Added functionality to deploy using delegate role capability of AWS

.gitattributes

@@ -0,0 +1 @@
+* text eol=lf

.gitignore

@@ -1,3 +1,6 @@
 build
 .gradle
 .idea/workspace.xml
+
+bin
+.classpath

.project

@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<projectDescription>
+ <name>gradle-beanstalk-plugin</name>
+ <comment></comment>
+ <projects>
+ </projects>
+ <buildSpec>
+ <buildCommand>
+ <name>org.eclipse.jdt.core.javabuilder</name>
+ <arguments>
+ </arguments>
+ </buildCommand>
+ </buildSpec>
+ <natures>
+ <nature>org.springsource.ide.eclipse.gradle.core.nature</nature>
+ <nature>org.eclipse.jdt.core.javanature</nature>
+ </natures>
+</projectDescription>

.settings/gradle/org.springsource.ide.eclipse.gradle.core.prefs

@@ -0,0 +1,4 @@
+#org.springsource.ide.eclipse.gradle.core.preferences.GradleProjectPreferences
+#Thu Sep 10 10:34:28 CEST 2015
+org.springsource.ide.eclipse.gradle.linkedresources=
+org.springsource.ide.eclipse.gradle.rootprojectloc=

.settings/org.eclipse.jdt.core.prefs

@@ -0,0 +1,13 @@
+#
+#Tue Sep 29 11:55:12 CEST 2015
+org.eclipse.jdt.core.compiler.debug.localVariable=generate
+org.eclipse.jdt.core.compiler.compliance=1.7
+org.eclipse.jdt.core.compiler.codegen.unusedLocal=preserve
+org.eclipse.jdt.core.compiler.debug.sourceFile=generate
+org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.7
+org.eclipse.jdt.core.compiler.problem.enumIdentifier=error
+org.eclipse.jdt.core.compiler.debug.lineNumber=generate
+eclipse.preferences.version=1
+org.eclipse.jdt.core.compiler.codegen.inlineJsrBytecode=enabled
+org.eclipse.jdt.core.compiler.source=1.7
+org.eclipse.jdt.core.compiler.problem.assertIdentifier=error

build.gradle

@@ -2,10 +2,33 @@ plugins {
  id "com.gradle.plugin-publish" version "0.9.1"
 }
 
+apply plugin: 'maven'
 apply plugin: 'java-gradle-plugin'
-
+apply plugin: 'eclipse'
+
+def env = System.getenv()
+def nexusUser = env['nexusUser']
+def nexusPassword = env['nexusPassword']
 repositories {
  jcenter()
+ mavenLocal()
+ mavenCentral()
+ maven { url "https://repo.spring.io/libs-release" }
+ maven { url = "http://nexus.ebgroup.elektrobit.com:8080/nexus/content/groups/public/" }
+ maven {
+ url = "http://nexus.ebgroup.elektrobit.com:8080/nexus/content/repositories/accelera.snapshots/"
+ credentials {
+ username nexusUser
+ password nexusPassword
+ }
+ }
+ maven {
+ url = "http://nexus.ebgroup.elektrobit.com:8080/nexus/content/repositories/accelera.releases/"
+ credentials {
+ username nexusUser
+ password nexusPassword
+ }
+ }
 }
 
 ext {
@@ -15,10 +38,12 @@ ext {
 dependencies {
  compile "com.amazonaws:aws-java-sdk-elasticbeanstalk:$awsApiVersion"
  compile "com.amazonaws:aws-java-sdk-s3:$awsApiVersion"
+ compile "com.amazonaws:aws-java-sdk-core:$awsApiVersion"
+ compile "com.amazonaws:aws-java-sdk-sts:$awsApiVersion"
 }
 
