Skip to content

Commit

Permalink
Refactor logic using DefaultAWSCredentialsProviderChain
Browse files Browse the repository at this point in the history
  • Loading branch information
@alfespa17
alfespa17 committed Oct 17, 2024
1 parent 65bfe54 commit e78f7df
Show file tree
Hide file tree
Showing 4 changed files with 89 additions and 156 deletions.
68 changes: 26 additions & 42 deletions ...ain/java/org/terrakube/api/plugin/storage/configuration/StorageTypeAutoConfiguration.java
View file
Original file line number Diff line number Diff line change
@@ -1,12 +1,9 @@
package org.terrakube.api.plugin.storage.configuration;

import com.amazonaws.ClientConfiguration;
import com.amazonaws.auth.AWSCredentials;
import com.amazonaws.auth.AWSStaticCredentialsProvider;
import com.amazonaws.auth.*;
import com.amazonaws.services.securitytoken.AWSSecurityTokenService;
import com.amazonaws.services.securitytoken.AWSSecurityTokenServiceClientBuilder;
import com.amazonaws.auth.BasicAWSCredentials;
import com.amazonaws.auth.BasicSessionCredentials;
import com.amazonaws.client.builder.AwsClientBuilder;
import com.amazonaws.regions.Regions;
import com.amazonaws.services.s3.AmazonS3;
Expand Down Expand Up @@ -66,56 +63,43 @@ public StorageTypeService terraformOutput(StreamingService streamingService, Sto
.build();
break;
case AWS:
AWSStaticCredentialsProvider awsStaticCredentialsProvider = null;

if(awsStorageTypeProperties.isEnableRoleAuthentication()) {
log.warn("Using aws role authentication");
AWSSecurityTokenService stsClient = AWSSecurityTokenServiceClientBuilder
.standard()
.withRegion(awsStorageTypeProperties.getRegion())
.build();

AssumeRoleRequest roleRequest = new AssumeRoleRequest()
.withRoleArn(awsStorageTypeProperties.getRoleArn())
.withRoleSessionName(awsStorageTypeProperties.getRoleSessionName());

AssumeRoleResult assumeRoleResult = stsClient.assumeRole(roleRequest);

com.amazonaws.services.securitytoken.model.Credentials sessionCredentials = assumeRoleResult.getCredentials();

BasicSessionCredentials basicSessionCredentials = new BasicSessionCredentials(
sessionCredentials.getAccessKeyId(), sessionCredentials.getSecretAccessKey(),
sessionCredentials.getSessionToken());

awsStaticCredentialsProvider= new AWSStaticCredentialsProvider(basicSessionCredentials);
AmazonS3 s3client = null;
if (!awsStorageTypeProperties.getEndpoint().equals("")) {
log.info("Using S3 compatible Endpoint={}", awsStorageTypeProperties.getEndpoint());
ClientConfiguration clientConfiguration = new ClientConfiguration();
clientConfiguration.setSignerOverride("AWSS3V4SignerType");

} else {
log.warn("Using aws access key and secret key for authentication");
AWSCredentials credentials = new BasicAWSCredentials(
awsStorageTypeProperties.getAccessKey(),
awsStorageTypeProperties.getSecretKey()
);
awsStaticCredentialsProvider = new AWSStaticCredentialsProvider(credentials);
}

AmazonS3 s3client = null;
if (!awsStorageTypeProperties.getEndpoint().equals("")) {
ClientConfiguration clientConfiguration = new ClientConfiguration();
clientConfiguration.setSignerOverride("AWSS3V4SignerType");

s3client = AmazonS3ClientBuilder
.standard()
.withEndpointConfiguration(new AwsClientBuilder.EndpointConfiguration(awsStorageTypeProperties.getEndpoint(), awsStorageTypeProperties.getRegion()))
.withCredentials(awsStaticCredentialsProvider)
.withCredentials(new AWSStaticCredentialsProvider(credentials))
.withClientConfiguration(clientConfiguration)
.withPathStyleAccessEnabled(true)
.build();
}else
s3client = AmazonS3ClientBuilder
.standard()
.withCredentials(awsStaticCredentialsProvider)
.withRegion(Regions.fromName(awsStorageTypeProperties.getRegion()))
.build();
}else if (awsStorageTypeProperties.isEnableRoleAuthentication()) {
log.info("Using Role Authentication");
s3client = AmazonS3ClientBuilder.standard()
.withCredentials(new DefaultAWSCredentialsProviderChain())
.withRegion(awsStorageTypeProperties.getRegion())
.build();
} else {
log.info("Using Default S3 Authentication");
AWSCredentials credentials = new BasicAWSCredentials(
awsStorageTypeProperties.getAccessKey(),
awsStorageTypeProperties.getSecretKey()
);

