Skip to content

Commit

Permalink
Revert commits for STS regional endpoint
Browse files Browse the repository at this point in the history
- Revert "Remove formatting"
  This reverts commit 45be4a5.
- Revert "use API to get ServiceEndpoint"
  This reverts commit e68c800.
- Revert "add tests & remove unnesseray import"
  This reverts commit 8f735c0.
- Revert "Update MSKCredentialProvider.java"
  This reverts commit 34d68b2.
- Revert "Add support for STS Regional Endpoint (aws#118)"
  This reverts commit ed0027f.
  • Loading branch information
khi committed Aug 17, 2023
1 parent 6b5b50a commit 1c051dc
Show file tree
Hide file tree
Showing 2 changed files with 16 additions and 48 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -28,9 +28,6 @@
import com.amazonaws.auth.STSAssumeRoleSessionCredentialsProvider;
import com.amazonaws.auth.SystemPropertiesCredentialsProvider;
import com.amazonaws.auth.WebIdentityTokenCredentialsProvider;
import com.amazonaws.client.builder.AwsClientBuilder.EndpointConfiguration;
import com.amazonaws.regions.Region;
import com.amazonaws.regions.RegionUtils;
import com.amazonaws.retry.PredefinedBackoffStrategies;
import com.amazonaws.retry.v2.AndRetryCondition;
import com.amazonaws.retry.v2.MaxNumberOfRetriesCondition;
Expand Down Expand Up @@ -202,19 +199,19 @@ private void logCallerIdentity(AWSCredentials credentials) {

AWSSecurityTokenService getStsClientForDebuggingCreds(AWSCredentials credentials) {
return AWSSecurityTokenServiceClientBuilder.standard()
.withRegion(stsRegion)
.withCredentials(new AWSCredentialsProvider() {
@Override
public AWSCredentials getCredentials() {
return credentials;
}

@Override
public void refresh() {

}
})
.build();
.withRegion(stsRegion)
.withCredentials(new AWSCredentialsProvider() {
@Override
public AWSCredentials getCredentials() {
return credentials;
}

@Override
public void refresh() {

}
})
.build();
}

@Override
Expand Down Expand Up @@ -270,17 +267,6 @@ public int getMaxBackOffTimeMs() {
.orElse(DEFAULT_MAX_BACK_OFF_TIME_MS);
}

public EndpointConfiguration buildEndpointConfiguration(String stsRegion){
Region region = RegionUtils.getRegion(stsRegion);
String serviceEndpoint = region.getServiceEndpoint("sts");
EndpointConfiguration endpointConfiguration =
new EndpointConfiguration(
String.format(serviceEndpoint, stsRegion),
stsRegion);

return endpointConfiguration;
}

private Optional<EnhancedProfileCredentialsProvider> getProfileProvider() {
return Optional.ofNullable(optionsMap.get(AWS_PROFILE_NAME_KEY)).map(p -> {
if (log.isDebugEnabled()) {
Expand Down Expand Up @@ -325,9 +311,8 @@ else if (externalId != null) {

STSAssumeRoleSessionCredentialsProvider createSTSRoleCredentialProvider(String roleArn,
String sessionName, String stsRegion) {
EndpointConfiguration endpointConfiguration = buildEndpointConfiguration(stsRegion);
AWSSecurityTokenService stsClient = AWSSecurityTokenServiceClientBuilder.standard()
.withEndpointConfiguration(endpointConfiguration)
.withRegion(stsRegion)
.build();
return new STSAssumeRoleSessionCredentialsProvider.Builder(roleArn, sessionName)
.withStsClient(stsClient)
Expand All @@ -337,9 +322,8 @@ STSAssumeRoleSessionCredentialsProvider createSTSRoleCredentialProvider(String r
STSAssumeRoleSessionCredentialsProvider createSTSRoleCredentialProvider(String roleArn,
String sessionName, String stsRegion,
AWSCredentialsProvider credentials) {
EndpointConfiguration endpointConfiguration = buildEndpointConfiguration(stsRegion);
AWSSecurityTokenService stsClient = AWSSecurityTokenServiceClientBuilder.standard()
.withEndpointConfiguration(endpointConfiguration)
.withRegion(stsRegion)
.withCredentials(credentials)
.build();

