software.amazon.awssdk.auth.credentials.AwsCredentialsProvider Java Examples

The following examples show how to use software.amazon.awssdk.auth.credentials.AwsCredentialsProvider. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: S3Manager.java    From joyqueue with Apache License 2.0 9 votes vote down vote up
private String getS3Url(String objectKey) {
    AwsCredentialsProvider credentialsProvider = StaticCredentialsProvider.create(AwsBasicCredentials.create(accessKey, secretKey));
    S3Presigner preSigner = S3Presigner.builder()
            .credentialsProvider(credentialsProvider)
            .endpointOverride(URI.create(endpoint))
            .region(clientRegion).build();
    GetObjectRequest getObjectRequest = GetObjectRequest.builder()
            .bucket(bucketName)
            .key(objectKey)
            .build();
    GetObjectPresignRequest getObjectPresignRequest = GetObjectPresignRequest.builder()
            .getObjectRequest(getObjectRequest).signatureDuration(Duration.ofDays(7)).build();
    PresignedGetObjectRequest presignedGetObjectRequest = preSigner.presignGetObject(getObjectPresignRequest);
    String url = presignedGetObjectRequest.url().toString();
    preSigner.close();
    return url;
}
 
Example #2
Source File: AwsSecretsManager.java    From dremio-oss with Apache License 2.0 6 votes vote down vote up
private String getSecret(String[] arnTokens) throws IOException {
  String region = arnTokens[Arn.region.ordinal()];
  String secretName = getSecretName(arnTokens[Arn.secretName.ordinal()]);

  /*
   * Currently, dremio would support access of the secrets manager with base role assigned
   * to EC2 machine. This will be further enhanced, once we have more requirements on it.
   */
  AwsCredentialsProvider awsCredentialsProvider = getAwsCredentials();
  GetSecretValueRequest secretValueRequest = GetSecretValueRequest.builder().secretId(secretName)
    .versionStage(AWS_CURRENT).build();

  try (final SecretsManagerClient secretsManagerClient = SecretsManagerClient.builder()
        .region(Region.of(region))
        .credentialsProvider(awsCredentialsProvider)
        .build()) {
    final GetSecretValueResponse secretValueResponse = secretsManagerClient.getSecretValue(secretValueRequest);
    return (secretValueResponse.secretString() != null) ?
      secretValueResponse.secretString() : secretValueResponse.secretBinary().toString();
  } catch (SdkException e) {
    logger.debug("Unable to retrieve secret for secret {} as {}", secretName, e.getMessage());
    throw new IOException(e.getMessage(), e);
  }
}
 
Example #3
Source File: S3FileSystem.java    From dremio-oss with Apache License 2.0 6 votes vote down vote up
/**
 * Checks if credentials are valid using GetCallerIdentity API call.
 */
protected void verifyCredentials(Configuration conf) throws RuntimeException {
    AwsCredentialsProvider awsCredentialsProvider = getAsync2Provider(conf);
    final StsClientBuilder stsClientBuilder = StsClient.builder()
      // Note that AWS SDKv2 client will close the credentials provider if needed when the client is closed
      .credentialsProvider(awsCredentialsProvider)
      .region(getAWSRegionFromConfigurationOrDefault(conf));
    try (StsClient stsClient = stsClientBuilder.build()) {
      retryer.call(() -> {
        GetCallerIdentityRequest request = GetCallerIdentityRequest.builder().build();
        stsClient.getCallerIdentity(request);
        return true;
      });
    } catch (Retryer.OperationFailedAfterRetriesException e) {
      throw new RuntimeException("Credential Verification failed.", e);
    }
}
 
Example #4
Source File: KinesisVerticle.java    From reactive-refarch-cloudformation with Apache License 2.0 6 votes vote down vote up
private KinesisAsyncClient createClient() {

        ClientAsyncConfiguration clientConfiguration = ClientAsyncConfiguration.builder().build();

        // Reading credentials from ENV-variables
        AwsCredentialsProvider awsCredentialsProvider = DefaultCredentialsProvider.builder().build();

        // Configuring Kinesis-client with configuration
        String tmp = System.getenv("REGION");

        Region myRegion;
        if (tmp == null || tmp.trim().length() == 0) {
            myRegion = Region.US_EAST_1;
            LOGGER.info("Using default region");
        } else {
            myRegion = Region.of(tmp);
        }

