I am trying to get a temporary access id and access secret from minio with AssumeRole SDK in java. the problem is I could get the correct access key and access secret from minio response with aws client. but it always fails with the java sdk.
here is the steps:
- I run the "asw sts " command.
aws --profile test2 --endpoint-url 'http://xxx.xxx.xxx.xxx:9090' sts assume-role --policy '{"Version": "2012-10-17","Statement": [{"Effect": "Allow","Action": ["s3:GetObject"],"Resource": ["arn:aws:s3:::*"]}]}' --role-arn 'arn:aws:s3:::videos/*' --role-session-name anything
and I get the following response:
{
"Credentials": {
"AccessKeyId": "19IUI91YA5P2BZ7D2B4X",
"SecretAccessKey": "ceFxfvA26Yd6I7r+FlsWc7H3k0U+wswNqwAbaANy",
"SessionToken": "eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJhY2Nlc3NLZXkiOiIxOUlVSTkxWUE1UDJCWjdEMkI0WCIsImV4cCI6MTY2OTcxNTIxMiwicGFyZW50IjoidGVzdDIiLCJzZXNzaW9uUG9saWN5IjoiZXlKV1pYSnphVzl1SWpvZ0lqSXdNVEl0TVRBdE1UY2lMQ0pUZEdGMFpXMWxiblFpT2lCYmV5SkZabVpsWTNRaU9pQWlRV3hzYjNjaUxDSkJZM1JwYjI0aU9pQmJJbk16T2tkbGRFOWlhbVZqZENKZExDSlNaWE52ZFhKalpTSTZJRnNpWVhKdU9tRjNjenB6TXpvNk9pb2lYWDFkZlE9PSJ9.vUYGsldkiuM1ukuTvjgHY9PYSI7f_sDrkQYUcgBX37Z1ymTudoFE71E_6Y0G5p2qif3KS-_a3rbUSUlcd21ojw",
"Expiration": "2022-11-29T09:46:52+00:00"
},
"AssumedRoleUser": {
"Arn": ""
}
}
with the sdk, the code is like :
* minio
*/
String policy = "{\n" +
" \"Version\": \"2012-10-17\",\n" +
" \"Statement\": [\n" +
" {\n" +
" \"Effect\": \"Allow\",\n" +
" \"Action\": [\n" +
" \"s3:*\",\n" +
" ],\n" +
" \"Resource\": [\n" +
" \"arn:aws:s3:::*\"\n" +
" ]\n" +
" },\n" +
" ]\n" +
"}";
try {
AssumeRoleProvider provider = new AssumeRoleProvider(
endpoint, accessKey, secretKey, 3600, policy
, "", "arn:aws:s3:::videos/*", "anything", null, null
);
Credentials credentials = provider.fetch();
System.out.println("accessKey:" + credentials.accessKey());
System.out.println("secretKey:" + credentials.secretKey());
System.out.println("sessionToken:" + credentials.sessionToken());
System.out.println(credentials.isExpired());
System.out.println("Credentials ok");
StaticProvider staticProvider = new StaticProvider(credentials.accessKey(), credentials.secretKey(), credentials.sessionToken());
//StaticProvider staticProvider = new StaticProvider("QO43SYZ8342SKBFRCB0N", "XHkepy+rphje0i9j6iIZjuFaVOj1rWG6+8fCrfZ4",
// "eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJhY2Nlc3NLZXkiOiJRTzQzU1laODM0MlNLQkZSQ0IwTiIsImV4cCI6MTY2OTcxMDI5NiwicGFyZW50IjoidGVzdDIiLCJzZXNzaW9uUG9saWN5IjoiZXlKV1pYSnphVzl1SWpvaU1qQXhNaTB4TUMweE55SXNJbE4wWVhSbGJXVnVkQ0k2VzNzaVUybGtJam9pVTNSdGRERWlMQ0pGWm1abFkzUWlPaUpCYkd4dmR5SXNJa0ZqZEdsdmJpSTZJbk16T2lvaUxDSlNaWE52ZFhKalpTSTZJbUZ5YmpwaGQzTTZjek02T2pvcUluMWRmUT09In0.FvlR-Qm4-bJCF1vaeGNVqm5keCA1zsRfnjCW0NcLanYuBy8BW9NOwKxfe8v7RZekFJKjOUWdVxbygcLlAuCP-A");
MinioClient minioClient = MinioClient.builder().endpoint(endpoint).credentialsProvider(staticProvider).build();
File file = new File("~\aaa.png");
String objectName = "aaa.png";
try {
FileInputStream fileInputStream = new FileInputStream(file);
minioClient.putObject(PutObjectArgs.builder().bucket("videos")
.object(objectName)
.contentType("image/png")
.stream(fileInputStream, fileInputStream.available(), -1).build());
} catch (Exception e) {
e.printStackTrace();
}
System.out.println("finished");
} catch (Exception e) {
e.printStackTrace();
}
and the response is :
java.security.ProviderException: STS service failed with HTTP status code 400
at io.minio.credentials.AssumeRoleBaseProvider.fetch(AssumeRoleBaseProvider.java:85)
at org.darebeat.MinIODemo2.main(MinIODemo2.java:48)
any idea on this error ?
