Example usage for com.amazonaws.services.securitytoken AWSSecurityTokenServiceClient getCallerIdentity

Introduction

In this page you can find the example usage for com.amazonaws.services.securitytoken AWSSecurityTokenServiceClient getCallerIdentity.

Prototype

@Override
public GetCallerIdentityResult getCallerIdentity(GetCallerIdentityRequest request)

Source Link

Document

Returns details about the IAM user or role whose credentials are used to call the operation.

Usage

From source file:com.yahoo.athenz.instance.provider.impl.InstanceAWSProvider.java

License:Apache License

public boolean verifyInstanceIdentity(AWSAttestationData info, final String awsAccount) {

    GetCallerIdentityRequest req = new GetCallerIdentityRequest();

    try {//www .  j  a v  a  2 s  .  co m
        AWSSecurityTokenServiceClient client = getInstanceClient(info);
        if (client == null) {
            LOGGER.error("verifyInstanceIdentity - unable to get AWS STS client object");
            return false;
        }

        GetCallerIdentityResult res = client.getCallerIdentity(req);
        if (res == null) {
            LOGGER.error("verifyInstanceIdentity - unable to get caller identity");
            return false;
        }

        String arn = "arn:aws:sts::" + awsAccount + ":assumed-role/" + info.getRole() + "/";
        if (!res.getArn().startsWith(arn)) {
            LOGGER.error("verifyInstanceIdentity - ARN mismatch - request: {} caller-idenity: {}", arn,
                    res.getArn());
            return false;
        }

        return true;

    } catch (Exception ex) {
        LOGGER.error("CloudStore: verifyInstanceIdentity - unable get caller identity: {}", ex.getMessage());
        return false;
    }
}

From source file:com.yahoo.athenz.zts.store.MockCloudStore.java

License:Apache License

@Override
AWSSecurityTokenServiceClient getTokenServiceClient() {
    AWSSecurityTokenServiceClient client = Mockito.mock(AWSSecurityTokenServiceClient.class);
    Mockito.when(client.assumeRole(Mockito.any(AssumeRoleRequest.class))).thenReturn(assumeRoleResult);
    Mockito.when(client.getCallerIdentity(Mockito.any(GetCallerIdentityRequest.class)))
            .thenReturn(callerIdentityResult);
    return client;
}