        LOGGER.info("Deploying in Region " + myRegion.toString());

        return KinesisAsyncClient.builder()
                .asyncConfiguration(clientConfiguration)
                .credentialsProvider(awsCredentialsProvider)
                .region(myRegion)
                .build();
    }
 
Example #5
Source File: S3FileSystem.java    From dremio-oss with Apache License 2.0 6 votes vote down vote up
@VisibleForTesting
protected AwsCredentialsProvider getAsync2Provider(Configuration config) {
  switch(config.get(Constants.AWS_CREDENTIALS_PROVIDER)) {
    case ACCESS_KEY_PROVIDER:
      return StaticCredentialsProvider.create(AwsBasicCredentials.create(
        config.get(Constants.ACCESS_KEY), config.get(Constants.SECRET_KEY)));
    case EC2_METADATA_PROVIDER:
      return InstanceProfileCredentialsProvider.create();
    case NONE_PROVIDER:
      return AnonymousCredentialsProvider.create();
    case ASSUME_ROLE_PROVIDER:
      return new STSCredentialProviderV2(config);
    default:
      throw new IllegalStateException(config.get(Constants.AWS_CREDENTIALS_PROVIDER));
  }
}
 
Example #6
Source File: StsProfileCredentialsProviderFactory.java    From aws-sdk-java-v2 with Apache License 2.0 6 votes vote down vote up
private StsProfileCredentialsProvider(AwsCredentialsProvider parentCredentialsProvider, Profile profile) {
    String roleArn = requireProperty(profile, ProfileProperty.ROLE_ARN);
    String roleSessionName = profile.property(ProfileProperty.ROLE_SESSION_NAME)
                                    .orElseGet(() -> "aws-sdk-java-" + System.currentTimeMillis());
    String externalId = profile.property(ProfileProperty.EXTERNAL_ID).orElse(null);

    AssumeRoleRequest assumeRoleRequest = AssumeRoleRequest.builder()
                                                           .roleArn(roleArn)
                                                           .roleSessionName(roleSessionName)
                                                           .externalId(externalId)
                                                           .build();

    this.stsClient = StsClient.builder()
                              .applyMutation(client -> configureEndpoint(client, profile))
                              .credentialsProvider(parentCredentialsProvider)
                              .build();

    this.parentCredentialsProvider = parentCredentialsProvider;
    this.credentialsProvider = StsAssumeRoleCredentialsProvider.builder()
                                                               .stsClient(stsClient)
                                                               .refreshRequest(assumeRoleRequest)
                                                               .build();
}
 
Example #7
Source File: TestS3FileSystem.java    From dremio-oss with Apache License 2.0 6 votes vote down vote up
@Test
public void testVerifyCredentialsRetry() {
  PowerMockito.mockStatic(StsClient.class);
  StsClient mockedClient = mock(StsClient.class);
  StsClientBuilder mockedClientBuilder = mock(StsClientBuilder.class);
  when(mockedClientBuilder.credentialsProvider(any(AwsCredentialsProvider.class))).thenReturn(mockedClientBuilder);
  when(mockedClientBuilder.region(any(Region.class))).thenReturn(mockedClientBuilder);
  when(mockedClientBuilder.build()).thenReturn(mockedClient);
  when(StsClient.builder()).thenReturn(mockedClientBuilder);

  TestExtendedS3FileSystem fs = new TestExtendedS3FileSystem();
  AtomicInteger retryAttemptNo = new AtomicInteger(1);
  when(mockedClient.getCallerIdentity(any(GetCallerIdentityRequest.class))).then(invocationOnMock -> {
    if (retryAttemptNo.incrementAndGet() < 10) {
      throw new SdkClientException("Unable to load credentials from service endpoint.");
    }
    return null;
  });

  fs.verifyCredentials(new Configuration());
  assertEquals(10, retryAttemptNo.get());
}
 
