-
Notifications
You must be signed in to change notification settings - Fork 177
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Updates the S3 sink to use the AWS Plugin for loading AWS credentials #2787
Merged
dlvenable
merged 3 commits into
opensearch-project:main
from
dlvenable:2767-s3-sink-aws-plugin
Jun 2, 2023
Merged
Changes from all commits
Commits
Show all changes
3 commits
Select commit
Hold shift + click to select a range
fcf0969
Updates the S3 sink to use the AWS Plugin for loading AWS credentials…
dlvenable dcbc251
Fix the ClientFactoryTest to run without a region configured and para…
dlvenable f34627a
Adds missing unit tests as noted in PR feedback. Updates the testing …
dlvenable File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
43 changes: 43 additions & 0 deletions
43
...-plugins/s3-sink/src/main/java/org/opensearch/dataprepper/plugins/sink/ClientFactory.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,43 @@ | ||
/* | ||
* Copyright OpenSearch Contributors | ||
* SPDX-License-Identifier: Apache-2.0 | ||
*/ | ||
|
||
package org.opensearch.dataprepper.plugins.sink; | ||
|
||
import org.opensearch.dataprepper.aws.api.AwsCredentialsOptions; | ||
import org.opensearch.dataprepper.aws.api.AwsCredentialsSupplier; | ||
import org.opensearch.dataprepper.plugins.sink.configuration.AwsAuthenticationOptions; | ||
import software.amazon.awssdk.auth.credentials.AwsCredentialsProvider; | ||
import software.amazon.awssdk.core.client.config.ClientOverrideConfiguration; | ||
import software.amazon.awssdk.core.retry.RetryPolicy; | ||
import software.amazon.awssdk.services.s3.S3Client; | ||
|
||
public final class ClientFactory { | ||
private ClientFactory() { } | ||
|
||
static S3Client createS3Client(final S3SinkConfig s3SinkConfig, final AwsCredentialsSupplier awsCredentialsSupplier) { | ||
final AwsCredentialsOptions awsCredentialsOptions = convertToCredentialsOptions(s3SinkConfig.getAwsAuthenticationOptions()); | ||
final AwsCredentialsProvider awsCredentialsProvider = awsCredentialsSupplier.getProvider(awsCredentialsOptions); | ||
|
||
return S3Client.builder() | ||
.region(s3SinkConfig.getAwsAuthenticationOptions().getAwsRegion()) | ||
.credentialsProvider(awsCredentialsProvider) | ||
.overrideConfiguration(createOverrideConfiguration(s3SinkConfig)).build(); | ||
} | ||
|
||
private static ClientOverrideConfiguration createOverrideConfiguration(final S3SinkConfig s3SinkConfig) { | ||
final RetryPolicy retryPolicy = RetryPolicy.builder().numRetries(s3SinkConfig.getMaxConnectionRetries()).build(); | ||
return ClientOverrideConfiguration.builder() | ||
.retryPolicy(retryPolicy) | ||
.build(); | ||
} | ||
|
||
private static AwsCredentialsOptions convertToCredentialsOptions(final AwsAuthenticationOptions awsAuthenticationOptions) { | ||
return AwsCredentialsOptions.builder() | ||
.withRegion(awsAuthenticationOptions.getAwsRegion()) | ||
.withStsRoleArn(awsAuthenticationOptions.getAwsStsRoleArn()) | ||
.withStsHeaderOverrides(awsAuthenticationOptions.getAwsStsHeaderOverrides()) | ||
.build(); | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
99 changes: 99 additions & 0 deletions
99
...gins/s3-sink/src/test/java/org/opensearch/dataprepper/plugins/sink/ClientFactoryTest.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,99 @@ | ||
/* | ||
* Copyright OpenSearch Contributors | ||
* SPDX-License-Identifier: Apache-2.0 | ||
*/ | ||
|
||
package org.opensearch.dataprepper.plugins.sink; | ||
|
||
import org.junit.jupiter.api.BeforeEach; | ||
import org.junit.jupiter.api.Test; | ||
import org.junit.jupiter.api.extension.ExtendWith; | ||
import org.junit.jupiter.params.ParameterizedTest; | ||
import org.junit.jupiter.params.provider.ValueSource; | ||
import org.mockito.ArgumentCaptor; | ||
import org.mockito.Mock; | ||
import org.mockito.MockedStatic; | ||
import org.mockito.junit.jupiter.MockitoExtension; | ||
import org.opensearch.dataprepper.aws.api.AwsCredentialsOptions; | ||
import org.opensearch.dataprepper.aws.api.AwsCredentialsSupplier; | ||
import org.opensearch.dataprepper.plugins.sink.configuration.AwsAuthenticationOptions; | ||
import software.amazon.awssdk.auth.credentials.AwsCredentialsProvider; | ||
