diff options
author | Morten Tokle <mortent@verizonmedia.com> | 2021-01-29 15:28:39 +0100 |
---|---|---|
committer | Morten Tokle <mortent@verizonmedia.com> | 2021-01-29 15:28:39 +0100 |
commit | f7bc3a80401a3fa17576c17812c4fbbd52733ad7 (patch) | |
tree | fe9554a67d8303b50207127145ba876ed67fc343 /jdisc-cloud-aws | |
parent | a10226d93f97bc0eac3eb0366d596aaf8f748534 (diff) |
Read IAM session credentials from file
Diffstat (limited to 'jdisc-cloud-aws')
-rw-r--r-- | jdisc-cloud-aws/src/main/java/com/yahoo/jdisc/cloud/aws/VespaAwsCredentialsProvider.java | 29 |
1 files changed, 23 insertions, 6 deletions
diff --git a/jdisc-cloud-aws/src/main/java/com/yahoo/jdisc/cloud/aws/VespaAwsCredentialsProvider.java b/jdisc-cloud-aws/src/main/java/com/yahoo/jdisc/cloud/aws/VespaAwsCredentialsProvider.java index 6223f19d6de..a50d40736a8 100644 --- a/jdisc-cloud-aws/src/main/java/com/yahoo/jdisc/cloud/aws/VespaAwsCredentialsProvider.java +++ b/jdisc-cloud-aws/src/main/java/com/yahoo/jdisc/cloud/aws/VespaAwsCredentialsProvider.java @@ -4,14 +4,20 @@ package com.yahoo.jdisc.cloud.aws; import com.amazonaws.auth.AWSCredentials; import com.amazonaws.auth.AWSCredentialsProvider; -import com.amazonaws.auth.PropertiesCredentials; - +import com.amazonaws.auth.AWSSessionCredentials; +import com.amazonaws.auth.BasicSessionCredentials; +import com.yahoo.slime.Cursor; +import com.yahoo.slime.Slime; +import com.yahoo.slime.SlimeUtils; + +import java.io.IOException; +import java.nio.file.Files; import java.nio.file.Path; import java.util.concurrent.atomic.AtomicReference; public class VespaAwsCredentialsProvider implements AWSCredentialsProvider { - private static final String DEFAULT_CREDENTIALS_PATH = "/opt/vespa/var/container-data/opt/vespa/conf/credentials.properties"; + private static final String DEFAULT_CREDENTIALS_PATH = "/opt/vespa/var/container-data/opt/vespa/conf/vespa/credentials.json"; private final AtomicReference<AWSCredentials> credentials = new AtomicReference<>(); private final Path credentialsPath; @@ -29,11 +35,22 @@ public class VespaAwsCredentialsProvider implements AWSCredentialsProvider { @Override public void refresh() { try { - // TODO : implement reading from json file - PropertiesCredentials propertiesCredentials = new PropertiesCredentials(this.credentialsPath.toFile()); - credentials.set(propertiesCredentials); + credentials.set(readCredentials()); } catch (Exception e) { throw new RuntimeException("Unable to get credentials in " + credentialsPath.toString(), e); } } + + private AWSSessionCredentials readCredentials() { + try { + Slime slime = SlimeUtils.jsonToSlime(Files.readAllBytes(credentialsPath)); + Cursor cursor = slime.get(); + String accessKey = cursor.field("awsAccessKey").asString(); + String secretKey = cursor.field("awsSecretKey").asString(); + String sessionToken = cursor.field("sessionToken").asString(); + return new BasicSessionCredentials(accessKey, secretKey, sessionToken); + } catch (IOException e) { + throw new RuntimeException(e); + } + } } |