mirror of https://github.com/apache/jclouds.git
Merge pull request #1217 from jclouds/sts
add support for amazon temporary credentials
This commit is contained in:
commit
fbbce9e430
|
@ -25,6 +25,7 @@ import java.util.Date;
|
|||
import org.jclouds.domain.Credentials;
|
||||
|
||||
import com.google.common.base.Objects;
|
||||
import com.google.common.base.Supplier;
|
||||
|
||||
/**
|
||||
* AWS credentials for API authentication.
|
||||
|
@ -173,5 +174,4 @@ public final class TemporaryCredentials extends Credentials {
|
|||
return Objects.toStringHelper(this).add("accessKeyId", identity).add("sessionToken", sessionToken)
|
||||
.add("expiration", expiration).toString();
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
@ -26,7 +26,7 @@ import static com.google.common.io.BaseEncoding.base64;
|
|||
import static com.google.common.io.ByteStreams.readBytes;
|
||||
import static org.jclouds.aws.reference.FormParameters.ACTION;
|
||||
import static org.jclouds.aws.reference.FormParameters.AWS_ACCESS_KEY_ID;
|
||||
import static org.jclouds.aws.reference.FormParameters.SIGNATURE;
|
||||
import static org.jclouds.aws.reference.FormParameters.*;
|
||||
import static org.jclouds.aws.reference.FormParameters.SIGNATURE_METHOD;
|
||||
import static org.jclouds.aws.reference.FormParameters.SIGNATURE_VERSION;
|
||||
import static org.jclouds.aws.reference.FormParameters.TIMESTAMP;
|
||||
|
@ -115,17 +115,9 @@ public class FormSigner implements HttpRequestFilter, RequestSigner {
|
|||
String signature = sign(stringToSign);
|
||||
addSignature(decodedParams, signature);
|
||||
request = setPayload(request, decodedParams);
|
||||
Credentials current = creds.get();
|
||||
if (current instanceof TemporaryCredentials) {
|
||||
request = replaceSecurityTokenHeader(request, TemporaryCredentials.class.cast(current));
|
||||
}
|
||||
utils.logRequest(signatureLog, request, "<<");
|
||||
return request;
|
||||
}
|
||||
|
||||
HttpRequest replaceSecurityTokenHeader(HttpRequest request, TemporaryCredentials current) {
|
||||
return request.toBuilder().replaceHeader("SecurityToken", current.getSessionToken()).build();
|
||||
}
|
||||
|
||||
HttpRequest setPayload(HttpRequest request, Multimap<String, String> decodedParams) {
|
||||
String queryLine = buildQueryLine(decodedParams);
|
||||
|
@ -211,11 +203,16 @@ public class FormSigner implements HttpRequestFilter, RequestSigner {
|
|||
|
||||
@VisibleForTesting
|
||||
void addSigningParams(Multimap<String, String> params) {
|
||||
params.removeAll(SIGNATURE);
|
||||
params.removeAll(SECURITY_TOKEN);
|
||||
Credentials current = creds.get();
|
||||
if (current instanceof TemporaryCredentials) {
|
||||
params.put(SECURITY_TOKEN, TemporaryCredentials.class.cast(current).getSessionToken());
|
||||
}
|
||||
params.replaceValues(SIGNATURE_METHOD, ImmutableList.of("HmacSHA256"));
|
||||
params.replaceValues(SIGNATURE_VERSION, ImmutableList.of("2"));
|
||||
params.replaceValues(TIMESTAMP, ImmutableList.of(dateService.get()));
|
||||
params.replaceValues(AWS_ACCESS_KEY_ID, ImmutableList.of(creds.get().identity));
|
||||
params.removeAll(SIGNATURE);
|
||||
}
|
||||
|
||||
public String createStringToSign(HttpRequest input) {
|
||||
|
|
|
@ -59,6 +59,10 @@ public interface FormParameters {
|
|||
* Guide. Example: Qnpl4Qk/7tINHzfXCiT7VbBatDA=
|
||||
*/
|
||||
public static final String SIGNATURE = "Signature";
|
||||
/**
|
||||
* Temporary access token.
|
||||
*/
|
||||
public static final String SECURITY_TOKEN = "SecurityToken";
|
||||
/**
|
||||
* The hash algorithm you use to create the request signature. Valid values: HmacSHA256 |
|
||||
* HmacSHA1. For more information, go to the Amazon Elastic Compute Cloud Developer Guide.
|
||||
|
|
|
@ -87,8 +87,7 @@ public class FormSignerTest {
|
|||
HttpRequest filtered = filter(new TemporaryCredentialsHandlerTest().expected()).filter(request);
|
||||
assertEquals(
|
||||
filtered.getPayload().getRawContent(),
|
||||
"Action=DescribeImages&ImageId.1=ami-2bb65342&Signature=waV%2B%2BIdRwHRlnK2126CqgHHd4FZb%2B5wAeRueidjFc/M%3D&SignatureMethod=HmacSHA256&SignatureVersion=2&Timestamp=2009-11-08T15%3A54%3A08.897Z&Version=apiVersion&AWSAccessKeyId=AKIAIOSFODNN7EXAMPLE");
|
||||
assertEquals(filtered.getFirstHeaderOrNull("SecurityToken"), "AQoEXAMPLEH4aoAH0gNCAPyJxz4BlCFFxWNE1OPTgk5TthT");
|
||||
"Action=DescribeImages&ImageId.1=ami-2bb65342&SecurityToken=AQoEXAMPLEH4aoAH0gNCAPyJxz4BlCFFxWNE1OPTgk5TthT&Signature=/8ReFVH1tvyNORsJb%2BSBieT9zvdqREQQr/olwmxC7VY%3D&SignatureMethod=HmacSHA256&SignatureVersion=2&Timestamp=2009-11-08T15%3A54%3A08.897Z&Version=apiVersion&AWSAccessKeyId=AKIAIOSFODNN7EXAMPLE");
|
||||
}
|
||||
|
||||
@Test
|
||||
|
|
|
@ -0,0 +1,108 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!--
|
||||
|
||||
Licensed to jclouds, Inc. (jclouds) under one or more
|
||||
contributor license agreements. See the NOTICE file
|
||||
distributed with this work for additional information
|
||||
regarding copyright ownership. jclouds licenses this file
|
||||
to you under the Apache License, Version 2.0 (the
|
||||
"License"); you may not use this file except in compliance
|
||||
with the License. You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing,
|
||||
software distributed under the License is distributed on an
|
||||
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||
KIND, either express or implied. See the License for the
|
||||
specific language governing permissions and limitations
|
||||
under the License.
|
||||
|
||||
-->
|
||||
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
|
||||
<modelVersion>4.0.0</modelVersion>
|
||||
<parent>
|
||||
<groupId>org.jclouds</groupId>
|
||||
<artifactId>jclouds-project</artifactId>
|
||||
<version>1.6.0-SNAPSHOT</version>
|
||||
<relativePath>../../project/pom.xml</relativePath>
|
||||
</parent>
|
||||
<groupId>org.jclouds.labs</groupId>
|
||||
<artifactId>aws-sts</artifactId>
|
||||
<name>jclouds Amazon Identity and Access Management (STS) provider</name>
|
||||
<description>Identity and Access Management (STS) to Amazon Web Services</description>
|
||||
<packaging>bundle</packaging>
|
||||
|
||||
<properties>
|
||||
<test.aws-sts.endpoint>https://sts.amazonaws.com</test.aws-sts.endpoint>
|
||||
<test.aws-sts.api-version>2011-06-15</test.aws-sts.api-version>
|
||||
<test.aws-sts.build-version></test.aws-sts.build-version>
|
||||
<test.aws-sts.identity>${test.aws.identity}</test.aws-sts.identity>
|
||||
<test.aws-sts.credential>${test.aws.credential}</test.aws-sts.credential>
|
||||
|
||||
<jclouds.osgi.export>org.jclouds.aws.sts*;version="${project.version}"</jclouds.osgi.export>
|
||||
<jclouds.osgi.import>org.jclouds*;version="${project.version}",*</jclouds.osgi.import>
|
||||
</properties>
|
||||
|
||||
<dependencies>
|
||||
<dependency>
|
||||
<groupId>org.jclouds.labs</groupId>
|
||||
<artifactId>sts</artifactId>
|
||||
<version>${project.version}</version>
|
||||
<type>jar</type>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.jclouds.labs</groupId>
|
||||
<artifactId>sts</artifactId>
|
||||
<version>${project.version}</version>
|
||||
<type>test-jar</type>
|
||||
<scope>test</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.jclouds</groupId>
|
||||
<artifactId>jclouds-core</artifactId>
|
||||
<version>${project.version}</version>
|
||||
<type>test-jar</type>
|
||||
<scope>test</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.jclouds.driver</groupId>
|
||||
<artifactId>jclouds-log4j</artifactId>
|
||||
<version>${project.version}</version>
|
||||
<scope>test</scope>
|
||||
</dependency>
|
||||
</dependencies>
|
||||
|
||||
<profiles>
|
||||
<profile>
|
||||
<id>live</id>
|
||||
<build>
|
||||
<plugins>
|
||||
<plugin>
|
||||
<groupId>org.apache.maven.plugins</groupId>
|
||||
<artifactId>maven-surefire-plugin</artifactId>
|
||||
<executions>
|
||||
<execution>
|
||||
<id>integration</id>
|
||||
<phase>integration-test</phase>
|
||||
<goals>
|
||||
<goal>test</goal>
|
||||
</goals>
|
||||
<configuration>
|
||||
<systemPropertyVariables>
|
||||
<test.aws-sts.endpoint>${test.aws-sts.endpoint}</test.aws-sts.endpoint>
|
||||
<test.aws-sts.api-version>${test.aws-sts.api-version}</test.aws-sts.api-version>
|
||||
<test.aws-sts.build-version>${test.aws-sts.build-version}</test.aws-sts.build-version>
|
||||
<test.aws-sts.identity>${test.aws-sts.identity}</test.aws-sts.identity>
|
||||
<test.aws-sts.credential>${test.aws-sts.credential}</test.aws-sts.credential>
|
||||
</systemPropertyVariables>
|
||||
</configuration>
|
||||
</execution>
|
||||
</executions>
|
||||
</plugin>
|
||||
</plugins>
|
||||
</build>
|
||||
</profile>
|
||||
</profiles>
|
||||
|
||||
</project>
|
|
@ -0,0 +1,84 @@
|
|||
/**
|
||||
* Licensed to jclouds, Inc. (jclouds) under one or more
|
||||
* contributor license agreements. See the NOTICE file
|
||||
* distributed with this work for additional information
|
||||
* regarding copyright ownership. jclouds licenses this file
|
||||
* to you under the Apache License, Version 2.0 (the
|
||||
* "License"); you may not use this file except in compliance
|
||||
* with the License. You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing,
|
||||
* software distributed under the License is distributed on an
|
||||
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||
* KIND, either express or implied. See the License for the
|
||||
* specific language governing permissions and limitations
|
||||
* under the License.
|
||||
*/
|
||||
package org.jclouds.aws.sts;
|
||||
|
||||
import java.net.URI;
|
||||
import java.util.Properties;
|
||||
|
||||
import org.jclouds.sts.STSApiMetadata;
|
||||
import org.jclouds.providers.ProviderMetadata;
|
||||
import org.jclouds.providers.internal.BaseProviderMetadata;
|
||||
|
||||
/**
|
||||
* Implementation of @ link org.jclouds.types.ProviderMetadata} for Amazon's STS
|
||||
* provider.
|
||||
*
|
||||
* @author Adrian Cole
|
||||
*/
|
||||
public class AWSSTSProviderMetadata extends BaseProviderMetadata {
|
||||
|
||||
public static Builder builder() {
|
||||
return new Builder();
|
||||
}
|
||||
|
||||
@Override
|
||||
public Builder toBuilder() {
|
||||
return builder().fromProviderMetadata(this);
|
||||
}
|
||||
|
||||
public AWSSTSProviderMetadata() {
|
||||
super(builder());
|
||||
}
|
||||
|
||||
public AWSSTSProviderMetadata(Builder builder) {
|
||||
super(builder);
|
||||
}
|
||||
|
||||
public static Properties defaultProperties() {
|
||||
Properties properties = new Properties();
|
||||
return properties;
|
||||
}
|
||||
|
||||
public static class Builder extends BaseProviderMetadata.Builder {
|
||||
|
||||
protected Builder(){
|
||||
id("aws-sts")
|
||||
.name("Amazon STS")
|
||||
.endpoint("https://sts.amazonaws.com")
|
||||
.homepage(URI.create("http://aws.amazon.com/iam/"))
|
||||
.console(URI.create("https://console.aws.amazon.com/iam/home"))
|
||||
.linkedServices("aws-ec2", "aws-elb", "aws-iam", "aws-sts", "aws-cloudwatch", "aws-s3", "aws-sqs", "aws-simpledb")
|
||||
.iso3166Codes("US-VA")
|
||||
.apiMetadata(new STSApiMetadata())
|
||||
.defaultProperties(AWSSTSProviderMetadata.defaultProperties());
|
||||
}
|
||||
|
||||
@Override
|
||||
public AWSSTSProviderMetadata build() {
|
||||
return new AWSSTSProviderMetadata(this);
|
||||
}
|
||||
|
||||
@Override
|
||||
public Builder fromProviderMetadata(ProviderMetadata in) {
|
||||
super.fromProviderMetadata(in);
|
||||
return this;
|
||||
}
|
||||
|
||||
}
|
||||
}
|
|
@ -0,0 +1 @@
|
|||
org.jclouds.aws.sts.AWSSTSProviderMetadata
|
|
@ -0,0 +1,35 @@
|
|||
/**
|
||||
* Licensed to jclouds, Inc. (jclouds) under one or more
|
||||
* contributor license agreements. See the NOTICE file
|
||||
* distributed with this work for additional information
|
||||
* regarding copyright ownership. jclouds licenses this file
|
||||
* to you under the Apache License, Version 2.0 (the
|
||||
* "License"); you may not use this file except in compliance
|
||||
* with the License. You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing,
|
||||
* software distributed under the License is distributed on an
|
||||
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||
* KIND, either express or implied. See the License for the
|
||||
* specific language governing permissions and limitations
|
||||
* under the License.
