software.amazon.awssdk.services.sts.model.AssumeRoleWithWebIdentityRequest Maven / Gradle / Ivy
/*
* Copyright 2014-2019 Amazon.com, Inc. or its affiliates. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance with
* the License. A copy of the License is located at
*
* http://aws.amazon.com/apache2.0
*
* or in the "license" file accompanying this file. This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
* CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions
* and limitations under the License.
*/
package software.amazon.awssdk.services.sts.model;
import java.util.Arrays;
import java.util.Collections;
import java.util.List;
import java.util.Objects;
import java.util.Optional;
import java.util.function.BiConsumer;
import java.util.function.Consumer;
import java.util.function.Function;
import software.amazon.awssdk.annotations.Generated;
import software.amazon.awssdk.awscore.AwsRequestOverrideConfiguration;
import software.amazon.awssdk.core.SdkField;
import software.amazon.awssdk.core.SdkPojo;
import software.amazon.awssdk.core.protocol.MarshallLocation;
import software.amazon.awssdk.core.protocol.MarshallingType;
import software.amazon.awssdk.core.traits.LocationTrait;
import software.amazon.awssdk.utils.ToString;
import software.amazon.awssdk.utils.builder.CopyableBuilder;
import software.amazon.awssdk.utils.builder.ToCopyableBuilder;
/**
*/
@Generated("software.amazon.awssdk:codegen")
public final class AssumeRoleWithWebIdentityRequest extends StsRequest implements
ToCopyableBuilder {
private static final SdkField ROLE_ARN_FIELD = SdkField. builder(MarshallingType.STRING)
.getter(getter(AssumeRoleWithWebIdentityRequest::roleArn)).setter(setter(Builder::roleArn))
.traits(LocationTrait.builder().location(MarshallLocation.PAYLOAD).locationName("RoleArn").build()).build();
private static final SdkField ROLE_SESSION_NAME_FIELD = SdkField. builder(MarshallingType.STRING)
.getter(getter(AssumeRoleWithWebIdentityRequest::roleSessionName)).setter(setter(Builder::roleSessionName))
.traits(LocationTrait.builder().location(MarshallLocation.PAYLOAD).locationName("RoleSessionName").build()).build();
private static final SdkField WEB_IDENTITY_TOKEN_FIELD = SdkField. builder(MarshallingType.STRING)
.getter(getter(AssumeRoleWithWebIdentityRequest::webIdentityToken)).setter(setter(Builder::webIdentityToken))
.traits(LocationTrait.builder().location(MarshallLocation.PAYLOAD).locationName("WebIdentityToken").build()).build();
private static final SdkField PROVIDER_ID_FIELD = SdkField. builder(MarshallingType.STRING)
.getter(getter(AssumeRoleWithWebIdentityRequest::providerId)).setter(setter(Builder::providerId))
.traits(LocationTrait.builder().location(MarshallLocation.PAYLOAD).locationName("ProviderId").build()).build();
private static final SdkField POLICY_FIELD = SdkField. builder(MarshallingType.STRING)
.getter(getter(AssumeRoleWithWebIdentityRequest::policy)).setter(setter(Builder::policy))
.traits(LocationTrait.builder().location(MarshallLocation.PAYLOAD).locationName("Policy").build()).build();
private static final SdkField DURATION_SECONDS_FIELD = SdkField. builder(MarshallingType.INTEGER)
.getter(getter(AssumeRoleWithWebIdentityRequest::durationSeconds)).setter(setter(Builder::durationSeconds))
.traits(LocationTrait.builder().location(MarshallLocation.PAYLOAD).locationName("DurationSeconds").build()).build();
private static final List> SDK_FIELDS = Collections.unmodifiableList(Arrays.asList(ROLE_ARN_FIELD,
ROLE_SESSION_NAME_FIELD, WEB_IDENTITY_TOKEN_FIELD, PROVIDER_ID_FIELD, POLICY_FIELD, DURATION_SECONDS_FIELD));
private final String roleArn;
private final String roleSessionName;
private final String webIdentityToken;
private final String providerId;
private final String policy;
private final Integer durationSeconds;
private AssumeRoleWithWebIdentityRequest(BuilderImpl builder) {
super(builder);
this.roleArn = builder.roleArn;
this.roleSessionName = builder.roleSessionName;
this.webIdentityToken = builder.webIdentityToken;
this.providerId = builder.providerId;
this.policy = builder.policy;
this.durationSeconds = builder.durationSeconds;
}
/**
*
* The Amazon Resource Name (ARN) of the role that the caller is assuming.
