Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: Adds support for user defined subject token suppliers in AWSCredentials and IdentityPoolCredentials #1336

Merged
merged 44 commits into from
Jan 25, 2024
Merged
Changes from 1 commit
Commits
Show all changes
44 commits
Select commit Hold shift + click to select a range
b21127a
feat: adds programmatic auth credentials for identity pool and aws cr…
aeitzman Nov 27, 2023
e6457d9
feat: add quality of life improvements for building external account …
aeitzman Nov 27, 2023
448a8ec
fix: formatting
aeitzman Nov 27, 2023
59eb856
fix: add formatting
aeitzman Nov 27, 2023
f2ab1a2
Merge remote-tracking branch 'upstream/main' into fix_builders
aeitzman Nov 27, 2023
0495b7f
Adds @CanIgnoreReturnValue on new builder methods
aeitzman Nov 27, 2023
8d12e07
Merge remote-tracking branch 'upstream/main' into programmatic-auth
aeitzman Nov 27, 2023
a8b2f92
Change test for impersonated credentials
aeitzman Dec 1, 2023
616fb13
formatting
aeitzman Dec 1, 2023
b2552eb
adding id_token type
aeitzman Dec 1, 2023
d32e19c
Merge branch 'fix_builders' into programmatic-auth
aeitzman Dec 1, 2023
6726160
formatting
aeitzman Dec 1, 2023
2fc4f99
Update oauth2_http/java/com/google/auth/oauth2/AwsCredentials.java
aeitzman Dec 5, 2023
e5a9c59
PR comments
aeitzman Dec 5, 2023
bfb83fa
Added header value constants
aeitzman Dec 5, 2023
6e7a975
Merge branch 'main' into programmatic-auth
lsirac Dec 6, 2023
164ac25
updating java doc
aeitzman Dec 7, 2023
a257e55
adding integration tests
aeitzman Dec 7, 2023
f09adfa
fix tests
aeitzman Dec 7, 2023
97946b3
fix tests, add javadoc, and format
aeitzman Dec 7, 2023
eb08391
PR review comments
aeitzman Dec 11, 2023
5ae2645
Update oauth2_http/java/com/google/auth/oauth2/AwsCredentials.java
aeitzman Dec 12, 2023
61f6ae5
PR comments
aeitzman Dec 12, 2023
e43d708
changing to aws_region instead of region to clarify usage and keep re…
aeitzman Dec 13, 2023
bd4604f
Merge branch 'main' into programmatic-auth
aeitzman Dec 18, 2023
08bde82
Merge branch 'main' into programmatic-auth
lsirac Dec 20, 2023
4a22e08
Adding Aws Security Credential Providers
aeitzman Jan 8, 2024
f40743e
Merge remote-tracking branch 'upstream/main' into programmatic-auth
aeitzman Jan 8, 2024
f480b84
Adding identity pool providers
aeitzman Jan 8, 2024
188b803
PR comments
aeitzman Jan 9, 2024
e69108e
fix test
aeitzman Jan 9, 2024
4f3e253
refactoring to expose rename provider to supplier and expose it publicly
aeitzman Jan 10, 2024
c22a4e9
Merge branch 'main' into programmatic-auth
aeitzman Jan 10, 2024
dd659c4
formatting
aeitzman Jan 10, 2024
9cd8d96
Merge branch 'main' into programmatic-auth
lsirac Jan 12, 2024
8963d68
updating codeowners
aeitzman Jan 17, 2024
f4cadd2
Merge branch 'main' into programmatic-auth
lsirac Jan 18, 2024
20c2f7d
make subject token supplier interface public
aeitzman Jan 19, 2024
abd462b
Making AwsSecurityCredentials public and change name to sessionToken
aeitzman Jan 22, 2024
9835df7
lint
aeitzman Jan 22, 2024
d06eb36
Merge branch 'main' into programmatic-auth
aeitzman Jan 23, 2024
d59fb92
Merge remote-tracking branch 'upstream/main' into programmatic-auth
aeitzman Jan 25, 2024
4371463
fix tests
aeitzman Jan 25, 2024
5b21010
lint
aeitzman Jan 25, 2024
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
Making AwsSecurityCredentials public and change name to sessionToken
aeitzman committed Jan 22, 2024
commit abd462b3909c96435cd36f306ee127811259f1c3
Original file line number Diff line number Diff line change
@@ -237,8 +237,8 @@ private Map<String, String> getCanonicalHeaders(String defaultDate) {
headers.put("x-amz-date", defaultDate);
}