Expand All @@ -352,10 +336,8 @@ STSAssumeRoleSessionCredentialsProvider createSTSRoleCredentialProvider(String r
String externalId,
String sessionName,
String stsRegion) {

EndpointConfiguration endpointConfiguration = buildEndpointConfiguration(stsRegion);
AWSSecurityTokenService stsClient = AWSSecurityTokenServiceClientBuilder.standard()
.withEndpointConfiguration(endpointConfiguration)
.withRegion(stsRegion)
.build();

return new STSAssumeRoleSessionCredentialsProvider.Builder(roleArn, sessionName)
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -23,8 +23,6 @@
import java.util.Map;
import java.util.stream.Collectors;
import java.util.stream.IntStream;

import com.amazonaws.client.builder.AwsClientBuilder;
import org.junit.jupiter.api.Test;
import org.mockito.Mockito;

Expand Down Expand Up @@ -314,9 +312,6 @@ STSAssumeRoleSessionCredentialsProvider createSTSRoleCredentialProvider(String r
assertEquals(TEST_ROLE_ARN, roleArn);
assertEquals(TEST_ROLE_SESSION_NAME, sessionName);
assertEquals("eu-west-1", stsRegion);
AwsClientBuilder.EndpointConfiguration endpointConfiguration = buildEndpointConfiguration(stsRegion);
assertEquals("sts.eu-west-1.amazonaws.com", endpointConfiguration.getServiceEndpoint());

return mockStsRoleProvider;
}
};
Expand Down Expand Up @@ -352,9 +347,6 @@ STSAssumeRoleSessionCredentialsProvider createSTSRoleCredentialProvider(String r
assertEquals(TEST_ROLE_EXTERNAL_ID, externalId);
assertEquals(TEST_ROLE_SESSION_NAME, sessionName);
assertEquals("eu-west-1", stsRegion);
AwsClientBuilder.EndpointConfiguration endpointConfiguration = buildEndpointConfiguration(stsRegion);
assertEquals("sts.eu-west-1.amazonaws.com", endpointConfiguration.getServiceEndpoint());

return mockStsRoleProvider;
}
};
Expand Down Expand Up @@ -389,8 +381,6 @@ STSAssumeRoleSessionCredentialsProvider createSTSRoleCredentialProvider(String r
String sessionName, String stsRegion) {
assertEquals(TEST_ROLE_ARN, roleArn);
assertEquals("aws-msk-iam-auth", sessionName);
AwsClientBuilder.EndpointConfiguration endpointConfiguration = buildEndpointConfiguration(stsRegion);
assertEquals("sts.amazonaws.com", endpointConfiguration.getServiceEndpoint());
return mockStsRoleProvider;
}
};
Expand Down Expand Up @@ -547,8 +537,6 @@ STSAssumeRoleSessionCredentialsProvider createSTSRoleCredentialProvider(String r
String sessionName, String stsRegion) {
assertEquals(TEST_ROLE_ARN, roleArn);
assertEquals(s, sessionName);
AwsClientBuilder.EndpointConfiguration endpointConfiguration = buildEndpointConfiguration(stsRegion);
assertEquals("sts.amazonaws.com", endpointConfiguration.getServiceEndpoint());
return mockStsRoleProvider;
}
};
Expand All @@ -562,8 +550,6 @@ STSAssumeRoleSessionCredentialsProvider createSTSRoleCredentialProvider(String r
AWSCredentialsProvider credentials) {
assertEquals(TEST_ROLE_ARN, roleArn);
assertEquals(s, sessionName);
AwsClientBuilder.EndpointConfiguration endpointConfiguration = buildEndpointConfiguration(stsRegion);
assertEquals("sts.amazonaws.com", endpointConfiguration.getServiceEndpoint());
return mockStsRoleProvider;
}
};
Expand Down

0 comments on commit 1c051dc

Please sign in to comment.