Merge pull request #1217 from jclouds/sts

add support for amazon temporary credentials
This commit is contained in:
Adrian Cole 2013-01-21 15:11:50 -08:00
commit fbbce9e430
39 changed files with 2497 additions and 13 deletions

View File

@ -25,6 +25,7 @@ import java.util.Date;
import org.jclouds.domain.Credentials; import org.jclouds.domain.Credentials;
import com.google.common.base.Objects; import com.google.common.base.Objects;
import com.google.common.base.Supplier;
/** /**
* AWS credentials for API authentication. * AWS credentials for API authentication.
@ -173,5 +174,4 @@ public final class TemporaryCredentials extends Credentials {
return Objects.toStringHelper(this).add("accessKeyId", identity).add("sessionToken", sessionToken) return Objects.toStringHelper(this).add("accessKeyId", identity).add("sessionToken", sessionToken)
.add("expiration", expiration).toString(); .add("expiration", expiration).toString();
} }
} }

View File

@ -26,7 +26,7 @@ import static com.google.common.io.BaseEncoding.base64;
import static com.google.common.io.ByteStreams.readBytes; import static com.google.common.io.ByteStreams.readBytes;
import static org.jclouds.aws.reference.FormParameters.ACTION; import static org.jclouds.aws.reference.FormParameters.ACTION;
import static org.jclouds.aws.reference.FormParameters.AWS_ACCESS_KEY_ID; import static org.jclouds.aws.reference.FormParameters.AWS_ACCESS_KEY_ID;
import static org.jclouds.aws.reference.FormParameters.SIGNATURE; import static org.jclouds.aws.reference.FormParameters.*;
import static org.jclouds.aws.reference.FormParameters.SIGNATURE_METHOD; import static org.jclouds.aws.reference.FormParameters.SIGNATURE_METHOD;
import static org.jclouds.aws.reference.FormParameters.SIGNATURE_VERSION; import static org.jclouds.aws.reference.FormParameters.SIGNATURE_VERSION;
import static org.jclouds.aws.reference.FormParameters.TIMESTAMP; import static org.jclouds.aws.reference.FormParameters.TIMESTAMP;
@ -115,18 +115,10 @@ public class FormSigner implements HttpRequestFilter, RequestSigner {
String signature = sign(stringToSign); String signature = sign(stringToSign);
addSignature(decodedParams, signature); addSignature(decodedParams, signature);
request = setPayload(request, decodedParams); request = setPayload(request, decodedParams);
Credentials current = creds.get();
if (current instanceof TemporaryCredentials) {
request = replaceSecurityTokenHeader(request, TemporaryCredentials.class.cast(current));
}
utils.logRequest(signatureLog, request, "<<"); utils.logRequest(signatureLog, request, "<<");
return request; return request;
} }
HttpRequest replaceSecurityTokenHeader(HttpRequest request, TemporaryCredentials current) {
return request.toBuilder().replaceHeader("SecurityToken", current.getSessionToken()).build();
}
HttpRequest setPayload(HttpRequest request, Multimap<String, String> decodedParams) { HttpRequest setPayload(HttpRequest request, Multimap<String, String> decodedParams) {
String queryLine = buildQueryLine(decodedParams); String queryLine = buildQueryLine(decodedParams);
request.setPayload(queryLine); request.setPayload(queryLine);
@ -211,11 +203,16 @@ public class FormSigner implements HttpRequestFilter, RequestSigner {
@VisibleForTesting @VisibleForTesting
void addSigningParams(Multimap<String, String> params) { void addSigningParams(Multimap<String, String> params) {
params.removeAll(SIGNATURE);
params.removeAll(SECURITY_TOKEN);
Credentials current = creds.get();
if (current instanceof TemporaryCredentials) {
params.put(SECURITY_TOKEN, TemporaryCredentials.class.cast(current).getSessionToken());
}
params.replaceValues(SIGNATURE_METHOD, ImmutableList.of("HmacSHA256")); params.replaceValues(SIGNATURE_METHOD, ImmutableList.of("HmacSHA256"));
params.replaceValues(SIGNATURE_VERSION, ImmutableList.of("2")); params.replaceValues(SIGNATURE_VERSION, ImmutableList.of("2"));
params.replaceValues(TIMESTAMP, ImmutableList.of(dateService.get())); params.replaceValues(TIMESTAMP, ImmutableList.of(dateService.get()));
params.replaceValues(AWS_ACCESS_KEY_ID, ImmutableList.of(creds.get().identity)); params.replaceValues(AWS_ACCESS_KEY_ID, ImmutableList.of(creds.get().identity));
params.removeAll(SIGNATURE);
} }
public String createStringToSign(HttpRequest input) { public String createStringToSign(HttpRequest input) {

View File

@ -59,6 +59,10 @@ public interface FormParameters {
* Guide. Example: Qnpl4Qk/7tINHzfXCiT7VbBatDA= * Guide. Example: Qnpl4Qk/7tINHzfXCiT7VbBatDA=
*/ */
public static final String SIGNATURE = "Signature"; public static final String SIGNATURE = "Signature";
/**
* Temporary access token.
*/
public static final String SECURITY_TOKEN = "SecurityToken";
/** /**
* The hash algorithm you use to create the request signature. Valid values: HmacSHA256 | * The hash algorithm you use to create the request signature. Valid values: HmacSHA256 |
* HmacSHA1. For more information, go to the Amazon Elastic Compute Cloud Developer Guide. * HmacSHA1. For more information, go to the Amazon Elastic Compute Cloud Developer Guide.

View File

@ -87,8 +87,7 @@ public class FormSignerTest {
HttpRequest filtered = filter(new TemporaryCredentialsHandlerTest().expected()).filter(request); HttpRequest filtered = filter(new TemporaryCredentialsHandlerTest().expected()).filter(request);
assertEquals( assertEquals(
filtered.getPayload().getRawContent(), filtered.getPayload().getRawContent(),
"Action=DescribeImages&ImageId.1=ami-2bb65342&Signature=waV%2B%2BIdRwHRlnK2126CqgHHd4FZb%2B5wAeRueidjFc/M%3D&SignatureMethod=HmacSHA256&SignatureVersion=2&Timestamp=2009-11-08T15%3A54%3A08.897Z&Version=apiVersion&AWSAccessKeyId=AKIAIOSFODNN7EXAMPLE"); "Action=DescribeImages&ImageId.1=ami-2bb65342&SecurityToken=AQoEXAMPLEH4aoAH0gNCAPyJxz4BlCFFxWNE1OPTgk5TthT&Signature=/8ReFVH1tvyNORsJb%2BSBieT9zvdqREQQr/olwmxC7VY%3D&SignatureMethod=HmacSHA256&SignatureVersion=2&Timestamp=2009-11-08T15%3A54%3A08.897Z&Version=apiVersion&AWSAccessKeyId=AKIAIOSFODNN7EXAMPLE");
assertEquals(filtered.getFirstHeaderOrNull("SecurityToken"), "AQoEXAMPLEH4aoAH0gNCAPyJxz4BlCFFxWNE1OPTgk5TthT");
} }
@Test @Test

108
labs/aws-sts/pom.xml Normal file
View File

@ -0,0 +1,108 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
Licensed to jclouds, Inc. (jclouds) under one or more
contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. jclouds licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>org.jclouds</groupId>
<artifactId>jclouds-project</artifactId>
<version>1.6.0-SNAPSHOT</version>
<relativePath>../../project/pom.xml</relativePath>
</parent>
<groupId>org.jclouds.labs</groupId>
<artifactId>aws-sts</artifactId>
<name>jclouds Amazon Identity and Access Management (STS) provider</name>
<description>Identity and Access Management (STS) to Amazon Web Services</description>
<packaging>bundle</packaging>
<properties>
<test.aws-sts.endpoint>https://sts.amazonaws.com</test.aws-sts.endpoint>
<test.aws-sts.api-version>2011-06-15</test.aws-sts.api-version>
<test.aws-sts.build-version></test.aws-sts.build-version>
<test.aws-sts.identity>${test.aws.identity}</test.aws-sts.identity>
<test.aws-sts.credential>${test.aws.credential}</test.aws-sts.credential>
<jclouds.osgi.export>org.jclouds.aws.sts*;version="${project.version}"</jclouds.osgi.export>
<jclouds.osgi.import>org.jclouds*;version="${project.version}",*</jclouds.osgi.import>
</properties>
<dependencies>
<dependency>
<groupId>org.jclouds.labs</groupId>
<artifactId>sts</artifactId>
<version>${project.version}</version>
<type>jar</type>
</dependency>
<dependency>
<groupId>org.jclouds.labs</groupId>
<artifactId>sts</artifactId>
<version>${project.version}</version>
<type>test-jar</type>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.jclouds</groupId>
<artifactId>jclouds-core</artifactId>
<version>${project.version}</version>
<type>test-jar</type>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.jclouds.driver</groupId>
<artifactId>jclouds-log4j</artifactId>
<version>${project.version}</version>
<scope>test</scope>
</dependency>
</dependencies>
<profiles>
<profile>
<id>live</id>
<build>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-surefire-plugin</artifactId>
<executions>
<execution>
<id>integration</id>
<phase>integration-test</phase>
<goals>
<goal>test</goal>
</goals>
<configuration>
<systemPropertyVariables>
<test.aws-sts.endpoint>${test.aws-sts.endpoint}</test.aws-sts.endpoint>
<test.aws-sts.api-version>${test.aws-sts.api-version}</test.aws-sts.api-version>
<test.aws-sts.build-version>${test.aws-sts.build-version}</test.aws-sts.build-version>
<test.aws-sts.identity>${test.aws-sts.identity}</test.aws-sts.identity>
<test.aws-sts.credential>${test.aws-sts.credential}</test.aws-sts.credential>
</systemPropertyVariables>
</configuration>
</execution>
</executions>
</plugin>
</plugins>
</build>
</profile>
</profiles>
</project>

