com.amazonaws.services.sso.AWSSSOClient Maven / Gradle / Ivy
Show all versions of aws-java-sdk-sso Show documentation
/*
* Copyright 2019-2024 Amazon.com, Inc. or its affiliates. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance with
* the License. A copy of the License is located at
*
* http://aws.amazon.com/apache2.0
*
* or in the "license" file accompanying this file. This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
* CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions
* and limitations under the License.
*/
package com.amazonaws.services.sso;
import org.w3c.dom.*;
import java.net.*;
import java.util.*;
import javax.annotation.Generated;
import org.apache.commons.logging.*;
import com.amazonaws.*;
import com.amazonaws.annotation.SdkInternalApi;
import com.amazonaws.auth.*;
import com.amazonaws.handlers.*;
import com.amazonaws.http.*;
import com.amazonaws.internal.*;
import com.amazonaws.internal.auth.*;
import com.amazonaws.metrics.*;
import com.amazonaws.regions.*;
import com.amazonaws.transform.*;
import com.amazonaws.util.*;
import com.amazonaws.protocol.json.*;
import com.amazonaws.util.AWSRequestMetrics.Field;
import com.amazonaws.annotation.ThreadSafe;
import com.amazonaws.client.AwsSyncClientParams;
import com.amazonaws.client.builder.AdvancedConfig;
import com.amazonaws.services.sso.AWSSSOClientBuilder;
import com.amazonaws.AmazonServiceException;
import com.amazonaws.services.sso.model.*;
import com.amazonaws.services.sso.model.transform.*;
/**
* Client for accessing SSO. All service calls made using this client are blocking, and will not return until the
* service call completes.
*
*
* AWS IAM Identity Center (successor to AWS Single Sign-On) Portal is a web service that makes it easy for you to
* assign user access to IAM Identity Center resources such as the AWS access portal. Users can get AWS account
* applications and roles assigned to them and get federated into the application.
*
*
*
* Although AWS Single Sign-On was renamed, the sso and identitystore API namespaces will
* continue to retain their original name for backward compatibility purposes. For more information, see IAM Identity Center rename.
*
*
*
* This reference guide describes the IAM Identity Center Portal operations that you can call programatically and
* includes detailed information on data types and errors.
*
*
*
* AWS provides SDKs that consist of libraries and sample code for various programming languages and platforms, such as
* Java, Ruby, .Net, iOS, or Android. The SDKs provide a convenient way to create programmatic access to IAM Identity
* Center and other AWS services. For more information about the AWS SDKs, including how to download and install them,
* see Tools for Amazon Web Services.
*
*
*/
@ThreadSafe
@Generated("com.amazonaws:aws-java-sdk-code-generator")
public class AWSSSOClient extends AmazonWebServiceClient implements AWSSSO {
/** Provider for AWS credentials. */
private final AWSCredentialsProvider awsCredentialsProvider;
private static final Log log = LogFactory.getLog(AWSSSO.class);
/** Default signing name for the service. */
private static final String DEFAULT_SIGNING_NAME = "awsssoportal";
/** Client configuration factory providing ClientConfigurations tailored to this client */
protected static final ClientConfigurationFactory configFactory = new ClientConfigurationFactory();
private final AdvancedConfig advancedConfig;
private static final com.amazonaws.protocol.json.SdkJsonProtocolFactory protocolFactory = new com.amazonaws.protocol.json.SdkJsonProtocolFactory(
new JsonClientMetadata()
.withProtocolVersion("1.1")
.withSupportsCbor(false)
.withSupportsIon(false)
.withContentTypeOverride("application/json")
.addErrorMetadata(
new JsonErrorShapeMetadata().withErrorCode("TooManyRequestsException").withExceptionUnmarshaller(
com.amazonaws.services.sso.model.transform.TooManyRequestsExceptionUnmarshaller.getInstance()))
.addErrorMetadata(
new JsonErrorShapeMetadata().withErrorCode("UnauthorizedException").withExceptionUnmarshaller(
com.amazonaws.services.sso.model.transform.UnauthorizedExceptionUnmarshaller.getInstance()))
.addErrorMetadata(
new JsonErrorShapeMetadata().withErrorCode("InvalidRequestException").withExceptionUnmarshaller(
com.amazonaws.services.sso.model.transform.InvalidRequestExceptionUnmarshaller.getInstance()))
.addErrorMetadata(
new JsonErrorShapeMetadata().withErrorCode("ResourceNotFoundException").withExceptionUnmarshaller(
com.amazonaws.services.sso.model.transform.ResourceNotFoundExceptionUnmarshaller.getInstance()))
.withBaseServiceExceptionClass(com.amazonaws.services.sso.model.AWSSSOException.class));
public static AWSSSOClientBuilder builder() {
return AWSSSOClientBuilder.standard();
}
/**
* Constructs a new client to invoke service methods on SSO using the specified parameters.
