NIFI-11260 Added STS SSL Context Service for AWS Credentials Provider

This closes #7021

Signed-off-by: David Handermann <exceptionfactory@apache.org>
This commit is contained in:
Peter Turcsanyi 2023-03-08 12:30:05 +01:00 committed by exceptionfactory
parent b23b2621ac
commit d2f80b1645
No known key found for this signature in database
GPG Key ID: 29B6A52D2AAE8DBA
14 changed files with 156 additions and 167 deletions

View File

@ -23,6 +23,7 @@ import org.apache.nifi.components.resource.ResourceType;
import org.apache.nifi.expression.ExpressionLanguageScope;
import org.apache.nifi.processor.util.StandardValidators;
import org.apache.nifi.processors.aws.AwsPropertyDescriptors;
import org.apache.nifi.ssl.SSLContextService;
import software.amazon.awssdk.regions.Region;
import java.util.ArrayList;
@ -173,6 +174,15 @@ public class CredentialPropertyDescriptors {
.dependsOn(ASSUME_ROLE_ARN)
.build();
public static final PropertyDescriptor ASSUME_ROLE_SSL_CONTEXT_SERVICE = new PropertyDescriptor.Builder()
.name("assume-role-ssl-context-service")
.displayName("Assume Role SSL Context Service")
.description("SSL Context Service used when connecting to the STS Endpoint.")
.identifiesControllerService(SSLContextService.class)
.required(false)
.dependsOn(ASSUME_ROLE_ARN)
.build();
/**
* Assume Role Proxy variables for configuring proxy to retrieve keys
*/

View File

@ -19,11 +19,10 @@ package org.apache.nifi.processors.aws.credentials.provider.factory;
import java.util.ArrayList;
import java.util.Collection;
import java.util.List;
import java.util.Map;
import org.apache.nifi.components.PropertyDescriptor;
import org.apache.nifi.components.ValidationContext;
import org.apache.nifi.components.ValidationResult;
import org.apache.nifi.context.PropertyContext;
import org.apache.nifi.processors.aws.credentials.provider.factory.strategies.ExplicitDefaultCredentialsStrategy;
import org.apache.nifi.processors.aws.credentials.provider.factory.strategies.AccessKeyPairCredentialsStrategy;
import org.apache.nifi.processors.aws.credentials.provider.factory.strategies.FileCredentialsStrategy;
@ -66,20 +65,15 @@ public class CredentialsProviderFactory {
strategies.add(new AssumeRoleCredentialsStrategy());
}
public CredentialsStrategy selectPrimaryStrategy(final Map<PropertyDescriptor, String> properties) {
public CredentialsStrategy selectPrimaryStrategy(final PropertyContext propertyContext) {
for (CredentialsStrategy strategy : strategies) {
if (strategy.canCreatePrimaryCredential(properties)) {
if (strategy.canCreatePrimaryCredential(propertyContext)) {
return strategy;
}
}
return null;
}
public CredentialsStrategy selectPrimaryStrategy(final ValidationContext validationContext) {
final Map<PropertyDescriptor, String> properties = validationContext.getProperties();
return selectPrimaryStrategy(properties);
}
/**
* Validates AWS credential properties against the configured strategies to report any validation errors.
* @return Validation errors
@ -104,15 +98,14 @@ public class CredentialsProviderFactory {
* the factory.
* @return AWSCredentialsProvider implementation
*/
public AWSCredentialsProvider getCredentialsProvider(final Map<PropertyDescriptor, String> properties) {
final CredentialsStrategy primaryStrategy = selectPrimaryStrategy(properties);
AWSCredentialsProvider primaryCredentialsProvider = primaryStrategy.getCredentialsProvider(properties);
public AWSCredentialsProvider getCredentialsProvider(final PropertyContext propertyContext) {
final CredentialsStrategy primaryStrategy = selectPrimaryStrategy(propertyContext);
AWSCredentialsProvider primaryCredentialsProvider = primaryStrategy.getCredentialsProvider(propertyContext);
AWSCredentialsProvider derivedCredentialsProvider = null;
for (CredentialsStrategy strategy : strategies) {
if (strategy.canCreateDerivedCredential(properties)) {
derivedCredentialsProvider = strategy.getDerivedCredentialsProvider(properties,
primaryCredentialsProvider);
if (strategy.canCreateDerivedCredential(propertyContext)) {
derivedCredentialsProvider = strategy.getDerivedCredentialsProvider(propertyContext, primaryCredentialsProvider);
break;
}
}
@ -129,14 +122,14 @@ public class CredentialsProviderFactory {
* the factory.
* @return AwsCredentialsProvider implementation
*/
public AwsCredentialsProvider getAwsCredentialsProvider(final Map<PropertyDescriptor, String> properties) {
final CredentialsStrategy primaryStrategy = selectPrimaryStrategy(properties);
final AwsCredentialsProvider primaryCredentialsProvider = primaryStrategy.getAwsCredentialsProvider(properties);
public AwsCredentialsProvider getAwsCredentialsProvider(final PropertyContext propertyContext) {
final CredentialsStrategy primaryStrategy = selectPrimaryStrategy(propertyContext);
final AwsCredentialsProvider primaryCredentialsProvider = primaryStrategy.getAwsCredentialsProvider(propertyContext);
AwsCredentialsProvider derivedCredentialsProvider = null;
for (final CredentialsStrategy strategy : strategies) {
if (strategy.canCreateDerivedCredential(properties)) {
derivedCredentialsProvider = strategy.getDerivedAwsCredentialsProvider(properties, primaryCredentialsProvider);
if (strategy.canCreateDerivedCredential(propertyContext)) {
derivedCredentialsProvider = strategy.getDerivedAwsCredentialsProvider(propertyContext, primaryCredentialsProvider);
break;
}
}