View File

@ -0,0 +1,84 @@
/**
* Licensed to jclouds, Inc. (jclouds) under one or more
* contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. jclouds licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.jclouds.aws.sts;
import java.net.URI;
import java.util.Properties;
import org.jclouds.sts.STSApiMetadata;
import org.jclouds.providers.ProviderMetadata;
import org.jclouds.providers.internal.BaseProviderMetadata;
/**
* Implementation of @ link org.jclouds.types.ProviderMetadata} for Amazon's STS
* provider.
*
* @author Adrian Cole
*/
public class AWSSTSProviderMetadata extends BaseProviderMetadata {
public static Builder builder() {
return new Builder();
}
@Override
public Builder toBuilder() {
return builder().fromProviderMetadata(this);
}
public AWSSTSProviderMetadata() {
super(builder());
}
public AWSSTSProviderMetadata(Builder builder) {
super(builder);
}
public static Properties defaultProperties() {
Properties properties = new Properties();
return properties;
}
public static class Builder extends BaseProviderMetadata.Builder {
protected Builder(){
id("aws-sts")
.name("Amazon STS")
.endpoint("https://sts.amazonaws.com")
.homepage(URI.create("http://aws.amazon.com/iam/"))
.console(URI.create("https://console.aws.amazon.com/iam/home"))
.linkedServices("aws-ec2", "aws-elb", "aws-iam", "aws-sts", "aws-cloudwatch", "aws-s3", "aws-sqs", "aws-simpledb")
.iso3166Codes("US-VA")
.apiMetadata(new STSApiMetadata())
.defaultProperties(AWSSTSProviderMetadata.defaultProperties());
}
@Override
public AWSSTSProviderMetadata build() {
return new AWSSTSProviderMetadata(this);
}
@Override
public Builder fromProviderMetadata(ProviderMetadata in) {
super.fromProviderMetadata(in);
return this;
}
}
}

View File

@ -0,0 +1 @@
org.jclouds.aws.sts.AWSSTSProviderMetadata

View File

@ -0,0 +1,35 @@
/**
* Licensed to jclouds, Inc. (jclouds) under one or more
* contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. jclouds licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.jclouds.aws.sts;
import org.jclouds.sts.STSApiLiveTest;
import org.testng.annotations.Test;
/**
* Tests behavior of {@code STSApi}
*
* @author Adrian Cole
*/
@Test(groups = "live", singleThreaded = true, testName = "AWSSTSApiLiveTest")
public class AWSSTSApiLiveTest extends STSApiLiveTest {
public AWSSTSApiLiveTest() {
provider = "aws-sts";
}
}

View File

@ -0,0 +1,37 @@
/**
* Licensed to jclouds, Inc. (jclouds) under one or more
* contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. jclouds licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.jclouds.aws.sts;
import org.jclouds.aws.sts.AWSSTSProviderMetadata;
import org.jclouds.sts.STSApiMetadata;
import org.jclouds.providers.internal.BaseProviderMetadataTest;
import org.testng.annotations.Test;
/**
* The AWSSTSProviderTest tests the org.jclouds.providers.AWSSTSProvider class.
*
* @author Adrian Cole
*/
@Test(groups = "unit", testName = "AWSSTSProviderTest")
public class AWSSTSProviderTest extends BaseProviderMetadataTest {
public AWSSTSProviderTest() {
super(new AWSSTSProviderMetadata(), new STSApiMetadata());
}
}

View File

@ -63,5 +63,7 @@
<module>oauth</module> <module>oauth</module>
<module>openstack-quantum</module> <module>openstack-quantum</module>
<module>openstack-glance</module> <module>openstack-glance</module>
<module>sts</module>
<module>aws-sts</module>
</modules> </modules>
</project> </project>

107
labs/sts/pom.xml Normal file
View File

@ -0,0 +1,107 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
Licensed to jclouds, Inc. (jclouds) under one or more
contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. jclouds licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>org.jclouds</groupId>
<artifactId>jclouds-project</artifactId>
<version>1.6.0-SNAPSHOT</version>
<relativePath>../../project/pom.xml</relativePath>
</parent>
<groupId>org.jclouds.labs</groupId>
<artifactId>sts</artifactId>
<name>jcloud sts api</name>
<description>jclouds components to access an implementation of Security Token Service (STS)</description>
<packaging>bundle</packaging>
<properties>
<test.sts.endpoint>https://sts.amazonaws.com</test.sts.endpoint>
<test.sts.api-version>2011-06-15</test.sts.api-version>
<test.sts.build-version></test.sts.build-version>
<test.sts.identity>${test.aws.identity}</test.sts.identity>
<test.sts.credential>${test.aws.credential}</test.sts.credential>
<jclouds.osgi.export>org.jclouds.sts*;version="${project.version}"</jclouds.osgi.export>
<jclouds.osgi.import>org.jclouds*;version="${project.version}",*</jclouds.osgi.import>
</properties>
<dependencies>
<dependency>
<groupId>org.jclouds.common</groupId>
<artifactId>aws-common</artifactId>
<version>${project.version}</version>
<type>jar</type>
</dependency>
<dependency>
<groupId>org.jclouds</groupId>
<artifactId>jclouds-core</artifactId>
<version>${project.version}</version>
<type>test-jar</type>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.jclouds.driver</groupId>
<artifactId>jclouds-log4j</artifactId>
<version>${project.version}</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>log4j</groupId>
<artifactId>log4j</artifactId>
<scope>test</scope>
</dependency>
</dependencies>
<profiles>
<profile>
<id>live</id>
<build>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-surefire-plugin</artifactId>
<executions>
<execution>
<id>integration</id>
<phase>integration-test</phase>
<goals>
<goal>test</goal>
</goals>
<configuration>
<systemPropertyVariables>
<test.sts.endpoint>${test.sts.endpoint}</test.sts.endpoint>
<test.sts.api-version>${test.sts.api-version}</test.sts.api-version>
<test.sts.build-version>${test.sts.build-version}</test.sts.build-version>
<test.sts.identity>${test.sts.identity}</test.sts.identity>
<test.sts.credential>${test.sts.credential}</test.sts.credential>
</systemPropertyVariables>
</configuration>
</execution>
</executions>
</plugin>
</plugins>
</build>
</profile>
</profiles>
</project>

View File

@ -0,0 +1,83 @@
/**
* Licensed to jclouds, Inc. (jclouds) under one or more
* contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. jclouds licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.jclouds.sts;
import org.jclouds.aws.domain.TemporaryCredentials;
import org.jclouds.sts.domain.User;
import org.jclouds.sts.domain.UserAndTemporaryCredentials;
import org.jclouds.sts.options.AssumeRoleOptions;
import org.jclouds.sts.options.FederatedUserOptions;
import org.jclouds.sts.options.TemporaryCredentialsOptions;
/**
* Provides access to Amazon STS via the Query API
* <p/>
*
* @see STSAsyncApi
* @see <a href="http://docs.amazonwebservices.com/STS/latest/APIReference" />
* @author Adrian Cole
*/
public interface STSApi {
/**
* Returns a set of temporary credentials for an AWS account or IAM user,
* with a default timeout
*/
TemporaryCredentials createTemporaryCredentials();
/**
* like {@link #createTemporaryCredentials()}, except you can modify the
* timeout and other parameters.
*/
TemporaryCredentials createTemporaryCredentials(TemporaryCredentialsOptions options);
/**
* Assumes a role for a specified session. Only IAM users can assume a role.
*
* @param sessionName
* An identifier for the assumed role session, included as part of
* {@link User#getId}.
* @param roleArn
* The Amazon Resource Name (ARN) of the role that the caller is
* assuming.
*/
UserAndTemporaryCredentials assumeRole(String roleArn, String sessionName);
/**
* like {@link #assumeRole(String, String)}, except you can modify the
* timeout and other parameters.
*/
UserAndTemporaryCredentials assumeRole(String roleArn, String sessionName, AssumeRoleOptions options);
/**
* Returns a set of temporary credentials for a federated user with the user
* name specified.
*
* @param userName
* The name of the federated user, included as part of
* {@link User#getId}.
*/
UserAndTemporaryCredentials createFederatedUser(String userName);
/**
* like {@link #createFederatedUser(String)}, except you can modify the
* timeout and other parameters.
*/
UserAndTemporaryCredentials createFederatedUser(String userName, FederatedUserOptions options);
}

View File

@ -0,0 +1,93 @@
/**
* Licensed to jclouds, Inc. (jclouds) under one or more
* contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. jclouds licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.jclouds.sts;
import static java.util.concurrent.TimeUnit.SECONDS;
import static org.jclouds.Constants.PROPERTY_TIMEOUTS_PREFIX;
import static org.jclouds.aws.reference.AWSConstants.PROPERTY_AUTH_TAG;
import static org.jclouds.aws.reference.AWSConstants.PROPERTY_HEADER_TAG;
import java.net.URI;
import java.util.Properties;
import org.jclouds.apis.ApiMetadata;
import org.jclouds.sts.config.STSRestClientModule;
import org.jclouds.rest.RestContext;
import org.jclouds.rest.internal.BaseRestApiMetadata;
import com.google.common.reflect.TypeToken;
/**
* Implementation of {@link ApiMetadata} for Amazon's STS api.
*
* @author Adrian Cole
*/
public class STSApiMetadata extends BaseRestApiMetadata {
public static final TypeToken<RestContext<? extends STSApi, ? extends STSAsyncApi>> CONTEXT_TOKEN = new TypeToken<RestContext<? extends STSApi, ? extends STSAsyncApi>>() {
private static final long serialVersionUID = 1L;
};
@Override
public Builder toBuilder() {
return new Builder(getApi(), getAsyncApi()).fromApiMetadata(this);
}
public STSApiMetadata() {
this(new Builder(STSApi.class, STSAsyncApi.class));
}
protected STSApiMetadata(Builder builder) {
super(Builder.class.cast(builder));
}
public static Properties defaultProperties() {
Properties properties = BaseRestApiMetadata.defaultProperties();
properties.setProperty(PROPERTY_TIMEOUTS_PREFIX + "default", SECONDS.toMillis(30) + "");
properties.setProperty(PROPERTY_AUTH_TAG, "AWS");
properties.setProperty(PROPERTY_HEADER_TAG, "amz");
return properties;
}
public static class Builder extends BaseRestApiMetadata.Builder<Builder> {
protected Builder(Class<?> api, Class<?> asyncApi) {
super(api, asyncApi);
id("sts")
.name("Amazon STS Api")
.identityName("Access Key ID")
.credentialName("Secret Access Key")
.version("2011-06-15")
.documentation(URI.create("http://docs.amazonwebservices.com/STS/latest/APIReference/"))
.defaultEndpoint("https://sts.amazonaws.com")
.defaultProperties(STSApiMetadata.defaultProperties())
.defaultModule(STSRestClientModule.class);
}
@Override
public STSApiMetadata build() {
return new STSApiMetadata(this);
}
@Override
protected Builder self() {
return this;
}
}
}