s3client = AmazonS3ClientBuilder
.standard()
.withCredentials(new AWSStaticCredentialsProvider(credentials))
.withRegion(Regions.fromName(awsStorageTypeProperties.getRegion()))
.build();
}

storageTypeService = AwsStorageTypeServiceImpl.builder()
.s3client(s3client)
Expand Down
60 changes: 22 additions & 38 deletions ...rg/terrakube/executor/plugin/tfoutput/configuration/TerraformOutputAutoConfiguration.java
View file
Original file line number Diff line number Diff line change
@@ -1,10 +1,7 @@
package org.terrakube.executor.plugin.tfoutput.configuration;

import com.amazonaws.ClientConfiguration;
import com.amazonaws.auth.AWSCredentials;
import com.amazonaws.auth.AWSStaticCredentialsProvider;
import com.amazonaws.auth.BasicAWSCredentials;
import com.amazonaws.auth.BasicSessionCredentials;
import com.amazonaws.auth.*;
import com.amazonaws.client.builder.AwsClientBuilder;
import com.amazonaws.regions.Regions;
import com.amazonaws.services.s3.AmazonS3;
Expand Down Expand Up @@ -68,56 +65,43 @@ public TerraformOutput terraformOutput(TerraformOutputProperties terraformOutput
.build();
break;
case AwsTerraformOutputImpl:
AWSStaticCredentialsProvider awsStaticCredentialsProvider = null;

if(awsTerraformOutputProperties.isEnableRoleAuthentication()) {
log.warn("Using aws role authentication");
AWSSecurityTokenService stsClient = AWSSecurityTokenServiceClientBuilder
.standard()
.withRegion(awsTerraformOutputProperties.getRegion())
.build();

AssumeRoleRequest roleRequest = new AssumeRoleRequest()
.withRoleArn(awsTerraformOutputProperties.getRoleArn())
.withRoleSessionName(awsTerraformOutputProperties.getRoleSessionName());

AssumeRoleResult assumeRoleResult = stsClient.assumeRole(roleRequest);

com.amazonaws.services.securitytoken.model.Credentials sessionCredentials = assumeRoleResult.getCredentials();

BasicSessionCredentials basicSessionCredentials = new BasicSessionCredentials(
sessionCredentials.getAccessKeyId(), sessionCredentials.getSecretAccessKey(),
sessionCredentials.getSessionToken());

awsStaticCredentialsProvider= new AWSStaticCredentialsProvider(basicSessionCredentials);
AmazonS3 s3client = null;
if (awsTerraformOutputProperties.getEndpoint() != "") {
log.info("Using S3 compatible Endpoint={}", awsTerraformOutputProperties.getEndpoint());
ClientConfiguration clientConfiguration = new ClientConfiguration();
clientConfiguration.setSignerOverride("AWSS3V4SignerType");

} else {
log.warn("Using aws access key and secret key for authentication");
AWSCredentials credentials = new BasicAWSCredentials(
awsTerraformOutputProperties.getAccessKey(),
awsTerraformOutputProperties.getSecretKey()
);
awsStaticCredentialsProvider = new AWSStaticCredentialsProvider(credentials);
}

AmazonS3 s3client = null;
if (awsTerraformOutputProperties.getEndpoint() != "") {
ClientConfiguration clientConfiguration = new ClientConfiguration();
clientConfiguration.setSignerOverride("AWSS3V4SignerType");

s3client = AmazonS3ClientBuilder
.standard()
.withEndpointConfiguration(new AwsClientBuilder.EndpointConfiguration(awsTerraformOutputProperties.getEndpoint(), awsTerraformOutputProperties.getRegion()))
.withPathStyleAccessEnabled(true)
.withClientConfiguration(clientConfiguration)
.withCredentials(awsStaticCredentialsProvider)
.withCredentials(new AWSStaticCredentialsProvider(credentials))
.build();
} else if (awsTerraformOutputProperties.isEnableRoleAuthentication()) {
log.info("Using Role Authentication");
s3client = AmazonS3ClientBuilder.standard()
.withCredentials(new DefaultAWSCredentialsProviderChain())
.withRegion(awsTerraformOutputProperties.getRegion())
.build();
} else
} else {
log.info("Using Default S3 Authentication");
AWSCredentials credentials = new BasicAWSCredentials(
awsTerraformOutputProperties.getAccessKey(),
awsTerraformOutputProperties.getSecretKey()
);

