Merge pull request #351 from jglick/SSO

Allow use of AWS SSO at least in tests

pom.xml

@@ -76,6 +76,12 @@
       <artifactId>aws-credentials</artifactId>
       <version>191.vcb_f183ce58b_9</version>
     </dependency>
+    <dependency>
+      <groupId>software.amazon.awssdk</groupId>
+      <artifactId>sso</artifactId>
+      <version>2.19.19</version>
+      <scope>test</scope>
+    </dependency>
     <dependency>
       <groupId>org.jenkins-ci.plugins</groupId>
       <artifactId>apache-httpcomponents-client-4-api</artifactId>

src/main/java/io/jenkins/plugins/artifact_manager_jclouds/s3/S3BlobStoreConfig.java

@@ -25,10 +25,9 @@
 package io.jenkins.plugins.artifact_manager_jclouds.s3;
 
 import java.io.IOException;
+import java.util.function.Supplier;
 import java.util.regex.Pattern;
 
-import edu.umd.cs.findbugs.annotations.NonNull;
-
 import org.apache.commons.lang.StringUtils;
 import org.kohsuke.stapler.DataBoundSetter;
 import org.kohsuke.stapler.QueryParameter;
@@ -271,12 +270,15 @@ public static S3BlobStoreConfig get() {
         return ExtensionList.lookupSingleton(S3BlobStoreConfig.class);
     }
 
+    @VisibleForTesting
+    static Supplier<AmazonS3ClientBuilder> clientBuilder = AmazonS3ClientBuilder::standard;
+
     /**
     *
     * @return an AmazonS3ClientBuilder using the region or not, it depends if a region is configured or not.
     */
     AmazonS3ClientBuilder getAmazonS3ClientBuilder() {
-        AmazonS3ClientBuilder ret = AmazonS3ClientBuilder.standard();
+        AmazonS3ClientBuilder ret = clientBuilder.get();
 
         if (StringUtils.isNotBlank(customEndpoint)) {
             String resolvedCustomSigningRegion = customSigningRegion;

src/test/java/io/jenkins/plugins/artifact_manager_jclouds/s3/S3AbstractTest.java

@@ -44,7 +44,10 @@
 import org.jvnet.hudson.test.LoggerRule;
 
 import com.amazonaws.SdkClientException;
+import com.amazonaws.auth.AWSCredentialsProvider;
+import com.amazonaws.auth.AWSCredentialsProviderChain;
 import com.amazonaws.auth.AnonymousAWSCredentials;
+import com.amazonaws.auth.DefaultAWSCredentialsProviderChain;
 import com.amazonaws.services.s3.AmazonS3ClientBuilder;
 
 import io.jenkins.plugins.artifact_manager_jclouds.BlobStoreProvider;
@@ -65,8 +68,10 @@ public abstract class S3AbstractTest {
     public static void live() {
         assumeThat("define $S3_BUCKET as explained in README", S3_BUCKET, notNullValue());
         assumeThat("define $S3_DIR as explained in README", S3_DIR, notNullValue());
+        AWSCredentialsProvider ssoEnabledCredentialsProvider = new AWSCredentialsProviderChain(DefaultAWSCredentialsProviderChain.getInstance(), new V2ProfileCredentialsProvider());
+        S3BlobStoreConfig.clientBuilder = () -> AmazonS3ClientBuilder.standard().withCredentials(ssoEnabledCredentialsProvider);
         try {
-            AmazonS3ClientBuilder builder = AmazonS3ClientBuilder.standard();
+            AmazonS3ClientBuilder builder = S3BlobStoreConfig.clientBuilder.get();
             assumeTrue(S3_BUCKET + " bucket does not exist", builder.build().doesBucketExistV2(S3_BUCKET));
             builder.build().listObjects(S3_BUCKET);
             assumeThat("can get credentials from environment", builder.getCredentials().getCredentials(), allOf(notNullValue(), not(isA(AnonymousAWSCredentials.class))));

src/test/java/io/jenkins/plugins/artifact_manager_jclouds/s3/V2ProfileCredentialsProvider.java

@@ -0,0 +1,56 @@
+/*
+ * The MIT License
+ *
+ * Copyright 2023 CloudBees, Inc.
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+package io.jenkins.plugins.artifact_manager_jclouds.s3;
+
+import com.amazonaws.auth.AWSCredentials;
+import com.amazonaws.auth.AWSCredentialsProvider;
+import com.amazonaws.auth.BasicAWSCredentials;
+import com.amazonaws.auth.BasicSessionCredentials;
+import software.amazon.awssdk.auth.credentials.AwsCredentials;
+import software.amazon.awssdk.auth.credentials.AwsSessionCredentials;
+import software.amazon.awssdk.auth.credentials.ProfileCredentialsProvider;
+
+/**
+ * Allows use of {@code aws sso login} when running tests.
+ * Adapted from https://github.com/aws/aws-sdk-java/issues/2434#issuecomment-819985174 and https://github.com/aws/aws-sdk-java/issues/803#issuecomment-593530484
+ */
+public class V2ProfileCredentialsProvider implements AWSCredentialsProvider {
+
+    private final ProfileCredentialsProvider delegate = ProfileCredentialsProvider.create();
+
+    @Override public AWSCredentials getCredentials() {
+        AwsCredentials credentials = delegate.resolveCredentials();
+        if (credentials instanceof AwsSessionCredentials) {
+            AwsSessionCredentials sessionCredentials = (AwsSessionCredentials) credentials;
+            return new BasicSessionCredentials(sessionCredentials.accessKeyId(), sessionCredentials.secretAccessKey(), sessionCredentials.sessionToken());
+        } else {
+            return new BasicAWSCredentials(credentials.accessKeyId(), credentials.secretAccessKey());
+        }
+    }
+
+    @Override public void refresh() {
+        assert false;
+    }
+}