View File

@ -17,13 +17,12 @@
package org.apache.nifi.processors.aws.credentials.provider.factory;
import com.amazonaws.auth.AWSCredentialsProvider;
import org.apache.nifi.components.PropertyDescriptor;
import org.apache.nifi.components.ValidationContext;
import org.apache.nifi.components.ValidationResult;
import org.apache.nifi.context.PropertyContext;
import software.amazon.awssdk.auth.credentials.AwsCredentialsProvider;
import java.util.Collection;
import java.util.Map;
/**
@ -43,13 +42,13 @@ public interface CredentialsStrategy {
* Determines if this strategy can create primary credentials using the given properties.
* @return true if primary credentials can be created
*/
boolean canCreatePrimaryCredential(Map<PropertyDescriptor, String> properties);
boolean canCreatePrimaryCredential(PropertyContext propertyContext);
/**
* Determines if this strategy can create derived credentials using the given properties.
* @return true if derived credentials can be created
*/
boolean canCreateDerivedCredential(Map<PropertyDescriptor, String> properties);
boolean canCreateDerivedCredential(PropertyContext propertyContext);
/**
* Validates the properties belonging to this strategy, given the selected primary strategy. Errors may result
@ -63,25 +62,25 @@ public interface CredentialsStrategy {
/**
* Creates an AWSCredentialsProvider instance for this strategy, given the properties defined by the user.
*/
AWSCredentialsProvider getCredentialsProvider(Map<PropertyDescriptor, String> properties);
AWSCredentialsProvider getCredentialsProvider(PropertyContext propertyContext);
/**
* Creates an AWSCredentialsProvider instance for this strategy, given the properties defined by the user and
* the AWSCredentialsProvider from the winning primary strategy.
*/
AWSCredentialsProvider getDerivedCredentialsProvider(Map<PropertyDescriptor, String> properties,
AWSCredentialsProvider getDerivedCredentialsProvider(PropertyContext propertyContext,
AWSCredentialsProvider primaryCredentialsProvider);
/**
* Creates an AwsCredentialsProvider instance for this strategy, given the properties defined by the user.
*/
AwsCredentialsProvider getAwsCredentialsProvider(Map<PropertyDescriptor, String> properties);
AwsCredentialsProvider getAwsCredentialsProvider(PropertyContext propertyContext);
/**
* Creates an AwsCredentialsProvider instance for this strategy, given the properties defined by the user and
* the AwsCredentialsProvider from the winning primary strategy.
*/
AwsCredentialsProvider getDerivedAwsCredentialsProvider(Map<PropertyDescriptor, String> properties,
AwsCredentialsProvider getDerivedAwsCredentialsProvider(PropertyContext propertyContext,
AwsCredentialsProvider primaryCredentialsProvider);
}

View File

@ -18,11 +18,12 @@ package org.apache.nifi.processors.aws.credentials.provider.factory.strategies;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Map;
import org.apache.nifi.components.PropertyDescriptor;
import org.apache.nifi.components.PropertyValue;
import org.apache.nifi.components.ValidationContext;
import org.apache.nifi.components.ValidationResult;
import org.apache.nifi.context.PropertyContext;
import org.apache.nifi.processors.aws.credentials.provider.factory.CredentialsStrategy;
@ -42,8 +43,15 @@ public abstract class AbstractBooleanCredentialsStrategy extends AbstractCredent
}
@Override
public boolean canCreatePrimaryCredential(final Map<PropertyDescriptor, String> properties) {
final String useStrategyString = properties.get(strategyProperty);
public boolean canCreatePrimaryCredential(final PropertyContext propertyContext) {
PropertyValue strategyPropertyValue = propertyContext.getProperty(strategyProperty);
if (strategyPropertyValue == null) {
return false;
}
if (strategyProperty.isExpressionLanguageSupported()) {
strategyPropertyValue = strategyPropertyValue.evaluateAttributeExpressions();
}
final String useStrategyString = strategyPropertyValue.getValue();
final Boolean useStrategy = Boolean.parseBoolean(useStrategyString);
return useStrategy;
}

View File

@ -18,11 +18,12 @@ package org.apache.nifi.processors.aws.credentials.provider.factory.strategies;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Map;
import org.apache.nifi.components.PropertyDescriptor;
import org.apache.nifi.components.PropertyValue;
import org.apache.nifi.components.ValidationContext;
import org.apache.nifi.components.ValidationResult;
import org.apache.nifi.context.PropertyContext;
import org.apache.nifi.processors.aws.credentials.provider.factory.CredentialsStrategy;
import com.amazonaws.auth.AWSCredentialsProvider;
@ -42,12 +43,10 @@ public abstract class AbstractCredentialsStrategy implements CredentialsStrategy
}
@Override
public boolean canCreatePrimaryCredential(final Map<PropertyDescriptor, String> properties) {
public boolean canCreatePrimaryCredential(final PropertyContext propertyContext) {
for (final PropertyDescriptor requiredProperty : requiredProperties) {
final boolean containsRequiredProperty = properties.containsKey(requiredProperty);
final String propertyValue = properties.get(requiredProperty);
final boolean containsValue = propertyValue != null;
if (!containsRequiredProperty || !containsValue) {
final PropertyValue propertyValue = propertyContext.getProperty(requiredProperty);
if (!propertyValue.isSet()) {
return false;
}
}
@ -81,7 +80,7 @@ public abstract class AbstractCredentialsStrategy implements CredentialsStrategy
return validationFailureResults;
}
public abstract AWSCredentialsProvider getCredentialsProvider(final Map<PropertyDescriptor, String> properties);
public abstract AWSCredentialsProvider getCredentialsProvider(final PropertyContext propertyContext);
public String getName() {
return name;
@ -89,18 +88,18 @@ public abstract class AbstractCredentialsStrategy implements CredentialsStrategy
@Override
public boolean canCreateDerivedCredential(final Map<PropertyDescriptor, String> properties) {
public boolean canCreateDerivedCredential(final PropertyContext propertyContext) {
return false;
}
@Override
public AWSCredentialsProvider getDerivedCredentialsProvider(final Map<PropertyDescriptor, String> properties,
public AWSCredentialsProvider getDerivedCredentialsProvider(final PropertyContext propertyContext,
final AWSCredentialsProvider primaryCredentialsProvider) {
return null;
}
@Override
public AwsCredentialsProvider getDerivedAwsCredentialsProvider(final Map<PropertyDescriptor, String> properties,
public AwsCredentialsProvider getDerivedAwsCredentialsProvider(final PropertyContext propertyContext,
final AwsCredentialsProvider primaryCredentialsProvider) {
return null;
}

