Package com.yahoo.athenz.zts

Class AWSCredentialsProviderImplV2

  • All Implemented Interfaces:
    Closeable, AutoCloseable, software.amazon.awssdk.auth.credentials.AwsCredentialsProvider, software.amazon.awssdk.identity.spi.IdentityProvider<software.amazon.awssdk.identity.spi.AwsCredentialsIdentity>
    public class AWSCredentialsProviderImplV2
extends Object
implements software.amazon.awssdk.auth.credentials.AwsCredentialsProvider, Closeable

    • Constructor Detail

      • AWSCredentialsProviderImplV2

        public AWSCredentialsProviderImplV2​(ZTSClient ztsClient,
                                    String domainName,
                                    String roleName)
        Constructs a new AWSCredentialsProvider object with the given zts client object, Athenz domain name and AWS Role Name to retrieve temporary credentials for.
        Parameters:
        ztsClient - ZTS Client object
        domainName - name of the Athenz domain
        roleName - is the name of the IAM role

      • AWSCredentialsProviderImplV2

        public AWSCredentialsProviderImplV2​(ZTSClient ztsClient,
                                    String domainName,
                                    String roleName,
                                    String externalId,
                                    Integer minExpiryTime,
                                    Integer maxExpiryTime)
        Constructs a new AWSCredentialsProvider object with the given zts client object, Athenz domain name and AWS Role Name to retrieve temporary credentials for.
        Parameters:
        ztsClient - ZTS Client object
        domainName - name of the Athenz domain
        roleName - is the name of the IAM role
        minExpiryTime - (optional) specifies that the returned creds must be at least valid (min/lower bound) for specified number of seconds,
        maxExpiryTime - (optional) specifies that the returned creds must be at most valid (max/upper bound) for specified number of seconds.
        externalId - (optional) external id to satisfy configured assume role condition

      • AWSCredentialsProviderImplV2

        public AWSCredentialsProviderImplV2​(String ztsUrl,
                                    SSLContext sslContext,
                                    String domainName,
                                    String roleName,
                                    String externalId,
                                    Integer minExpiryTime,
                                    Integer maxExpiryTime)
        Constructs a new AWSCredentialsProvider object with the given SSLContext object, ZTS Server Url, Athenz domain name and AWS Role Name to retrieve temporary credentials for. The constructor will automatically create and use the ZTS client object for retrieving credentials. This object must be closed so the ZTS client object is closed as well.
        Parameters:
        ztsUrl - ZTS Server's URL
        sslContext - SSLContext that includes service's private key and x.509 certificate for authenticating requests
        domainName - name of the Athenz domain
        roleName - is the name of the IAM role
        minExpiryTime - (optional) specifies that the returned creds must be at least valid (min/lower bound) for specified number of seconds,
        maxExpiryTime - (optional) specifies that the returned creds must be at most valid (max/upper bound) for specified number of seconds.
        externalId - (optional) external id to satisfy configured assume role condition

      • AWSCredentialsProviderImplV2

        public AWSCredentialsProviderImplV2​(String ztsUrl,
                                    SSLContext sslContext,
                                    String domainName,
                                    String roleName)
        Constructs a new AWSCredentialsProvider object with the given SSLContext object, ZTS Server Url, Athenz domain name and AWS Role Name to retrieve temporary credentials for. The constructor will automatically create and use the ZTS client object for retrieving credentials. This object must be closed so the ZTS client object is closed as well.
        Parameters:
        ztsUrl - ZTS Server's URL
        sslContext - SSLContext that includes service's private key and x.509 certificate for authenticating requests
        domainName - name of the domain
        roleName - is the name of the role

    • Method Detail

      • setAwsAutoRefreshEnable

        public static void setAwsAutoRefreshEnable​(boolean state)
        Configure whether or not to auto refresh the credentials when the credentials provider object is created
        Parameters:
        state - boolean state to enable call to refresh credentials

      • refresh

        public void refresh()

      • resolveCredentials

        public software.amazon.awssdk.auth.credentials.AwsCredentials resolveCredentials()
        Specified by:
        resolveCredentials in interface software.amazon.awssdk.auth.credentials.AwsCredentialsProvider