下面列出了com.amazonaws.auth.AWSCredentials#getAWSAccessKeyId ( ) 实例代码,或者点击链接到github查看源代码,也可以在右侧发表评论。
@Override
public Initializer initializer() {
return (app) -> {
// The first access to S3 tends to be slow on AWS Lambda.
AWSCredentials credentials = getCredentials();
if (credentials == null || credentials.getAWSAccessKeyId() == null) {
throw new IllegalStateException("AWS credentials not found");
}
if (log.isDebugEnabled()) {
log.debug("AWS credentials loaded (access key id: {})", credentials.getAWSAccessKeyId());
}
boolean bucketExists = createS3Client().doesBucketExistV2(bucketName);
if (!bucketExists) {
throw new IllegalStateException("Failed to access the Amazon S3 bucket (name: " + bucketName + ")");
}
};
}
@Override
public Initializer initializer() {
return (app) -> {
// The first access to S3 tends to be slow on AWS Lambda.
AWSCredentials credentials = getCredentials();
if (credentials == null || credentials.getAWSAccessKeyId() == null) {
throw new IllegalStateException("AWS credentials not found");
}
if (log.isDebugEnabled()) {
log.debug("AWS credentials loaded (access key id: {})", credentials.getAWSAccessKeyId());
}
boolean bucketExists = createS3Client().doesBucketExistV2(bucketName);
if (!bucketExists) {
throw new IllegalStateException("Failed to access the Amazon S3 bucket (name: " + bucketName + ")");
}
};
}
public S3Conf( ConnectionDetails details ) {
super( details );
Map<String, String> props = details.getProperties();
credentialsFilePath = props.get( "credentialsFilePath" );
if ( shouldGetCredsFromFile( props.get( "accessKey" ), props.get( "credentialsFilePath" ) ) ) {
AWSCredentials creds = getCredsFromFile( props, credentialsFilePath );
accessKey = creds.getAWSAccessKeyId();
secretKey = creds.getAWSSecretKey();
if ( creds instanceof BasicSessionCredentials ) {
sessionToken = ( (BasicSessionCredentials) creds ).getSessionToken();
} else {
sessionToken = null;
}
} else {
accessKey = props.get( "accessKey" );
secretKey = props.get( "secretKey" );
sessionToken = props.get( "sessionToken" );
// Use only when VFS is configured for generic S3 connection
endpoint = props.get( "endpoint" );
pathStyleAccess = props.get( "pathStyleAccess" );
}
}
@Override
public AwsCredentials resolveCredentials() {
AWSCredentials current = oldCredentialsProvider.getCredentials();
if (current instanceof AWSSessionCredentials) {
return AwsSessionCredentials.create(current.getAWSAccessKeyId(), current.getAWSSecretKey(), ((AWSSessionCredentials) current).getSessionToken());
}
return new AwsCredentials() {
@Override
public String accessKeyId() {
return current.getAWSAccessKeyId();
}
@Override
public String secretAccessKey() {
return current.getAWSSecretKey();
}
};
}
public ClientHelper(AWSCredentials credentials, String region, ProxyConfiguration proxy) {
this.region = region;
this.proxy = proxy;
if (credentials != null) {
this.accessKey = credentials.getAWSAccessKeyId();
this.secretKey = credentials.getAWSSecretKey();
} else {
this.accessKey = null;
this.secretKey = null;
}
}
public static Supplier<Credentials> getCredentials(String driver,
OffloadPolicies conf) throws IOException {
// credentials:
// for s3, get by DefaultAWSCredentialsProviderChain.