View File

@ -0,0 +1,113 @@
/**
* Licensed to jclouds, Inc. (jclouds) under one or more
* contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. jclouds licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.jclouds.sts;
import javax.inject.Named;
import javax.ws.rs.FormParam;
import javax.ws.rs.POST;
import javax.ws.rs.Path;
import org.jclouds.aws.domain.TemporaryCredentials;
import org.jclouds.aws.filters.FormSigner;
import org.jclouds.aws.xml.TemporaryCredentialsHandler;
import org.jclouds.rest.annotations.FormParams;
import org.jclouds.rest.annotations.RequestFilters;
import org.jclouds.rest.annotations.VirtualHost;
import org.jclouds.rest.annotations.XMLResponseParser;
import org.jclouds.sts.domain.UserAndTemporaryCredentials;
import org.jclouds.sts.options.AssumeRoleOptions;
import org.jclouds.sts.options.FederatedUserOptions;
import org.jclouds.sts.options.TemporaryCredentialsOptions;
import org.jclouds.sts.xml.UserAndTemporaryCredentialsHandler;
import com.google.common.util.concurrent.ListenableFuture;
/**
* Provides access to Amazon STS via the Query API
* <p/>
*
* @see <a href="http://docs.amazonwebservices.com/STS/latest/APIReference" />
* @author Adrian Cole
*/
@RequestFilters(FormSigner.class)
@VirtualHost
public interface STSAsyncApi {
/**
* @see STSApi#createTemporaryCredentials()
*/
@Named("GetSessionToken")
@POST
@Path("/")
@XMLResponseParser(TemporaryCredentialsHandler.class)
@FormParams(keys = "Action", values = "GetSessionToken")
ListenableFuture<TemporaryCredentials> createTemporaryCredentials();
/**
* @see STSApi#createTemporaryCredentials(TemporaryCredentialsOptions)
*/
@Named("GetSessionToken")
@POST
@Path("/")
@XMLResponseParser(TemporaryCredentialsHandler.class)
@FormParams(keys = "Action", values = "GetSessionToken")
ListenableFuture<TemporaryCredentials> createTemporaryCredentials(TemporaryCredentialsOptions options);
/**
* @see STSApi#assumeRole(String, String)
*/
@Named("AssumeRole")
@POST
@Path("/")
@XMLResponseParser(UserAndTemporaryCredentialsHandler.class)
@FormParams(keys = "Action", values = "AssumeRole")
ListenableFuture<UserAndTemporaryCredentials> assumeRole(@FormParam("RoleArn") String roleArn,
@FormParam("RoleSessionName") String sessionName);
/**
* @see STSApi#assumeRole(String, String, AssumeRoleOptions)
*/
@Named("AssumeRole")
@POST
@Path("/")
@XMLResponseParser(UserAndTemporaryCredentialsHandler.class)
@FormParams(keys = "Action", values = "AssumeRole")
ListenableFuture<UserAndTemporaryCredentials> assumeRole(@FormParam("RoleArn") String roleArn,
@FormParam("RoleSessionName") String sessionName, AssumeRoleOptions options);
/**
* @see STSApi#createFederatedUser(String)
*/
@Named("GetFederationToken")
@POST
@Path("/")
@XMLResponseParser(UserAndTemporaryCredentialsHandler.class)
@FormParams(keys = "Action", values = "GetFederationToken")
ListenableFuture<UserAndTemporaryCredentials> createFederatedUser(@FormParam("Name") String userName);
/**
* @see STSApi#createFederatedUser(FederatedUserOptions)
*/
@Named("GetFederationToken")
@POST
@Path("/")
@XMLResponseParser(UserAndTemporaryCredentialsHandler.class)
@FormParams(keys = "Action", values = "GetFederationToken")
ListenableFuture<UserAndTemporaryCredentials> createFederatedUser(@FormParam("Name") String userName, FederatedUserOptions options);
}

View File

@ -0,0 +1,40 @@
/**
* Licensed to jclouds, Inc. (jclouds) under one or more
* contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. jclouds licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.jclouds.sts.config;
import static org.jclouds.reflect.Reflection2.typeToken;
import org.jclouds.aws.config.FormSigningRestClientModule;
import org.jclouds.rest.ConfiguresRestClient;
import org.jclouds.sts.STSApi;
import org.jclouds.sts.STSAsyncApi;
/**
* Configures the STS connection.
*
* @author Adrian Cole
*/
@ConfiguresRestClient
public class STSRestClientModule extends FormSigningRestClientModule<STSApi, STSAsyncApi> {
public STSRestClientModule() {
super(typeToken(STSApi.class), typeToken(STSAsyncApi.class));
}
}

View File

@ -0,0 +1,75 @@
/**
* Licensed to jclouds, Inc. (jclouds) under one or more
* contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. jclouds licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.jclouds.sts.domain;
import static com.google.common.base.Preconditions.checkNotNull;
import com.google.common.base.Objects;
/**
* @author Adrian Cole
*/
public final class User {
public static User fromIdAndArn(String id, String arn) {
return new User(id, arn);
}
private final String id;
private final String arn;
private User(String id, String arn) {
this.id = checkNotNull(id, "id");
this.arn = checkNotNull(arn, "arn for %s", id);
}
/**
* The id of the federated user or assumed role. ex.
* {@code ARO123EXAMPLE123:Bob}
*/
public String getId() {
return id;
}
/**
* The arn of the federated user or assumed role.
*
* ex. {@code arn:aws:sts::123456789012:federated-user/Bob} or
* {@code arn:aws:sts::123456789012:assumed-role/demo/Bob}
*/
public String getArn() {
return arn;
}
@Override
public boolean equals(Object obj) {
if (this == obj)
return true;
if (obj == null)
return false;
if (getClass() != obj.getClass())
return false;
User other = (User) obj;
return Objects.equal(this.id, other.id) && Objects.equal(this.arn, other.arn);
}
@Override
public String toString() {
return Objects.toStringHelper(this).add("id", id).add("arn", arn).toString();
}
}

View File

@ -0,0 +1,133 @@
/**
* Licensed to jclouds, Inc. (jclouds) under one or more
* contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. jclouds licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.jclouds.sts.domain;
import static com.google.common.base.Preconditions.checkNotNull;
import org.jclouds.aws.domain.TemporaryCredentials;
import com.google.common.base.Objects;
/**
*
* @author Adrian Cole
*/
public final class UserAndTemporaryCredentials {
public static Builder builder() {
return new Builder();
}
public Builder toBuilder() {
return builder().from(this);
}
public final static class Builder {
private User user;
private TemporaryCredentials credentials;
private int packedPolicySize;
/**
* @see UserAndTemporaryCredentials#getUser()
*/
public Builder user(User user) {
this.user = user;
return this;
}
/**
* @see UserAndTemporaryCredentials#getCredentials()
*/
public Builder credentials(TemporaryCredentials credentials) {
this.credentials = credentials;
return this;
}
/**
* @see UserAndTemporaryCredentials#getPackedPolicySize()
*/
public Builder packedPolicySize(int packedPolicySize) {
this.packedPolicySize = packedPolicySize;
return this;
}
public UserAndTemporaryCredentials build() {
return new UserAndTemporaryCredentials(user, credentials, packedPolicySize);
}
public Builder from(UserAndTemporaryCredentials in) {
return this.user(in.user).credentials(in.credentials).packedPolicySize(in.packedPolicySize);
}
}
private final User user;
private final TemporaryCredentials credentials;
private final int packedPolicySize;
private UserAndTemporaryCredentials(User user, TemporaryCredentials credentials, int packedPolicySize) {
this.user = checkNotNull(user, "user");
this.credentials = checkNotNull(credentials, "credentials for %s", user);
this.packedPolicySize = checkNotNull(packedPolicySize, "packedPolicySize for %s", user);
}
/**
* user correlating to {@link UserAndTemporaryCredentials#getCredentials()}
*/
public User getUser() {
return user;
}
/**
* The temporary security credentials, which includes an Access Key ID, a
* Secret Access Key, and a security token.
*/
public TemporaryCredentials getCredentials() {
return credentials;
}
/**
* A percentage value that indicates the size of the policy in packed form.
*/
public int getPackedPolicySize() {
return packedPolicySize;
}
@Override
public int hashCode() {
return Objects.hashCode(user, credentials, packedPolicySize);
}
@Override
public boolean equals(Object obj) {
if (this == obj)
return true;
if (obj == null)
return false;
if (getClass() != obj.getClass())
return false;
UserAndTemporaryCredentials other = (UserAndTemporaryCredentials) obj;
return Objects.equal(this.user, other.user) && Objects.equal(this.credentials, other.credentials)
&& Objects.equal(this.packedPolicySize, other.packedPolicySize);
}
@Override
public String toString() {
return Objects.toStringHelper(this).add("user", user).add("credentials", credentials)
.add("packedPolicySize", packedPolicySize).toString();
}
}

