in cloudwatch-controller/src/main/java/io/kubernetes/client/util/CustomAuthentication.java [48:82]
public Map<String,String> getSessionToken() {
try {
BasicAWSCredentials credentials = new BasicAWSCredentials(AWSConfig.getAccessKey(), AWSConfig.getSecretKey());
AWSCredentialsProvider credentialsProvider = new AWSStaticCredentialsProvider(credentials);
AWSSecurityTokenService stsClient = AWSSecurityTokenServiceClientBuilder.standard()
.withCredentials(credentialsProvider)
.withEndpointConfiguration(new AwsClientBuilder.EndpointConfiguration(AWSConfig.getSTSEndpoint(), AWSConfig.getRegion()))
.build();
AssumeRoleRequest assumeRoleRequest = new AssumeRoleRequest();
assumeRoleRequest.setRoleArn(AWSConfig.getAssumedRole());
assumeRoleRequest.setDurationSeconds(3600);
assumeRoleRequest.setRoleSessionName("EKSGetTokenAuth");
AssumeRoleResult assumeRoleResult = stsClient.assumeRole(assumeRoleRequest);
Credentials sessionCredentials = assumeRoleResult.getCredentials();
String accessKeyId = sessionCredentials.getAccessKeyId();
String secretAccessKey = sessionCredentials.getSecretAccessKey();
String sessionToken = sessionCredentials.getSessionToken();
logger.debug(String.format("Assumed Role ID = %s", assumeRoleResult.getAssumedRoleUser()));
logger.debug(String.format("Access Key ID = %s", accessKeyId));
logger.debug(String.format("Secret Access Key = %s", secretAccessKey));
logger.debug(String.format("Session Token = %s", sessionToken));
Map<String,String> credentialsMap = new HashMap<String,String>();
credentialsMap.put("awsAccessKey", accessKeyId);
credentialsMap.put("awsSecretKey", secretAccessKey);
credentialsMap.put("sessionToken", sessionToken);
return credentialsMap;
} catch (Exception ex) {
logger.error(String.format("Exception occurred when assuming role %s; %s", AWSConfig.getAssumedRole(), ex.getMessage()), ex);
}
return null;
}