Interface FederationRequestHandler
-
- All Superinterfaces:
com.amazonaws.services.lambda.runtime.RequestStreamHandler
- All Known Implementing Classes:
AmazonMskMetadataHandler,AmazonMskRecordHandler,AwsCmdbMetadataHandler,AwsCmdbRecordHandler,BigQueryMetadataHandler,BigQueryRecordHandler,ClickHouseMetadataHandler,ClickHouseMuxMetadataHandler,ClickHouseMuxRecordHandler,ClickHouseRecordHandler,CloudwatchMetadataHandler,CloudwatchRecordHandler,DataLakeGen2MetadataHandler,DataLakeGen2MuxMetadataHandler,DataLakeGen2MuxRecordHandler,DataLakeGen2RecordHandler,Db2As400MetadataHandler,Db2As400MuxMetadataHandler,Db2As400MuxRecordHandler,Db2As400RecordHandler,Db2MetadataHandler,Db2MuxMetadataHandler,Db2MuxRecordHandler,Db2RecordHandler,DocDBMetadataHandler,DocDBRecordHandler,DynamoDBMetadataHandler,DynamoDBRecordHandler,ElasticsearchMetadataHandler,ElasticsearchRecordHandler,ExampleMetadataHandler,ExampleRecordHandler,GcsMetadataHandler,GcsRecordHandler,GlueMetadataHandler,HbaseMetadataHandler,HbaseRecordHandler,HiveMetadataHandler,HiveMetadataHandler,HiveMuxMetadataHandler,HiveMuxMetadataHandler,HiveMuxRecordHandler,HiveMuxRecordHandler,HiveRecordHandler,HiveRecordHandler,ImpalaMetadataHandler,ImpalaMuxMetadataHandler,ImpalaMuxRecordHandler,ImpalaRecordHandler,JdbcMetadataHandler,JdbcRecordHandler,KafkaMetadataHandler,KafkaRecordHandler,MetadataHandler,MetricsMetadataHandler,MetricsRecordHandler,MultiplexingJdbcMetadataHandler,MultiplexingJdbcRecordHandler,MySqlMetadataHandler,MySqlMuxMetadataHandler,MySqlMuxRecordHandler,MySqlRecordHandler,NeptuneMetadataHandler,NeptuneRecordHandler,OracleMetadataHandler,OracleMuxMetadataHandler,OracleMuxRecordHandler,OracleRecordHandler,PostGreSqlMetadataHandler,PostGreSqlMuxMetadataHandler,PostGreSqlMuxRecordHandler,PostGreSqlRecordHandler,RecordHandler,RedisMetadataHandler,RedisRecordHandler,RedshiftMetadataHandler,RedshiftMuxMetadataHandler,RedshiftMuxRecordHandler,RedshiftRecordHandler,SaphanaMetadataHandler,SaphanaMuxMetadataHandler,SaphanaMuxRecordHandler,SaphanaRecordHandler,SnowflakeMetadataHandler,SnowflakeMuxMetadataHandler,SnowflakeMuxRecordHandler,SnowflakeRecordHandler,SqlServerMetadataHandler,SqlServerMuxMetadataHandler,SqlServerMuxRecordHandler,SqlServerRecordHandler,SynapseMetadataHandler,SynapseMuxMetadataHandler,SynapseMuxRecordHandler,SynapseRecordHandler,TeradataMetadataHandler,TeradataMuxMetadataHandler,TeradataMuxRecordHandler,TeradataRecordHandler,TimestreamMetadataHandler,TimestreamRecordHandler,TPCDSMetadataHandler,TPCDSMockMetadataHandler,TPCDSRecordHandler,VerticaMetadataHandler,VerticaRecordHandler
public interface FederationRequestHandler extends com.amazonaws.services.lambda.runtime.RequestStreamHandler
-
-
Method Summary
All Methods Instance Methods Abstract Methods Default Methods Modifier and Type Method Description default CredentialsProvidercreateCredentialsProvider(String secretName, software.amazon.awssdk.awscore.AwsRequestOverrideConfiguration requestOverrideConfiguration)Factory method to create CredentialsProvider.default software.amazon.awssdk.services.athena.AthenaClientgetAthenaClient(software.amazon.awssdk.awscore.AwsRequestOverrideConfiguration awsRequestOverrideConfiguration, software.amazon.awssdk.services.athena.AthenaClient defaultAthena)CachableSecretsManagergetCachableSecretsManager()Gets the CachableSecretsManager instance used by this handler.default CredentialsProvidergetCredentialProvider(software.amazon.awssdk.awscore.AwsRequestOverrideConfiguration requestOverrideConfiguration)Gets a credentials provider for database connections with optional request override configuration.default StringgetDatabaseConnectionSecret()Gets the database connection