/** * Loads the credential profiles from the given input stream. * * @param is input stream from where the profile details are read. */ private AllProfiles loadProfiles(InputStream is) throws IOException { ProfilesConfigFileLoaderHelper helper = new ProfilesConfigFileLoaderHelper(); Map<String, Map<String, String>> allProfileProperties = helper .parseProfileProperties(new Scanner(is, StringUtils.UTF8.name())); // Convert the loaded property map to credential objects Map<String, BasicProfile> profilesByName = new LinkedHashMap<String, BasicProfile>(); for (Entry<String, Map<String, String>> entry : allProfileProperties.entrySet()) { String profileName = entry.getKey(); Map<String, String> properties = entry.getValue(); if (profileName.startsWith("profile ")) { LOG.warn( "Your profile name includes a 'profile ' prefix. This is considered part of the profile name in the " + "Java SDK, so you will need to include this prefix in your profile name when you reference this " + "profile from your Java code."); } assertParameterNotEmpty(profileName, "Unable to load properties from profile: Profile name is empty."); profilesByName.put(profileName, new BasicProfile(profileName, properties)); } return new AllProfiles(profilesByName); }
private AWSCredentialsProvider fromAssumeRole() { if (StringUtils.isNullOrEmpty(profile.getRoleSourceProfile())) { throw new SdkClientException(String.format( "Unable to load credentials from profile [%s]: Source profile name is not specified", profile.getProfileName())); } final BasicProfile sourceProfile = allProfiles .getProfile(this.profile.getRoleSourceProfile()); if (sourceProfile == null) { throw new SdkClientException(String.format( "Unable to load source profile [%s]: Source profile was not found [%s]", profile.getProfileName(), profile.getRoleSourceProfile())); } AWSCredentials sourceCredentials = new ProfileStaticCredentialsProvider(sourceProfile) .getCredentials(); final String roleSessionName = (this.profile.getRoleSessionName() == null) ? "aws-sdk-java-" + System.currentTimeMillis() : this.profile.getRoleSessionName(); RoleInfo roleInfo = new RoleInfo().withRoleArn(this.profile.getRoleArn()) .withRoleSessionName(roleSessionName) .withExternalId(this.profile.getRoleExternalId()) .withLongLivedCredentials(sourceCredentials); return profileCredentialsService.getAssumeRoleCredentialsProvider(roleInfo); } }
private AWSCredentialsProvider fromProfile(BasicProfile profile) { if (profile.isRoleBasedProfile()) { return new ProfileAssumeRoleCredentialsProvider(profileCredentialsService, allProfiles, profile); } else if (profile.isProcessBasedProfile()) { return new ProfileProcessCredentialsProvider(profile); } else { return new ProfileStaticCredentialsProvider(profile); } }
private AWSCredentials fromStaticCredentials() { if (StringUtils.isNullOrEmpty(profile.getAwsAccessIdKey())) { throw new SdkClientException(String.format( "Unable to load credentials into profile [%s]: AWS Access Key ID is not specified.", profile.getProfileName())); } if (StringUtils.isNullOrEmpty(profile.getAwsSecretAccessKey())) { throw new SdkClientException(String.format( "Unable to load credentials into profile [%s]: AWS Secret Access Key is not specified.", profile.getAwsSecretAccessKey())); } if (profile.getAwsSessionToken() == null) { return new BasicAWSCredentials(profile.getAwsAccessIdKey(), profile.getAwsSecretAccessKey()); } else { if (profile.getAwsSessionToken().isEmpty()) { throw new SdkClientException(String.format( "Unable to load credentials into profile [%s]: AWS Session Token is empty.", profile.getProfileName())); } return new BasicSessionCredentials(profile.getAwsAccessIdKey(), profile.getAwsSecretAccessKey(), profile.getAwsSessionToken()); } }