if (awsSecurityCredentials.getToken() != null && !awsSecurityCredentials.getToken().isEmpty()) {
headers.put("x-amz-security-token", awsSecurityCredentials.getToken());
if (awsSecurityCredentials.getSessionToken() != null && !awsSecurityCredentials.getSessionToken().isEmpty()) {
headers.put("x-amz-security-token", awsSecurityCredentials.getSessionToken());
}

// Add all additional headers.
Original file line number Diff line number Diff line change
@@ -37,29 +37,48 @@
* Defines AWS security credentials. These are either retrieved from the AWS security_credentials
* endpoint or AWS environment variables.
*/
class AwsSecurityCredentials {
public class AwsSecurityCredentials {

private final String accessKeyId;
private final String secretAccessKey;

@Nullable private final String token;
@Nullable private final String sessionToken;

AwsSecurityCredentials(String accessKeyId, String secretAccessKey, @Nullable String token) {
/**
* Constructor for AWSSecurityCredentials.
*
* @param accessKeyId the AWS access Key Id.
* @param secretAccessKey the AWS secret access key.
* @param sessionToken the AWS session token. Optional.
*/
public AwsSecurityCredentials(String accessKeyId, String secretAccessKey, @Nullable String sessionToken) {
this.accessKeyId = accessKeyId;
this.secretAccessKey = secretAccessKey;
this.token = token;
this.sessionToken = sessionToken;
}

String getAccessKeyId() {
/**
* Gets the AWS access key id.
* @return the AWS access key id.
*/
public String getAccessKeyId() {
return accessKeyId;
}

String getSecretAccessKey() {
/**
* Gets the AWS secret access key.
* @return the AWS secret access key.
*/
public String getSecretAccessKey() {
return secretAccessKey;
}

/**
* Gets the AWS session token.
* @return the AWS session token.
*/
@Nullable
String getToken() {
return token;
public String getSessionToken() {
return sessionToken;
}
}
Original file line number Diff line number Diff line change
@@ -723,7 +723,7 @@ public void getAwsSecurityCredentials_fromEnvironmentVariablesNoToken() throws I

assertEquals("awsAccessKeyId", credentials.getAccessKeyId());
assertEquals("awsSecretAccessKey", credentials.getSecretAccessKey());
assertNull(credentials.getToken());
assertNull(credentials.getSessionToken());
}

@Test
@@ -756,7 +756,7 @@ public void getAwsSecurityCredentials_fromEnvironmentVariablesWithToken() throws

assertEquals("awsAccessKeyId", credentials.getAccessKeyId());
assertEquals("awsSecretAccessKey", credentials.getSecretAccessKey());
assertEquals("awsSessionToken", credentials.getToken());
assertEquals("awsSessionToken", credentials.getSessionToken());
}

@Test
@@ -778,7 +778,7 @@ public void getAwsSecurityCredentials_fromEnvironmentVariables_noMetadataServerC

assertEquals("awsAccessKeyId", credentials.getAccessKeyId());
assertEquals("awsSecretAccessKey", credentials.getSecretAccessKey());
assertEquals("awsSessionToken", credentials.getToken());
assertEquals("awsSessionToken", credentials.getSessionToken());
}

@Test
@@ -797,7 +797,7 @@ public void getAwsSecurityCredentials_fromMetadataServer() throws IOException {

assertEquals("accessKeyId", credentials.getAccessKeyId());
assertEquals("secretAccessKey", credentials.getSecretAccessKey());
assertEquals("token", credentials.getToken());
assertEquals("token", credentials.getSessionToken());

List<MockLowLevelHttpRequest> requests = transportFactory.transport.getRequests();
assertEquals(2, requests.size());