Example #8
Source File: TestS3FileSystem.java    From dremio-oss with Apache License 2.0 6 votes vote down vote up
@Test(expected = RuntimeException.class)
public void testVerifyCredentialsNoRetryOnAuthnError() {
  PowerMockito.mockStatic(StsClient.class);
  StsClient mockedClient = mock(StsClient.class);
  StsClientBuilder mockedClientBuilder = mock(StsClientBuilder.class);
  when(mockedClientBuilder.credentialsProvider(any(AwsCredentialsProvider.class))).thenReturn(mockedClientBuilder);
  when(mockedClientBuilder.region(any(Region.class))).thenReturn(mockedClientBuilder);
  when(mockedClientBuilder.build()).thenReturn(mockedClient);
  when(StsClient.builder()).thenReturn(mockedClientBuilder);

  TestExtendedS3FileSystem fs = new TestExtendedS3FileSystem();
  AtomicInteger retryAttemptNo = new AtomicInteger(0);
  when(mockedClient.getCallerIdentity(any(GetCallerIdentityRequest.class))).then(invocationOnMock -> {
    retryAttemptNo.incrementAndGet();
    throw StsException.builder().message("The security token included in the request is invalid. (Service: Sts, Status Code: 403, Request ID: a7e2e92e-5ebb-4343-87a1-21e4d64edcd4)").build();
  });
  fs.verifyCredentials(new Configuration());
  assertEquals(1, retryAttemptNo.get());
}
 
Example #9
Source File: ProfileCredentialsUtils.java    From aws-sdk-java-v2 with Apache License 2.0 6 votes vote down vote up
/**
 * Load an assumed-role credentials provider that has been configured in this profile. This will attempt to locate the STS
 * module in order to generate the credentials provider. If it's not available, an illegal state exception will be raised.
 *
 * @param children The child profiles that source credentials from this profile.
 */
private AwsCredentialsProvider roleAndSourceProfileBasedProfileCredentialsProvider(Set<String> children) {
    requireProperties(ProfileProperty.SOURCE_PROFILE);

    Validate.validState(!children.contains(name),
                        "Invalid profile file: Circular relationship detected with profiles %s.", children);
    Validate.validState(credentialsSourceResolver != null,
                        "The profile '%s' must be configured with a source profile in order to use assumed roles.", name);

    children.add(name);
    AwsCredentialsProvider sourceCredentialsProvider =
        credentialsSourceResolver.apply(properties.get(ProfileProperty.SOURCE_PROFILE))
                                 .flatMap(p -> new ProfileCredentialsUtils(p, credentialsSourceResolver)
                                     .credentialsProvider(children))
                                 .orElseThrow(this::noSourceCredentialsException);

    return stsCredentialsProviderFactory().create(sourceCredentialsProvider, profile);
}
 
Example #10
Source File: AwsModule.java    From beam with Apache License 2.0 6 votes vote down vote up
@Override
public void serializeWithType(
    AwsCredentialsProvider credentialsProvider,
    JsonGenerator jsonGenerator,
    SerializerProvider serializer,
    TypeSerializer typeSerializer)
    throws IOException {
  WritableTypeId typeId =
      typeSerializer.writeTypePrefix(
          jsonGenerator, typeSerializer.typeId(credentialsProvider, JsonToken.START_OBJECT));
  if (credentialsProvider.getClass().equals(StaticCredentialsProvider.class)) {
    jsonGenerator.writeStringField(
        ACCESS_KEY_ID, credentialsProvider.resolveCredentials().accessKeyId());
    jsonGenerator.writeStringField(
        SECRET_ACCESS_KEY, credentialsProvider.resolveCredentials().secretAccessKey());
  } else if (!SINGLETON_CREDENTIAL_PROVIDERS.contains(credentialsProvider.getClass())) {
    throw new IllegalArgumentException(
        "Unsupported AWS credentials provider type " + credentialsProvider.getClass());
  }
  typeSerializer.writeTypeSuffix(jsonGenerator, typeId);
}
 
Example #11
Source File: ProfileCredentialsUtils.java    From aws-sdk-java-v2 with Apache License 2.0 6 votes vote down vote up
private AwsCredentialsProvider roleAndWebIdentityTokenProfileCredentialsProvider() {
    requireProperties(ProfileProperty.ROLE_ARN, ProfileProperty.WEB_IDENTITY_TOKEN_FILE);