*
*
* All service calls made using this new client object are blocking, and will not return until the service call
* completes.
*
* @param clientParams
* Object providing client parameters.
*/
AWSSSOClient(AwsSyncClientParams clientParams) {
this(clientParams, false);
}
/**
* Constructs a new client to invoke service methods on SSO using the specified parameters.
*
*
* All service calls made using this new client object are blocking, and will not return until the service call
* completes.
*
* @param clientParams
* Object providing client parameters.
*/
AWSSSOClient(AwsSyncClientParams clientParams, boolean endpointDiscoveryEnabled) {
super(clientParams);
this.awsCredentialsProvider = clientParams.getCredentialsProvider();
this.advancedConfig = clientParams.getAdvancedConfig();
init();
}
private void init() {
setServiceNameIntern(DEFAULT_SIGNING_NAME);
setEndpointPrefix(ENDPOINT_PREFIX);
// calling this.setEndPoint(...) will also modify the signer accordingly
setEndpoint("portal.sso.us-east-1.amazonaws.com");
HandlerChainFactory chainFactory = new HandlerChainFactory();
requestHandler2s.addAll(chainFactory.newRequestHandlerChain("/com/amazonaws/services/sso/request.handlers"));
requestHandler2s.addAll(chainFactory.newRequestHandler2Chain("/com/amazonaws/services/sso/request.handler2s"));
requestHandler2s.addAll(chainFactory.getGlobalHandlers());
}
/**
*
* Returns the STS short-term credentials for a given role name that is assigned to the user.
*
*
* @param getRoleCredentialsRequest
* @return Result of the GetRoleCredentials operation returned by the service.
* @throws InvalidRequestException
* Indicates that a problem occurred with the input to the request. For example, a required parameter might
* be missing or out of range.
* @throws UnauthorizedException
* Indicates that the request is not authorized. This can happen due to an invalid access token in the
* request.
* @throws TooManyRequestsException
* Indicates that the request is being made too frequently and is more than what the server can handle.
* @throws ResourceNotFoundException
* The specified resource doesn't exist.
* @sample AWSSSO.GetRoleCredentials
* @see AWS API
* Documentation
*/
@Override
public GetRoleCredentialsResult getRoleCredentials(GetRoleCredentialsRequest request) {
request = beforeClientExecution(request);
return executeGetRoleCredentials(request);
}
@SdkInternalApi
final GetRoleCredentialsResult executeGetRoleCredentials(GetRoleCredentialsRequest getRoleCredentialsRequest) {
ExecutionContext executionContext = createExecutionContext(getRoleCredentialsRequest);
AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics();
awsRequestMetrics.startEvent(Field.ClientExecuteTime);
Request request = null;
Response response = null;
try {
awsRequestMetrics.startEvent(Field.RequestMarshallTime);
try {
request = new GetRoleCredentialsRequestProtocolMarshaller(protocolFactory).marshall(super.beforeMarshalling(getRoleCredentialsRequest));
// Binds the request metrics to the current request.
