-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[ALS-7539] - Get rid of super complex self refreshing client
- Loading branch information
1 parent
0b7e349
commit daf9d4a
Showing
10 changed files
with
277 additions
and
177 deletions.
There are no files selected for viewing
93 changes: 93 additions & 0 deletions
93
uploader/src/main/java/edu/harvard/dbmi/avillach/dataupload/aws/AWSClientBuilder.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,93 @@ | ||
package edu.harvard.dbmi.avillach.dataupload.aws; | ||
|
||
import org.slf4j.Logger; | ||
import org.slf4j.LoggerFactory; | ||
import org.springframework.beans.factory.annotation.Autowired; | ||
import org.springframework.context.annotation.Profile; | ||
import org.springframework.stereotype.Service; | ||
import software.amazon.awssdk.auth.credentials.AwsSessionCredentials; | ||
import software.amazon.awssdk.auth.credentials.StaticCredentialsProvider; | ||
import software.amazon.awssdk.http.SdkHttpClient; | ||
import software.amazon.awssdk.services.s3.S3Client; | ||
import software.amazon.awssdk.services.s3.S3ClientBuilder; | ||
import software.amazon.awssdk.services.sts.model.AssumeRoleRequest; | ||
import software.amazon.awssdk.services.sts.model.AssumeRoleResponse; | ||
import software.amazon.awssdk.services.sts.model.Credentials; | ||
|
||
import java.util.Map; | ||
import java.util.Optional; | ||
|
||
@Profile("!dev") | ||
@Service | ||
public class AWSClientBuilder { | ||
|
||
private static final Logger log = LoggerFactory.getLogger(AWSClientBuilder.class); | ||
|
||
private final Map<String, SiteAWSInfo> sites; | ||
private final StsClientProvider stsClientProvider; | ||
private final S3ClientBuilder s3ClientBuilder; | ||
private final SdkHttpClient sdkHttpClient; | ||
|
||
@Autowired | ||
public AWSClientBuilder( | ||
Map<String, SiteAWSInfo> sites, | ||
StsClientProvider stsClientProvider, | ||
S3ClientBuilder s3ClientBuilder, | ||
@Autowired(required = false) SdkHttpClient sdkHttpClient | ||
) { | ||
this.sites = sites; | ||
this.stsClientProvider = stsClientProvider; | ||
this.s3ClientBuilder = s3ClientBuilder; | ||
this.sdkHttpClient = sdkHttpClient; | ||
} | ||
|
||
public Optional<S3Client> buildClientForSite(String siteName) { | ||
log.info("Building client for site {}", siteName); | ||
if (!sites.containsKey(siteName)) { | ||
log.warn("Could not find site {}", siteName); | ||
return Optional.empty(); | ||
} | ||
|
||
log.info("Found site, making assume role request"); | ||
SiteAWSInfo site = sites.get(siteName); | ||
AssumeRoleRequest roleRequest = AssumeRoleRequest.builder() | ||
.roleArn(site.roleARN()) | ||
.roleSessionName("test_session" + System.nanoTime()) | ||
.externalId(site.externalId()) | ||
.durationSeconds(60*60) // 1 hour | ||
.build(); | ||
Optional<Credentials> assumeRoleResponse = stsClientProvider.createClient() | ||
.map(c -> c.assumeRole(roleRequest)) | ||
.map(AssumeRoleResponse::credentials); | ||
if (assumeRoleResponse.isEmpty() ) { | ||
log.error("Error assuming role {} , no credentials returned", site.roleARN()); | ||
return Optional.empty(); | ||
} | ||
log.info("Successfully assumed role {} for site {}", site.roleARN(), site.siteName()); | ||
|
||
log.info("Building S3 client for site {}", site.siteName()); | ||
// Use the credentials from the role to create the S3 client | ||
Credentials credentials = assumeRoleResponse.get(); | ||
AwsSessionCredentials sessionCredentials = AwsSessionCredentials.builder() | ||
.accessKeyId(credentials.accessKeyId()) | ||
.secretAccessKey(credentials.secretAccessKey()) | ||
.sessionToken(credentials.sessionToken()) | ||
.expirationTime(credentials.expiration()) | ||
.build(); | ||
StaticCredentialsProvider provider = StaticCredentialsProvider.create(sessionCredentials); | ||
return Optional.of(buildFromProvider(provider)); | ||
} | ||
|
||
private S3Client buildFromProvider(StaticCredentialsProvider provider) { | ||
if (sdkHttpClient == null) { | ||
return s3ClientBuilder.credentialsProvider(provider).build(); | ||
} | ||
log.info("Http proxy detected and added to S3 client"); | ||
return s3ClientBuilder | ||
.credentialsProvider(provider) | ||
.httpClient(sdkHttpClient) | ||
.build(); | ||
|
||
} | ||
|
||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
159 changes: 0 additions & 159 deletions
159
uploader/src/main/java/edu/harvard/dbmi/avillach/dataupload/aws/SelfRefreshingS3Client.java
This file was deleted.
Oops, something went wrong.
20 changes: 20 additions & 0 deletions
20
uploader/src/main/java/edu/harvard/dbmi/avillach/dataupload/aws/StsClientProvider.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,20 @@ | ||
package edu.harvard.dbmi.avillach.dataupload.aws; | ||
|
||
import org.slf4j.Logger; | ||
import org.slf4j.LoggerFactory; | ||
import org.springframework.stereotype.Service; | ||
import software.amazon.awssdk.regions.Region; | ||
import software.amazon.awssdk.services.sts.StsClient; | ||
|
||
import java.util.Optional; | ||
|
||
@Service | ||
public class StsClientProvider { | ||
|
||
private static final Logger log = LoggerFactory.getLogger(StsClientProvider.class); | ||
|
||
public Optional<StsClient> createClient() { | ||
StsClient client = StsClient.builder().region(Region.US_EAST_1).build(); | ||
return Optional.of(client); | ||
} | ||
} |
Oops, something went wrong.