public String getEKSToken()

in cloudwatch-controller/src/main/java/io/kubernetes/client/util/CustomAuthentication.java [84:152]

• 53 lines of code
• 2 McCabe index (conditional complexity)

    public String getEKSToken() {
    	
    	// Get session token from STS
		Map<String,String> credentialsMap = getSessionToken();
    	String awsAccessKey = credentialsMap.get("awsAccessKey");
    	String awsSecretKey = credentialsMap.get("awsSecretKey");
    	String sessionToken = credentialsMap.get("sessionToken");
      
    	// the region-specific end point to the target object expressed in path style
        URL endpointUrl;
        String urlString;
        try {
        	urlString = String.format("https://sts.%s.amazonaws.com/", AWSConfig.getRegion());
            endpointUrl = new URL(urlString);
            logger.debug(String.format("Making GET request to %s", urlString));
        } 
        catch (MalformedURLException e) {
            throw new RuntimeException("Unable to parse service endpoint: " + e.getMessage());
        }
        
        // Get the data string in the given format
        SimpleDateFormat dateTimeFormat = new SimpleDateFormat(ISO8601BasicFormat);
        SimpleDateFormat dateFormat = new SimpleDateFormat(SimpleDateFormat);
        dateTimeFormat.setTimeZone(new SimpleTimeZone(0, "UTC"));
        dateFormat.setTimeZone(new SimpleTimeZone(0, "UTC"));
        Date now = new Date();
        String dateTimeStamp = dateTimeFormat.format(now);
        
        // Add the header
        Map<String, String> headers = new HashMap<String, String>();
        headers.put("x-k8s-aws-id", EKSConfig.getClusterName());

        // Add operation query parameters
        Map<String, String> opQueryParameters = new HashMap<String, String>();
        opQueryParameters.put("Action", "GetCallerIdentity");
        opQueryParameters.put("Version", "2011-06-15");
        
        // Add authentication query parameters
        Map<String, String> authQueryParameters = new HashMap<String, String>();
        authQueryParameters.put("X-Amz-Algorithm", "AWS4-HMAC-SHA256");
        authQueryParameters.put("X-Amz-Credential", String.format("%s/%s/%s/sts/aws4_request", awsAccessKey, dateFormat.format(now), AWSConfig.getRegion()));
        authQueryParameters.put("X-Amz-Date", dateTimeStamp);
        authQueryParameters.put("X-Amz-Expires", "60");
        authQueryParameters.put("X-Amz-Security-Token", sessionToken);
        authQueryParameters.put("X-Amz-SignedHeaders", "host;x-k8s-aws-id");

        AWS4SignerForAuthorizationHeader signer = new AWS4SignerForAuthorizationHeader(endpointUrl, "GET", "sts", AWSConfig.getRegion());
        Map<String,String> signingArtifacts = signer.computeSignature(
        		headers, 
        		opQueryParameters, 
        		authQueryParameters,
        		AWS4SignerBase.EMPTY_BODY_SHA256, 
        		awsAccessKey, 
        		awsSecretKey);
        
        String signedUrl = String.format("%s?%s&X-Amz-Signature=%s", 
        		urlString, 
        		signingArtifacts.get("QueryParameters"), 
        		signingArtifacts.get("Signature"));
        
        
        ByteBuffer utf8Buffer = StandardCharsets.UTF_8.encode(signedUrl); 
        ByteBuffer base64Buffer = Base64.getEncoder().encode(utf8Buffer);
        String utf8EncodedSignedUrl = StandardCharsets.UTF_8.decode(base64Buffer).toString();
        utf8EncodedSignedUrl = utf8EncodedSignedUrl.replace("=", "");
        String eksToken = EKSConfig.getEKSTokenPrefix().concat(utf8EncodedSignedUrl);
        logger.debug(String.format("EKS Token =\n%s", eksToken));
        return eksToken;
    }