Skip to content

Commit

Permalink
Getting security exception due to access denied 'java.lang.RuntimePer…
Browse files Browse the repository at this point in the history
…mission' 'accessDeclaredMembers' when trying to get snapshot with S3 IRSA

Signed-off-by: Andriy Redko <[email protected]>
  • Loading branch information
reta committed Sep 9, 2022
1 parent 54364a5 commit d8d0f4e
Showing 1 changed file with 14 additions and 7 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -305,21 +305,28 @@ static AWSCredentialsProvider buildCredentials(Logger logger, S3ClientSettings c
}

if (irsaCredentials.getIdentityTokenFile() == null) {
return new PrivilegedSTSAssumeRoleSessionCredentialsProvider<>(
securityTokenService,
final STSAssumeRoleSessionCredentialsProvider.Builder stsCredentialsProviderBuilder =
new STSAssumeRoleSessionCredentialsProvider.Builder(irsaCredentials.getRoleArn(), irsaCredentials.getRoleSessionName())
.withStsClient(securityTokenService)
.build()
.withStsClient(securityTokenService);

final STSAssumeRoleSessionCredentialsProvider stsCredentialsProvider = SocketAccess.doPrivileged(
stsCredentialsProviderBuilder::build
);

return new PrivilegedSTSAssumeRoleSessionCredentialsProvider<>(securityTokenService, stsCredentialsProvider);
} else {
return new PrivilegedSTSAssumeRoleSessionCredentialsProvider<>(
securityTokenService,
final STSAssumeRoleWithWebIdentitySessionCredentialsProvider.Builder stsCredentialsProviderBuilder =
new STSAssumeRoleWithWebIdentitySessionCredentialsProvider.Builder(
irsaCredentials.getRoleArn(),
irsaCredentials.getRoleSessionName(),
irsaCredentials.getIdentityTokenFile()
).withStsClient(securityTokenService).build()
).withStsClient(securityTokenService);

final STSAssumeRoleWithWebIdentitySessionCredentialsProvider stsCredentialsProvider = SocketAccess.doPrivileged(
stsCredentialsProviderBuilder::build
);

return new PrivilegedSTSAssumeRoleSessionCredentialsProvider<>(securityTokenService, stsCredentialsProvider);
}
} else if (basicCredentials != null) {
logger.debug("Using basic key/secret credentials");
Expand Down

0 comments on commit d8d0f4e

Please sign in to comment.