(nifi) branch support/nifi-1.x updated: NIFI-12846 Fixed Region handling for AWS Assume Role Credentials with VPCE Endpoint URL

[pvillard]

This is an automated email from the ASF dual-hosted git repository.

pvillard pushed a commit to branch support/nifi-1.x
in repository https://gitbox.apache.org/repos/asf/nifi.git


The following commit(s) were added to refs/heads/support/nifi-1.x by this push:
     new 40f2144942 NIFI-12846 Fixed Region handling for AWS Assume Role 
Credentials with VPCE Endpoint URL
40f2144942 is described below

commit 40f2144942e5ab75c1464f48873cfa415ab1aecb
Author: Peter Turcsanyi <turcsa...@apache.org>
AuthorDate: Tue Feb 27 13:44:45 2024 +0100

    NIFI-12846 Fixed Region handling for AWS Assume Role Credentials with VPCE 
Endpoint URL
    
    Signed-off-by: Pierre Villard <pierre.villard...@gmail.com>
    
    This closes #8473.
---
 .../provider/factory/strategies/AssumeRoleCredentialsStrategy.java    | 4 ++++
 1 file changed, 4 insertions(+)

diff --git 
a/nifi-nar-bundles/nifi-aws-bundle/nifi-aws-processors/src/main/java/org/apache/nifi/processors/aws/credentials/provider/factory/strategies/AssumeRoleCredentialsStrategy.java
 
b/nifi-nar-bundles/nifi-aws-bundle/nifi-aws-processors/src/main/java/org/apache/nifi/processors/aws/credentials/provider/factory/strategies/AssumeRoleCredentialsStrategy.java
index 16a0cebec0..82fa7022b5 100644
--- 
a/nifi-nar-bundles/nifi-aws-bundle/nifi-aws-processors/src/main/java/org/apache/nifi/processors/aws/credentials/provider/factory/strategies/AssumeRoleCredentialsStrategy.java
+++ 
b/nifi-nar-bundles/nifi-aws-bundle/nifi-aws-processors/src/main/java/org/apache/nifi/processors/aws/credentials/provider/factory/strategies/AssumeRoleCredentialsStrategy.java
@@ -67,6 +67,8 @@ import static 
org.apache.nifi.processors.aws.signer.AwsSignerType.DEFAULT_SIGNER
  */
 public class AssumeRoleCredentialsStrategy extends AbstractCredentialsStrategy 
{
 
+    private static final String VPCE_ENDPOINT_SUFFIX = ".vpce.amazonaws.com";
+
     public AssumeRoleCredentialsStrategy() {
         super("Assume Role", new PropertyDescriptor[] {
                 ASSUME_ROLE_ARN,
@@ -179,6 +181,8 @@ public class AssumeRoleCredentialsStrategy extends 
AbstractCredentialsStrategy {
         if (assumeRoleSTSEndpoint != null && !assumeRoleSTSEndpoint.isEmpty()) 
{
             if (assumeRoleSTSSignerType == CUSTOM_SIGNER) {
                 securityTokenService.setEndpoint(assumeRoleSTSEndpoint, 
securityTokenService.getServiceName(), assumeRoleSTSRegion);
+            } else if (assumeRoleSTSEndpoint.endsWith(VPCE_ENDPOINT_SUFFIX)) {
+                securityTokenService.setEndpoint(assumeRoleSTSEndpoint, 
securityTokenService.getServiceName(), assumeRoleSTSRegion);
             } else {
                 securityTokenService.setEndpoint(assumeRoleSTSEndpoint);
             }