public final class StsWebIdentityTokenFileCredentialsProvider extends Object implements ToCopyableBuilder<StsWebIdentityTokenFileCredentialsProvider.Builder,StsWebIdentityTokenFileCredentialsProvider>
AwsCredentialsProvider
that periodically sends an AssumeRoleWithWebIdentityRequest
to the
AWS Security Token Service to maintain short-lived sessions to use for authentication. These sessions are updated using a
single calling thread (by default) or asynchronously (if StsCredentialsProvider.BaseBuilder.asyncCredentialUpdateEnabled(Boolean)
is set).
Unlike StsAssumeRoleWithWebIdentityCredentialsProvider
, this reads the web identity information, including AWS role
ARN, AWS session name and the location of a web identity token file from system properties and environment variables. The
web identity token file is expected to contain the web identity token to use with each request.
If the credentials are not successfully updated before expiration, calls to resolveCredentials()
will block until
they are updated successfully.
Users of this provider must close()
it when they are finished using it.
This is created using builder()
.Modifier and Type | Class and Description |
---|---|
protected static class |
StsCredentialsProvider.BaseBuilder<B extends StsCredentialsProvider.BaseBuilder<B,T>,T extends ToCopyableBuilder<B,T>>
Extended by child class's builders to share configuration across credential providers.
|
static class |
StsWebIdentityTokenFileCredentialsProvider.Builder |
Modifier and Type | Method and Description |
---|---|
static StsWebIdentityTokenFileCredentialsProvider.Builder |
builder() |
void |
close() |
protected Credentials |
getUpdatedCredentials(StsClient stsClient)
Implemented by a child class to call STS and get a new set of credentials to be used by this provider.
|
Duration |
prefetchTime()
The amount of time, relative to STS token expiration, that the cached credentials are considered close to stale
and should be updated.
|
AwsCredentials |
resolveCredentials() |
Duration |
staleTime()
The amount of time, relative to STS token expiration, that the cached credentials are considered stale and
should no longer be used.
|
StsWebIdentityTokenFileCredentialsProvider.Builder |
toBuilder() |
String |
toString() |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait
copy
public static StsWebIdentityTokenFileCredentialsProvider.Builder builder()
public AwsCredentials resolveCredentials()
resolveCredentials
in interface AwsCredentialsProvider
protected Credentials getUpdatedCredentials(StsClient stsClient)
public StsWebIdentityTokenFileCredentialsProvider.Builder toBuilder()
toBuilder
in interface ToCopyableBuilder<StsWebIdentityTokenFileCredentialsProvider.Builder,StsWebIdentityTokenFileCredentialsProvider>
public void close()
close
in interface AutoCloseable
close
in interface SdkAutoCloseable
public Duration staleTime()
public Duration prefetchTime()
Copyright © 2022. All rights reserved.