/** * Spins up a new thread to refresh the credentials asynchronously. * * <p>It is <b>strongly</b> recommended to reuse instances of this credentials provider, especially * when async refreshing is used since a background thread is created.</p> * * @param eagerlyRefreshCredentialsAsync * when set to false will not attempt to refresh credentials asynchronously * until after a call has been made to {@link #getCredentials()} - ensures that * {@link EC2CredentialsFetcher#getCredentials()} is only hit when this CredentialProvider is actually required */ public static InstanceProfileCredentialsProvider createAsyncRefreshingProvider(final boolean eagerlyRefreshCredentialsAsync) { return new InstanceProfileCredentialsProvider(true, eagerlyRefreshCredentialsAsync); }
public AWSCredentials getCredentials() { return iamCredProvider.getCredentials(); }
public IAMCredential() { this.iamCredProvider = InstanceProfileCredentialsProvider.getInstance(); }
InstanceProfileCredentialsProvider mInstanceProfileCredentialsProvider = new InstanceProfileCredentialsProvider(); AWSCredentials credentials = mInstanceProfileCredentialsProvider.getCredentials();
private static String[] getAwsCredentials() { InstanceProfileCredentialsProvider ipcp = new InstanceProfileCredentialsProvider(); try { ipcp.refresh(); return new String[]{ipcp.getCredentials().getAWSAccessKeyId(), ipcp.getCredentials().getAWSSecretKey()}; } catch (Exception e) { return new String[]{"", ""}; } }
private void handleError(Throwable t) { refresh(); LOG.error(t.getMessage(), t); }
public FormValidation doCheckUseInstanceProfileForCredentials(@QueryParameter boolean value) { if (value) { try { new InstanceProfileCredentialsProvider().getCredentials(); } catch (AmazonClientException e) { return FormValidation.error(Messages.EC2Cloud_FailedToObtainCredentialsFromEC2(), e.getMessage()); } } return FormValidation.ok(); }
private void handleError(Throwable t) { refresh(); LOG.error(t.getMessage(), t); }
private AmazonAutoScaling getAmazonAutoScalingClient() { String aWSAccessId = serverConfig.getAWSAccessId(); String aWSSecretKey = serverConfig.getAWSSecretKey(); ClientConfiguration clientConfiguration = new ClientConfiguration() .withConnectionTimeout(serverConfig.getASGQueryTimeoutMs()); if (null != aWSAccessId && !"".equals(aWSAccessId) && null != aWSSecretKey && !"".equals(aWSSecretKey)) { return new AmazonAutoScalingClient( new BasicAWSCredentials(aWSAccessId, aWSSecretKey), clientConfiguration); } else { return new AmazonAutoScalingClient( new InstanceProfileCredentialsProvider(), clientConfiguration); } }
public FormValidation doCheckUseInstanceProfileForCredentials(@QueryParameter boolean value) { if (value) { try { new InstanceProfileCredentialsProvider().getCredentials(); } catch (AmazonClientException e) { return FormValidation.error(Messages.EC2Cloud_FailedToObtainCredentailsFromEC2(), e.getMessage()); } } return FormValidation.ok(); }
public S3InstanceCredential() { this.credentialsProvider = InstanceProfileCredentialsProvider.getInstance(); }
@Override public AWSCredentials getCredentials() throws Exception { return this.credentialsProvider.getCredentials(); }
private void handleError(Throwable t) { refresh(); LOG.error(t.getMessage(), t); }
private AmazonEC2 getEC2Service() { String aWSAccessId = serverConfig.getAWSAccessId(); String aWSSecretKey = serverConfig.getAWSSecretKey(); AmazonEC2 ec2Service; if (null != aWSAccessId && !"".equals(aWSAccessId) && null != aWSSecretKey && !"".equals(aWSSecretKey)) { ec2Service = new AmazonEC2Client(new BasicAWSCredentials(aWSAccessId, aWSSecretKey)); } else { ec2Service = new AmazonEC2Client(new InstanceProfileCredentialsProvider()); } String region = clientConfig.getRegion(); region = region.trim().toLowerCase(); ec2Service.setEndpoint("ec2." + region + ".amazonaws.com"); return ec2Service; }
