From b71f8f0b2bb2f101175edd79351cea6e18692efb Mon Sep 17 00:00:00 2001 From: Igor Volkov Date: Tue, 30 Jan 2024 19:31:12 +0200 Subject: [PATCH] Use S3 credentials from environment if set --- rdf-delta-server-extra/pom.xml | 7 ++ .../java/org/seaborne/delta/server/s3/S3.java | 25 +++++- .../s3/TestS3EnvironmentCredentials.java | 88 +++++++++++++++++++ 3 files changed, 116 insertions(+), 4 deletions(-) create mode 100644 rdf-delta-server-extra/src/test/java/org/seaborne/delta/server/s3/TestS3EnvironmentCredentials.java diff --git a/rdf-delta-server-extra/pom.xml b/rdf-delta-server-extra/pom.xml index 0ed1515a1..c855331f5 100644 --- a/rdf-delta-server-extra/pom.xml +++ b/rdf-delta-server-extra/pom.xml @@ -72,6 +72,13 @@ test + + uk.org.webcompere + system-stubs-junit4 + 2.1.3 + test + + org.slf4j diff --git a/rdf-delta-server-extra/src/main/java/org/seaborne/delta/server/s3/S3.java b/rdf-delta-server-extra/src/main/java/org/seaborne/delta/server/s3/S3.java index a3ddd9468..b9774cd70 100644 --- a/rdf-delta-server-extra/src/main/java/org/seaborne/delta/server/s3/S3.java +++ b/rdf-delta-server-extra/src/main/java/org/seaborne/delta/server/s3/S3.java @@ -24,9 +24,7 @@ import java.util.Properties; import com.amazonaws.AmazonServiceException; -import com.amazonaws.auth.AWSCredentialsProvider; -import com.amazonaws.auth.AWSStaticCredentialsProvider; -import com.amazonaws.auth.AnonymousAWSCredentials; +import com.amazonaws.auth.*; import com.amazonaws.auth.profile.ProfileCredentialsProvider; import com.amazonaws.client.builder.AwsClientBuilder.EndpointConfiguration; import com.amazonaws.services.s3.AmazonS3; @@ -90,7 +88,7 @@ public static AmazonS3 buildS3(LocalServerConfig configuration) { // Needed for S3mock builder.withPathStyleAccessEnabled(true); builder.withEndpointConfiguration(new EndpointConfiguration(endpoint, region)); - builder.withCredentials(new AWSStaticCredentialsProvider(new AnonymousAWSCredentials())); + builder.withCredentials(new EnvironmentVariableOrAnonymousCredentialsProvider()); } if ( credentialsFile != null ) builder.withCredentials(new ProfileCredentialsProvider(credentialsFile, credentialsProfile)); @@ -154,4 +152,23 @@ public Properties build() { return properties; } } + + private static class EnvironmentVariableOrAnonymousCredentialsProvider implements AWSCredentialsProvider { + + private final EnvironmentVariableCredentialsProvider delegate = new EnvironmentVariableCredentialsProvider(); + + @Override + public AWSCredentials getCredentials() { + try { + return delegate.getCredentials(); + } catch (Exception ignored) { + return new AnonymousAWSCredentials(); + } + } + + @Override + public void refresh() { + delegate.refresh(); + } + } } diff --git a/rdf-delta-server-extra/src/test/java/org/seaborne/delta/server/s3/TestS3EnvironmentCredentials.java b/rdf-delta-server-extra/src/test/java/org/seaborne/delta/server/s3/TestS3EnvironmentCredentials.java new file mode 100644 index 000000000..842ba0a76 --- /dev/null +++ b/rdf-delta-server-extra/src/test/java/org/seaborne/delta/server/s3/TestS3EnvironmentCredentials.java @@ -0,0 +1,88 @@ +package org.seaborne.delta.server.s3; + +import com.amazonaws.auth.*; +import com.amazonaws.services.s3.AmazonS3; +import org.junit.Rule; +import org.junit.Test; +import org.junit.rules.TestName; +import org.seaborne.delta.server.local.LocalServerConfig; +import uk.org.webcompere.systemstubs.rules.EnvironmentVariablesRule; + +import java.lang.reflect.Field; +import java.lang.reflect.UndeclaredThrowableException; + +import static org.junit.Assert.*; + +public class TestS3EnvironmentCredentials { + + @Rule + public TestName testName = new TestName(); + + @Rule + public EnvironmentVariablesRule environmentVariablesRule = new EnvironmentVariablesRule( + "AWS_ACCESS_KEY_ID", "key id", + "AWS_SECRET_KEY", "key value" + ); + + @Test + public void buildS3_environmentCredentials() { + S3Config cfg = S3Config.create() + .bucketName("test-bucket") + .region("us-east-1") + .endpoint("http://localhost:8080") + .build(); + LocalServerConfig config = S3.configZkS3("", cfg); + AmazonS3 aws = S3.buildS3(config); + + AWSCredentialsProvider provider = getCredentialsProvider(aws); + AWSCredentials credentials = provider.getCredentials(); + + assertTrue(credentials instanceof BasicAWSCredentials); + assertEquals("key id", credentials.getAWSAccessKeyId()); + assertEquals("key value", credentials.getAWSSecretKey()); + } + + @Test + public void buildS3_anonymousCredentials() { + environmentVariablesRule.set("AWS_ACCESS_KEY_ID", "", "AWS_SECRET_KEY", ""); + + S3Config cfg = S3Config.create() + .bucketName("test-bucket") + .region("us-east-1") + .endpoint("http://localhost:8080") + .build(); + LocalServerConfig config = S3.configZkS3("", cfg); + AmazonS3 aws = S3.buildS3(config); + + AWSCredentialsProvider provider = getCredentialsProvider(aws); + AWSCredentials credentials = provider.getCredentials(); + + assertTrue(credentials instanceof AnonymousAWSCredentials); + assertNull(credentials.getAWSAccessKeyId()); + assertNull(credentials.getAWSSecretKey()); + } + + @Test + public void buildS3_defaultCredentials() { + S3Config cfg = S3Config.create() + .bucketName("test-bucket") + .region("us-east-1") + .build(); + LocalServerConfig config = S3.configZkS3("", cfg); + AmazonS3 aws = S3.buildS3(config); + + AWSCredentialsProvider provider = getCredentialsProvider(aws); + assertTrue(provider instanceof DefaultAWSCredentialsProviderChain); + } + + private static AWSCredentialsProvider getCredentialsProvider(AmazonS3 s3) { + try { + Field field = s3.getClass().getDeclaredField("awsCredentialsProvider"); + field.setAccessible(true); + return (AWSCredentialsProvider) field.get(s3); + } catch (NoSuchFieldException | IllegalAccessException e) { + throw new UndeclaredThrowableException(e); + } + } + +}