|
||||
*/
|
||||
package org.jclouds.aws.sts;
|
||||
|
||||
import org.jclouds.sts.STSApiLiveTest;
|
||||
import org.testng.annotations.Test;
|
||||
|
||||
/**
|
||||
* Tests behavior of {@code STSApi}
|
||||
*
|
||||
* @author Adrian Cole
|
||||
*/
|
||||
@Test(groups = "live", singleThreaded = true, testName = "AWSSTSApiLiveTest")
|
||||
public class AWSSTSApiLiveTest extends STSApiLiveTest {
|
||||
public AWSSTSApiLiveTest() {
|
||||
provider = "aws-sts";
|
||||
}
|
||||
|
||||
}
|
|
@ -0,0 +1,37 @@
|
|||
/**
|
||||
* Licensed to jclouds, Inc. (jclouds) under one or more
|
||||
* contributor license agreements. See the NOTICE file
|
||||
* distributed with this work for additional information
|
||||
* regarding copyright ownership. jclouds licenses this file
|
||||
* to you under the Apache License, Version 2.0 (the
|
||||
* "License"); you may not use this file except in compliance
|
||||
* with the License. You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing,
|
||||
* software distributed under the License is distributed on an
|
||||
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||
* KIND, either express or implied. See the License for the
|
||||
* specific language governing permissions and limitations
|
||||
* under the License.
|
||||
*/
|
||||
package org.jclouds.aws.sts;
|
||||
|
||||
import org.jclouds.aws.sts.AWSSTSProviderMetadata;
|
||||
import org.jclouds.sts.STSApiMetadata;
|
||||
import org.jclouds.providers.internal.BaseProviderMetadataTest;
|
||||
import org.testng.annotations.Test;
|
||||
|
||||
/**
|
||||
* The AWSSTSProviderTest tests the org.jclouds.providers.AWSSTSProvider class.
|
||||
*
|
||||
* @author Adrian Cole
|
||||
*/
|
||||
@Test(groups = "unit", testName = "AWSSTSProviderTest")
|
||||
public class AWSSTSProviderTest extends BaseProviderMetadataTest {
|
||||
|
||||
public AWSSTSProviderTest() {
|
||||
super(new AWSSTSProviderMetadata(), new STSApiMetadata());
|
||||
}
|
||||
}
|
|
@ -63,5 +63,7 @@
|
|||
<module>oauth</module>
|
||||
<module>openstack-quantum</module>
|
||||
<module>openstack-glance</module>
|
||||
<module>sts</module>
|
||||
<module>aws-sts</module>
|
||||
</modules>
|
||||
</project>
|
||||
|
|
|
@ -0,0 +1,107 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!--
|
||||
|
||||
Licensed to jclouds, Inc. (jclouds) under one or more
|
||||
contributor license agreements. See the NOTICE file
|
||||
distributed with this work for additional information
|
||||
regarding copyright ownership. jclouds licenses this file
|
||||
to you under the Apache License, Version 2.0 (the
|
||||
"License"); you may not use this file except in compliance
|
||||
with the License. You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing,
|
||||
software distributed under the License is distributed on an
|
||||
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||
KIND, either express or implied. See the License for the
|
||||
specific language governing permissions and limitations
|
||||
under the License.
|
||||
|
||||
-->
|
||||
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
|
||||
<modelVersion>4.0.0</modelVersion>
|
||||
<parent>
|
||||
<groupId>org.jclouds</groupId>
|
||||
<artifactId>jclouds-project</artifactId>
|
||||
<version>1.6.0-SNAPSHOT</version>
|
||||
<relativePath>../../project/pom.xml</relativePath>
|
||||
</parent>
|
||||
<groupId>org.jclouds.labs</groupId>
|
||||
<artifactId>sts</artifactId>
|
||||
<name>jcloud sts api</name>
|
||||
<description>jclouds components to access an implementation of Security Token Service (STS)</description>
|
||||
<packaging>bundle</packaging>
|
||||
|
||||
<properties>
|
||||
<test.sts.endpoint>https://sts.amazonaws.com</test.sts.endpoint>
|
||||
<test.sts.api-version>2011-06-15</test.sts.api-version>
|
||||
<test.sts.build-version></test.sts.build-version>
|
||||
<test.sts.identity>${test.aws.identity}</test.sts.identity>
|
||||
<test.sts.credential>${test.aws.credential}</test.sts.credential>
|
||||
|
||||
<jclouds.osgi.export>org.jclouds.sts*;version="${project.version}"</jclouds.osgi.export>
|
||||
<jclouds.osgi.import>org.jclouds*;version="${project.version}",*</jclouds.osgi.import>
|
||||
</properties>
|
||||
|
||||
<dependencies>
|
||||
<dependency>
|
||||
<groupId>org.jclouds.common</groupId>
|
||||
<artifactId>aws-common</artifactId>
|
||||
<version>${project.version}</version>
|
||||
<type>jar</type>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.jclouds</groupId>
|
||||
<artifactId>jclouds-core</artifactId>
|
||||
<version>${project.version}</version>
|
||||
<type>test-jar</type>
|
||||
<scope>test</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.jclouds.driver</groupId>
|
||||
<artifactId>jclouds-log4j</artifactId>
|
||||
<version>${project.version}</version>
|
||||
<scope>test</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>log4j</groupId>
|
||||
<artifactId>log4j</artifactId>
|
||||
<scope>test</scope>
|
||||
</dependency>
|
||||
</dependencies>
|
||||
|
||||
<profiles>
|
||||
<profile>
|
||||
<id>live</id>
|
||||
<build>
|
||||
<plugins>
|
||||
<plugin>
|
||||
<groupId>org.apache.maven.plugins</groupId>
|
||||
<artifactId>maven-surefire-plugin</artifactId>
|
||||
<executions>
|
||||
<execution>
|
||||
<id>integration</id>
|
||||
<phase>integration-test</phase>
|
||||
<goals>
|
||||
<goal>test</goal>
|
||||
</goals>
|
||||
<configuration>
|
||||
<systemPropertyVariables>
|
||||
<test.sts.endpoint>${test.sts.endpoint}</test.sts.endpoint>
|
||||
<test.sts.api-version>${test.sts.api-version}</test.sts.api-version>
|
||||
<test.sts.build-version>${test.sts.build-version}</test.sts.build-version>
|
||||
<test.sts.identity>${test.sts.identity}</test.sts.identity>
|
||||
<test.sts.credential>${test.sts.credential}</test.sts.credential>
|
||||
</systemPropertyVariables>
|
||||
</configuration>
|
||||
</execution>
|
||||
</executions>
|
||||
</plugin>
|
||||
</plugins>
|
||||
</build>
|
||||
</profile>
|
||||
</profiles>
|
||||
|
||||
</project>
|
||||
|
|
@ -0,0 +1,83 @@
|
|||
/**
|
||||
* Licensed to jclouds, Inc. (jclouds) under one or more
|
||||
* contributor license agreements. See the NOTICE file
|
||||
* distributed with this work for additional information
|
||||
* regarding copyright ownership. jclouds licenses this file
|
||||
* to you under the Apache License, Version 2.0 (the
|
||||
* "License"); you may not use this file except in compliance
|
||||
* with the License. You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing,
|
||||
* software distributed under the License is distributed on an
|
||||
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||
* KIND, either express or implied. See the License for the
|
||||
* specific language governing permissions and limitations
|
||||
* under the License.
|
||||
*/
|
||||
package org.jclouds.sts;
|
||||
|
||||
import org.jclouds.aws.domain.TemporaryCredentials;
|
||||
import org.jclouds.sts.domain.User;
|
||||
import org.jclouds.sts.domain.UserAndTemporaryCredentials;
|
||||
import org.jclouds.sts.options.AssumeRoleOptions;
|
||||
import org.jclouds.sts.options.FederatedUserOptions;
|
||||
import org.jclouds.sts.options.TemporaryCredentialsOptions;
|
||||
|
||||
/**
|
||||
* Provides access to Amazon STS via the Query API
|
||||
* <p/>
|
||||
*
|
||||
* @see STSAsyncApi
|
||||
* @see <a href="http://docs.amazonwebservices.com/STS/latest/APIReference" />
|
||||
* @author Adrian Cole
|
||||
*/
|
||||
public interface STSApi {
|
||||
/**
|
||||
* Returns a set of temporary credentials for an AWS account or IAM user,
|
||||
* with a default timeout
|
||||
*/
|
||||
TemporaryCredentials createTemporaryCredentials();
|
||||
|
||||
/**
|
||||
* like {@link #createTemporaryCredentials()}, except you can modify the
|
||||
* timeout and other parameters.
|
||||
*/
|
||||
TemporaryCredentials createTemporaryCredentials(TemporaryCredentialsOptions options);
|
||||
|
||||
/**
|
||||
* Assumes a role for a specified session. Only IAM users can assume a role.
|
||||
*
|
||||
* @param sessionName
|
||||
* An identifier for the assumed role session, included as part of
|
||||
* {@link User#getId}.
|
||||
* @param roleArn
|
||||
* The Amazon Resource Name (ARN) of the role that the caller is
|
||||
* assuming.
|
||||
*/
|
||||
UserAndTemporaryCredentials assumeRole(String roleArn, String sessionName);
|
||||
|
||||
/**
|
||||
* like {@link #assumeRole(String, String)}, except you can modify the
|
||||
* timeout and other parameters.
|
||||
*/
|
||||
UserAndTemporaryCredentials assumeRole(String roleArn, String sessionName, AssumeRoleOptions options);
|
||||
|
||||
/**
|
||||
* Returns a set of temporary credentials for a federated user with the user
|
||||
* name specified.
|
||||
*
|
||||
* @param userName
|
||||
* The name of the federated user, included as part of
|
||||
* {@link User#getId}.
|
||||
*/
|
||||
UserAndTemporaryCredentials createFederatedUser(String userName);
|
||||
|
||||
/**
|
||||
* like {@link #createFederatedUser(String)}, except you can modify the
|
||||
* timeout and other parameters.
|
||||
*/
|
||||
UserAndTemporaryCredentials createFederatedUser(String userName, FederatedUserOptions options);
|
||||
|
||||
}
|
|
@ -0,0 +1,93 @@
|
|||
/**
|
||||
* Licensed to jclouds, Inc. (jclouds) under one or more
|
||||
* contributor license agreements. See the NOTICE file
|
||||
* distributed with this work for additional information
|
||||
* regarding copyright ownership. jclouds licenses this file
|
||||
* to you under the Apache License, Version 2.0 (the
|
||||
* "License"); you may not use this file except in compliance
|
||||
* with the License. You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing,
|
||||
* software distributed under the License is distributed on an
|
||||
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||
* KIND, either express or implied. See the License for the
|
||||
* specific language governing permissions and limitations
|
||||
* under the License.
|
||||
*/
|
||||
package org.jclouds.sts;
|
||||
|
||||
import static java.util.concurrent.TimeUnit.SECONDS;
|
||||
import static org.jclouds.Constants.PROPERTY_TIMEOUTS_PREFIX;
|
||||
import static org.jclouds.aws.reference.AWSConstants.PROPERTY_AUTH_TAG;
|
||||
import static org.jclouds.aws.reference.AWSConstants.PROPERTY_HEADER_TAG;
|
||||
|
||||
import java.net.URI;
|
||||
import java.util.Properties;
|
||||
|
||||
import org.jclouds.apis.ApiMetadata;
|
||||
import org.jclouds.sts.config.STSRestClientModule;
|
||||
import org.jclouds.rest.RestContext;
|
||||
import org.jclouds.rest.internal.BaseRestApiMetadata;
|
||||
|
||||
import com.google.common.reflect.TypeToken;
|
||||
|
||||
/**
|
||||
* Implementation of {@link ApiMetadata} for Amazon's STS api.
|
||||
*
|
||||
* @author Adrian Cole
|
||||
*/
|
||||
public class STSApiMetadata extends BaseRestApiMetadata {
|
||||
|
||||
public static final TypeToken<RestContext<? extends STSApi, ? extends STSAsyncApi>> CONTEXT_TOKEN = new TypeToken<RestContext<? extends STSApi, ? extends STSAsyncApi>>() {
|
||||
private static final long serialVersionUID = 1L;
|
||||
};
|
||||
|
||||
@Override
|
||||
public Builder toBuilder() {
|
||||
return new Builder(getApi(), getAsyncApi()).fromApiMetadata(this);
|
||||
}
|
||||
|
||||
public STSApiMetadata() {
|
||||
this(new Builder(STSApi.class, STSAsyncApi.class));
|
||||
}
|
||||
|
||||
protected STSApiMetadata(Builder builder) {
|
||||
super(Builder.class.cast(builder));
|
||||
}
|
||||
|
||||
public static Properties defaultProperties() {
|
||||
Properties properties = BaseRestApiMetadata.defaultProperties();
|
||||
properties.setProperty(PROPERTY_TIMEOUTS_PREFIX + "default", SECONDS.toMillis(30) + "");
|
||||
properties.setProperty(PROPERTY_AUTH_TAG, "AWS");
|
||||
properties.setProperty(PROPERTY_HEADER_TAG, "amz");
|
||||
return properties;
|
||||
}
|
||||
|
||||
public static class Builder extends BaseRestApiMetadata.Builder<Builder> {
|
||||
|
||||
protected Builder(Class<?> api, Class<?> asyncApi) {
|
||||
super(api, asyncApi);
|
||||
id("sts")
|
||||
.name("Amazon STS Api")
|
||||
.identityName("Access Key ID")
|
||||
.credentialName("Secret Access Key")
|
||||
.version("2011-06-15")
|
||||
.documentation(URI.create("http://docs.amazonwebservices.com/STS/latest/APIReference/"))
|
||||
.defaultEndpoint("https://sts.amazonaws.com")
|
||||
.defaultProperties(STSApiMetadata.defaultProperties())
|
||||
.defaultModule(STSRestClientModule.class);
|
||||
}
|
||||
|
||||
@Override
|
||||
public STSApiMetadata build() {
|
||||
return new STSApiMetadata(this);
|
||||
}
|
||||
|
||||
@Override
|
||||
protected Builder self() {
|
||||
return this;
|
||||
}
|
||||
}
|
||||
}
|
|
@ -0,0 +1,113 @@
|
|||
/**
|
||||
* Licensed to jclouds, Inc. (jclouds) under one or more
|
||||
* contributor license agreements. See the NOTICE file
|
||||
* distributed with this work for additional information
|
||||
* regarding copyright ownership. jclouds licenses this file
|
||||
* to you under the Apache License, Version 2.0 (the
|
||||
* "License"); you may not use this file except in compliance
|
||||
* with the License. You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing,
|
||||
* software distributed under the License is distributed on an
|
||||
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||
* KIND, either express or implied. See the License for the
|
||||
* specific language governing permissions and limitations
|
||||
* under the License.
