Package com.google.auth.oauth2
Class AwsCredentials
- java.lang.Object
-
- com.google.auth.Credentials
-
- com.google.auth.oauth2.OAuth2Credentials
-
- com.google.auth.oauth2.GoogleCredentials
-
- com.google.auth.oauth2.ExternalAccountCredentials
-
- com.google.auth.oauth2.AwsCredentials
-
- All Implemented Interfaces:
QuotaProjectIdProvider
,java.io.Serializable
public class AwsCredentials extends ExternalAccountCredentials
Credentials representing an AWS third-party identity for calling Google APIs. AWS security credentials are either sourced by calling EC2 metadata endpoints, environment variables, or a user provided supplier method.By default, attempts to exchange the external credential for a GCP access token.
- See Also:
- Serialized Form
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description static class
AwsCredentials.Builder
-
Nested classes/interfaces inherited from class com.google.auth.oauth2.ExternalAccountCredentials
ExternalAccountCredentials.CredentialSource, ExternalAccountCredentials.ServiceAccountImpersonationOptions, ExternalAccountCredentials.SubjectTokenTypes
-
Nested classes/interfaces inherited from class com.google.auth.oauth2.OAuth2Credentials
OAuth2Credentials.AsyncRefreshResult, OAuth2Credentials.CacheState, OAuth2Credentials.CredentialsChangedListener, OAuth2Credentials.FutureCallbackToMetadataCallbackAdapter, OAuth2Credentials.OAuthValue, OAuth2Credentials.RefreshTask, OAuth2Credentials.RefreshTaskListener
-
-
Field Summary
Fields Modifier and Type Field Description (package private) static java.lang.String
AWS_METRICS_HEADER_VALUE
private AwsSecurityCredentialsSupplier
awsSecurityCredentialsSupplier
(package private) static java.lang.String
DEFAULT_REGIONAL_CREDENTIAL_VERIFICATION_URL
private java.lang.String
metricsHeaderValue
private java.lang.String
regionalCredentialVerificationUrl
private java.lang.String
regionalCredentialVerificationUrlOverride
private static long
serialVersionUID
private ExternalAccountSupplierContext
supplierContext
-
Fields inherited from class com.google.auth.oauth2.ExternalAccountCredentials
DEFAULT_TOKEN_URL, EXECUTABLE_SOURCE_KEY, EXTERNAL_ACCOUNT_FILE_TYPE, impersonatedCredentials, PROGRAMMATIC_METRICS_HEADER_VALUE, transportFactory
-
Fields inherited from class com.google.auth.oauth2.GoogleCredentials
GDCH_SERVICE_ACCOUNT_FILE_TYPE, QUOTA_PROJECT_ID_HEADER_KEY, quotaProjectId, SERVICE_ACCOUNT_FILE_TYPE, USER_FILE_TYPE
-
Fields inherited from class com.google.auth.oauth2.OAuth2Credentials
clock, DEFAULT_EXPIRATION_MARGIN, DEFAULT_REFRESH_MARGIN, lock, refreshTask
-
Fields inherited from class com.google.auth.Credentials
GOOGLE_DEFAULT_UNIVERSE
-
-
Constructor Summary
Constructors Constructor Description AwsCredentials(AwsCredentials.Builder builder)
Internal constructor.
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description private java.lang.String
buildSubjectToken(AwsRequestSignature signature)
GoogleCredentials
createScoped(java.util.Collection<java.lang.String> newScopes)
Clones the AwsCredentials with the specified scopes.private static com.google.api.client.json.GenericJson
formatTokenHeaderForSts(java.lang.String key, java.lang.String value)
(package private) AwsSecurityCredentialsSupplier
getAwsSecurityCredentialsSupplier()
(package private) java.lang.String
getCredentialSourceType()
(package private) java.lang.String
getEnv(java.lang.String name)
(package private) java.lang.String
getRegionalCredentialVerificationUrl()
java.lang.String
getRegionalCredentialVerificationUrlOverride()
static AwsCredentials.Builder
newBuilder()
static AwsCredentials.Builder
newBuilder(AwsCredentials awsCredentials)
AccessToken
refreshAccessToken()
Method to refresh the access token according to the specific type of credentials.java.lang.String
retrieveSubjectToken()
Retrieves the external subject token to be exchanged for a Google Cloud access token.-
Methods inherited from class com.google.auth.oauth2.ExternalAccountCredentials
buildImpersonatedCredentials, exchangeExternalCredentialForAccessToken, fromJson, fromStream, fromStream, getAudience, getClientId, getClientSecret, getCredentialSource, getEnvironmentProvider, getRequestMetadata, getRequestMetadata, getScopes, getServiceAccountEmail, getServiceAccountImpersonationOptions, getServiceAccountImpersonationUrl, getSubjectTokenType, getTokenInfoUrl, getTokenUrl, getUniverseDomain, getWorkforcePoolUserProject, isWorkforcePoolConfiguration, validateServiceAccountImpersonationInfoUrl, validateTokenUrl
