Package com.google.auth.oauth2
Class InternalAwsSecurityCredentialsSupplier
java.lang.Object
com.google.auth.oauth2.InternalAwsSecurityCredentialsSupplier
- All Implemented Interfaces:
AwsSecurityCredentialsSupplier
,Serializable
class InternalAwsSecurityCredentialsSupplier
extends Object
implements AwsSecurityCredentialsSupplier
Internal provider for retrieving AWS security credentials for
AwsCredentials
to exchange
for GCP access tokens. The credentials are retrieved either via environment variables or metadata
endpoints.-
Field Summary
FieldsModifier and TypeFieldDescription(package private) static final String
(package private) static final String
(package private) static final String
(package private) static final String
(package private) static final String
(package private) static final String
(package private) static final String
(package private) static final String
private final AwsCredentialSource
private EnvironmentProvider
private static final long
private HttpTransportFactory
-
Constructor Summary
ConstructorsConstructorDescriptionInternalAwsSecurityCredentialsSupplier
(AwsCredentialSource awsCredentialSource, EnvironmentProvider environmentProvider, HttpTransportFactory transportFactory) Constructor for InternalAwsSecurityCredentialsProvider -
Method Summary
Modifier and TypeMethodDescriptionprivate boolean
private boolean
createMetadataRequestHeaders
(AwsCredentialSource awsCredentialSource) Gets AWS security credentials.getRegion
(ExternalAccountSupplierContext context) Gets the AWS region to use.private String
retrieveResource
(String url, String resourceName, String requestMethod, Map<String, Object> headers, com.google.api.client.http.HttpContent content) private String
(package private) boolean
-
Field Details
-
serialVersionUID
private static final long serialVersionUID- See Also:
-
AWS_REGION
- See Also:
-
AWS_DEFAULT_REGION
- See Also:
-
AWS_ACCESS_KEY_ID
- See Also:
-
AWS_SECRET_ACCESS_KEY
- See Also:
-
AWS_SESSION_TOKEN
- See Also:
-
AWS_IMDSV2_SESSION_TOKEN_HEADER
- See Also:
-
AWS_IMDSV2_SESSION_TOKEN_TTL_HEADER
- See Also:
-
AWS_IMDSV2_SESSION_TOKEN_TTL
- See Also:
-
awsCredentialSource
-
environmentProvider
-
transportFactory
-
-
Constructor Details
-
InternalAwsSecurityCredentialsSupplier
InternalAwsSecurityCredentialsSupplier(AwsCredentialSource awsCredentialSource, EnvironmentProvider environmentProvider, HttpTransportFactory transportFactory) Constructor for InternalAwsSecurityCredentialsProvider- Parameters:
awsCredentialSource
- the credential source to use.environmentProvider
- the environment provider to use for environment variables.transportFactory
- the transport factory to use for metadata requests.
-
-
Method Details
-
getCredentials
public AwsSecurityCredentials getCredentials(ExternalAccountSupplierContext context) throws IOException Description copied from interface:AwsSecurityCredentialsSupplier
Gets AWS security credentials.- Specified by:
getCredentials
in interfaceAwsSecurityCredentialsSupplier
- Parameters:
context
- relevant context from the calling credential.- Returns:
- valid AWS security credentials that can be exchanged for a GCP access token.
- Throws:
IOException
-
getRegion
Description copied from interface:AwsSecurityCredentialsSupplier
Gets the AWS region to use.- Specified by:
getRegion
in interfaceAwsSecurityCredentialsSupplier
- Parameters:
context
- relevant context from the calling credential.- Returns:
- the AWS region that should be used for the credential.
- Throws:
IOException
-
canRetrieveRegionFromEnvironment
private boolean canRetrieveRegionFromEnvironment() -
canRetrieveSecurityCredentialsFromEnvironment
private boolean canRetrieveSecurityCredentialsFromEnvironment() -
shouldUseMetadataServer
boolean shouldUseMetadataServer() -
retrieveResource
private String retrieveResource(String url, String resourceName, Map<String, Object> headers) throws IOException- Throws:
IOException
-
retrieveResource
private String retrieveResource(String url, String resourceName, String requestMethod, Map<String, Object> headers, @Nullable com.google.api.client.http.HttpContent content) throws IOException- Throws:
IOException
-
createMetadataRequestHeaders
Map<String,Object> createMetadataRequestHeaders(AwsCredentialSource awsCredentialSource) throws IOException - Throws:
IOException
-