|
||||
*/
|
||||
package org.jclouds.sts;
|
||||
|
||||
import javax.inject.Named;
|
||||
import javax.ws.rs.FormParam;
|
||||
import javax.ws.rs.POST;
|
||||
import javax.ws.rs.Path;
|
||||
|
||||
import org.jclouds.aws.domain.TemporaryCredentials;
|
||||
import org.jclouds.aws.filters.FormSigner;
|
||||
import org.jclouds.aws.xml.TemporaryCredentialsHandler;
|
||||
import org.jclouds.rest.annotations.FormParams;
|
||||
import org.jclouds.rest.annotations.RequestFilters;
|
||||
import org.jclouds.rest.annotations.VirtualHost;
|
||||
import org.jclouds.rest.annotations.XMLResponseParser;
|
||||
import org.jclouds.sts.domain.UserAndTemporaryCredentials;
|
||||
import org.jclouds.sts.options.AssumeRoleOptions;
|
||||
import org.jclouds.sts.options.FederatedUserOptions;
|
||||
import org.jclouds.sts.options.TemporaryCredentialsOptions;
|
||||
import org.jclouds.sts.xml.UserAndTemporaryCredentialsHandler;
|
||||
|
||||
import com.google.common.util.concurrent.ListenableFuture;
|
||||
|
||||
/**
|
||||
* Provides access to Amazon STS via the Query API
|
||||
* <p/>
|
||||
*
|
||||
* @see <a href="http://docs.amazonwebservices.com/STS/latest/APIReference" />
|
||||
* @author Adrian Cole
|
||||
*/
|
||||
@RequestFilters(FormSigner.class)
|
||||
@VirtualHost
|
||||
public interface STSAsyncApi {
|
||||
|
||||
/**
|
||||
* @see STSApi#createTemporaryCredentials()
|
||||
*/
|
||||
@Named("GetSessionToken")
|
||||
@POST
|
||||
@Path("/")
|
||||
@XMLResponseParser(TemporaryCredentialsHandler.class)
|
||||
@FormParams(keys = "Action", values = "GetSessionToken")
|
||||
ListenableFuture<TemporaryCredentials> createTemporaryCredentials();
|
||||
|
||||
/**
|
||||
* @see STSApi#createTemporaryCredentials(TemporaryCredentialsOptions)
|
||||
*/
|
||||
@Named("GetSessionToken")
|
||||
@POST
|
||||
@Path("/")
|
||||
@XMLResponseParser(TemporaryCredentialsHandler.class)
|
||||
@FormParams(keys = "Action", values = "GetSessionToken")
|
||||
ListenableFuture<TemporaryCredentials> createTemporaryCredentials(TemporaryCredentialsOptions options);
|
||||
|
||||
/**
|
||||
* @see STSApi#assumeRole(String, String)
|
||||
*/
|
||||
@Named("AssumeRole")
|
||||
@POST
|
||||
@Path("/")
|
||||
@XMLResponseParser(UserAndTemporaryCredentialsHandler.class)
|
||||
@FormParams(keys = "Action", values = "AssumeRole")
|
||||
ListenableFuture<UserAndTemporaryCredentials> assumeRole(@FormParam("RoleArn") String roleArn,
|
||||
@FormParam("RoleSessionName") String sessionName);
|
||||
|
||||
/**
|
||||
* @see STSApi#assumeRole(String, String, AssumeRoleOptions)
|
||||
*/
|
||||
@Named("AssumeRole")
|
||||
@POST
|
||||
@Path("/")
|
||||
@XMLResponseParser(UserAndTemporaryCredentialsHandler.class)
|
||||
@FormParams(keys = "Action", values = "AssumeRole")
|
||||
ListenableFuture<UserAndTemporaryCredentials> assumeRole(@FormParam("RoleArn") String roleArn,
|
||||
@FormParam("RoleSessionName") String sessionName, AssumeRoleOptions options);
|
||||
|
||||
/**
|
||||
* @see STSApi#createFederatedUser(String)
|
||||
*/
|
||||
@Named("GetFederationToken")
|
||||
@POST
|
||||
@Path("/")
|
||||
@XMLResponseParser(UserAndTemporaryCredentialsHandler.class)
|
||||
@FormParams(keys = "Action", values = "GetFederationToken")
|
||||
ListenableFuture<UserAndTemporaryCredentials> createFederatedUser(@FormParam("Name") String userName);
|
||||
|
||||
/**
|
||||
* @see STSApi#createFederatedUser(FederatedUserOptions)
|
||||
*/
|
||||
@Named("GetFederationToken")
|
||||
@POST
|
||||
@Path("/")
|
||||
@XMLResponseParser(UserAndTemporaryCredentialsHandler.class)
|
||||
@FormParams(keys = "Action", values = "GetFederationToken")
|
||||
ListenableFuture<UserAndTemporaryCredentials> createFederatedUser(@FormParam("Name") String userName, FederatedUserOptions options);
|
||||
}
|
|
@ -0,0 +1,40 @@
|
|||
/**
|
||||
* Licensed to jclouds, Inc. (jclouds) under one or more
|
||||
* contributor license agreements. See the NOTICE file
|
||||
* distributed with this work for additional information
|
||||
* regarding copyright ownership. jclouds licenses this file
|
||||
* to you under the Apache License, Version 2.0 (the
|
||||
* "License"); you may not use this file except in compliance
|
||||
* with the License. You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing,
|
||||
* software distributed under the License is distributed on an
|
||||
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||
* KIND, either express or implied. See the License for the
|
||||
* specific language governing permissions and limitations
|
||||
* under the License.
|
||||
*/
|
||||
package org.jclouds.sts.config;
|
||||
|
||||
import static org.jclouds.reflect.Reflection2.typeToken;
|
||||
|
||||
import org.jclouds.aws.config.FormSigningRestClientModule;
|
||||
import org.jclouds.rest.ConfiguresRestClient;
|
||||
import org.jclouds.sts.STSApi;
|
||||
import org.jclouds.sts.STSAsyncApi;
|
||||
|
||||
/**
|
||||
* Configures the STS connection.
|
||||
*
|
||||
* @author Adrian Cole
|
||||
*/
|
||||
@ConfiguresRestClient
|
||||
public class STSRestClientModule extends FormSigningRestClientModule<STSApi, STSAsyncApi> {
|
||||
|
||||
public STSRestClientModule() {
|
||||
super(typeToken(STSApi.class), typeToken(STSAsyncApi.class));
|
||||
}
|
||||
|
||||
}
|
|
@ -0,0 +1,75 @@
|
|||
/**
|
||||
* Licensed to jclouds, Inc. (jclouds) under one or more
|
||||
* contributor license agreements. See the NOTICE file
|
||||
* distributed with this work for additional information
|
||||
* regarding copyright ownership. jclouds licenses this file
|
||||
* to you under the Apache License, Version 2.0 (the
|
||||
* "License"); you may not use this file except in compliance
|
||||
* with the License. You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing,
|
||||
* software distributed under the License is distributed on an
|
||||
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||
* KIND, either express or implied. See the License for the
|
||||
* specific language governing permissions and limitations
|
||||
* under the License.
|
||||
*/
|
||||
package org.jclouds.sts.domain;
|
||||
|
||||
import static com.google.common.base.Preconditions.checkNotNull;
|
||||
|
||||
import com.google.common.base.Objects;
|
||||
|
||||
/**
|
||||
* @author Adrian Cole
|
||||
*/
|
||||
public final class User {
|
||||
public static User fromIdAndArn(String id, String arn) {
|
||||
return new User(id, arn);
|
||||
}
|
||||
|
||||
private final String id;
|
||||
private final String arn;
|
||||
|
||||
private User(String id, String arn) {
|
||||
this.id = checkNotNull(id, "id");
|
||||
this.arn = checkNotNull(arn, "arn for %s", id);
|
||||
}
|
||||
|
||||
/**
|
||||
* The id of the federated user or assumed role. ex.
|
||||
* {@code ARO123EXAMPLE123:Bob}
|
||||
*/
|
||||
public String getId() {
|
||||
return id;
|
||||
}
|
||||
|
||||
/**
|
||||
* The arn of the federated user or assumed role.
|
||||
*
|
||||
* ex. {@code arn:aws:sts::123456789012:federated-user/Bob} or
|
||||
* {@code arn:aws:sts::123456789012:assumed-role/demo/Bob}
|
||||
*/
|
||||
public String getArn() {
|
||||
return arn;
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean equals(Object obj) {
|
||||
if (this == obj)
|
||||
return true;
|
||||
if (obj == null)
|
||||
return false;
|
||||
if (getClass() != obj.getClass())
|
||||
return false;
|
||||
User other = (User) obj;
|
||||
return Objects.equal(this.id, other.id) && Objects.equal(this.arn, other.arn);
|
||||
}
|
||||
|
||||
@Override
|
||||
public String toString() {
|
||||
return Objects.toStringHelper(this).add("id", id).add("arn", arn).toString();
|
||||
}
|
||||
}
|
|
@ -0,0 +1,133 @@
|
|||
/**
|
||||
* Licensed to jclouds, Inc. (jclouds) under one or more
|
||||
* contributor license agreements. See the NOTICE file
|
||||
* distributed with this work for additional information
|
||||
* regarding copyright ownership. jclouds licenses this file
|
||||
* to you under the Apache License, Version 2.0 (the
|
||||
* "License"); you may not use this file except in compliance
|
||||
* with the License. You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing,
|
||||
* software distributed under the License is distributed on an
|
||||
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||
* KIND, either express or implied. See the License for the
|
||||
* specific language governing permissions and limitations
|
||||
* under the License.
|
||||
*/
|
||||
package org.jclouds.sts.domain;
|
||||
|
||||
import static com.google.common.base.Preconditions.checkNotNull;
|
||||
|
||||
import org.jclouds.aws.domain.TemporaryCredentials;
|
||||
|
||||
import com.google.common.base.Objects;
|
||||
|
||||
/**
|
||||
*
|
||||
* @author Adrian Cole
|
||||
*/
|
||||
public final class UserAndTemporaryCredentials {
|
||||
public static Builder builder() {
|
||||
return new Builder();
|
||||
}
|
||||
|
||||
public Builder toBuilder() {
|
||||
return builder().from(this);
|
||||
}
|
||||
|
||||
public final static class Builder {
|
||||
private User user;
|
||||
private TemporaryCredentials credentials;
|
||||
private int packedPolicySize;
|
||||
|
||||
/**
|
||||
* @see UserAndTemporaryCredentials#getUser()
|
||||
*/
|
||||
public Builder user(User user) {
|
||||
this.user = user;
|
||||
return this;
|
||||
}
|
||||
|
||||
/**
|
||||
* @see UserAndTemporaryCredentials#getCredentials()
|
||||
*/
|
||||
public Builder credentials(TemporaryCredentials credentials) {
|
||||
this.credentials = credentials;
|
||||
return this;
|
||||
}
|
||||
|
||||
/**
|
||||
* @see UserAndTemporaryCredentials#getPackedPolicySize()
|
||||
*/
|
||||
public Builder packedPolicySize(int packedPolicySize) {
|
||||
this.packedPolicySize = packedPolicySize;
|
||||
return this;
|
||||
}
|
||||
|
||||
public UserAndTemporaryCredentials build() {
|
||||
return new UserAndTemporaryCredentials(user, credentials, packedPolicySize);
|
||||
}
|
||||
|
||||
public Builder from(UserAndTemporaryCredentials in) {
|
||||
return this.user(in.user).credentials(in.credentials).packedPolicySize(in.packedPolicySize);
|
||||
}
|
||||
}
|
||||
|
||||
private final User user;
|
||||
private final TemporaryCredentials credentials;
|
||||
private final int packedPolicySize;
|
||||
|
||||
private UserAndTemporaryCredentials(User user, TemporaryCredentials credentials, int packedPolicySize) {
|
||||
this.user = checkNotNull(user, "user");
|
||||
this.credentials = checkNotNull(credentials, "credentials for %s", user);
|
||||
this.packedPolicySize = checkNotNull(packedPolicySize, "packedPolicySize for %s", user);
|
||||
}
|
||||
|
||||
/**
|
||||
* user correlating to {@link UserAndTemporaryCredentials#getCredentials()}
|
||||
*/
|
||||
public User getUser() {
|
||||
return user;
|
||||
}
|
||||
|
||||
/**
|
||||
* The temporary security credentials, which includes an Access Key ID, a
|
||||
* Secret Access Key, and a security token.
|
||||
*/
|
||||
public TemporaryCredentials getCredentials() {
|
||||
return credentials;
|
||||
}
|
||||
|
||||
/**
|
||||
* A percentage value that indicates the size of the policy in packed form.
|
||||
*/
|
||||
public int getPackedPolicySize() {
|
||||
return packedPolicySize;
|
||||
}
|
||||
|
||||
@Override
|
||||
public int hashCode() {
|
||||
return Objects.hashCode(user, credentials, packedPolicySize);
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean equals(Object obj) {
|
||||
if (this == obj)
|
||||
return true;
|
||||
if (obj == null)
|
||||
return false;
|
||||
if (getClass() != obj.getClass())
|
||||
return false;
|
||||
UserAndTemporaryCredentials other = (UserAndTemporaryCredentials) obj;
|
||||
return Objects.equal(this.user, other.user) && Objects.equal(this.credentials, other.credentials)
|
||||
&& Objects.equal(this.packedPolicySize, other.packedPolicySize);
|
||||
}
|
||||
|
||||
@Override
|
||||
public String toString() {
|
||||
return Objects.toStringHelper(this).add("user", user).add("credentials", credentials)
|
||||
.add("packedPolicySize", packedPolicySize).toString();
|
||||
}
|
||||
}
|
|
@ -0,0 +1,140 @@
|
|||
/**
|
||||
* Licensed to jclouds, Inc. (jclouds) under one or more
|
||||
* contributor license agreements. See the NOTICE file
|
||||
* distributed with this work for additional information
|
||||
* regarding copyright ownership. jclouds licenses this file
|
||||
* to you under the Apache License, Version 2.0 (the
|
||||
* "License"); you may not use this file except in compliance
|
||||
* with the License. You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing,
|
||||
* software distributed under the License is distributed on an
|
||||
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||
* KIND, either express or implied. See the License for the
|
||||
* specific language governing permissions and limitations
|
||||
* under the License.