secret name.KmsEncryptionProvidergetKmsEncryptionProvider()Gets the KmsEncryptionProvider instance used by this handler.default software.amazon.awssdk.awscore.AwsRequestOverrideConfigurationgetRequestOverrideConfig(FederationRequest request)Gets the AWS request override configuration for a FederationRequest.default software.amazon.awssdk.awscore.AwsRequestOverrideConfigurationgetRequestOverrideConfig(Map<String,String> configOptions)Gets the AWS request override configuration for the given config options.default software.amazon.awssdk.awscore.AwsRequestOverrideConfigurationgetRequestOverrideConfig(Map<String,String> configOptions, KmsEncryptionProvider kmsEncryptionProvider)default software.amazon.awssdk.services.s3.S3ClientgetS3Client(software.amazon.awssdk.awscore.AwsRequestOverrideConfiguration awsRequestOverrideConfiguration, software.amazon.awssdk.services.s3.S3Client defaultS3)default StringgetSecret(String secretName)Retrieves a secret from AWS Secrets Manager.default StringgetSecret(String secretName, software.amazon.awssdk.awscore.AwsRequestOverrideConfiguration requestOverrideConfiguration)Retrieves a secret from AWS Secrets Manager with request override configuration.default software.amazon.awssdk.auth.credentials.AwsCredentialsgetSessionCredentials(String kmsKeyId, String tokenString, KmsEncryptionProvider kmsEncryptionProvider)default booleanisRequestFederated(FederationRequest req)default StringresolveSecrets(String rawString)Resolves any secrets found in the supplied string, for example: MyString${WithSecret} would have ${WithSecret} replaced by the corresponding value of the secret in AWS Secrets Manager with that name.default StringresolveWithDefaultCredentials(String rawString)Resolves secrets with default credentials format (username:password).
-
-
-
Method Detail
-
getCachableSecretsManager
CachableSecretsManager getCachableSecretsManager()
Gets the CachableSecretsManager instance used by this handler. Implementations must provide access to their secrets manager instance.- Returns:
- The CachableSecretsManager instance
-
getKmsEncryptionProvider
KmsEncryptionProvider getKmsEncryptionProvider()
Gets the KmsEncryptionProvider instance used by this handler. Implementations must provide access to their KMS encryption provider instance.- Returns:
- The KmsEncryptionProvider instance
-
resolveSecrets
default String resolveSecrets(String rawString)
Resolves any secrets found in the supplied string, for example: MyString${WithSecret} would have ${WithSecret} replaced by the corresponding value of the secret in AWS Secrets Manager with that name. If no such secret is found the function throws.- Parameters:
rawString- The string in which you'd like to replace SecretsManager placeholders. (e.g. ThisIsA${Secret}Here - The ${Secret} would be replaced with the contents of a SecretsManager secret called Secret. If no such secret is found, the function throws. If no ${} are found in the input string, nothing is replaced and the original string is returned.- Returns:
- The processed string with secrets resolved
-
resolveWithDefaultCredentials
default String resolveWithDefaultCredentials(String rawString)
Resolves secrets with default credentials format (username:password).- Parameters:
rawString- The string containing secret placeholders to resolve- Returns:
- The processed string with secrets resolved in default credentials format
-
getSecret
default String getSecret(String secretName)
Retrieves a secret from AWS Secrets Manager.- Parameters:
secretName- The name of the secret to retrieve- Returns:
- The secret value
-
getSecret
default String getSecret(String secretName, software.amazon.awssdk.awscore.AwsRequestOverrideConfiguration requestOverrideConfiguration)