-group = 'fi.evident.gradle.beanstalk'
-version '0.0.6'
+group = 'com.elektrobit.odin'
+version '0.0.65'
 
 pluginBundle {
  website = 'https://github.com/EvidentSolutions/gradle-beanstalk-plugin'
@@ -33,3 +58,14 @@ pluginBundle {
  }
  }
 }
+
+uploadArchives {
+ repositories.mavenDeployer {
+ repository(url : "http://nexus.ebgroup.elektrobit.com:8080/nexus/content/repositories/con.releases/"){
+ authentication(userName: nexusUser, password: nexusPassword)
+ }
+ snapshotRepository(url : "http://nexus.ebgroup.elektrobit.com:8080/nexus/content/repositories/con.snapshots/"){
+ authentication(userName: nexusUser, password: nexusPassword)
+ }
+ }
+}

src/main/java/fi/evident/gradle/beanstalk/BeanstalkDeployer.java

@@ -6,6 +6,7 @@
 import com.amazonaws.services.elasticbeanstalk.model.*;
 import com.amazonaws.services.s3.AmazonS3;
 import com.amazonaws.services.s3.AmazonS3Client;
+
 import org.joda.time.Instant;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;

src/main/java/fi/evident/gradle/beanstalk/BeanstalkDeployment.java

@@ -7,7 +7,11 @@ public class BeanstalkDeployment {
  private String environment;
  private String template = "default";
  private Object war;
-
+ private String account;
+ private String arnRole;
+ private String s3Endpoint;
+ private String beanstalkEndpoint;
+
  public BeanstalkDeployment(String name) {
  this.name = name;
  }
@@ -47,4 +51,36 @@ public Object getWar() {
  public void setWar(Object war) {
  this.war = war;
  }
+
+ public String getAccount() {
+ return account;
+ }
+
+ public void setAccount(String account) {
+ this.account = account;
+ }
+
+ public String getArnRole() {
+ return arnRole;
+ }
+
+ public void setArnRole(String arnRole) {
+ this.arnRole = arnRole;
+ }
+
+ public String getS3Endpoint() {
+ return s3Endpoint;
+ }
+
+ public void setS3Endpoint(String s3Endpoint) {
+ this.s3Endpoint = s3Endpoint;
+ }
+
+ public String getBeanstalkEndpoint() {
+ return beanstalkEndpoint;
+ }
+
+ public void setBeanstalkEndpoint(String beanstalkEndpoint) {
+ this.beanstalkEndpoint = beanstalkEndpoint;
+ }
 }

src/main/java/fi/evident/gradle/beanstalk/CredentialUtility.java

@@ -0,0 +1,34 @@
+package fi.evident.gradle.beanstalk;
+
+import com.amazonaws.auth.AWSCredentials;
+import com.amazonaws.auth.AWSCredentialsProviderChain;
+import com.amazonaws.auth.BasicSessionCredentials;
+import com.amazonaws.auth.ClasspathPropertiesFileCredentialsProvider;
+import com.amazonaws.auth.EnvironmentVariableCredentialsProvider;
+import com.amazonaws.auth.InstanceProfileCredentialsProvider;
+import com.amazonaws.auth.SystemPropertiesCredentialsProvider;
+import com.amazonaws.auth.profile.ProfileCredentialsProvider;
+import com.amazonaws.internal.StaticCredentialsProvider;
+import com.amazonaws.services.securitytoken.AWSSecurityTokenServiceClient;
+import com.amazonaws.services.securitytoken.model.AssumeRoleRequest;
+import com.amazonaws.services.securitytoken.model.AssumeRoleResult;
+import com.amazonaws.services.securitytoken.model.Credentials;
+
+public class CredentialUtility {
+ private static final String DEFAULT = "default";
+
+ public static StaticCredentialsProvider getAssumeRoleCredentials(String arnRole, String sessionName) {
+ AWSCredentialsProviderChain awsCredentialsProvider = new AWSCredentialsProviderChain(new ClasspathPropertiesFileCredentialsProvider(), new EnvironmentVariableCredentialsProvider(), new SystemPropertiesCredentialsProvider(), new InstanceProfileCredentialsProvider(), new ProfileCredentialsProvider(DEFAULT));
+ AWSCredentials defaultCredentials = awsCredentialsProvider.getCredentials();
+ System.out.println(defaultCredentials.getAWSAccessKeyId());
+ return CredentialUtility.getSessionCredentialsForRole(arnRole, sessionName, defaultCredentials);
+ }
+
+ public static StaticCredentialsProvider getSessionCredentialsForRole(String arnRole, String sessionName, AWSCredentials awsCredentials) {
+ AWSSecurityTokenServiceClient stsClient = new AWSSecurityTokenServiceClient(awsCredentials);
+ AssumeRoleRequest assumeRequest = new AssumeRoleRequest().withRoleArn(arnRole).withDurationSeconds(3600).withRoleSessionName(sessionName);
+ AssumeRoleResult assumeResult = stsClient.assumeRole(assumeRequest);
+ Credentials credentials = assumeResult.getCredentials();
+ return new StaticCredentialsProvider(new BasicSessionCredentials(credentials.getAccessKeyId(), credentials.getSecretAccessKey(), credentials.getSessionToken()));
+ }
+}

