From b1714405d6b823a0924d30fe31b3444cb252d800 Mon Sep 17 00:00:00 2001 From: Nastya Smirnova Date: Fri, 28 Jun 2019 18:18:58 +0300 Subject: [PATCH] feat(aws): support explicit AWS credentials (#576) --- .../kayenta/aws/config/AwsConfiguration.java | 13 +++++++++++++ .../kayenta/aws/config/AwsManagedAccount.java | 10 ++++++++++ kayenta-web/config/kayenta.yml | 5 +++++ 3 files changed, 28 insertions(+) diff --git a/kayenta-aws/src/main/java/com/netflix/kayenta/aws/config/AwsConfiguration.java b/kayenta-aws/src/main/java/com/netflix/kayenta/aws/config/AwsConfiguration.java index 556f05fd8..17bf174d0 100644 --- a/kayenta-aws/src/main/java/com/netflix/kayenta/aws/config/AwsConfiguration.java +++ b/kayenta-aws/src/main/java/com/netflix/kayenta/aws/config/AwsConfiguration.java @@ -18,6 +18,10 @@ import com.amazonaws.ClientConfiguration; import com.amazonaws.Protocol; +import com.amazonaws.auth.AWSCredentials; +import com.amazonaws.auth.AWSStaticCredentialsProvider; +import com.amazonaws.auth.BasicAWSCredentials; +import com.amazonaws.auth.BasicSessionCredentials; import com.amazonaws.auth.profile.ProfileCredentialsProvider; import com.amazonaws.client.builder.AwsClientBuilder; import com.amazonaws.services.s3.AmazonS3; @@ -84,6 +88,15 @@ boolean registerAwsCredentials(AwsConfigurationProperties awsConfigurationProper amazonS3ClientBuilder.withCredentials(new ProfileCredentialsProvider(profileName)); } + AwsManagedAccount.ExplicitAwsCredentials explicitCredentials = awsManagedAccount.getExplicitCredentials(); + if (explicitCredentials != null) { + String sessionToken = explicitCredentials.getSessionToken(); + AWSCredentials awsCreds = (sessionToken == null) ? + new BasicAWSCredentials(explicitCredentials.getAccessKey(), explicitCredentials.getSecretKey()) : + new BasicSessionCredentials(explicitCredentials.getAccessKey(), explicitCredentials.getSecretKey(), sessionToken); + amazonS3ClientBuilder.withCredentials(new AWSStaticCredentialsProvider(awsCreds)); + } + String endpoint = awsManagedAccount.getEndpoint(); if (!StringUtils.isEmpty(endpoint)) { diff --git a/kayenta-aws/src/main/java/com/netflix/kayenta/aws/config/AwsManagedAccount.java b/kayenta-aws/src/main/java/com/netflix/kayenta/aws/config/AwsManagedAccount.java index fb3f7c94b..030d50e91 100644 --- a/kayenta-aws/src/main/java/com/netflix/kayenta/aws/config/AwsManagedAccount.java +++ b/kayenta-aws/src/main/java/com/netflix/kayenta/aws/config/AwsManagedAccount.java @@ -36,6 +36,16 @@ public class AwsManagedAccount { private String proxyHost; private String proxyPort; private String proxyProtocol; + private ExplicitAwsCredentials explicitCredentials; private List supportedTypes; + + @Data + public static class ExplicitAwsCredentials { + + String accessKey; + String secretKey; + String sessionToken; + + } } diff --git a/kayenta-web/config/kayenta.yml b/kayenta-web/config/kayenta.yml index 3a3dd0caa..86c99f6fc 100644 --- a/kayenta-web/config/kayenta.yml +++ b/kayenta-web/config/kayenta.yml @@ -36,6 +36,11 @@ kayenta: # - name: # bucket: # rootFolder: kayenta +# You can set credentials that you supply explicitly (see: AwsManagedAccount.ExplicitAwsCredentials) +# explicitCredentials: +# accessKey: explicitAccessKey +# secretKey: explicitSecretKey +# sessionToken: explicitSessionToken (optional) # supportedTypes: # - OBJECT_STORE # - CONFIGURATION_STORE