*
*
* @return The Amazon Resource Name (ARN) of the role that the caller is assuming.
*/
public String roleArn() {
return roleArn;
}
/**
*
* An identifier for the assumed role session. Typically, you pass the name or identifier that is associated with
* the user who is using your application. That way, the temporary security credentials that your application will
* use are associated with that user. This session name is included as part of the ARN and assumed role ID in the
* AssumedRoleUser response element.
*
*
* The regex used to validate this parameter is a string of characters consisting of upper- and lower-case
* alphanumeric characters with no spaces. You can also include underscores or any of the following characters: =,.@-
*
*
* @return An identifier for the assumed role session. Typically, you pass the name or identifier that is associated
* with the user who is using your application. That way, the temporary security credentials that your
* application will use are associated with that user. This session name is included as part of the ARN and
* assumed role ID in the AssumedRoleUser response element.
*
* The regex used to validate this parameter is a string of characters consisting of upper- and lower-case
* alphanumeric characters with no spaces. You can also include underscores or any of the following
* characters: =,.@-
*/
public String roleSessionName() {
return roleSessionName;
}
/**
*
* The OAuth 2.0 access token or OpenID Connect ID token that is provided by the identity provider. Your application
* must get this token by authenticating the user who is using your application with a web identity provider before
* the application makes an AssumeRoleWithWebIdentity call.
*
*
* @return The OAuth 2.0 access token or OpenID Connect ID token that is provided by the identity provider. Your
* application must get this token by authenticating the user who is using your application with a web
* identity provider before the application makes an AssumeRoleWithWebIdentity call.
*/
public String webIdentityToken() {
return webIdentityToken;
}
/**
*
* The fully qualified host component of the domain name of the identity provider.
*
*
* Specify this value only for OAuth 2.0 access tokens. Currently www.amazon.com and
* graph.facebook.com are the only supported identity providers for OAuth 2.0 access tokens. Do not
* include URL schemes and port numbers.
*
*
* Do not specify this value for OpenID Connect ID tokens.
*
*
* @return The fully qualified host component of the domain name of the identity provider.
*
* Specify this value only for OAuth 2.0 access tokens. Currently www.amazon.com and
* graph.facebook.com are the only supported identity providers for OAuth 2.0 access tokens. Do
* not include URL schemes and port numbers.
*
*
* Do not specify this value for OpenID Connect ID tokens.
*/
public String providerId() {
return providerId;
}
/**
*
* An IAM policy in JSON format.
*
*
* The policy parameter is optional. If you pass a policy, the temporary security credentials that are returned by
* the operation have the permissions that are allowed by both the access policy of the role that is being assumed,
* and the policy that you pass. This gives you a way to further restrict the permissions for the
* resulting temporary security credentials. You cannot use the passed policy to grant permissions that are in
* excess of those allowed by the access policy of the role that is being assumed. For more information, see Permissions
* for AssumeRoleWithWebIdentity in the IAM User Guide.
*
*
* The format for this parameter, as described by its regex pattern, is a string of characters up to 2048 characters
* in length. The characters can be any ASCII character from the space character to the end of the valid character
* list ( -\u00FF). It can also include the tab ( ), linefeed ( ), and carriage return ( ) characters.
