mirror of https://github.com/apache/nifi.git
NIFI-11260 Added STS SSL Context Service for AWS Credentials Provider
This closes #7021 Signed-off-by: David Handermann <exceptionfactory@apache.org>
This commit is contained in:
parent
b23b2621ac
commit
d2f80b1645
|
@ -23,6 +23,7 @@ import org.apache.nifi.components.resource.ResourceType;
|
|||
import org.apache.nifi.expression.ExpressionLanguageScope;
|
||||
import org.apache.nifi.processor.util.StandardValidators;
|
||||
import org.apache.nifi.processors.aws.AwsPropertyDescriptors;
|
||||
import org.apache.nifi.ssl.SSLContextService;
|
||||
import software.amazon.awssdk.regions.Region;
|
||||
|
||||
import java.util.ArrayList;
|
||||
|
@ -173,6 +174,15 @@ public class CredentialPropertyDescriptors {
|
|||
.dependsOn(ASSUME_ROLE_ARN)
|
||||
.build();
|
||||
|
||||
public static final PropertyDescriptor ASSUME_ROLE_SSL_CONTEXT_SERVICE = new PropertyDescriptor.Builder()
|
||||
.name("assume-role-ssl-context-service")
|
||||
.displayName("Assume Role SSL Context Service")
|
||||
.description("SSL Context Service used when connecting to the STS Endpoint.")
|
||||
.identifiesControllerService(SSLContextService.class)
|
||||
.required(false)
|
||||
.dependsOn(ASSUME_ROLE_ARN)
|
||||
.build();
|
||||
|
||||
/**
|
||||
* Assume Role Proxy variables for configuring proxy to retrieve keys
|
||||
*/
|
||||
|
|
|
@ -19,11 +19,10 @@ package org.apache.nifi.processors.aws.credentials.provider.factory;
|
|||
import java.util.ArrayList;
|
||||
import java.util.Collection;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
|
||||
import org.apache.nifi.components.PropertyDescriptor;
|
||||
import org.apache.nifi.components.ValidationContext;
|
||||
import org.apache.nifi.components.ValidationResult;
|
||||
import org.apache.nifi.context.PropertyContext;
|
||||
import org.apache.nifi.processors.aws.credentials.provider.factory.strategies.ExplicitDefaultCredentialsStrategy;
|
||||
import org.apache.nifi.processors.aws.credentials.provider.factory.strategies.AccessKeyPairCredentialsStrategy;
|
||||
import org.apache.nifi.processors.aws.credentials.provider.factory.strategies.FileCredentialsStrategy;
|
||||
|
@ -66,20 +65,15 @@ public class CredentialsProviderFactory {
|
|||
strategies.add(new AssumeRoleCredentialsStrategy());
|
||||
}
|
||||
|
||||
public CredentialsStrategy selectPrimaryStrategy(final Map<PropertyDescriptor, String> properties) {
|
||||
public CredentialsStrategy selectPrimaryStrategy(final PropertyContext propertyContext) {
|
||||
for (CredentialsStrategy strategy : strategies) {
|
||||
if (strategy.canCreatePrimaryCredential(properties)) {
|
||||
if (strategy.canCreatePrimaryCredential(propertyContext)) {
|
||||
return strategy;
|
||||
}
|
||||
}
|
||||
return null;
|
||||
}
|
||||
|
||||
public CredentialsStrategy selectPrimaryStrategy(final ValidationContext validationContext) {
|
||||
final Map<PropertyDescriptor, String> properties = validationContext.getProperties();
|
||||
return selectPrimaryStrategy(properties);
|
||||
}
|
||||
|
||||
/**
|
||||
* Validates AWS credential properties against the configured strategies to report any validation errors.
|
||||
* @return Validation errors
|
||||
|
@ -104,15 +98,14 @@ public class CredentialsProviderFactory {
|
|||
* the factory.
|
||||
* @return AWSCredentialsProvider implementation
|
||||
*/
|
||||
public AWSCredentialsProvider getCredentialsProvider(final Map<PropertyDescriptor, String> properties) {
|
||||
final CredentialsStrategy primaryStrategy = selectPrimaryStrategy(properties);
|
||||
AWSCredentialsProvider primaryCredentialsProvider = primaryStrategy.getCredentialsProvider(properties);
|
||||
public AWSCredentialsProvider getCredentialsProvider(final PropertyContext propertyContext) {
|
||||
final CredentialsStrategy primaryStrategy = selectPrimaryStrategy(propertyContext);
|
||||
AWSCredentialsProvider primaryCredentialsProvider = primaryStrategy.getCredentialsProvider(propertyContext);
|
||||
AWSCredentialsProvider derivedCredentialsProvider = null;
|
||||
|
||||
for (CredentialsStrategy strategy : strategies) {
|
||||
if (strategy.canCreateDerivedCredential(properties)) {
|
||||
derivedCredentialsProvider = strategy.getDerivedCredentialsProvider(properties,
|
||||
primaryCredentialsProvider);
|
||||
if (strategy.canCreateDerivedCredential(propertyContext)) {
|
||||
derivedCredentialsProvider = strategy.getDerivedCredentialsProvider(propertyContext, primaryCredentialsProvider);
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
@ -129,14 +122,14 @@ public class CredentialsProviderFactory {
|
|||
* the factory.
|
||||
* @return AwsCredentialsProvider implementation
|
||||
*/
|
||||
public AwsCredentialsProvider getAwsCredentialsProvider(final Map<PropertyDescriptor, String> properties) {
|
||||
final CredentialsStrategy primaryStrategy = selectPrimaryStrategy(properties);
|
||||
final AwsCredentialsProvider primaryCredentialsProvider = primaryStrategy.getAwsCredentialsProvider(properties);
|
||||
public AwsCredentialsProvider getAwsCredentialsProvider(final PropertyContext propertyContext) {
|
||||
final CredentialsStrategy primaryStrategy = selectPrimaryStrategy(propertyContext);
|
||||
final AwsCredentialsProvider primaryCredentialsProvider = primaryStrategy.getAwsCredentialsProvider(propertyContext);
|
||||
AwsCredentialsProvider derivedCredentialsProvider = null;
|
||||
|
||||
for (final CredentialsStrategy strategy : strategies) {
|
||||
if (strategy.canCreateDerivedCredential(properties)) {
|
||||
derivedCredentialsProvider = strategy.getDerivedAwsCredentialsProvider(properties, primaryCredentialsProvider);
|
||||
if (strategy.canCreateDerivedCredential(propertyContext)) {
|
||||
derivedCredentialsProvider = strategy.getDerivedAwsCredentialsProvider(propertyContext, primaryCredentialsProvider);
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -17,13 +17,12 @@
|
|||
package org.apache.nifi.processors.aws.credentials.provider.factory;
|
||||
|
||||
import com.amazonaws.auth.AWSCredentialsProvider;
|
||||
import org.apache.nifi.components.PropertyDescriptor;
|
||||
import org.apache.nifi.components.ValidationContext;
|
||||
import org.apache.nifi.components.ValidationResult;
|
||||
import org.apache.nifi.context.PropertyContext;
|
||||
import software.amazon.awssdk.auth.credentials.AwsCredentialsProvider;
|
||||
|
||||
import java.util.Collection;
|
||||
import java.util.Map;
|
||||
|
||||
|
||||
/**
|
||||
|
@ -43,13 +42,13 @@ public interface CredentialsStrategy {
|
|||
* Determines if this strategy can create primary credentials using the given properties.
|
||||
* @return true if primary credentials can be created
|
||||
*/
|
||||
boolean canCreatePrimaryCredential(Map<PropertyDescriptor, String> properties);
|
||||
boolean canCreatePrimaryCredential(PropertyContext propertyContext);
|
||||
|
||||
/**
|
||||
* Determines if this strategy can create derived credentials using the given properties.