public AWSCredentials getCredentials() { AWSCredentials initialCredentials = new BasicAWSCredentials(accessKey, secretKey.getPlainText()); if (StringUtils.isBlank(iamRoleArn)) { return initialCredentials; } else { // Handle the case of delegation to instance profile if (StringUtils.isBlank(accessKey) && StringUtils.isBlank(secretKey.getPlainText()) ) { initialCredentials = (new InstanceProfileCredentialsProvider()).getCredentials(); } AssumeRoleRequest assumeRequest = createAssumeRoleRequest(iamRoleArn); AssumeRoleResult assumeResult = new AWSSecurityTokenServiceClient(initialCredentials).assumeRole(assumeRequest); return new BasicSessionCredentials( assumeResult.getCredentials().getAccessKeyId(), assumeResult.getCredentials().getSecretAccessKey(), assumeResult.getCredentials().getSessionToken()); } }
private AWSCredentialsProvider createAwsCredentialsProvider(URI uri, Configuration conf) { Optional<AWSCredentials> credentials = getAwsCredentials(uri, conf); if (credentials.isPresent()) { return new AWSStaticCredentialsProvider(credentials.get()); } if (useInstanceCredentials) { return InstanceProfileCredentialsProvider.getInstance(); } String providerClass = conf.get(S3_CREDENTIALS_PROVIDER); if (!isNullOrEmpty(providerClass)) { return getCustomAWSCredentialsProvider(uri, conf, providerClass); } throw new RuntimeException("S3 credentials not configured"); }
public String getSecretAccessKey() { return iamCredProvider.getCredentials().getAWSSecretKey(); }
/** * Configuring the CloudWatch client. * * Credentials are loaded from the Amazon EC2 Instance Metadata Service */ private AmazonCloudWatchClient createCloudWatchClient() { AmazonCloudWatchClient cloudWatchClient = new AmazonCloudWatchClient(new InstanceProfileCredentialsProvider()); cloudWatchClient.setRegion(checkNotNull(Regions.getCurrentRegion(), "Problems getting AWS metadata")); return cloudWatchClient; }
protected void parseArguments() throws Exception { parser.parseArgument(args); // for credentials, check for IAM role usage if not then... // try the .aws/config file first if there is a profile specified, otherwise defer to // .s3cfg before using the default .aws/config credentials // (this may attempt .aws/config twice for no reason, but maintains backward compatibility) if (options.isUseIamRole() == false) { if (!options.hasAwsKeys() && options.getProfile() != null) loadAwsKeysFromAwsConfig(); if (!options.hasAwsKeys()) loadAwsKeysFromS3Config(); if (!options.hasAwsKeys()) loadAwsKeysFromAwsConfig(); if (!options.hasAwsKeys()) loadAwsKeysFromAwsCredentials(); if (!options.hasAwsKeys()) { throw new IllegalStateException("Could not find credentials, IAM Role usage not specified and ENV vars not defined: " + MirrorOptions.AWS_ACCESS_KEY + " and/or " + MirrorOptions.AWS_SECRET_KEY); } } else { InstanceProfileCredentialsProvider client = new InstanceProfileCredentialsProvider(); if (client.getCredentials() == null) { throw new IllegalStateException("Could not find IAM Instance Profile credentials from the AWS metadata service."); } } options.initDerivedFields(); }
private AWSCredentialsProvider getAwsCredentialsProvider(Configuration conf, HiveS3Config defaults) { Optional<AWSCredentials> credentials = getAwsCredentials(conf); if (credentials.isPresent()) { return new AWSStaticCredentialsProvider(credentials.get()); } boolean useInstanceCredentials = conf.getBoolean(S3_USE_INSTANCE_CREDENTIALS, defaults.isS3UseInstanceCredentials()); if (useInstanceCredentials) { return InstanceProfileCredentialsProvider.getInstance(); } String providerClass = conf.get(S3_CREDENTIALS_PROVIDER); if (!isNullOrEmpty(providerClass)) { return getCustomAWSCredentialsProvider(conf, providerClass); } throw new RuntimeException("S3 credentials not configured"); }