View File

@ -0,0 +1,140 @@
/**
* Licensed to jclouds, Inc. (jclouds) under one or more
* contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. jclouds licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.jclouds.sts.options;
import org.jclouds.http.options.BaseHttpRequestOptions;
import com.google.common.base.Objects;
import com.google.common.collect.Multimap;
/**
* @see <a href=
* "http://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRole.html"
* />
*
* @author Adrian Cole
*/
public class AssumeRoleOptions extends BaseHttpRequestOptions implements Cloneable {
// long as this is a more typical unit for duration, hence less casting
private Long durationSeconds;
private String policy;
private String externalId;
/**
* A unique identifier that is generated by a third party for each of their customers.
*/
public AssumeRoleOptions externalId(String externalId) {
this.externalId = externalId;
return this;
}
/**
* The duration, in seconds, that the credentials should remain valid. 12
* hours is default. 15 minutes is current minimum.
*/
public AssumeRoleOptions durationSeconds(long durationSeconds) {
this.durationSeconds = durationSeconds;
return this;
}
/**
* A supplemental policy that can be associated with the temporary security credentials.
*/
public AssumeRoleOptions policy(String policy) {
this.policy = policy;
return this;
}
public static class Builder {
/**
* @see AssumeRoleOptions#externalId
*/
public static AssumeRoleOptions externalId(String externalId) {
return new AssumeRoleOptions().externalId(externalId);
}
/**
* @see AssumeRoleOptions#durationSeconds
*/
public static AssumeRoleOptions durationSeconds(long durationSeconds) {
return new AssumeRoleOptions().durationSeconds(durationSeconds);
}
/**
* @see AssumeRoleOptions#policy
*/
public static AssumeRoleOptions policy(String policy) {
return new AssumeRoleOptions().policy(policy);
}
}
@Override
public Multimap<String, String> buildFormParameters() {
Multimap<String, String> params = super.buildFormParameters();
if (externalId != null)
params.put("ExternalId", externalId.toString());
if (durationSeconds != null)
params.put("DurationSeconds", durationSeconds.toString());
if (policy != null)
params.put("Policy", policy);
return params;
}
/**
* {@inheritDoc}
*/
@Override
public int hashCode() {
return Objects.hashCode(externalId, durationSeconds, policy);
}
@Override
public AssumeRoleOptions clone() {
return new AssumeRoleOptions().externalId(externalId).durationSeconds(durationSeconds)
.policy(policy);
}
/**
* {@inheritDoc}
*/
@Override
public boolean equals(Object obj) {
if (this == obj)
return true;
if (obj == null)
return false;
if (getClass() != obj.getClass())
return false;
AssumeRoleOptions other = AssumeRoleOptions.class.cast(obj);
return Objects.equal(this.externalId, other.externalId)
&& Objects.equal(this.durationSeconds, other.durationSeconds)
&& Objects.equal(this.policy, other.policy);
}
/**
* {@inheritDoc}
*/
@Override
public String toString() {
return Objects.toStringHelper(this).omitNullValues().add("externalId", externalId)
.add("durationSeconds", durationSeconds).add("policy", policy).toString();
}
}

View File

@ -0,0 +1,120 @@
/**
* Licensed to jclouds, Inc. (jclouds) under one or more
* contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. jclouds licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.jclouds.sts.options;
import org.jclouds.http.options.BaseHttpRequestOptions;
import com.google.common.base.Objects;
import com.google.common.collect.Multimap;
/**
* @see <a href=
* "http://docs.aws.amazon.com/STS/latest/APIReference/API_GetFederationToken.html"
* />
*
* @author Adrian Cole
*/
public class FederatedUserOptions extends BaseHttpRequestOptions implements Cloneable {
// long as this is a more typical unit for duration, hence less casting
private Long durationSeconds;
private String policy;
/**
* The duration, in seconds, that the credentials should remain valid. 12
* hours is default. 15 minutes is current minimum.
*/
public FederatedUserOptions durationSeconds(long durationSeconds) {
this.durationSeconds = durationSeconds;
return this;
}
/**
* A supplemental policy that can be associated with the temporary security
* credentials.
*/
public FederatedUserOptions policy(String policy) {
this.policy = policy;
return this;
}
public static class Builder {
/**
* @see FederatedUserOptions#durationSeconds
*/
public static FederatedUserOptions durationSeconds(long durationSeconds) {
return new FederatedUserOptions().durationSeconds(durationSeconds);
}
/**
* @see FederatedUserOptions#policy
*/
public static FederatedUserOptions policy(String policy) {
return new FederatedUserOptions().policy(policy);
}
}
@Override
public Multimap<String, String> buildFormParameters() {
Multimap<String, String> params = super.buildFormParameters();
if (durationSeconds != null)
params.put("DurationSeconds", durationSeconds.toString());
if (policy != null)
params.put("Policy", policy);
return params;
}
/**
* {@inheritDoc}
*/
@Override
public int hashCode() {
return Objects.hashCode(durationSeconds, policy);
}
@Override
public FederatedUserOptions clone() {
return new FederatedUserOptions().durationSeconds(durationSeconds).policy(policy);
}
/**
* {@inheritDoc}
*/
@Override
public boolean equals(Object obj) {
if (this == obj)
return true;
if (obj == null)
return false;
if (getClass() != obj.getClass())
return false;
FederatedUserOptions other = FederatedUserOptions.class.cast(obj);
return Objects.equal(this.durationSeconds, other.durationSeconds) && Objects.equal(this.policy, other.policy);
}
/**
* {@inheritDoc}
*/
@Override
public String toString() {
return Objects.toStringHelper(this).omitNullValues().add("durationSeconds", durationSeconds)
.add("policy", policy).toString();
}
}

View File

@ -0,0 +1,142 @@
/**
* Licensed to jclouds, Inc. (jclouds) under one or more
* contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. jclouds licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.jclouds.sts.options;
import org.jclouds.http.options.BaseHttpRequestOptions;
import com.google.common.base.Objects;
import com.google.common.collect.Multimap;
/**
* Options used to get a session token.
*
* @see <a href=
* "http://docs.aws.amazon.com/STS/latest/APIReference/API_GetSessionToken.html"
* />
*
* @author Adrian Cole
*/
public class TemporaryCredentialsOptions extends BaseHttpRequestOptions implements Cloneable {
// long as this is a more typical unit for duration, hence less casting
private Long durationSeconds;
private String tokenCode;
private String serialNumber;
/**
* The identification number of the MFA device for the user.
*/
public TemporaryCredentialsOptions serialNumber(String serialNumber) {
this.serialNumber = serialNumber;
return this;
}
/**
* The duration, in seconds, that the credentials should remain valid. 12
* hours is default. 15 minutes is current minimum.
*/
public TemporaryCredentialsOptions durationSeconds(long durationSeconds) {
this.durationSeconds = durationSeconds;
return this;
}
/**
* The value provided by the MFA device.
*/
public TemporaryCredentialsOptions tokenCode(String tokenCode) {
this.tokenCode = tokenCode;
return this;
}
public static class Builder {
/**
* @see TemporaryCredentialsOptions#serialNumber
*/
public static TemporaryCredentialsOptions serialNumber(String serialNumber) {
return new TemporaryCredentialsOptions().serialNumber(serialNumber);
}
/**
* @see TemporaryCredentialsOptions#durationSeconds
*/
public static TemporaryCredentialsOptions durationSeconds(long durationSeconds) {
return new TemporaryCredentialsOptions().durationSeconds(durationSeconds);
}
/**
* @see TemporaryCredentialsOptions#tokenCode
*/
public static TemporaryCredentialsOptions tokenCode(String tokenCode) {
return new TemporaryCredentialsOptions().tokenCode(tokenCode);
}
}
@Override
public Multimap<String, String> buildFormParameters() {
Multimap<String, String> params = super.buildFormParameters();
if (serialNumber != null)
params.put("SerialNumber", serialNumber.toString());
if (durationSeconds != null)
params.put("DurationSeconds", durationSeconds.toString());
if (tokenCode != null)
params.put("TokenCode", tokenCode);
return params;
}
/**
* {@inheritDoc}
*/
@Override
public int hashCode() {
return Objects.hashCode(serialNumber, durationSeconds, tokenCode);
}
@Override
public TemporaryCredentialsOptions clone() {
return new TemporaryCredentialsOptions().serialNumber(serialNumber).durationSeconds(durationSeconds)
.tokenCode(tokenCode);
}
/**
* {@inheritDoc}
*/
@Override
public boolean equals(Object obj) {
if (this == obj)
return true;
if (obj == null)
return false;
if (getClass() != obj.getClass())
return false;
TemporaryCredentialsOptions other = TemporaryCredentialsOptions.class.cast(obj);
return Objects.equal(this.serialNumber, other.serialNumber)
&& Objects.equal(this.durationSeconds, other.durationSeconds)
&& Objects.equal(this.tokenCode, other.tokenCode);
}
/**
* {@inheritDoc}
*/
@Override
public String toString() {
return Objects.toStringHelper(this).omitNullValues().add("serialNumber", serialNumber)
.add("durationSeconds", durationSeconds).add("tokenCode", tokenCode).toString();
}
}

