add IAM AWS credential provider #1038
Conversation
balamurugana
force-pushed
the
add-iam-aws-credential-provider
branch
3 times, most recently
from
9cc7580 to
75aea94
Compare
balamurugana
force-pushed
the
add-iam-aws-credential-provider
branch
from
75aea94 to
42e5866
Compare
| } | ||
|
|
||
| HttpUrl url = this.customEndpoint; | ||
| if (getProperty("AWS_WEB_IDENTITY_TOKEN_FILE") != null) { |
There was a problem hiding this comment.
To making this call twice with same argument, we can save the output of thisgetProperty in a variable tokenFile and pass it as argument to getToken
There was a problem hiding this comment.
Moved to fetchCredentials(String tokenFile).
| if (url == null) { | ||
| String region = getProperty("AWS_REGION"); | ||
| url = | ||
| HttpUrl.parse( | ||
| (region == null) | ||
| ? "https://sts.amazonaws.com" | ||
| : "https://sts." + region + ".amazonaws.com"); | ||
| } | ||
|
|
||
| Provider provider = | ||
| new WebIdentityProvider( | ||
| () -> getToken(), | ||
| url.toString(), | ||
| null, | ||
| null, | ||
| getProperty("AWS_ROLE_ARN"), | ||
| getProperty("AWS_ROLE_SESSION_NAME"), | ||
| httpClient); | ||
| credentials = provider.fetch(); | ||
| return credentials; |
There was a problem hiding this comment.
Can be extracted out into a method fetchUsingAwsTokenFile
There was a problem hiding this comment.
Moved to fetchCredentials(String tokenFile).
| if (getProperty("AWS_CONTAINER_CREDENTIALS_RELATIVE_URI") != null) { | ||
| if (url == null) { | ||
| url = | ||
| new HttpUrl.Builder() | ||
| .scheme("http") | ||
| .host("169.254.170.2") | ||
| .addPathSegments(getProperty("AWS_CONTAINER_CREDENTIALS_RELATIVE_URI")) | ||
| .build(); | ||
| } | ||
| } else if (getProperty("AWS_CONTAINER_CREDENTIALS_FULL_URI") != null) { | ||
| if (url == null) { | ||
| url = HttpUrl.parse(getProperty("AWS_CONTAINER_CREDENTIALS_FULL_URI")); | ||
| } | ||
| checkLoopbackHost(url); | ||
| } else { | ||
| if (url == null) { | ||
| url = HttpUrl.parse("http://169.254.169.254/latest/meta-data/iam/security-credentials/"); | ||
| } else { | ||
| url = | ||
| new HttpUrl.Builder() | ||
| .scheme(url.scheme()) | ||
| .host(url.host()) | ||
| .addPathSegments("latest/meta-data/iam/security-credentials/") | ||
| .build(); | ||
| } |
There was a problem hiding this comment.
Can be extracted into a method getAwsCredentialsUrl
There was a problem hiding this comment.
Moved to getIamRoleNamedUrl()
| String[] roleNames = null; | ||
| try (Response response = | ||
| httpClient | ||
| .newCall(new Request.Builder().url(url).method("GET", null).build()) | ||
| .execute()) { | ||
| if (!response.isSuccessful()) { | ||
| throw new IllegalStateException(url + " failed with HTTP status code " + response.code()); | ||
| } | ||
|
|
||
| roleNames = response.body().string().split("\\R"); | ||
| } catch (IOException e) { | ||
| throw new IllegalStateException("Unable to parse response", e); | ||
| } | ||
|
|
||
| if (roleNames.length == 0) { | ||
| throw new IllegalStateException("No IAM roles attached to EC2 service " + url); | ||
| } |
There was a problem hiding this comment.
Can be extracted into a method getAwsRoleName
There was a problem hiding this comment.
Moved to getIamRoleName()
| try { | ||
| for (InetAddress addr : InetAddress.getAllByName(url.host())) { | ||
| if (!addr.isLoopbackAddress()) { | ||
| throw new IllegalArgumentException(url.host() + " is not loopback only host"); |
There was a problem hiding this comment.
Not sure if IllegalArgumentException is the right choice for all the exceptions in this class.
There was a problem hiding this comment.
Using IllegalStateException() now.
There was a problem hiding this comment.
Sorry I wrote this comment at the wrong place with the wrong exception name! I meant to say that I'm not sure if IllegalStateException makes sense for most of the exceptions in the class..
balamurugana
force-pushed
the
add-iam-aws-credential-provider
branch
from
1c5c1b2 to
2f3cd92
Compare
balamurugana
force-pushed
the
add-iam-aws-credential-provider
branch
from
2f3cd92 to
3454c1d
Compare
No description provided.