Java源码示例:software.amazon.awssdk.services.sts.model.StsException
示例1
@Override
public void validate() throws IOException {
try {
// use STS to find account id and user
var builder = StsClient.builder();
if (!this.isAutoDiscovered()) {
builder.region(Region.of(this.region));
builder.credentialsProvider(() -> this);
}
var stsClient = builder.build();
var identity = stsClient.getCallerIdentity();
this.accountId = identity.account();
this.user = identity.arn();
LOGGER.info("Account {} validated with user {}.", this.accountId, this.user);
} catch (SdkClientException | StsException ex) {
// TODO: log error, etc.
throw new IOException(ex.getMessage());
}
}
示例2
@Test(expected = RuntimeException.class)
public void testVerifyCredentialsNoRetryOnAuthnError() {
PowerMockito.mockStatic(StsClient.class);
StsClient mockedClient = mock(StsClient.class);
StsClientBuilder mockedClientBuilder = mock(StsClientBuilder.class);
when(mockedClientBuilder.credentialsProvider(any(AwsCredentialsProvider.class))).thenReturn(mockedClientBuilder);
when(mockedClientBuilder.region(any(Region.class))).thenReturn(mockedClientBuilder);
when(mockedClientBuilder.build()).thenReturn(mockedClient);
when(StsClient.builder()).thenReturn(mockedClientBuilder);
TestExtendedS3FileSystem fs = new TestExtendedS3FileSystem();
AtomicInteger retryAttemptNo = new AtomicInteger(0);
when(mockedClient.getCallerIdentity(any(GetCallerIdentityRequest.class))).then(invocationOnMock -> {
retryAttemptNo.incrementAndGet();
throw StsException.builder().message("The security token included in the request is invalid. (Service: Sts, Status Code: 403, Request ID: a7e2e92e-5ebb-4343-87a1-21e4d64edcd4)").build();
});
fs.verifyCredentials(new Configuration());
assertEquals(1, retryAttemptNo.get());
}
示例3
@Test
public void profileCredentialsProviderCanAssumeRoles() throws InterruptedException {
String ASSUME_ROLE_PROFILE =
"[source]\n"
+ "aws_access_key_id = " + userCredentials.accessKeyId() + "\n"
+ "aws_secret_access_key = " + userCredentials.secretAccessKey() + "\n"
+ "\n"
+ "[test]\n"
+ "region = us-west-1\n"
+ "source_profile = source\n"
+ "role_arn = " + ROLE_ARN;
ProfileFile profiles = ProfileFile.builder()
.content(new StringInputStream(ASSUME_ROLE_PROFILE))
.type(ProfileFile.Type.CREDENTIALS)
.build();
Optional<Profile> profile = profiles.profile("test");
AwsCredentialsProvider awsCredentialsProvider =
new ProfileCredentialsUtils(profile.get(), profiles::profile).credentialsProvider().get();
// Try to assume the role until the eventual consistency catches up.
AwsCredentials awsCredentials = Waiter.run(awsCredentialsProvider::resolveCredentials)
.ignoringException(StsException.class)
.orFail();
assertThat(awsCredentials.accessKeyId()).isNotBlank();
assertThat(awsCredentials.secretAccessKey()).isNotBlank();
((SdkAutoCloseable) awsCredentialsProvider).close();
}
示例4
@Test
public void profileCredentialProviderCanAssumeRolesWithEnvironmentCredentialSource() throws InterruptedException {
EnvironmentVariableHelper.run(helper -> {
helper.set("AWS_ACCESS_KEY_ID", userCredentials.accessKeyId());
helper.set("AWS_SECRET_ACCESS_KEY", userCredentials.secretAccessKey());
String ASSUME_ROLE_PROFILE =
"[test]\n"
+ "region = us-west-1\n"
+ "credential_source = Environment\n"
+ "role_arn = " + ROLE_ARN;
ProfileFile profiles = ProfileFile.builder()
.content(new StringInputStream(ASSUME_ROLE_PROFILE))
.type(ProfileFile.Type.CREDENTIALS)
.build();
Optional<Profile> profile = profiles.profile("test");
AwsCredentialsProvider awsCredentialsProvider =
new ProfileCredentialsUtils(profile.get(), profiles::profile).credentialsProvider().get();
// Try to assume the role until the eventual consistency catches up.
AwsCredentials awsCredentials = Waiter.run(awsCredentialsProvider::resolveCredentials)
.ignoringException(StsException.class)
.orFail();
assertThat(awsCredentials.accessKeyId()).isNotBlank();
assertThat(awsCredentials.secretAccessKey()).isNotBlank();
((SdkAutoCloseable) awsCredentialsProvider).close();
});
}
示例5
@Test
public void profileCredentialProviderWithEnvironmentCredentialSourceAndSystemProperties() throws InterruptedException {
System.setProperty("aws.accessKeyId", userCredentials.accessKeyId());
System.setProperty("aws.secretAccessKey", userCredentials.secretAccessKey());
EnvironmentVariableHelper.run(helper -> {
helper.remove("AWS_ACCESS_KEY_ID");
helper.remove("AWS_SECRET_ACCESS_KEY");
String ASSUME_ROLE_PROFILE =
"[test]\n"
+ "region = us-west-1\n"
+ "credential_source = Environment\n"
+ "role_arn = " + ROLE_ARN;
ProfileFile profiles = ProfileFile.builder()
.content(new StringInputStream(ASSUME_ROLE_PROFILE))
.type(ProfileFile.Type.CREDENTIALS)
.build();
Optional<Profile> profile = profiles.profile("test");
AwsCredentialsProvider awsCredentialsProvider =
new ProfileCredentialsUtils(profile.get(), profiles::profile).credentialsProvider().get();
// Try to assume the role until the eventual consistency catches up.
AwsCredentials awsCredentials = Waiter.run(awsCredentialsProvider::resolveCredentials)
.ignoringException(StsException.class)
.orFail();
assertThat(awsCredentials.accessKeyId()).isNotBlank();
assertThat(awsCredentials.secretAccessKey()).isNotBlank();
((SdkAutoCloseable) awsCredentialsProvider).close();
});
System.clearProperty("aws.accessKeyId");
System.clearProperty("aws.secretAccessKey");
}