*
*
*
* The policy plain text must be 2048 bytes or shorter. However, an internal conversion compresses it into a packed
* binary format with a separate limit. The PackedPolicySize response element indicates by percentage how close to
* the upper size limit the policy is, with 100% equaling the maximum allowed size.
*
*
*
* @return An IAM policy in JSON format.
*
* The policy parameter is optional. If you pass a policy, the temporary security credentials that are
* returned by the operation have the permissions that are allowed by both the access policy of the role
* that is being assumed, and the policy that you pass. This gives you a way to further
* restrict the permissions for the resulting temporary security credentials. You cannot use the passed
* policy to grant permissions that are in excess of those allowed by the access policy of the role that is
* being assumed. For more information, see Permissions for AssumeRoleWithWebIdentity in the IAM User Guide.
*
*
* The format for this parameter, as described by its regex pattern, is a string of characters up to 2048
* characters in length. The characters can be any ASCII character from the space character to the end of
* the valid character list ( -\u00FF). It can also include the tab ( ), linefeed ( ), and carriage return (
* ) characters.
*
*
*
* The policy plain text must be 2048 bytes or shorter. However, an internal conversion compresses it into a
* packed binary format with a separate limit. The PackedPolicySize response element indicates by percentage
* how close to the upper size limit the policy is, with 100% equaling the maximum allowed size.
*
*/
public String policy() {
return policy;
}
/**
*
* The duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the
* maximum session duration setting for the role. This setting can have a value from 1 hour to 12 hours. If you
* specify a value higher than this setting, the operation fails. For example, if you specify a session duration of
* 12 hours, but your administrator set the maximum session duration to 6 hours, your operation fails. To learn how
* to view the maximum value for your role, see View
* the Maximum Session Duration Setting for a Role in the IAM User Guide.
*
*
* By default, the value is set to 3600 seconds.
*
*
*
* The DurationSeconds parameter is separate from the duration of a console session that you might
* request using the returned credentials. The request to the federation endpoint for a console sign-in token takes
* a SessionDuration parameter that specifies the maximum length of the console session. For more
* information, see Creating
* a URL that Enables Federated Users to Access the AWS Management Console in the IAM User Guide.
*
*
*
* @return The duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to
* the maximum session duration setting for the role. This setting can have a value from 1 hour to 12 hours.
* If you specify a value higher than this setting, the operation fails. For example, if you specify a
* session duration of 12 hours, but your administrator set the maximum session duration to 6 hours, your
* operation fails. To learn how to view the maximum value for your role, see View the Maximum Session Duration Setting for a Role in the IAM User Guide.
*
* By default, the value is set to 3600 seconds.
*
*
*
* The DurationSeconds parameter is separate from the duration of a console session that you
* might request using the returned credentials. The request to the federation endpoint for a console
* sign-in token takes a SessionDuration parameter that specifies the maximum length of the
* console session. For more information, see Creating a URL that Enables Federated Users to Access the AWS Management Console in the IAM User
* Guide.
*
*/
public Integer durationSeconds() {
return durationSeconds;
}
@Override
public Builder toBuilder() {
return new BuilderImpl(this);
}
public static Builder builder() {
return new BuilderImpl();
}
public static Class serializableBuilderClass() {
return BuilderImpl.class;
}
@Override
public int hashCode() {
int hashCode = 1;
hashCode = 31 * hashCode + Objects.hashCode(roleArn());
hashCode = 31 * hashCode + Objects.hashCode(roleSessionName());
hashCode = 31 * hashCode + Objects.hashCode(webIdentityToken());
hashCode = 31 * hashCode + Objects.hashCode(providerId());
hashCode = 31 * hashCode + Objects.hashCode(policy());
hashCode = 31 * hashCode + Objects.hashCode(durationSeconds());
return hashCode;
}
@Override
public boolean equals(Object obj) {
if (this == obj) {
return true;
}
if (obj == null) {
return false;
}
if (!(obj instanceof AssumeRoleWithWebIdentityRequest)) {
return false;
}
AssumeRoleWithWebIdentityRequest other = (AssumeRoleWithWebIdentityRequest) obj;
return Objects.equals(roleArn(), other.roleArn()) && Objects.equals(roleSessionName(), other.roleSessionName())
&& Objects.equals(webIdentityToken(), other.webIdentityToken())
&& Objects.equals(providerId(), other.providerId()) && Objects.equals(policy(), other.policy())
&& Objects.equals(durationSeconds(), other.durationSeconds());
}
/**
* Returns a string representation of this object. This is useful for testing and debugging. Sensitive data will be
* redacted from this string using a placeholder value.