    String roleArn = properties.get(ProfileProperty.ROLE_ARN);
    String roleSessionName = properties.get(ProfileProperty.ROLE_SESSION_NAME);
    Path webIdentityTokenFile = Paths.get(properties.get(ProfileProperty.WEB_IDENTITY_TOKEN_FILE));

    WebIdentityTokenCredentialProperties credentialProperties =
        WebIdentityTokenCredentialProperties.builder()
                                            .roleArn(roleArn)
                                            .roleSessionName(roleSessionName)
                                            .webIdentityTokenFile(webIdentityTokenFile)
                                            .build();

    return WebIdentityCredentialsUtils.factory().create(credentialProperties);
}
 
Example #12
Source File: AwsModuleTest.java    From beam with Apache License 2.0 5 votes vote down vote up
@Test
public void testStaticCredentialsProviderSerializationDeserialization() throws Exception {
  AwsCredentialsProvider credentialsProvider =
      StaticCredentialsProvider.create(AwsBasicCredentials.create("key-id", "secret-key"));
  String serializedCredentialsProvider = objectMapper.writeValueAsString(credentialsProvider);
  AwsCredentialsProvider deserializedCredentialsProvider =
      objectMapper.readValue(serializedCredentialsProvider, AwsCredentialsProvider.class);
  assertEquals(credentialsProvider.getClass(), deserializedCredentialsProvider.getClass());
  assertEquals(
      credentialsProvider.resolveCredentials().accessKeyId(),
      deserializedCredentialsProvider.resolveCredentials().accessKeyId());
  assertEquals(
      credentialsProvider.resolveCredentials().secretAccessKey(),
      deserializedCredentialsProvider.resolveCredentials().secretAccessKey());
}
 
Example #13
Source File: AwsOptions.java    From beam with Apache License 2.0 5 votes vote down vote up
/**
 * The credential instance that should be used to authenticate against AWS services. The option
 * value must contain a "@type" field and an AWS Credentials Provider class as the field value.
 * Refer to {@link DefaultCredentialsProvider} Javadoc for usage help.
 *
 * <p>For example, to specify the AWS key ID and secret, specify the following: <code>
 * {"@type" : "AWSStaticCredentialsProvider", "awsAccessKeyId" : "key_id_value",
 * "awsSecretKey" : "secret_value"}
 * </code>
 */
@Description(
    "The credential instance that should be used to authenticate "
        + "against AWS services. The option value must contain \"@type\" field "
        + "and an AWS Credentials Provider class name as the field value. "
        + "Refer to DefaultAWSCredentialsProviderChain Javadoc for usage help. "
        + "For example, to specify the AWS key ID and secret, specify the following: "
        + "{\"@type\": \"StaticCredentialsProvider\", "
        + "\"accessKeyId\":\"<key_id>\", \"secretAccessKey\":\"<secret_key>\"}")
@Default.InstanceFactory(AwsUserCredentialsFactory.class)
AwsCredentialsProvider getAwsCredentialsProvider();
 
Example #14
Source File: BasicDynamoDbClientProvider.java    From beam with Apache License 2.0 5 votes vote down vote up
BasicDynamoDbClientProvider(
    AwsCredentialsProvider awsCredentialsProvider, String region, @Nullable URI serviceEndpoint) {
  checkArgument(awsCredentialsProvider != null, "awsCredentialsProvider can not be null");
  checkArgument(region != null, "region can not be null");
  this.awsCredentialsProvider = awsCredentialsProvider;
  this.region = region;
  this.serviceEndpoint = serviceEndpoint;
}
 
Example #15
Source File: BasicSnsAsyncClientProvider.java    From beam with Apache License 2.0 5 votes vote down vote up
BasicSnsAsyncClientProvider(
    AwsCredentialsProvider awsCredentialsProvider, String region, @Nullable URI serviceEndpoint) {
  checkArgument(awsCredentialsProvider != null, "awsCredentialsProvider can not be null");
  checkArgument(region != null, "region can not be null");
  this.awsCredentialsProvider = awsCredentialsProvider;
  this.region = region;
  this.serviceEndpoint = serviceEndpoint;
}
 