|
||||
* @return true if derived credentials can be created
|
||||
*/
|
||||
boolean canCreateDerivedCredential(Map<PropertyDescriptor, String> properties);
|
||||
boolean canCreateDerivedCredential(PropertyContext propertyContext);
|
||||
|
||||
/**
|
||||
* Validates the properties belonging to this strategy, given the selected primary strategy. Errors may result
|
||||
|
@ -63,25 +62,25 @@ public interface CredentialsStrategy {
|
|||
/**
|
||||
* Creates an AWSCredentialsProvider instance for this strategy, given the properties defined by the user.
|
||||
*/
|
||||
AWSCredentialsProvider getCredentialsProvider(Map<PropertyDescriptor, String> properties);
|
||||
AWSCredentialsProvider getCredentialsProvider(PropertyContext propertyContext);
|
||||
|
||||
/**
|
||||
* Creates an AWSCredentialsProvider instance for this strategy, given the properties defined by the user and
|
||||
* the AWSCredentialsProvider from the winning primary strategy.
|
||||
*/
|
||||
AWSCredentialsProvider getDerivedCredentialsProvider(Map<PropertyDescriptor, String> properties,
|
||||
AWSCredentialsProvider getDerivedCredentialsProvider(PropertyContext propertyContext,
|
||||
AWSCredentialsProvider primaryCredentialsProvider);
|
||||
|
||||
/**
|
||||
* Creates an AwsCredentialsProvider instance for this strategy, given the properties defined by the user.
|
||||
*/
|
||||
AwsCredentialsProvider getAwsCredentialsProvider(Map<PropertyDescriptor, String> properties);
|
||||
AwsCredentialsProvider getAwsCredentialsProvider(PropertyContext propertyContext);
|
||||
|
||||
/**
|
||||
* Creates an AwsCredentialsProvider instance for this strategy, given the properties defined by the user and
|
||||
* the AwsCredentialsProvider from the winning primary strategy.
|
||||
*/
|
||||
AwsCredentialsProvider getDerivedAwsCredentialsProvider(Map<PropertyDescriptor, String> properties,
|
||||
AwsCredentialsProvider getDerivedAwsCredentialsProvider(PropertyContext propertyContext,
|
||||
AwsCredentialsProvider primaryCredentialsProvider);
|
||||
|
||||
}
|
||||
|
|
|
@ -18,11 +18,12 @@ package org.apache.nifi.processors.aws.credentials.provider.factory.strategies;
|
|||
|
||||
import java.util.ArrayList;
|
||||
import java.util.Collection;
|
||||
import java.util.Map;
|
||||
|
||||
import org.apache.nifi.components.PropertyDescriptor;
|
||||
import org.apache.nifi.components.PropertyValue;
|
||||
import org.apache.nifi.components.ValidationContext;
|
||||
import org.apache.nifi.components.ValidationResult;
|
||||
import org.apache.nifi.context.PropertyContext;
|
||||
import org.apache.nifi.processors.aws.credentials.provider.factory.CredentialsStrategy;
|
||||
|
||||
|
||||
|
@ -42,8 +43,15 @@ public abstract class AbstractBooleanCredentialsStrategy extends AbstractCredent
|
|||
}
|
||||
|
||||
@Override
|
||||
public boolean canCreatePrimaryCredential(final Map<PropertyDescriptor, String> properties) {
|
||||
final String useStrategyString = properties.get(strategyProperty);
|
||||
public boolean canCreatePrimaryCredential(final PropertyContext propertyContext) {
|
||||
PropertyValue strategyPropertyValue = propertyContext.getProperty(strategyProperty);
|
||||
if (strategyPropertyValue == null) {
|
||||
return false;
|
||||
}
|
||||
if (strategyProperty.isExpressionLanguageSupported()) {
|
||||
strategyPropertyValue = strategyPropertyValue.evaluateAttributeExpressions();
|
||||
}
|
||||
final String useStrategyString = strategyPropertyValue.getValue();
|
||||
final Boolean useStrategy = Boolean.parseBoolean(useStrategyString);
|
||||
return useStrategy;
|
||||
}
|
||||
|
|
|
@ -18,11 +18,12 @@ package org.apache.nifi.processors.aws.credentials.provider.factory.strategies;
|
|||
|
||||
import java.util.ArrayList;
|
||||
import java.util.Collection;
|
||||
import java.util.Map;
|
||||
|
||||
import org.apache.nifi.components.PropertyDescriptor;
|
||||
import org.apache.nifi.components.PropertyValue;
|
||||
import org.apache.nifi.components.ValidationContext;
|
||||
import org.apache.nifi.components.ValidationResult;
|
||||
import org.apache.nifi.context.PropertyContext;
|
||||
import org.apache.nifi.processors.aws.credentials.provider.factory.CredentialsStrategy;
|
||||
|
||||
import com.amazonaws.auth.AWSCredentialsProvider;
|
||||
|
@ -42,12 +43,10 @@ public abstract class AbstractCredentialsStrategy implements CredentialsStrategy
|
|||
}
|
||||
|
||||
@Override
|
||||
public boolean canCreatePrimaryCredential(final Map<PropertyDescriptor, String> properties) {
|
||||
public boolean canCreatePrimaryCredential(final PropertyContext propertyContext) {
|
||||
for (final PropertyDescriptor requiredProperty : requiredProperties) {
|
||||
final boolean containsRequiredProperty = properties.containsKey(requiredProperty);
|
||||
final String propertyValue = properties.get(requiredProperty);
|
||||
final boolean containsValue = propertyValue != null;
|
||||
if (!containsRequiredProperty || !containsValue) {
|
||||
final PropertyValue propertyValue = propertyContext.getProperty(requiredProperty);
|
||||
if (!propertyValue.isSet()) {
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
@ -81,7 +80,7 @@ public abstract class AbstractCredentialsStrategy implements CredentialsStrategy
|
|||
return validationFailureResults;
|
||||
}
|
||||
|
||||
public abstract AWSCredentialsProvider getCredentialsProvider(final Map<PropertyDescriptor, String> properties);
|
||||
public abstract AWSCredentialsProvider getCredentialsProvider(final PropertyContext propertyContext);
|
||||
|
||||
public String getName() {
|
||||
return name;
|
||||
|
@ -89,18 +88,18 @@ public abstract class AbstractCredentialsStrategy implements CredentialsStrategy
|
|||
|
||||
|
||||
@Override
|
||||
public boolean canCreateDerivedCredential(final Map<PropertyDescriptor, String> properties) {
|
||||
public boolean canCreateDerivedCredential(final PropertyContext propertyContext) {
|
||||
return false;
|
||||
}
|
||||
|
||||
@Override
|
||||
public AWSCredentialsProvider getDerivedCredentialsProvider(final Map<PropertyDescriptor, String> properties,
|
||||
public AWSCredentialsProvider getDerivedCredentialsProvider(final PropertyContext propertyContext,
|
||||
final AWSCredentialsProvider primaryCredentialsProvider) {
|
||||
return null;
|
||||
}
|
||||
|
||||
@Override
|
||||
public AwsCredentialsProvider getDerivedAwsCredentialsProvider(final Map<PropertyDescriptor, String> properties,
|
||||
public AwsCredentialsProvider getDerivedAwsCredentialsProvider(final PropertyContext propertyContext,
|
||||
final AwsCredentialsProvider primaryCredentialsProvider) {
|
||||
return null;
|
||||
}
|
||||
|
|
|
@ -20,12 +20,11 @@ import com.amazonaws.auth.AWSCredentialsProvider;
|
|||
import com.amazonaws.auth.BasicAWSCredentials;
|
||||
import com.amazonaws.internal.StaticCredentialsProvider;
|
||||
import org.apache.nifi.components.PropertyDescriptor;
|
||||
import org.apache.nifi.context.PropertyContext;
|
||||
import org.apache.nifi.processors.aws.credentials.provider.factory.CredentialPropertyDescriptors;
|
||||
import software.amazon.awssdk.auth.credentials.AwsBasicCredentials;
|
||||
import software.amazon.awssdk.auth.credentials.AwsCredentialsProvider;
|
||||
|
||||
import java.util.Map;
|
||||
|
||||
|
||||
/**
|
||||
* Supports AWS credentials defined by an Access Key and Secret Key pair.
