All Downloads are FREE. Search and download functionalities are using the official Maven repository.

com.amazonaws.auth.profile.ProfilesConfigFile Maven / Gradle / Ivy

/*
 * Copyright 2014-2016 Amazon.com, Inc. or its affiliates. All Rights Reserved.
 *
 * Licensed under the Apache License, Version 2.0 (the "License").
 * You may not use this file except in compliance with the License.
 * A copy of the License is located at
 *
 *  http://aws.amazon.com/apache2.0
 *
 * or in the "license" file accompanying this file. This file is distributed
 * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
 * express or implied. See the License for the specific language governing
 * permissions and limitations under the License.
 */
package com.amazonaws.auth.profile;

import com.amazonaws.AmazonClientException;
import com.amazonaws.auth.AWSCredentials;
import com.amazonaws.auth.AWSCredentialsProvider;
import com.amazonaws.auth.profile.internal.AllProfiles;
import com.amazonaws.auth.profile.internal.AwsProfileNameLoader;
import com.amazonaws.auth.profile.internal.BasicProfile;
import com.amazonaws.auth.profile.internal.BasicProfileConfigLoader;
import com.amazonaws.auth.profile.internal.Profile;
import com.amazonaws.auth.profile.internal.ProfileAssumeRoleCredentialsProvider;
import com.amazonaws.auth.profile.internal.ProfileStaticCredentialsProvider;
import com.amazonaws.auth.profile.internal.securitytoken.ProfileCredentialsService;
import com.amazonaws.auth.profile.internal.securitytoken.STSProfileCredentialsServiceLoader;
import com.amazonaws.internal.StaticCredentialsProvider;
import com.amazonaws.profile.path.AwsProfileFileLocationProvider;
import com.amazonaws.util.ValidationUtils;

import java.io.File;
import java.util.HashMap;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;

/**
 * Loads the local AWS credential profiles from the standard location (~/.aws/credentials), which
 * can be easily overridden through the AWS_CREDENTIAL_PROFILES_FILE environment
 * variable or by specifying an alternate credentials file location through this class' constructor.
 * 

The AWS credentials file format allows you to specify multiple profiles, each with their own * set of AWS security credentials: *

 * [default]
 * aws_access_key_id=testAccessKey
 * aws_secret_access_key=testSecretKey
 * aws_session_token=testSessionToken
 *
 * [test-user]
 * aws_access_key_id=testAccessKey
 * aws_secret_access_key=testSecretKey
 * aws_session_token=testSessionToken
 * 
* *

These credential profiles allow you to share multiple sets of AWS security credentails * between different tools such as the AWS SDK for Java and the AWS CLI. * *

For more information on setting up AWS credential profiles, see: * http://docs.aws.amazon.com/cli/latest/userguide/cli-chap-getting-started.html * * @see ProfileCredentialsProvider */ public class ProfilesConfigFile { /** * Environment variable name for overriding the default AWS profile */ @Deprecated public static final String AWS_PROFILE_ENVIRONMENT_VARIABLE = AwsProfileNameLoader.AWS_PROFILE_ENVIRONMENT_VARIABLE; /** * System property name for overriding the default AWS profile */ @Deprecated public static final String AWS_PROFILE_SYSTEM_PROPERTY = AwsProfileNameLoader.AWS_PROFILE_SYSTEM_PROPERTY; /** * Name of the default profile as specified in the configuration file. */ @Deprecated public static final String DEFAULT_PROFILE_NAME = AwsProfileNameLoader.DEFAULT_PROFILE_NAME; private final File profileFile; private final ProfileCredentialsService profileCredentialsService; /** * Cache credential providers as credentials from profiles are requested. Doesn't really make a * difference for basic credentials but for assume role it's more efficient as each assume role * provider has it's own async refresh logic. */ private final ConcurrentHashMap credentialProviderCache = new ConcurrentHashMap(); private volatile AllProfiles allProfiles; private volatile long profileFileLastModified; /** * Loads the AWS credential profiles file from the default location (~/.aws/credentials) or from * an alternate location if AWS_CREDENTIAL_PROFILES_FILE is set. */ public ProfilesConfigFile() throws AmazonClientException { this(getCredentialProfilesFile()); } /** * Loads the AWS credential profiles from the file. The path of the file is specified as a * parameter to the constructor. */ public ProfilesConfigFile(String filePath) { this(new File(validateFilePath(filePath))); } /** * Loads the AWS credential profiles from the file. The path of the file is specified as a * parameter to the constructor. */ public ProfilesConfigFile(String filePath, ProfileCredentialsService credentialsService) throws AmazonClientException { this(new File(validateFilePath(filePath)), credentialsService); } private static String validateFilePath(String filePath) { if (filePath == null) { throw new IllegalArgumentException( "Unable to load AWS profiles: specified file path is null."); } return filePath; } /** * Loads the AWS credential profiles from the file. The reference to the file is specified as a * parameter to the constructor. */ public ProfilesConfigFile(File file) throws AmazonClientException { this(file, STSProfileCredentialsServiceLoader.getInstance()); } /** * Loads the AWS credential profiles from the file. The reference to the file is specified as a * parameter to the constructor. */ public ProfilesConfigFile(File file, ProfileCredentialsService credentialsService) throws AmazonClientException { profileFile = ValidationUtils.assertNotNull(file, "profile file"); profileCredentialsService = credentialsService; profileFileLastModified = file.lastModified(); allProfiles = loadProfiles(profileFile); } /** * Returns the AWS credentials for the specified profile. */ public AWSCredentials getCredentials(String profileName) { final AWSCredentialsProvider provider = credentialProviderCache.get(profileName); if (provider != null) { return provider.getCredentials(); } else { BasicProfile profile = allProfiles.getProfile(profileName); if (profile == null) { throw new IllegalArgumentException("No AWS profile named '" + profileName + "'"); } final AWSCredentialsProvider newProvider = fromProfile(profile); credentialProviderCache.put(profileName, newProvider); return newProvider.getCredentials(); } } /** * Reread data from disk. */ public void refresh() { if (profileFile.lastModified() > profileFileLastModified) { profileFileLastModified = profileFile.lastModified(); allProfiles = loadProfiles(profileFile); } credentialProviderCache.clear(); } public Map getAllBasicProfiles() { return allProfiles.getProfiles(); } @Deprecated public Map getAllProfiles() { Map legacyProfiles = new HashMap(); for (Map.Entry entry : getAllBasicProfiles().entrySet()) { final String profileName = entry.getKey(); legacyProfiles.put(profileName, new Profile(profileName, entry.getValue().getProperties(), new StaticCredentialsProvider( getCredentials(profileName)))); } return legacyProfiles; } private static File getCredentialProfilesFile() { return AwsProfileFileLocationProvider.DEFAULT_CREDENTIALS_LOCATION_PROVIDER.getLocation(); } private static AllProfiles loadProfiles(File file) { return BasicProfileConfigLoader.INSTANCE.loadProfiles(file); } private AWSCredentialsProvider fromProfile(BasicProfile profile) { if (profile.isRoleBasedProfile()) { return new ProfileAssumeRoleCredentialsProvider(profileCredentialsService, allProfiles, profile); } else { return new ProfileStaticCredentialsProvider(profile); } } }





© 2015 - 2025 Weber Informatics LLC | Privacy Policy