*/
@Override
public String toString() {
return ToString.builder("AssumeRoleWithWebIdentityRequest").add("RoleArn", roleArn())
.add("RoleSessionName", roleSessionName()).add("WebIdentityToken", webIdentityToken())
.add("ProviderId", providerId()).add("Policy", policy()).add("DurationSeconds", durationSeconds()).build();
}
public Optional getValueForField(String fieldName, Class clazz) {
switch (fieldName) {
case "RoleArn":
return Optional.ofNullable(clazz.cast(roleArn()));
case "RoleSessionName":
return Optional.ofNullable(clazz.cast(roleSessionName()));
case "WebIdentityToken":
return Optional.ofNullable(clazz.cast(webIdentityToken()));
case "ProviderId":
return Optional.ofNullable(clazz.cast(providerId()));
case "Policy":
return Optional.ofNullable(clazz.cast(policy()));
case "DurationSeconds":
return Optional.ofNullable(clazz.cast(durationSeconds()));
default:
return Optional.empty();
}
}
@Override
public List> sdkFields() {
return SDK_FIELDS;
}
private static Function getter(Function g) {
return obj -> g.apply((AssumeRoleWithWebIdentityRequest) obj);
}
private static BiConsumer setter(BiConsumer s) {
return (obj, val) -> s.accept((Builder) obj, val);
}
public interface Builder extends StsRequest.Builder, SdkPojo, CopyableBuilder {
/**
*
* The Amazon Resource Name (ARN) of the role that the caller is assuming.
*
*
* @param roleArn
* The Amazon Resource Name (ARN) of the role that the caller is assuming.
* @return Returns a reference to this object so that method calls can be chained together.
*/
Builder roleArn(String roleArn);
/**
*
* An identifier for the assumed role session. Typically, you pass the name or identifier that is associated
* with the user who is using your application. That way, the temporary security credentials that your
* application will use are associated with that user. This session name is included as part of the ARN and
* assumed role ID in the AssumedRoleUser response element.
*
*
* The regex used to validate this parameter is a string of characters consisting of upper- and lower-case
* alphanumeric characters with no spaces. You can also include underscores or any of the following characters:
* =,.@-
*
*
* @param roleSessionName
* An identifier for the assumed role session. Typically, you pass the name or identifier that is
* associated with the user who is using your application. That way, the temporary security credentials
* that your application will use are associated with that user. This session name is included as part of
* the ARN and assumed role ID in the AssumedRoleUser response element.
*
* The regex used to validate this parameter is a string of characters consisting of upper- and
* lower-case alphanumeric characters with no spaces. You can also include underscores or any of the
* following characters: =,.@-
* @return Returns a reference to this object so that method calls can be chained together.
*/
Builder roleSessionName(String roleSessionName);
/**
*
* The OAuth 2.0 access token or OpenID Connect ID token that is provided by the identity provider. Your
* application must get this token by authenticating the user who is using your application with a web identity
* provider before the application makes an AssumeRoleWithWebIdentity call.
*
*
* @param webIdentityToken
* The OAuth 2.0 access token or OpenID Connect ID token that is provided by the identity provider. Your
* application must get this token by authenticating the user who is using your application with a web
* identity provider before the application makes an AssumeRoleWithWebIdentity call.
