我正在尝试获取所需的授权标头,以便我可以将其传递给保险库以获取保险库令牌。
我看到的问题是在调用 getCallerIdentityRequest 后缺少授权标头。
代码:
AWSSecurityTokenService sts_client = AWSSecurityTokenServiceClientBuilder.standard().
withEndpointConfiguration(
new AwsClientBuilder.
EndpointConfiguration(iamRequestUrl, regionName))
.withCredentials(DefaultAWSCredentialsProviderChain.getInstance())
.build();
GetCallerIdentityRequest callerIdentityRequest = new GetCallerIdentityRequest();
GetCallerIdentityResult result = sts_client.getCallerIdentity(callerIdentityRequest);
Map<String, List<String>> requestHeaders = result.getSdkHttpMetadata().getAllHttpHeaders();
我在 python 中有完美运行的代码
import botocore.session
from botocore.awsrequest import create_request_object
import json
import base64
import sys
import logging
def headers_to_go_style(headers):
retval = {}
for k, v in headers.iteritems():
retval[k] = [v]
return retval
def generate_vault_request(awsIamServerId):
session = botocore.session.get_session()
client = session.create_client('sts', region_name="us-west-2", endpoint_url="https://sts.us-west-2.amazonaws.com")
endpoint = client._endpoint
operation_model = client._service_model.operation_model('GetCallerIdentity')
request_dict = client._convert_to_request_dict({}, operation_model)
request_dict['headers']['X-Vault-AWS-IAM-Server-ID'] = awsIamServerId
request = endpoint.create_request(request_dict, operation_model)
# It's a CaseInsensitiveDict, which is not JSON-serializable
headers = json.dumps(headers_to_go_style(dict(request.headers)))
return {
'iam_http_request_method': request.method,
'iam_request_url': base64.b64encode(request.url),
'iam_request_body': base64.b64encode(request.body),
'iam_request_headers': base64.b64encode(headers),
}
if __name__ == "__main__":
awsIamServerId = sys.argv[1]
print(json.dumps(generate_vault_request(awsIamServerId)))
我真正想做的是模仿 python 代码正在做什么,以使 GetCallerIdentity 返回 java 代码中不存在的授权标头。
java中返回的请求头是
{x-amzn-RequestId=[xxx], Content-Length=[xxx], Date=[date], Content-Type=[text/xml]}
尝试了上面的方法并没有在响应标头中返回授权标头,期望它存在。