Package org.springframework.cloud.config.server.support

Class AwsCodeCommitCredentialProvider

java.lang.Object
org.eclipse.jgit.transport.CredentialsProvider
org.springframework.cloud.config.server.support.AwsCodeCommitCredentialProvider
public class AwsCodeCommitCredentialProvider extends org.eclipse.jgit.transport.CredentialsProvider
Provides a jgit CredentialsProvider implementation that can provide the appropriate credentials to connect to an AWS CodeCommit repository.

From the command line, you can configure git to use AWS code commit with a credential helper. However, jgit does not support credential helper commands, but it does provide a CredentialsProvider abstract class we can extend. Connecting to an AWS CodeCommit (codecommit) repository requires an AWS access key and secret key. These are used to calculate a signature for the git request. The AWS access key is used as the codecommit username, and the calculated signature is used as the password. The process for calculating this signature is documented very well at https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html.

Connecting to an AWS CodeCommit (codecommit) repository requires an AWS access key and secret key. These are used to calculate a signature for the git request. The AWS access key is used as the codecommit username, and the calculated signature is used as the password. The process for calculating this signature is documented very well at https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html.
Author:
Don Laidlaw

  • Nested Class Summary

    Nested Classes
    Modifier and Type
    Class
    Description
    class 
    AwsCodeCommitCredentialProvider.AWSStaticCredentialsProvider
    Simple implementation of AWSCredentialsProvider that just wraps static AWSCredentials.

  • Field Summary

    Fields
    Modifier and Type
    Field
    Description
    protected org.apache.commons.logging.Log
    logger
     

  • Constructor Summary

    Constructors
    Constructor
    Description
    AwsCodeCommitCredentialProvider()
     

  • Method Summary

    Modifier and Type
    Method
    Description
    protected static String
    calculateCodeCommitPassword(org.eclipse.jgit.transport.URIish uri, String awsSecretKey)
    Calculate the AWS CodeCommit password for the provided URI and AWS secret key.
    static boolean
    canHandle(String uri)
    This provider can handle uris like https://git-codecommit.$AWS_REGION.amazonaws.com/v1/repos/$REPO .
    boolean
    get(org.eclipse.jgit.transport.URIish uri, org.eclipse.jgit.transport.CredentialItem... items)
    Get the username and password to use for the given uri.
    com.amazonaws.auth.AWSCredentialsProvider
    getAwsCredentialProvider()
     
    String
    getPassword()
     
    String
    getUsername()
     
    boolean
    isInteractive()
    This credentials provider cannot run interactively.
    void
    reset(org.eclipse.jgit.transport.URIish uri)
    Throw out cached data and force retrieval of AWS credentials.
    void
    setAwsCredentialProvider(com.amazonaws.auth.AWSCredentialsProvider awsCredentialProvider)
     
    void
    setPassword(String password)
     
    void
    setUsername(String username)
     
    boolean
    supports(org.eclipse.jgit.transport.CredentialItem... items)
    We support username and password credential items only.

    Methods inherited from class org.eclipse.jgit.transport.CredentialsProvider

    get, getDefault, isAnyNull, setDefault

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

  • Field Details

    • logger

      protected org.apache.commons.logging.Log logger

  • Constructor Details

    • AwsCodeCommitCredentialProvider

      public AwsCodeCommitCredentialProvider()

  • Method Details

    • calculateCodeCommitPassword

      protected static String calculateCodeCommitPassword(org.eclipse.jgit.transport.URIish uri, String awsSecretKey)
      Calculate the AWS CodeCommit password for the provided URI and AWS secret key. This uses the algorithm published by AWS at https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html
      Parameters:
      uri - the codecommit repository uri
      awsSecretKey - the aws secret key
      Returns:
      the password to use in the git request

    • canHandle

      public static boolean canHandle(String uri)
      This provider can handle uris like https://git-codecommit.$AWS_REGION.amazonaws.com/v1/repos/$REPO .
      Parameters:
      uri - uri to parse
      Returns:
      true if the URI can be handled

    • isInteractive

      public boolean isInteractive()
      This credentials provider cannot run interactively.
      Specified by:
      isInteractive in class org.eclipse.jgit.transport.CredentialsProvider
      Returns:
      false
      See Also:
      • CredentialsProvider.isInteractive()

    • supports

      public boolean supports(org.eclipse.jgit.transport.CredentialItem... items)
      We support username and password credential items only.
      Specified by:
      supports in class org.eclipse.jgit.transport.CredentialsProvider
      See Also:
      • CredentialsProvider.supports(org.eclipse.jgit.transport.CredentialItem[])

    • get

      public boolean get(org.eclipse.jgit.transport.URIish uri, org.eclipse.jgit.transport.CredentialItem... items) throws org.eclipse.jgit.errors.UnsupportedCredentialItem
      Get the username and password to use for the given uri.
      Specified by:
      get in class org.eclipse.jgit.transport.CredentialsProvider
      Throws:
      org.eclipse.jgit.errors.UnsupportedCredentialItem
      See Also:
      • CredentialsProvider.get(org.eclipse.jgit.transport.URIish, org.eclipse.jgit.transport.CredentialItem[])

    • reset

      public void reset(org.eclipse.jgit.transport.URIish uri)
      Throw out cached data and force retrieval of AWS credentials.
      Overrides:
      reset in class org.eclipse.jgit.transport.CredentialsProvider
      Parameters:
      uri - This parameter is not used in this implementation.

    • getAwsCredentialProvider

      public com.amazonaws.auth.AWSCredentialsProvider getAwsCredentialProvider()
      Returns:
      the awsCredentialProvider

    • setAwsCredentialProvider

      public void setAwsCredentialProvider(com.amazonaws.auth.AWSCredentialsProvider awsCredentialProvider)
      Parameters:
      awsCredentialProvider - the awsCredentialProvider to set

    • getUsername

      public String getUsername()
      Returns:
      the username

    • setUsername

      public void setUsername(String username)
      Parameters:
      username - the username to set

    • getPassword

      public String getPassword()
      Returns:
      the password

    • setPassword

      public void setPassword(String password)
      Parameters:
      password - the password to set