|
||||
|
@ -43,17 +42,17 @@ public class AccessKeyPairCredentialsStrategy extends AbstractCredentialsStrateg
|
|||
}
|
||||
|
||||
@Override
|
||||
public AWSCredentialsProvider getCredentialsProvider(final Map<PropertyDescriptor, String> properties) {
|
||||
final String accessKey = properties.get(CredentialPropertyDescriptors.ACCESS_KEY);
|
||||
final String secretKey = properties.get(CredentialPropertyDescriptors.SECRET_KEY);
|
||||
public AWSCredentialsProvider getCredentialsProvider(final PropertyContext propertyContext) {
|
||||
final String accessKey = propertyContext.getProperty(CredentialPropertyDescriptors.ACCESS_KEY).evaluateAttributeExpressions().getValue();
|
||||
final String secretKey = propertyContext.getProperty(CredentialPropertyDescriptors.SECRET_KEY).evaluateAttributeExpressions().getValue();
|
||||
final BasicAWSCredentials credentials = new BasicAWSCredentials(accessKey, secretKey);
|
||||
return new StaticCredentialsProvider(credentials);
|
||||
}
|
||||
|
||||
@Override
|
||||
public AwsCredentialsProvider getAwsCredentialsProvider(final Map<PropertyDescriptor, String> properties) {
|
||||
final String accessKey = properties.get(CredentialPropertyDescriptors.ACCESS_KEY);
|
||||
final String secretKey = properties.get(CredentialPropertyDescriptors.SECRET_KEY);
|
||||
public AwsCredentialsProvider getAwsCredentialsProvider(final PropertyContext propertyContext) {
|
||||
final String accessKey = propertyContext.getProperty(CredentialPropertyDescriptors.ACCESS_KEY).evaluateAttributeExpressions().getValue();
|
||||
final String secretKey = propertyContext.getProperty(CredentialPropertyDescriptors.SECRET_KEY).evaluateAttributeExpressions().getValue();
|
||||
return software.amazon.awssdk.auth.credentials.StaticCredentialsProvider.create(AwsBasicCredentials.create(accessKey, secretKey));
|
||||
}
|
||||
|
||||
|
|
|
@ -19,13 +19,11 @@ package org.apache.nifi.processors.aws.credentials.provider.factory.strategies;
|
|||
import com.amazonaws.auth.AWSCredentialsProvider;
|
||||
import com.amazonaws.auth.AnonymousAWSCredentials;
|
||||
import com.amazonaws.internal.StaticCredentialsProvider;
|
||||
import org.apache.nifi.components.PropertyDescriptor;
|
||||
import org.apache.nifi.context.PropertyContext;
|
||||
import org.apache.nifi.processors.aws.credentials.provider.factory.CredentialPropertyDescriptors;
|
||||
import software.amazon.awssdk.auth.credentials.AnonymousCredentialsProvider;
|
||||
import software.amazon.awssdk.auth.credentials.AwsCredentialsProvider;
|
||||
|
||||
import java.util.Map;
|
||||
|
||||
|
||||
/**
|
||||
* Supports Anonymous AWS credentials.
|
||||
|
@ -40,13 +38,13 @@ public class AnonymousCredentialsStrategy extends AbstractBooleanCredentialsStra
|
|||
}
|
||||
|
||||
@Override
|
||||
public AWSCredentialsProvider getCredentialsProvider(final Map<PropertyDescriptor, String> properties) {
|
||||
public AWSCredentialsProvider getCredentialsProvider(final PropertyContext propertyContext) {
|
||||
AnonymousAWSCredentials credentials = new AnonymousAWSCredentials();
|
||||
return new StaticCredentialsProvider(credentials);
|
||||
}
|
||||
|
||||
@Override
|
||||
public AwsCredentialsProvider getAwsCredentialsProvider(final Map<PropertyDescriptor, String> properties) {
|
||||
public AwsCredentialsProvider getAwsCredentialsProvider(final PropertyContext propertyContext) {
|
||||
return AnonymousCredentialsProvider.create();
|
||||
}
|
||||
|
||||
|
|
|
@ -20,12 +20,15 @@ import com.amazonaws.ClientConfiguration;
|
|||
import com.amazonaws.auth.AWSCredentialsProvider;
|
||||
import com.amazonaws.auth.STSAssumeRoleSessionCredentialsProvider;
|
||||
import com.amazonaws.services.securitytoken.AWSSecurityTokenServiceClient;
|
||||
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
|
||||
import org.apache.nifi.components.PropertyDescriptor;
|
||||
import org.apache.nifi.components.ValidationContext;
|
||||
import org.apache.nifi.components.ValidationResult;
|
||||
import org.apache.nifi.context.PropertyContext;
|
||||
import org.apache.nifi.processors.aws.credentials.provider.factory.CredentialsStrategy;
|
||||
import org.apache.nifi.processors.aws.signer.AwsCustomSignerUtil;
|
||||
import org.apache.nifi.processors.aws.signer.AwsSignerType;
|
||||
import org.apache.nifi.ssl.SSLContextService;
|
||||
import software.amazon.awssdk.auth.credentials.AwsCredentialsProvider;
|
||||
import software.amazon.awssdk.http.apache.ApacheHttpClient;
|
||||
import software.amazon.awssdk.regions.Region;
|
||||
|
@ -34,17 +37,18 @@ import software.amazon.awssdk.services.sts.StsClientBuilder;
|
|||
import software.amazon.awssdk.services.sts.auth.StsAssumeRoleCredentialsProvider;
|
||||
import software.amazon.awssdk.services.sts.model.AssumeRoleRequest;
|
||||
|
||||
import javax.net.ssl.SSLContext;
|
||||
import java.net.URI;
|
||||
import java.time.Duration;
|
||||
import java.util.ArrayList;
|
||||
import java.util.Collection;
|
||||
import java.util.Map;
|
||||
|
||||
import static org.apache.nifi.processors.aws.credentials.provider.factory.CredentialPropertyDescriptors.ASSUME_ROLE_ARN;
|
||||
import static org.apache.nifi.processors.aws.credentials.provider.factory.CredentialPropertyDescriptors.ASSUME_ROLE_EXTERNAL_ID;
|
||||
import static org.apache.nifi.processors.aws.credentials.provider.factory.CredentialPropertyDescriptors.ASSUME_ROLE_NAME;
|
||||
import static org.apache.nifi.processors.aws.credentials.provider.factory.CredentialPropertyDescriptors.ASSUME_ROLE_PROXY_HOST;
|
||||
import static org.apache.nifi.processors.aws.credentials.provider.factory.CredentialPropertyDescriptors.ASSUME_ROLE_PROXY_PORT;
|
||||
import static org.apache.nifi.processors.aws.credentials.provider.factory.CredentialPropertyDescriptors.ASSUME_ROLE_SSL_CONTEXT_SERVICE;
|
||||
import static org.apache.nifi.processors.aws.credentials.provider.factory.CredentialPropertyDescriptors.ASSUME_ROLE_STS_CUSTOM_SIGNER_CLASS_NAME;
|
||||
import static org.apache.nifi.processors.aws.credentials.provider.factory.CredentialPropertyDescriptors.ASSUME_ROLE_STS_ENDPOINT;
|
||||
import static org.apache.nifi.processors.aws.credentials.provider.factory.CredentialPropertyDescriptors.ASSUME_ROLE_STS_REGION;
|
||||
|
@ -72,14 +76,14 @@ public class AssumeRoleCredentialsStrategy extends AbstractCredentialsStrategy {
|
|||
}
|
||||
|
||||
@Override
|
||||
public boolean canCreatePrimaryCredential(final Map<PropertyDescriptor, String> properties) {
|
||||
