1 /* 2 * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"). 5 * You may not use this file except in compliance with the License. 6 * A copy of the License is located at 7 * 8 * http://aws.amazon.com/apache2.0 9 * 10 * or in the "license" file accompanying this file. This file is distributed 11 * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either 12 * express or implied. See the License for the specific language governing 13 * permissions and limitations under the License. 14 */ 15 16 package software.amazon.awssdk.auth.credentials.internal; 17 18 import static software.amazon.awssdk.utils.StringUtils.trim; 19 20 import java.util.Optional; 21 import software.amazon.awssdk.annotations.SdkInternalApi; 22 import software.amazon.awssdk.auth.credentials.AwsBasicCredentials; 23 import software.amazon.awssdk.auth.credentials.AwsCredentials; 24 import software.amazon.awssdk.auth.credentials.AwsCredentialsProvider; 25 import software.amazon.awssdk.auth.credentials.AwsSessionCredentials; 26 import software.amazon.awssdk.auth.credentials.EnvironmentVariableCredentialsProvider; 27 import software.amazon.awssdk.auth.credentials.SystemPropertyCredentialsProvider; 28 import software.amazon.awssdk.core.SdkSystemSetting; 29 import software.amazon.awssdk.core.exception.SdkClientException; 30 import software.amazon.awssdk.utils.StringUtils; 31 import software.amazon.awssdk.utils.SystemSetting; 32 33 /** 34 * Loads credentials providers from the {@link SdkSystemSetting#AWS_ACCESS_KEY_ID}, 35 * {@link SdkSystemSetting#AWS_SECRET_ACCESS_KEY}, and {@link SdkSystemSetting#AWS_SESSION_TOKEN} system settings. 36 * 37 * This does not load the credentials directly. Instead, the actual mapping of setting to credentials is done by child classes. 38 * This allows us to separately load the credentials from system properties and environment variables so that customers can 39 * remove one or the other from their credential chain, or build a different chain with these pieces of functionality separated. 40 * 41 * @see EnvironmentVariableCredentialsProvider 42 * @see SystemPropertyCredentialsProvider 43 */ 44 @SdkInternalApi 45 public abstract class SystemSettingsCredentialsProvider implements AwsCredentialsProvider { 46 @Override resolveCredentials()47 public AwsCredentials resolveCredentials() { 48 String accessKey = trim(loadSetting(SdkSystemSetting.AWS_ACCESS_KEY_ID).orElse(null)); 49 String secretKey = trim(loadSetting(SdkSystemSetting.AWS_SECRET_ACCESS_KEY).orElse(null)); 50 String sessionToken = trim(loadSetting(SdkSystemSetting.AWS_SESSION_TOKEN).orElse(null)); 51 52 if (StringUtils.isBlank(accessKey)) { 53 throw SdkClientException.builder() 54 .message(String.format("Unable to load credentials from system settings. Access key must be" + 55 " specified either via environment variable (%s) or system property (%s).", 56 SdkSystemSetting.AWS_ACCESS_KEY_ID.environmentVariable(), 57 SdkSystemSetting.AWS_ACCESS_KEY_ID.property())) 58 .build(); 59 } 60 61 if (StringUtils.isBlank(secretKey)) { 62 throw SdkClientException.builder() 63 .message(String.format("Unable to load credentials from system settings. Secret key must be" + 64 " specified either via environment variable (%s) or system property (%s).", 65 SdkSystemSetting.AWS_SECRET_ACCESS_KEY.environmentVariable(), 66 SdkSystemSetting.AWS_SECRET_ACCESS_KEY.property())) 67 .build(); 68 } 69 70 return StringUtils.isBlank(sessionToken) ? AwsBasicCredentials.create(accessKey, secretKey) 71 : AwsSessionCredentials.create(accessKey, secretKey, sessionToken); 72 } 73 74 /** 75 * Implemented by child classes to load the requested setting. 76 */ loadSetting(SystemSetting setting)77 protected abstract Optional<String> loadSetting(SystemSetting setting); 78 } 79