feat(aws): support explicit AWS credentials (#576)

spinnaker · Jun 28, 2019 · b171440 · b171440
1 parent 26feb32
commit b171440
Show file tree

Hide file tree

Showing 3 changed files with 28 additions and 0 deletions.
diff --git a/kayenta-aws/src/main/java/com/netflix/kayenta/aws/config/AwsConfiguration.java b/kayenta-aws/src/main/java/com/netflix/kayenta/aws/config/AwsConfiguration.java
@@ -18,6 +18,10 @@
 
 import com.amazonaws.ClientConfiguration;
 import com.amazonaws.Protocol;
+import com.amazonaws.auth.AWSCredentials;
+import com.amazonaws.auth.AWSStaticCredentialsProvider;
+import com.amazonaws.auth.BasicAWSCredentials;
+import com.amazonaws.auth.BasicSessionCredentials;
 import com.amazonaws.auth.profile.ProfileCredentialsProvider;
 import com.amazonaws.client.builder.AwsClientBuilder;
 import com.amazonaws.services.s3.AmazonS3;
@@ -84,6 +88,15 @@ boolean registerAwsCredentials(AwsConfigurationProperties awsConfigurationProper
         amazonS3ClientBuilder.withCredentials(new ProfileCredentialsProvider(profileName));
       }
 
+      AwsManagedAccount.ExplicitAwsCredentials explicitCredentials = awsManagedAccount.getExplicitCredentials();
+      if (explicitCredentials != null) {
+        String sessionToken = explicitCredentials.getSessionToken();
+        AWSCredentials awsCreds = (sessionToken == null) ?
+                new BasicAWSCredentials(explicitCredentials.getAccessKey(), explicitCredentials.getSecretKey()) :
+                new BasicSessionCredentials(explicitCredentials.getAccessKey(), explicitCredentials.getSecretKey(), sessionToken);
+        amazonS3ClientBuilder.withCredentials(new AWSStaticCredentialsProvider(awsCreds));
+      }
+
       String endpoint = awsManagedAccount.getEndpoint();
 
       if (!StringUtils.isEmpty(endpoint)) {

diff --git a/kayenta-aws/src/main/java/com/netflix/kayenta/aws/config/AwsManagedAccount.java b/kayenta-aws/src/main/java/com/netflix/kayenta/aws/config/AwsManagedAccount.java
@@ -36,6 +36,16 @@ public class AwsManagedAccount {
   private String proxyHost;
   private String proxyPort;
   private String proxyProtocol;
+  private ExplicitAwsCredentials explicitCredentials;
 
   private List<AccountCredentials.Type> supportedTypes;
+
+  @Data
+  public static class ExplicitAwsCredentials {
+
+    String accessKey;
+    String secretKey;
+    String sessionToken;
+
+  }
 }
diff --git a/kayenta-web/config/kayenta.yml b/kayenta-web/config/kayenta.yml
@@ -36,6 +36,11 @@ kayenta:
 #      - name:
 #        bucket:
 #        rootFolder: kayenta
+#        You can set credentials that you supply explicitly (see: AwsManagedAccount.ExplicitAwsCredentials)
+#        explicitCredentials:
+#          accessKey: explicitAccessKey
+#          secretKey: explicitSecretKey
+#          sessionToken: explicitSessionToken (optional)
 #        supportedTypes:
 #          - OBJECT_STORE
 #          - CONFIGURATION_STORE