List of usage examples for com.amazonaws.services.securitytoken AWSSecurityTokenServiceClient getCallerIdentity
@Override
public GetCallerIdentityResult getCallerIdentity(GetCallerIdentityRequest request)
Returns details about the IAM user or role whose credentials are used to call the operation.
From source file:com.yahoo.athenz.instance.provider.impl.InstanceAWSProvider.java
License:Apache License
public boolean verifyInstanceIdentity(AWSAttestationData info, final String awsAccount) { GetCallerIdentityRequest req = new GetCallerIdentityRequest(); try {//www . j a v a 2 s . co m AWSSecurityTokenServiceClient client = getInstanceClient(info); if (client == null) { LOGGER.error("verifyInstanceIdentity - unable to get AWS STS client object"); return false; } GetCallerIdentityResult res = client.getCallerIdentity(req); if (res == null) { LOGGER.error("verifyInstanceIdentity - unable to get caller identity"); return false; } String arn = "arn:aws:sts::" + awsAccount + ":assumed-role/" + info.getRole() + "/"; if (!res.getArn().startsWith(arn)) { LOGGER.error("verifyInstanceIdentity - ARN mismatch - request: {} caller-idenity: {}", arn, res.getArn()); return false; } return true; } catch (Exception ex) { LOGGER.error("CloudStore: verifyInstanceIdentity - unable get caller identity: {}", ex.getMessage()); return false; } }
From source file:com.yahoo.athenz.zts.store.MockCloudStore.java
License:Apache License
@Override AWSSecurityTokenServiceClient getTokenServiceClient() { AWSSecurityTokenServiceClient client = Mockito.mock(AWSSecurityTokenServiceClient.class); Mockito.when(client.assumeRole(Mockito.any(AssumeRoleRequest.class))).thenReturn(assumeRoleResult); Mockito.when(client.getCallerIdentity(Mockito.any(GetCallerIdentityRequest.class))) .thenReturn(callerIdentityResult); return client; }