|
||||
*/
|
||||
package org.jclouds.sts.options;
|
||||
|
||||
import org.jclouds.http.options.BaseHttpRequestOptions;
|
||||
|
||||
import com.google.common.base.Objects;
|
||||
import com.google.common.collect.Multimap;
|
||||
|
||||
/**
|
||||
* @see <a href=
|
||||
* "http://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRole.html"
|
||||
* />
|
||||
*
|
||||
* @author Adrian Cole
|
||||
*/
|
||||
public class AssumeRoleOptions extends BaseHttpRequestOptions implements Cloneable {
|
||||
|
||||
// long as this is a more typical unit for duration, hence less casting
|
||||
private Long durationSeconds;
|
||||
private String policy;
|
||||
private String externalId;
|
||||
|
||||
/**
|
||||
* A unique identifier that is generated by a third party for each of their customers.
|
||||
*/
|
||||
public AssumeRoleOptions externalId(String externalId) {
|
||||
this.externalId = externalId;
|
||||
return this;
|
||||
}
|
||||
|
||||
/**
|
||||
* The duration, in seconds, that the credentials should remain valid. 12
|
||||
* hours is default. 15 minutes is current minimum.
|
||||
*/
|
||||
public AssumeRoleOptions durationSeconds(long durationSeconds) {
|
||||
this.durationSeconds = durationSeconds;
|
||||
return this;
|
||||
}
|
||||
|
||||
/**
|
||||
* A supplemental policy that can be associated with the temporary security credentials.
|
||||
*/
|
||||
public AssumeRoleOptions policy(String policy) {
|
||||
this.policy = policy;
|
||||
return this;
|
||||
}
|
||||
|
||||
public static class Builder {
|
||||
|
||||
/**
|
||||
* @see AssumeRoleOptions#externalId
|
||||
*/
|
||||
public static AssumeRoleOptions externalId(String externalId) {
|
||||
return new AssumeRoleOptions().externalId(externalId);
|
||||
}
|
||||
|
||||
/**
|
||||
* @see AssumeRoleOptions#durationSeconds
|
||||
*/
|
||||
public static AssumeRoleOptions durationSeconds(long durationSeconds) {
|
||||
return new AssumeRoleOptions().durationSeconds(durationSeconds);
|
||||
}
|
||||
|
||||
/**
|
||||
* @see AssumeRoleOptions#policy
|
||||
*/
|
||||
public static AssumeRoleOptions policy(String policy) {
|
||||
return new AssumeRoleOptions().policy(policy);
|
||||
}
|
||||
}
|
||||
|
||||
@Override
|
||||
public Multimap<String, String> buildFormParameters() {
|
||||
Multimap<String, String> params = super.buildFormParameters();
|
||||
if (externalId != null)
|
||||
params.put("ExternalId", externalId.toString());
|
||||
if (durationSeconds != null)
|
||||
params.put("DurationSeconds", durationSeconds.toString());
|
||||
if (policy != null)
|
||||
params.put("Policy", policy);
|
||||
return params;
|
||||
}
|
||||
|
||||
/**
|
||||
* {@inheritDoc}
|
||||
*/
|
||||
@Override
|
||||
public int hashCode() {
|
||||
return Objects.hashCode(externalId, durationSeconds, policy);
|
||||
}
|
||||
|
||||
@Override
|
||||
public AssumeRoleOptions clone() {
|
||||
return new AssumeRoleOptions().externalId(externalId).durationSeconds(durationSeconds)
|
||||
.policy(policy);
|
||||
}
|
||||
|
||||
/**
|
||||
* {@inheritDoc}
|
||||
*/
|
||||
@Override
|
||||
public boolean equals(Object obj) {
|
||||
if (this == obj)
|
||||
return true;
|
||||
if (obj == null)
|
||||
return false;
|
||||
if (getClass() != obj.getClass())
|
||||
return false;
|
||||
AssumeRoleOptions other = AssumeRoleOptions.class.cast(obj);
|
||||
return Objects.equal(this.externalId, other.externalId)
|
||||
&& Objects.equal(this.durationSeconds, other.durationSeconds)
|
||||
&& Objects.equal(this.policy, other.policy);
|
||||
}
|
||||
|
||||
/**
|
||||
* {@inheritDoc}
|
||||
*/
|
||||
@Override
|
||||
public String toString() {
|
||||
return Objects.toStringHelper(this).omitNullValues().add("externalId", externalId)
|
||||
.add("durationSeconds", durationSeconds).add("policy", policy).toString();
|
||||
}
|
||||
}
|
|
@ -0,0 +1,120 @@
|
|||
/**
|
||||
* Licensed to jclouds, Inc. (jclouds) under one or more
|
||||
* contributor license agreements. See the NOTICE file
|
||||
* distributed with this work for additional information
|
||||
* regarding copyright ownership. jclouds licenses this file
|
||||
* to you under the Apache License, Version 2.0 (the
|
||||
* "License"); you may not use this file except in compliance
|
||||
* with the License. You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing,
|
||||
* software distributed under the License is distributed on an
|
||||
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||
* KIND, either express or implied. See the License for the
|
||||
* specific language governing permissions and limitations
|
||||
* under the License.
|
||||
*/
|
||||
package org.jclouds.sts.options;
|
||||
|
||||
import org.jclouds.http.options.BaseHttpRequestOptions;
|
||||
|
||||
import com.google.common.base.Objects;
|
||||
import com.google.common.collect.Multimap;
|
||||
|
||||
/**
|
||||
* @see <a href=
|
||||
* "http://docs.aws.amazon.com/STS/latest/APIReference/API_GetFederationToken.html"
|
||||
* />
|
||||
*
|
||||
* @author Adrian Cole
|
||||
*/
|
||||
public class FederatedUserOptions extends BaseHttpRequestOptions implements Cloneable {
|
||||
|
||||
// long as this is a more typical unit for duration, hence less casting
|
||||
private Long durationSeconds;
|
||||
private String policy;
|
||||
|
||||
/**
|
||||
* The duration, in seconds, that the credentials should remain valid. 12
|
||||
* hours is default. 15 minutes is current minimum.
|
||||
*/
|
||||
public FederatedUserOptions durationSeconds(long durationSeconds) {
|
||||
this.durationSeconds = durationSeconds;
|
||||
return this;
|
||||
}
|
||||
|
||||
/**
|
||||
* A supplemental policy that can be associated with the temporary security
|
||||
* credentials.
|
||||
*/
|
||||
public FederatedUserOptions policy(String policy) {
|
||||
this.policy = policy;
|
||||
return this;
|
||||
}
|
||||
|
||||
public static class Builder {
|
||||
|
||||
/**
|
||||
* @see FederatedUserOptions#durationSeconds
|
||||
*/
|
||||
public static FederatedUserOptions durationSeconds(long durationSeconds) {
|
||||
return new FederatedUserOptions().durationSeconds(durationSeconds);
|
||||
}
|
||||
|
||||
/**
|
||||
* @see FederatedUserOptions#policy
|
||||
*/
|
||||
public static FederatedUserOptions policy(String policy) {
|
||||
return new FederatedUserOptions().policy(policy);
|
||||
}
|
||||
}
|
||||
|
||||
@Override
|
||||
public Multimap<String, String> buildFormParameters() {
|
||||
Multimap<String, String> params = super.buildFormParameters();
|
||||
if (durationSeconds != null)
|
||||
params.put("DurationSeconds", durationSeconds.toString());
|
||||
if (policy != null)
|
||||
params.put("Policy", policy);
|
||||
return params;
|
||||
}
|
||||
|
||||
/**
|
||||
* {@inheritDoc}
|
||||
*/
|
||||
@Override
|
||||
public int hashCode() {
|
||||
return Objects.hashCode(durationSeconds, policy);
|
||||
}
|
||||
|
||||
@Override
|
||||
public FederatedUserOptions clone() {
|
||||
return new FederatedUserOptions().durationSeconds(durationSeconds).policy(policy);
|
||||
}
|
||||
|
||||
/**
|
||||
* {@inheritDoc}
|
||||
*/
|
||||
@Override
|
||||
public boolean equals(Object obj) {
|
||||
if (this == obj)
|
||||
return true;
|
||||
if (obj == null)
|
||||
return false;
|
||||
if (getClass() != obj.getClass())
|
||||
return false;
|
||||
FederatedUserOptions other = FederatedUserOptions.class.cast(obj);
|
||||
return Objects.equal(this.durationSeconds, other.durationSeconds) && Objects.equal(this.policy, other.policy);
|
||||
}
|
||||
|
||||
/**
|
||||
* {@inheritDoc}
|
||||
*/
|
||||
@Override
|
||||
public String toString() {
|
||||
return Objects.toStringHelper(this).omitNullValues().add("durationSeconds", durationSeconds)
|
||||
.add("policy", policy).toString();
|
||||
}
|
||||
}
|
|
@ -0,0 +1,142 @@
|
|||
/**
|
||||
* Licensed to jclouds, Inc. (jclouds) under one or more
|
||||
* contributor license agreements. See the NOTICE file
|
||||
* distributed with this work for additional information
|
||||
* regarding copyright ownership. jclouds licenses this file
|
||||
* to you under the Apache License, Version 2.0 (the
|
||||
* "License"); you may not use this file except in compliance
|
||||
* with the License. You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing,
|
||||
* software distributed under the License is distributed on an
|
||||
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||
* KIND, either express or implied. See the License for the
|
||||
* specific language governing permissions and limitations
|
||||
* under the License.
|
||||
*/
|
||||
package org.jclouds.sts.options;
|
||||
|
||||
import org.jclouds.http.options.BaseHttpRequestOptions;
|
||||
|
||||
import com.google.common.base.Objects;
|
||||
import com.google.common.collect.Multimap;
|
||||
|
||||
/**
|
||||
* Options used to get a session token.
|
||||
*
|
||||
* @see <a href=
|
||||
* "http://docs.aws.amazon.com/STS/latest/APIReference/API_GetSessionToken.html"
|
||||
* />
|
||||
*
|
||||
* @author Adrian Cole
|
||||
*/
|
||||
public class TemporaryCredentialsOptions extends BaseHttpRequestOptions implements Cloneable {
|
||||
|
||||
// long as this is a more typical unit for duration, hence less casting
|
||||
private Long durationSeconds;
|
||||
private String tokenCode;
|
||||
private String serialNumber;
|
||||
|
||||
/**
|
||||
* The identification number of the MFA device for the user.
|
||||
*/
|
||||
public TemporaryCredentialsOptions serialNumber(String serialNumber) {
|
||||
this.serialNumber = serialNumber;
|
||||
return this;
|
||||
}
|
||||
|
||||
/**
|
||||
* The duration, in seconds, that the credentials should remain valid. 12
|
||||
* hours is default. 15 minutes is current minimum.
|
||||
*/
|
||||
public TemporaryCredentialsOptions durationSeconds(long durationSeconds) {
|
||||
this.durationSeconds = durationSeconds;
|
||||
return this;
|
||||
}
|
||||
|
||||
/**
|
||||
* The value provided by the MFA device.
|
||||
*/
|
||||
public TemporaryCredentialsOptions tokenCode(String tokenCode) {
|
||||
this.tokenCode = tokenCode;
|
||||
return this;
|
||||
}
|
||||
|
||||
public static class Builder {
|
||||
|
||||
/**
|
||||
* @see TemporaryCredentialsOptions#serialNumber
|
||||
*/
|
||||
public static TemporaryCredentialsOptions serialNumber(String serialNumber) {
|
||||
return new TemporaryCredentialsOptions().serialNumber(serialNumber);
|
||||
}
|
||||
|
||||
/**
|
||||
* @see TemporaryCredentialsOptions#durationSeconds
|
||||
*/
|
||||
public static TemporaryCredentialsOptions durationSeconds(long durationSeconds) {
|
||||
return new TemporaryCredentialsOptions().durationSeconds(durationSeconds);
|
||||
}
|
||||
|
||||
/**
|
||||
* @see TemporaryCredentialsOptions#tokenCode
|
||||
*/
|
||||
public static TemporaryCredentialsOptions tokenCode(String tokenCode) {
|
||||
return new TemporaryCredentialsOptions().tokenCode(tokenCode);
|
||||
}
|
||||
}
|
||||
|
||||
@Override
|
||||
public Multimap<String, String> buildFormParameters() {
|
||||
Multimap<String, String> params = super.buildFormParameters();
|
||||
if (serialNumber != null)
|
||||
params.put("SerialNumber", serialNumber.toString());
|
||||
if (durationSeconds != null)
|
||||
params.put("DurationSeconds", durationSeconds.toString());
|
||||
if (tokenCode != null)
|
||||
params.put("TokenCode", tokenCode);
|
||||
return params;
|
||||
}
|
||||
|
||||
/**
|
||||
* {@inheritDoc}
|
||||
*/
|
||||
@Override
|
||||
public int hashCode() {
|
||||
return Objects.hashCode(serialNumber, durationSeconds, tokenCode);
|
||||
}
|
||||
|
||||
@Override
|
||||
public TemporaryCredentialsOptions clone() {
|
||||
return new TemporaryCredentialsOptions().serialNumber(serialNumber).durationSeconds(durationSeconds)
|
||||
.tokenCode(tokenCode);
|
||||
}
|
||||
|
||||
/**
|
||||
* {@inheritDoc}
|
||||
*/
|
||||
@Override
|
||||
public boolean equals(Object obj) {
|
||||
if (this == obj)
|
||||
return true;
|
||||
if (obj == null)
|
||||
return false;
|
||||
if (getClass() != obj.getClass())
|
||||
return false;
|
||||
TemporaryCredentialsOptions other = TemporaryCredentialsOptions.class.cast(obj);
|
||||
return Objects.equal(this.serialNumber, other.serialNumber)
|
||||
&& Objects.equal(this.durationSeconds, other.durationSeconds)
|
||||
&& Objects.equal(this.tokenCode, other.tokenCode);
|
||||
}
|
||||
|
||||
/**
|
||||
* {@inheritDoc}
|
||||
*/
|
||||
@Override
|
||||
public String toString() {
|
||||
return Objects.toStringHelper(this).omitNullValues().add("serialNumber", serialNumber)
|
||||
.add("durationSeconds", durationSeconds).add("tokenCode", tokenCode).toString();
|
||||
}
|
||||
}
|
|
@ -0,0 +1,107 @@
|
|||
/**
|
||||
* Licensed to jclouds, Inc. (jclouds) under one or more
|
||||
* contributor license agreements. See the NOTICE file
|
||||
* distributed with this work for additional information
|
||||
* regarding copyright ownership. jclouds licenses this file
|
||||
* to you under the Apache License, Version 2.0 (the
|
||||
* "License"); you may not use this file except in compliance
|
||||
* with the License. You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing,
|
||||
* software distributed under the License is distributed on an
|
||||
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||
* KIND, either express or implied. See the License for the
|
||||
* specific language governing permissions and limitations
|
||||
* under the License.
