Add support for SSO credentials provider #2118
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
abrooksv
reviewed
Oct 26, 2020
services/sso/src/main/java/software.amazon.awssdk.services.sso/auth/SsoCredentialsProvider.java
Outdated
Show resolved
Hide resolved
...ices/sso/src/main/java/software.amazon.awssdk.services.sso/internal/SsoCredentialsUtils.java
Outdated
Show resolved
Hide resolved
...s/sso/src/test/java/software.amazon.awssdk.services.sso/auth/SsoCredentialsProviderTest.java
Outdated
Show resolved
Hide resolved
...s/sso/src/test/java/software.amazon.awssdk.services.sso/auth/SsoCredentialsProviderTest.java
Outdated
Show resolved
Hide resolved
abrooksv
reviewed
Oct 26, 2020
...ices/sso/src/main/java/software.amazon.awssdk.services.sso/internal/SsoCredentialsUtils.java
Outdated
Show resolved
Hide resolved
millems
reviewed
Oct 26, 2020
core/profiles/src/main/java/software/amazon/awssdk/profiles/ProfileProperty.java
Outdated
Show resolved
Hide resolved
services/sso/src/main/java/software.amazon.awssdk.services.sso/auth/AwsSsoCredentials.java
Outdated
Show resolved
Hide resolved
services/sso/src/main/java/software.amazon.awssdk.services.sso/auth/SsoCredentialsHolder.java
Outdated
Show resolved
Hide resolved
services/sso/src/main/java/software.amazon.awssdk.services.sso/auth/SsoCredentialsProvider.java
Outdated
Show resolved
Hide resolved
...ices/sso/src/main/java/software.amazon.awssdk.services.sso/internal/SsoCredentialsUtils.java
Outdated
Show resolved
Hide resolved
...ices/sso/src/main/java/software.amazon.awssdk.services.sso/internal/SsoCredentialsUtils.java
Outdated
Show resolved
Hide resolved
...s/sso/src/test/java/software.amazon.awssdk.services.sso/auth/SsoCredentialsProviderTest.java
Outdated
Show resolved
Hide resolved
...s/sso/src/test/java/software.amazon.awssdk.services.sso/auth/SsoCredentialsProviderTest.java
Outdated
Show resolved
Hide resolved
...s/sso/src/test/java/software.amazon.awssdk.services.sso/auth/SsoCredentialsProviderTest.java
Outdated
Show resolved
Hide resolved
Quanzzzz
force-pushed
the
sso-credentials-dev
branch
from
9889d08
to
187767b
Compare
|
SonarCloud Quality Gate failed.
|
millems
reviewed
Nov 6, 2020
.../src/main/java/software/amazon/awssdk/auth/credentials/internal/ProfileCredentialsUtils.java
Outdated
Show resolved
Hide resolved
.../src/main/java/software/amazon/awssdk/auth/credentials/internal/ProfileCredentialsUtils.java
Outdated
Show resolved
Hide resolved
...n/java/software/amazon/awssdk/auth/credentials/internal/SsoCredentialsProfileProperties.java
Outdated
Show resolved
Hide resolved
services/sso/src/main/java/software.amazon.awssdk.services.sso/auth/SsoCredentialsProvider.java
Outdated
Show resolved
Hide resolved
core/auth/src/main/java/software/amazon/awssdk/auth/credentials/SessionCredentialsHolder.java
Outdated
Show resolved
Hide resolved
...n/java/software/amazon/awssdk/auth/credentials/internal/SsoCredentialsProfileProperties.java
Outdated
Show resolved
Hide resolved
...n/java/software/amazon/awssdk/auth/credentials/internal/SsoCredentialsProfileProperties.java
Outdated
Show resolved
Hide resolved
.../java/software.amazon.awssdk.services.sso/internal/SsoProfileCredentialsProviderFactory.java
Outdated
Show resolved
Hide resolved
.../java/software.amazon.awssdk.services.sso/internal/SsoProfileCredentialsProviderFactory.java
Outdated
Show resolved
Hide resolved
utils/src/test/java/software/amazon/awssdk/testutils/EnvironmentVariableHelper.java
Show resolved
Hide resolved
kiiadi
reviewed
Nov 6, 2020
utils/src/main/java/software/amazon/awssdk/utils/UserHomeDirectoryUtils.java
Outdated
Show resolved
Hide resolved
millems
reviewed
Nov 10, 2020
.../java/software.amazon.awssdk.services.sso/internal/SsoProfileCredentialsProviderFactory.java
Outdated
Show resolved
Hide resolved
Quanzzzz
force-pushed
the
sso-credentials-dev
branch
2 times, most recently
from
7734c58
to
7fa7dba
Compare
Codecov Report
@@ Coverage Diff @@
## master #2118 +/- ##
============================================
- Coverage 77.44% 77.43% -0.01%
- Complexity 299 326 +27
============================================
Files 1214 1221 +7
Lines 38161 38292 +131
Branches 3014 3018 +4
============================================
+ Hits 29552 29650 +98
- Misses 7157 7187 +30
- Partials 1452 1455 +3
Flags with carried forward coverage won't be shown. Click here to find out more.