request.setAWSRequestMetrics(awsRequestMetrics);
request.addHandlerContext(HandlerContextKey.CLIENT_ENDPOINT, endpoint);
request.addHandlerContext(HandlerContextKey.ENDPOINT_OVERRIDDEN, isEndpointOverridden());
request.addHandlerContext(HandlerContextKey.SIGNING_REGION, getSigningRegion());
request.addHandlerContext(HandlerContextKey.SERVICE_ID, "SSO");
request.addHandlerContext(HandlerContextKey.OPERATION_NAME, "GetRoleCredentials");
request.addHandlerContext(HandlerContextKey.ADVANCED_CONFIG, advancedConfig);
} finally {
awsRequestMetrics.endEvent(Field.RequestMarshallTime);
}
HttpResponseHandler> responseHandler = protocolFactory.createResponseHandler(
new JsonOperationMetadata().withPayloadJson(true).withHasStreamingSuccessResponse(false), new GetRoleCredentialsResultJsonUnmarshaller());
response = anonymousInvoke(request, responseHandler, executionContext);
return response.getAwsResponse();
} finally {
endClientExecution(awsRequestMetrics, request, response);
}
}
/**
*
* Lists all roles that are assigned to the user for a given AWS account.
*
*
* @param listAccountRolesRequest
* @return Result of the ListAccountRoles operation returned by the service.
* @throws InvalidRequestException
* Indicates that a problem occurred with the input to the request. For example, a required parameter might
* be missing or out of range.
* @throws UnauthorizedException
* Indicates that the request is not authorized. This can happen due to an invalid access token in the
* request.
* @throws TooManyRequestsException
* Indicates that the request is being made too frequently and is more than what the server can handle.
* @throws ResourceNotFoundException
* The specified resource doesn't exist.
* @sample AWSSSO.ListAccountRoles
* @see AWS API
* Documentation
*/
@Override
public ListAccountRolesResult listAccountRoles(ListAccountRolesRequest request) {
request = beforeClientExecution(request);
return executeListAccountRoles(request);
}
@SdkInternalApi
final ListAccountRolesResult executeListAccountRoles(ListAccountRolesRequest listAccountRolesRequest) {
ExecutionContext executionContext = createExecutionContext(listAccountRolesRequest);
AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics();
awsRequestMetrics.startEvent(Field.ClientExecuteTime);
Request request = null;
Response response = null;
try {
awsRequestMetrics.startEvent(Field.RequestMarshallTime);
try {
request = new ListAccountRolesRequestProtocolMarshaller(protocolFactory).marshall(super.beforeMarshalling(listAccountRolesRequest));
// Binds the request metrics to the current request.
request.setAWSRequestMetrics(awsRequestMetrics);
request.addHandlerContext(HandlerContextKey.CLIENT_ENDPOINT, endpoint);
request.addHandlerContext(HandlerContextKey.ENDPOINT_OVERRIDDEN, isEndpointOverridden());
request.addHandlerContext(HandlerContextKey.SIGNING_REGION, getSigningRegion());
request.addHandlerContext(HandlerContextKey.SERVICE_ID, "SSO");
request.addHandlerContext(HandlerContextKey.OPERATION_NAME, "ListAccountRoles");
request.addHandlerContext(HandlerContextKey.ADVANCED_CONFIG, advancedConfig);
} finally {
awsRequestMetrics.endEvent(Field.RequestMarshallTime);
}
HttpResponseHandler> responseHandler = protocolFactory.createResponseHandler(
new JsonOperationMetadata().withPayloadJson(true).withHasStreamingSuccessResponse(false), new ListAccountRolesResultJsonUnmarshaller());
response = anonymousInvoke(request, responseHandler, executionContext);
return response.getAwsResponse();
} finally {
endClientExecution(awsRequestMetrics, request, response);
}
}
/**
*
* Lists all AWS accounts assigned to the user. These AWS accounts are assigned by the administrator of the account.
* For more information, see Assign User
* Access in the IAM Identity Center User Guide. This operation returns a paginated response.
*
*
* @param listAccountsRequest
* @return Result of the ListAccounts operation returned by the service.
* @throws InvalidRequestException
* Indicates that a problem occurred with the input to the request. For example, a required parameter might
* be missing or out of range.
* @throws UnauthorizedException
* Indicates that the request is not authorized. This can happen due to an invalid access token in the
* request.
