[JAVA-4234] Add native support for AWS IAM Roles for service accounts, EKS in particular Created: 15/Jul/21  Updated: 28/Oct/23  Resolved: 13/Dec/22

Status: Closed
Project: Java Driver
Component/s: Authentication
Affects Version/s: None
Fix Version/s: 4.8.0

Type: New Feature Priority: Major - P3
Reporter: Backlog - Core Eng Program Management Team Assignee: Jeffrey Yemin
Resolution: Fixed Votes: 0
Labels: size-small, spec-compliance
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Depends
Documented
Duplicate
is duplicated by JAVA-4118 Add support for EKS when using AWS Ia... Closed
Issue split
split from DRIVERS-1746 Add native support for AWS IAM Roles ... Closed
Quarter: FY23Q3
Upstream Changes Summary:

DRIVERS-1746:
Summary of required changes

  • Add support for AssumeRoleWithWebIdentity in AWS Auth
  • Add integration tests to verify usage
  • Use the credentials found in this document

Additional background

Please see https://github.com/mongodb/specifications/commit/bc4257fed21186ba9b53e2c0b7e92482da196882 for the specification change and https://github.com/mongodb/specifications/commit/cdd93a4c7639014c8837d34a3e26e408d7b14d5b for a clarification.

Please see https://github.com/mongodb/mongo-csharp-driver/commit/daa88998837aace9296b7c1f599c901f3cdac86f for a reference implementation in C#.

Integration test

Drivers are expected to add an integration test as described in the specification change

Documentation Changes: Needed

 Description   

DRIVERS Ticket Description
Script Target - If you can read this text, the script has failed


 Comments   
Comment by Githook User [ 13/Dec/22 ]

Author:

{'name': 'Jeff Yemin', 'email': 'jeff.yemin@mongodb.com', 'username': 'jyemin'}

Message: Add integration test for AWS web identity credential fetching (#1063)

JAVA-4234
Branch: 4.8.x
https://github.com/mongodb/mongo-java-driver/commit/20241aa06cb9b2d49b43617c1361f123d8232bd5

Comment by Githook User [ 13/Dec/22 ]

Author:

{'name': 'Jeff Yemin', 'email': 'jeff.yemin@mongodb.com', 'username': 'jyemin'}

Message: Add integration test for AWS web identity credential fetching (#1063)

JAVA-4234
Branch: master
https://github.com/mongodb/mongo-java-driver/commit/b6991e5e1392f539272cbed5457fa62fe3e81fae

Comment by Jeffrey Yemin [ 13/Dec/22 ]

When adding the integration tests for this, the AWS SDK error messages indicate that applications requiring web identity credential fetching require the following dependency on the class path:

For AWS SDK v1: com.amazonaws:aws-java-sdk-sts

For AWS SDK v2: software.amazon.awssdk:sts

This information should be added to the 4.8 reference documentation.

CC chris.cho@mongodb.com

Generated at Thu Feb 08 09:01:33 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.