public boolean canCreatePrimaryCredential(final PropertyContext propertyContext) {
|
||||
return false;
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean canCreateDerivedCredential(final Map<PropertyDescriptor, String> properties) {
|
||||
final String assumeRoleArn = properties.get(ASSUME_ROLE_ARN);
|
||||
final String assumeRoleName = properties.get(ASSUME_ROLE_NAME);
|
||||
public boolean canCreateDerivedCredential(final PropertyContext propertyContext) {
|
||||
final String assumeRoleArn = propertyContext.getProperty(ASSUME_ROLE_ARN).getValue();
|
||||
final String assumeRoleName = propertyContext.getProperty(ASSUME_ROLE_NAME).getValue();
|
||||
if (assumeRoleArn != null && !assumeRoleArn.isEmpty()
|
||||
&& assumeRoleName != null && !assumeRoleName.isEmpty()) {
|
||||
return true;
|
||||
|
@ -87,9 +91,9 @@ public class AssumeRoleCredentialsStrategy extends AbstractCredentialsStrategy {
|
|||
return false;
|
||||
}
|
||||
|
||||
public boolean proxyVariablesValidForAssumeRole(final Map<PropertyDescriptor, String> properties){
|
||||
final String assumeRoleProxyHost = properties.get(ASSUME_ROLE_PROXY_HOST);
|
||||
final String assumeRoleProxyPort = properties.get(ASSUME_ROLE_PROXY_PORT);
|
||||
protected boolean proxyVariablesValidForAssumeRole(final PropertyContext propertyContext) {
|
||||
final String assumeRoleProxyHost = propertyContext.getProperty(ASSUME_ROLE_PROXY_HOST).getValue();
|
||||
final String assumeRoleProxyPort = propertyContext.getProperty(ASSUME_ROLE_PROXY_PORT).getValue();
|
||||
if (assumeRoleProxyHost != null && !assumeRoleProxyHost.isEmpty()
|
||||
&& assumeRoleProxyPort != null && !assumeRoleProxyPort.isEmpty()) {
|
||||
return true;
|
||||
|
@ -130,36 +134,41 @@ public class AssumeRoleCredentialsStrategy extends AbstractCredentialsStrategy {
|
|||
}
|
||||
|
||||
@Override
|
||||
public AWSCredentialsProvider getCredentialsProvider(final Map<PropertyDescriptor, String> properties) {
|
||||
public AWSCredentialsProvider getCredentialsProvider(final PropertyContext propertyContext) {
|
||||
throw new UnsupportedOperationException();
|
||||
}
|
||||
|
||||
@Override
|
||||
public AWSCredentialsProvider getDerivedCredentialsProvider(final Map<PropertyDescriptor, String> properties,
|
||||
public AWSCredentialsProvider getDerivedCredentialsProvider(final PropertyContext propertyContext,
|
||||
final AWSCredentialsProvider primaryCredentialsProvider) {
|
||||
final String assumeRoleArn = properties.get(ASSUME_ROLE_ARN);
|
||||
final String assumeRoleName = properties.get(ASSUME_ROLE_NAME);
|
||||
String rawMaxSessionTime = properties.get(MAX_SESSION_TIME);
|
||||
rawMaxSessionTime = rawMaxSessionTime == null ? MAX_SESSION_TIME.getDefaultValue() : rawMaxSessionTime;
|
||||
final Integer maxSessionTime = Integer.parseInt(rawMaxSessionTime.trim());
|
||||
final String assumeRoleExternalId = properties.get(ASSUME_ROLE_EXTERNAL_ID);
|
||||
final String assumeRoleSTSRegion = properties.get(ASSUME_ROLE_STS_REGION);
|
||||
final String assumeRoleSTSEndpoint = properties.get(ASSUME_ROLE_STS_ENDPOINT);
|
||||
final String assumeRoleSTSSigner = properties.get(ASSUME_ROLE_STS_SIGNER_OVERRIDE);
|
||||
final String assumeRoleArn = propertyContext.getProperty(ASSUME_ROLE_ARN).getValue();
|
||||
final String assumeRoleName = propertyContext.getProperty(ASSUME_ROLE_NAME).getValue();
|
||||
final int maxSessionTime = propertyContext.getProperty(MAX_SESSION_TIME).asInteger();
|
||||
final String assumeRoleExternalId = propertyContext.getProperty(ASSUME_ROLE_EXTERNAL_ID).getValue();
|
||||
final String assumeRoleSTSRegion = propertyContext.getProperty(ASSUME_ROLE_STS_REGION).getValue();
|
||||
final String assumeRoleSTSEndpoint = propertyContext.getProperty(ASSUME_ROLE_STS_ENDPOINT).getValue();
|
||||
final String assumeRoleSTSSigner = propertyContext.getProperty(ASSUME_ROLE_STS_SIGNER_OVERRIDE).getValue();
|
||||
final SSLContextService sslContextService = propertyContext.getProperty(ASSUME_ROLE_SSL_CONTEXT_SERVICE).asControllerService(SSLContextService.class);
|
||||
|
||||
STSAssumeRoleSessionCredentialsProvider.Builder builder;
|
||||
ClientConfiguration config = new ClientConfiguration();
|
||||
final ClientConfiguration config = new ClientConfiguration();
|
||||
|
||||
if (sslContextService != null) {
|
||||
final SSLContext sslContext = sslContextService.createContext();
|
||||
config.getApacheHttpClientConfig().setSslSocketFactory(new SSLConnectionSocketFactory(sslContext));
|
||||
}
|
||||
|
||||
// If proxy variables are set, then create Client Configuration with those values
|
||||
if (proxyVariablesValidForAssumeRole(properties)) {
|
||||
final String assumeRoleProxyHost = properties.get(ASSUME_ROLE_PROXY_HOST);
|
||||
final Integer assumeRoleProxyPort = Integer.parseInt(properties.get(ASSUME_ROLE_PROXY_PORT));
|
||||
if (proxyVariablesValidForAssumeRole(propertyContext)) {
|
||||
final String assumeRoleProxyHost = propertyContext.getProperty(ASSUME_ROLE_PROXY_HOST).getValue();
|
||||
final int assumeRoleProxyPort = propertyContext.getProperty(ASSUME_ROLE_PROXY_PORT).asInteger();
|
||||
config.withProxyHost(assumeRoleProxyHost);
|
||||
config.withProxyPort(assumeRoleProxyPort);
|
||||
}
|
||||
|
||||
final AwsSignerType assumeRoleSTSSignerType = AwsSignerType.forValue(assumeRoleSTSSigner);
|
||||
if (assumeRoleSTSSignerType == CUSTOM_SIGNER) {
|
||||
final String signerClassName = properties.get(ASSUME_ROLE_STS_CUSTOM_SIGNER_CLASS_NAME);
|
||||
final String signerClassName = propertyContext.getProperty(ASSUME_ROLE_STS_CUSTOM_SIGNER_CLASS_NAME).evaluateAttributeExpressions().getValue();
|
||||
|
||||
config.withSignerOverride(AwsCustomSignerUtil.registerCustomSigner(signerClassName));
|
||||
} else if (assumeRoleSTSSignerType != DEFAULT_SIGNER) {
|
||||
|
@ -190,29 +199,33 @@ public class AssumeRoleCredentialsStrategy extends AbstractCredentialsStrategy {
|
|||
}
|
||||
|
||||
@Override
|
||||
public AwsCredentialsProvider getAwsCredentialsProvider(final Map<PropertyDescriptor, String> properties) {
|
||||
public AwsCredentialsProvider getAwsCredentialsProvider(final PropertyContext propertyContext) {
|
||||
throw new UnsupportedOperationException();
|
||||
}
|
||||
|
||||
@Override
|
||||
public AwsCredentialsProvider getDerivedAwsCredentialsProvider(final Map<PropertyDescriptor, String> properties,
|
||||
AwsCredentialsProvider primaryCredentialsProvider) {
|
||||
final String assumeRoleArn = properties.get(ASSUME_ROLE_ARN);
|
||||