View File

@ -20,12 +20,11 @@ import com.amazonaws.auth.AWSCredentialsProvider;
import com.amazonaws.auth.BasicAWSCredentials;
import com.amazonaws.internal.StaticCredentialsProvider;
import org.apache.nifi.components.PropertyDescriptor;
import org.apache.nifi.context.PropertyContext;
import org.apache.nifi.processors.aws.credentials.provider.factory.CredentialPropertyDescriptors;
import software.amazon.awssdk.auth.credentials.AwsBasicCredentials;
import software.amazon.awssdk.auth.credentials.AwsCredentialsProvider;
import java.util.Map;
/**
* Supports AWS credentials defined by an Access Key and Secret Key pair.
@ -43,17 +42,17 @@ public class AccessKeyPairCredentialsStrategy extends AbstractCredentialsStrateg
}
@Override
public AWSCredentialsProvider getCredentialsProvider(final Map<PropertyDescriptor, String> properties) {
final String accessKey = properties.get(CredentialPropertyDescriptors.ACCESS_KEY);
final String secretKey = properties.get(CredentialPropertyDescriptors.SECRET_KEY);
public AWSCredentialsProvider getCredentialsProvider(final PropertyContext propertyContext) {
final String accessKey = propertyContext.getProperty(CredentialPropertyDescriptors.ACCESS_KEY).evaluateAttributeExpressions().getValue();
final String secretKey = propertyContext.getProperty(CredentialPropertyDescriptors.SECRET_KEY).evaluateAttributeExpressions().getValue();
final BasicAWSCredentials credentials = new BasicAWSCredentials(accessKey, secretKey);
return new StaticCredentialsProvider(credentials);
}
@Override
public AwsCredentialsProvider getAwsCredentialsProvider(final Map<PropertyDescriptor, String> properties) {
final String accessKey = properties.get(CredentialPropertyDescriptors.ACCESS_KEY);
final String secretKey = properties.get(CredentialPropertyDescriptors.SECRET_KEY);
public AwsCredentialsProvider getAwsCredentialsProvider(final PropertyContext propertyContext) {
final String accessKey = propertyContext.getProperty(CredentialPropertyDescriptors.ACCESS_KEY).evaluateAttributeExpressions().getValue();
final String secretKey = propertyContext.getProperty(CredentialPropertyDescriptors.SECRET_KEY).evaluateAttributeExpressions().getValue();
return software.amazon.awssdk.auth.credentials.StaticCredentialsProvider.create(AwsBasicCredentials.create(accessKey, secretKey));
}

View File

@ -19,13 +19,11 @@ package org.apache.nifi.processors.aws.credentials.provider.factory.strategies;
import com.amazonaws.auth.AWSCredentialsProvider;
import com.amazonaws.auth.AnonymousAWSCredentials;
import com.amazonaws.internal.StaticCredentialsProvider;
import org.apache.nifi.components.PropertyDescriptor;
import org.apache.nifi.context.PropertyContext;
import org.apache.nifi.processors.aws.credentials.provider.factory.CredentialPropertyDescriptors;
import software.amazon.awssdk.auth.credentials.AnonymousCredentialsProvider;
import software.amazon.awssdk.auth.credentials.AwsCredentialsProvider;
import java.util.Map;
/**
* Supports Anonymous AWS credentials.
@ -40,13 +38,13 @@ public class AnonymousCredentialsStrategy extends AbstractBooleanCredentialsStra
}
@Override
public AWSCredentialsProvider getCredentialsProvider(final Map<PropertyDescriptor, String> properties) {
public AWSCredentialsProvider getCredentialsProvider(final PropertyContext propertyContext) {
AnonymousAWSCredentials credentials = new AnonymousAWSCredentials();
return new StaticCredentialsProvider(credentials);
}
@Override
public AwsCredentialsProvider getAwsCredentialsProvider(final Map<PropertyDescriptor, String> properties) {
public AwsCredentialsProvider getAwsCredentialsProvider(final PropertyContext propertyContext) {
return AnonymousCredentialsProvider.create();
}

