Use AWS SDK to fetch AWS credentials #1311
Conversation
|
My tests indicate that |
There was a problem hiding this comment.
I think it would be best to avoid direct type references to the SDK to avoid any issues in cases when those types are not available on the class path.
Instead, just use full reflection for everything:
Class prChainClass = Class.forName("com.amazonaws.auth.DefaultAWSCredentialsProviderChain");
Object chain = prChainClass.getConstructor(new Class[0]).newInstance();
....(just as an example).
That way it would be also possible to use the SDK as plugin dependencies directly within the plugin declaration and there is no need for usion optional dependencies.
src/main/java/io/fabric8/maven/docker/util/aws/AwsSdkAuthConfigFactory.java
Outdated
Show resolved
Hide resolved
Codecov Report
@@ Coverage Diff @@
## master #1311 +/- ##
=========================================
Coverage 56.29% 56.29%
Complexity 1816 1816
=========================================
Files 158 158
Lines 8653 8653
Branches 1335 1335
=========================================
Hits 4871 4871
Misses 3307 3307
Partials 475 475
|
sebastiankirsch
changed the title
|
|
||
| /** | ||
| * Shameless copy of the original for testing {@link io.fabric8.maven.docker.util.aws.AwsSdkAuthConfigFactory}. | ||
| * Based on <tt>com.amazonaws:aws-java-sdk-core:1.11.707</tt>. |
There was a problem hiding this comment.
Are there any licensing issues ? Under which license the aws-java-sdk-core is licensed (so that it allows code copying with contribution ?). Don't wanna get into struggle because of licensing (was there already :)
Is there any chance that we could implement this without reusing SDK code ?
There was a problem hiding this comment.
I know its only a test class, but still this could pose some issue for some folks. The good thing is that we are talking here about a tool which is not part the of any delivered application that builds with it.
There was a problem hiding this comment.
The AWS SDK is licensed under Apache License 2.0. Afaik that's one of the most liberal licenses you could ask for.
I could remove this, but then there wouldn't be a test at all. What do you think?
There was a problem hiding this comment.
Ok, APL is ok. I had once a case where a GPL code snippet sneaked in (in another project). Was quite some hazzle to get this out again. I'm fine with it now (I will add some extra comment here)
There was a problem hiding this comment.
Yeah, licensing can be a pain...
src/main/java/io/fabric8/maven/docker/util/aws/AwsSdkAuthConfigFactory.java
Show resolved
Hide resolved
Co-Authored-By: Roland Huß <rhuss@redhat.com>
|
Kudos, SonarCloud Quality Gate passed!
|
sorry, this doesn't happen often these days ;-) I added your commit to master, as I already cut a new 0.33.0 release. So will make it into v0.34.0 then ... |
Add support in AuthConfigFactory to retrieve credentials from different mechanisms for AWS. Port of fabric8io/docker-maven-plugin#1311 Port of fabric8io/docker-maven-plugin#1310 Related to eclipse-jkube#702 Signed-off-by: Rohan Kumar <rohaan@redhat.com>
Add support in AuthConfigFactory to retrieve credentials from different mechanisms for AWS. Port of fabric8io/docker-maven-plugin#1311 Port of fabric8io/docker-maven-plugin#1310 Related to eclipse-jkube#702 Signed-off-by: Rohan Kumar <rohaan@redhat.com>
Add support in AuthConfigFactory to retrieve credentials from different mechanisms for AWS. Port of fabric8io/docker-maven-plugin#1311 Port of fabric8io/docker-maven-plugin#1310 Related to eclipse-jkube#702 Signed-off-by: Rohan Kumar <rohaan@redhat.com>
Add support in AuthConfigFactory to retrieve credentials from different mechanisms for AWS. Port of fabric8io/docker-maven-plugin#1311 Port of fabric8io/docker-maven-plugin#1310 Related to eclipse-jkube#702 Signed-off-by: Rohan Kumar <rohaan@redhat.com>
Add support in AuthConfigFactory to retrieve credentials from different mechanisms for AWS. Port of fabric8io/docker-maven-plugin#1311 Port of fabric8io/docker-maven-plugin#1310 Related to eclipse-jkube#702 Signed-off-by: Rohan Kumar <rohaan@redhat.com>
Add support in AuthConfigFactory to retrieve credentials from different mechanisms for AWS. Port of fabric8io/docker-maven-plugin#1311 Port of fabric8io/docker-maven-plugin#1310 Related to eclipse-jkube#702 Signed-off-by: Rohan Kumar <rohaan@redhat.com>
Add support in AuthConfigFactory to retrieve credentials from different mechanisms for AWS. Port of fabric8io/docker-maven-plugin#1311 Port of fabric8io/docker-maven-plugin#1310 Related to #702 Signed-off-by: Rohan Kumar <rohaan@redhat.com>
As discussed in #1310, credentials for ECR would be fetched via AWS SDK.
The dependency is optional, yet it would only introduce this:
i.e. outside of the SDK itself, only Jackson.
So: would you consider making this a full dependency, which would allow to remove 170loc in
AuthConfigFactoryand some more in the according test? It would also allow to get rid of theAwsSigner4andAwsSigner4Requestclasses, since that functionality is found in the SDK as well.No matter what, this will make Jackson available, and with GSON already in the mix, maybe you want to prevent using Jackson via checkstyle or SonarCloud or something? Especially as long as it's optional.
I'll try to come up with a meaningful test for this...