String profileName = entry.getKey(); Map<String, String> properties = entry.getValue(); profilesByName.put(profileName, new BasicProfile(profileName, properties)); final Map.Entry<String, BasicProfile> entry = optional.get(); final BasicProfile basicProfile = entry.getValue(); if(basicProfile.isRoleBasedProfile()) { if(log.isDebugEnabled()) { log.debug(String.format("Configure credentials from role based profile %s", basicProfile.getProfileName())); if(StringUtils.isBlank(basicProfile.getRoleSourceProfile())) { throw new LoginFailureException(String.format("Missing source profile reference in profile %s", basicProfile.getProfileName())); else if(!profiles.containsKey(basicProfile.getRoleSourceProfile())) { throw new LoginFailureException(String.format("Missing source profile with name %s", basicProfile.getRoleSourceProfile())); final BasicProfile sourceProfile = profiles.get(basicProfile.getRoleSourceProfile()); sourceProfile.getAwsAccessIdKey(), sourceProfile.getAwsSecretAccessKey(), sourceProfile.getAwsSessionToken()); final String tokenCode; if(basicProfile.getProperties().containsKey("mfa_serial")) { tokenCode = prompt.prompt( host, LocaleFactory.localizedString("Provide additional login credentials", "Credentials"), String.format("%s %s", LocaleFactory.localizedString("Multi-Factor Authentication", "S3"), basicProfile.getProperties().get("mfa_serial")), new LoginOptions(host.getProtocol()) .password(true) .withRoleArn(basicProfile.getRoleArn())
public String getAwsAccessIdKey() { return getPropertyValue(ProfileKeyConstants.AWS_ACCESS_KEY_ID); }
public static AWSCredentialsProvider getAWSCredentialsProvider(String profile) { BasicProfile basicProfile = new ProfilesConfigFile().getAllBasicProfiles().get(profile); if(basicProfile == null) { throw new RuntimeException("No AWS profile named '" + profile + "'"); } if (basicProfile.isRoleBasedProfile()) { return new STSAssumeRoleSessionCredentialsProvider.Builder(basicProfile.getRoleArn(), profile) .withStsClient(AWSSecurityTokenServiceClientBuilder.defaultClient()).build(); } else { return new ProfileCredentialsProvider(profile); } }
/** * Returns the value of a specific property that is included in this Profile instance. * * @see BasicProfile#getProperties() */ public String getPropertyValue(String propertyName) { return getProperties().get(propertyName); }
public boolean isRoleBasedProfile() { return getRoleArn() != null; }
private AWSCredentialsProvider fromProfile(BasicProfile profile) { if (profile.isRoleBasedProfile()) { return new ProfileAssumeRoleCredentialsProvider(profileCredentialsService, allProfiles, profile); } else { return new ProfileStaticCredentialsProvider(profile); } }
private AWSCredentials fromStaticCredentials() { if (StringUtils.isNullOrEmpty(profile.getAwsAccessIdKey())) { throw new SdkClientException(String.format( "Unable to load credentials into profile [%s]: AWS Access Key ID is not specified.", profile.getProfileName())); } if (StringUtils.isNullOrEmpty(profile.getAwsSecretAccessKey())) { throw new SdkClientException(String.format( "Unable to load credentials into profile [%s]: AWS Secret Access Key is not specified.", profile.getAwsSecretAccessKey())); } if (profile.getAwsSessionToken() == null) { return new BasicAWSCredentials(profile.getAwsAccessIdKey(), profile.getAwsSecretAccessKey()); } else { if (profile.getAwsSessionToken().isEmpty()) { throw new SdkClientException(String.format( "Unable to load credentials into profile [%s]: AWS Session Token is empty.", profile.getProfileName())); } return new BasicSessionCredentials(profile.getAwsAccessIdKey(), profile.getAwsSecretAccessKey(), profile.getAwsSessionToken()); } }
public String getAwsSecretAccessKey() { return getPropertyValue(ProfileKeyConstants.AWS_SECRET_ACCESS_KEY); }
@Deprecated public Map<String, Profile> getAllProfiles() { Map<String, Profile> legacyProfiles = new HashMap<String, Profile>(); for (Map.Entry<String, BasicProfile> entry : getAllBasicProfiles().entrySet()) { final String profileName = entry.getKey(); legacyProfiles.put(profileName, new Profile(profileName, entry.getValue().getProperties(), new StaticCredentialsProvider( getCredentials(profileName)))); } return legacyProfiles; }
public boolean isRoleBasedProfile() { return getRoleArn() != null; }
