1 /* 2 * Copyright 2024 Google LLC 3 * 4 * Redistribution and use in source and binary forms, with or without 5 * modification, are permitted provided that the following conditions are 6 * met: 7 * 8 * * Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * * Redistributions in binary form must reproduce the above 11 * copyright notice, this list of conditions and the following disclaimer 12 * in the documentation and/or other materials provided with the 13 * distribution. 14 * 15 * * Neither the name of Google LLC nor the names of its 16 * contributors may be used to endorse or promote products derived from 17 * this software without specific prior written permission. 18 * 19 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 20 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 21 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 22 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 23 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 24 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 25 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 26 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 27 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 28 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 29 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 30 */ 31 32 package com.google.auth.oauth2; 33 34 import java.io.IOException; 35 import java.io.Serializable; 36 37 /** 38 * Supplier for retrieving AWS Security credentials for {@Link AwsCredentials} to exchange for GCP 39 * access tokens. 40 */ 41 public interface AwsSecurityCredentialsSupplier extends Serializable { 42 43 /** 44 * Gets the AWS region to use. 45 * 46 * @param context relevant context from the calling credential. 47 * @return the AWS region that should be used for the credential. 48 * @throws IOException 49 */ getRegion(ExternalAccountSupplierContext context)50 String getRegion(ExternalAccountSupplierContext context) throws IOException; 51 52 /** 53 * Gets AWS security credentials. 54 * 55 * @param context relevant context from the calling credential. 56 * @return valid AWS security credentials that can be exchanged for a GCP access token. 57 * @throws IOException 58 */ getCredentials(ExternalAccountSupplierContext context)59 AwsSecurityCredentials getCredentials(ExternalAccountSupplierContext context) throws IOException; 60 } 61