View File

@ -0,0 +1,107 @@
/**
* Licensed to jclouds, Inc. (jclouds) under one or more
* contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. jclouds licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.jclouds.sts.xml;
import static org.jclouds.util.SaxUtils.currentOrNull;
import static org.jclouds.util.SaxUtils.equalsOrSuffix;
import org.jclouds.aws.xml.TemporaryCredentialsHandler;
import org.jclouds.http.functions.ParseSax;
import org.jclouds.sts.domain.User;
import org.jclouds.sts.domain.UserAndTemporaryCredentials;
import org.xml.sax.Attributes;
import org.xml.sax.SAXException;
import com.google.inject.Inject;
/**
*
* @author Adrian Cole
*/
public class UserAndTemporaryCredentialsHandler extends ParseSax.HandlerForGeneratedRequestWithResult<UserAndTemporaryCredentials> {
private final TemporaryCredentialsHandler credsHandler;
private StringBuilder currentText = new StringBuilder();
private UserAndTemporaryCredentials.Builder builder = UserAndTemporaryCredentials.builder();
@Inject
public UserAndTemporaryCredentialsHandler(TemporaryCredentialsHandler credsHandler) {
this.credsHandler = credsHandler;
}
/**
* {@inheritDoc}
*/
@Override
public UserAndTemporaryCredentials getResult() {
try {
return builder.build();
} finally {
builder = UserAndTemporaryCredentials.builder();
}
}
private boolean inCreds;
private String arn;
private String id;
@Override
public void startElement(String url, String name, String qName, Attributes attributes) throws SAXException {
if (equalsOrSuffix(qName, "Credentials")) {
inCreds = true;
}
if (inCreds) {
credsHandler.startElement(url, name, qName, attributes);
}
}
@Override
public void endElement(String uri, String name, String qName) {
if (inCreds) {
if (qName.equals("Credentials")) {
inCreds = false;
builder.credentials(credsHandler.getResult());
} else {
credsHandler.endElement(uri, name, qName);
}
} else if (qName.equals("Arn")) {
arn = currentOrNull(currentText);
} else if (qName.endsWith("Id")) {// FederatedUserId or AssumedRoleId
id = currentOrNull(currentText);
} else if (qName.endsWith("User")) {// FederatedUser or AssumedRoleUser
builder.user(User.fromIdAndArn(id, arn));
id = arn = null;
} else if (qName.equals("PackedPolicySize")) {
builder.packedPolicySize(Integer.parseInt(currentOrNull(currentText)));
}
currentText = new StringBuilder();
}
@Override
public void characters(char ch[], int start, int length) {
if (inCreds) {
credsHandler.characters(ch, start, length);
} else {
currentText.append(ch, start, length);
}
}
}

View File

@ -0,0 +1 @@
org.jclouds.sts.STSApiMetadata

View File

@ -0,0 +1,187 @@
/**
* Licensed to jclouds, Inc. (jclouds) under one or more
* contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. jclouds licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unles required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either expres or implied. See the License for the
* specific language governing permisions and limitations
* under the License.
*/
package org.jclouds.sts;
import static org.jclouds.sts.options.AssumeRoleOptions.Builder.externalId;
import static org.jclouds.sts.options.FederatedUserOptions.Builder.policy;
import static org.jclouds.sts.options.TemporaryCredentialsOptions.Builder.serialNumber;
import static org.testng.Assert.assertEquals;
import java.util.concurrent.TimeUnit;
import org.jclouds.http.HttpRequest;
import org.jclouds.http.HttpResponse;
import org.jclouds.sts.internal.BaseSTSApiExpectTest;
import org.jclouds.sts.parse.AssumeRoleResponseTest;
import org.jclouds.sts.parse.GetFederationTokenResponseTest;
import org.jclouds.sts.parse.GetSessionTokenResponseTest;
import org.testng.annotations.Test;
/**
* @author Adrian Cole
*/
@Test(groups = "unit", testName = "STSApiExpectTest")
public class STSApiExpectTest extends BaseSTSApiExpectTest {
HttpRequest createTemporaryCredentials = HttpRequest.builder().method("POST")
.endpoint("https://sts.amazonaws.com/")
.addHeader("Host", "sts.amazonaws.com")
.addFormParam("Action", "GetSessionToken")
.addFormParam("Signature", "ntC%2BPKAcmYTJ5Py5tjICG4KX5y00Pl2L0XJrLbSgLEs%3D")
.addFormParam("SignatureMethod", "HmacSHA256")
.addFormParam("SignatureVersion", "2")
.addFormParam("Timestamp", "2009-11-08T15%3A54%3A08.897Z")
.addFormParam("Version", "2011-06-15")
.addFormParam("AWSAccessKeyId", "identity").build();
HttpResponse createTemporaryCredentialsResponse = HttpResponse.builder().statusCode(200)
.payload(payloadFromResourceWithContentType("/session_token.xml", "text/xml")).build();
public void testCreateTemporaryCredentialsWhenResponseIs2xx() {
STSApi apiWhenWithOptionsExist = requestSendsResponse(createTemporaryCredentials, createTemporaryCredentialsResponse);
assertEquals(
apiWhenWithOptionsExist.createTemporaryCredentials().toString(),
new GetSessionTokenResponseTest().expected().toString());
}
HttpRequest createTemporaryCredentialsWithOptions = HttpRequest.builder().method("POST")
.endpoint("https://sts.amazonaws.com/")
.addHeader("Host", "sts.amazonaws.com")
.addFormParam("Action", "GetSessionToken")
.addFormParam("DurationSeconds", "900")
.addFormParam("SerialNumber", "YourMFADeviceSerialNumber")
.addFormParam("Signature", "e4HEkfKrw7EuLEQhe4/lK1l7ZmaynO3snsIMU/cdarI%3D")
.addFormParam("SignatureMethod", "HmacSHA256")
.addFormParam("SignatureVersion", "2")
.addFormParam("Timestamp", "2009-11-08T15%3A54%3A08.897Z")
.addFormParam("TokenCode", "1234")
.addFormParam("Version", "2011-06-15")
.addFormParam("AWSAccessKeyId", "identity").build();
public void testCreateTemporaryCredentialsWithOptionsWhenResponseIs2xx() {
STSApi apiWhenWithOptionsExist = requestSendsResponse(createTemporaryCredentialsWithOptions, createTemporaryCredentialsResponse);
assertEquals(
apiWhenWithOptionsExist.createTemporaryCredentials(
serialNumber("YourMFADeviceSerialNumber").tokenCode("1234").durationSeconds(TimeUnit.MINUTES.toSeconds(15))).toString(),
new GetSessionTokenResponseTest().expected().toString());
}
HttpRequest assumeRole = HttpRequest.builder().method("POST")
.endpoint("https://sts.amazonaws.com/")
.addHeader("Host", "sts.amazonaws.com")
.addFormParam("Action", "AssumeRole")
.addFormParam("RoleArn", "arn:aws:iam::123456789012:role/demo")
.addFormParam("RoleSessionName", "Bob")
.addFormParam("Signature", "0G1%2B6GX4cSU9Tjf2SyQ9oW5ivFri4BQPif/24FoRiWY%3D")
.addFormParam("SignatureMethod", "HmacSHA256")
.addFormParam("SignatureVersion", "2")
.addFormParam("Timestamp", "2009-11-08T15%3A54%3A08.897Z")
.addFormParam("Version", "2011-06-15")
.addFormParam("AWSAccessKeyId", "identity").build();
HttpResponse assumeRoleResponse = HttpResponse.builder().statusCode(200)
.payload(payloadFromResourceWithContentType("/assume_role.xml", "text/xml")).build();
public void testAssumeRoleWhenResponseIs2xx() {
STSApi apiWhenWithOptionsExist = requestSendsResponse(assumeRole, assumeRoleResponse);
assertEquals(apiWhenWithOptionsExist.assumeRole("arn:aws:iam::123456789012:role/demo", "Bob").toString(),
new AssumeRoleResponseTest().expected().toString());
}
String policy = "{\"Statement\":[{\"Sid\":\"Stmt1\",\"Effect\":\"Allow\",\"Action\":\"s3:*\",\"Resource\":\"*\"}]}";
HttpRequest assumeRoleWithOptions = HttpRequest.builder().method("POST")
.endpoint("https://sts.amazonaws.com/")
.addHeader("Host", "sts.amazonaws.com")
.addFormParam("Action", "AssumeRole")
.addFormParam("DurationSeconds", "900")
.addFormParam("ExternalId", "123ABC")
.addFormParam("Policy", policy)
.addFormParam("RoleArn", "arn:aws:iam::123456789012:role/demo")
.addFormParam("RoleSessionName", "Bob")
.addFormParam("Signature", "9qffV6zHRbTX8E9IYbEFeQPWrHEdSbwUfjJpg1SMaBo%3D")
.addFormParam("SignatureMethod", "HmacSHA256")
.addFormParam("SignatureVersion", "2")
.addFormParam("Timestamp", "2009-11-08T15%3A54%3A08.897Z")
.addFormParam("Version", "2011-06-15")
.addFormParam("AWSAccessKeyId", "identity").build();
public void testAssumeRoleWithOptionsWhenResponseIs2xx() {
STSApi apiWhenWithOptionsExist = requestSendsResponse(assumeRoleWithOptions, assumeRoleResponse);
assertEquals(
apiWhenWithOptionsExist.assumeRole("arn:aws:iam::123456789012:role/demo", "Bob",
externalId("123ABC").policy(policy).durationSeconds(TimeUnit.MINUTES.toSeconds(15))).toString(),
new AssumeRoleResponseTest().expected().toString());
}
HttpRequest createFederatedUser = HttpRequest.builder().method("POST")
.endpoint("https://sts.amazonaws.com/")
.addHeader("Host", "sts.amazonaws.com")
.addFormParam("Action", "GetFederationToken")
.addFormParam("Name", "Bob")
.addFormParam("Signature", "Z7AtGK4X9IAx/zMtLD7baNiyltNl%2BF%2BSHqjIGUidzOc%3D")
.addFormParam("SignatureMethod", "HmacSHA256")
.addFormParam("SignatureVersion", "2")
.addFormParam("Timestamp", "2009-11-08T15%3A54%3A08.897Z")
.addFormParam("Version", "2011-06-15")
.addFormParam("AWSAccessKeyId", "identity").build();
HttpResponse createFederatedUserResponse = HttpResponse.builder().statusCode(200)
.payload(payloadFromResourceWithContentType("/federation_token.xml", "text/xml")).build();
public void testCreateFederatedUserWhenResponseIs2xx() {
STSApi apiWhenWithOptionsExist = requestSendsResponse(createFederatedUser, createFederatedUserResponse);
assertEquals(apiWhenWithOptionsExist.createFederatedUser("Bob").toString(), new GetFederationTokenResponseTest()
.expected().toString());
}
HttpRequest createFederatedUserWithOptions = HttpRequest.builder().method("POST")
.endpoint("https://sts.amazonaws.com/")
.addHeader("Host", "sts.amazonaws.com")
.addFormParam("Action", "GetFederationToken")
.addFormParam("DurationSeconds", "900")
.addFormParam("Name", "Bob")
.addFormParam("Policy", policy)
.addFormParam("Signature", "%2BWGvCNtmb1UPmQHxXPMvcK6vH/TJ9r/wCuxdz03n/2w%3D")
.addFormParam("SignatureMethod", "HmacSHA256")
.addFormParam("SignatureVersion", "2")
.addFormParam("Timestamp", "2009-11-08T15%3A54%3A08.897Z")
.addFormParam("Version", "2011-06-15")
.addFormParam("AWSAccessKeyId", "identity").build();
public void testCreateFederatedUserWithOptionsWhenResponseIs2xx() {
STSApi apiWhenWithOptionsExist = requestSendsResponse(createFederatedUserWithOptions, createFederatedUserResponse);
assertEquals(
apiWhenWithOptionsExist.createFederatedUser("Bob",
policy(policy).durationSeconds(TimeUnit.MINUTES.toSeconds(15))).toString(),
new GetFederationTokenResponseTest().expected().toString());
}
}