Example #16
Source File: SnsIO.java    From beam with Apache License 2.0 5 votes vote down vote up
/**
 * Specify credential details and region to be used to write to SNS. If you need more
 * sophisticated credential protocol, then you should look at {@link
 * WriteAsync#withSnsClientProvider(SnsAsyncClientProvider)}.
 *
 * <p>The {@code serviceEndpoint} sets an alternative service host.
 */
public WriteAsync<T> withSnsClientProvider(
    AwsCredentialsProvider credentialsProvider, String region, URI serviceEndpoint) {
  checkNotNull(credentialsProvider, "credentialsProvider cannot be null");
  checkNotNull(region, "region cannot be null");
  return withSnsClientProvider(
      new BasicSnsAsyncClientProvider(credentialsProvider, region, serviceEndpoint));
}
 
Example #17
Source File: SnsIO.java    From beam with Apache License 2.0 5 votes vote down vote up
/**
 * Specify credential details and region to be used to write to SNS. If you need more
 * sophisticated credential protocol, then you should look at {@link
 * WriteAsync#withSnsClientProvider(SnsAsyncClientProvider)}.
 */
public WriteAsync<T> withSnsClientProvider(
    AwsCredentialsProvider credentialsProvider, String region) {
  checkNotNull(credentialsProvider, "credentialsProvider cannot be null");
  checkNotNull(region, "region cannot be null");
  return withSnsClientProvider(credentialsProvider, region, null);
}
 
Example #18
Source File: FirehoseAppender.java    From kinesis-logback-appender with Apache License 2.0 5 votes vote down vote up
@Override
protected FirehoseAsyncClient createClient(AwsCredentialsProvider credentials, ClientOverrideConfiguration configuration, ThreadPoolExecutor executor, Region region, Optional<URI> endpointOverride) {
  FirehoseAsyncClientBuilder builder = FirehoseAsyncClient.builder()
    .credentialsProvider(credentials)
    .asyncConfiguration(b -> b.advancedOption(SdkAdvancedAsyncClientOption.FUTURE_COMPLETION_EXECUTOR, executor))
    .overrideConfiguration(configuration)
    .region(region);
  
  endpointOverride.ifPresent(endpoint -> builder.endpointOverride(endpoint));
  
  return builder.build();
}
 
Example #19
Source File: AwsModule.java    From beam with Apache License 2.0 5 votes vote down vote up
@Override
public AwsCredentialsProvider deserializeWithType(
    JsonParser jsonParser, DeserializationContext context, TypeDeserializer typeDeserializer)
    throws IOException {
  Map<String, String> asMap =
      jsonParser.readValueAs(new TypeReference<Map<String, String>>() {});

  String typeNameKey = typeDeserializer.getPropertyName();
  String typeName = asMap.get(typeNameKey);
  if (typeName == null) {
    throw new IOException(
        String.format("AWS credentials provider type name key '%s' not found", typeNameKey));
  }

  if (typeName.equals(StaticCredentialsProvider.class.getSimpleName())) {
    return StaticCredentialsProvider.create(
        AwsBasicCredentials.create(asMap.get(ACCESS_KEY_ID), asMap.get(SECRET_ACCESS_KEY)));
  } else if (typeName.equals(DefaultCredentialsProvider.class.getSimpleName())) {
    return DefaultCredentialsProvider.create();
  } else if (typeName.equals(EnvironmentVariableCredentialsProvider.class.getSimpleName())) {
    return EnvironmentVariableCredentialsProvider.create();
  } else if (typeName.equals(SystemPropertyCredentialsProvider.class.getSimpleName())) {
    return SystemPropertyCredentialsProvider.create();
  } else if (typeName.equals(ProfileCredentialsProvider.class.getSimpleName())) {
    return ProfileCredentialsProvider.create();
  } else if (typeName.equals(ContainerCredentialsProvider.class.getSimpleName())) {
    return ContainerCredentialsProvider.builder().build();
  } else {
    throw new IOException(
        String.format("AWS credential provider type '%s' is not supported", typeName));
  }
}
 
Example #20
Source File: AwsModule.java    From beam with Apache License 2.0 5 votes vote down vote up
@Override
public void serialize(
    AwsCredentialsProvider credentialsProvider,
    JsonGenerator jsonGenerator,
    SerializerProvider serializer)
    throws IOException {
  serializer.defaultSerializeValue(credentialsProvider, jsonGenerator);
}
 
