All Downloads are FREE. Search and download functionalities are using the official Maven repository.

com.amazonaws.auth.profile.internal.ProfileAssumeRoleCredentialsProvider Maven / Gradle / Ivy

/*
 * Copyright 2011-2016 Amazon.com, Inc. or its affiliates. All Rights Reserved.
 *
 * Licensed under the Apache License, Version 2.0 (the "License").
 * You may not use this file except in compliance with the License.
 * A copy of the License is located at
 *
 *  http://aws.amazon.com/apache2.0
 *
 * or in the "license" file accompanying this file. This file is distributed
 * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
 * express or implied. See the License for the specific language governing
 * permissions and limitations under the License.
 */
package com.amazonaws.auth.profile.internal;

import com.amazonaws.AmazonClientException;
import com.amazonaws.annotation.Immutable;
import com.amazonaws.annotation.SdkInternalApi;
import com.amazonaws.auth.AWSCredentials;
import com.amazonaws.auth.AWSCredentialsProvider;
import com.amazonaws.auth.profile.internal.securitytoken.ProfileCredentialsService;
import com.amazonaws.auth.profile.internal.securitytoken.RoleInfo;
import com.amazonaws.util.StringUtils;

/**
 * Serves assume role credentials defined in a {@link BasicProfile}. If a profile defines the
 * role_arn property then the profile is treated as an assume role profile. Does basic validation
 * that the role exists and the source (long lived) credentials are valid.
 */
@SdkInternalApi
@Immutable
public class ProfileAssumeRoleCredentialsProvider implements AWSCredentialsProvider {


    private final AllProfiles allProfiles;
    private final BasicProfile profile;
    private final ProfileCredentialsService profileCredentialsService;
    private final AWSCredentialsProvider assumeRoleCredentialsProvider;

    public ProfileAssumeRoleCredentialsProvider(ProfileCredentialsService profileCredentialsService,
                                                AllProfiles allProfiles, BasicProfile profile) {
        this.allProfiles = allProfiles;
        this.profile = profile;
        this.profileCredentialsService = profileCredentialsService;
        this.assumeRoleCredentialsProvider = fromAssumeRole();
    }

    @Override
    public AWSCredentials getCredentials() {
        return assumeRoleCredentialsProvider.getCredentials();
    }

    @Override
    public void refresh() {
    }

    private AWSCredentialsProvider fromAssumeRole() {
        if (StringUtils.isNullOrEmpty(profile.getRoleSourceProfile())) {
            throw new AmazonClientException(String.format(
                    "Unable to load credentials from profile [%s]: Source profile name is not specified",
                    profile.getProfileName()));
        }

        final BasicProfile sourceProfile = allProfiles
                .getProfile(this.profile.getRoleSourceProfile());
        if (sourceProfile == null) {
            throw new AmazonClientException(String.format(
                    "Unable to load source profile [%s]: Source profile was not found [%s]",
                    profile.getProfileName(), profile.getRoleSourceProfile()));
        }
        AWSCredentials sourceCredentials = new ProfileStaticCredentialsProvider(sourceProfile)
                .getCredentials();


        final String roleSessionName = (this.profile.getRoleSessionName() == null) ?
                "aws-sdk-java-" + System.currentTimeMillis() : this.profile.getRoleSessionName();

        RoleInfo roleInfo = new RoleInfo().withRoleArn(this.profile.getRoleArn())
                .withRoleSessionName(roleSessionName)
                .withExternalId(this.profile.getRoleExternalId())
                .withLongLivedCredentials(sourceCredentials);
        return profileCredentialsService.getAssumeRoleCredentialsProvider(roleInfo);
    }
}




© 2015 - 2025 Weber Informatics LLC | Privacy Policy