Use AWS SDK to fetch AWS credentials

pom.xml

@@ -181,6 +181,25 @@
       <version>1.24</version>
     </dependency>
 
+    <!-- _______________________________________________________________________________ -->
+
+    <dependency>
+      <groupId>com.amazonaws</groupId>
+      <artifactId>aws-java-sdk-core</artifactId>
+      <version>1.11.696</version>
+      <optional>true</optional>
+      <exclusions>
+        <exclusion>
+          <groupId>com.fasterxml.jackson.dataformat</groupId>
+          <artifactId>jackson-dataformat-cbor</artifactId>
+        </exclusion>
+        <exclusion>
+          <groupId>software.amazon.ion</groupId>
+          <artifactId>*</artifactId>
+        </exclusion>
+      </exclusions>
+    </dependency>
+
 
     <!-- =============================================================================== -->
 

src/main/java/io/fabric8/maven/docker/util/AuthConfigFactory.java

@@ -39,6 +39,7 @@
 
 import io.fabric8.maven.docker.access.AuthConfig;
 import io.fabric8.maven.docker.access.ecr.EcrExtendedAuth;
+import io.fabric8.maven.docker.util.aws.AwsSdkAuthConfigFactory;
 
 /**
  * Factory for creating docker specific authentication configuration
@@ -227,6 +228,12 @@ private AuthConfig createStandardAuthConfig(boolean isPush, Map authConfigMap, S
 
         // check EC2 instance role if registry is ECR
         if (EcrExtendedAuth.isAwsRegistry(registry)) {
+            ret = getAuthConfigViaAwsSdk();
+            if (ret != null) {
+                log.debug("AuthConfig: AWS credentials from AWS SDK");
+                return ret;
+            }
+
             ret = getAuthConfigFromAwsEnvironmentVariables();
             if (ret != null) {
                 log.debug("AuthConfig: AWS credentials from ENV variables");
@@ -265,6 +272,18 @@ private AuthConfig createStandardAuthConfig(boolean isPush, Map authConfigMap, S
         return null;
     }
 
+    private AuthConfig getAuthConfigViaAwsSdk() {
+        try {
+            Class.forName("com.amazonaws.auth.DefaultAWSCredentialsProviderChain");
+        } catch (ClassNotFoundException e) {
+            log.info("It appears that you're using AWS ECR." +
+                    " Consider integrating the AWS SDK in order to make use of common AWS authentication mechanisms," +
+                    " see TODO");
+            return null;
+        }
+        return new AwsSdkAuthConfigFactory(log).createAuthConfig();
+    }
+
     /**
      * Try using the AWS credentials provided via ENV variables.
      * See https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-envvars.html

src/main/java/io/fabric8/maven/docker/util/aws/AwsSdkAuthConfigFactory.java

@@ -0,0 +1,41 @@
+package io.fabric8.maven.docker.util.aws;
+
+import com.amazonaws.SdkClientException;
+import com.amazonaws.auth.AWSCredentials;
+import com.amazonaws.auth.AWSCredentialsProvider;
+import com.amazonaws.auth.AWSSessionCredentials;
+import com.amazonaws.auth.DefaultAWSCredentialsProviderChain;
+import io.fabric8.maven.docker.access.AuthConfig;
+import io.fabric8.maven.docker.util.Logger;
+
+public class AwsSdkAuthConfigFactory {
+
+    private final AWSCredentialsProvider credentialsProvider;
+    private final Logger log;
+
+    public AwsSdkAuthConfigFactory(Logger log) {
+        this(new DefaultAWSCredentialsProviderChain(), log);
+    }
+
+    AwsSdkAuthConfigFactory(AWSCredentialsProvider credentialsProvider, Logger log) {
+        this.credentialsProvider = credentialsProvider;
+        this.log = log;
+    }
+
+    public AuthConfig createAuthConfig() {
+        AWSCredentials credentials;
+        try {
+            credentials = credentialsProvider.getCredentials();
+        } catch (SdkClientException e) {
+            log.debug("Failed to fetch AWS credentials: %s", e);
+            return null;
+        }
+        if (credentials == null) {
+            return null;
+        }
+        String sessionToken = (credentials instanceof AWSSessionCredentials)
+                ? ((AWSSessionCredentials) credentials).getSessionToken() : null;
+        return new AuthConfig(credentials.getAWSAccessKeyId(), credentials.getAWSSecretKey(), "none", sessionToken);
+    }
+
+}