* @return Returns a reference to this object so that method calls can be chained together.
*/
Builder webIdentityToken(String webIdentityToken);
/**
*
* The fully qualified host component of the domain name of the identity provider.
*
*
* Specify this value only for OAuth 2.0 access tokens. Currently www.amazon.com and
* graph.facebook.com are the only supported identity providers for OAuth 2.0 access tokens. Do not
* include URL schemes and port numbers.
*
*
* Do not specify this value for OpenID Connect ID tokens.
*
*
* @param providerId
* The fully qualified host component of the domain name of the identity provider.
*
* Specify this value only for OAuth 2.0 access tokens. Currently www.amazon.com and
* graph.facebook.com are the only supported identity providers for OAuth 2.0 access tokens.
* Do not include URL schemes and port numbers.
*
*
* Do not specify this value for OpenID Connect ID tokens.
* @return Returns a reference to this object so that method calls can be chained together.
*/
Builder providerId(String providerId);
/**
*
* An IAM policy in JSON format.
*
*
* The policy parameter is optional. If you pass a policy, the temporary security credentials that are returned
* by the operation have the permissions that are allowed by both the access policy of the role that is being
* assumed, and the policy that you pass. This gives you a way to further restrict the
* permissions for the resulting temporary security credentials. You cannot use the passed policy to grant
* permissions that are in excess of those allowed by the access policy of the role that is being assumed. For
* more information, see Permissions for AssumeRoleWithWebIdentity in the IAM User Guide.
*
*
* The format for this parameter, as described by its regex pattern, is a string of characters up to 2048
* characters in length. The characters can be any ASCII character from the space character to the end of the
* valid character list ( -\u00FF). It can also include the tab ( ), linefeed ( ), and carriage return ( )
* characters.
*
*
*
* The policy plain text must be 2048 bytes or shorter. However, an internal conversion compresses it into a
* packed binary format with a separate limit. The PackedPolicySize response element indicates by percentage how
* close to the upper size limit the policy is, with 100% equaling the maximum allowed size.
*
*
*
* @param policy
* An IAM policy in JSON format.
*
* The policy parameter is optional. If you pass a policy, the temporary security credentials that are
* returned by the operation have the permissions that are allowed by both the access policy of the role
* that is being assumed, and the policy that you pass. This gives you a way to further
* restrict the permissions for the resulting temporary security credentials. You cannot use the passed
* policy to grant permissions that are in excess of those allowed by the access policy of the role that
* is being assumed. For more information, see Permissions for AssumeRoleWithWebIdentity in the IAM User Guide.
*
*
* The format for this parameter, as described by its regex pattern, is a string of characters up to 2048
* characters in length. The characters can be any ASCII character from the space character to the end of
* the valid character list ( -\u00FF). It can also include the tab ( ), linefeed ( ), and carriage
* return ( ) characters.
*
*
*
* The policy plain text must be 2048 bytes or shorter. However, an internal conversion compresses it
* into a packed binary format with a separate limit. The PackedPolicySize response element indicates by
* percentage how close to the upper size limit the policy is, with 100% equaling the maximum allowed
* size.
*
* @return Returns a reference to this object so that method calls can be chained together.
*/
Builder policy(String policy);
/**
*
* The duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the
* maximum session duration setting for the role. This setting can have a value from 1 hour to 12 hours. If you
* specify a value higher than this setting, the operation fails. For example, if you specify a session duration
* of 12 hours, but your administrator set the maximum session duration to 6 hours, your operation fails. To
* learn how to view the maximum value for your role, see View the Maximum Session Duration Setting for a Role in the IAM User Guide.
*
*
* By default, the value is set to 3600 seconds.
*
*
*
* The DurationSeconds parameter is separate from the duration of a console session that you might
* request using the returned credentials. The request to the federation endpoint for a console sign-in token
* takes a SessionDuration parameter that specifies the maximum length of the console session. For
* more information, see Creating a URL that Enables Federated Users to Access the AWS Management Console in the IAM User
* Guide.
