-
Notifications
You must be signed in to change notification settings - Fork 645
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Use AWS SDK to fetch AWS credentials (#1311)
* Add AWS SDK core * Exclude CBOR & ION serialization * Use AWS SDK to fetch AWS credentials * Fix imports * Simlify AuthConfig creation * Test AwsSdkAuthConfigFactory * Test AuthConfigFactory * Make sure custom AWS code is tested * Go full reflection * Improve comments + clean imports * Mention #1311 in changelog * Cleanup * Document usage of AWS SDK for Extended Authentication * Link to documentation when encountering AWS ECR * Be more precise in AWS SDK usage Co-Authored-By: Roland Huß <[email protected]> Co-authored-by: Roland Huß <[email protected]>
- Loading branch information
1 parent
583a6d8
commit 8c4fab2
Showing
9 changed files
with
282 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
40 changes: 40 additions & 0 deletions
40
src/main/java/io/fabric8/maven/docker/util/aws/AwsSdkAuthConfigFactory.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,40 @@ | ||
package io.fabric8.maven.docker.util.aws; | ||
|
||
import io.fabric8.maven.docker.access.AuthConfig; | ||
import io.fabric8.maven.docker.util.Logger; | ||
|
||
public class AwsSdkAuthConfigFactory { | ||
|
||
private final Logger log; | ||
|
||
public AwsSdkAuthConfigFactory(Logger log) { | ||
this.log = log; | ||
} | ||
|
||
public AuthConfig createAuthConfig() { | ||
try { | ||
Class<?> credentialsProviderChainClass = Class.forName("com.amazonaws.auth.DefaultAWSCredentialsProviderChain"); | ||
Object credentialsProviderChain = credentialsProviderChainClass.getDeclaredConstructor().newInstance(); | ||
Object credentials = credentialsProviderChainClass.getMethod("getCredentials").invoke(credentialsProviderChain); | ||
if (credentials == null) { | ||
return null; | ||
} | ||
|
||
Class<?> sessionCredentialsClass = Class.forName("com.amazonaws.auth.AWSSessionCredentials"); | ||
String sessionToken = sessionCredentialsClass.isInstance(credentials) | ||
? (String) sessionCredentialsClass.getMethod("getSessionToken").invoke(credentials) : null; | ||
|
||
Class<?> credentialsClass = Class.forName("com.amazonaws.auth.AWSCredentials"); | ||
return new AuthConfig( | ||
(String) credentialsClass.getMethod("getAWSAccessKeyId").invoke(credentials), | ||
(String) credentialsClass.getMethod("getAWSSecretKey").invoke(credentials), | ||
"none", | ||
sessionToken | ||
); | ||
} catch (Throwable t) { | ||
log.debug("Failed to fetch AWS credentials: %s", t); | ||
return null; | ||
} | ||
} | ||
|
||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,24 @@ | ||
package com.amazonaws.auth; | ||
|
||
/** | ||
* Shameless copy of the original for testing {@link io.fabric8.maven.docker.util.aws.AwsSdkAuthConfigFactory}. | ||
* Based on <tt>com.amazonaws:aws-java-sdk-core:1.11.707</tt>. | ||
*/ | ||
public class AWSCredentials { | ||
private final String accessKeyId; | ||
private final String secretKey; | ||
|
||
public AWSCredentials(String accessKeyId, String secretKey) { | ||
this.accessKeyId = accessKeyId; | ||
this.secretKey = secretKey; | ||
} | ||
|
||
public String getAWSAccessKeyId() { | ||
return accessKeyId; | ||
} | ||
|
||
public String getAWSSecretKey() { | ||
return secretKey; | ||
} | ||
|
||
} |
18 changes: 18 additions & 0 deletions
18
src/test/java/com/amazonaws/auth/AWSSessionCredentials.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,18 @@ | ||
package com.amazonaws.auth; | ||
|
||
/** | ||
* Shameless copy of the original for testing {@link io.fabric8.maven.docker.util.aws.AwsSdkAuthConfigFactory}. | ||
* Based on <tt>com.amazonaws:aws-java-sdk-core:1.11.707</tt>. | ||
*/ | ||
public class AWSSessionCredentials extends AWSCredentials { | ||
|
||
private final String sessionKey; | ||
|
||
public AWSSessionCredentials(String accessKeyId, String secretKey, String sessionKey) { | ||