* @throws TooManyRequestsException
* Indicates that the request is being made too frequently and is more than what the server can handle.
* @throws ResourceNotFoundException
* The specified resource doesn't exist.
* @sample AWSSSO.ListAccounts
* @see AWS API
* Documentation
*/
@Override
public ListAccountsResult listAccounts(ListAccountsRequest request) {
request = beforeClientExecution(request);
return executeListAccounts(request);
}
@SdkInternalApi
final ListAccountsResult executeListAccounts(ListAccountsRequest listAccountsRequest) {
ExecutionContext executionContext = createExecutionContext(listAccountsRequest);
AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics();
awsRequestMetrics.startEvent(Field.ClientExecuteTime);
Request request = null;
Response response = null;
try {
awsRequestMetrics.startEvent(Field.RequestMarshallTime);
try {
request = new ListAccountsRequestProtocolMarshaller(protocolFactory).marshall(super.beforeMarshalling(listAccountsRequest));
// Binds the request metrics to the current request.
request.setAWSRequestMetrics(awsRequestMetrics);
request.addHandlerContext(HandlerContextKey.CLIENT_ENDPOINT, endpoint);
request.addHandlerContext(HandlerContextKey.ENDPOINT_OVERRIDDEN, isEndpointOverridden());
request.addHandlerContext(HandlerContextKey.SIGNING_REGION, getSigningRegion());
request.addHandlerContext(HandlerContextKey.SERVICE_ID, "SSO");
request.addHandlerContext(HandlerContextKey.OPERATION_NAME, "ListAccounts");
request.addHandlerContext(HandlerContextKey.ADVANCED_CONFIG, advancedConfig);
} finally {
awsRequestMetrics.endEvent(Field.RequestMarshallTime);
}
HttpResponseHandler> responseHandler = protocolFactory.createResponseHandler(
new JsonOperationMetadata().withPayloadJson(true).withHasStreamingSuccessResponse(false), new ListAccountsResultJsonUnmarshaller());
response = anonymousInvoke(request, responseHandler, executionContext);
return response.getAwsResponse();
} finally {
endClientExecution(awsRequestMetrics, request, response);
}
}
/**
*
* Removes the locally stored SSO tokens from the client-side cache and sends an API call to the IAM Identity Center
* service to invalidate the corresponding server-side IAM Identity Center sign in session.
*
*
*
* If a user uses IAM Identity Center to access the AWS CLI, the user’s IAM Identity Center sign in session is used
* to obtain an IAM session, as specified in the corresponding IAM Identity Center permission set. More
* specifically, IAM Identity Center assumes an IAM role in the target account on behalf of the user, and the
* corresponding temporary AWS credentials are returned to the client.
*
*
* After user logout, any existing IAM role sessions that were created by using IAM Identity Center permission sets
* continue based on the duration configured in the permission set. For more information, see User authentications in the
* IAM Identity Center User Guide.
*
*
*
* @param logoutRequest
* @return Result of the Logout operation returned by the service.
* @throws InvalidRequestException
* Indicates that a problem occurred with the input to the request. For example, a required parameter might
* be missing or out of range.
* @throws UnauthorizedException
* Indicates that the request is not authorized. This can happen due to an invalid access token in the
* request.
* @throws TooManyRequestsException
* Indicates that the request is being made too frequently and is more than what the server can handle.
* @sample AWSSSO.Logout
* @see AWS API
* Documentation
*/
@Override
public LogoutResult logout(LogoutRequest request) {
request = beforeClientExecution(request);
return executeLogout(request);
}
@SdkInternalApi
final LogoutResult executeLogout(LogoutRequest logoutRequest) {
ExecutionContext executionContext = createExecutionContext(logoutRequest);
AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics();
awsRequestMetrics.startEvent(Field.ClientExecuteTime);
Request request = null;
Response response = null;
try {
awsRequestMetrics.startEvent(Field.RequestMarshallTime);
try {
request = new LogoutRequestProtocolMarshaller(protocolFactory).marshall(super.beforeMarshalling(logoutRequest));
// Binds the request metrics to the current request.