src/test/java/io/fabric8/maven/docker/util/AuthConfigFactoryTest.java

@@ -15,8 +15,10 @@
 import com.google.gson.JsonNull;
 import com.google.gson.JsonObject;
 import io.fabric8.maven.docker.access.AuthConfig;
+import io.fabric8.maven.docker.util.aws.AwsSdkAuthConfigFactory;
 import mockit.Expectations;
 import mockit.Mock;
+import mockit.MockUp;
 import mockit.Mocked;
 import org.apache.http.entity.StringEntity;
 import org.apache.http.impl.bootstrap.HttpServer;
@@ -522,8 +524,20 @@ public void exec(File homeDir) throws IOException, MojoExecutionException {
         });
     }
 
+    @Test
+    public void getAuthConfigViaAwsSdk() throws MojoExecutionException {
+        String accessKeyId = randomUUID().toString();
+        String secretAccessKey = randomUUID().toString();
+        new MockedAwsSdkAuthConfigFactory(accessKeyId, secretAccessKey);
+
+        AuthConfig authConfig = factory.createAuthConfig(false, true, null, settings, "user", ECR_NAME);
+
+        verifyAuthConfig(authConfig, accessKeyId, secretAccessKey, null, null);
+    }
+
     @Test
     public void ecsTaskRole() throws IOException, MojoExecutionException {
+        givenAwsSdkIsDisabled();
         String containerCredentialsUri = "/v2/credentials/" + randomUUID().toString();
         String accessKeyId = randomUUID().toString();
         String secretAccessKey = randomUUID().toString();
@@ -538,6 +552,7 @@ public void ecsTaskRole() throws IOException, MojoExecutionException {
 
     @Test
     public void fargateTaskRole() throws IOException, MojoExecutionException {
+        givenAwsSdkIsDisabled();
         String containerCredentialsUri = "v2/credentials/" + randomUUID().toString();
         String accessKeyId = randomUUID().toString();
         String secretAccessKey = randomUUID().toString();
@@ -552,6 +567,7 @@ public void fargateTaskRole() throws IOException, MojoExecutionException {
 
     @Test
     public void awsTemporaryCredentialsArePickedUpFromEnvironment() throws MojoExecutionException {
+        givenAwsSdkIsDisabled();
         String accessKeyId = randomUUID().toString();
         String secretAccessKey = randomUUID().toString();
         String sessionToken = randomUUID().toString();
@@ -566,6 +582,7 @@ public void awsTemporaryCredentialsArePickedUpFromEnvironment() throws MojoExecu
 
     @Test
     public void awsStaticCredentialsArePickedUpFromEnvironment() throws MojoExecutionException {
+        givenAwsSdkIsDisabled();
         String accessKeyId = randomUUID().toString();
         String secretAccessKey = randomUUID().toString();
         environmentVariables.set("AWS_ACCESS_KEY_ID", accessKeyId);
@@ -578,6 +595,7 @@ public void awsStaticCredentialsArePickedUpFromEnvironment() throws MojoExecutio
 
     @Test
     public void incompleteAwsCredentialsAreIgnored() throws MojoExecutionException {
+        givenAwsSdkIsDisabled();
         environmentVariables.set("AWS_ACCESS_KEY_ID", randomUUID().toString());
 
         AuthConfig authConfig = factory.createAuthConfig(false, true, null, settings, "user", ECR_NAME);
@@ -654,4 +672,41 @@ private void verifyAuthConfig(AuthConfig config, String username, String passwor
         verifyAuthConfig(config, username, password, email, null);
     }
 