// for gcs, use downloaded file 'google_creds.json', which contains service account key by
// following instructions in page https://support.google.com/googleapi/answer/6158849
if (isGcsDriver(driver)) {
String gcsKeyPath = conf.getGcsManagedLedgerOffloadServiceAccountKeyFile();
if (Strings.isNullOrEmpty(gcsKeyPath)) {
throw new IOException(
"The service account key path is empty for GCS driver");
}
try {
String gcsKeyContent = Files.toString(new File(gcsKeyPath), Charset.defaultCharset());
return () -> new GoogleCredentialsFromJson(gcsKeyContent).get();
} catch (IOException ioe) {
log.error("Cannot read GCS service account credentials file: {}", gcsKeyPath);
throw new IOException(ioe);
}
} else if (isS3Driver(driver)) {
AWSCredentialsProvider credsChain = CredentialsUtil.getAWSCredentialProvider(conf);
// try and get creds before starting... if we can't fetch
// creds on boot, we want to fail
try {
credsChain.getCredentials();
} catch (Exception e) {
// allowed, some mock s3 service not need credential
log.error("unable to fetch S3 credentials for offloading, failing", e);
throw e;
}
return () -> {
AWSCredentials creds = credsChain.getCredentials();
if (creds == null) {
// we don't expect this to happen, as we
// successfully fetched creds on boot
throw new RuntimeException("Unable to fetch S3 credentials after start, unexpected!");
}
// if we have session credentials, we need to send the session token
// this allows us to support EC2 metadata credentials
if (creds instanceof AWSSessionCredentials) {
return SessionCredentials.builder()
.accessKeyId(creds.getAWSAccessKeyId())
.secretAccessKey(creds.getAWSSecretKey())
.sessionToken(((AWSSessionCredentials) creds).getSessionToken())
.build();
} else {
return new Credentials(creds.getAWSAccessKeyId(), creds.getAWSSecretKey());
}
};
} else {
throw new IOException(
"Not support this kind of driver: " + driver);
}
}
public Map<String, Object> getSignedHeaders(String uri,
String method,
Multimap<String, String> queryParams,
Map<String, Object> headers,
Optional<byte[]> payload) {
final LocalDateTime now = clock.get();
final AWSCredentials credentials = credentialsProvider.getCredentials();
final Map<String, Object> result = new TreeMap<>(String.CASE_INSENSITIVE_ORDER);
result.putAll(headers);
final Optional<String> possibleHost = Optional.fromNullable(result.get(HOST))
.transform(Object::toString);
final int indexOfPortSymbol = possibleHost.transform(host -> host.indexOf(':')).or(-1);
if (indexOfPortSymbol > -1) {
result.put(HOST, possibleHost.get().substring(0, indexOfPortSymbol));
}
if (!result.containsKey(DATE)) {
result.put(X_AMZ_DATE, now.format(BASIC_TIME_FORMAT));
}
if (AWSSessionCredentials.class.isAssignableFrom(credentials.getClass())) {
result.put(SESSION_TOKEN, ((AWSSessionCredentials) credentials).getSessionToken());
}
final StringBuilder headersString = new StringBuilder();
final ImmutableList.Builder<String> signedHeaders = ImmutableList.builder();
for (Map.Entry<String, Object> entry : result.entrySet()) {
final Optional<String> headerAsString = headerAsString(entry, method);
if (headerAsString.isPresent()) {
headersString.append(headerAsString.get()).append(RETURN);
signedHeaders.add(entry.getKey().toLowerCase());
}
}
final String signedHeaderKeys = JOINER.join(signedHeaders.build());
final String canonicalRequest = method + RETURN +
SdkHttpUtils.urlEncode(uri, true) + RETURN +
queryParamsString(queryParams) + RETURN +
headersString.toString() + RETURN +
signedHeaderKeys + RETURN +
toBase16(hash(payload.or(EMPTY.getBytes(Charsets.UTF_8))));
final String stringToSign = createStringToSign(canonicalRequest, now);
final String signature = sign(stringToSign, now, credentials);
final String autorizationHeader = AWS4_HMAC_SHA256_CREDENTIAL + credentials.getAWSAccessKeyId() + SLASH + getCredentialScope(now) +
SIGNED_HEADERS + signedHeaderKeys +
SIGNATURE + signature;
result.put(AUTHORIZATION, autorizationHeader);
return ImmutableMap.copyOf(result);
}
private AWSCredentialsMatcher(AWSCredentials expected) {
this(expected.getAWSAccessKeyId(), expected.getAWSSecretKey());
}