-
Methods inherited from class com.google.auth.oauth2.GoogleCredentials
addQuotaProjectIdToRequestMetadata, create, create, createDelegated, createScoped, createScoped, createScopedRequired, createWithCustomRetryStrategy, createWithQuotaProject, equals, getAdditionalHeaders, getApplicationDefault, getApplicationDefault, getQuotaProjectId, hashCode, isDefaultUniverseDomain, isExplicitUniverseDomain, toBuilder, toString, toStringHelper
-
Methods inherited from class com.google.auth.oauth2.OAuth2Credentials
addChangeListener, getAccessToken, getAuthenticationType, getExpirationMargin, getFromServiceLoader, getRefreshMargin, getRequestMetadataInternal, hasRequestMetadata, hasRequestMetadataOnly, newInstance, refresh, refreshIfExpired, removeChangeListener
-
Methods inherited from class com.google.auth.Credentials
blockingGetToCallback, getMetricsCredentialType, getRequestMetadata
-
-
-
-
Field Detail
-
DEFAULT_REGIONAL_CREDENTIAL_VERIFICATION_URL
static final java.lang.String DEFAULT_REGIONAL_CREDENTIAL_VERIFICATION_URL
- See Also:
- Constant Field Values
-
AWS_METRICS_HEADER_VALUE
static final java.lang.String AWS_METRICS_HEADER_VALUE
- See Also:
- Constant Field Values
-
serialVersionUID
private static final long serialVersionUID
- See Also:
- Constant Field Values
-
awsSecurityCredentialsSupplier
private final AwsSecurityCredentialsSupplier awsSecurityCredentialsSupplier
-
supplierContext
private final ExternalAccountSupplierContext supplierContext
-
regionalCredentialVerificationUrlOverride
@Nullable private final java.lang.String regionalCredentialVerificationUrlOverride
-
regionalCredentialVerificationUrl
@Nullable private final java.lang.String regionalCredentialVerificationUrl
-
metricsHeaderValue
private final java.lang.String metricsHeaderValue
-
-
Constructor Detail
-
AwsCredentials
AwsCredentials(AwsCredentials.Builder builder)
Internal constructor. SeeAwsCredentials.Builder
.
-
-
Method Detail
-
refreshAccessToken
public AccessToken refreshAccessToken() throws java.io.IOException
Description copied from class:OAuth2Credentials
Method to refresh the access token according to the specific type of credentials.Throws IllegalStateException if not overridden since direct use of OAuth2Credentials is only for temporary or non-refreshing access tokens.
- Overrides:
refreshAccessToken
in classOAuth2Credentials
- Returns:
- never
- Throws:
java.io.IOException
-
retrieveSubjectToken
public java.lang.String retrieveSubjectToken() throws java.io.IOException
Description copied from class:ExternalAccountCredentials
Retrieves the external subject token to be exchanged for a Google Cloud access token.Must be implemented by subclasses as the retrieval method is dependent on the credential source.
- Specified by:
retrieveSubjectToken
in classExternalAccountCredentials
- Returns:
- the external subject token
- Throws:
java.io.IOException
- if the subject token cannot be retrieved
-
createScoped
public GoogleCredentials createScoped(java.util.Collection<java.lang.String> newScopes)
Clones the AwsCredentials with the specified scopes.- Overrides:
createScoped
in classGoogleCredentials
- Parameters:
newScopes
- Collection of scopes to request.- Returns:
- GoogleCredentials with requested scopes.
-
getCredentialSourceType
java.lang.String getCredentialSourceType()
- Overrides:
getCredentialSourceType
in classExternalAccountCredentials
-
buildSubjectToken
private java.lang.String buildSubjectToken(AwsRequestSignature signature) throws java.io.UnsupportedEncodingException
- Throws:
java.io.UnsupportedEncodingException
-
getRegionalCredentialVerificationUrl
java.lang.String getRegionalCredentialVerificationUrl()
-
getEnv
java.lang.String getEnv(java.lang.String name)
-
getAwsSecurityCredentialsSupplier
AwsSecurityCredentialsSupplier getAwsSecurityCredentialsSupplier()
-
getRegionalCredentialVerificationUrlOverride
@Nullable public java.lang.String getRegionalCredentialVerificationUrlOverride()
-
formatTokenHeaderForSts
private static com.google.api.client.json.GenericJson formatTokenHeaderForSts(java.lang.String key, java.lang.String value)
-
newBuilder
public static AwsCredentials.Builder newBuilder()
-
newBuilder
public static AwsCredentials.Builder newBuilder(AwsCredentials awsCredentials)
-
-