diff options
author | Morten Tokle <mortent@verizonmedia.com> | 2019-09-09 15:22:02 +0200 |
---|---|---|
committer | Morten Tokle <mortent@verizonmedia.com> | 2019-09-09 15:22:02 +0200 |
commit | a72405c2548d45f91a2ecfc5a035acefa3619f52 (patch) | |
tree | f3894498fee8740d5ac28afda62723ab1ff8fd4e | |
parent | dd25c2a3c4c16ba96eda61e996f5347f1f8eaa9c (diff) |
Remove unused credentials provider
3 files changed, 0 insertions, 116 deletions
diff --git a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/aws/AwsCredentialsProvider.java b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/aws/AwsCredentialsProvider.java deleted file mode 100644 index bd2f76bac52..00000000000 --- a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/aws/AwsCredentialsProvider.java +++ /dev/null @@ -1,76 +0,0 @@ -// Copyright 2019 Oath Inc. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. -package com.yahoo.vespa.athenz.client.aws; - -import com.amazonaws.auth.AWSCredentials; -import com.amazonaws.auth.AWSCredentialsProvider; -import com.amazonaws.auth.BasicSessionCredentials; -import com.yahoo.vespa.athenz.api.AthenzDomain; -import com.yahoo.vespa.athenz.api.AwsRole; -import com.yahoo.vespa.athenz.api.AwsTemporaryCredentials; -import com.yahoo.vespa.athenz.client.zts.DefaultZtsClient; -import com.yahoo.vespa.athenz.client.zts.ZtsClient; -import com.yahoo.vespa.athenz.identity.ServiceIdentityProvider; - -import javax.net.ssl.SSLContext; -import java.net.URI; -import java.time.Duration; -import java.time.Instant; -import java.util.Optional; - -/** - * Implementation of AWSCredentialsProvider using com.yahoo.vespa.athenz.client.zts.ZtsClient - * - * @author mortent - */ -public class AwsCredentialsProvider implements AWSCredentialsProvider { - - private final static Duration MIN_EXPIRY = Duration.ofMinutes(5); - private final AthenzDomain athenzDomain; - private final AwsRole awsRole; - private final ZtsClient ztsClient; - private volatile AwsTemporaryCredentials credentials; - - public AwsCredentialsProvider(ZtsClient ztsClient, AthenzDomain athenzDomain, AwsRole awsRole) { - this.ztsClient = ztsClient; - this.athenzDomain = athenzDomain; - this.awsRole = awsRole; - this.credentials = getAthenzTempCredentials(); - } - - public AwsCredentialsProvider(URI ztsUrl, ServiceIdentityProvider identityProvider, AthenzDomain athenzDomain, AwsRole awsRole) { - this(new DefaultZtsClient(ztsUrl, identityProvider), athenzDomain, awsRole); - } - - public AwsCredentialsProvider(URI ztsUrl, SSLContext sslContext, AthenzDomain athenzDomain, AwsRole awsRole) { - this(new DefaultZtsClient(ztsUrl, null, sslContext), athenzDomain, awsRole); - } - - /** - * Requests temporary credentials from ZTS or return cached credentials - */ - private AwsTemporaryCredentials getAthenzTempCredentials() { - if(shouldRefresh(credentials)) { - this.credentials = ztsClient.getAwsTemporaryCredentials(athenzDomain, awsRole); - } - return credentials; - } - - @Override - public AWSCredentials getCredentials() { - AwsTemporaryCredentials creds = getAthenzTempCredentials(); - return new BasicSessionCredentials(creds.accessKeyId(), creds.secretAccessKey(), creds.sessionToken()); - } - - @Override - public void refresh() { - getAthenzTempCredentials(); - } - - /* - * Checks credential expiration, returns true if it will expipre in the next MIN_EXPIRY minutes - */ - static boolean shouldRefresh(AwsTemporaryCredentials credentials) { - Instant expiration = Optional.ofNullable(credentials).map(AwsTemporaryCredentials::expiration).orElse(Instant.EPOCH); - return Duration.between(Instant.now(), expiration).toMinutes() < MIN_EXPIRY.toMinutes(); - } -} diff --git a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/aws/package-info.java b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/aws/package-info.java deleted file mode 100644 index 74ef35a1e50..00000000000 --- a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/aws/package-info.java +++ /dev/null @@ -1,5 +0,0 @@ -// Copyright 2019 Oath Inc. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. -@ExportPackage -package com.yahoo.vespa.athenz.client.aws; - -import com.yahoo.osgi.annotation.ExportPackage;
\ No newline at end of file diff --git a/vespa-athenz/src/test/java/com/yahoo/vespa/athenz/client/aws/AwsCredentialProviderTest.java b/vespa-athenz/src/test/java/com/yahoo/vespa/athenz/client/aws/AwsCredentialProviderTest.java deleted file mode 100644 index d637dcae14c..00000000000 --- a/vespa-athenz/src/test/java/com/yahoo/vespa/athenz/client/aws/AwsCredentialProviderTest.java +++ /dev/null @@ -1,35 +0,0 @@ -// Copyright 2019 Oath Inc. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. -package com.yahoo.vespa.athenz.client.aws; - -import com.yahoo.vespa.athenz.api.AwsTemporaryCredentials; -import org.junit.Test; - -import java.time.Clock; -import java.time.Duration; -import java.time.Instant; - -import static org.junit.Assert.assertFalse; -import static org.junit.Assert.assertTrue; - -public class AwsCredentialProviderTest { - - @Test - public void refreshes_correctly() { - Clock clock = Clock.systemUTC(); - // Does not require refresh when expires in 10 minutes - assertFalse(AwsCredentialsProvider.shouldRefresh(getCredentials(clock.instant().plus(Duration.ofMinutes(10))))); - - // Requires refresh when expires in 3 minutes - assertTrue(AwsCredentialsProvider.shouldRefresh(getCredentials(clock.instant().plus(Duration.ofMinutes(3))))); - - // Requires refresh when expired - assertTrue(AwsCredentialsProvider.shouldRefresh(getCredentials(clock.instant().minus(Duration.ofMinutes(1))))); - - // Refreshes when no credentials provided - assertTrue(AwsCredentialsProvider.shouldRefresh(null)); - } - - private AwsTemporaryCredentials getCredentials(Instant expiration) { - return new AwsTemporaryCredentials("accesskey", "secretaccesskey", "sessionToken", expiration); - } -} |