Class AwsCredentials

  • All Implemented Interfaces:
    QuotaProjectIdProvider, java.io.Serializable

    public class AwsCredentials
    extends ExternalAccountCredentials
    Credentials representing an AWS third-party identity for calling Google APIs. AWS security credentials are either sourced by calling EC2 metadata endpoints, environment variables, or a user provided supplier method.

    By default, attempts to exchange the external credential for a GCP access token.

    See Also:
    Serialized Form
    • Field Detail

      • DEFAULT_REGIONAL_CREDENTIAL_VERIFICATION_URL

        static final java.lang.String DEFAULT_REGIONAL_CREDENTIAL_VERIFICATION_URL
        See Also:
        Constant Field Values
      • AWS_METRICS_HEADER_VALUE

        static final java.lang.String AWS_METRICS_HEADER_VALUE
        See Also:
        Constant Field Values
      • regionalCredentialVerificationUrlOverride

        @Nullable
        private final java.lang.String regionalCredentialVerificationUrlOverride
      • regionalCredentialVerificationUrl

        @Nullable
        private final java.lang.String regionalCredentialVerificationUrl
      • metricsHeaderValue

        private final java.lang.String metricsHeaderValue
    • Method Detail

      • refreshAccessToken

        public AccessToken refreshAccessToken()
                                       throws java.io.IOException
        Description copied from class: OAuth2Credentials
        Method to refresh the access token according to the specific type of credentials.

        Throws IllegalStateException if not overridden since direct use of OAuth2Credentials is only for temporary or non-refreshing access tokens.

        Overrides:
        refreshAccessToken in class OAuth2Credentials
        Returns:
        never
        Throws:
        java.io.IOException
      • retrieveSubjectToken

        public java.lang.String retrieveSubjectToken()
                                              throws java.io.IOException
        Description copied from class: ExternalAccountCredentials
        Retrieves the external subject token to be exchanged for a Google Cloud access token.

        Must be implemented by subclasses as the retrieval method is dependent on the credential source.

        Specified by:
        retrieveSubjectToken in class ExternalAccountCredentials
        Returns:
        the external subject token
        Throws:
        java.io.IOException - if the subject token cannot be retrieved
      • createScoped

        public GoogleCredentials createScoped​(java.util.Collection<java.lang.String> newScopes)
        Clones the AwsCredentials with the specified scopes.
        Overrides:
        createScoped in class GoogleCredentials
        Parameters:
        newScopes - Collection of scopes to request.
        Returns:
        GoogleCredentials with requested scopes.
      • buildSubjectToken

        private java.lang.String buildSubjectToken​(AwsRequestSignature signature)
                                            throws java.io.UnsupportedEncodingException
        Throws:
        java.io.UnsupportedEncodingException
      • getRegionalCredentialVerificationUrl

        java.lang.String getRegionalCredentialVerificationUrl()
      • getEnv

        java.lang.String getEnv​(java.lang.String name)
      • getRegionalCredentialVerificationUrlOverride

        @Nullable
        public java.lang.String getRegionalCredentialVerificationUrlOverride()
      • formatTokenHeaderForSts

        private static com.google.api.client.json.GenericJson formatTokenHeaderForSts​(java.lang.String key,
                                                                                      java.lang.String value)