final String assumeRoleName = properties.get(ASSUME_ROLE_NAME);
|
||||
String rawMaxSessionTime = properties.get(MAX_SESSION_TIME);
|
||||
rawMaxSessionTime = rawMaxSessionTime == null ? MAX_SESSION_TIME.getDefaultValue() : rawMaxSessionTime;
|
||||
final Integer maxSessionTime = Integer.parseInt(rawMaxSessionTime.trim());
|
||||
final String assumeRoleExternalId = properties.get(ASSUME_ROLE_EXTERNAL_ID);
|
||||
final String assumeRoleSTSEndpoint = properties.get(ASSUME_ROLE_STS_ENDPOINT);
|
||||
final String stsRegion = properties.get(ASSUME_ROLE_STS_REGION);
|
||||
public AwsCredentialsProvider getDerivedAwsCredentialsProvider(final PropertyContext propertyContext,
|
||||
final AwsCredentialsProvider primaryCredentialsProvider) {
|
||||
final String assumeRoleArn = propertyContext.getProperty(ASSUME_ROLE_ARN).getValue();
|
||||
final String assumeRoleName = propertyContext.getProperty(ASSUME_ROLE_NAME).getValue();
|
||||
final int maxSessionTime = propertyContext.getProperty(MAX_SESSION_TIME).asInteger();
|
||||
final String assumeRoleExternalId = propertyContext.getProperty(ASSUME_ROLE_EXTERNAL_ID).getValue();
|
||||
final String assumeRoleSTSEndpoint = propertyContext.getProperty(ASSUME_ROLE_STS_ENDPOINT).getValue();
|
||||
final String stsRegion = propertyContext.getProperty(ASSUME_ROLE_STS_REGION).getValue();
|
||||
final SSLContextService sslContextService = propertyContext.getProperty(ASSUME_ROLE_SSL_CONTEXT_SERVICE).asControllerService(SSLContextService.class);
|
||||
|
||||
final StsAssumeRoleCredentialsProvider.Builder builder = StsAssumeRoleCredentialsProvider.builder();
|
||||
|
||||
// If proxy variables are set, then create Client Configuration with those values
|
||||
final ApacheHttpClient.Builder httpClientBuilder = ApacheHttpClient.builder();
|
||||
if (proxyVariablesValidForAssumeRole(properties)) {
|
||||
final String assumeRoleProxyHost = properties.get(ASSUME_ROLE_PROXY_HOST);
|
||||
final Integer assumeRoleProxyPort = Integer.parseInt(properties.get(ASSUME_ROLE_PROXY_PORT));
|
||||
|
||||
if (sslContextService != null) {
|
||||
final SSLContext sslContext = sslContextService.createContext();
|
||||
httpClientBuilder.socketFactory(new SSLConnectionSocketFactory(sslContext));
|
||||
}
|
||||
|
||||
if (proxyVariablesValidForAssumeRole(propertyContext)) {
|
||||
final String assumeRoleProxyHost = propertyContext.getProperty(ASSUME_ROLE_PROXY_HOST).getValue();
|
||||
final int assumeRoleProxyPort = propertyContext.getProperty(ASSUME_ROLE_PROXY_PORT).asInteger();
|
||||
final software.amazon.awssdk.http.apache.ProxyConfiguration proxyConfig = software.amazon.awssdk.http.apache.ProxyConfiguration.builder()
|
||||
.endpoint(URI.create(String.format("%s:%s", assumeRoleProxyHost, assumeRoleProxyPort)))
|
||||
.build();
|
||||
|
|
|
@ -16,9 +16,7 @@
|
|||
*/
|
||||
package org.apache.nifi.processors.aws.credentials.provider.factory.strategies;
|
||||
|
||||
import java.util.Map;
|
||||
|
||||
import org.apache.nifi.components.PropertyDescriptor;
|
||||
import org.apache.nifi.context.PropertyContext;
|
||||
import org.apache.nifi.processors.aws.credentials.provider.factory.CredentialPropertyDescriptors;
|
||||
|
||||
import com.amazonaws.auth.AWSCredentialsProvider;
|
||||
|
@ -41,12 +39,12 @@ public class ExplicitDefaultCredentialsStrategy extends AbstractBooleanCredentia
|
|||
}
|
||||
|
||||
@Override
|
||||
public AWSCredentialsProvider getCredentialsProvider(final Map<PropertyDescriptor, String> properties) {
|
||||
public AWSCredentialsProvider getCredentialsProvider(final PropertyContext propertyContext) {
|
||||
return new DefaultAWSCredentialsProviderChain();
|
||||
}
|
||||
|
||||
@Override
|
||||
public AwsCredentialsProvider getAwsCredentialsProvider(final Map<PropertyDescriptor, String> properties) {
|
||||
public AwsCredentialsProvider getAwsCredentialsProvider(final PropertyContext propertyContext) {
|
||||
return DefaultCredentialsProvider.create();
|
||||
}
|
||||
|
||||
|
|
|
@ -19,12 +19,12 @@ package org.apache.nifi.processors.aws.credentials.provider.factory.strategies;
|
|||
import com.amazonaws.auth.AWSCredentialsProvider;
|
||||
import com.amazonaws.auth.PropertiesFileCredentialsProvider;
|
||||
import org.apache.nifi.components.PropertyDescriptor;
|
||||
import org.apache.nifi.context.PropertyContext;
|
||||
import org.apache.nifi.processors.aws.credentials.provider.PropertiesCredentialsProvider;
|
||||
import org.apache.nifi.processors.aws.credentials.provider.factory.CredentialPropertyDescriptors;
|
||||
import software.amazon.awssdk.auth.credentials.AwsCredentialsProvider;
|
||||
|
||||
import java.io.File;
|
||||
import java.util.Map;
|
||||
|
||||
|
||||
/**
|
||||
|
@ -47,14 +47,14 @@ public class FileCredentialsStrategy extends AbstractCredentialsStrategy {
|
|||
}
|
||||
|
||||
@Override
|
||||
public AWSCredentialsProvider getCredentialsProvider(final Map<PropertyDescriptor, String> properties) {
|
||||
final String credentialsFile = properties.get(CredentialPropertyDescriptors.CREDENTIALS_FILE);
|
||||
public AWSCredentialsProvider getCredentialsProvider(final PropertyContext propertyContext) {
|
||||
final String credentialsFile = propertyContext.getProperty(CredentialPropertyDescriptors.CREDENTIALS_FILE).getValue();
|
||||
return new PropertiesFileCredentialsProvider(credentialsFile);
|
||||
}
|
||||
|
||||
@Override
|
||||
public AwsCredentialsProvider getAwsCredentialsProvider(final Map<PropertyDescriptor, String> properties) {
|
||||
final String credentialsFile = properties.get(CredentialPropertyDescriptors.CREDENTIALS_FILE);
|
||||
public AwsCredentialsProvider getAwsCredentialsProvider(final PropertyContext propertyContext) {
|
||||
final String credentialsFile = propertyContext.getProperty(CredentialPropertyDescriptors.CREDENTIALS_FILE).getValue();
|
||||
return new PropertiesCredentialsProvider(new File(credentialsFile));
|
||||
}
|
||||
|
||||
|
|
|
@ -19,11 +19,10 @@ package org.apache.nifi.processors.aws.credentials.provider.factory.strategies;
|
|||
import com.amazonaws.auth.AWSCredentialsProvider;
|
||||
import com.amazonaws.auth.DefaultAWSCredentialsProviderChain;
|
||||
import org.apache.nifi.components.PropertyDescriptor;
|
||||
import org.apache.nifi.context.PropertyContext;
|
||||
import software.amazon.awssdk.auth.credentials.AwsCredentialsProvider;
|
||||
import software.amazon.awssdk.auth.credentials.DefaultCredentialsProvider;
|
||||
|
||||
import java.util.Map;
|
||||
|
