Skip to content

Commit

Permalink
Rewrite fetchIamRole and fetchRegion to use AWS SDK (#3425) [ci skip]
Browse files Browse the repository at this point in the history 

Signed-off-by: Nathan Thorpe <nathan@techstormpc.com>
Co-authored-by: Paolo Di Tommaso <paolo.ditommaso@gmail.com>
  • Loading branch information
@nathanthorpe @pditommaso
nathanthorpe and pditommaso committed Dec 4, 2022
1 parent bdbcdde commit e350f31
Show file tree
Hide file tree
Showing 2 changed files with 12 additions and 29 deletions.
2 changes: 1 addition & 1 deletion buildSrc/build.gradle
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ version = "1.0.1"
group = "io.nextflow"

dependencies {
implementation ('com.amazonaws:aws-java-sdk-s3:1.11.542')
implementation ('com.amazonaws:aws-java-sdk-s3:1.12.129')
implementation 'com.google.code.gson:gson:2.9.0'
}

Expand Down
39 changes: 11 additions & 28 deletions plugins/nf-amazon/src/main/nextflow/cloud/aws/AmazonClientFactory.groovy
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,10 +17,12 @@

package nextflow.cloud.aws

import com.amazonaws.AmazonClientException
import com.amazonaws.auth.AWSCredentials
import com.amazonaws.auth.AWSStaticCredentialsProvider
import com.amazonaws.auth.BasicAWSCredentials
import com.amazonaws.auth.BasicSessionCredentials
import com.amazonaws.regions.InstanceMetadataRegionProvider
import com.amazonaws.regions.Region
import com.amazonaws.regions.RegionUtils
import com.amazonaws.services.batch.AWSBatchClient
Expand All @@ -29,6 +31,8 @@ import com.amazonaws.services.ecs.AmazonECS
import com.amazonaws.services.ecs.AmazonECSClientBuilder
import com.amazonaws.services.logs.AWSLogs
import com.amazonaws.services.logs.AWSLogsAsyncClientBuilder
import com.amazonaws.services.securitytoken.AWSSecurityTokenServiceClientBuilder
import com.amazonaws.services.securitytoken.model.GetCallerIdentityRequest
import groovy.transform.CompileStatic
import groovy.transform.Memoized
import groovy.util.logging.Slf4j
Expand Down Expand Up @@ -134,37 +138,17 @@ class AmazonClientFactory {
* The IAM role name associated to this instance or {@code null} if no role is defined or
* it's not a EC2 instance
*/
protected String fetchIamRole() {
private String fetchIamRole() {
try {
def role = getUrl('http://169.254.169.254/latest/meta-data/iam/security-credentials/').readLines()
if( role.size() != 1 )
throw new IllegalArgumentException("Not a valid EC2 IAM role")
return role.get(0)
def stsClient = AWSSecurityTokenServiceClientBuilder.defaultClient();
return stsClient.getCallerIdentity(new GetCallerIdentityRequest()).getArn()
}
catch( IOException e ) {
catch( AmazonClientException e ) {
log.trace "Unable to fetch IAM credentials -- Cause: ${e.message}"
return null
}
}

/**
* Fetch a remote URL resource text content
*
* @param path
* A valid http/https resource URL
* @param timeout
* Max connection timeout in millis
* @return
* The resource URL content
*/
protected String getUrl(String path, int timeout=150) {
final url = new URL(path)
final con = url.openConnection()
con.setConnectTimeout(timeout)
con.setReadTimeout(timeout)
return con.getInputStream().text.trim()
}

/**
* Retrieve the AWS region from the EC2 instance metadata.
* See http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html
Expand All @@ -173,12 +157,11 @@ class AmazonClientFactory {
* The AWS region of the current EC2 instance eg. {@code eu-west-1} or
* {@code null} if it's not an EC2 instance.
*/
protected String fetchRegion() {
private String fetchRegion() {
try {
def zone = getUrl('http://169.254.169.254/latest/meta-data/placement/availability-zone')
zone ? zone.substring(0,zone.length()-1) : null
return new InstanceMetadataRegionProvider().getRegion()
}
catch (IOException e) {
catch (AmazonClientException e) {
log.debug "Cannot fetch AWS region", e
return null
}
Expand Down

0 comments on commit e350f31

Please sign in to comment.