com.ibm.cloud.objectstorage.auth.ContainerCredentialsProvider Maven / Gradle / Ivy

Show more of this group Show more artifacts with this name
Show all versions of ibm-cos-java-sdk-bundle Show documentation
A single bundled dependency that includes all service and dependent JARs with third-party libraries relocated to different namespaces.
There is a newer version: 2.13.4
Show newest version
/*
 * Copyright 2011-2022 Amazon.com, Inc. or its affiliates. All Rights Reserved.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at:
 *
 *    http://aws.amazon.com/apache2.0
 *
 * This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES
 * OR CONDITIONS OF ANY KIND, either express or implied. See the
 * License for the specific language governing permissions and
 * limitations under the License.
 */
package com.ibm.cloud.objectstorage.auth;

import com.ibm.cloud.objectstorage.SdkClientException;
import com.ibm.cloud.objectstorage.annotation.SdkInternalApi;
import com.ibm.cloud.objectstorage.internal.CredentialsEndpointProvider;
import com.ibm.cloud.objectstorage.retry.internal.CredentialsEndpointRetryPolicy;
import java.net.URI;
import java.util.Date;

/**
 * 
 * {@link AWSCredentialsProvider} implementation that loads credentials
 * from an Amazon Elastic Container.
 * 
 * 
 * By default, the URI path is retrieved from the environment variable
 * "AWS_CONTAINER_CREDENTIALS_RELATIVE_URI" in the container's environment.
 * 
 */
public class ContainerCredentialsProvider implements AWSCredentialsProvider {

    /** Environment variable to get the Amazon ECS credentials resource path. */
    static final String ECS_CONTAINER_CREDENTIALS_PATH = "AWS_CONTAINER_CREDENTIALS_RELATIVE_URI";

    /** Environment variable to get the full URI for a credentials path */
    // IBM unsupported
    // static final String CONTAINER_CREDENTIALS_FULL_URI = "AWS_CONTAINER_CREDENTIALS_FULL_URI";

    // static final String CONTAINER_AUTHORIZATION_TOKEN = "AWS_CONTAINER_AUTHORIZATION_TOKEN";

    // private static final Set ALLOWED_FULL_URI_HOSTS = allowedHosts();

    /** Default endpoint to retreive the Amazon ECS Credentials. */
    private static final String ECS_CREDENTIALS_ENDPOINT = "http://169.254.170.2";

    private final ContainerCredentialsFetcher credentialsFetcher;

    /**
     * @deprecated use {@link #ContainerCredentialsProvider(CredentialsEndpointProvider)}
     */
    @Deprecated
    public ContainerCredentialsProvider() {
        this(new ECSCredentialsEndpointProvider());
    }

    public ContainerCredentialsProvider(CredentialsEndpointProvider credentialsEndpointProvider) {
        this.credentialsFetcher = new ContainerCredentialsFetcher(credentialsEndpointProvider);
    }

    @Override
    public AWSCredentials getCredentials() {
        return credentialsFetcher.getCredentials();
    }

    @Override
    public void refresh() {
        credentialsFetcher.refresh();
    }

    public Date getCredentialsExpiration() {
        return credentialsFetcher.getCredentialsExpiration();
    }


    static class ECSCredentialsEndpointProvider extends CredentialsEndpointProvider {
        @Override
        public URI getCredentialsEndpoint() {
            String path = System.getenv(ECS_CONTAINER_CREDENTIALS_PATH);
            if (path == null) {
                throw new SdkClientException(
                        "The environment variable " + ECS_CONTAINER_CREDENTIALS_PATH + " is empty");
            }

            return URI.create(ECS_CREDENTIALS_ENDPOINT + path);
        }
        @Override
        public CredentialsEndpointRetryPolicy getRetryPolicy() {
            return ContainerCredentialsRetryPolicy.getInstance();
        }

    }

    /**
     * A URI resolver that uses environment variable {@value CONTAINER_CREDENTIALS_FULL_URI} as the URI
     * for the metadata service.
     * Optionally an authorization token can be provided using the {@value CONTAINER_AUTHORIZATION_TOKEN} environment variable.
     */
    // IBM unsupported
    // static class FullUriCredentialsEndpointProvider extends CredentialsEndpointProvider {

    //     @Override
    //     public URI getCredentialsEndpoint() {
    //         String fullUri = System.getenv(CONTAINER_CREDENTIALS_FULL_URI);
    //         if (fullUri == null || fullUri.length() == 0) {
    //             throw new SdkClientException("The environment variable " + CONTAINER_CREDENTIALS_FULL_URI + " is empty");
    //         }

    //         URI uri = URI.create(fullUri);

    //         if (!ALLOWED_FULL_URI_HOSTS.contains(uri.getHost())) {
    //             throw new SdkClientException("The full URI (" + uri + ") contained withing environment variable " +
    //                 CONTAINER_CREDENTIALS_FULL_URI + " has an invalid host. Host can only be one of [" +
    //                 CollectionUtils.join(ALLOWED_FULL_URI_HOSTS, ", ") + "]");
    //         }

    //         return uri;
    //     }

    //     @Override
    //     public Map getHeaders() {
    //         if (System.getenv(CONTAINER_AUTHORIZATION_TOKEN) != null) {
    //             return Collections.singletonMap("Authorization", System.getenv(CONTAINER_AUTHORIZATION_TOKEN));
    //         }
    //         return new HashMap();
    //     }
    // }

    // private static Set allowedHosts() {
    //     HashSet hosts = new HashSet();
    //     hosts.add("127.0.0.1");
    //     hosts.add("localhost");
    //     return Collections.unmodifiableSet(hosts);
    // }

}