||||
|
||||
/**
|
||||
* Supports AWS Default Credentials. Compared to ExplicitDefaultCredentialsStrategy, this strategy is always
|
||||
|
@ -37,12 +36,12 @@ public class ImplicitDefaultCredentialsStrategy extends AbstractCredentialsStrat
|
|||
}
|
||||
|
||||
@Override
|
||||
public AWSCredentialsProvider getCredentialsProvider(final Map<PropertyDescriptor, String> properties) {
|
||||
public AWSCredentialsProvider getCredentialsProvider(final PropertyContext propertyContext) {
|
||||
return new DefaultAWSCredentialsProviderChain();
|
||||
}
|
||||
|
||||
@Override
|
||||
public AwsCredentialsProvider getAwsCredentialsProvider(final Map<PropertyDescriptor, String> properties) {
|
||||
public AwsCredentialsProvider getAwsCredentialsProvider(final PropertyContext propertyContext) {
|
||||
return DefaultCredentialsProvider.create();
|
||||
}
|
||||
}
|
||||
|
|
|
@ -16,9 +16,8 @@
|
|||
*/
|
||||
package org.apache.nifi.processors.aws.credentials.provider.factory.strategies;
|
||||
|
||||
import java.util.Map;
|
||||
|
||||
import org.apache.nifi.components.PropertyDescriptor;
|
||||
import org.apache.nifi.context.PropertyContext;
|
||||
import org.apache.nifi.processors.aws.credentials.provider.factory.CredentialPropertyDescriptors;
|
||||
|
||||
import com.amazonaws.auth.AWSCredentialsProvider;
|
||||
|
@ -41,14 +40,14 @@ public class NamedProfileCredentialsStrategy extends AbstractCredentialsStrategy
|
|||
}
|
||||
|
||||
@Override
|
||||
public AWSCredentialsProvider getCredentialsProvider(final Map<PropertyDescriptor, String> properties) {
|
||||
final String profileName = properties.get(CredentialPropertyDescriptors.PROFILE_NAME);
|
||||
public AWSCredentialsProvider getCredentialsProvider(final PropertyContext propertyContext) {
|
||||
final String profileName = propertyContext.getProperty(CredentialPropertyDescriptors.PROFILE_NAME).evaluateAttributeExpressions().getValue();
|
||||
return new ProfileCredentialsProvider(profileName);
|
||||
}
|
||||
|
||||
@Override
|
||||
public AwsCredentialsProvider getAwsCredentialsProvider(final Map<PropertyDescriptor, String> properties) {
|
||||
final String profileName = properties.get(CredentialPropertyDescriptors.PROFILE_NAME);
|
||||
public AwsCredentialsProvider getAwsCredentialsProvider(final PropertyContext propertyContext) {
|
||||
final String profileName = propertyContext.getProperty(CredentialPropertyDescriptors.PROFILE_NAME).evaluateAttributeExpressions().getValue();
|
||||
return software.amazon.awssdk.auth.credentials.ProfileCredentialsProvider.create(profileName);
|
||||
}
|
||||
}
|
||||
|
|
|
@ -36,14 +36,13 @@ import software.amazon.awssdk.auth.credentials.AwsCredentialsProvider;
|
|||
import java.util.ArrayList;
|
||||
import java.util.Collection;
|
||||
import java.util.Collections;
|
||||
import java.util.HashMap;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
|
||||
import static org.apache.nifi.processors.aws.credentials.provider.factory.CredentialPropertyDescriptors.ACCESS_KEY;
|
||||
import static org.apache.nifi.processors.aws.credentials.provider.factory.CredentialPropertyDescriptors.ASSUME_ROLE_EXTERNAL_ID;
|
||||
import static org.apache.nifi.processors.aws.credentials.provider.factory.CredentialPropertyDescriptors.ASSUME_ROLE_PROXY_HOST;
|
||||
import static org.apache.nifi.processors.aws.credentials.provider.factory.CredentialPropertyDescriptors.ASSUME_ROLE_PROXY_PORT;
|
||||
import static org.apache.nifi.processors.aws.credentials.provider.factory.CredentialPropertyDescriptors.ASSUME_ROLE_SSL_CONTEXT_SERVICE;
|
||||
import static org.apache.nifi.processors.aws.credentials.provider.factory.CredentialPropertyDescriptors.ASSUME_ROLE_STS_ENDPOINT;
|
||||
import static org.apache.nifi.processors.aws.credentials.provider.factory.CredentialPropertyDescriptors.ASSUME_ROLE_STS_SIGNER_OVERRIDE;
|
||||
import static org.apache.nifi.processors.aws.credentials.provider.factory.CredentialPropertyDescriptors.CREDENTIALS_FILE;
|
||||
|
@ -79,7 +78,7 @@ public class AWSCredentialsProviderControllerService extends AbstractControllerS
|
|||
public static final PropertyDescriptor MAX_SESSION_TIME = CredentialPropertyDescriptors.MAX_SESSION_TIME;
|
||||
public static final PropertyDescriptor ASSUME_ROLE_STS_REGION = CredentialPropertyDescriptors.ASSUME_ROLE_STS_REGION;
|
||||
|
||||
private static final List<PropertyDescriptor> properties;
|
||||
private static final List<PropertyDescriptor> PROPERTIES;
|
||||
|
||||
static {
|
||||
final List<PropertyDescriptor> props = new ArrayList<>();
|
||||
|
@ -93,6 +92,7 @@ public class AWSCredentialsProviderControllerService extends AbstractControllerS
|
|||
props.add(ASSUME_ROLE_NAME);
|
||||
props.add(MAX_SESSION_TIME);
|
||||
props.add(ASSUME_ROLE_EXTERNAL_ID);
|
||||
props.add(ASSUME_ROLE_SSL_CONTEXT_SERVICE);
|
||||
props.add(ASSUME_ROLE_PROXY_HOST);
|
||||
props.add(ASSUME_ROLE_PROXY_PORT);
|
||||
props.add(ASSUME_ROLE_STS_REGION);
|
||||
|
@ -100,16 +100,16 @@ public class AWSCredentialsProviderControllerService extends AbstractControllerS
|
|||
props.add(ASSUME_ROLE_STS_SIGNER_OVERRIDE);
|
||||
props.add(ASSUME_ROLE_STS_CUSTOM_SIGNER_CLASS_NAME);
|
||||
props.add(ASSUME_ROLE_STS_CUSTOM_SIGNER_MODULE_LOCATION);
|
||||
properties = Collections.unmodifiableList(props);
|
||||
PROPERTIES = Collections.unmodifiableList(props);
|
||||
}
|
||||
|
||||
private volatile ConfigurationContext context;
|
||||
private volatile AWSCredentialsProvider credentialsProvider;
|
||||
private volatile Map<PropertyDescriptor, String> evaluatedProperties;
|
||||
protected final CredentialsProviderFactory credentialsProviderFactory = new CredentialsProviderFactory();
|
||||
|
||||
@Override
|
||||
protected List<PropertyDescriptor> getSupportedPropertyDescriptors() {
|
||||
return properties;
|
||||
return PROPERTIES;
|
||||
}
|
||||
|
||||
@Override
|
||||
|
@ -120,7 +120,7 @@ public class AWSCredentialsProviderControllerService extends AbstractControllerS
|
|||
@Override
|
||||
public AwsCredentialsProvider getAwsCredentialsProvider() {
|
||||
// Avoiding instantiation until actually used, in case v1-related configuration is not compatible with v2 clients
|
||||
return credentialsProviderFactory.getAwsCredentialsProvider(evaluatedProperties);
|
||||
return credentialsProviderFactory.getAwsCredentialsProvider(context);
|
||||
}
|
||||
|
||||
@Override
|
||||
|
@ -130,14 +130,9 @@ public class AWSCredentialsProviderControllerService extends AbstractControllerS