View File

@ -20,12 +20,15 @@ import com.amazonaws.ClientConfiguration;
import com.amazonaws.auth.AWSCredentialsProvider;
import com.amazonaws.auth.STSAssumeRoleSessionCredentialsProvider;
import com.amazonaws.services.securitytoken.AWSSecurityTokenServiceClient;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.nifi.components.PropertyDescriptor;
import org.apache.nifi.components.ValidationContext;
import org.apache.nifi.components.ValidationResult;
import org.apache.nifi.context.PropertyContext;
import org.apache.nifi.processors.aws.credentials.provider.factory.CredentialsStrategy;
import org.apache.nifi.processors.aws.signer.AwsCustomSignerUtil;
import org.apache.nifi.processors.aws.signer.AwsSignerType;
import org.apache.nifi.ssl.SSLContextService;
import software.amazon.awssdk.auth.credentials.AwsCredentialsProvider;
import software.amazon.awssdk.http.apache.ApacheHttpClient;
import software.amazon.awssdk.regions.Region;
@ -34,17 +37,18 @@ import software.amazon.awssdk.services.sts.StsClientBuilder;
import software.amazon.awssdk.services.sts.auth.StsAssumeRoleCredentialsProvider;
import software.amazon.awssdk.services.sts.model.AssumeRoleRequest;
import javax.net.ssl.SSLContext;
import java.net.URI;
import java.time.Duration;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Map;
import static org.apache.nifi.processors.aws.credentials.provider.factory.CredentialPropertyDescriptors.ASSUME_ROLE_ARN;
import static org.apache.nifi.processors.aws.credentials.provider.factory.CredentialPropertyDescriptors.ASSUME_ROLE_EXTERNAL_ID;
import static org.apache.nifi.processors.aws.credentials.provider.factory.CredentialPropertyDescriptors.ASSUME_ROLE_NAME;
import static org.apache.nifi.processors.aws.credentials.provider.factory.CredentialPropertyDescriptors.ASSUME_ROLE_PROXY_HOST;
import static org.apache.nifi.processors.aws.credentials.provider.factory.CredentialPropertyDescriptors.ASSUME_ROLE_PROXY_PORT;
import static org.apache.nifi.processors.aws.credentials.provider.factory.CredentialPropertyDescriptors.ASSUME_ROLE_SSL_CONTEXT_SERVICE;
import static org.apache.nifi.processors.aws.credentials.provider.factory.CredentialPropertyDescriptors.ASSUME_ROLE_STS_CUSTOM_SIGNER_CLASS_NAME;
import static org.apache.nifi.processors.aws.credentials.provider.factory.CredentialPropertyDescriptors.ASSUME_ROLE_STS_ENDPOINT;
import static org.apache.nifi.processors.aws.credentials.provider.factory.CredentialPropertyDescriptors.ASSUME_ROLE_STS_REGION;
@ -72,14 +76,14 @@ public class AssumeRoleCredentialsStrategy extends AbstractCredentialsStrategy {
}
@Override
public boolean canCreatePrimaryCredential(final Map<PropertyDescriptor, String> properties) {
public boolean canCreatePrimaryCredential(final PropertyContext propertyContext) {
return false;
}
@Override
public boolean canCreateDerivedCredential(final Map<PropertyDescriptor, String> properties) {
final String assumeRoleArn = properties.get(ASSUME_ROLE_ARN);
final String assumeRoleName = properties.get(ASSUME_ROLE_NAME);
public boolean canCreateDerivedCredential(final PropertyContext propertyContext) {
final String assumeRoleArn = propertyContext.getProperty(ASSUME_ROLE_ARN).getValue();
final String assumeRoleName = propertyContext.getProperty(ASSUME_ROLE_NAME).getValue();
if (assumeRoleArn != null && !assumeRoleArn.isEmpty()
&& assumeRoleName != null && !assumeRoleName.isEmpty()) {
return true;
@ -87,9 +91,9 @@ public class AssumeRoleCredentialsStrategy extends AbstractCredentialsStrategy {
return false;
}
public boolean proxyVariablesValidForAssumeRole(final Map<PropertyDescriptor, String> properties){
final String assumeRoleProxyHost = properties.get(ASSUME_ROLE_PROXY_HOST);
final String assumeRoleProxyPort = properties.get(ASSUME_ROLE_PROXY_PORT);
protected boolean proxyVariablesValidForAssumeRole(final PropertyContext propertyContext) {
final String assumeRoleProxyHost = propertyContext.getProperty(ASSUME_ROLE_PROXY_HOST).getValue();
final String assumeRoleProxyPort = propertyContext.getProperty(ASSUME_ROLE_PROXY_PORT).getValue();
if (assumeRoleProxyHost != null && !assumeRoleProxyHost.isEmpty()
&& assumeRoleProxyPort != null && !assumeRoleProxyPort.isEmpty()) {
return true;
@ -130,36 +134,41 @@ public class AssumeRoleCredentialsStrategy extends AbstractCredentialsStrategy {
}
@Override
public AWSCredentialsProvider getCredentialsProvider(final Map<PropertyDescriptor, String> properties) {
public AWSCredentialsProvider getCredentialsProvider(final PropertyContext propertyContext) {
throw new UnsupportedOperationException();
}
@Override
public AWSCredentialsProvider getDerivedCredentialsProvider(final Map<PropertyDescriptor, String> properties,
public AWSCredentialsProvider getDerivedCredentialsProvider(final PropertyContext propertyContext,
final AWSCredentialsProvider primaryCredentialsProvider) {
final String assumeRoleArn = properties.get(ASSUME_ROLE_ARN);
final String assumeRoleName = properties.get(ASSUME_ROLE_NAME);
String rawMaxSessionTime = properties.get(MAX_SESSION_TIME);
rawMaxSessionTime = rawMaxSessionTime == null ? MAX_SESSION_TIME.getDefaultValue() : rawMaxSessionTime;
final Integer maxSessionTime = Integer.parseInt(rawMaxSessionTime.trim());
final String assumeRoleExternalId = properties.get(ASSUME_ROLE_EXTERNAL_ID);
final String assumeRoleSTSRegion = properties.get(ASSUME_ROLE_STS_REGION);
final String assumeRoleSTSEndpoint = properties.get(ASSUME_ROLE_STS_ENDPOINT);
final String assumeRoleSTSSigner = properties.get(ASSUME_ROLE_STS_SIGNER_OVERRIDE);
