Add durationSeconds and policy support in LdapIdentityProvider. (#1209)

Fixes #1210

Signed-off-by: Bala.FA <bala.gluster@gmail.com>

Author: balamurugana

api/src/main/java/io/minio/credentials/AssumeRoleBaseProvider.java

@@ -21,6 +21,7 @@
 import java.io.IOException;
 import java.security.ProviderException;
 import java.util.Arrays;
+import java.util.concurrent.TimeUnit;
 import okhttp3.HttpUrl;
 import okhttp3.OkHttpClient;
 import okhttp3.Protocol;
@@ -29,6 +30,7 @@
 
 /** Base class to AssumeRole based providers. */
 public abstract class AssumeRoleBaseProvider implements Provider {
+  public static final int DEFAULT_DURATION_SECONDS = (int) TimeUnit.HOURS.toSeconds(1);
   private final OkHttpClient httpClient;
   private Credentials credentials;
 
@@ -59,6 +61,12 @@ public synchronized Credentials fetch() {
     }
   }
 
+  protected static int getValidDurationSeconds(Integer duration) {
+    return (duration != null && duration > DEFAULT_DURATION_SECONDS)
+        ? duration
+        : DEFAULT_DURATION_SECONDS;
+  }
+
   protected HttpUrl.Builder newUrlBuilder(
       HttpUrl url,
       String action,

api/src/main/java/io/minio/credentials/AssumeRoleProvider.java

@@ -24,7 +24,6 @@
 import java.security.ProviderException;
 import java.time.ZonedDateTime;
 import java.util.Objects;
-import java.util.concurrent.TimeUnit;
 import javax.annotation.Nonnull;
 import javax.annotation.Nullable;
 import okhttp3.HttpUrl;
@@ -43,7 +42,6 @@
  * API</a>.
  */
 public class AssumeRoleProvider extends AssumeRoleBaseProvider {
-  public static final int DEFAULT_DURATION_SECONDS = (int) TimeUnit.HOURS.toSeconds(1);
   private final String accessKey;
   private final String secretKey;
   private final String region;
@@ -77,11 +75,6 @@ public AssumeRoleProvider(
       throw new IllegalArgumentException("Length of ExternalId must be in between 2 and 1224");
     }
 
-    durationSeconds =
-        (durationSeconds != null && durationSeconds > DEFAULT_DURATION_SECONDS)
-            ? durationSeconds
-            : DEFAULT_DURATION_SECONDS;
-
     String host = url.host() + ":" + url.port();
     // ignore port when port and service matches i.e HTTP -> 80, HTTPS -> 443
     if ((url.scheme().equals("http") && url.port() == 80)
@@ -90,7 +83,13 @@ public AssumeRoleProvider(
     }
 
     HttpUrl.Builder urlBuilder =
-        newUrlBuilder(url, "AssumeRole", durationSeconds, policy, roleArn, roleSessionName);
+        newUrlBuilder(
+            url,
+            "AssumeRole",
+            getValidDurationSeconds(durationSeconds),
+            policy,
+            roleArn,
+            roleSessionName);
     if (externalId != null) {
       urlBuilder.addQueryParameter("ExternalId", externalId);
     }

api/src/main/java/io/minio/credentials/LdapIdentityProvider.java

@@ -43,6 +43,8 @@ public LdapIdentityProvider(
       @Nonnull String stsEndpoint,
       @Nonnull String ldapUsername,
       @Nonnull String ldapPassword,
+      @Nullable Integer durationSeconds,
+      @Nullable String policy,
       @Nullable OkHttpClient customHttpClient) {
     super(customHttpClient);
     stsEndpoint = Objects.requireNonNull(stsEndpoint, "STS endpoint cannot be empty");
@@ -53,7 +55,13 @@ public LdapIdentityProvider(
     Objects.requireNonNull(ldapPassword, "LDAP password must not be null");
 
     HttpUrl.Builder urlBuilder =
-        newUrlBuilder(url, "AssumeRoleWithLDAPIdentity", 0, null, null, null);
+        newUrlBuilder(
+            url,
+            "AssumeRoleWithLDAPIdentity",
+            getValidDurationSeconds(durationSeconds),
+            policy,
+            null,
+            null);
     url =
         urlBuilder
             .addQueryParameter("LDAPUsername", ldapUsername)
@@ -62,6 +70,14 @@ public LdapIdentityProvider(
     this.request = new Request.Builder().url(url).method("POST", EMPTY_BODY).build();
   }
 
+  public LdapIdentityProvider(
+      @Nonnull String stsEndpoint,
+      @Nonnull String ldapUsername,
+      @Nonnull String ldapPassword,
+      @Nullable OkHttpClient customHttpClient) {
+    this(stsEndpoint, ldapUsername, ldapPassword, null, null, customHttpClient);
+  }
+
   @Override
   protected Request getRequest() {
     return this.request;