diff --git a/data-prepper-plugins/aws-plugin-api/src/main/java/org/opensearch/dataprepper/aws/api/AwsCredentialsOptions.java b/data-prepper-plugins/aws-plugin-api/src/main/java/org/opensearch/dataprepper/aws/api/AwsCredentialsOptions.java index f0be710968..1c0baea3bd 100644 --- a/data-prepper-plugins/aws-plugin-api/src/main/java/org/opensearch/dataprepper/aws/api/AwsCredentialsOptions.java +++ b/data-prepper-plugins/aws-plugin-api/src/main/java/org/opensearch/dataprepper/aws/api/AwsCredentialsOptions.java @@ -16,16 +16,20 @@ */ public class AwsCredentialsOptions { private static final AwsCredentialsOptions DEFAULT_OPTIONS = new AwsCredentialsOptions(); + private static final AwsCredentialsOptions DEFAULT_OPTIONS_WITH_DEFAULT_CREDS_PROVIDER = + AwsCredentialsOptions.builder().withUseDefaultCredentialsProvider(true).build(); private final String stsRoleArn; private final String stsExternalId; private final Region region; private final Map stsHeaderOverrides; + private final boolean useDefaultCredentialsProvider; private AwsCredentialsOptions(final Builder builder) { this.stsRoleArn = builder.stsRoleArn; this.stsExternalId = builder.stsExternalId; this.region = builder.region; this.stsHeaderOverrides = builder.stsHeaderOverrides != null ? new HashMap<>(builder.stsHeaderOverrides) : Collections.emptyMap(); + this.useDefaultCredentialsProvider = builder.useDefaultCredentialsProvider; } private AwsCredentialsOptions() { @@ -33,6 +37,7 @@ private AwsCredentialsOptions() { this.stsExternalId = null; this.region = null; this.stsHeaderOverrides = Collections.emptyMap(); + this.useDefaultCredentialsProvider = false; } /** @@ -49,6 +54,10 @@ public static AwsCredentialsOptions defaultOptions() { return DEFAULT_OPTIONS; } + public static AwsCredentialsOptions defaultOptionsWithDefaultCredentialsProvider() { + return DEFAULT_OPTIONS_WITH_DEFAULT_CREDS_PROVIDER; + } + public String getStsRoleArn() { return stsRoleArn; } @@ -65,6 +74,10 @@ public Map getStsHeaderOverrides() { return stsHeaderOverrides; } + public boolean isUseDefaultCredentialsProvider() { + return useDefaultCredentialsProvider; + } + /** * Builder class for {@link AwsCredentialsOptions}. */ @@ -73,6 +86,7 @@ public static class Builder { private String stsExternalId; private Region region; private Map stsHeaderOverrides = Collections.emptyMap(); + private boolean useDefaultCredentialsProvider = false; /** * Sets the STS role ARN to use. @@ -122,6 +136,17 @@ public Builder withStsHeaderOverrides(final Map stsHeaderOverrid return this; } + /** + * Configures whether to use default credentials. + * + * @param useDefaultCredentialsProvider + * @return The {@link Builder} for continuing to build + */ + public Builder withUseDefaultCredentialsProvider(final boolean useDefaultCredentialsProvider) { + this.useDefaultCredentialsProvider = useDefaultCredentialsProvider; + return this; + } + /** * Builds the {@link AwsCredentialsOptions}. * diff --git a/data-prepper-plugins/aws-plugin-api/src/test/java/org/opensearch/dataprepper/aws/api/AwsCredentialsOptionsTest.java b/data-prepper-plugins/aws-plugin-api/src/test/java/org/opensearch/dataprepper/aws/api/AwsCredentialsOptionsTest.java index 5f4200069e..c30ef133fc 100644 --- a/data-prepper-plugins/aws-plugin-api/src/test/java/org/opensearch/dataprepper/aws/api/AwsCredentialsOptionsTest.java +++ b/data-prepper-plugins/aws-plugin-api/src/test/java/org/opensearch/dataprepper/aws/api/AwsCredentialsOptionsTest.java @@ -19,6 +19,7 @@ import static org.hamcrest.CoreMatchers.nullValue; import static org.hamcrest.CoreMatchers.sameInstance; import static org.hamcrest.MatcherAssert.assertThat; +import static org.junit.jupiter.api.Assertions.assertTrue; class AwsCredentialsOptionsTest { @Test @@ -150,4 +151,21 @@ void defaultOptions_returns_same_instance_on_multiple_calls() { assertThat(AwsCredentialsOptions.defaultOptions(), sameInstance(AwsCredentialsOptions.defaultOptions())); } + + + @Test + void with_DefaultRole() { + final AwsCredentialsOptions awsCredentialsOptionsWithDefaultCredentialsProvider + = AwsCredentialsOptions.defaultOptionsWithDefaultCredentialsProvider(); + + assertThat(awsCredentialsOptionsWithDefaultCredentialsProvider, notNullValue()); + assertThat(awsCredentialsOptionsWithDefaultCredentialsProvider.getStsRoleArn(), nullValue()); + assertTrue(awsCredentialsOptionsWithDefaultCredentialsProvider.isUseDefaultCredentialsProvider()); + } + + @Test + void defaultCredentialsOptions_returns_same_instance_on_multiple_calls() { + assertThat(AwsCredentialsOptions.defaultOptionsWithDefaultCredentialsProvider(), + sameInstance(AwsCredentialsOptions.defaultOptionsWithDefaultCredentialsProvider())); + } } \ No newline at end of file diff --git a/data-prepper-plugins/aws-plugin/src/main/java/org/opensearch/dataprepper/plugins/aws/CredentialsProviderFactory.java b/data-prepper-plugins/aws-plugin/src/main/java/org/opensearch/dataprepper/plugins/aws/CredentialsProviderFactory.java index 222051beab..5d014998d2 100644 --- a/data-prepper-plugins/aws-plugin/src/main/java/org/opensearch/dataprepper/plugins/aws/CredentialsProviderFactory.java +++ b/data-prepper-plugins/aws-plugin/src/main/java/org/opensearch/dataprepper/plugins/aws/CredentialsProviderFactory.java @@ -50,6 +50,10 @@ Region getDefaultRegion() { AwsCredentialsProvider providerFromOptions(final AwsCredentialsOptions credentialsOptions) { Objects.requireNonNull(credentialsOptions); + if (credentialsOptions.isUseDefaultCredentialsProvider()) { + return DefaultCredentialsProvider.create(); + } + if(credentialsOptions.getStsRoleArn() != null || defaultStsConfiguration.getAwsStsRoleArn() != null) { return createStsCredentials(credentialsOptions); } diff --git a/data-prepper-plugins/aws-plugin/src/test/java/org/opensearch/dataprepper/plugins/aws/AwsPluginIT.java b/data-prepper-plugins/aws-plugin/src/test/java/org/opensearch/dataprepper/plugins/aws/AwsPluginIT.java index a1e81198c6..d2daa7545e 100644 --- a/data-prepper-plugins/aws-plugin/src/test/java/org/opensearch/dataprepper/plugins/aws/AwsPluginIT.java +++ b/data-prepper-plugins/aws-plugin/src/test/java/org/opensearch/dataprepper/plugins/aws/AwsPluginIT.java @@ -157,6 +157,42 @@ void test_AwsPlugin_without_STS_role_and_with_default_role_uses_default_role() { assertThat(awsCredentialsProvider2, sameInstance(awsCredentialsProvider1)); } + @Test + void test_AwsPlugin_without_STS_role_and_without_default_role_uses_default_role() { + + createObjectUnderTest().apply(extensionPoints); + + final ArgumentCaptor> extensionProviderArgumentCaptor = ArgumentCaptor.forClass(ExtensionProvider.class); + verify(extensionPoints).addExtensionProvider(extensionProviderArgumentCaptor.capture()); + + final ExtensionProvider extensionProvider = extensionProviderArgumentCaptor.getValue(); + + final Optional optionalSupplier = extensionProvider.provideInstance(context); + assertThat(optionalSupplier, notNullValue()); + assertThat(optionalSupplier.isPresent(), equalTo(true)); + + final AwsCredentialsSupplier awsCredentialsSupplier = optionalSupplier.get(); + + final AwsCredentialsOptions awsCredentialsOptions1 = AwsCredentialsOptions.builder() + .withRegion(Region.US_EAST_1) + .withUseDefaultCredentialsProvider(true) + .build(); + + final AwsCredentialsProvider awsCredentialsProvider1 = awsCredentialsSupplier.getProvider(awsCredentialsOptions1); + + assertThat(awsCredentialsProvider1, instanceOf(DefaultCredentialsProvider.class)); + + final AwsCredentialsOptions awsCredentialsOptions2 = AwsCredentialsOptions.builder() + .withRegion(Region.US_EAST_1) + .withUseDefaultCredentialsProvider(true) + .build(); + + final AwsCredentialsProvider awsCredentialsProvider2 = awsCredentialsSupplier.getProvider(awsCredentialsOptions2); + + assertThat(awsCredentialsProvider2, instanceOf(DefaultCredentialsProvider.class)); + assertThat(awsCredentialsProvider2, sameInstance(awsCredentialsProvider1)); + } + private String createStsRole() { return String.format("arn:aws:iam::123456789012:role/%s", UUID.randomUUID()); } diff --git a/data-prepper-plugins/kinesis-source/src/main/java/org/opensearch/dataprepper/plugins/kinesis/source/KinesisClientFactory.java b/data-prepper-plugins/kinesis-source/src/main/java/org/opensearch/dataprepper/plugins/kinesis/source/KinesisClientFactory.java index 8f3bac38aa..9398f208e1 100644 --- a/data-prepper-plugins/kinesis-source/src/main/java/org/opensearch/dataprepper/plugins/kinesis/source/KinesisClientFactory.java +++ b/data-prepper-plugins/kinesis-source/src/main/java/org/opensearch/dataprepper/plugins/kinesis/source/KinesisClientFactory.java @@ -33,7 +33,8 @@ public KinesisClientFactory(final AwsCredentialsSupplier awsCredentialsSupplier, .withStsExternalId(awsAuthenticationConfig.getAwsStsExternalId()) .withStsHeaderOverrides(awsAuthenticationConfig.getAwsStsHeaderOverrides()) .build()); - defaultCredentialsProvider = awsCredentialsSupplier.getProvider(AwsCredentialsOptions.defaultOptions()); + defaultCredentialsProvider = awsCredentialsSupplier.getProvider( + AwsCredentialsOptions.defaultOptionsWithDefaultCredentialsProvider()); this.awsAuthenticationConfig = awsAuthenticationConfig; }