src/main/java/fi/evident/gradle/beanstalk/DeployTask.java

@@ -1,12 +1,16 @@
 package fi.evident.gradle.beanstalk;
 
+import com.amazonaws.auth.AWSCredentialsProvider;
 import com.amazonaws.auth.AWSCredentialsProviderChain;
 import com.amazonaws.auth.EnvironmentVariableCredentialsProvider;
 import com.amazonaws.auth.SystemPropertiesCredentialsProvider;
 import com.amazonaws.auth.profile.ProfileCredentialsProvider;
+
 import org.gradle.api.DefaultTask;
 import org.gradle.api.tasks.InputFiles;
 import org.gradle.api.tasks.TaskAction;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 
 import java.io.File;
 import java.text.SimpleDateFormat;
@@ -18,18 +22,24 @@ public class DeployTask extends DefaultTask {
  private BeanstalkDeployment deployment;
  private Object war;
 
+ private static final Logger log = LoggerFactory.getLogger(DeployTask.class);
  @TaskAction
  protected void deploy() {
  String versionLabel = getProject().getVersion().toString();
  if (versionLabel.endsWith("-SNAPSHOT")) {
  String timeLabel = new SimpleDateFormat("yyyyMMdd'.'HHmmss").format(new Date());
  versionLabel = versionLabel.replace("SNAPSHOT", timeLabel); // Append time to get unique version label
  }
-
- AWSCredentialsProviderChain credentialsProvider = new AWSCredentialsProviderChain(new EnvironmentVariableCredentialsProvider(), new SystemPropertiesCredentialsProvider(), new ProfileCredentialsProvider(beanstalk.getProfile()));
-
- BeanstalkDeployer deployer = new BeanstalkDeployer(beanstalk.getS3Endpoint(), beanstalk.getBeanstalkEndpoint(), credentialsProvider);
-
+ AWSCredentialsProvider credentialsProvider;
+ if (deployment.getAccount()==null || deployment.getAccount().isEmpty()) {
+ credentialsProvider = new AWSCredentialsProviderChain(new EnvironmentVariableCredentialsProvider(), new SystemPropertiesCredentialsProvider(), new ProfileCredentialsProvider(beanstalk.getProfile()));
+ }else{
+ credentialsProvider = CredentialUtility.getAssumeRoleCredentials(deployment.getArnRole(), deployment.getAccount());
+ log.info("Obtained credentials using arnRole {} for account {}", deployment.getArnRole() , deployment.getAccount());
+ }
+ String s3Endpoint = Utilities.coalesce(deployment.getS3Endpoint(),beanstalk.getS3Endpoint());
+ String beanstalkEndpoint =Utilities.coalesce(deployment.getBeanstalkEndpoint(),beanstalk.getBeanstalkEndpoint());
+ BeanstalkDeployer deployer = new BeanstalkDeployer(s3Endpoint, beanstalkEndpoint, credentialsProvider);
  File warFile = getProject().files(war).getSingleFile();
  deployer.deploy(warFile, deployment.getApplication(), deployment.getEnvironment(), deployment.getTemplate(), versionLabel);
  }

src/main/java/fi/evident/gradle/beanstalk/Utilities.java

@@ -0,0 +1,12 @@
+package fi.evident.gradle.beanstalk;
+
+public class Utilities {
+ public static String coalesce(String... items) {
+ for (String i : items) {
+ if (i != null) {
+ return i;
+ }
+ }
+ return null;
+ }
+}