request.setAWSRequestMetrics(awsRequestMetrics);
request.addHandlerContext(HandlerContextKey.CLIENT_ENDPOINT, endpoint);
request.addHandlerContext(HandlerContextKey.ENDPOINT_OVERRIDDEN, isEndpointOverridden());
request.addHandlerContext(HandlerContextKey.SIGNING_REGION, getSigningRegion());
request.addHandlerContext(HandlerContextKey.SERVICE_ID, "SSO");
request.addHandlerContext(HandlerContextKey.OPERATION_NAME, "Logout");
request.addHandlerContext(HandlerContextKey.ADVANCED_CONFIG, advancedConfig);
} finally {
awsRequestMetrics.endEvent(Field.RequestMarshallTime);
}
HttpResponseHandler> responseHandler = protocolFactory.createResponseHandler(new JsonOperationMetadata()
.withPayloadJson(true).withHasStreamingSuccessResponse(false), new LogoutResultJsonUnmarshaller());
response = anonymousInvoke(request, responseHandler, executionContext);
return response.getAwsResponse();
} finally {
endClientExecution(awsRequestMetrics, request, response);
}
}
/**
* Returns additional metadata for a previously executed successful, request, typically used for debugging issues
* where a service isn't acting as expected. This data isn't considered part of the result data returned by an
* operation, so it's available through this separate, diagnostic interface.
*
* Response metadata is only cached for a limited period of time, so if you need to access this extra diagnostic
* information for an executed request, you should use this method to retrieve it as soon as possible after
* executing the request.
*
* @param request
* The originally executed request
*
* @return The response metadata for the specified request, or null if none is available.
*/
public ResponseMetadata getCachedResponseMetadata(AmazonWebServiceRequest request) {
return client.getResponseMetadataForRequest(request);
}
/**
* Normal invoke with authentication. Credentials are required and may be overriden at the request level.
**/
private Response invoke(Request request, HttpResponseHandler> responseHandler,
ExecutionContext executionContext) {
return invoke(request, responseHandler, executionContext, null, null);
}
/**
* Normal invoke with authentication. Credentials are required and may be overriden at the request level.
**/
private Response invoke(Request request, HttpResponseHandler> responseHandler,
ExecutionContext executionContext, URI cachedEndpoint, URI uriFromEndpointTrait) {
executionContext.setCredentialsProvider(CredentialUtils.getCredentialsProvider(request.getOriginalRequest(), awsCredentialsProvider));
return doInvoke(request, responseHandler, executionContext, cachedEndpoint, uriFromEndpointTrait);
}
/**
* Invoke with no authentication. Credentials are not required and any credentials set on the client or request will
* be ignored for this operation.
**/
private Response anonymousInvoke(Request request,
HttpResponseHandler> responseHandler, ExecutionContext executionContext) {
return doInvoke(request, responseHandler, executionContext, null, null);
}
/**
* Invoke the request using the http client. Assumes credentials (or lack thereof) have been configured in the
* ExecutionContext beforehand.
**/
private Response doInvoke(Request request, HttpResponseHandler> responseHandler,
ExecutionContext executionContext, URI discoveredEndpoint, URI uriFromEndpointTrait) {
if (discoveredEndpoint != null) {
request.setEndpoint(discoveredEndpoint);
request.getOriginalRequest().getRequestClientOptions().appendUserAgent("endpoint-discovery");
} else if (uriFromEndpointTrait != null) {
request.setEndpoint(uriFromEndpointTrait);
} else {
request.setEndpoint(endpoint);
}
request.setTimeOffset(timeOffset);
HttpResponseHandler errorResponseHandler = protocolFactory.createErrorResponseHandler(new JsonErrorResponseMetadata());
return client.execute(request, responseHandler, errorResponseHandler, executionContext);
}
@com.amazonaws.annotation.SdkInternalApi
static com.amazonaws.protocol.json.SdkJsonProtocolFactory getProtocolFactory() {
return protocolFactory;
}
@Override
public void shutdown() {
super.shutdown();
}
}