final String assumeRoleArn = propertyContext.getProperty(ASSUME_ROLE_ARN).getValue();
final String assumeRoleName = propertyContext.getProperty(ASSUME_ROLE_NAME).getValue();
final int maxSessionTime = propertyContext.getProperty(MAX_SESSION_TIME).asInteger();
final String assumeRoleExternalId = propertyContext.getProperty(ASSUME_ROLE_EXTERNAL_ID).getValue();
final String assumeRoleSTSRegion = propertyContext.getProperty(ASSUME_ROLE_STS_REGION).getValue();
final String assumeRoleSTSEndpoint = propertyContext.getProperty(ASSUME_ROLE_STS_ENDPOINT).getValue();
final String assumeRoleSTSSigner = propertyContext.getProperty(ASSUME_ROLE_STS_SIGNER_OVERRIDE).getValue();
final SSLContextService sslContextService = propertyContext.getProperty(ASSUME_ROLE_SSL_CONTEXT_SERVICE).asControllerService(SSLContextService.class);
STSAssumeRoleSessionCredentialsProvider.Builder builder;
ClientConfiguration config = new ClientConfiguration();
final ClientConfiguration config = new ClientConfiguration();
if (sslContextService != null) {
final SSLContext sslContext = sslContextService.createContext();
config.getApacheHttpClientConfig().setSslSocketFactory(new SSLConnectionSocketFactory(sslContext));
}
// If proxy variables are set, then create Client Configuration with those values
if (proxyVariablesValidForAssumeRole(properties)) {
final String assumeRoleProxyHost = properties.get(ASSUME_ROLE_PROXY_HOST);
final Integer assumeRoleProxyPort = Integer.parseInt(properties.get(ASSUME_ROLE_PROXY_PORT));
if (proxyVariablesValidForAssumeRole(propertyContext)) {
final String assumeRoleProxyHost = propertyContext.getProperty(ASSUME_ROLE_PROXY_HOST).getValue();
final int assumeRoleProxyPort = propertyContext.getProperty(ASSUME_ROLE_PROXY_PORT).asInteger();
config.withProxyHost(assumeRoleProxyHost);
config.withProxyPort(assumeRoleProxyPort);
}
final AwsSignerType assumeRoleSTSSignerType = AwsSignerType.forValue(assumeRoleSTSSigner);
if (assumeRoleSTSSignerType == CUSTOM_SIGNER) {
final String signerClassName = properties.get(ASSUME_ROLE_STS_CUSTOM_SIGNER_CLASS_NAME);
final String signerClassName = propertyContext.getProperty(ASSUME_ROLE_STS_CUSTOM_SIGNER_CLASS_NAME).evaluateAttributeExpressions().getValue();
config.withSignerOverride(AwsCustomSignerUtil.registerCustomSigner(signerClassName));
} else if (assumeRoleSTSSignerType != DEFAULT_SIGNER) {
@ -190,29 +199,33 @@ public class AssumeRoleCredentialsStrategy extends AbstractCredentialsStrategy {
}
@Override
public AwsCredentialsProvider getAwsCredentialsProvider(final Map<PropertyDescriptor, String> properties) {
public AwsCredentialsProvider getAwsCredentialsProvider(final PropertyContext propertyContext) {
throw new UnsupportedOperationException();
}
@Override
public AwsCredentialsProvider getDerivedAwsCredentialsProvider(final Map<PropertyDescriptor, String> properties,
AwsCredentialsProvider primaryCredentialsProvider) {
final String assumeRoleArn = properties.get(ASSUME_ROLE_ARN);
final String assumeRoleName = properties.get(ASSUME_ROLE_NAME);
String rawMaxSessionTime = properties.get(MAX_SESSION_TIME);
rawMaxSessionTime = rawMaxSessionTime == null ? MAX_SESSION_TIME.getDefaultValue() : rawMaxSessionTime;
final Integer maxSessionTime = Integer.parseInt(rawMaxSessionTime.trim());
final String assumeRoleExternalId = properties.get(ASSUME_ROLE_EXTERNAL_ID);
final String assumeRoleSTSEndpoint = properties.get(ASSUME_ROLE_STS_ENDPOINT);
final String stsRegion = properties.get(ASSUME_ROLE_STS_REGION);
public AwsCredentialsProvider getDerivedAwsCredentialsProvider(final PropertyContext propertyContext,
final AwsCredentialsProvider primaryCredentialsProvider) {
final String assumeRoleArn = propertyContext.getProperty(ASSUME_ROLE_ARN).getValue();
final String assumeRoleName = propertyContext.getProperty(ASSUME_ROLE_NAME).getValue();
final int maxSessionTime = propertyContext.getProperty(MAX_SESSION_TIME).asInteger();
final String assumeRoleExternalId = propertyContext.getProperty(ASSUME_ROLE_EXTERNAL_ID).getValue();
final String assumeRoleSTSEndpoint = propertyContext.getProperty(ASSUME_ROLE_STS_ENDPOINT).getValue();
final String stsRegion = propertyContext.getProperty(ASSUME_ROLE_STS_REGION).getValue();
final SSLContextService sslContextService = propertyContext.getProperty(ASSUME_ROLE_SSL_CONTEXT_SERVICE).asControllerService(SSLContextService.class);
final StsAssumeRoleCredentialsProvider.Builder builder = StsAssumeRoleCredentialsProvider.builder();
// If proxy variables are set, then create Client Configuration with those values
final ApacheHttpClient.Builder httpClientBuilder = ApacheHttpClient.builder();
if (proxyVariablesValidForAssumeRole(properties)) {
final String assumeRoleProxyHost = properties.get(ASSUME_ROLE_PROXY_HOST);
final Integer assumeRoleProxyPort = Integer.parseInt(properties.get(ASSUME_ROLE_PROXY_PORT));
if (sslContextService != null) {
final SSLContext sslContext = sslContextService.createContext();
httpClientBuilder.socketFactory(new SSLConnectionSocketFactory(sslContext));
}
if (proxyVariablesValidForAssumeRole(propertyContext)) {
final String assumeRoleProxyHost = propertyContext.getProperty(ASSUME_ROLE_PROXY_HOST).getValue();
final int assumeRoleProxyPort = propertyContext.getProperty(ASSUME_ROLE_PROXY_PORT).asInteger();
final software.amazon.awssdk.http.apache.ProxyConfiguration proxyConfig = software.amazon.awssdk.http.apache.ProxyConfiguration.builder()
.endpoint(URI.create(String.format("%s:%s", assumeRoleProxyHost, assumeRoleProxyPort)))
.build();

