下面列出了org.apache.hadoop.fs.s3a.Constants#software.amazon.awssdk.services.sts.auth.StsAssumeRoleCredentialsProvider 实例代码,或者点击链接到github查看源代码,也可以在右侧发表评论。
private StsProfileCredentialsProvider(AwsCredentialsProvider parentCredentialsProvider, Profile profile) {
String roleArn = requireProperty(profile, ProfileProperty.ROLE_ARN);
String roleSessionName = profile.property(ProfileProperty.ROLE_SESSION_NAME)
.orElseGet(() -> "aws-sdk-java-" + System.currentTimeMillis());
String externalId = profile.property(ProfileProperty.EXTERNAL_ID).orElse(null);
AssumeRoleRequest assumeRoleRequest = AssumeRoleRequest.builder()
.roleArn(roleArn)
.roleSessionName(roleSessionName)
.externalId(externalId)
.build();
this.stsClient = StsClient.builder()
.applyMutation(client -> configureEndpoint(client, profile))
.credentialsProvider(parentCredentialsProvider)
.build();
this.parentCredentialsProvider = parentCredentialsProvider;
this.credentialsProvider = StsAssumeRoleCredentialsProvider.builder()
.stsClient(stsClient)
.refreshRequest(assumeRoleRequest)
.build();
}
public STSCredentialProviderV2(Configuration conf) {
AwsCredentialsProvider awsCredentialsProvider = null;
if (S3StoragePlugin.ACCESS_KEY_PROVIDER.equals(conf.get(Constants.ASSUMED_ROLE_CREDENTIALS_PROVIDER))) {
awsCredentialsProvider = StaticCredentialsProvider.create(AwsBasicCredentials.create(
conf.get(Constants.ACCESS_KEY), conf.get(Constants.SECRET_KEY)));
} else if (S3StoragePlugin.EC2_METADATA_PROVIDER.equals(conf.get(Constants.ASSUMED_ROLE_CREDENTIALS_PROVIDER))) {
awsCredentialsProvider = InstanceProfileCredentialsProvider.create();
}
final StsClientBuilder builder = StsClient.builder()
.credentialsProvider(awsCredentialsProvider)
.region(S3FileSystem.getAWSRegionFromConfigurationOrDefault(conf))
.httpClientBuilder(initConnectionSettings(conf));
S3FileSystem.getStsEndpoint(conf).ifPresent(e -> {
try {
builder.endpointOverride(new URI(e));
} catch (URISyntaxException use) {
throw UserException.sourceInBadState(use).buildSilently();
}
});
initUserAgent(builder, conf);
final AssumeRoleRequest assumeRoleRequest = AssumeRoleRequest.builder()
.roleArn(conf.get(Constants.ASSUMED_ROLE_ARN))
.roleSessionName(UUID.randomUUID().toString())
.build();
this.stsAssumeRoleCredentialsProvider = StsAssumeRoleCredentialsProvider.builder()
.refreshRequest(assumeRoleRequest)
.stsClient(builder.build())
.build();
}
@Override
public software.amazon.awssdk.auth.credentials.AwsCredentialsProvider getV2CredentialsProvider() {
StsClient client = StsClient.create();
return StsAssumeRoleCredentialsProvider.builder().stsClient(client).refreshRequest((req) -> {
req.roleArn(roleArn).roleSessionName(roleSessionName).build();
}).build();
}
public void setRoleToAssumeArn(String roleToAssumeArn) {
this.roleToAssumeArn = roleToAssumeArn;
if(!Validator.isBlank(roleToAssumeArn)) {
String sessionId = "session" + Math.random();
StsAssumeRoleCredentialsProvider remoteAccountCredentials =
StsAssumeRoleCredentialsProvider.builder().refreshRequest(builder ->
builder.roleArn(roleToAssumeArn).roleSessionName(sessionId).build()).build();
credentials = remoteAccountCredentials;
}
}