1. 包列表
  2. 类列表
  3. com.amazonaws.services.securitytoken.model.GetCallerIdentityResult

Java 类com.amazonaws.services.securitytoken.model.GetCallerIdentityResult 实例源码

项目:cerberus-lifecycle-cli    文件:ConfigStore.java    
/**
 * Get generated CMS properties that are not set by the user
 * @return - System configured properties
 */
public Properties getCmsSystemProperties() {

    final BaseOutputs baseOutputs = getBaseStackOutputs();
    final BaseParameters baseParameters = getBaseStackParameters();
    final VaultParameters vaultParameters = getVaultStackParamters();
    final Optional<String> cmsVaultToken = getCmsVaultToken();
    final Optional<String> cmsDatabasePassword = getCmsDatabasePassword();

    final GetCallerIdentityResult callerIdentity = securityTokenService.getCallerIdentity(
            new GetCallerIdentityRequest());
    final String rootUserArn = String.format("arn:aws:iam::%s:root", callerIdentity.getAccount());

    final Properties properties = new Properties();
    properties.put(VAULT_ADDR_KEY, String.format("https://%s", cnameToHost(vaultParameters.getCname())));
    properties.put(VAULT_TOKEN_KEY, cmsVaultToken.get());
    properties.put(ROOT_USER_ARN_KEY, rootUserArn);
    properties.put(ADMIN_ROLE_ARN_KEY, baseParameters.getAccountAdminArn());
    properties.put(CMS_ROLE_ARN_KEY, baseOutputs.getCmsIamRoleArn());
    properties.put(JDBC_URL_KEY, baseOutputs.getCmsDbJdbcConnectionString());
    properties.put(JDBC_USERNAME_KEY, ConfigConstants.DEFAULT_CMS_DB_NAME);
    properties.put(JDBC_PASSWORD_KEY, cmsDatabasePassword.get());

    return properties;
}
项目:strongbox    文件:IAMPolicyManager.java    
public static String getAccount(AWSCredentialsProvider awsCredentialsProvider, ClientConfiguration clientConfiguration) {
    AWSSecurityTokenService client = AWSSecurityTokenServiceClientBuilder.standard()
        .withCredentials(awsCredentialsProvider)
        .withClientConfiguration(transformAndVerifyOrThrow(clientConfiguration))
        .withRegion(RegionResolver.getRegion())
        .build();
    GetCallerIdentityRequest request = new GetCallerIdentityRequest();
    GetCallerIdentityResult result = client.getCallerIdentity(request);

    return result.getAccount();
}
项目:athenz    文件:InstanceAWSProvider.java    
public boolean verifyInstanceIdentity(AWSAttestationData info, final String awsAccount) {

    GetCallerIdentityRequest req = new GetCallerIdentityRequest();

    try {
        AWSSecurityTokenServiceClient client = getInstanceClient(info);
        if (client == null) {
            LOGGER.error("verifyInstanceIdentity - unable to get AWS STS client object");
            return false;
        }

        GetCallerIdentityResult res = client.getCallerIdentity(req);
        if (res == null) {
            LOGGER.error("verifyInstanceIdentity - unable to get caller identity");
            return false;
        }

        String arn = "arn:aws:sts::" + awsAccount + ":assumed-role/" + info.getRole() + "/";
        if (!res.getArn().startsWith(arn)) {
            LOGGER.error("verifyInstanceIdentity - ARN mismatch - request: {} caller-idenity: {}",
                    arn, res.getArn());
            return false;
        }

        return true;

    } catch (Exception ex) {
        LOGGER.error("CloudStore: verifyInstanceIdentity - unable get caller identity: {}",
                ex.getMessage());
        return false;
    }
}
项目:athenz    文件:InstanceAWSProviderTest.java    
@Test
public void testVerifyInstanceIdentityARNMismatch() {
    MockInstanceAWSProvider provider = new MockInstanceAWSProvider();
    provider.setIdentitySuper(true);
    AWSSecurityTokenServiceClient mockClient = Mockito.mock(AWSSecurityTokenServiceClient.class);
    GetCallerIdentityResult result = Mockito.mock(GetCallerIdentityResult.class);
    Mockito.when(result.getArn()).thenReturn("arn:aws:sts::1235:assumed-role/athenz.service/athenz.service");
    Mockito.when(mockClient.getCallerIdentity(ArgumentMatchers.any())).thenReturn(result);
    provider.setStsClient(mockClient);