|
||||
*/
|
||||
package org.jclouds.sts.xml;
|
||||
|
||||
import static org.jclouds.util.SaxUtils.currentOrNull;
|
||||
import static org.jclouds.util.SaxUtils.equalsOrSuffix;
|
||||
|
||||
import org.jclouds.aws.xml.TemporaryCredentialsHandler;
|
||||
import org.jclouds.http.functions.ParseSax;
|
||||
import org.jclouds.sts.domain.User;
|
||||
import org.jclouds.sts.domain.UserAndTemporaryCredentials;
|
||||
import org.xml.sax.Attributes;
|
||||
import org.xml.sax.SAXException;
|
||||
|
||||
import com.google.inject.Inject;
|
||||
|
||||
/**
|
||||
*
|
||||
* @author Adrian Cole
|
||||
*/
|
||||
public class UserAndTemporaryCredentialsHandler extends ParseSax.HandlerForGeneratedRequestWithResult<UserAndTemporaryCredentials> {
|
||||
|
||||
private final TemporaryCredentialsHandler credsHandler;
|
||||
|
||||
private StringBuilder currentText = new StringBuilder();
|
||||
private UserAndTemporaryCredentials.Builder builder = UserAndTemporaryCredentials.builder();
|
||||
|
||||
@Inject
|
||||
public UserAndTemporaryCredentialsHandler(TemporaryCredentialsHandler credsHandler) {
|
||||
this.credsHandler = credsHandler;
|
||||
}
|
||||
|
||||
/**
|
||||
* {@inheritDoc}
|
||||
*/
|
||||
@Override
|
||||
public UserAndTemporaryCredentials getResult() {
|
||||
try {
|
||||
return builder.build();
|
||||
} finally {
|
||||
builder = UserAndTemporaryCredentials.builder();
|
||||
}
|
||||
}
|
||||
|
||||
private boolean inCreds;
|
||||
|
||||
private String arn;
|
||||
private String id;
|
||||
|
||||
@Override
|
||||
public void startElement(String url, String name, String qName, Attributes attributes) throws SAXException {
|
||||
if (equalsOrSuffix(qName, "Credentials")) {
|
||||
inCreds = true;
|
||||
}
|
||||
if (inCreds) {
|
||||
credsHandler.startElement(url, name, qName, attributes);
|
||||
}
|
||||
}
|
||||
|
||||
@Override
|
||||
public void endElement(String uri, String name, String qName) {
|
||||
if (inCreds) {
|
||||
if (qName.equals("Credentials")) {
|
||||
inCreds = false;
|
||||
builder.credentials(credsHandler.getResult());
|
||||
} else {
|
||||
credsHandler.endElement(uri, name, qName);
|
||||
}
|
||||
} else if (qName.equals("Arn")) {
|
||||
arn = currentOrNull(currentText);
|
||||
} else if (qName.endsWith("Id")) {// FederatedUserId or AssumedRoleId
|
||||
id = currentOrNull(currentText);
|
||||
} else if (qName.endsWith("User")) {// FederatedUser or AssumedRoleUser
|
||||
builder.user(User.fromIdAndArn(id, arn));
|
||||
id = arn = null;
|
||||
} else if (qName.equals("PackedPolicySize")) {
|
||||
builder.packedPolicySize(Integer.parseInt(currentOrNull(currentText)));
|
||||
}
|
||||
currentText = new StringBuilder();
|
||||
}
|
||||
|
||||
@Override
|
||||
public void characters(char ch[], int start, int length) {
|
||||
if (inCreds) {
|
||||
credsHandler.characters(ch, start, length);
|
||||
} else {
|
||||
currentText.append(ch, start, length);
|
||||
}
|
||||
}
|
||||
|
||||
}
|
|
@ -0,0 +1 @@
|
|||
org.jclouds.sts.STSApiMetadata
|
|
@ -0,0 +1,187 @@
|
|||
/**
|
||||
* Licensed to jclouds, Inc. (jclouds) under one or more
|
||||
* contributor license agreements. See the NOTICE file
|
||||
* distributed with this work for additional information
|
||||
* regarding copyright ownership. jclouds licenses this file
|
||||
* to you under the Apache License, Version 2.0 (the
|
||||
* "License"); you may not use this file except in compliance
|
||||
* with the License. You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unles required by applicable law or agreed to in writing,
|
||||
* software distributed under the License is distributed on an
|
||||
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||
* KIND, either expres or implied. See the License for the
|
||||
* specific language governing permisions and limitations
|
||||
* under the License.
|
||||
*/
|
||||
package org.jclouds.sts;
|
||||
|
||||
import static org.jclouds.sts.options.AssumeRoleOptions.Builder.externalId;
|
||||
import static org.jclouds.sts.options.FederatedUserOptions.Builder.policy;
|
||||
import static org.jclouds.sts.options.TemporaryCredentialsOptions.Builder.serialNumber;
|
||||
import static org.testng.Assert.assertEquals;
|
||||
|
||||
import java.util.concurrent.TimeUnit;
|
||||
|
||||
import org.jclouds.http.HttpRequest;
|
||||
import org.jclouds.http.HttpResponse;
|
||||
import org.jclouds.sts.internal.BaseSTSApiExpectTest;
|
||||
import org.jclouds.sts.parse.AssumeRoleResponseTest;
|
||||
import org.jclouds.sts.parse.GetFederationTokenResponseTest;
|
||||
import org.jclouds.sts.parse.GetSessionTokenResponseTest;
|
||||
import org.testng.annotations.Test;
|
||||
|
||||
/**
|
||||
* @author Adrian Cole
|
||||
*/
|
||||
@Test(groups = "unit", testName = "STSApiExpectTest")
|
||||
public class STSApiExpectTest extends BaseSTSApiExpectTest {
|
||||
|
||||
HttpRequest createTemporaryCredentials = HttpRequest.builder().method("POST")
|
||||
.endpoint("https://sts.amazonaws.com/")
|
||||
.addHeader("Host", "sts.amazonaws.com")
|
||||
.addFormParam("Action", "GetSessionToken")
|
||||
.addFormParam("Signature", "ntC%2BPKAcmYTJ5Py5tjICG4KX5y00Pl2L0XJrLbSgLEs%3D")
|
||||
.addFormParam("SignatureMethod", "HmacSHA256")
|
||||
.addFormParam("SignatureVersion", "2")
|
||||
.addFormParam("Timestamp", "2009-11-08T15%3A54%3A08.897Z")
|
||||
.addFormParam("Version", "2011-06-15")
|
||||
.addFormParam("AWSAccessKeyId", "identity").build();
|
||||
|
||||
HttpResponse createTemporaryCredentialsResponse = HttpResponse.builder().statusCode(200)
|
||||
.payload(payloadFromResourceWithContentType("/session_token.xml", "text/xml")).build();
|
||||
|
||||
public void testCreateTemporaryCredentialsWhenResponseIs2xx() {
|
||||
|
||||
STSApi apiWhenWithOptionsExist = requestSendsResponse(createTemporaryCredentials, createTemporaryCredentialsResponse);
|
||||
|
||||
assertEquals(
|
||||
apiWhenWithOptionsExist.createTemporaryCredentials().toString(),
|
||||
new GetSessionTokenResponseTest().expected().toString());
|
||||
}
|
||||
|
||||
HttpRequest createTemporaryCredentialsWithOptions = HttpRequest.builder().method("POST")
|
||||
.endpoint("https://sts.amazonaws.com/")
|
||||
.addHeader("Host", "sts.amazonaws.com")
|
||||
.addFormParam("Action", "GetSessionToken")
|
||||
.addFormParam("DurationSeconds", "900")
|
||||
.addFormParam("SerialNumber", "YourMFADeviceSerialNumber")
|
||||
.addFormParam("Signature", "e4HEkfKrw7EuLEQhe4/lK1l7ZmaynO3snsIMU/cdarI%3D")
|
||||
.addFormParam("SignatureMethod", "HmacSHA256")
|
||||
.addFormParam("SignatureVersion", "2")
|
||||
.addFormParam("Timestamp", "2009-11-08T15%3A54%3A08.897Z")
|
||||
.addFormParam("TokenCode", "1234")
|
||||
.addFormParam("Version", "2011-06-15")
|
||||
.addFormParam("AWSAccessKeyId", "identity").build();
|
||||
|
||||
public void testCreateTemporaryCredentialsWithOptionsWhenResponseIs2xx() {
|
||||
|
||||
STSApi apiWhenWithOptionsExist = requestSendsResponse(createTemporaryCredentialsWithOptions, createTemporaryCredentialsResponse);
|
||||
|
||||
assertEquals(
|
||||
apiWhenWithOptionsExist.createTemporaryCredentials(
|
||||
serialNumber("YourMFADeviceSerialNumber").tokenCode("1234").durationSeconds(TimeUnit.MINUTES.toSeconds(15))).toString(),
|
||||
new GetSessionTokenResponseTest().expected().toString());
|
||||
}
|
||||
|
||||
HttpRequest assumeRole = HttpRequest.builder().method("POST")
|
||||
.endpoint("https://sts.amazonaws.com/")
|
||||
.addHeader("Host", "sts.amazonaws.com")
|
||||
.addFormParam("Action", "AssumeRole")
|
||||
.addFormParam("RoleArn", "arn:aws:iam::123456789012:role/demo")
|
||||
.addFormParam("RoleSessionName", "Bob")
|
||||
.addFormParam("Signature", "0G1%2B6GX4cSU9Tjf2SyQ9oW5ivFri4BQPif/24FoRiWY%3D")
|
||||
.addFormParam("SignatureMethod", "HmacSHA256")
|
||||
.addFormParam("SignatureVersion", "2")
|
||||
.addFormParam("Timestamp", "2009-11-08T15%3A54%3A08.897Z")
|
||||
.addFormParam("Version", "2011-06-15")
|
||||
.addFormParam("AWSAccessKeyId", "identity").build();
|
||||
|
||||
HttpResponse assumeRoleResponse = HttpResponse.builder().statusCode(200)
|
||||
.payload(payloadFromResourceWithContentType("/assume_role.xml", "text/xml")).build();
|
||||
|
||||
public void testAssumeRoleWhenResponseIs2xx() {
|
||||
|
||||
STSApi apiWhenWithOptionsExist = requestSendsResponse(assumeRole, assumeRoleResponse);
|
||||
|
||||
assertEquals(apiWhenWithOptionsExist.assumeRole("arn:aws:iam::123456789012:role/demo", "Bob").toString(),
|
||||
new AssumeRoleResponseTest().expected().toString());
|
||||
}
|
||||
|
||||
String policy = "{\"Statement\":[{\"Sid\":\"Stmt1\",\"Effect\":\"Allow\",\"Action\":\"s3:*\",\"Resource\":\"*\"}]}";
|
||||
|
||||
HttpRequest assumeRoleWithOptions = HttpRequest.builder().method("POST")
|
||||
.endpoint("https://sts.amazonaws.com/")
|
||||
.addHeader("Host", "sts.amazonaws.com")
|
||||
.addFormParam("Action", "AssumeRole")
|
||||
.addFormParam("DurationSeconds", "900")
|
||||
.addFormParam("ExternalId", "123ABC")
|
||||
.addFormParam("Policy", policy)
|
||||
.addFormParam("RoleArn", "arn:aws:iam::123456789012:role/demo")
|
||||
.addFormParam("RoleSessionName", "Bob")
|
||||
.addFormParam("Signature", "9qffV6zHRbTX8E9IYbEFeQPWrHEdSbwUfjJpg1SMaBo%3D")
|
||||
.addFormParam("SignatureMethod", "HmacSHA256")
|
||||
.addFormParam("SignatureVersion", "2")
|
||||
.addFormParam("Timestamp", "2009-11-08T15%3A54%3A08.897Z")
|
||||
.addFormParam("Version", "2011-06-15")
|
||||
.addFormParam("AWSAccessKeyId", "identity").build();
|
||||
|
||||
public void testAssumeRoleWithOptionsWhenResponseIs2xx() {
|
||||
|
||||
STSApi apiWhenWithOptionsExist = requestSendsResponse(assumeRoleWithOptions, assumeRoleResponse);
|
||||
|
||||
assertEquals(
|
||||
apiWhenWithOptionsExist.assumeRole("arn:aws:iam::123456789012:role/demo", "Bob",
|
||||
externalId("123ABC").policy(policy).durationSeconds(TimeUnit.MINUTES.toSeconds(15))).toString(),
|
||||
new AssumeRoleResponseTest().expected().toString());
|
||||
}
|
||||
|
||||
HttpRequest createFederatedUser = HttpRequest.builder().method("POST")
|
||||
.endpoint("https://sts.amazonaws.com/")
|
||||
.addHeader("Host", "sts.amazonaws.com")
|
||||
.addFormParam("Action", "GetFederationToken")
|
||||
.addFormParam("Name", "Bob")
|
||||
.addFormParam("Signature", "Z7AtGK4X9IAx/zMtLD7baNiyltNl%2BF%2BSHqjIGUidzOc%3D")
|
||||
.addFormParam("SignatureMethod", "HmacSHA256")
|
||||
.addFormParam("SignatureVersion", "2")
|
||||
.addFormParam("Timestamp", "2009-11-08T15%3A54%3A08.897Z")
|
||||
.addFormParam("Version", "2011-06-15")
|
||||
.addFormParam("AWSAccessKeyId", "identity").build();
|
||||
|
||||
HttpResponse createFederatedUserResponse = HttpResponse.builder().statusCode(200)
|
||||
.payload(payloadFromResourceWithContentType("/federation_token.xml", "text/xml")).build();
|
||||
|
||||
public void testCreateFederatedUserWhenResponseIs2xx() {
|
||||
|
||||
STSApi apiWhenWithOptionsExist = requestSendsResponse(createFederatedUser, createFederatedUserResponse);
|
||||
|
||||
assertEquals(apiWhenWithOptionsExist.createFederatedUser("Bob").toString(), new GetFederationTokenResponseTest()
|
||||
.expected().toString());
|
||||
}
|
||||
|
||||
HttpRequest createFederatedUserWithOptions = HttpRequest.builder().method("POST")
|
||||
.endpoint("https://sts.amazonaws.com/")
|
||||
.addHeader("Host", "sts.amazonaws.com")
|
||||
.addFormParam("Action", "GetFederationToken")
|
||||
.addFormParam("DurationSeconds", "900")
|
||||
.addFormParam("Name", "Bob")
|
||||
.addFormParam("Policy", policy)
|
||||
.addFormParam("Signature", "%2BWGvCNtmb1UPmQHxXPMvcK6vH/TJ9r/wCuxdz03n/2w%3D")
|
||||
.addFormParam("SignatureMethod", "HmacSHA256")
|
||||
.addFormParam("SignatureVersion", "2")
|
||||
.addFormParam("Timestamp", "2009-11-08T15%3A54%3A08.897Z")
|
||||
.addFormParam("Version", "2011-06-15")
|
||||
.addFormParam("AWSAccessKeyId", "identity").build();
|
||||
|
||||
public void testCreateFederatedUserWithOptionsWhenResponseIs2xx() {
|
||||
|
||||
STSApi apiWhenWithOptionsExist = requestSendsResponse(createFederatedUserWithOptions, createFederatedUserResponse);
|
||||
|
||||
assertEquals(
|
||||
apiWhenWithOptionsExist.createFederatedUser("Bob",
|
||||
policy(policy).durationSeconds(TimeUnit.MINUTES.toSeconds(15))).toString(),
|
||||
new GetFederationTokenResponseTest().expected().toString());
|
||||
}
|
||||
}
|
|
@ -0,0 +1,88 @@
|
|||
/**
|
||||
* Licensed to jclouds, Inc. (jclouds) under one or more
|
||||
* contributor license agreements. See the NOTICE file
|
||||
* distributed with this work for additional information
|
||||
* regarding copyright ownership. jclouds licenses this file
|
||||
* to you under the Apache License, Version 2.0 (the
|
||||
* "License"); you may not use this file except in compliance
|
||||
* with the License. You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing,
|
||||
* software distributed under the License is distributed on an
|
||||
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||
* KIND, either express or implied. See the License for the
|
||||
* specific language governing permissions and limitations
|
||||
* under the License.