import software.amazon.awssdk.core.client.config.ClientOverrideConfiguration; | ||
import software.amazon.awssdk.regions.Region; | ||
import software.amazon.awssdk.services.s3.S3Client; | ||
import software.amazon.awssdk.services.s3.S3ClientBuilder; | ||
|
||
import java.util.Map; | ||
import java.util.UUID; | ||
|
||
import static org.hamcrest.CoreMatchers.equalTo; | ||
import static org.hamcrest.CoreMatchers.notNullValue; | ||
import static org.hamcrest.MatcherAssert.assertThat; | ||
import static org.mockito.ArgumentMatchers.any; | ||
import static org.mockito.Mockito.mock; | ||
import static org.mockito.Mockito.mockStatic; | ||
import static org.mockito.Mockito.verify; | ||
import static org.mockito.Mockito.when; | ||
|
||
@ExtendWith(MockitoExtension.class) | ||
class ClientFactoryTest { | ||
@Mock | ||
private S3SinkConfig s3SinkConfig; | ||
@Mock | ||
private AwsCredentialsSupplier awsCredentialsSupplier; | ||
|
||
@Mock | ||
private AwsAuthenticationOptions awsAuthenticationOptions; | ||
|
||
@BeforeEach | ||
void setUp() { | ||
when(s3SinkConfig.getAwsAuthenticationOptions()).thenReturn(awsAuthenticationOptions); | ||
} | ||
|
||
@Test | ||
void createS3Client_with_real_S3Client() { | ||
when(awsAuthenticationOptions.getAwsRegion()).thenReturn(Region.US_EAST_1); | ||
final S3Client s3Client = ClientFactory.createS3Client(s3SinkConfig, awsCredentialsSupplier); | ||
|
||
assertThat(s3Client, notNullValue()); | ||
} | ||
|
||
@ParameterizedTest | ||
@ValueSource(strings = {"us-east-1", "us-west-2", "eu-central-1"}) | ||
void createS3Client_provides_correct_inputs(final String regionString) { | ||
final Region region = Region.of(regionString); | ||
final String stsRoleArn = UUID.randomUUID().toString(); | ||
final Map<String, String> stsHeaderOverrides = Map.of(UUID.randomUUID().toString(), UUID.randomUUID().toString()); | ||
when(awsAuthenticationOptions.getAwsRegion()).thenReturn(region); | ||
when(awsAuthenticationOptions.getAwsStsRoleArn()).thenReturn(stsRoleArn); | ||
when(awsAuthenticationOptions.getAwsStsHeaderOverrides()).thenReturn(stsHeaderOverrides); | ||
|
||
final AwsCredentialsProvider expectedCredentialsProvider = mock(AwsCredentialsProvider.class); | ||
when(awsCredentialsSupplier.getProvider(any())).thenReturn(expectedCredentialsProvider); | ||
|
||
final S3ClientBuilder s3ClientBuilder = mock(S3ClientBuilder.class); | ||
when(s3ClientBuilder.region(region)).thenReturn(s3ClientBuilder); | ||
when(s3ClientBuilder.credentialsProvider(any())).thenReturn(s3ClientBuilder); | ||
when(s3ClientBuilder.overrideConfiguration(any(ClientOverrideConfiguration.class))).thenReturn(s3ClientBuilder); | ||
try(final MockedStatic<S3Client> s3ClientMockedStatic = mockStatic(S3Client.class)) { | ||
s3ClientMockedStatic.when(S3Client::builder) | ||
.thenReturn(s3ClientBuilder); | ||
ClientFactory.createS3Client(s3SinkConfig, awsCredentialsSupplier); | ||
} | ||
|
||
final ArgumentCaptor<AwsCredentialsProvider> credentialsProviderArgumentCaptor = ArgumentCaptor.forClass(AwsCredentialsProvider.class); | ||
verify(s3ClientBuilder).credentialsProvider(credentialsProviderArgumentCaptor.capture()); | ||
|
||
final AwsCredentialsProvider actualCredentialsProvider = credentialsProviderArgumentCaptor.getValue(); | ||
|
||
assertThat(actualCredentialsProvider, equalTo(expectedCredentialsProvider)); | ||
|
||
final ArgumentCaptor<AwsCredentialsOptions> optionsArgumentCaptor = ArgumentCaptor.forClass(AwsCredentialsOptions.class); | ||
verify(awsCredentialsSupplier).getProvider(optionsArgumentCaptor.capture()); | ||
|
||
final AwsCredentialsOptions actualCredentialsOptions = optionsArgumentCaptor.getValue(); | ||
assertThat(actualCredentialsOptions.getRegion(), equalTo(region)); | ||
assertThat(actualCredentialsOptions.getStsRoleArn(), equalTo(stsRoleArn)); | ||
assertThat(actualCredentialsOptions.getStsHeaderOverrides(), equalTo(stsHeaderOverrides)); | ||
} | ||
} |
Oops, something went wrong.
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There are no unit tests in
AwsAuthenticationOptionsTest.java
file for these new methodsThere was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@cmanning09 , I just pushed a change which adds testing for these getters.