouditor with Apache License 2.0 6 votes vote down vote up 
@Override
public void validate() throws IOException {
  try {
    // use STS to find account id and user

    var builder = StsClient.builder();

    if (!this.isAutoDiscovered()) {
      builder.region(Region.of(this.region));
      builder.credentialsProvider(() -> this);
    }

    var stsClient = builder.build();

    var identity = stsClient.getCallerIdentity();

    this.accountId = identity.account();
    this.user = identity.arn();

    LOGGER.info("Account {} validated with user {}.", this.accountId, this.user);
  } catch (SdkClientException | StsException ex) {
    // TODO: log error, etc.
    throw new IOException(ex.getMessage());
  }
}
Example #2
Source File: TestS3FileSystem.java    From dremio-oss with Apache License 2.0 6 votes vote down vote up 
@Test(expected = RuntimeException.class)
public void testVerifyCredentialsNoRetryOnAuthnError() {
  PowerMockito.mockStatic(StsClient.class);
  StsClient mockedClient = mock(StsClient.class);
  StsClientBuilder mockedClientBuilder = mock(StsClientBuilder.class);
  when(mockedClientBuilder.credentialsProvider(any(AwsCredentialsProvider.class))).thenReturn(mockedClientBuilder);
  when(mockedClientBuilder.region(any(Region.class))).thenReturn(mockedClientBuilder);
  when(mockedClientBuilder.build()).thenReturn(mockedClient);
  when(StsClient.builder()).thenReturn(mockedClientBuilder);

  TestExtendedS3FileSystem fs = new TestExtendedS3FileSystem();
  AtomicInteger retryAttemptNo = new AtomicInteger(0);
  when(mockedClient.getCallerIdentity(any(GetCallerIdentityRequest.class))).then(invocationOnMock -> {
    retryAttemptNo.incrementAndGet();
    throw StsException.builder().message("The security token included in the request is invalid. (Service: Sts, Status Code: 403, Request ID: a7e2e92e-5ebb-4343-87a1-21e4d64edcd4)").build();
  });
  fs.verifyCredentials(new Configuration());
  assertEquals(1, retryAttemptNo.get());
}
Example #3
Source File: AssumeRoleIntegrationTest.java    From aws-sdk-java-v2 with Apache License 2.0 5 votes vote down vote up 
@Test
public void profileCredentialsProviderCanAssumeRoles() throws InterruptedException {
    String ASSUME_ROLE_PROFILE =
        "[source]\n"
        + "aws_access_key_id = " + userCredentials.accessKeyId() + "\n"
        + "aws_secret_access_key = " + userCredentials.secretAccessKey() + "\n"
        + "\n"
        + "[test]\n"
        + "region = us-west-1\n"
        + "source_profile = source\n"
        + "role_arn = " + ROLE_ARN;

    ProfileFile profiles = ProfileFile.builder()
                                      .content(new StringInputStream(ASSUME_ROLE_PROFILE))
                                      .type(ProfileFile.Type.CREDENTIALS)
                                      .build();
    Optional<Profile> profile = profiles.profile("test");
    AwsCredentialsProvider awsCredentialsProvider =
        new ProfileCredentialsUtils(profile.get(), profiles::profile).credentialsProvider().get();


    // Try to assume the role until the eventual consistency catches up.
    AwsCredentials awsCredentials = Waiter.run(awsCredentialsProvider::resolveCredentials)
                                          .ignoringException(StsException.class)
                                          .orFail();

    assertThat(awsCredentials.accessKeyId()).isNotBlank();
    assertThat(awsCredentials.secretAccessKey()).isNotBlank();
    ((SdkAutoCloseable) awsCredentialsProvider).close();
}
Example #4
Source File: AssumeRoleIntegrationTest.java    From aws-sdk-java-v2 with Apache License 2.0 5 votes vote down vote up 
@Test
public void profileCredentialProviderCanAssumeRolesWithEnvironmentCredentialSource() throws InterruptedException {
    EnvironmentVariableHelper.run(helper -> {
        helper.set("AWS_ACCESS_KEY_ID", userCredentials.accessKeyId());
        helper.set("AWS_SECRET_ACCESS_KEY", userCredentials.secretAccessKey());

        String ASSUME_ROLE_PROFILE =
            "[test]\n"
            + "region = us-west-1\n"
            + "credential_source = Environment\n"
            + "role_arn = " + ROLE_ARN;

        ProfileFile profiles = ProfileFile.builder()
                                          .content(new StringInputStream(ASSUME_ROLE_PROFILE))
                                          .type(ProfileFile.Type.CREDENTIALS)
                                          .build();
        Optional<Profile> profile = profiles.profile("test");
        AwsCredentialsProvider awsCredentialsProvider =
            new ProfileCredentialsUtils(profile.get(), profiles::profile).credentialsProvider().get();


        // Try to assume the role until the eventual consistency catches up.
        AwsCredentials awsCredentials = Waiter.run(awsCredentialsProvider::resolveCredentials)
                                              .ignoringException(StsException.class)
                                              .orFail();

        assertThat(awsCredentials.accessKeyId()).isNotBlank();
        assertThat(awsCredentials.secretAccessKey()).isNotBlank();
        ((SdkAutoCloseable) awsCredentialsProvider).close();
    });
}
Example #5
Source File: AssumeRoleIntegrationTest.java    From aws-sdk-java-v2 with Apache License 2.0 5 votes vote down vote up 
@Test
public void profileCredentialProviderWithEnvironmentCredentialSourceAndSystemProperties() throws InterruptedException {
    System.setProperty("aws.accessKeyId", userCredentials.accessKeyId());
    System.setProperty("aws.secretAccessKey", userCredentials.secretAccessKey());

    EnvironmentVariableHelper.run(helper -> {
        helper.remove("AWS_ACCESS_KEY_ID");
        helper.remove("AWS_SECRET_ACCESS_KEY");

        String ASSUME_ROLE_PROFILE =
            "[test]\n"
            + "region = us-west-1\n"
            + "credential_source = Environment\n"
            + "role_arn = " + ROLE_ARN;

        ProfileFile profiles = ProfileFile.builder()
                                          .content(new StringInputStream(ASSUME_ROLE_PROFILE))
                                          .type(ProfileFile.Type.CREDENTIALS)
                                          .build();
        Optional<Profile> profile = profiles.profile("test");
        AwsCredentialsProvider awsCredentialsProvider =
            new ProfileCredentialsUtils(profile.get(), profiles::profile).credentialsProvider().get();


        // Try to assume the role until the eventual consistency catches up.
        AwsCredentials awsCredentials = Waiter.run(awsCredentialsProvider::resolveCredentials)
                                              .ignoringException(StsException.class)
                                              .orFail();

        assertThat(awsCredentials.accessKeyId()).isNotBlank();
        assertThat(awsCredentials.secretAccessKey()).isNotBlank();
        ((SdkAutoCloseable) awsCredentialsProvider).close();
    });

    System.clearProperty("aws.accessKeyId");
    System.clearProperty("aws.secretAccessKey");
}