View File

@ -0,0 +1,88 @@
/**
* Licensed to jclouds, Inc. (jclouds) under one or more
* contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. jclouds licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.jclouds.sts;
import static com.google.common.base.Preconditions.checkNotNull;
import static java.util.concurrent.TimeUnit.MINUTES;
import static org.testng.Assert.assertTrue;
import org.jclouds.aws.domain.TemporaryCredentials;
import org.jclouds.sts.domain.UserAndTemporaryCredentials;
import org.jclouds.sts.internal.BaseSTSApiLiveTest;
import org.jclouds.sts.options.AssumeRoleOptions;
import org.jclouds.sts.options.FederatedUserOptions;
import org.jclouds.sts.options.TemporaryCredentialsOptions;
import org.testng.SkipException;
import org.testng.annotations.Test;
/**
* @author Adrian Cole
*/
@Test(groups = "live", singleThreaded = true, testName = "STSApiLiveTest")
public class STSApiLiveTest extends BaseSTSApiLiveTest {
@Test
protected void testCreateTemporaryCredentials() {
TemporaryCredentials creds = api().createTemporaryCredentials(
new TemporaryCredentialsOptions().durationSeconds(MINUTES.toSeconds(15)));
checkTemporaryCredentials(creds);
// TODO: actually login to some service
//
// context.close();
// ProviderMetadata pm = createProviderMetadata();
//
// context = (pm != null ? ContextBuilder.newBuilder(pm) : ContextBuilder.newBuilder(createApiMetadata()))
// .credentialsSupplier(Supplier.<Credentials> of(creds)).modules(setupModules()).build();
}
@Test
protected void testCreateFederatedUser() {
UserAndTemporaryCredentials user = api().createFederatedUser("Bob", new FederatedUserOptions().durationSeconds(MINUTES.toSeconds(15)));
checkTemporaryCredentials(user.getCredentials());
assertTrue(user.getUser().getId().contains("Bob"), user + " id incorrect");
assertTrue(user.getUser().getArn().contains("Bob"), user + " arn incorrect");
assertTrue(user.getPackedPolicySize() >= 0, user + " policy size negative");
}
@Test
protected void testAssumeRole() {
String arnToAssume = getTestArn();
UserAndTemporaryCredentials role = api().assumeRole(arnToAssume, "session",
new AssumeRoleOptions().durationSeconds(MINUTES.toSeconds(15)));
checkTemporaryCredentials(role.getCredentials());
assertTrue(role.getUser().getId().contains("session"), role + " id incorrect");
assertTrue(role.getUser().getArn().contains("session"), role + " arn incorrect");
assertTrue(role.getPackedPolicySize() >= 0, role + " policy size negative");
}
protected String getTestArn() {
throw new SkipException("TODO: need to query a valid arn to assume");
}
private void checkTemporaryCredentials(TemporaryCredentials creds) {
checkNotNull(creds.getAccessKeyId(), "AccessKeyId cannot be null for TemporaryCredentials.");
checkNotNull(creds.getSecretAccessKey(), "SecretAccessKey cannot be null for TemporaryCredentials.");
checkNotNull(creds.getSessionToken(), "SessionToken cannot be null for TemporaryCredentials.");
checkNotNull(creds.getExpiration(), "Expiration cannot be null for TemporaryCredentials.");
}
protected STSApi api() {
return context.getApi();
}
}

View File

@ -0,0 +1,39 @@
/**
* Licensed to jclouds, Inc. (jclouds) under one or more
* contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. jclouds licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.jclouds.sts;
import org.jclouds.View;
import org.jclouds.rest.internal.BaseRestApiMetadataTest;
import org.testng.annotations.Test;
import com.google.common.collect.ImmutableSet;
import com.google.common.reflect.TypeToken;
/**
*
* @author Adrian Cole
*/
@Test(groups = "unit", testName = "STSApiMetadataTest")
public class STSApiMetadataTest extends BaseRestApiMetadataTest {
// no tenant abstraction, yet
public STSApiMetadataTest() {
super(new STSApiMetadata(), ImmutableSet.<TypeToken<? extends View>> of());
}
}

View File

@ -0,0 +1,29 @@
/**
* Licensed to jclouds, Inc. (jclouds) under one or more
* contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. jclouds licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.jclouds.sts.internal;
import org.jclouds.sts.STSApi;
/**
*
* @author Adrian Cole
*/
public class BaseSTSApiExpectTest extends BaseSTSExpectTest<STSApi> {
}

View File

@ -0,0 +1,47 @@
/**
* Licensed to jclouds, Inc. (jclouds) under one or more
* contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. jclouds licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.jclouds.sts.internal;
import org.jclouds.apis.BaseContextLiveTest;
import org.jclouds.sts.STSApiMetadata;
import org.jclouds.sts.STSAsyncApi;
import org.jclouds.sts.STSApi;
import org.jclouds.rest.RestContext;
import org.testng.annotations.Test;
import com.google.common.reflect.TypeToken;
/**
*
* @author Adrian Cole
*/
@Test(groups = "live")
public class BaseSTSApiLiveTest extends
BaseContextLiveTest<RestContext<? extends STSApi, ? extends STSAsyncApi>> {
public BaseSTSApiLiveTest() {
provider = "sts";
}
@Override
protected TypeToken<RestContext<? extends STSApi, ? extends STSAsyncApi>> contextType() {
return STSApiMetadata.CONTEXT_TOKEN;
}
}

View File

@ -0,0 +1,38 @@
/**
* Licensed to jclouds, Inc. (jclouds) under one or more
* contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. jclouds licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.jclouds.sts.internal;
import java.util.Properties;
import org.jclouds.http.HttpRequest;
import org.jclouds.http.HttpResponse;
import org.jclouds.sts.STSAsyncApi;
import com.google.common.base.Function;
import com.google.inject.Module;
/**
*
* @author Adrian Cole
*/
public class BaseSTSAsyncApiExpectTest extends BaseSTSExpectTest<STSAsyncApi> {
public STSAsyncApi createApi(Function<HttpRequest, HttpResponse> fn, Module module, Properties props) {
return createInjector(fn, module, props).getInstance(STSAsyncApi.class);
}
}

View File

@ -0,0 +1,51 @@
/**
* Licensed to jclouds, Inc. (jclouds) under one or more
* contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. jclouds licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.jclouds.sts.internal;
import org.jclouds.date.DateService;
import org.jclouds.sts.config.STSRestClientModule;
import org.jclouds.rest.ConfiguresRestClient;
import org.jclouds.rest.internal.BaseRestApiExpectTest;
import com.google.inject.Module;
/**
*
* @author Adrian Cole
*/
public class BaseSTSExpectTest<T> extends BaseRestApiExpectTest<T> {
public BaseSTSExpectTest() {
provider = "sts";
}
@ConfiguresRestClient
private static final class TestSTSRestClientModule extends STSRestClientModule {
@Override
protected String provideTimeStamp(final DateService dateService) {
return "2009-11-08T15:54:08.897Z";
}
}
@Override
protected Module createModule() {
return new TestSTSRestClientModule();
}
}

