-
Notifications
You must be signed in to change notification settings - Fork 484
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Showing
10 changed files
with
481 additions
and
127 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
96 changes: 96 additions & 0 deletions
96
api/src/main/java/io/minio/credentials/AssumeRoleBaseProvider.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,96 @@ | ||
/* | ||
* MinIO Java SDK for Amazon S3 Compatible Cloud Storage, (C) 2020 MinIO, Inc. | ||
* | ||
* Licensed under the Apache License, Version 2.0 (the "License"); | ||
* you may not use this file except in compliance with the License. | ||
* You may obtain a copy of the License at | ||
* | ||
* https://www.apache.org/licenses/LICENSE-2.0 | ||
* | ||
* Unless required by applicable law or agreed to in writing, software | ||
* distributed under the License is distributed on an "AS IS" BASIS, | ||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
* See the License for the specific language governing permissions and | ||
* limitations under the License. | ||
*/ | ||
|
||
package io.minio.credentials; | ||
|
||
import io.minio.errors.XmlParserException; | ||
import java.io.IOException; | ||
import java.util.Arrays; | ||
import okhttp3.HttpUrl; | ||
import okhttp3.OkHttpClient; | ||
import okhttp3.Protocol; | ||
import okhttp3.Request; | ||
import okhttp3.Response; | ||
|
||
/** Base class to AssumeRole based providers. */ | ||
public abstract class AssumeRoleBaseProvider implements Provider { | ||
private final OkHttpClient httpClient; | ||
private Credentials credentials; | ||
|
||
public AssumeRoleBaseProvider(OkHttpClient customHttpClient) { | ||
// HTTP/1.1 is only supported in default client because of HTTP/2 in OkHttpClient cause 5 | ||
// minutes timeout on program exit. | ||
this.httpClient = | ||
(customHttpClient != null) | ||
? customHttpClient | ||
: new OkHttpClient().newBuilder().protocols(Arrays.asList(Protocol.HTTP_1_1)).build(); | ||
} | ||
|
||
@Override | ||
public synchronized Credentials fetch() { | ||
if (credentials != null && !credentials.isExpired()) { | ||
return credentials; | ||
} | ||
|
||
try (Response response = httpClient.newCall(getRequest()).execute()) { | ||
if (!response.isSuccessful()) { | ||
throw new IllegalStateException( | ||
"STS service failed with HTTP status code " + response.code()); | ||
} | ||
|
||
credentials = parseResponse(response); | ||
return credentials; | ||
} catch (XmlParserException | IOException e) { | ||
throw new IllegalStateException("Unable to parse STS response", e); | ||
} | ||
} | ||
|
||
protected HttpUrl.Builder newUrlBuilder( | ||
HttpUrl url, | ||
String action, | ||
int durationSeconds, | ||
String policy, | ||
String roleArn, | ||
String roleSessionName) { | ||
HttpUrl.Builder urlBuilder = | ||
url.newBuilder() | ||
.addQueryParameter("Action", action) | ||
.addQueryParameter("Version", "2011-06-15"); | ||
|
||
if (durationSeconds > 0) { | ||
urlBuilder.addQueryParameter("DurationSeconds", String.valueOf(durationSeconds)); | ||
} | ||
|
||
if (policy != null) { | ||
urlBuilder.addQueryParameter("Policy", policy); | ||
} | ||
|
||
if (roleArn != null) { | ||
urlBuilder.addQueryParameter("RoleArn", roleArn); | ||
} | ||
|
||
if (roleSessionName != null) { | ||
urlBuilder.addQueryParameter("RoleSessionName", roleSessionName); | ||
} | ||
|
||
return urlBuilder; | ||
} | ||
|
||
protected abstract Request getRequest(); | ||
|
||
protected abstract Credentials parseResponse(Response response) | ||
throws XmlParserException, IOException; | ||
} |
Oops, something went wrong.