|
|||
|
||||
@OnEnabled
|
||||
public void onConfigured(final ConfigurationContext context) {
|
||||
evaluatedProperties = new HashMap<>(context.getProperties());
|
||||
evaluatedProperties.keySet().forEach(propertyDescriptor -> {
|
||||
if (propertyDescriptor.isExpressionLanguageSupported()) {
|
||||
evaluatedProperties.put(propertyDescriptor,
|
||||
context.getProperty(propertyDescriptor).evaluateAttributeExpressions().getValue());
|
||||
}
|
||||
});
|
||||
credentialsProvider = credentialsProviderFactory.getCredentialsProvider(evaluatedProperties);
|
||||
this.context = context;
|
||||
|
||||
credentialsProvider = credentialsProviderFactory.getCredentialsProvider(context);
|
||||
getLogger().debug("Using credentials provider: " + credentialsProvider.getClass());
|
||||
}
|
||||
|
||||
|
|
|
@ -27,7 +27,6 @@ import com.amazonaws.auth.STSAssumeRoleSessionCredentialsProvider;
|
|||
import com.amazonaws.auth.Signer;
|
||||
import com.amazonaws.auth.profile.ProfileCredentialsProvider;
|
||||
import com.amazonaws.internal.StaticCredentialsProvider;
|
||||
import org.apache.nifi.components.PropertyDescriptor;
|
||||
import org.apache.nifi.processors.aws.credentials.provider.PropertiesCredentialsProvider;
|
||||
import org.apache.nifi.processors.aws.s3.FetchS3Object;
|
||||
import org.apache.nifi.processors.aws.signer.AwsSignerType;
|
||||
|
@ -40,11 +39,8 @@ import software.amazon.awssdk.auth.credentials.DefaultCredentialsProvider;
|
|||
import software.amazon.awssdk.regions.Region;
|
||||
import software.amazon.awssdk.services.sts.auth.StsAssumeRoleCredentialsProvider;
|
||||
|
||||
import java.util.Map;
|
||||
|
||||
import static org.junit.jupiter.api.Assertions.assertEquals;
|
||||
import static org.junit.jupiter.api.Assertions.assertNotNull;
|
||||
import static org.junit.jupiter.api.Assertions.assertThrows;
|
||||
import static org.mockito.ArgumentMatchers.any;
|
||||
import static org.mockito.Mockito.mock;
|
||||
import static org.mockito.Mockito.verify;
|
||||
|
@ -59,14 +55,13 @@ public class TestCredentialsProviderFactory {
|
|||
final TestRunner runner = TestRunners.newTestRunner(MockAWSProcessor.class);
|
||||
runner.assertValid();
|
||||
|
||||
final Map<PropertyDescriptor, String> properties = runner.getProcessContext().getProperties();
|
||||
final CredentialsProviderFactory factory = new CredentialsProviderFactory();
|
||||
final AWSCredentialsProvider credentialsProvider = factory.getCredentialsProvider(properties);
|
||||
final AWSCredentialsProvider credentialsProvider = factory.getCredentialsProvider(runner.getProcessContext());
|
||||
assertNotNull(credentialsProvider);
|
||||
assertEquals(DefaultAWSCredentialsProviderChain.class,
|
||||
credentialsProvider.getClass(), "credentials provider should be equal");
|
||||
|
||||
final AwsCredentialsProvider credentialsProviderV2 = factory.getAwsCredentialsProvider(properties);
|
||||
final AwsCredentialsProvider credentialsProviderV2 = factory.getAwsCredentialsProvider(runner.getProcessContext());
|
||||
assertNotNull(credentialsProviderV2);
|
||||
assertEquals(DefaultCredentialsProvider.class,
|
||||
credentialsProviderV2.getClass(), "credentials provider should be equal");
|
||||
|
@ -78,14 +73,13 @@ public class TestCredentialsProviderFactory {
|
|||
runner.setProperty(CredentialPropertyDescriptors.USE_DEFAULT_CREDENTIALS, "true");
|
||||
runner.assertValid();
|
||||
|
||||
final Map<PropertyDescriptor, String> properties = runner.getProcessContext().getProperties();
|
||||
final CredentialsProviderFactory factory = new CredentialsProviderFactory();
|
||||
final AWSCredentialsProvider credentialsProvider = factory.getCredentialsProvider(properties);
|
||||
final AWSCredentialsProvider credentialsProvider = factory.getCredentialsProvider(runner.getProcessContext());
|
||||
assertNotNull(credentialsProvider);
|
||||
assertEquals(DefaultAWSCredentialsProviderChain.class,
|
||||
credentialsProvider.getClass(), "credentials provider should be equal");
|
||||
|
||||
final AwsCredentialsProvider credentialsProviderV2 = factory.getAwsCredentialsProvider(properties);
|
||||
final AwsCredentialsProvider credentialsProviderV2 = factory.getAwsCredentialsProvider(runner.getProcessContext());
|
||||
assertNotNull(credentialsProviderV2);
|
||||
assertEquals(DefaultCredentialsProvider.class,
|
||||
credentialsProviderV2.getClass(), "credentials provider should be equal");
|
||||
|
@ -107,14 +101,14 @@ public class TestCredentialsProviderFactory {
|
|||
runner.setProperty(CredentialPropertyDescriptors.SECRET_KEY, "BogusSecretKey");
|
||||
runner.assertValid();
|
||||
|
||||
final Map<PropertyDescriptor, String> properties = runner.getProcessContext().getProperties();
|
||||
|
||||
final CredentialsProviderFactory factory = new CredentialsProviderFactory();
|
||||
final AWSCredentialsProvider credentialsProvider = factory.getCredentialsProvider(properties);
|
||||
final AWSCredentialsProvider credentialsProvider = factory.getCredentialsProvider(runner.getProcessContext());
|
||||
assertNotNull(credentialsProvider);
|
||||
assertEquals(StaticCredentialsProvider.class,
|
||||
credentialsProvider.getClass(), "credentials provider should be equal");
|
||||
|
||||
final AwsCredentialsProvider credentialsProviderV2 = factory.getAwsCredentialsProvider(properties);
|
||||
final AwsCredentialsProvider credentialsProviderV2 = factory.getAwsCredentialsProvider(runner.getProcessContext());
|
||||
assertNotNull(credentialsProviderV2);
|
||||
assertEquals(software.amazon.awssdk.auth.credentials.StaticCredentialsProvider.class,
|
||||
credentialsProviderV2.getClass(), "credentials provider should be equal");
|
||||
|
@ -140,14 +134,13 @@ public class TestCredentialsProviderFactory {
|
|||
runner.setProperty(CredentialPropertyDescriptors.CREDENTIALS_FILE, "src/test/resources/mock-aws-credentials.properties");
|
||||
runner.assertValid();
|
||||
|
||||
final Map<PropertyDescriptor, String> properties = runner.getProcessContext().getProperties();
|
||||
final CredentialsProviderFactory factory = new CredentialsProviderFactory();
|
||||
final AWSCredentialsProvider credentialsProvider = factory.getCredentialsProvider(properties);
|
||||
final AWSCredentialsProvider credentialsProvider = factory.getCredentialsProvider(runner.getProcessContext());
|
||||
assertNotNull(credentialsProvider);
|
||||
assertEquals(PropertiesFileCredentialsProvider.class,
|
||||
credentialsProvider.getClass(), "credentials provider should be equal");
