Read IAM session credentials from file

author: Morten Tokle <mortent@verizonmedia.com> 2021-01-29 15:28:39 +0100
committer: Morten Tokle <mortent@verizonmedia.com> 2021-01-29 15:28:39 +0100
commit: f7bc3a80401a3fa17576c17812c4fbbd52733ad7 (patch)
tree: fe9554a67d8303b50207127145ba876ed67fc343 /jdisc-cloud-aws
parent: a10226d93f97bc0eac3eb0366d596aaf8f748534 (diff)
1 files changed, 23 insertions, 6 deletions
diff --git a/jdisc-cloud-aws/src/main/java/com/yahoo/jdisc/cloud/aws/VespaAwsCredentialsProvider.java b/jdisc-cloud-aws/src/main/java/com/yahoo/jdisc/cloud/aws/VespaAwsCredentialsProvider.java
index 6223f19d6de..a50d40736a8 100644
--- a/jdisc-cloud-aws/src/main/java/com/yahoo/jdisc/cloud/aws/VespaAwsCredentialsProvider.java
+++ b/jdisc-cloud-aws/src/main/java/com/yahoo/jdisc/cloud/aws/VespaAwsCredentialsProvider.java
@@ -4,14 +4,20 @@ package com.yahoo.jdisc.cloud.aws;
 
 import com.amazonaws.auth.AWSCredentials;
 import com.amazonaws.auth.AWSCredentialsProvider;
-import com.amazonaws.auth.PropertiesCredentials;
-
+import com.amazonaws.auth.AWSSessionCredentials;
+import com.amazonaws.auth.BasicSessionCredentials;
+import com.yahoo.slime.Cursor;
+import com.yahoo.slime.Slime;
+import com.yahoo.slime.SlimeUtils;
+
+import java.io.IOException;
+import java.nio.file.Files;
 import java.nio.file.Path;
 import java.util.concurrent.atomic.AtomicReference;
 
 public class VespaAwsCredentialsProvider implements AWSCredentialsProvider {
 
-    private static final String DEFAULT_CREDENTIALS_PATH = "/opt/vespa/var/container-data/opt/vespa/conf/credentials.properties";
+    private static final String DEFAULT_CREDENTIALS_PATH = "/opt/vespa/var/container-data/opt/vespa/conf/vespa/credentials.json";
 
     private final AtomicReference<AWSCredentials> credentials = new AtomicReference<>();
     private final Path credentialsPath;
@@ -29,11 +35,22 @@ public class VespaAwsCredentialsProvider implements AWSCredentialsProvider {
     @Override
     public void refresh() {
         try {
-            // TODO : implement reading from json file
-            PropertiesCredentials propertiesCredentials = new PropertiesCredentials(this.credentialsPath.toFile());
-            credentials.set(propertiesCredentials);
+            credentials.set(readCredentials());
         } catch (Exception e) {
             throw new RuntimeException("Unable to get credentials in " + credentialsPath.toString(), e);
         }
     }
+
+    private AWSSessionCredentials readCredentials() {
+        try {
+            Slime slime = SlimeUtils.jsonToSlime(Files.readAllBytes(credentialsPath));
+            Cursor cursor = slime.get();
+            String accessKey = cursor.field("awsAccessKey").asString();
+            String secretKey = cursor.field("awsSecretKey").asString();
+            String sessionToken = cursor.field("sessionToken").asString();
+            return new BasicSessionCredentials(accessKey, secretKey, sessionToken);
+        } catch (IOException e) {
+            throw new RuntimeException(e);
+        }
+    }
 }
author	Morten Tokle <mortent@verizonmedia.com>	2021-01-29 15:28:39 +0100
committer	Morten Tokle <mortent@verizonmedia.com>	2021-01-29 15:28:39 +0100
commit	f7bc3a80401a3fa17576c17812c4fbbd52733ad7 (patch)
tree	fe9554a67d8303b50207127145ba876ed67fc343 /jdisc-cloud-aws
parent	a10226d93f97bc0eac3eb0366d596aaf8f748534 (diff)