private AWSCredentialsProvider fromAssumeRole() { if (StringUtils.isNullOrEmpty(profile.getRoleSourceProfile())) { throw new SdkClientException(String.format( "Unable to load credentials from profile [%s]: Source profile name is not specified", profile.getProfileName())); } final BasicProfile sourceProfile = allProfiles .getProfile(this.profile.getRoleSourceProfile()); if (sourceProfile == null) { throw new SdkClientException(String.format( "Unable to load source profile [%s]: Source profile was not found [%s]", profile.getProfileName(), profile.getRoleSourceProfile())); } AWSCredentials sourceCredentials = new ProfileStaticCredentialsProvider(sourceProfile) .getCredentials(); final String roleSessionName = (this.profile.getRoleSessionName() == null) ? "aws-sdk-java-" + System.currentTimeMillis() : this.profile.getRoleSessionName(); RoleInfo roleInfo = new RoleInfo().withRoleArn(this.profile.getRoleArn()) .withRoleSessionName(roleSessionName) .withExternalId(this.profile.getRoleExternalId()) .withLongLivedCredentials(sourceCredentials); return profileCredentialsService.getAssumeRoleCredentialsProvider(roleInfo); } }
private AWSCredentials fromStaticCredentials() { if (StringUtils.isNullOrEmpty(profile.getAwsAccessIdKey())) { throw new SdkClientException(String.format( "Unable to load credentials into profile [%s]: AWS Access Key ID is not specified.", profile.getProfileName())); } if (StringUtils.isNullOrEmpty(profile.getAwsSecretAccessKey())) { throw new SdkClientException(String.format( "Unable to load credentials into profile [%s]: AWS Secret Access Key is not specified.", profile.getAwsSecretAccessKey())); } if (profile.getAwsSessionToken() == null) { return new BasicAWSCredentials(profile.getAwsAccessIdKey(), profile.getAwsSecretAccessKey()); } else { if (profile.getAwsSessionToken().isEmpty()) { throw new SdkClientException(String.format( "Unable to load credentials into profile [%s]: AWS Session Token is empty.", profile.getProfileName())); } return new BasicSessionCredentials(profile.getAwsAccessIdKey(), profile.getAwsSecretAccessKey(), profile.getAwsSessionToken()); } }
public String getRoleSessionName() { return getPropertyValue(ProfileKeyConstants.ROLE_SESSION_NAME); }
/** * Loads the credential profiles from the given input stream. * * @param is input stream from where the profile details are read. */ private AllProfiles loadProfiles(InputStream is) throws IOException { ProfilesConfigFileLoaderHelper helper = new ProfilesConfigFileLoaderHelper(); Map<String, Map<String, String>> allProfileProperties = helper .parseProfileProperties(new Scanner(is, StringUtils.UTF8.name())); // Convert the loaded property map to credential objects Map<String, BasicProfile> profilesByName = new LinkedHashMap<String, BasicProfile>(); for (Entry<String, Map<String, String>> entry : allProfileProperties.entrySet()) { String profileName = entry.getKey(); Map<String, String> properties = entry.getValue(); if (profileName.startsWith("profile ")) { LOG.warn( "Your profile name includes a 'profile ' prefix. This is considered part of the profile name in the " + "Java SDK, so you will need to include this prefix in your profile name when you reference this " + "profile from your Java code."); } assertParameterNotEmpty(profileName, "Unable to load properties from profile: Profile name is empty."); profilesByName.put(profileName, new BasicProfile(profileName, properties)); } return new AllProfiles(profilesByName); }
/** * Returns the value of a specific property that is included in this Profile instance. * * @see BasicProfile#getProperties() */ public String getPropertyValue(String propertyName) { return getProperties().get(propertyName); }
private AWSCredentialsProvider fromProfile(BasicProfile profile) { if (profile.isRoleBasedProfile()) { return new ProfileAssumeRoleCredentialsProvider(profileCredentialsService, allProfiles, profile); } else if (profile.isProcessBasedProfile()) { return new ProfileProcessCredentialsProvider(profile); } else { return new ProfileStaticCredentialsProvider(profile); } }