software.amazon.awssdk.services.sts.model.StsException Java Examples
The following examples show how to use
software.amazon.awssdk.services.sts.model.StsException.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
| Source File: AwsAccount.java From clouditor with Apache License 2.0 | 6 votes |
|
@Override
public void validate() throws IOException {
try {
// use STS to find account id and user
var builder = StsClient.builder();
if (!this.isAutoDiscovered()) {
builder.region(Region.of(this.region));
builder.credentialsProvider(() -> this);
}
var stsClient = builder.build();
var identity = stsClient.getCallerIdentity();
this.accountId = identity.account();
this.user = identity.arn();
LOGGER.info("Account {} validated with user {}.", this.accountId, this.user);
} catch (SdkClientException | StsException ex) {
// TODO: log error, etc.
throw new IOException(ex.getMessage());
}
}
Example #2
| Source File: TestS3FileSystem.java From dremio-oss with Apache License 2.0 | 6 votes |
|
@Test(expected = RuntimeException.class)
public void testVerifyCredentialsNoRetryOnAuthnError() {
PowerMockito.mockStatic(StsClient.class);
StsClient mockedClient = mock(StsClient.class);
StsClientBuilder mockedClientBuilder = mock(StsClientBuilder.class);
when(mockedClientBuilder.credentialsProvider(any(AwsCredentialsProvider.class))).thenReturn(mockedClientBuilder);
when(mockedClientBuilder.region(any(Region.class))).thenReturn(mockedClientBuilder);
when(mockedClientBuilder.build()).thenReturn(mockedClient);
when(StsClient.builder()).thenReturn(mockedClientBuilder);
TestExtendedS3FileSystem fs = new TestExtendedS3FileSystem();
AtomicInteger retryAttemptNo = new AtomicInteger(0);
when(mockedClient.getCallerIdentity(any(GetCallerIdentityRequest.class))).then(invocationOnMock -> {
retryAttemptNo.incrementAndGet();
throw StsException.builder().message("The security token included in the request is invalid. (Service: Sts, Status Code: 403, Request ID: a7e2e92e-5ebb-4343-87a1-21e4d64edcd4)").build();
});
fs.verifyCredentials(new Configuration());
assertEquals(1, retryAttemptNo.get());
}
Example #3
| Source File: AssumeRoleIntegrationTest.java From aws-sdk-java-v2 with Apache License 2.0 | 5 votes |
|
@Test
public void profileCredentialsProviderCanAssumeRoles() throws InterruptedException {
String ASSUME_ROLE_PROFILE =
"[source]\n"
+ "aws_access_key_id = " + userCredentials.accessKeyId() + "\n"
+ "aws_secret_access_key = " + userCredentials.secretAccessKey() + "\n"
+ "\n"
+ "[test]\n"
+ "region = us-west-1\n"
+ "source_profile = source\n"
+ "role_arn = " + ROLE_ARN;
ProfileFile profiles = ProfileFile.builder()
.content(new StringInputStream(ASSUME_ROLE_PROFILE))
.type(ProfileFile.Type.CREDENTIALS)
.build();
Optional<Profile> profile = profiles.profile("test");
AwsCredentialsProvider awsCredentialsProvider =
new ProfileCredentialsUtils(profile.get(), profiles::profile).credentialsProvider().get();
// Try to assume the role until the eventual consistency catches up.
AwsCredentials awsCredentials = Waiter.run(awsCredentialsProvider::resolveCredentials)
.ignoringException(StsException.class)
.orFail();
assertThat(awsCredentials.accessKeyId()).isNotBlank();
assertThat(awsCredentials.secretAccessKey()).isNotBlank();
((SdkAutoCloseable) awsCredentialsProvider).close();
}
Example #4
| Source File: AssumeRoleIntegrationTest.java From aws-sdk-java-v2 with Apache License 2.0 | 5 votes |
|
@Test
public void profileCredentialProviderCanAssumeRolesWithEnvironmentCredentialSource() throws InterruptedException {
EnvironmentVariableHelper.run(helper -> {
helper.set("AWS_ACCESS_KEY_ID", userCredentials.accessKeyId());
helper.set("AWS_SECRET_ACCESS_KEY", userCredentials.secretAccessKey());
String ASSUME_ROLE_PROFILE =
"[test]\n"
+ "region = us-west-1\n"
+ "credential_source = Environment\n"
+ "role_arn = " + ROLE_ARN;
ProfileFile profiles = ProfileFile.builder()
.content(new StringInputStream(ASSUME_ROLE_PROFILE))
.type(ProfileFile.Type.CREDENTIALS)
.build();
Optional<Profile> profile = profiles.profile("test");
AwsCredentialsProvider awsCredentialsProvider =
new ProfileCredentialsUtils(profile.get(), profiles::profile).credentialsProvider().get();
// Try to assume the role until the eventual consistency catches up.
AwsCredentials awsCredentials = Waiter.run(awsCredentialsProvider::resolveCredentials)
.ignoringException(StsException.class)
.orFail();
assertThat(awsCredentials.accessKeyId()).isNotBlank();
assertThat(awsCredentials.secretAccessKey()).isNotBlank();
((SdkAutoCloseable) awsCredentialsProvider).close();
});
}
Example #5
| Source File: AssumeRoleIntegrationTest.java From aws-sdk-java-v2 with Apache License 2.0 | 5 votes |
|
@Test
public void profileCredentialProviderWithEnvironmentCredentialSourceAndSystemProperties() throws InterruptedException {
System.setProperty("aws.accessKeyId", userCredentials.accessKeyId());
System.setProperty("aws.secretAccessKey", userCredentials.secretAccessKey());
EnvironmentVariableHelper.run(helper -> {
helper.remove("AWS_ACCESS_KEY_ID");
helper.remove("AWS_SECRET_ACCESS_KEY");
String ASSUME_ROLE_PROFILE =
"[test]\n"
+ "region = us-west-1\n"
+ "credential_source = Environment\n"
+ "role_arn = " + ROLE_ARN;
ProfileFile profiles = ProfileFile.builder()
.content(new StringInputStream(ASSUME_ROLE_PROFILE))
.type(ProfileFile.Type.CREDENTIALS)
.build();
Optional<Profile> profile = profiles.profile("test");
AwsCredentialsProvider awsCredentialsProvider =
new ProfileCredentialsUtils(profile.get(), profiles::profile).credentialsProvider().get();
// Try to assume the role until the eventual consistency catches up.
AwsCredentials awsCredentials = Waiter.run(awsCredentialsProvider::resolveCredentials)
.ignoringException(StsException.class)
.orFail();
assertThat(awsCredentials.accessKeyId()).isNotBlank();
assertThat(awsCredentials.secretAccessKey()).isNotBlank();
((SdkAutoCloseable) awsCredentialsProvider).close();
});
System.clearProperty("aws.accessKeyId");
System.clearProperty("aws.secretAccessKey");
}
