/* * Copyright 2016 Amazon.com, Inc. or its affiliates. All Rights Reserved. * * Licensed under the Apache License, Version 2.0 (the "License"). * You may not use this file except in compliance with the License. * A copy of the License is located at * * http://aws.amazon.com/apache2.0 * * or in the "license" file accompanying this file. This file is distributed * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either * express or implied. See the License for the specific language governing * permissions and limitations under the License. */ package com.amazonaws.codepipeline.jenkinsplugin; import java.util.Objects; import org.joda.time.Duration; import org.joda.time.Instant; import com.amazonaws.auth.AWSCredentialsProvider; import com.amazonaws.auth.AWSSessionCredentials; import com.amazonaws.auth.BasicSessionCredentials; import com.amazonaws.services.codepipeline.AWSCodePipeline; import com.amazonaws.services.codepipeline.model.GetJobDetailsRequest; import com.amazonaws.services.codepipeline.model.GetJobDetailsResult; public final class AWSCodePipelineJobCredentialsProvider implements AWSCredentialsProvider { // CodePipeline job credentials are valid for 15 minutes private static final Duration CREDENTIALS_DURATION = Duration.standardMinutes(14); private final String jobId; private final AWSCodePipeline codePipelineClient; private volatile AWSSessionCredentials credentials; private volatile Instant lastRefreshedInstant; public AWSCodePipelineJobCredentialsProvider(final String jobId, final AWSCodePipeline codePipelineClient) { this.jobId = Objects.requireNonNull(jobId, "jobId must not be null"); this.codePipelineClient = Objects.requireNonNull(codePipelineClient, "codePipelineClient must not be null"); } @Override public AWSSessionCredentials getCredentials() { if (this.credentials == null || this.lastRefreshedInstant.isBefore(Instant.now().minus(CREDENTIALS_DURATION))) { refresh(); } return this.credentials; } @Override public synchronized void refresh() { final GetJobDetailsRequest getJobDetailsRequest = new GetJobDetailsRequest().withJobId(jobId); final GetJobDetailsResult getJobDetailsResult = codePipelineClient.getJobDetails(getJobDetailsRequest); final com.amazonaws.services.codepipeline.model.AWSSessionCredentials credentials = getJobDetailsResult.getJobDetails().getData().getArtifactCredentials(); this.lastRefreshedInstant = Instant.now(); this.credentials = new BasicSessionCredentials( credentials.getAccessKeyId(), credentials.getSecretAccessKey(), credentials.getSessionToken()); } }