super(accessKeyId, secretKey); | ||
this.sessionKey = sessionKey; | ||
} | ||
|
||
public String getSessionToken() {return sessionKey;} | ||
|
||
} |
23 changes: 23 additions & 0 deletions
23
src/test/java/com/amazonaws/auth/DefaultAWSCredentialsProviderChain.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,23 @@ | ||
package com.amazonaws.auth; | ||
|
||
import static java.lang.System.getenv; | ||
|
||
/** | ||
* Shameless copy of the original for testing {@link io.fabric8.maven.docker.util.aws.AwsSdkAuthConfigFactory}. | ||
* Based on <tt>com.amazonaws:aws-java-sdk-core:1.11.707</tt>. | ||
*/ | ||
public final class DefaultAWSCredentialsProviderChain { | ||
|
||
public AWSCredentials getCredentials() { | ||
String accessKeyId = getenv("AWSCredentials.AWSAccessKeyId"); | ||
if (accessKeyId == null) { | ||
return null; | ||
} | ||
String secretKey = getenv("AWSCredentials.AWSSecretKey"); | ||
String sessionToken = getenv("AWSSessionCredentials.SessionToken"); | ||
return sessionToken == null | ||
? new AWSCredentials(accessKeyId, secretKey) | ||
: new AWSSessionCredentials(accessKeyId,secretKey,sessionToken); | ||
} | ||
|
||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
72 changes: 72 additions & 0 deletions
72
src/test/java/io/fabric8/maven/docker/util/aws/AwsSdkAuthConfigFactoryTest.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,72 @@ | ||
package io.fabric8.maven.docker.util.aws; | ||
|
||
import io.fabric8.maven.docker.access.AuthConfig; | ||
import io.fabric8.maven.docker.util.Logger; | ||
import mockit.Mocked; | ||
import org.junit.Before; | ||
import org.junit.Rule; | ||
import org.junit.Test; | ||
import org.junit.contrib.java.lang.system.EnvironmentVariables; | ||
|
||
import static java.util.UUID.randomUUID; | ||
import static org.junit.Assert.assertEquals; | ||
import static org.junit.Assert.assertNotNull; | ||
import static org.junit.Assert.assertNull; | ||
|
||
public class AwsSdkAuthConfigFactoryTest { | ||
|
||
@Rule | ||
public final EnvironmentVariables environmentVariables = new EnvironmentVariables(); | ||
|
||
@Mocked | ||
private Logger log; | ||
private AwsSdkAuthConfigFactory objectUnderTest; | ||
|
||
|
||
@Before | ||
public void setup() { | ||
objectUnderTest = new AwsSdkAuthConfigFactory(log); | ||
} | ||
|
||
@Test | ||
public void nullValueIsPassedOn() { | ||
AuthConfig authConfig = objectUnderTest.createAuthConfig(); | ||
|
||
assertNull(authConfig); | ||
} | ||
|
||
@Test | ||
public void reflectionWorksForBasicCredentials() { | ||
String accessKey = randomUUID().toString(); | ||
String secretKey = randomUUID().toString(); | ||
environmentVariables.set("AWSCredentials.AWSAccessKeyId", accessKey); | ||
environmentVariables.set("AWSCredentials.AWSSecretKey", secretKey); | ||
|
||
AuthConfig authConfig = objectUnderTest.createAuthConfig(); | ||
|
||
assertNotNull(authConfig); | ||
assertEquals(accessKey, authConfig.getUsername()); | ||
assertEquals(secretKey, authConfig.getPassword()); | ||
assertNull(authConfig.getAuth()); | ||
assertNull(authConfig.getIdentityToken()); | ||
} | ||
|
||
@Test | ||
public void reflectionWorksForSessionCredentials() { | ||
String accessKey = randomUUID().toString(); | ||
String secretKey = randomUUID().toString(); | ||
String sessionToken = randomUUID().toString(); | ||
environmentVariables.set("AWSCredentials.AWSAccessKeyId", accessKey); | ||
environmentVariables.set("AWSCredentials.AWSSecretKey", secretKey); | ||
environmentVariables.set("AWSSessionCredentials.SessionToken", sessionToken); | ||
|
||
AuthConfig authConfig = objectUnderTest.createAuthConfig(); | ||
|
||
assertNotNull(authConfig); | ||
assertEquals(accessKey, authConfig.getUsername()); | ||
assertEquals(secretKey, authConfig.getPassword()); | ||
assertEquals(sessionToken, authConfig.getAuth()); | ||
assertNull(authConfig.getIdentityToken()); | ||
} | ||
|
||
} |