|
||||
*/
|
||||
package org.jclouds.sts;
|
||||
|
||||
import static com.google.common.base.Preconditions.checkNotNull;
|
||||
import static java.util.concurrent.TimeUnit.MINUTES;
|
||||
import static org.testng.Assert.assertTrue;
|
||||
|
||||
import org.jclouds.aws.domain.TemporaryCredentials;
|
||||
import org.jclouds.sts.domain.UserAndTemporaryCredentials;
|
||||
import org.jclouds.sts.internal.BaseSTSApiLiveTest;
|
||||
import org.jclouds.sts.options.AssumeRoleOptions;
|
||||
import org.jclouds.sts.options.FederatedUserOptions;
|
||||
import org.jclouds.sts.options.TemporaryCredentialsOptions;
|
||||
import org.testng.SkipException;
|
||||
import org.testng.annotations.Test;
|
||||
|
||||
/**
|
||||
* @author Adrian Cole
|
||||
*/
|
||||
@Test(groups = "live", singleThreaded = true, testName = "STSApiLiveTest")
|
||||
public class STSApiLiveTest extends BaseSTSApiLiveTest {
|
||||
|
||||
@Test
|
||||
protected void testCreateTemporaryCredentials() {
|
||||
TemporaryCredentials creds = api().createTemporaryCredentials(
|
||||
new TemporaryCredentialsOptions().durationSeconds(MINUTES.toSeconds(15)));
|
||||
checkTemporaryCredentials(creds);
|
||||
// TODO: actually login to some service
|
||||
//
|
||||
// context.close();
|
||||
// ProviderMetadata pm = createProviderMetadata();
|
||||
//
|
||||
// context = (pm != null ? ContextBuilder.newBuilder(pm) : ContextBuilder.newBuilder(createApiMetadata()))
|
||||
// .credentialsSupplier(Supplier.<Credentials> of(creds)).modules(setupModules()).build();
|
||||
}
|
||||
|
||||
@Test
|
||||
protected void testCreateFederatedUser() {
|
||||
UserAndTemporaryCredentials user = api().createFederatedUser("Bob", new FederatedUserOptions().durationSeconds(MINUTES.toSeconds(15)));
|
||||
checkTemporaryCredentials(user.getCredentials());
|
||||
assertTrue(user.getUser().getId().contains("Bob"), user + " id incorrect");
|
||||
assertTrue(user.getUser().getArn().contains("Bob"), user + " arn incorrect");
|
||||
assertTrue(user.getPackedPolicySize() >= 0, user + " policy size negative");
|
||||
}
|
||||
|
||||
@Test
|
||||
protected void testAssumeRole() {
|
||||
String arnToAssume = getTestArn();
|
||||
UserAndTemporaryCredentials role = api().assumeRole(arnToAssume, "session",
|
||||
new AssumeRoleOptions().durationSeconds(MINUTES.toSeconds(15)));
|
||||
checkTemporaryCredentials(role.getCredentials());
|
||||
assertTrue(role.getUser().getId().contains("session"), role + " id incorrect");
|
||||
assertTrue(role.getUser().getArn().contains("session"), role + " arn incorrect");
|
||||
assertTrue(role.getPackedPolicySize() >= 0, role + " policy size negative");
|
||||
}
|
||||
|
||||
protected String getTestArn() {
|
||||
throw new SkipException("TODO: need to query a valid arn to assume");
|
||||
}
|
||||
|
||||
private void checkTemporaryCredentials(TemporaryCredentials creds) {
|
||||
checkNotNull(creds.getAccessKeyId(), "AccessKeyId cannot be null for TemporaryCredentials.");
|
||||
checkNotNull(creds.getSecretAccessKey(), "SecretAccessKey cannot be null for TemporaryCredentials.");
|
||||
checkNotNull(creds.getSessionToken(), "SessionToken cannot be null for TemporaryCredentials.");
|
||||
checkNotNull(creds.getExpiration(), "Expiration cannot be null for TemporaryCredentials.");
|
||||
}
|
||||
|
||||
protected STSApi api() {
|
||||
return context.getApi();
|
||||
}
|
||||
}
|
|
@ -0,0 +1,39 @@
|
|||
/**
|
||||
* Licensed to jclouds, Inc. (jclouds) under one or more
|
||||
* contributor license agreements. See the NOTICE file
|
||||
* distributed with this work for additional information
|
||||
* regarding copyright ownership. jclouds licenses this file
|
||||
* to you under the Apache License, Version 2.0 (the
|
||||
* "License"); you may not use this file except in compliance
|
||||
* with the License. You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing,
|
||||
* software distributed under the License is distributed on an
|
||||
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||
* KIND, either express or implied. See the License for the
|
||||
* specific language governing permissions and limitations
|
||||
* under the License.
|
||||
*/
|
||||
package org.jclouds.sts;
|
||||
|
||||
import org.jclouds.View;
|
||||
import org.jclouds.rest.internal.BaseRestApiMetadataTest;
|
||||
import org.testng.annotations.Test;
|
||||
|
||||
import com.google.common.collect.ImmutableSet;
|
||||
import com.google.common.reflect.TypeToken;
|
||||
|
||||
/**
|
||||
*
|
||||
* @author Adrian Cole
|
||||
*/
|
||||
@Test(groups = "unit", testName = "STSApiMetadataTest")
|
||||
public class STSApiMetadataTest extends BaseRestApiMetadataTest {
|
||||
|
||||
// no tenant abstraction, yet
|
||||
public STSApiMetadataTest() {
|
||||
super(new STSApiMetadata(), ImmutableSet.<TypeToken<? extends View>> of());
|
||||
}
|
||||
}
|
|
@ -0,0 +1,29 @@
|
|||
/**
|
||||
* Licensed to jclouds, Inc. (jclouds) under one or more
|
||||
* contributor license agreements. See the NOTICE file
|
||||
* distributed with this work for additional information
|
||||
* regarding copyright ownership. jclouds licenses this file
|
||||
* to you under the Apache License, Version 2.0 (the
|
||||
* "License"); you may not use this file except in compliance
|
||||
* with the License. You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing,
|
||||
* software distributed under the License is distributed on an
|
||||
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||
* KIND, either express or implied. See the License for the
|
||||
* specific language governing permissions and limitations
|
||||
* under the License.
|
||||
*/
|
||||
package org.jclouds.sts.internal;
|
||||
|
||||
import org.jclouds.sts.STSApi;
|
||||
|
||||
/**
|
||||
*
|
||||
* @author Adrian Cole
|
||||
*/
|
||||
public class BaseSTSApiExpectTest extends BaseSTSExpectTest<STSApi> {
|
||||
|
||||
}
|
|
@ -0,0 +1,47 @@
|
|||
/**
|
||||
* Licensed to jclouds, Inc. (jclouds) under one or more
|
||||
* contributor license agreements. See the NOTICE file
|
||||
* distributed with this work for additional information
|
||||
* regarding copyright ownership. jclouds licenses this file
|
||||
* to you under the Apache License, Version 2.0 (the
|
||||
* "License"); you may not use this file except in compliance
|
||||
* with the License. You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing,
|
||||
* software distributed under the License is distributed on an
|
||||
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||
* KIND, either express or implied. See the License for the
|
||||
* specific language governing permissions and limitations
|
||||
* under the License.
|
||||
*/
|
||||
package org.jclouds.sts.internal;
|
||||
|
||||
import org.jclouds.apis.BaseContextLiveTest;
|
||||
import org.jclouds.sts.STSApiMetadata;
|
||||
import org.jclouds.sts.STSAsyncApi;
|
||||
import org.jclouds.sts.STSApi;
|
||||
import org.jclouds.rest.RestContext;
|
||||
import org.testng.annotations.Test;
|
||||
|
||||
import com.google.common.reflect.TypeToken;
|
||||
|
||||
/**
|
||||
*
|
||||
* @author Adrian Cole
|
||||
*/
|
||||
@Test(groups = "live")
|
||||
public class BaseSTSApiLiveTest extends
|
||||
BaseContextLiveTest<RestContext<? extends STSApi, ? extends STSAsyncApi>> {
|
||||
|
||||
public BaseSTSApiLiveTest() {
|
||||
provider = "sts";
|
||||
}
|
||||
|
||||
@Override
|
||||
protected TypeToken<RestContext<? extends STSApi, ? extends STSAsyncApi>> contextType() {
|
||||
return STSApiMetadata.CONTEXT_TOKEN;
|
||||
}
|
||||
|
||||
}
|
|
@ -0,0 +1,38 @@
|
|||
/**
|
||||
* Licensed to jclouds, Inc. (jclouds) under one or more
|
||||
* contributor license agreements. See the NOTICE file
|
||||
* distributed with this work for additional information
|
||||
* regarding copyright ownership. jclouds licenses this file
|
||||
* to you under the Apache License, Version 2.0 (the
|
||||
* "License"); you may not use this file except in compliance
|
||||
* with the License. You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing,
|
||||
* software distributed under the License is distributed on an
|
||||
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||
* KIND, either express or implied. See the License for the
|
||||
* specific language governing permissions and limitations
|
||||
* under the License.
|
||||
*/
|
||||
package org.jclouds.sts.internal;
|
||||
|
||||
import java.util.Properties;
|
||||
|
||||
import org.jclouds.http.HttpRequest;
|
||||
import org.jclouds.http.HttpResponse;
|
||||
import org.jclouds.sts.STSAsyncApi;
|
||||
|
||||
import com.google.common.base.Function;
|
||||
import com.google.inject.Module;
|
||||
|
||||
/**
|
||||
*
|
||||
* @author Adrian Cole
|
||||
*/
|
||||
public class BaseSTSAsyncApiExpectTest extends BaseSTSExpectTest<STSAsyncApi> {
|
||||
public STSAsyncApi createApi(Function<HttpRequest, HttpResponse> fn, Module module, Properties props) {
|
||||
return createInjector(fn, module, props).getInstance(STSAsyncApi.class);
|
||||
}
|
||||
}
|
|
@ -0,0 +1,51 @@
|
|||
/**
|
||||
* Licensed to jclouds, Inc. (jclouds) under one or more
|
||||
* contributor license agreements. See the NOTICE file
|
||||
* distributed with this work for additional information
|
||||
* regarding copyright ownership. jclouds licenses this file
|
||||
* to you under the Apache License, Version 2.0 (the
|
||||
* "License"); you may not use this file except in compliance
|
||||
* with the License. You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing,
|
||||
* software distributed under the License is distributed on an
|
||||
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||
* KIND, either express or implied. See the License for the
|
||||
* specific language governing permissions and limitations
|
||||
* under the License.
|
||||
*/
|
||||
package org.jclouds.sts.internal;
|
||||
|
||||
import org.jclouds.date.DateService;
|
||||
import org.jclouds.sts.config.STSRestClientModule;
|
||||
import org.jclouds.rest.ConfiguresRestClient;
|
||||
import org.jclouds.rest.internal.BaseRestApiExpectTest;
|
||||
|
||||
import com.google.inject.Module;
|
||||
|
||||
/**
|
||||
*
|
||||
* @author Adrian Cole
|
||||
*/
|
||||
public class BaseSTSExpectTest<T> extends BaseRestApiExpectTest<T> {
|
||||
|
||||
public BaseSTSExpectTest() {
|
||||
provider = "sts";
|
||||
}
|
||||
|
||||
@ConfiguresRestClient
|
||||
private static final class TestSTSRestClientModule extends STSRestClientModule {
|
||||
|
||||
@Override
|
||||
protected String provideTimeStamp(final DateService dateService) {
|
||||
return "2009-11-08T15:54:08.897Z";
|
||||
}
|
||||
}
|
||||
|
||||
@Override
|
||||
protected Module createModule() {
|
||||
return new TestSTSRestClientModule();
|
||||
}
|
||||
}
|
|
@ -0,0 +1,69 @@
|
|||
/**
|
||||
* Licensed to jclouds, Inc. (jclouds) under one or more
|
||||
* contributor license agreements. See the NOTICE file
|
||||
* distributed with this work for additional information
|
||||
* regarding copyright ownership. jclouds licenses this file
|
||||
* to you under the Apache License, Version 2.0 (the
|
||||
* "License"); you may not use this file except in compliance
|
||||
* with the License. You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing,
|
||||
* software distributed under the License is distributed on an
|
||||
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||
* KIND, either express or implied. See the License for the
|
||||
* specific language governing permissions and limitations
|
||||
* under the License.