*
*
*
* @param durationSeconds
* The duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to
* the maximum session duration setting for the role. This setting can have a value from 1 hour to 12
* hours. If you specify a value higher than this setting, the operation fails. For example, if you
* specify a session duration of 12 hours, but your administrator set the maximum session duration to 6
* hours, your operation fails. To learn how to view the maximum value for your role, see View the Maximum Session Duration Setting for a Role in the IAM User Guide.
*
* By default, the value is set to 3600 seconds.
*
*
*
* The DurationSeconds parameter is separate from the duration of a console session that you
* might request using the returned credentials. The request to the federation endpoint for a console
* sign-in token takes a SessionDuration parameter that specifies the maximum length of the
* console session. For more information, see Creating a URL that Enables Federated Users to Access the AWS Management Console in the IAM
* User Guide.
*
* @return Returns a reference to this object so that method calls can be chained together.
*/
Builder durationSeconds(Integer durationSeconds);
@Override
Builder overrideConfiguration(AwsRequestOverrideConfiguration overrideConfiguration);
@Override
Builder overrideConfiguration(Consumer builderConsumer);
}
static final class BuilderImpl extends StsRequest.BuilderImpl implements Builder {
private String roleArn;
private String roleSessionName;
private String webIdentityToken;
private String providerId;
private String policy;
private Integer durationSeconds;
private BuilderImpl() {
}
private BuilderImpl(AssumeRoleWithWebIdentityRequest model) {
super(model);
roleArn(model.roleArn);
roleSessionName(model.roleSessionName);
webIdentityToken(model.webIdentityToken);
providerId(model.providerId);
policy(model.policy);
durationSeconds(model.durationSeconds);
}
public final String getRoleArn() {
return roleArn;
}
@Override
public final Builder roleArn(String roleArn) {
this.roleArn = roleArn;
return this;
}
public final void setRoleArn(String roleArn) {
this.roleArn = roleArn;
}
public final String getRoleSessionName() {
return roleSessionName;
}
@Override
public final Builder roleSessionName(String roleSessionName) {
this.roleSessionName = roleSessionName;
return this;
}
public final void setRoleSessionName(String roleSessionName) {
this.roleSessionName = roleSessionName;
}
public final String getWebIdentityToken() {
return webIdentityToken;
}
@Override
public final Builder webIdentityToken(String webIdentityToken) {
this.webIdentityToken = webIdentityToken;
return this;
}
public final void setWebIdentityToken(String webIdentityToken) {
this.webIdentityToken = webIdentityToken;
}
public final String getProviderId() {
return providerId;
}
@Override
public final Builder providerId(String providerId) {
this.providerId = providerId;
return this;
}
public final void setProviderId(String providerId) {
this.providerId = providerId;
}
public final String getPolicy() {
return policy;
}
@Override
public final Builder policy(String policy) {
this.policy = policy;
return this;
}
public final void setPolicy(String policy) {
this.policy = policy;
}
public final Integer getDurationSeconds() {
return durationSeconds;
}
@Override
public final Builder durationSeconds(Integer durationSeconds) {
this.durationSeconds = durationSeconds;
return this;
}
public final void setDurationSeconds(Integer durationSeconds) {
this.durationSeconds = durationSeconds;
}
@Override
public Builder overrideConfiguration(AwsRequestOverrideConfiguration overrideConfiguration) {
super.overrideConfiguration(overrideConfiguration);
return this;
}
@Override
public Builder overrideConfiguration(Consumer builderConsumer) {
super.overrideConfiguration(builderConsumer);
return this;
}
@Override
public AssumeRoleWithWebIdentityRequest build() {
return new AssumeRoleWithWebIdentityRequest(this);
}
@Override
public List> sdkFields() {
return SDK_FIELDS;
}
}
}