Continue to review full report at Codecov.
|
millems
reviewed
Nov 19, 2020
.../src/main/java/software/amazon/awssdk/auth/credentials/internal/ProfileCredentialsUtils.java
Outdated
Show resolved
Hide resolved
services/sso/src/main/java/software.amazon.awssdk.services.sso/auth/ExpiredTokenException.java
Outdated
Show resolved
Hide resolved
...main/java/software.amazon.awssdk.services.sso/auth/SsoProfileCredentialsProviderFactory.java
Outdated
Show resolved
Hide resolved
services/sso/src/main/java/software.amazon.awssdk.services.sso/auth/SsoCredentialsProvider.java
Outdated
Show resolved
Hide resolved
zoewangg
reviewed
Nov 19, 2020
services/sso/src/main/java/software.amazon.awssdk.services.sso/auth/SsoCredentialsProvider.java
Outdated
Show resolved
Hide resolved
...sso/src/main/java/software.amazon.awssdk.services.sso/internal/SessionCredentialsHolder.java
Outdated
Show resolved
Hide resolved
services/sso/src/main/java/software.amazon.awssdk.services.sso/auth/ExpiredTokenException.java
Outdated
Show resolved
Hide resolved
services/sso/src/main/java/software.amazon.awssdk.services.sso/auth/SsoCredentialsProvider.java
Outdated
Show resolved
Hide resolved
services/sso/src/main/java/software.amazon.awssdk.services.sso/auth/SsoCredentialsProvider.java
Outdated
Show resolved
Hide resolved
Quanzzzz
force-pushed
the
sso-credentials-dev
branch
from
7fa7dba
to
f800dac
Compare
Quanzzzz
force-pushed
the
sso-credentials-dev
branch
from
f800dac
to
a72aade
Compare
millems
approved these changes
Nov 20, 2020
aws-sdk-java-automation
added a commit
that referenced
this pull request
Aug 11, 2022
…0a981a11b Pull request: release <- staging/0ddcfee7-c54b-4f14-a09e-8160a981a11b
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Add support for SSO Credentials Provider.
Description
In this pr, a credential provider that exchanges a resolved SSO login token for temporary AWS credentials is added. Besides, several new classes and tests are added to enable this credentials provider.
Main Updates since the first review:
SsoCredentialsProviderinto part of theProfileCredentialsProviderso the profile addressing part can be better taken care of;Besides the main changes for SSO, there are also some small changes to the code:
SdkInternalApito make it more accurate;userHomeDirectorymethod out ofProfileFileLocationand put it in theutilsmodule, thus it can be used by the other modules;Motivation and Context
Currently, SSO provides customers an interface where customers can copy-paste snippests to set the environment variables to temporary credentials that they generate.
While the interface is good for console access and fine for occasional API use, it is painful for repeated API use as customers have to go back to the SSO page every hour to get new credentials. Allowing customers to use their existing login username and password to fetch temporart AWS credentials without having to go to an external site is a much more seamless experience.
Testing
Since this credentials provider include interaction with SSO service and it relies on another SSO login flow, so there isn’t integration tests added here. However, to make sure the functionality is sound, multiple unit tests and functional tests are added.
Types of changes
Checklist
mvn installsucceedsLicense