View File

@ -0,0 +1,69 @@
/**
* Licensed to jclouds, Inc. (jclouds) under one or more
* contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. jclouds licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.jclouds.sts.options;
import static org.jclouds.sts.options.AssumeRoleOptions.Builder.externalId;
import static org.jclouds.sts.options.AssumeRoleOptions.Builder.durationSeconds;
import static org.jclouds.sts.options.AssumeRoleOptions.Builder.policy;
import static org.testng.Assert.assertEquals;
import org.testng.annotations.Test;
import com.google.common.collect.ImmutableSet;
/**
*
* @author Adrian Cole
*/
@Test(groups = "unit", testName = "AssumeRoleOptionsTest")
public class AssumeRoleOptionsTest {
public void testExternalId() {
AssumeRoleOptions options = new AssumeRoleOptions().externalId("123ABC");
assertEquals(ImmutableSet.of("123ABC"), options.buildFormParameters().get("ExternalId"));
}
public void testExternalIdStatic() {
AssumeRoleOptions options = externalId("123ABC");
assertEquals(ImmutableSet.of("123ABC"), options.buildFormParameters().get("ExternalId"));
}
public void testDurationSeconds() {
AssumeRoleOptions options = new AssumeRoleOptions().durationSeconds(3600);
assertEquals(ImmutableSet.of("3600"), options.buildFormParameters().get("DurationSeconds"));
}
public void testDurationSecondsStatic() {
AssumeRoleOptions options = durationSeconds(3600);
assertEquals(ImmutableSet.of("3600"), options.buildFormParameters().get("DurationSeconds"));
}
String policy = "{\"Statement\":[{\"Sid\":\"Stmt1\",\"Effect\":\"Allow\",\"Action\":\"s3:*\",\"Resource\":\"*\"}]}";
public void testPolicy() {
AssumeRoleOptions options = new AssumeRoleOptions().policy(policy);
assertEquals(ImmutableSet.of(policy), options.buildFormParameters().get("Policy"));
}
public void testPolicyStatic() {
AssumeRoleOptions options = policy(policy);
assertEquals(ImmutableSet.of(policy), options.buildFormParameters().get("Policy"));
}
}

View File

@ -0,0 +1,58 @@
/**
* Licensed to jclouds, Inc. (jclouds) under one or more
* contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. jclouds licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.jclouds.sts.options;
import static org.jclouds.sts.options.FederatedUserOptions.Builder.durationSeconds;
import static org.jclouds.sts.options.FederatedUserOptions.Builder.policy;
import static org.testng.Assert.assertEquals;
import org.testng.annotations.Test;
import com.google.common.collect.ImmutableSet;
/**
*
* @author Adrian Cole
*/
@Test(groups = "unit", testName = "FederatedUserOptionsTest")
public class FederatedUserOptionsTest {
public void testDurationSeconds() {
FederatedUserOptions options = new FederatedUserOptions().durationSeconds(3600);
assertEquals(ImmutableSet.of("3600"), options.buildFormParameters().get("DurationSeconds"));
}
public void testDurationSecondsStatic() {
FederatedUserOptions options = durationSeconds(3600);
assertEquals(ImmutableSet.of("3600"), options.buildFormParameters().get("DurationSeconds"));
}
String policy = "{\"Statement\":[{\"Sid\":\"Stmt1\",\"Effect\":\"Allow\",\"Action\":\"s3:*\",\"Resource\":\"*\"}]}";
public void testPolicy() {
FederatedUserOptions options = new FederatedUserOptions().policy(policy);
assertEquals(ImmutableSet.of(policy), options.buildFormParameters().get("Policy"));
}
public void testPolicyStatic() {
FederatedUserOptions options = policy(policy);
assertEquals(ImmutableSet.of(policy), options.buildFormParameters().get("Policy"));
}
}

View File

@ -0,0 +1,67 @@
/**
* Licensed to jclouds, Inc. (jclouds) under one or more
* contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. jclouds licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.jclouds.sts.options;
import static org.jclouds.sts.options.TemporaryCredentialsOptions.Builder.serialNumber;
import static org.jclouds.sts.options.TemporaryCredentialsOptions.Builder.durationSeconds;
import static org.jclouds.sts.options.TemporaryCredentialsOptions.Builder.tokenCode;
import static org.testng.Assert.assertEquals;
import org.testng.annotations.Test;
import com.google.common.collect.ImmutableSet;
/**
*
* @author Adrian Cole
*/
@Test(groups = "unit", testName = "TemporaryCredentialsOptionsTest")
public class TemporaryCredentialsOptionsTest {
public void testSerialNumber() {
TemporaryCredentialsOptions options = new TemporaryCredentialsOptions().serialNumber("YourMFADeviceSerialNumber");
assertEquals(ImmutableSet.of("YourMFADeviceSerialNumber"), options.buildFormParameters().get("SerialNumber"));
}
public void testSerialNumberStatic() {
TemporaryCredentialsOptions options = serialNumber("YourMFADeviceSerialNumber");
assertEquals(ImmutableSet.of("YourMFADeviceSerialNumber"), options.buildFormParameters().get("SerialNumber"));
}
public void testDurationSeconds() {
TemporaryCredentialsOptions options = new TemporaryCredentialsOptions().durationSeconds(3600);
assertEquals(ImmutableSet.of("3600"), options.buildFormParameters().get("DurationSeconds"));
}
public void testDurationSecondsStatic() {
TemporaryCredentialsOptions options = durationSeconds(3600);
assertEquals(ImmutableSet.of("3600"), options.buildFormParameters().get("DurationSeconds"));
}
public void testTokenCode() {
TemporaryCredentialsOptions options = new TemporaryCredentialsOptions().tokenCode("123456");
assertEquals(ImmutableSet.of("123456"), options.buildFormParameters().get("TokenCode"));
}
public void testTokenCodeStatic() {
TemporaryCredentialsOptions options = tokenCode("123456");
assertEquals(ImmutableSet.of("123456"), options.buildFormParameters().get("TokenCode"));
}
}

View File

@ -0,0 +1,57 @@
/**
* Licensed to jclouds, Inc. (jclouds) under one or more
* contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. jclouds licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.jclouds.sts.parse;
import static org.testng.Assert.assertEquals;
import java.io.InputStream;
import org.jclouds.http.functions.BaseHandlerTest;
import org.jclouds.sts.domain.UserAndTemporaryCredentials;
import org.jclouds.sts.domain.User;
import org.jclouds.sts.xml.UserAndTemporaryCredentialsHandler;
import org.testng.annotations.Test;
/**
* @author Adrian Cole
*/
// NOTE:without testName, this will not call @Before* and fail w/NPE during surefire
@Test(groups = "unit", testName = "AssumeRoleResponseTest")
public class AssumeRoleResponseTest extends BaseHandlerTest {
public void test() {
InputStream is = getClass().getResourceAsStream("/assume_role.xml");
UserAndTemporaryCredentials expected = expected();
UserAndTemporaryCredentialsHandler handler = injector.getInstance(UserAndTemporaryCredentialsHandler.class);
UserAndTemporaryCredentials result = factory.create(handler).parse(is);
assertEquals(result, expected);
assertEquals(result.getUser(), expected.getUser());
assertEquals(result.getPackedPolicySize(), expected.getPackedPolicySize());
}
public UserAndTemporaryCredentials expected() {
return UserAndTemporaryCredentials.builder()
.credentials(new GetSessionTokenResponseTest().expected())
.user(User.fromIdAndArn("ARO123EXAMPLE123:Bob", "arn:aws:sts::123456789012:assumed-role/demo/Bob"))
.packedPolicySize(6).build();
}
}

View File

@ -0,0 +1,57 @@
/**
* Licensed to jclouds, Inc. (jclouds) under one or more
* contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. jclouds licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.jclouds.sts.parse;
import static org.testng.Assert.assertEquals;
import java.io.InputStream;
import org.jclouds.http.functions.BaseHandlerTest;
import org.jclouds.sts.domain.UserAndTemporaryCredentials;
import org.jclouds.sts.domain.User;
import org.jclouds.sts.xml.UserAndTemporaryCredentialsHandler;
import org.testng.annotations.Test;
/**
* @author Adrian Cole
*/
// NOTE:without testName, this will not call @Before* and fail w/NPE during surefire
@Test(groups = "unit", testName = "GetFederationTokenResponseTest")
public class GetFederationTokenResponseTest extends BaseHandlerTest {
public void test() {
InputStream is = getClass().getResourceAsStream("/federation_token.xml");
UserAndTemporaryCredentials expected = expected();
UserAndTemporaryCredentialsHandler handler = injector.getInstance(UserAndTemporaryCredentialsHandler.class);
UserAndTemporaryCredentials result = factory.create(handler).parse(is);
assertEquals(result, expected);
assertEquals(result.getUser(), expected.getUser());
assertEquals(result.getPackedPolicySize(), expected.getPackedPolicySize());
}
public UserAndTemporaryCredentials expected() {
return UserAndTemporaryCredentials.builder()
.credentials(new GetSessionTokenResponseTest().expected())
.user(User.fromIdAndArn("123456789012:Bob", "arn:aws:sts::123456789012:federated-user/Bob"))
.packedPolicySize(6).build();
}
}

View File

@ -0,0 +1,61 @@
/**
* Licensed to jclouds, Inc. (jclouds) under one or more
* contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. jclouds licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.jclouds.sts.parse;
import static org.testng.Assert.assertEquals;
import java.io.InputStream;
import org.jclouds.aws.domain.TemporaryCredentials;
import org.jclouds.aws.xml.TemporaryCredentialsHandler;
import org.jclouds.date.internal.SimpleDateFormatDateService;
import org.jclouds.http.functions.BaseHandlerTest;
import org.testng.annotations.Test;
/**
* @author Adrian Cole
*/
// NOTE:without testName, this will not call @Before* and fail w/NPE during surefire
@Test(groups = "unit", testName = "GetSessionTokenResponseTest")
public class GetSessionTokenResponseTest extends BaseHandlerTest {
public void test() {
InputStream is = getClass().getResourceAsStream("/session_token.xml");
TemporaryCredentials expected = expected();
TemporaryCredentialsHandler handler = injector.getInstance(TemporaryCredentialsHandler.class);
TemporaryCredentials result = factory.create(handler).parse(is);
assertEquals(result, expected);
assertEquals(result.getAccessKeyId(), expected.getAccessKeyId());
assertEquals(result.getSecretAccessKey(), expected.getSecretAccessKey());
assertEquals(result.getSessionToken(), expected.getSessionToken());
assertEquals(result.getExpiration(), expected.getExpiration());
}
public TemporaryCredentials expected() {
return TemporaryCredentials.builder()
.accessKeyId("AKIAIOSFODNN7EXAMPLE")
.secretAccessKey("wJalrXUtnFEMI/K7MDENG/bPxRfiCYzEXAMPLEKEY")
.sessionToken("AQoEXAMPLEH4aoAH0gNCAPyJxz4BlCFFxWNE1OPTgk5TthT")
.expiration(new SimpleDateFormatDateService().iso8601DateParse("2011-07-11T19:55:29.611Z")).build();
}
}

