sts: Make STS client anynomous for web identity (#157)

sandeepvinayak · web-flow · commit a7051537ca4b · 2025-11-20T23:56:15.000-08:00
diff --git a/examples/src/main/java/com/salesforce/multicloudj/sts/Main.java b/examples/src/main/java/com/salesforce/multicloudj/sts/Main.java
@@ -1,8 +1,11 @@
 package com.salesforce.multicloudj.sts;
 
 import com.salesforce.multicloudj.blob.client.BucketClient;
+import com.salesforce.multicloudj.blob.driver.ListBlobsPageRequest;
+import com.salesforce.multicloudj.blob.driver.ListBlobsPageResponse;
 import com.salesforce.multicloudj.sts.client.StsClient;
 import com.salesforce.multicloudj.sts.client.StsUtilities;
+import com.salesforce.multicloudj.sts.model.AssumeRoleWebIdentityRequest;
 import com.salesforce.multicloudj.sts.model.AssumedRoleRequest;
 import com.salesforce.multicloudj.sts.model.CallerIdentity;
 import com.salesforce.multicloudj.sts.model.CredentialsOverrider;
@@ -44,7 +47,7 @@ public static void assumeRole() {
     public static void assumeRoleWebIdentityCredentialsOverrider() {
         Supplier<String> tokenSupplier = () -> {
             StsClient clientGcp = StsClient.builder("gcp").build();
-            CallerIdentity identity = clientGcp.getCallerIdentity(GetCallerIdentityRequest.builder().aud("some-aud").build());
+            CallerIdentity identity = clientGcp.getCallerIdentity(GetCallerIdentityRequest.builder().aud("multicloudj").build());
             return identity.getCloudResourceName();
         };
 
@@ -53,18 +56,21 @@ public static void assumeRoleWebIdentityCredentialsOverrider() {
                 .withWebIdentityTokenSupplier(tokenSupplier)
                 .build();
         BucketClient bucketClient = BucketClient.builder(provider)
-                .withRegion("us-west-2")
+                .withRegion("us-west-2").withBucket("chameleon-jclouds")
                 .withCredentialsOverrider(overrider)
                 .build();
-        bucketClient.doesObjectExist("asa", "a");
+        ListBlobsPageResponse r=bucketClient.listPage(ListBlobsPageRequest.builder().withMaxResults(1).build());
+        System.out.println("s");
     }
 
     private static void getCallerIdentity() {
-        StsClient client = StsClient.builder(provider).withRegion("us-west-2").build();
+        StsClient client = StsClient.builder("gcp").withRegion("us-west-2").build();
         CallerIdentity identity = client.getCallerIdentity();
-
+        StsClient client2 = StsClient.builder("aws").withRegion("us-west-2").build();
+        StsCredentials credentials = client2.getAssumeRoleWithWebIdentityCredentials(AssumeRoleWebIdentityRequest.builder()
+                .webIdentityToken(identity.getCloudResourceName()).role("arn:aws:iam::654654370895:role/chameleon-web").build());
         System.out.printf("\nAccountId: %s,UserId: %s,ResourceName: %s\n",
-                identity.getAccountId(), identity.getUserId(), identity.getCloudResourceName());
+                identity.getAccountId(), identity.getUserId(), identity.getCloudResourceName(), credentials.getAccessKeyId());
     }
 
     public static void nativeAuthSignerUtilityWithStsCredentials() {
diff --git a/multicloudj-common-aws/src/main/java/com/salesforce/multicloudj/common/aws/CredentialsProvider.java b/multicloudj-common-aws/src/main/java/com/salesforce/multicloudj/common/aws/CredentialsProvider.java
@@ -2,6 +2,7 @@
 
 import com.salesforce.multicloudj.sts.model.CredentialsOverrider;
 import com.salesforce.multicloudj.sts.model.StsCredentials;
+import software.amazon.awssdk.auth.credentials.AnonymousCredentialsProvider;
 import software.amazon.awssdk.auth.credentials.AwsCredentialsProvider;
 import software.amazon.awssdk.auth.credentials.AwsSessionCredentials;
 import software.amazon.awssdk.auth.credentials.StaticCredentialsProvider;
@@ -47,7 +48,7 @@ public static AwsCredentialsProvider getCredentialsProvider(CredentialsOverrider
                 String assumeRole = overrider.getRole();
                 String sessionName = overrider.getSessionName() != null
                         ? overrider.getSessionName() : "multicloudj-web-identity-" + System.currentTimeMillis();
-                StsClient stsClient = StsClient.builder().region(region).build();
+                StsClient stsClient = StsClient.builder().credentialsProvider(AnonymousCredentialsProvider.create()).region(region).build();
 
                 if (overrider.getWebIdentityTokenSupplier() == null) {
                     throw new IllegalArgumentException("webIdentityTokenSupplier must be provided for ASSUME_ROLE_WEB_IDENTITY credentials type");