Example #21
Source File: AwsS3SenderTest.java    From fluency with Apache License 2.0 5 votes vote down vote up
@Test
void buildClientWithCustomizedConfig()
{
    AwsS3Sender.Config config = new AwsS3Sender.Config();
    config.setEndpoint("https://another.s3endpoi.nt");
    config.setRegion("ap-northeast-1");
    config.setAwsAccessKeyId("foo");
    config.setAwsSecretAccessKey("bar");

    S3Client s3Client = mock(S3Client.class);
    S3ClientBuilder s3ClientBuilder = mock(S3ClientBuilder.class);
    doReturn(s3Client).when(s3ClientBuilder).build();
    doAnswer(invocation -> {
        AwsCredentialsProvider provider = invocation.getArgument(0);
        AwsCredentials awsCredentials = provider.resolveCredentials();
        assertEquals("foo", awsCredentials.accessKeyId());
        assertEquals("bar", awsCredentials.secretAccessKey());
        return null;
    }).when(s3ClientBuilder).credentialsProvider(any());

    new AwsS3Sender(s3ClientBuilder, config);

    verify(s3ClientBuilder, times(1)).build();
    verify(s3ClientBuilder, times(1)).endpointOverride(eq(URI.create("https://another.s3endpoi.nt")));
    verify(s3ClientBuilder, times(1)).region(eq(Region.AP_NORTHEAST_1));
    verify(s3ClientBuilder, times(1)).credentialsProvider(any());
}
 
Example #22
Source File: AwsModuleTest.java    From beam with Apache License 2.0 5 votes vote down vote up
@Test
public void testAwsCredentialsProviderSerializationDeserialization() throws Exception {
  AwsCredentialsProvider credentialsProvider = DefaultCredentialsProvider.create();
  String serializedCredentialsProvider = objectMapper.writeValueAsString(credentialsProvider);
  AwsCredentialsProvider deserializedCredentialsProvider =
      objectMapper.readValue(serializedCredentialsProvider, DefaultCredentialsProvider.class);
  assertEquals(credentialsProvider.getClass(), deserializedCredentialsProvider.getClass());

  credentialsProvider = EnvironmentVariableCredentialsProvider.create();
  serializedCredentialsProvider = objectMapper.writeValueAsString(credentialsProvider);
  deserializedCredentialsProvider =
      objectMapper.readValue(serializedCredentialsProvider, AwsCredentialsProvider.class);
  assertEquals(credentialsProvider.getClass(), deserializedCredentialsProvider.getClass());

  credentialsProvider = SystemPropertyCredentialsProvider.create();
  serializedCredentialsProvider = objectMapper.writeValueAsString(credentialsProvider);
  deserializedCredentialsProvider =
      objectMapper.readValue(serializedCredentialsProvider, AwsCredentialsProvider.class);
  assertEquals(credentialsProvider.getClass(), deserializedCredentialsProvider.getClass());

  credentialsProvider = ProfileCredentialsProvider.create();
  serializedCredentialsProvider = objectMapper.writeValueAsString(credentialsProvider);
  deserializedCredentialsProvider =
      objectMapper.readValue(serializedCredentialsProvider, AwsCredentialsProvider.class);
  assertEquals(credentialsProvider.getClass(), deserializedCredentialsProvider.getClass());

  credentialsProvider = ContainerCredentialsProvider.builder().build();
  serializedCredentialsProvider = objectMapper.writeValueAsString(credentialsProvider);
  deserializedCredentialsProvider =
      objectMapper.readValue(serializedCredentialsProvider, AwsCredentialsProvider.class);
  assertEquals(credentialsProvider.getClass(), deserializedCredentialsProvider.getClass());
}
 
Example #23
Source File: BasicSnsClientProvider.java    From beam with Apache License 2.0 5 votes vote down vote up
BasicSnsClientProvider(
    AwsCredentialsProvider awsCredentialsProvider, String region, @Nullable URI serviceEndpoint) {
  checkArgument(awsCredentialsProvider != null, "awsCredentialsProvider can not be null");
  checkArgument(region != null, "region can not be null");
  this.awsCredentialsProvider = awsCredentialsProvider;
  this.region = region;
  this.serviceEndpoint = serviceEndpoint;
}
 