View File

@ -0,0 +1,18 @@
<AssumeRoleResponse xmlns="https://sts.amazonaws.com/doc/2011-06-15/">
<AssumeRoleResult>
<Credentials>
<SessionToken>AQoEXAMPLEH4aoAH0gNCAPyJxz4BlCFFxWNE1OPTgk5TthT</SessionToken>
<SecretAccessKey>wJalrXUtnFEMI/K7MDENG/bPxRfiCYzEXAMPLEKEY</SecretAccessKey>
<Expiration>2011-07-11T19:55:29.611Z</Expiration>
<AccessKeyId>AKIAIOSFODNN7EXAMPLE</AccessKeyId>
</Credentials>
<AssumedRoleUser>
<Arn>arn:aws:sts::123456789012:assumed-role/demo/Bob</Arn>
<AssumedRoleId>ARO123EXAMPLE123:Bob</AssumedRoleId>
</AssumedRoleUser>
<PackedPolicySize>6</PackedPolicySize>
</AssumeRoleResult>
<ResponseMetadata>
<RequestId>c6104cbe-af31-11e0-8154-cbc7ccf896c7</RequestId>
</ResponseMetadata>
</AssumeRoleResponse>

View File

@ -0,0 +1,18 @@
<GetFederationTokenResponse xmlns="https://sts.amazonaws.com/doc/2011-06-15/">
<GetFederationTokenResult>
<Credentials>
<SessionToken>AQoEXAMPLEH4aoAH0gNCAPyJxz4BlCFFxWNE1OPTgk5TthT</SessionToken>
<SecretAccessKey>wJalrXUtnFEMI/K7MDENG/bPxRfiCYzEXAMPLEKEY</SecretAccessKey>
<Expiration>2011-07-11T19:55:29.611Z</Expiration>
<AccessKeyId>AKIAIOSFODNN7EXAMPLE</AccessKeyId>
</Credentials>
<FederatedUser>
<Arn>arn:aws:sts::123456789012:federated-user/Bob</Arn>
<FederatedUserId>123456789012:Bob</FederatedUserId>
</FederatedUser>
<PackedPolicySize>6</PackedPolicySize>
</GetFederationTokenResult>
<ResponseMetadata>
<RequestId>c6104cbe-af31-11e0-8154-cbc7ccf896c7</RequestId>
</ResponseMetadata>
</GetFederationTokenResponse>

View File

@ -0,0 +1,166 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE log4j:configuration SYSTEM "log4j.dtd">
<!--
For more configuration infromation and examples see the Apache
Log4j website: http://logging.apache.org/log4j/
-->
<log4j:configuration xmlns:log4j="http://jakarta.apache.org/log4j/"
debug="false">
<!-- A time/date based rolling appender -->
<appender name="WIREFILE" class="org.apache.log4j.DailyRollingFileAppender">
<param name="File" value="target/test-data/jclouds-wire.log" />
<param name="Append" value="true" />
<!-- Rollover at midnight each day -->
<param name="DatePattern" value="'.'yyyy-MM-dd" />
<param name="Threshold" value="TRACE" />
<layout class="org.apache.log4j.PatternLayout">
<!-- The default pattern: Date Priority [Category] Message\n -->
<param name="ConversionPattern" value="%d %-5p [%c] (%t) %m%n" />
<!--
The full pattern: Date MS Priority [Category]
(Thread:NDC) Message\n <param name="ConversionPattern"
value="%d %-5r %-5p [%c] (%t:%x) %m%n"/>
-->
</layout>
</appender>
<!-- A time/date based rolling appender -->
<appender name="FILE" class="org.apache.log4j.DailyRollingFileAppender">
<param name="File" value="target/test-data/jclouds.log" />
<param name="Append" value="true" />
<!-- Rollover at midnight each day -->
<param name="DatePattern" value="'.'yyyy-MM-dd" />
<param name="Threshold" value="TRACE" />
<layout class="org.apache.log4j.PatternLayout">
<!-- The default pattern: Date Priority [Category] Message\n -->
<param name="ConversionPattern" value="%d %-5p [%c] (%t) %m%n" />
<!--
The full pattern: Date MS Priority [Category]
(Thread:NDC) Message\n <param name="ConversionPattern"
value="%d %-5r %-5p [%c] (%t:%x) %m%n"/>
-->
</layout>
</appender>
<!-- A time/date based rolling appender -->
<appender name="BLOBSTOREFILE" class="org.apache.log4j.DailyRollingFileAppender">
<param name="File" value="target/test-data/jclouds-blobstore.log" />
<param name="Append" value="true" />
<param name="DatePattern" value="'.'yyyy-MM-dd" />
<param name="Threshold" value="TRACE" />
<layout class="org.apache.log4j.PatternLayout">
<param name="ConversionPattern" value="%d %-5p [%c] (%t) %m%n" />
</layout>
</appender>
<!-- A time/date based rolling appender -->
<appender name="COMPUTEFILE" class="org.apache.log4j.DailyRollingFileAppender">
<param name="File" value="target/test-data/jclouds-compute.log" />
<param name="Append" value="true" />
<!-- Rollover at midnight each day -->
<param name="DatePattern" value="'.'yyyy-MM-dd" />
<param name="Threshold" value="TRACE" />
<layout class="org.apache.log4j.PatternLayout">
<!-- The default pattern: Date Priority [Category] Message\n -->
<param name="ConversionPattern" value="%d %-5p [%c] (%t) %m%n" />
<!--
The full pattern: Date MS Priority [Category]
(Thread:NDC) Message\n <param name="ConversionPattern"
value="%d %-5r %-5p [%c] (%t:%x) %m%n"/>
-->
</layout>
</appender>
<!-- A time/date based rolling appender -->
<appender name="SSHFILE" class="org.apache.log4j.DailyRollingFileAppender">
<param name="File" value="target/test-data/jclouds-ssh.log" />
<param name="Append" value="true" />
<!-- Rollover at midnight each day -->
<param name="DatePattern" value="'.'yyyy-MM-dd" />
<param name="Threshold" value="TRACE" />
<layout class="org.apache.log4j.PatternLayout">
<!-- The default pattern: Date Priority [Category] Message\n -->
<param name="ConversionPattern" value="%d %-5p [%c] (%t) %m%n" />
<!--
The full pattern: Date MS Priority [Category]
(Thread:NDC) Message\n <param name="ConversionPattern"
value="%d %-5r %-5p [%c] (%t:%x) %m%n"/>
-->
</layout>
</appender>
<appender name="ASYNCCOMPUTE" class="org.apache.log4j.AsyncAppender">
<appender-ref ref="COMPUTEFILE" />
</appender>
<appender name="ASYNCSSH" class="org.apache.log4j.AsyncAppender">
<appender-ref ref="SSHFILE" />
</appender>
<appender name="ASYNC" class="org.apache.log4j.AsyncAppender">
<appender-ref ref="FILE" />
</appender>
<appender name="ASYNCWIRE" class="org.apache.log4j.AsyncAppender">
<appender-ref ref="WIREFILE" />
</appender>
<appender name="ASYNCBLOBSTORE" class="org.apache.log4j.AsyncAppender">
<appender-ref ref="BLOBSTOREFILE" />
</appender>
<!-- ================ -->
<!-- Limit categories -->
<!-- ================ -->
<category name="org.jclouds">
<priority value="DEBUG" />
<appender-ref ref="ASYNC" />
</category>
<category name="jclouds.headers">
<priority value="DEBUG" />
<appender-ref ref="ASYNCWIRE" />
</category>
<category name="jclouds.ssh">
<priority value="DEBUG" />
<appender-ref ref="ASYNCSSH" />
</category>
<category name="jclouds.wire">
<priority value="DEBUG" />
<appender-ref ref="ASYNCWIRE" />
</category>
<category name="jclouds.blobstore">
<priority value="DEBUG" />
<appender-ref ref="ASYNCBLOBSTORE" />
</category>
<category name="jclouds.compute">
<priority value="TRACE" />
<appender-ref ref="ASYNCCOMPUTE" />
</category>
<!-- ======================= -->
<!-- Setup the Root category -->
<!-- ======================= -->
<root>
<priority value="WARN" />
</root>
</log4j:configuration>

View File

@ -0,0 +1,13 @@
<GetSessionTokenResponse xmlns="https://sts.amazonaws.com/doc/2011-06-15/">
<GetSessionTokenResult>
<Credentials>
<SessionToken>AQoEXAMPLEH4aoAH0gNCAPyJxz4BlCFFxWNE1OPTgk5TthT</SessionToken>
<SecretAccessKey>wJalrXUtnFEMI/K7MDENG/bPxRfiCYzEXAMPLEKEY</SecretAccessKey>
<Expiration>2011-07-11T19:55:29.611Z</Expiration>
<AccessKeyId>AKIAIOSFODNN7EXAMPLE</AccessKeyId>
</Credentials>
</GetSessionTokenResult>
<ResponseMetadata>
<RequestId>58c5dbae-abef-11e0-8cfe-09039844ac7d</RequestId>
</ResponseMetadata>
</GetSessionTokenResponse>