    AWSAttestationData info = new AWSAttestationData();
    info.setRole("athenz.service");
    assertFalse(provider.verifyInstanceIdentity(info, "1234"));
}
项目:athenz    文件:InstanceAWSProviderTest.java    
@Test
public void testVerifyInstanceIdentity() {
    MockInstanceAWSProvider provider = new MockInstanceAWSProvider();
    provider.setIdentitySuper(true);
    AWSSecurityTokenServiceClient mockClient = Mockito.mock(AWSSecurityTokenServiceClient.class);
    GetCallerIdentityResult result = Mockito.mock(GetCallerIdentityResult.class);
    Mockito.when(result.getArn()).thenReturn("arn:aws:sts::1234:assumed-role/athenz.service/athenz.service");
    Mockito.when(mockClient.getCallerIdentity(ArgumentMatchers.any())).thenReturn(result);
    provider.setStsClient(mockClient);

    AWSAttestationData info = new AWSAttestationData();
    info.setRole("athenz.service");
    assertTrue(provider.verifyInstanceIdentity(info, "1234"));
}
项目:aws-sam-gradle    文件:AwsMetadataService.java    
public String getAccountId() {
    final GetCallerIdentityResult callerIdentity = tokenService.getCallerIdentity(new GetCallerIdentityRequest());
    return callerIdentity.getAccount();
}
项目:cerberus-lifecycle-cli    文件:SetBackupAdminPrincipalsOperation.java    
@Override
public void run(SetBackupAdminPrincipalsCommand command) {
    GetCallerIdentityResult identityResult = sts.getCallerIdentity(new GetCallerIdentityRequest());
    String accountId = identityResult.getAccount();
    String rootArn = String.format("arn:aws:iam::%s:root", accountId);
    String adminRoleArn = configStore.getAccountAdminArn().get();

    Set<String> principals = new HashSet<>();
    principals.add(rootArn);
    principals.add(adminRoleArn);
    principals.addAll(command.getAdditionalPrincipals());

    configStore.storeBackupAdminIamPrincipals(principals);

    if (! configStore.getRegionBackupBucketMap().isEmpty()) {
        configStore.getRegionBackupBucketMap().forEach((region, backupRegionInfo) -> {
            final List<Statement> statements = new LinkedList<>();
            principals.forEach( principal -> {
                log.debug("Adding principal: {} to the CMK Policy for region {}", principal, region);
                statements.add(new Statement(Statement.Effect.Allow)
                        .withId("Principal " + principal + " Has All Actions")
                        .withPrincipals(new Principal(AWS_PROVIDER, principal, false))
                        .withActions(KMSActions.AllKMSActions)
                        .withResources(new Resource("*")));
            });

            Policy kmsPolicy = new Policy();
            kmsPolicy.setStatements(statements);
            String policyString = kmsPolicy.toJson();

            log.debug("Updating key {} for region {} with policy {}", backupRegionInfo.getKmsCmkId(), region, policyString);

            AWSKMS kms = AWSKMSClient.builder().withCredentials(getAWSCredentialsProviderChain()).withRegion(region).build();
            PutKeyPolicyRequest request = new PutKeyPolicyRequest()
                    .withKeyId(backupRegionInfo.getKmsCmkId())
                    .withPolicyName("default")
                    .withBypassPolicyLockoutSafetyCheck(true)
                    .withPolicy(policyString);

            kms.putKeyPolicy(request);

            log.info("Successfully updated key {} in region {} to allow the following principals access {}",
                    backupRegionInfo.getKmsCmkId(), region, String.join(", ", principals));
        });
    }
}
项目:athenz    文件:MockCloudStore.java    
void setGetCallerIdentityResult(GetCallerIdentityResult callerIdentityResult) {
    this.callerIdentityResult = callerIdentityResult;
}