+    private static void givenAwsSdkIsDisabled() {
+        new DisableAwsSdkAuthConfigFactory();
+    }
+
+    private static class MockedAwsSdkAuthConfigFactory extends MockUp<AwsSdkAuthConfigFactory> {
+        private final String accessKeyId;
+        private final String secretAccessKey;
+
+        public MockedAwsSdkAuthConfigFactory(String accessKeyId, String secretAccessKey) {
+            this.accessKeyId = accessKeyId;
+            this.secretAccessKey = secretAccessKey;
+        }
+
+        @Mock
+        public void $init(Logger log) {
+        }
+
+        @Mock
+        public AuthConfig createAuthConfig() {
+            return new AuthConfig(accessKeyId, secretAccessKey, null,null);
+        }
+
+    }
+
+    private static class DisableAwsSdkAuthConfigFactory extends MockUp<AwsSdkAuthConfigFactory> {
+
+        @Mock
+        public void $init(Logger log) {
+        }
+
+        @Mock
+        public AuthConfig createAuthConfig() {
+            return null;
+        }
+
+    }
+
 }

src/test/java/io/fabric8/maven/docker/util/aws/AwsSdkAuthConfigFactoryTest.java

@@ -0,0 +1,99 @@
+package io.fabric8.maven.docker.util.aws;
+
+import com.amazonaws.SdkClientException;
+import com.amazonaws.auth.AWSCredentialsProvider;
+import com.amazonaws.auth.BasicAWSCredentials;
+import com.amazonaws.auth.BasicSessionCredentials;
+import io.fabric8.maven.docker.access.AuthConfig;
+import io.fabric8.maven.docker.util.Logger;
+import mockit.Expectations;
+import mockit.Mocked;
+import org.junit.Before;
+import org.junit.Test;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertNull;
+
+public class AwsSdkAuthConfigFactoryTest {
+
+    @Mocked
+    private AWSCredentialsProvider credentialsProvider;
+
+    @Mocked
+    private Logger log;
+
+    private AwsSdkAuthConfigFactory objectUnderTest;
+
+
+    @Before
+    public void setup() {
+        objectUnderTest = new AwsSdkAuthConfigFactory(credentialsProvider, log);
+    }
+
+    @Test
+    public void exceptionsAreHandledGracefully() {
+        new Expectations() {{
+            credentialsProvider.getCredentials();
+            minTimes = 1;
+            result = new SdkClientException("Unauthorized");
+        }};
+
+        AuthConfig authConfig = objectUnderTest.createAuthConfig();
+
+        assertNull(authConfig);
+    }
+
+    @Test
+    public void nullValueIsPassedOn() {
+        new Expectations() {{
+            credentialsProvider.getCredentials();
+            minTimes = 1;
+            result = null;
+        }};
+
+        AuthConfig authConfig = objectUnderTest.createAuthConfig();
+
+        assertNull(authConfig);
+    }
+
+    @Test
+    public void basicCredentialsAreTransformedIntoAuthConfig() {
+        String accessKey = "accessKey";
+        String secretKey = "secretKey";
+        new Expectations() {{
+            credentialsProvider.getCredentials();
+            minTimes = 1;
+            this.result = new BasicAWSCredentials(accessKey, secretKey);
+        }};
+
+        AuthConfig authConfig = objectUnderTest.createAuthConfig();
+
+        assertNotNull(authConfig);
+        assertEquals(accessKey, authConfig.getUsername());
+        assertEquals(secretKey, authConfig.getPassword());
+        assertNull(authConfig.getAuth());
+        assertNull(authConfig.getIdentityToken());
+    }
+
+    @Test
+    public void sessionCredentialsAreTransformedIntoAuthConfig() {
+        String accessKey = "accessKey";
+        String secretKey = "secretKey";
+        String sessionToken = "sessionToken";
+        new Expectations() {{
+            credentialsProvider.getCredentials();
+            minTimes = 1;
+            this.result = new BasicSessionCredentials(accessKey, secretKey, sessionToken);
+        }};
+
+        AuthConfig authConfig = objectUnderTest.createAuthConfig();
+
+        assertNotNull(authConfig);
+        assertEquals(accessKey, authConfig.getUsername());
+        assertEquals(secretKey, authConfig.getPassword());
+        assertEquals(sessionToken, authConfig.getAuth());
+        assertNull(authConfig.getIdentityToken());
+    }
+
+}