Retrieves a secret from AWS Secrets Manager with request override configuration.- Parameters:
secretName- The name of the secret to retrieverequestOverrideConfiguration- AWS request override configuration for federated requests- Returns:
- The secret value
-
getSessionCredentials
default software.amazon.awssdk.auth.credentials.AwsCredentials getSessionCredentials(String kmsKeyId, String tokenString, KmsEncryptionProvider kmsEncryptionProvider)
-
getRequestOverrideConfig
default software.amazon.awssdk.awscore.AwsRequestOverrideConfiguration getRequestOverrideConfig(FederationRequest request)
Gets the AWS request override configuration for a FederationRequest. This method extracts the configuration options from the federated identity and delegates to the Map-based overload.- Parameters:
request- The federation request- Returns:
- The AWS request override configuration, or null if not a federated request
-
getRequestOverrideConfig
default software.amazon.awssdk.awscore.AwsRequestOverrideConfiguration getRequestOverrideConfig(Map<String,String> configOptions)
Gets the AWS request override configuration for the given config options. This is a convenience method that delegates to the full overload using the handler's KMS encryption provider.- Parameters:
configOptions- The configuration options map- Returns:
- The AWS request override configuration, or null if not applicable
-
getRequestOverrideConfig
default software.amazon.awssdk.awscore.AwsRequestOverrideConfiguration getRequestOverrideConfig(Map<String,String> configOptions, KmsEncryptionProvider kmsEncryptionProvider)
-
getS3Client
default software.amazon.awssdk.services.s3.S3Client getS3Client(software.amazon.awssdk.awscore.AwsRequestOverrideConfiguration awsRequestOverrideConfiguration, software.amazon.awssdk.services.s3.S3Client defaultS3)
-
getAthenaClient
default software.amazon.awssdk.services.athena.AthenaClient getAthenaClient(software.amazon.awssdk.awscore.AwsRequestOverrideConfiguration awsRequestOverrideConfiguration, software.amazon.awssdk.services.athena.AthenaClient defaultAthena)
-
isRequestFederated
default boolean isRequestFederated(FederationRequest req)
-
getCredentialProvider
default CredentialsProvider getCredentialProvider(software.amazon.awssdk.awscore.AwsRequestOverrideConfiguration requestOverrideConfiguration)
Gets a credentials provider for database connections with optional request override configuration. This method checks if a secret name is configured and creates a credentials provider if available. Subclasses can override createCredentialsProvider() to provide custom credential provider implementations.- Parameters:
requestOverrideConfiguration- Optional AWS request override configuration for federated requests- Returns:
- CredentialsProvider instance or null if no secret is configured
-
createCredentialsProvider
default CredentialsProvider createCredentialsProvider(String secretName, software.amazon.awssdk.awscore.AwsRequestOverrideConfiguration requestOverrideConfiguration)
Factory method to create CredentialsProvider. Subclasses can override this to provide custom credential provider implementations (e.g., SnowflakeCredentialsProvider).- Parameters:
secretName- The secret name to retrieve credentials fromrequestOverrideConfiguration- Optional AWS request override configuration- Returns:
- CredentialsProvider instance
-
getDatabaseConnectionSecret
default String getDatabaseConnectionSecret()
Gets the database connection secret name. Subclasses that use database credentials should override this method to provide the secret name from their configuration.- Returns:
- The secret name, or null if not applicable
-
-