|
||||
|
||||
final AwsCredentialsProvider credentialsProviderV2 = factory.getAwsCredentialsProvider(properties);
|
||||
final AwsCredentialsProvider credentialsProviderV2 = factory.getAwsCredentialsProvider(runner.getProcessContext());
|
||||
assertNotNull(credentialsProviderV2);
|
||||
assertEquals(PropertiesCredentialsProvider.class,
|
||||
credentialsProviderV2.getClass(), "credentials provider should be equal");
|
||||
|
@ -161,21 +154,11 @@ public class TestCredentialsProviderFactory {
|
|||
runner.setProperty(CredentialPropertyDescriptors.ASSUME_ROLE_NAME, "BogusSession");
|
||||
runner.assertValid();
|
||||
|
||||
final Map<PropertyDescriptor, String> properties = runner.getProcessContext().getProperties();
|
||||
final CredentialsProviderFactory factory = new CredentialsProviderFactory();
|
||||
final AWSCredentialsProvider credentialsProvider = factory.getCredentialsProvider(properties);
|
||||
final AWSCredentialsProvider credentialsProvider = factory.getCredentialsProvider(runner.getProcessContext());
|
||||
assertNotNull(credentialsProvider);
|
||||
assertEquals(STSAssumeRoleSessionCredentialsProvider.class,
|
||||
credentialsProvider.getClass(), "credentials provider should be equal");
|
||||
|
||||
assertThrows(IllegalStateException.class, () -> factory.getAwsCredentialsProvider(properties));
|
||||
|
||||
runner.setProperty(CredentialPropertyDescriptors.ASSUME_ROLE_STS_REGION, Region.US_WEST_1.id());
|
||||
final Map<PropertyDescriptor, String> properties2 = runner.getProcessContext().getProperties();
|
||||
final AwsCredentialsProvider credentialsProviderV2 = factory.getAwsCredentialsProvider(properties2);
|
||||
assertNotNull(credentialsProviderV2);
|
||||
assertEquals(StsAssumeRoleCredentialsProvider.class,
|
||||
credentialsProviderV2.getClass(), "credentials provider should be equal");
|
||||
}
|
||||
|
||||
@Test
|
||||
|
@ -194,14 +177,13 @@ public class TestCredentialsProviderFactory {
|
|||
runner.setProperty(CredentialPropertyDescriptors.USE_ANONYMOUS_CREDENTIALS, "true");
|
||||
runner.assertValid();
|
||||
|
||||
final Map<PropertyDescriptor, String> properties = runner.getProcessContext().getProperties();
|
||||
final CredentialsProviderFactory factory = new CredentialsProviderFactory();
|
||||
final AWSCredentialsProvider credentialsProvider = factory.getCredentialsProvider(properties);
|
||||
final AWSCredentialsProvider credentialsProvider = factory.getCredentialsProvider(runner.getProcessContext());
|
||||
assertNotNull(credentialsProvider);
|
||||
final AWSCredentials creds = credentialsProvider.getCredentials();
|
||||
assertEquals(AnonymousAWSCredentials.class, creds.getClass(), "credentials should be equal");
|
||||
|
||||
final AwsCredentialsProvider credentialsProviderV2 = factory.getAwsCredentialsProvider(properties);
|
||||
final AwsCredentialsProvider credentialsProviderV2 = factory.getAwsCredentialsProvider(runner.getProcessContext());
|
||||
assertNotNull(credentialsProviderV2);
|
||||
assertEquals(AnonymousCredentialsProvider.class,
|
||||
credentialsProviderV2.getClass(), "credentials provider should be equal");
|
||||
|
@ -222,14 +204,13 @@ public class TestCredentialsProviderFactory {
|
|||
runner.setProperty(CredentialPropertyDescriptors.PROFILE_NAME, "BogusProfile");
|
||||
runner.assertValid();
|
||||
|
||||
final Map<PropertyDescriptor, String> properties = runner.getProcessContext().getProperties();
|
||||
final CredentialsProviderFactory factory = new CredentialsProviderFactory();
|
||||
final AWSCredentialsProvider credentialsProvider = factory.getCredentialsProvider(properties);
|
||||
final AWSCredentialsProvider credentialsProvider = factory.getCredentialsProvider(runner.getProcessContext());
|
||||
assertNotNull(credentialsProvider);
|
||||
assertEquals(ProfileCredentialsProvider.class,
|
||||
credentialsProvider.getClass(), "credentials provider should be equal");
|
||||
|
||||
final AwsCredentialsProvider credentialsProviderV2 = factory.getAwsCredentialsProvider(properties);
|
||||
final AwsCredentialsProvider credentialsProviderV2 = factory.getAwsCredentialsProvider(runner.getProcessContext());
|
||||
assertNotNull(credentialsProviderV2);
|
||||
assertEquals(software.amazon.awssdk.auth.credentials.ProfileCredentialsProvider.class,
|
||||
credentialsProviderV2.getClass(), "credentials provider should be equal");
|
||||
|
@ -246,14 +227,13 @@ public class TestCredentialsProviderFactory {
|
|||
runner.setProperty(CredentialPropertyDescriptors.ASSUME_ROLE_PROXY_PORT, "8080");
|
||||
runner.assertValid();
|
||||
|
||||
final Map<PropertyDescriptor, String> properties = runner.getProcessContext().getProperties();
|
||||
final CredentialsProviderFactory factory = new CredentialsProviderFactory();
|
||||
final AWSCredentialsProvider credentialsProvider = factory.getCredentialsProvider(properties);
|
||||
final AWSCredentialsProvider credentialsProvider = factory.getCredentialsProvider(runner.getProcessContext());
|
||||
assertNotNull(credentialsProvider);
|
||||
assertEquals(STSAssumeRoleSessionCredentialsProvider.class,
|
||||
credentialsProvider.getClass(), "credentials provider should be equal");
|
||||
|
||||
final AwsCredentialsProvider credentialsProviderV2 = factory.getAwsCredentialsProvider(properties);
|
||||
final AwsCredentialsProvider credentialsProviderV2 = factory.getAwsCredentialsProvider(runner.getProcessContext());
|
||||
assertNotNull(credentialsProviderV2);
|
||||
assertEquals(StsAssumeRoleCredentialsProvider.class,
|
||||
credentialsProviderV2.getClass(), "credentials provider should be equal");
|
||||
|
@ -300,13 +280,12 @@ public class TestCredentialsProviderFactory {
|
|||
runner.setProperty(CredentialPropertyDescriptors.ASSUME_ROLE_STS_CUSTOM_SIGNER_CLASS_NAME, CustomSTSSigner.class.getName());
|
||||
runner.assertValid();
|
||||
|
||||
final Map<PropertyDescriptor, String> properties = runner.getProcessContext().getProperties();
|
||||
final CredentialsProviderFactory factory = new CredentialsProviderFactory();
|
||||
|
||||
final Signer signerChecker = mock(Signer.class);
|
||||
CustomSTSSigner.setSignerChecker(signerChecker);
|
||||
|
||||
final AWSCredentialsProvider credentialsProvider = factory.getCredentialsProvider(properties);
|
||||
final AWSCredentialsProvider credentialsProvider = factory.getCredentialsProvider(runner.getProcessContext());
|
||||
|
||||
try {
|
||||
credentialsProvider.getCredentials();
|
||||
|
|
Loading…
Reference in New Issue