View File

@ -16,9 +16,7 @@
*/
package org.apache.nifi.processors.aws.credentials.provider.factory.strategies;
import java.util.Map;
import org.apache.nifi.components.PropertyDescriptor;
import org.apache.nifi.context.PropertyContext;
import org.apache.nifi.processors.aws.credentials.provider.factory.CredentialPropertyDescriptors;
import com.amazonaws.auth.AWSCredentialsProvider;
@ -41,12 +39,12 @@ public class ExplicitDefaultCredentialsStrategy extends AbstractBooleanCredentia
}
@Override
public AWSCredentialsProvider getCredentialsProvider(final Map<PropertyDescriptor, String> properties) {
public AWSCredentialsProvider getCredentialsProvider(final PropertyContext propertyContext) {
return new DefaultAWSCredentialsProviderChain();
}
@Override
public AwsCredentialsProvider getAwsCredentialsProvider(final Map<PropertyDescriptor, String> properties) {
public AwsCredentialsProvider getAwsCredentialsProvider(final PropertyContext propertyContext) {
return DefaultCredentialsProvider.create();
}

View File

@ -19,12 +19,12 @@ package org.apache.nifi.processors.aws.credentials.provider.factory.strategies;
import com.amazonaws.auth.AWSCredentialsProvider;
import com.amazonaws.auth.PropertiesFileCredentialsProvider;
import org.apache.nifi.components.PropertyDescriptor;
import org.apache.nifi.context.PropertyContext;
import org.apache.nifi.processors.aws.credentials.provider.PropertiesCredentialsProvider;
import org.apache.nifi.processors.aws.credentials.provider.factory.CredentialPropertyDescriptors;
import software.amazon.awssdk.auth.credentials.AwsCredentialsProvider;
import java.io.File;
import java.util.Map;
/**
@ -47,14 +47,14 @@ public class FileCredentialsStrategy extends AbstractCredentialsStrategy {
}
@Override
public AWSCredentialsProvider getCredentialsProvider(final Map<PropertyDescriptor, String> properties) {
final String credentialsFile = properties.get(CredentialPropertyDescriptors.CREDENTIALS_FILE);
public AWSCredentialsProvider getCredentialsProvider(final PropertyContext propertyContext) {
final String credentialsFile = propertyContext.getProperty(CredentialPropertyDescriptors.CREDENTIALS_FILE).getValue();
return new PropertiesFileCredentialsProvider(credentialsFile);
}
@Override
public AwsCredentialsProvider getAwsCredentialsProvider(final Map<PropertyDescriptor, String> properties) {
final String credentialsFile = properties.get(CredentialPropertyDescriptors.CREDENTIALS_FILE);
public AwsCredentialsProvider getAwsCredentialsProvider(final PropertyContext propertyContext) {
final String credentialsFile = propertyContext.getProperty(CredentialPropertyDescriptors.CREDENTIALS_FILE).getValue();
return new PropertiesCredentialsProvider(new File(credentialsFile));
}