s3client = AmazonS3ClientBuilder
.standard()
.withCredentials(awsStaticCredentialsProvider)
.withCredentials(new AWSStaticCredentialsProvider(credentials))
.withRegion(Regions.fromName(awsTerraformOutputProperties.getRegion()))
.build();
}

terraformOutput = AwsTerraformOutputImpl.builder()
.s3client(s3client)
Expand Down
55 changes: 20 additions & 35 deletions .../org/terrakube/executor/plugin/tfstate/configuration/TerraformStateAutoConfiguration.java
View file
Original file line number Diff line number Diff line change
@@ -1,10 +1,7 @@
package org.terrakube.executor.plugin.tfstate.configuration;

import com.amazonaws.ClientConfiguration;
import com.amazonaws.auth.AWSCredentials;
import com.amazonaws.auth.AWSStaticCredentialsProvider;
import com.amazonaws.auth.BasicAWSCredentials;
import com.amazonaws.auth.BasicSessionCredentials;
import com.amazonaws.auth.*;
import com.amazonaws.client.builder.AwsClientBuilder;
import com.amazonaws.regions.Regions;
import com.amazonaws.services.s3.AmazonS3;
Expand Down Expand Up @@ -77,42 +74,17 @@ public TerraformState terraformState(TerrakubeClient terrakubeClient, TerraformS
.build();
break;
case AwsTerraformStateImpl:
AWSStaticCredentialsProvider awsStaticCredentialsProvider = null;

if(awsTerraformStateProperties.isEnableRoleAuthentication()) {
log.warn("Using aws role authentication");
AWSSecurityTokenService stsClient = AWSSecurityTokenServiceClientBuilder
.standard()
.withRegion(awsTerraformStateProperties.getRegion())
.build();

AssumeRoleRequest roleRequest = new AssumeRoleRequest()
.withRoleArn(awsTerraformStateProperties.getRoleArn())
.withRoleSessionName(awsTerraformStateProperties.getRoleSessionName());

AssumeRoleResult assumeRoleResult = stsClient.assumeRole(roleRequest);

com.amazonaws.services.securitytoken.model.Credentials sessionCredentials = assumeRoleResult.getCredentials();

BasicSessionCredentials basicSessionCredentials = new BasicSessionCredentials(
sessionCredentials.getAccessKeyId(), sessionCredentials.getSecretAccessKey(),
sessionCredentials.getSessionToken());
AmazonS3 s3client = null;

awsStaticCredentialsProvider= new AWSStaticCredentialsProvider(basicSessionCredentials);
if (awsTerraformStateProperties.getEndpoint() != "") {
ClientConfiguration clientConfiguration = new ClientConfiguration();
clientConfiguration.setSignerOverride("AWSS3V4SignerType");

} else {
log.warn("Using aws access key and secret key for authentication");
AWSCredentials credentials = new BasicAWSCredentials(
awsTerraformStateProperties.getAccessKey(),
awsTerraformStateProperties.getSecretKey()
);
awsStaticCredentialsProvider = new AWSStaticCredentialsProvider(credentials);
}
AmazonS3 s3client = null;

if (awsTerraformStateProperties.getEndpoint() != "") {
ClientConfiguration clientConfiguration = new ClientConfiguration();
clientConfiguration.setSignerOverride("AWSS3V4SignerType");
AWSStaticCredentialsProvider awsStaticCredentialsProvider = new AWSStaticCredentialsProvider(credentials);

s3client = AmazonS3ClientBuilder
.standard()
Expand All @@ -121,12 +93,25 @@ public TerraformState terraformState(TerrakubeClient terrakubeClient, TerraformS
.withCredentials(awsStaticCredentialsProvider)
.withPathStyleAccessEnabled(true)
.build();
} else
} else if (awsTerraformStateProperties.isEnableRoleAuthentication()) {
log.info("Using Role Authentication");
s3client = AmazonS3ClientBuilder.standard()
.withCredentials(new DefaultAWSCredentialsProviderChain())
.withRegion(awsTerraformStateProperties.getRegion())
.build();
} else {
AWSCredentials credentials = new BasicAWSCredentials(
awsTerraformStateProperties.getAccessKey(),
awsTerraformStateProperties.getSecretKey()
);
AWSStaticCredentialsProvider awsStaticCredentialsProvider = new AWSStaticCredentialsProvider(credentials);

s3client = AmazonS3ClientBuilder
.standard()
.withCredentials(awsStaticCredentialsProvider)
.withRegion(Regions.fromName(awsTerraformStateProperties.getRegion()))
.build();
}

terraformState = AwsTerraformStateImpl.builder()
.s3client(s3client)
Expand Down
Loading

0 comments on commit e78f7df

Please sign in to comment.