Example #24
Source File: KinesisTestConfiguration.java    From synapse with Apache License 2.0 5 votes vote down vote up
@Bean
@Primary
public KinesisAsyncClient kinesisAsyncClient(final @Value("${test.environment:local}") String testEnvironment,
                                             final AwsCredentialsProvider credentialsProvider) {
    // kinesalite does not support cbor at the moment (v1.11.6)
    System.setProperty("aws.cborEnabled", "false");
    LOG.info("kinesis client for local tests");
    final KinesisAsyncClient kinesisClient;
    if (testEnvironment.equals("local")) {
        kinesisClient = KinesisAsyncClient.builder()
                .httpClient(
                        // Disables HTTP2 because of problems with LocalStack
                        NettyNioAsyncHttpClient.builder()
                                .protocol(Protocol.HTTP1_1)
                                .build())
                .endpointOverride(URI.create("http://localhost:4568"))
                .region(Region.EU_CENTRAL_1)
                .credentialsProvider(credentialsProvider)
                .build();
    } else {
        kinesisClient = KinesisAsyncClient.builder()
                .credentialsProvider(credentialsProvider)
                .build();
    }
    createChannelIfNotExists(kinesisClient, INTEGRATION_TEST_STREAM, 2);
    return kinesisClient;
}
 
Example #25
Source File: S3AutoConfiguration.java    From synapse with Apache License 2.0 5 votes vote down vote up
@Bean
@ConditionalOnMissingBean
public S3Client s3Client(final AwsProperties awsProperties,
                         final AwsCredentialsProvider awsCredentialsProvider) {
    return S3Client
            .builder()
            .region(of(awsProperties.getRegion()))
            .credentialsProvider(awsCredentialsProvider)
            .build();
}
 
Example #26
Source File: KinesisTestConfiguration.java    From synapse with Apache License 2.0 5 votes vote down vote up
@Bean
@Primary
public KinesisAsyncClient kinesisAsyncClient(final @Value("${test.environment:local}") String testEnvironment,
                                             final AwsCredentialsProvider credentialsProvider,
                                             final RetryPolicy kinesisRetryPolicy) {
    // kinesalite does not support cbor at the moment (v1.11.6)
    System.setProperty("aws.cborEnabled", "false");
    LOG.info("kinesis client for local tests");
    final KinesisAsyncClient kinesisClient;
    if (testEnvironment.equals("local")) {
        kinesisClient = KinesisAsyncClient.builder()
                .httpClient(
                        // Disables HTTP2 because of problems with LocalStack
                        NettyNioAsyncHttpClient.builder()
                                .protocol(Protocol.HTTP1_1)
                                .build())
                .endpointOverride(URI.create("http://localhost:4568"))
                .region(Region.EU_CENTRAL_1)
                .credentialsProvider(credentialsProvider)
                .overrideConfiguration(ClientOverrideConfiguration.builder().retryPolicy(kinesisRetryPolicy).build())
                .build();
    } else {
        kinesisClient = KinesisAsyncClient.builder()
                .credentialsProvider(credentialsProvider)
                .build();
    }
    createChannelIfNotExists(kinesisClient, KINESIS_INTEGRATION_TEST_CHANNEL, EXPECTED_NUMBER_OF_SHARDS);
    return kinesisClient;
}
 
Example #27
Source File: KinesisAutoConfiguration.java    From synapse with Apache License 2.0 5 votes vote down vote up
@Bean
@ConditionalOnMissingBean(KinesisAsyncClient.class)
public KinesisAsyncClient kinesisAsyncClient(final AwsCredentialsProvider credentialsProvider,
                                             final RetryPolicy kinesisRetryPolicy) {
    return KinesisAsyncClient.builder()
            .credentialsProvider(credentialsProvider)
            .region(Region.of(awsProperties.getRegion()))
            .overrideConfiguration(ClientOverrideConfiguration.builder().retryPolicy(kinesisRetryPolicy).build())
            .build();
}
 
