This is an automated email from the ASF dual-hosted git repository. pvillard pushed a commit to branch support/nifi-1.x in repository https://gitbox.apache.org/repos/asf/nifi.git
The following commit(s) were added to refs/heads/support/nifi-1.x by this push: new 40f2144942 NIFI-12846 Fixed Region handling for AWS Assume Role Credentials with VPCE Endpoint URL 40f2144942 is described below commit 40f2144942e5ab75c1464f48873cfa415ab1aecb Author: Peter Turcsanyi <turcsa...@apache.org> AuthorDate: Tue Feb 27 13:44:45 2024 +0100 NIFI-12846 Fixed Region handling for AWS Assume Role Credentials with VPCE Endpoint URL Signed-off-by: Pierre Villard <pierre.villard...@gmail.com> This closes #8473. --- .../provider/factory/strategies/AssumeRoleCredentialsStrategy.java | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/nifi-nar-bundles/nifi-aws-bundle/nifi-aws-processors/src/main/java/org/apache/nifi/processors/aws/credentials/provider/factory/strategies/AssumeRoleCredentialsStrategy.java b/nifi-nar-bundles/nifi-aws-bundle/nifi-aws-processors/src/main/java/org/apache/nifi/processors/aws/credentials/provider/factory/strategies/AssumeRoleCredentialsStrategy.java index 16a0cebec0..82fa7022b5 100644 --- a/nifi-nar-bundles/nifi-aws-bundle/nifi-aws-processors/src/main/java/org/apache/nifi/processors/aws/credentials/provider/factory/strategies/AssumeRoleCredentialsStrategy.java +++ b/nifi-nar-bundles/nifi-aws-bundle/nifi-aws-processors/src/main/java/org/apache/nifi/processors/aws/credentials/provider/factory/strategies/AssumeRoleCredentialsStrategy.java @@ -67,6 +67,8 @@ import static org.apache.nifi.processors.aws.signer.AwsSignerType.DEFAULT_SIGNER */ public class AssumeRoleCredentialsStrategy extends AbstractCredentialsStrategy { + private static final String VPCE_ENDPOINT_SUFFIX = ".vpce.amazonaws.com"; + public AssumeRoleCredentialsStrategy() { super("Assume Role", new PropertyDescriptor[] { ASSUME_ROLE_ARN, @@ -179,6 +181,8 @@ public class AssumeRoleCredentialsStrategy extends AbstractCredentialsStrategy { if (assumeRoleSTSEndpoint != null && !assumeRoleSTSEndpoint.isEmpty()) { if (assumeRoleSTSSignerType == CUSTOM_SIGNER) { securityTokenService.setEndpoint(assumeRoleSTSEndpoint, securityTokenService.getServiceName(), assumeRoleSTSRegion); + } else if (assumeRoleSTSEndpoint.endsWith(VPCE_ENDPOINT_SUFFIX)) { + securityTokenService.setEndpoint(assumeRoleSTSEndpoint, securityTokenService.getServiceName(), assumeRoleSTSRegion); } else { securityTokenService.setEndpoint(assumeRoleSTSEndpoint); }