View File

@ -19,11 +19,10 @@ package org.apache.nifi.processors.aws.credentials.provider.factory.strategies;
import com.amazonaws.auth.AWSCredentialsProvider;
import com.amazonaws.auth.DefaultAWSCredentialsProviderChain;
import org.apache.nifi.components.PropertyDescriptor;
import org.apache.nifi.context.PropertyContext;
import software.amazon.awssdk.auth.credentials.AwsCredentialsProvider;
import software.amazon.awssdk.auth.credentials.DefaultCredentialsProvider;
import java.util.Map;
/**
* Supports AWS Default Credentials. Compared to ExplicitDefaultCredentialsStrategy, this strategy is always
@ -37,12 +36,12 @@ public class ImplicitDefaultCredentialsStrategy extends AbstractCredentialsStrat
}
@Override
public AWSCredentialsProvider getCredentialsProvider(final Map<PropertyDescriptor, String> properties) {
public AWSCredentialsProvider getCredentialsProvider(final PropertyContext propertyContext) {
return new DefaultAWSCredentialsProviderChain();
}
@Override
public AwsCredentialsProvider getAwsCredentialsProvider(final Map<PropertyDescriptor, String> properties) {
public AwsCredentialsProvider getAwsCredentialsProvider(final PropertyContext propertyContext) {
return DefaultCredentialsProvider.create();
}
}

View File

@ -16,9 +16,8 @@
*/
package org.apache.nifi.processors.aws.credentials.provider.factory.strategies;
import java.util.Map;
import org.apache.nifi.components.PropertyDescriptor;
import org.apache.nifi.context.PropertyContext;
import org.apache.nifi.processors.aws.credentials.provider.factory.CredentialPropertyDescriptors;
import com.amazonaws.auth.AWSCredentialsProvider;
@ -41,14 +40,14 @@ public class NamedProfileCredentialsStrategy extends AbstractCredentialsStrategy
}
@Override
public AWSCredentialsProvider getCredentialsProvider(final Map<PropertyDescriptor, String> properties) {
final String profileName = properties.get(CredentialPropertyDescriptors.PROFILE_NAME);
public AWSCredentialsProvider getCredentialsProvider(final PropertyContext propertyContext) {
final String profileName = propertyContext.getProperty(CredentialPropertyDescriptors.PROFILE_NAME).evaluateAttributeExpressions().getValue();
return new ProfileCredentialsProvider(profileName);
}
@Override
public AwsCredentialsProvider getAwsCredentialsProvider(final Map<PropertyDescriptor, String> properties) {
final String profileName = properties.get(CredentialPropertyDescriptors.PROFILE_NAME);
public AwsCredentialsProvider getAwsCredentialsProvider(final PropertyContext propertyContext) {
final String profileName = propertyContext.getProperty(CredentialPropertyDescriptors.PROFILE_NAME).evaluateAttributeExpressions().getValue();
return software.amazon.awssdk.auth.credentials.ProfileCredentialsProvider.create(profileName);
}
}

View File

@ -36,14 +36,13 @@ import software.amazon.awssdk.auth.credentials.AwsCredentialsProvider;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import static org.apache.nifi.processors.aws.credentials.provider.factory.CredentialPropertyDescriptors.ACCESS_KEY;
import static org.apache.nifi.processors.aws.credentials.provider.factory.CredentialPropertyDescriptors.ASSUME_ROLE_EXTERNAL_ID;
import static org.apache.nifi.processors.aws.credentials.provider.factory.CredentialPropertyDescriptors.ASSUME_ROLE_PROXY_HOST;
import static org.apache.nifi.processors.aws.credentials.provider.factory.CredentialPropertyDescriptors.ASSUME_ROLE_PROXY_PORT;
import static org.apache.nifi.processors.aws.credentials.provider.factory.CredentialPropertyDescriptors.ASSUME_ROLE_SSL_CONTEXT_SERVICE;
import static org.apache.nifi.processors.aws.credentials.provider.factory.CredentialPropertyDescriptors.ASSUME_ROLE_STS_ENDPOINT;
import static org.apache.nifi.processors.aws.credentials.provider.factory.CredentialPropertyDescriptors.ASSUME_ROLE_STS_SIGNER_OVERRIDE;
import static org.apache.nifi.processors.aws.credentials.provider.factory.CredentialPropertyDescriptors.CREDENTIALS_FILE;
@ -79,7 +78,7 @@ public class AWSCredentialsProviderControllerService extends AbstractControllerS
public static final PropertyDescriptor MAX_SESSION_TIME = CredentialPropertyDescriptors.MAX_SESSION_TIME;
public static final PropertyDescriptor ASSUME_ROLE_STS_REGION = CredentialPropertyDescriptors.ASSUME_ROLE_STS_REGION;
private static final List<PropertyDescriptor> properties;
private static final List<PropertyDescriptor> PROPERTIES;
static {
final List<PropertyDescriptor> props = new ArrayList<>();
@ -93,6 +92,7 @@ public class AWSCredentialsProviderControllerService extends AbstractControllerS
props.add(ASSUME_ROLE_NAME);
props.add(MAX_SESSION_TIME);
props.add(ASSUME_ROLE_EXTERNAL_ID);
props.add(ASSUME_ROLE_SSL_CONTEXT_SERVICE);
props.add(ASSUME_ROLE_PROXY_HOST);
props.add(ASSUME_ROLE_PROXY_PORT);
props.add(ASSUME_ROLE_STS_REGION);
@ -100,16 +100,16 @@ public class AWSCredentialsProviderControllerService extends AbstractControllerS
props.add(ASSUME_ROLE_STS_SIGNER_OVERRIDE);
props.add(ASSUME_ROLE_STS_CUSTOM_SIGNER_CLASS_NAME);
props.add(ASSUME_ROLE_STS_CUSTOM_SIGNER_MODULE_LOCATION);
properties = Collections.unmodifiableList(props);
PROPERTIES = Collections.unmodifiableList(props);
}
private volatile ConfigurationContext context;
private volatile AWSCredentialsProvider credentialsProvider;
private volatile Map<PropertyDescriptor, String> evaluatedProperties;
protected final CredentialsProviderFactory credentialsProviderFactory = new CredentialsProviderFactory();
@Override
protected List<PropertyDescriptor> getSupportedPropertyDescriptors() {
return properties;
return PROPERTIES;
}
@Override
@ -120,7 +120,7 @@ public class AWSCredentialsProviderControllerService extends AbstractControllerS
@Override
public AwsCredentialsProvider getAwsCredentialsProvider() {
// Avoiding instantiation until actually used, in case v1-related configuration is not compatible with v2 clients
return credentialsProviderFactory.getAwsCredentialsProvider(evaluatedProperties);
return credentialsProviderFactory.getAwsCredentialsProvider(context);
}
@Override
@ -130,14 +130,9 @@ public class AWSCredentialsProviderControllerService extends AbstractControllerS
@OnEnabled
public void onConfigured(final ConfigurationContext context) {
evaluatedProperties = new HashMap<>(context.getProperties());
evaluatedProperties.keySet().forEach(propertyDescriptor -> {
if (propertyDescriptor.isExpressionLanguageSupported()) {
evaluatedProperties.put(propertyDescriptor,
context.getProperty(propertyDescriptor).evaluateAttributeExpressions().getValue());
}
});
credentialsProvider = credentialsProviderFactory.getCredentialsProvider(evaluatedProperties);
this.context = context;
credentialsProvider = credentialsProviderFactory.getCredentialsProvider(context);
getLogger().debug("Using credentials provider: " + credentialsProvider.getClass());
}