|
||||
*/
|
||||
package org.jclouds.sts.options;
|
||||
|
||||
import static org.jclouds.sts.options.AssumeRoleOptions.Builder.externalId;
|
||||
import static org.jclouds.sts.options.AssumeRoleOptions.Builder.durationSeconds;
|
||||
import static org.jclouds.sts.options.AssumeRoleOptions.Builder.policy;
|
||||
import static org.testng.Assert.assertEquals;
|
||||
|
||||
import org.testng.annotations.Test;
|
||||
|
||||
import com.google.common.collect.ImmutableSet;
|
||||
|
||||
/**
|
||||
*
|
||||
* @author Adrian Cole
|
||||
*/
|
||||
@Test(groups = "unit", testName = "AssumeRoleOptionsTest")
|
||||
public class AssumeRoleOptionsTest {
|
||||
|
||||
public void testExternalId() {
|
||||
AssumeRoleOptions options = new AssumeRoleOptions().externalId("123ABC");
|
||||
assertEquals(ImmutableSet.of("123ABC"), options.buildFormParameters().get("ExternalId"));
|
||||
}
|
||||
|
||||
public void testExternalIdStatic() {
|
||||
AssumeRoleOptions options = externalId("123ABC");
|
||||
assertEquals(ImmutableSet.of("123ABC"), options.buildFormParameters().get("ExternalId"));
|
||||
}
|
||||
|
||||
public void testDurationSeconds() {
|
||||
AssumeRoleOptions options = new AssumeRoleOptions().durationSeconds(3600);
|
||||
assertEquals(ImmutableSet.of("3600"), options.buildFormParameters().get("DurationSeconds"));
|
||||
}
|
||||
|
||||
public void testDurationSecondsStatic() {
|
||||
AssumeRoleOptions options = durationSeconds(3600);
|
||||
assertEquals(ImmutableSet.of("3600"), options.buildFormParameters().get("DurationSeconds"));
|
||||
}
|
||||
|
||||
String policy = "{\"Statement\":[{\"Sid\":\"Stmt1\",\"Effect\":\"Allow\",\"Action\":\"s3:*\",\"Resource\":\"*\"}]}";
|
||||
|
||||
public void testPolicy() {
|
||||
AssumeRoleOptions options = new AssumeRoleOptions().policy(policy);
|
||||
assertEquals(ImmutableSet.of(policy), options.buildFormParameters().get("Policy"));
|
||||
}
|
||||
|
||||
public void testPolicyStatic() {
|
||||
AssumeRoleOptions options = policy(policy);
|
||||
assertEquals(ImmutableSet.of(policy), options.buildFormParameters().get("Policy"));
|
||||
}
|
||||
|
||||
}
|
|
@ -0,0 +1,58 @@
|
|||
/**
|
||||
* Licensed to jclouds, Inc. (jclouds) under one or more
|
||||
* contributor license agreements. See the NOTICE file
|
||||
* distributed with this work for additional information
|
||||
* regarding copyright ownership. jclouds licenses this file
|
||||
* to you under the Apache License, Version 2.0 (the
|
||||
* "License"); you may not use this file except in compliance
|
||||
* with the License. You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing,
|
||||
* software distributed under the License is distributed on an
|
||||
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||
* KIND, either express or implied. See the License for the
|
||||
* specific language governing permissions and limitations
|
||||
* under the License.
|
||||
*/
|
||||
package org.jclouds.sts.options;
|
||||
|
||||
import static org.jclouds.sts.options.FederatedUserOptions.Builder.durationSeconds;
|
||||
import static org.jclouds.sts.options.FederatedUserOptions.Builder.policy;
|
||||
import static org.testng.Assert.assertEquals;
|
||||
|
||||
import org.testng.annotations.Test;
|
||||
|
||||
import com.google.common.collect.ImmutableSet;
|
||||
|
||||
/**
|
||||
*
|
||||
* @author Adrian Cole
|
||||
*/
|
||||
@Test(groups = "unit", testName = "FederatedUserOptionsTest")
|
||||
public class FederatedUserOptionsTest {
|
||||
|
||||
public void testDurationSeconds() {
|
||||
FederatedUserOptions options = new FederatedUserOptions().durationSeconds(3600);
|
||||
assertEquals(ImmutableSet.of("3600"), options.buildFormParameters().get("DurationSeconds"));
|
||||
}
|
||||
|
||||
public void testDurationSecondsStatic() {
|
||||
FederatedUserOptions options = durationSeconds(3600);
|
||||
assertEquals(ImmutableSet.of("3600"), options.buildFormParameters().get("DurationSeconds"));
|
||||
}
|
||||
|
||||
String policy = "{\"Statement\":[{\"Sid\":\"Stmt1\",\"Effect\":\"Allow\",\"Action\":\"s3:*\",\"Resource\":\"*\"}]}";
|
||||
|
||||
public void testPolicy() {
|
||||
FederatedUserOptions options = new FederatedUserOptions().policy(policy);
|
||||
assertEquals(ImmutableSet.of(policy), options.buildFormParameters().get("Policy"));
|
||||
}
|
||||
|
||||
public void testPolicyStatic() {
|
||||
FederatedUserOptions options = policy(policy);
|
||||
assertEquals(ImmutableSet.of(policy), options.buildFormParameters().get("Policy"));
|
||||
}
|
||||
|
||||
}
|
|
@ -0,0 +1,67 @@
|
|||
/**
|
||||
* Licensed to jclouds, Inc. (jclouds) under one or more
|
||||
* contributor license agreements. See the NOTICE file
|
||||
* distributed with this work for additional information
|
||||
* regarding copyright ownership. jclouds licenses this file
|
||||
* to you under the Apache License, Version 2.0 (the
|
||||
* "License"); you may not use this file except in compliance
|
||||
* with the License. You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing,
|
||||
* software distributed under the License is distributed on an
|
||||
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||
* KIND, either express or implied. See the License for the
|
||||
* specific language governing permissions and limitations
|
||||
* under the License.
|
||||
*/
|
||||
package org.jclouds.sts.options;
|
||||
|
||||
import static org.jclouds.sts.options.TemporaryCredentialsOptions.Builder.serialNumber;
|
||||
import static org.jclouds.sts.options.TemporaryCredentialsOptions.Builder.durationSeconds;
|
||||
import static org.jclouds.sts.options.TemporaryCredentialsOptions.Builder.tokenCode;
|
||||
import static org.testng.Assert.assertEquals;
|
||||
|
||||
import org.testng.annotations.Test;
|
||||
|
||||
import com.google.common.collect.ImmutableSet;
|
||||
|
||||
/**
|
||||
*
|
||||
* @author Adrian Cole
|
||||
*/
|
||||
@Test(groups = "unit", testName = "TemporaryCredentialsOptionsTest")
|
||||
public class TemporaryCredentialsOptionsTest {
|
||||
|
||||
public void testSerialNumber() {
|
||||
TemporaryCredentialsOptions options = new TemporaryCredentialsOptions().serialNumber("YourMFADeviceSerialNumber");
|
||||
assertEquals(ImmutableSet.of("YourMFADeviceSerialNumber"), options.buildFormParameters().get("SerialNumber"));
|
||||
}
|
||||
|
||||
public void testSerialNumberStatic() {
|
||||
TemporaryCredentialsOptions options = serialNumber("YourMFADeviceSerialNumber");
|
||||
assertEquals(ImmutableSet.of("YourMFADeviceSerialNumber"), options.buildFormParameters().get("SerialNumber"));
|
||||
}
|
||||
|
||||
public void testDurationSeconds() {
|
||||
TemporaryCredentialsOptions options = new TemporaryCredentialsOptions().durationSeconds(3600);
|
||||
assertEquals(ImmutableSet.of("3600"), options.buildFormParameters().get("DurationSeconds"));
|
||||
}
|
||||
|
||||
public void testDurationSecondsStatic() {
|
||||
TemporaryCredentialsOptions options = durationSeconds(3600);
|
||||
assertEquals(ImmutableSet.of("3600"), options.buildFormParameters().get("DurationSeconds"));
|
||||
}
|
||||
|
||||
public void testTokenCode() {
|
||||
TemporaryCredentialsOptions options = new TemporaryCredentialsOptions().tokenCode("123456");
|
||||
assertEquals(ImmutableSet.of("123456"), options.buildFormParameters().get("TokenCode"));
|
||||
}
|
||||
|
||||
public void testTokenCodeStatic() {
|
||||
TemporaryCredentialsOptions options = tokenCode("123456");
|
||||
assertEquals(ImmutableSet.of("123456"), options.buildFormParameters().get("TokenCode"));
|
||||
}
|
||||
|
||||
}
|
|
@ -0,0 +1,57 @@
|
|||
/**
|
||||
* Licensed to jclouds, Inc. (jclouds) under one or more
|
||||
* contributor license agreements. See the NOTICE file
|
||||
* distributed with this work for additional information
|
||||
* regarding copyright ownership. jclouds licenses this file
|
||||
* to you under the Apache License, Version 2.0 (the
|
||||
* "License"); you may not use this file except in compliance
|
||||
* with the License. You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing,
|
||||
* software distributed under the License is distributed on an
|
||||
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||
* KIND, either express or implied. See the License for the
|
||||
* specific language governing permissions and limitations
|
||||
* under the License.
|
||||
*/
|
||||
package org.jclouds.sts.parse;
|
||||
|
||||
import static org.testng.Assert.assertEquals;
|
||||
|
||||
import java.io.InputStream;
|
||||
|
||||
import org.jclouds.http.functions.BaseHandlerTest;
|
||||
import org.jclouds.sts.domain.UserAndTemporaryCredentials;
|
||||
import org.jclouds.sts.domain.User;
|
||||
import org.jclouds.sts.xml.UserAndTemporaryCredentialsHandler;
|
||||
import org.testng.annotations.Test;
|
||||
|
||||
/**
|
||||
* @author Adrian Cole
|
||||
*/
|
||||
// NOTE:without testName, this will not call @Before* and fail w/NPE during surefire
|
||||
@Test(groups = "unit", testName = "AssumeRoleResponseTest")
|
||||
public class AssumeRoleResponseTest extends BaseHandlerTest {
|
||||
|
||||
public void test() {
|
||||
InputStream is = getClass().getResourceAsStream("/assume_role.xml");
|
||||
|
||||
UserAndTemporaryCredentials expected = expected();
|
||||
|
||||
UserAndTemporaryCredentialsHandler handler = injector.getInstance(UserAndTemporaryCredentialsHandler.class);
|
||||
UserAndTemporaryCredentials result = factory.create(handler).parse(is);
|
||||
|
||||
assertEquals(result, expected);
|
||||
assertEquals(result.getUser(), expected.getUser());
|
||||
assertEquals(result.getPackedPolicySize(), expected.getPackedPolicySize());
|
||||
}
|
||||
|
||||
public UserAndTemporaryCredentials expected() {
|
||||
return UserAndTemporaryCredentials.builder()
|
||||
.credentials(new GetSessionTokenResponseTest().expected())
|
||||
.user(User.fromIdAndArn("ARO123EXAMPLE123:Bob", "arn:aws:sts::123456789012:assumed-role/demo/Bob"))
|
||||
.packedPolicySize(6).build();
|
||||
}
|
||||
}
|
|
@ -0,0 +1,57 @@
|
|||
/**
|
||||
* Licensed to jclouds, Inc. (jclouds) under one or more
|
||||
* contributor license agreements. See the NOTICE file
|
||||
* distributed with this work for additional information
|
||||
* regarding copyright ownership. jclouds licenses this file
|
||||
* to you under the Apache License, Version 2.0 (the
|
||||
* "License"); you may not use this file except in compliance
|
||||
* with the License. You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing,
|
||||
* software distributed under the License is distributed on an
|
||||
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||
* KIND, either express or implied. See the License for the
|
||||
* specific language governing permissions and limitations
|
||||
* under the License.
|
||||
*/
|
||||
package org.jclouds.sts.parse;
|
||||
|
||||
import static org.testng.Assert.assertEquals;
|
||||
|
||||
import java.io.InputStream;
|
||||
|
||||
import org.jclouds.http.functions.BaseHandlerTest;
|
||||
import org.jclouds.sts.domain.UserAndTemporaryCredentials;
|
||||
import org.jclouds.sts.domain.User;
|
||||
import org.jclouds.sts.xml.UserAndTemporaryCredentialsHandler;
|
||||
import org.testng.annotations.Test;
|
||||
|
||||
/**
|
||||
* @author Adrian Cole
|
||||
*/
|
||||
// NOTE:without testName, this will not call @Before* and fail w/NPE during surefire
|
||||
@Test(groups = "unit", testName = "GetFederationTokenResponseTest")
|
||||
public class GetFederationTokenResponseTest extends BaseHandlerTest {
|
||||
|
||||
public void test() {
|
||||
InputStream is = getClass().getResourceAsStream("/federation_token.xml");
|
||||
|
||||
UserAndTemporaryCredentials expected = expected();
|
||||
|
||||
UserAndTemporaryCredentialsHandler handler = injector.getInstance(UserAndTemporaryCredentialsHandler.class);
|
||||
UserAndTemporaryCredentials result = factory.create(handler).parse(is);
|
||||
|
||||
assertEquals(result, expected);
|
||||
assertEquals(result.getUser(), expected.getUser());
|
||||
assertEquals(result.getPackedPolicySize(), expected.getPackedPolicySize());
|
||||
}
|
||||
|
||||
public UserAndTemporaryCredentials expected() {
|
||||
return UserAndTemporaryCredentials.builder()
|
||||
.credentials(new GetSessionTokenResponseTest().expected())
|
||||
.user(User.fromIdAndArn("123456789012:Bob", "arn:aws:sts::123456789012:federated-user/Bob"))
|
||||
.packedPolicySize(6).build();
|
||||
}
|
||||
}
|
|
@ -0,0 +1,61 @@
|
|||
/**
|
||||
* Licensed to jclouds, Inc. (jclouds) under one or more
|
||||
* contributor license agreements. See the NOTICE file
|
||||
* distributed with this work for additional information
|
||||
* regarding copyright ownership. jclouds licenses this file
|
||||
* to you under the Apache License, Version 2.0 (the
|
||||
* "License"); you may not use this file except in compliance
|
||||
* with the License. You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing,
|
||||
* software distributed under the License is distributed on an
|
||||
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||
* KIND, either express or implied. See the License for the
|
||||
* specific language governing permissions and limitations
|
||||
* under the License.