Example #28
Source File: SqsAutoConfiguration.java    From synapse with Apache License 2.0 5 votes vote down vote up
@Bean
@ConditionalOnMissingBean(SqsAsyncClient.class)
public SqsAsyncClient sqsAsyncClient(final AwsCredentialsProvider credentialsProvider, final RetryPolicy sqsRetryPolicy) {
    return SqsAsyncClient.builder()
            .credentialsProvider(credentialsProvider)
            .region(Region.of(awsProperties.getRegion()))
            .overrideConfiguration(ClientOverrideConfiguration.builder()
                    .apiCallAttemptTimeout(Duration.ofSeconds(5))
                    .retryPolicy(sqsRetryPolicy).build())
            .build();
}
 
Example #29
Source File: S3BundlePersistenceProvider.java    From nifi-registry with Apache License 2.0 5 votes vote down vote up
private AwsCredentialsProvider getCredentialsProvider(final ProviderConfigurationContext configurationContext) {
    final String credentialsProviderValue = configurationContext.getProperties().get(CREDENTIALS_PROVIDER_PROP);
    if (StringUtils.isBlank(credentialsProviderValue)) {
        throw new ProviderCreationException("The property '" + CREDENTIALS_PROVIDER_PROP + "' must be provided");
    }

    CredentialProvider credentialProvider;
    try {
        credentialProvider = CredentialProvider.valueOf(credentialsProviderValue);
    } catch (Exception e) {
        throw new ProviderCreationException("The property '" + CREDENTIALS_PROVIDER_PROP + "' must be one of ["
                + CredentialProvider.STATIC + ", " + CredentialProvider.DEFAULT_CHAIN + " ]");
    }

    if (CredentialProvider.STATIC == credentialProvider) {
        final String accesKeyValue = configurationContext.getProperties().get(ACCESS_KEY_PROP);
        final String secretAccessKey = configurationContext.getProperties().get(SECRET_ACCESS_KEY_PROP);

        if (StringUtils.isBlank(accesKeyValue) || StringUtils.isBlank(secretAccessKey)) {
            throw new ProviderCreationException("The properties '" + ACCESS_KEY_PROP + "' and '" + SECRET_ACCESS_KEY_PROP
                    + "' must be provided when using " + CredentialProvider.STATIC + " credentials provider");
        }

        LOGGER.debug("Creating StaticCredentialsProvider");
        final AwsCredentials awsCredentials = AwsBasicCredentials.create(accesKeyValue, secretAccessKey);
        return StaticCredentialsProvider.create(awsCredentials);

    } else {
        LOGGER.debug("Creating DefaultCredentialsProvider");
        return DefaultCredentialsProvider.create();
    }
}
 
Example #30
Source File: STSCredentialProviderV2.java    From dremio-oss with Apache License 2.0 5 votes vote down vote up
public STSCredentialProviderV2(Configuration conf) {
  AwsCredentialsProvider awsCredentialsProvider = null;

  if (S3StoragePlugin.ACCESS_KEY_PROVIDER.equals(conf.get(Constants.ASSUMED_ROLE_CREDENTIALS_PROVIDER))) {
    awsCredentialsProvider = StaticCredentialsProvider.create(AwsBasicCredentials.create(
      conf.get(Constants.ACCESS_KEY), conf.get(Constants.SECRET_KEY)));
  } else if (S3StoragePlugin.EC2_METADATA_PROVIDER.equals(conf.get(Constants.ASSUMED_ROLE_CREDENTIALS_PROVIDER))) {
    awsCredentialsProvider = InstanceProfileCredentialsProvider.create();
  }

  final StsClientBuilder builder = StsClient.builder()
    .credentialsProvider(awsCredentialsProvider)
    .region(S3FileSystem.getAWSRegionFromConfigurationOrDefault(conf))
    .httpClientBuilder(initConnectionSettings(conf));
  S3FileSystem.getStsEndpoint(conf).ifPresent(e -> {
    try {
      builder.endpointOverride(new URI(e));
    } catch (URISyntaxException use) {
      throw UserException.sourceInBadState(use).buildSilently();
    }
  });

  initUserAgent(builder, conf);

  final AssumeRoleRequest assumeRoleRequest = AssumeRoleRequest.builder()
    .roleArn(conf.get(Constants.ASSUMED_ROLE_ARN))
    .roleSessionName(UUID.randomUUID().toString())
    .build();

  this.stsAssumeRoleCredentialsProvider = StsAssumeRoleCredentialsProvider.builder()
    .refreshRequest(assumeRoleRequest)
    .stsClient(builder.build())
    .build();
}