View File

@ -27,7 +27,6 @@ import com.amazonaws.auth.STSAssumeRoleSessionCredentialsProvider;
import com.amazonaws.auth.Signer;
import com.amazonaws.auth.profile.ProfileCredentialsProvider;
import com.amazonaws.internal.StaticCredentialsProvider;
import org.apache.nifi.components.PropertyDescriptor;
import org.apache.nifi.processors.aws.credentials.provider.PropertiesCredentialsProvider;
import org.apache.nifi.processors.aws.s3.FetchS3Object;
import org.apache.nifi.processors.aws.signer.AwsSignerType;
@ -40,11 +39,8 @@ import software.amazon.awssdk.auth.credentials.DefaultCredentialsProvider;
import software.amazon.awssdk.regions.Region;
import software.amazon.awssdk.services.sts.auth.StsAssumeRoleCredentialsProvider;
import java.util.Map;
import static org.junit.jupiter.api.Assertions.assertEquals;
import static org.junit.jupiter.api.Assertions.assertNotNull;
import static org.junit.jupiter.api.Assertions.assertThrows;
import static org.mockito.ArgumentMatchers.any;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.verify;
@ -59,14 +55,13 @@ public class TestCredentialsProviderFactory {
final TestRunner runner = TestRunners.newTestRunner(MockAWSProcessor.class);
runner.assertValid();
final Map<PropertyDescriptor, String> properties = runner.getProcessContext().getProperties();
final CredentialsProviderFactory factory = new CredentialsProviderFactory();
final AWSCredentialsProvider credentialsProvider = factory.getCredentialsProvider(properties);
final AWSCredentialsProvider credentialsProvider = factory.getCredentialsProvider(runner.getProcessContext());
assertNotNull(credentialsProvider);
assertEquals(DefaultAWSCredentialsProviderChain.class,
credentialsProvider.getClass(), "credentials provider should be equal");
final AwsCredentialsProvider credentialsProviderV2 = factory.getAwsCredentialsProvider(properties);
final AwsCredentialsProvider credentialsProviderV2 = factory.getAwsCredentialsProvider(runner.getProcessContext());
assertNotNull(credentialsProviderV2);
assertEquals(DefaultCredentialsProvider.class,
credentialsProviderV2.getClass(), "credentials provider should be equal");
@ -78,14 +73,13 @@ public class TestCredentialsProviderFactory {
runner.setProperty(CredentialPropertyDescriptors.USE_DEFAULT_CREDENTIALS, "true");
runner.assertValid();
final Map<PropertyDescriptor, String> properties = runner.getProcessContext().getProperties();
final CredentialsProviderFactory factory = new CredentialsProviderFactory();
final AWSCredentialsProvider credentialsProvider = factory.getCredentialsProvider(properties);
final AWSCredentialsProvider credentialsProvider = factory.getCredentialsProvider(runner.getProcessContext());
assertNotNull(credentialsProvider);
assertEquals(DefaultAWSCredentialsProviderChain.class,
credentialsProvider.getClass(), "credentials provider should be equal");
final AwsCredentialsProvider credentialsProviderV2 = factory.getAwsCredentialsProvider(properties);
final AwsCredentialsProvider credentialsProviderV2 = factory.getAwsCredentialsProvider(runner.getProcessContext());
assertNotNull(credentialsProviderV2);
assertEquals(DefaultCredentialsProvider.class,
credentialsProviderV2.getClass(), "credentials provider should be equal");
@ -107,14 +101,14 @@ public class TestCredentialsProviderFactory {
runner.setProperty(CredentialPropertyDescriptors.SECRET_KEY, "BogusSecretKey");
runner.assertValid();
final Map<PropertyDescriptor, String> properties = runner.getProcessContext().getProperties();
final CredentialsProviderFactory factory = new CredentialsProviderFactory();
final AWSCredentialsProvider credentialsProvider = factory.getCredentialsProvider(properties);
final AWSCredentialsProvider credentialsProvider = factory.getCredentialsProvider(runner.getProcessContext());
assertNotNull(credentialsProvider);
assertEquals(StaticCredentialsProvider.class,
credentialsProvider.getClass(), "credentials provider should be equal");
final AwsCredentialsProvider credentialsProviderV2 = factory.getAwsCredentialsProvider(properties);
final AwsCredentialsProvider credentialsProviderV2 = factory.getAwsCredentialsProvider(runner.getProcessContext());
assertNotNull(credentialsProviderV2);
assertEquals(software.amazon.awssdk.auth.credentials.StaticCredentialsProvider.class,
credentialsProviderV2.getClass(), "credentials provider should be equal");
@ -140,14 +134,13 @@ public class TestCredentialsProviderFactory {
runner.setProperty(CredentialPropertyDescriptors.CREDENTIALS_FILE, "src/test/resources/mock-aws-credentials.properties");
runner.assertValid();
final Map<PropertyDescriptor, String> properties = runner.getProcessContext().getProperties();
final CredentialsProviderFactory factory = new CredentialsProviderFactory();
final AWSCredentialsProvider credentialsProvider = factory.getCredentialsProvider(properties);
final AWSCredentialsProvider credentialsProvider = factory.getCredentialsProvider(runner.getProcessContext());
assertNotNull(credentialsProvider);
assertEquals(PropertiesFileCredentialsProvider.class,
credentialsProvider.getClass(), "credentials provider should be equal");
final AwsCredentialsProvider credentialsProviderV2 = factory.getAwsCredentialsProvider(properties);
final AwsCredentialsProvider credentialsProviderV2 = factory.getAwsCredentialsProvider(runner.getProcessContext());
assertNotNull(credentialsProviderV2);
assertEquals(PropertiesCredentialsProvider.class,
credentialsProviderV2.getClass(), "credentials provider should be equal");
@ -161,21 +154,11 @@ public class TestCredentialsProviderFactory {
runner.setProperty(CredentialPropertyDescriptors.ASSUME_ROLE_NAME, "BogusSession");
runner.assertValid();
final Map<PropertyDescriptor, String> properties = runner.getProcessContext().getProperties();
final CredentialsProviderFactory factory = new CredentialsProviderFactory();
final AWSCredentialsProvider credentialsProvider = factory.getCredentialsProvider(properties);
final AWSCredentialsProvider credentialsProvider = factory.getCredentialsProvider(runner.getProcessContext());
assertNotNull(credentialsProvider);
assertEquals(STSAssumeRoleSessionCredentialsProvider.class,
credentialsProvider.getClass(), "credentials provider should be equal");
assertThrows(IllegalStateException.class, () -> factory.getAwsCredentialsProvider(properties));
runner.setProperty(CredentialPropertyDescriptors.ASSUME_ROLE_STS_REGION, Region.US_WEST_1.id());
final Map<PropertyDescriptor, String> properties2 = runner.getProcessContext().getProperties();
final AwsCredentialsProvider credentialsProviderV2 = factory.getAwsCredentialsProvider(properties2);
assertNotNull(credentialsProviderV2);
assertEquals(StsAssumeRoleCredentialsProvider.class,
credentialsProviderV2.getClass(), "credentials provider should be equal");
}
@Test
@ -194,14 +177,13 @@ public class TestCredentialsProviderFactory {
runner.setProperty(CredentialPropertyDescriptors.USE_ANONYMOUS_CREDENTIALS, "true");
runner.assertValid();
final Map<PropertyDescriptor, String> properties = runner.getProcessContext().getProperties();
final CredentialsProviderFactory factory = new CredentialsProviderFactory();
final AWSCredentialsProvider credentialsProvider = factory.getCredentialsProvider(properties);
final AWSCredentialsProvider credentialsProvider = factory.getCredentialsProvider(runner.getProcessContext());
assertNotNull(credentialsProvider);
final AWSCredentials creds = credentialsProvider.getCredentials();
assertEquals(AnonymousAWSCredentials.class, creds.getClass(), "credentials should be equal");
final AwsCredentialsProvider credentialsProviderV2 = factory.getAwsCredentialsProvider(properties);
final AwsCredentialsProvider credentialsProviderV2 = factory.getAwsCredentialsProvider(runner.getProcessContext());
assertNotNull(credentialsProviderV2);
assertEquals(AnonymousCredentialsProvider.class,
credentialsProviderV2.getClass(), "credentials provider should be equal");
@ -222,14 +204,13 @@ public class TestCredentialsProviderFactory {
runner.setProperty(CredentialPropertyDescriptors.PROFILE_NAME, "BogusProfile");
runner.assertValid();
final Map<PropertyDescriptor, String> properties = runner.getProcessContext().getProperties();
final CredentialsProviderFactory factory = new CredentialsProviderFactory();
final AWSCredentialsProvider credentialsProvider = factory.getCredentialsProvider(properties);
final AWSCredentialsProvider credentialsProvider = factory.getCredentialsProvider(runner.getProcessContext());
assertNotNull(credentialsProvider);
assertEquals(ProfileCredentialsProvider.class,
credentialsProvider.getClass(), "credentials provider should be equal");
final AwsCredentialsProvider credentialsProviderV2 = factory.getAwsCredentialsProvider(properties);
final AwsCredentialsProvider credentialsProviderV2 = factory.getAwsCredentialsProvider(runner.getProcessContext());
assertNotNull(credentialsProviderV2);
assertEquals(software.amazon.awssdk.auth.credentials.ProfileCredentialsProvider.class,
credentialsProviderV2.getClass(), "credentials provider should be equal");
@ -246,14 +227,13 @@ public class TestCredentialsProviderFactory {
runner.setProperty(CredentialPropertyDescriptors.ASSUME_ROLE_PROXY_PORT, "8080");
runner.assertValid();
final Map<PropertyDescriptor, String> properties = runner.getProcessContext().getProperties();
final CredentialsProviderFactory factory = new CredentialsProviderFactory();
final AWSCredentialsProvider credentialsProvider = factory.getCredentialsProvider(properties);
final AWSCredentialsProvider credentialsProvider = factory.getCredentialsProvider(runner.getProcessContext());
assertNotNull(credentialsProvider);
assertEquals(STSAssumeRoleSessionCredentialsProvider.class,
credentialsProvider.getClass(), "credentials provider should be equal");
final AwsCredentialsProvider credentialsProviderV2 = factory.getAwsCredentialsProvider(properties);
final AwsCredentialsProvider credentialsProviderV2 = factory.getAwsCredentialsProvider(runner.getProcessContext());
assertNotNull(credentialsProviderV2);
assertEquals(StsAssumeRoleCredentialsProvider.class,
credentialsProviderV2.getClass(), "credentials provider should be equal");
@ -300,13 +280,12 @@ public class TestCredentialsProviderFactory {
runner.setProperty(CredentialPropertyDescriptors.ASSUME_ROLE_STS_CUSTOM_SIGNER_CLASS_NAME, CustomSTSSigner.class.getName());
runner.assertValid();
final Map<PropertyDescriptor, String> properties = runner.getProcessContext().getProperties();
final CredentialsProviderFactory factory = new CredentialsProviderFactory();
final Signer signerChecker = mock(Signer.class);
CustomSTSSigner.setSignerChecker(signerChecker);
final AWSCredentialsProvider credentialsProvider = factory.getCredentialsProvider(properties);
final AWSCredentialsProvider credentialsProvider = factory.getCredentialsProvider(runner.getProcessContext());
try {
credentialsProvider.getCredentials();