|
||||
*/
|
||||
package org.jclouds.sts.parse;
|
||||
|
||||
import static org.testng.Assert.assertEquals;
|
||||
|
||||
import java.io.InputStream;
|
||||
|
||||
import org.jclouds.aws.domain.TemporaryCredentials;
|
||||
import org.jclouds.aws.xml.TemporaryCredentialsHandler;
|
||||
import org.jclouds.date.internal.SimpleDateFormatDateService;
|
||||
import org.jclouds.http.functions.BaseHandlerTest;
|
||||
import org.testng.annotations.Test;
|
||||
|
||||
/**
|
||||
* @author Adrian Cole
|
||||
*/
|
||||
// NOTE:without testName, this will not call @Before* and fail w/NPE during surefire
|
||||
@Test(groups = "unit", testName = "GetSessionTokenResponseTest")
|
||||
public class GetSessionTokenResponseTest extends BaseHandlerTest {
|
||||
|
||||
public void test() {
|
||||
InputStream is = getClass().getResourceAsStream("/session_token.xml");
|
||||
|
||||
TemporaryCredentials expected = expected();
|
||||
|
||||
TemporaryCredentialsHandler handler = injector.getInstance(TemporaryCredentialsHandler.class);
|
||||
TemporaryCredentials result = factory.create(handler).parse(is);
|
||||
|
||||
assertEquals(result, expected);
|
||||
assertEquals(result.getAccessKeyId(), expected.getAccessKeyId());
|
||||
assertEquals(result.getSecretAccessKey(), expected.getSecretAccessKey());
|
||||
assertEquals(result.getSessionToken(), expected.getSessionToken());
|
||||
assertEquals(result.getExpiration(), expected.getExpiration());
|
||||
}
|
||||
|
||||
public TemporaryCredentials expected() {
|
||||
return TemporaryCredentials.builder()
|
||||
.accessKeyId("AKIAIOSFODNN7EXAMPLE")
|
||||
.secretAccessKey("wJalrXUtnFEMI/K7MDENG/bPxRfiCYzEXAMPLEKEY")
|
||||
.sessionToken("AQoEXAMPLEH4aoAH0gNCAPyJxz4BlCFFxWNE1OPTgk5TthT")
|
||||
.expiration(new SimpleDateFormatDateService().iso8601DateParse("2011-07-11T19:55:29.611Z")).build();
|
||||
}
|
||||
|
||||
}
|
|
@ -0,0 +1,18 @@
|
|||
<AssumeRoleResponse xmlns="https://sts.amazonaws.com/doc/2011-06-15/">
|
||||
<AssumeRoleResult>
|
||||
<Credentials>
|
||||
<SessionToken>AQoEXAMPLEH4aoAH0gNCAPyJxz4BlCFFxWNE1OPTgk5TthT</SessionToken>
|
||||
<SecretAccessKey>wJalrXUtnFEMI/K7MDENG/bPxRfiCYzEXAMPLEKEY</SecretAccessKey>
|
||||
<Expiration>2011-07-11T19:55:29.611Z</Expiration>
|
||||
<AccessKeyId>AKIAIOSFODNN7EXAMPLE</AccessKeyId>
|
||||
</Credentials>
|
||||
<AssumedRoleUser>
|
||||
<Arn>arn:aws:sts::123456789012:assumed-role/demo/Bob</Arn>
|
||||
<AssumedRoleId>ARO123EXAMPLE123:Bob</AssumedRoleId>
|
||||
</AssumedRoleUser>
|
||||
<PackedPolicySize>6</PackedPolicySize>
|
||||
</AssumeRoleResult>
|
||||
<ResponseMetadata>
|
||||
<RequestId>c6104cbe-af31-11e0-8154-cbc7ccf896c7</RequestId>
|
||||
</ResponseMetadata>
|
||||
</AssumeRoleResponse>
|
|
@ -0,0 +1,18 @@
|
|||
<GetFederationTokenResponse xmlns="https://sts.amazonaws.com/doc/2011-06-15/">
|
||||
<GetFederationTokenResult>
|
||||
<Credentials>
|
||||
<SessionToken>AQoEXAMPLEH4aoAH0gNCAPyJxz4BlCFFxWNE1OPTgk5TthT</SessionToken>
|
||||
<SecretAccessKey>wJalrXUtnFEMI/K7MDENG/bPxRfiCYzEXAMPLEKEY</SecretAccessKey>
|
||||
<Expiration>2011-07-11T19:55:29.611Z</Expiration>
|
||||
<AccessKeyId>AKIAIOSFODNN7EXAMPLE</AccessKeyId>
|
||||
</Credentials>
|
||||
<FederatedUser>
|
||||
<Arn>arn:aws:sts::123456789012:federated-user/Bob</Arn>
|
||||
<FederatedUserId>123456789012:Bob</FederatedUserId>
|
||||
</FederatedUser>
|
||||
<PackedPolicySize>6</PackedPolicySize>
|
||||
</GetFederationTokenResult>
|
||||
<ResponseMetadata>
|
||||
<RequestId>c6104cbe-af31-11e0-8154-cbc7ccf896c7</RequestId>
|
||||
</ResponseMetadata>
|
||||
</GetFederationTokenResponse>
|
|
@ -0,0 +1,166 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!DOCTYPE log4j:configuration SYSTEM "log4j.dtd">
|
||||
|
||||
<!--
|
||||
For more configuration infromation and examples see the Apache
|
||||
Log4j website: http://logging.apache.org/log4j/
|
||||
-->
|
||||
<log4j:configuration xmlns:log4j="http://jakarta.apache.org/log4j/"
|
||||
debug="false">
|
||||
|
||||
<!-- A time/date based rolling appender -->
|
||||
<appender name="WIREFILE" class="org.apache.log4j.DailyRollingFileAppender">
|
||||
<param name="File" value="target/test-data/jclouds-wire.log" />
|
||||
<param name="Append" value="true" />
|
||||
|
||||
<!-- Rollover at midnight each day -->
|
||||
<param name="DatePattern" value="'.'yyyy-MM-dd" />
|
||||
|
||||
<param name="Threshold" value="TRACE" />
|
||||
|
||||
<layout class="org.apache.log4j.PatternLayout">
|
||||
<!-- The default pattern: Date Priority [Category] Message\n -->
|
||||
<param name="ConversionPattern" value="%d %-5p [%c] (%t) %m%n" />
|
||||
|
||||
<!--
|
||||
The full pattern: Date MS Priority [Category]
|
||||
(Thread:NDC) Message\n <param name="ConversionPattern"
|
||||
value="%d %-5r %-5p [%c] (%t:%x) %m%n"/>
|
||||
-->
|
||||
</layout>
|
||||
</appender>
|
||||
|
||||
<!-- A time/date based rolling appender -->
|
||||
<appender name="FILE" class="org.apache.log4j.DailyRollingFileAppender">
|
||||
<param name="File" value="target/test-data/jclouds.log" />
|
||||
<param name="Append" value="true" />
|
||||
|
||||
<!-- Rollover at midnight each day -->
|
||||
<param name="DatePattern" value="'.'yyyy-MM-dd" />
|
||||
|
||||
<param name="Threshold" value="TRACE" />
|
||||
|
||||
<layout class="org.apache.log4j.PatternLayout">
|
||||
<!-- The default pattern: Date Priority [Category] Message\n -->
|
||||
<param name="ConversionPattern" value="%d %-5p [%c] (%t) %m%n" />
|
||||
|
||||
<!--
|
||||
The full pattern: Date MS Priority [Category]
|
||||
(Thread:NDC) Message\n <param name="ConversionPattern"
|
||||
value="%d %-5r %-5p [%c] (%t:%x) %m%n"/>
|
||||
-->
|
||||
</layout>
|
||||
</appender>
|
||||
<!-- A time/date based rolling appender -->
|
||||
<appender name="BLOBSTOREFILE" class="org.apache.log4j.DailyRollingFileAppender">
|
||||
<param name="File" value="target/test-data/jclouds-blobstore.log" />
|
||||
<param name="Append" value="true" />
|
||||
<param name="DatePattern" value="'.'yyyy-MM-dd" />
|
||||
<param name="Threshold" value="TRACE" />
|
||||
<layout class="org.apache.log4j.PatternLayout">
|
||||
<param name="ConversionPattern" value="%d %-5p [%c] (%t) %m%n" />
|
||||
</layout>
|
||||
</appender>
|
||||
|
||||
<!-- A time/date based rolling appender -->
|
||||
<appender name="COMPUTEFILE" class="org.apache.log4j.DailyRollingFileAppender">
|
||||
<param name="File" value="target/test-data/jclouds-compute.log" />
|
||||
<param name="Append" value="true" />
|
||||
|
||||
<!-- Rollover at midnight each day -->
|
||||
<param name="DatePattern" value="'.'yyyy-MM-dd" />
|
||||
|
||||
<param name="Threshold" value="TRACE" />
|
||||
|
||||
<layout class="org.apache.log4j.PatternLayout">
|
||||
<!-- The default pattern: Date Priority [Category] Message\n -->
|
||||
<param name="ConversionPattern" value="%d %-5p [%c] (%t) %m%n" />
|
||||
|
||||
<!--
|
||||
The full pattern: Date MS Priority [Category]
|
||||
(Thread:NDC) Message\n <param name="ConversionPattern"
|
||||
value="%d %-5r %-5p [%c] (%t:%x) %m%n"/>
|
||||
-->
|
||||
</layout>
|
||||
</appender>
|
||||
|
||||
<!-- A time/date based rolling appender -->
|
||||
<appender name="SSHFILE" class="org.apache.log4j.DailyRollingFileAppender">
|
||||
<param name="File" value="target/test-data/jclouds-ssh.log" />
|
||||
<param name="Append" value="true" />
|
||||
|
||||
<!-- Rollover at midnight each day -->
|
||||
<param name="DatePattern" value="'.'yyyy-MM-dd" />
|
||||
|
||||
<param name="Threshold" value="TRACE" />
|
||||
|
||||
<layout class="org.apache.log4j.PatternLayout">
|
||||
<!-- The default pattern: Date Priority [Category] Message\n -->
|
||||
<param name="ConversionPattern" value="%d %-5p [%c] (%t) %m%n" />
|
||||
|
||||
<!--
|
||||
The full pattern: Date MS Priority [Category]
|
||||
(Thread:NDC) Message\n <param name="ConversionPattern"
|
||||
value="%d %-5r %-5p [%c] (%t:%x) %m%n"/>
|
||||
-->
|
||||
</layout>
|
||||
</appender>
|
||||
|
||||
<appender name="ASYNCCOMPUTE" class="org.apache.log4j.AsyncAppender">
|
||||
<appender-ref ref="COMPUTEFILE" />
|
||||
</appender>
|
||||
|
||||
<appender name="ASYNCSSH" class="org.apache.log4j.AsyncAppender">
|
||||
<appender-ref ref="SSHFILE" />
|
||||
</appender>
|
||||
|
||||
<appender name="ASYNC" class="org.apache.log4j.AsyncAppender">
|
||||
<appender-ref ref="FILE" />
|
||||
</appender>
|
||||
|
||||
<appender name="ASYNCWIRE" class="org.apache.log4j.AsyncAppender">
|
||||
<appender-ref ref="WIREFILE" />
|
||||
</appender>
|
||||
|
||||
<appender name="ASYNCBLOBSTORE" class="org.apache.log4j.AsyncAppender">
|
||||
<appender-ref ref="BLOBSTOREFILE" />
|
||||
</appender>
|
||||
<!-- ================ -->
|
||||
<!-- Limit categories -->
|
||||
<!-- ================ -->
|
||||
|
||||
<category name="org.jclouds">
|
||||
<priority value="DEBUG" />
|
||||
<appender-ref ref="ASYNC" />
|
||||
</category>
|
||||
|
||||
<category name="jclouds.headers">
|
||||
<priority value="DEBUG" />
|
||||
<appender-ref ref="ASYNCWIRE" />
|
||||
</category>
|
||||
|
||||
<category name="jclouds.ssh">
|
||||
<priority value="DEBUG" />
|
||||
<appender-ref ref="ASYNCSSH" />
|
||||
</category>
|
||||
<category name="jclouds.wire">
|
||||
<priority value="DEBUG" />
|
||||
<appender-ref ref="ASYNCWIRE" />
|
||||
</category>
|
||||
<category name="jclouds.blobstore">
|
||||
<priority value="DEBUG" />
|
||||
<appender-ref ref="ASYNCBLOBSTORE" />
|
||||
</category>
|
||||
<category name="jclouds.compute">
|
||||
<priority value="TRACE" />
|
||||
<appender-ref ref="ASYNCCOMPUTE" />
|
||||
</category>
|
||||
<!-- ======================= -->
|
||||
<!-- Setup the Root category -->
|
||||
<!-- ======================= -->
|
||||
|
||||
<root>
|
||||
<priority value="WARN" />
|
||||
</root>
|
||||
|
||||
</log4j:configuration>
|
|
@ -0,0 +1,13 @@
|
|||
<GetSessionTokenResponse xmlns="https://sts.amazonaws.com/doc/2011-06-15/">
|
||||
<GetSessionTokenResult>
|
||||
<Credentials>
|
||||
<SessionToken>AQoEXAMPLEH4aoAH0gNCAPyJxz4BlCFFxWNE1OPTgk5TthT</SessionToken>
|
||||
<SecretAccessKey>wJalrXUtnFEMI/K7MDENG/bPxRfiCYzEXAMPLEKEY</SecretAccessKey>
|
||||
<Expiration>2011-07-11T19:55:29.611Z</Expiration>
|
||||
<AccessKeyId>AKIAIOSFODNN7EXAMPLE</AccessKeyId>
|
||||
</Credentials>
|
||||
</GetSessionTokenResult>
|
||||
<ResponseMetadata>
|
||||
<RequestId>58c5dbae-abef-11e0-8cfe-09039844ac7d</RequestId>
|
||||
</ResponseMetadata>
|
||||
</GetSessionTokenResponse>
|
Loading…
Reference in New Issue