java.lang.Object

org.apache.beam.sdk.io.aws2.auth.GoogleADCIdTokenProvider

All Implemented Interfaces:: WebIdTokenProvider

public class GoogleADCIdTokenProvider extends Object implements WebIdTokenProvider

A OIDC web identity token provider implementation that uses the application default credentials set by the runtime (container, GCE instance, local environment, etc.).

To configure a long-running (batch or streaming) Dataflow pipeline that interacts with AWS resources use a similar configuration to:

--awsCredentialsProvider={
   "@type": "StsAssumeRoleForFederatedCredentialsProvider",
   "roleArn": "<the AWS ARN of the role to be assumed by the pipeline>",
   "audience": "<the configured Audience for the federated authentication>",
   "webIdTokenProviderFQCN": "org.apache.beam.sdk.io.aws2.auth.GoogleADCIdTokenProvider",
   "durationSeconds": 3600
 }

Constructor Summary

Constructors

Constructor

Description

GoogleADCIdTokenProvider()
Method Summary

Modifier and Type

Method

Description

String

resolveTokenValue(String audience)

Resolves the value for a OIDC web identity token.

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details
- GoogleADCIdTokenProvider
  
  public GoogleADCIdTokenProvider()
Method Details
- resolveTokenValue
  
  public String resolveTokenValue(String audience)
  
  Description copied from interface: WebIdTokenProvider
  
  Resolves the value for a OIDC web identity token.
  
  Specified by:
  
  resolveTokenValue in interface WebIdTokenProvider
  
  Parameters:
  
  audience - The audience for the token.
  
  Returns:
  
  The encoded value for the OIDC web identity token.

Class GoogleADCIdTokenProvider

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Constructor Details

GoogleADCIdTokenProvider

Method Details

resolveTokenValue