Initial working version with AWS STSAssumeRoleSessionCredentialProvider

Nordstrom · Mar 1, 2019 · 0d1e9f3 · 0d1e9f3
1 parent f682ec0
commit 0d1e9f3
Show file tree

Hide file tree

Showing 9 changed files with 395 additions and 219 deletions.
diff --git a/.gitignore b/.gitignore
@@ -30,3 +30,7 @@ hs_err_pid*
 
 # maven-shade-plugin
 dependency-reduced-pom.xml
+
+# IntelliJ
+.idea
+*.iml
diff --git a/pom.xml b/pom.xml
@@ -22,7 +22,7 @@
   <groupId>com.nordstrom.kafka.connect.sqs</groupId>
   <artifactId>kafka-connect-sqs</artifactId>
   <name>Kafka Connect SQS Sink/Source Connector</name>
-  <version>1.0.0</version>
+  <version>1.1.0</version>
 
   <properties>
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
@@ -33,7 +33,6 @@
     <exec-maven-plugin.version>1.6.0</exec-maven-plugin.version>
     <junit.version>4.12</junit.version>
     <jacoco-maven-plugin.version>0.8.2</jacoco-maven-plugin.version>
-    <mockito-all.version>2.23.4</mockito-all.version>
     <maven-compiler-plugin.version>3.8.0</maven-compiler-plugin.version>
     <maven-failsafe-plugin.version>2.22.0</maven-failsafe-plugin.version>
     <maven-javadoc-plugin.version>3.0.1</maven-javadoc-plugin.version>
@@ -42,7 +41,7 @@
     <maven-surefire-plugin.version>2.22.1</maven-surefire-plugin.version>
     <maven-project-info-reports-plugin.version>3.0.0</maven-project-info-reports-plugin.version>
 
-    <aws.sdk.version>1.11.452</aws.sdk.version>
+    <aws-java-sdk.version>1.11.501</aws-java-sdk.version>
 
     <kafka.connect-api.version>2.1.0</kafka.connect-api.version>
   </properties>
@@ -60,12 +59,21 @@
         <version>${junit.version}</version>
         <scope>test</scope>
       </dependency>
-      <!-- <dependency>
-        <groupId>org.mockito</groupId>
-        <artifactId>mockito-core</artifactId>
-        <version>${mockito-all.version}</version>
-        <scope>test</scope>
-      </dependency> -->
+      <dependency>
+        <groupId>com.amazonaws</groupId>
+        <artifactId>aws-java-sdk-core</artifactId>
+        <version>${aws-java-sdk.version}</version>
+      </dependency>
+      <dependency>
+        <groupId>com.amazonaws</groupId>
+        <artifactId>aws-java-sdk-sqs</artifactId>
+        <version>${aws-java-sdk.version}</version>
+      </dependency>
+      <dependency>
+        <groupId>com.amazonaws</groupId>
+        <artifactId>aws-java-sdk-sts</artifactId>
+        <version>${aws-java-sdk.version}</version>
+      </dependency>
     </dependencies>
   </dependencyManagement>
 
@@ -74,25 +82,22 @@
       <groupId>org.apache.kafka</groupId>
       <artifactId>connect-api</artifactId>
     </dependency>
+    <dependency>
+      <groupId>com.amazonaws</groupId>
+      <artifactId>aws-java-sdk-core</artifactId>
+    </dependency>
     <dependency>
       <groupId>com.amazonaws</groupId>
       <artifactId>aws-java-sdk-sqs</artifactId>
-      <version>${aws.sdk.version}</version>
     </dependency>
-    <!-- https://mvnrepository.com/artifact/org.apache.commons/commons-lang3 -->
-    <!-- <dependency>
-      <groupId>org.apache.commons</groupId>
-      <artifactId>commons-lang3</artifactId>
-      <version>3.6</version>
-    </dependency> -->
+    <dependency>
+      <groupId>com.amazonaws</groupId>
+      <artifactId>aws-java-sdk-sts</artifactId>
+    </dependency>
     <dependency>
       <groupId>junit</groupId>
       <artifactId>junit</artifactId>
     </dependency>
-    <!-- <dependency>
-      <groupId>org.mockito</groupId>
-      <artifactId>mockito-core</artifactId>
-    </dependency> -->
   </dependencies>
 
   <build>

diff --git a/src/main/java/com/nordstrom/kafka/connect/auth/AWSAssumeRoleCredentialsProvider.java b/src/main/java/com/nordstrom/kafka/connect/auth/AWSAssumeRoleCredentialsProvider.java
@@ -0,0 +1,85 @@
+package com.nordstrom.kafka.connect.auth;
+
+import com.amazonaws.auth.AWSCredentials;
+import com.amazonaws.auth.AWSCredentialsProvider;
+import com.amazonaws.auth.STSAssumeRoleSessionCredentialsProvider;
+import com.amazonaws.services.securitytoken.AWSSecurityTokenServiceClientBuilder;
+import org.apache.kafka.common.Configurable;
+//import org.slf4j.Logger;
+//import org.slf4j.LoggerFactory;
+
+import java.util.Map;
+
+public class AWSAssumeRoleCredentialsProvider implements AWSCredentialsProvider, Configurable {
+  //NB: uncomment slf4j imports and field declaration to enable logging.
+//  private static final Logger log = LoggerFactory.getLogger(AWSAssumeRoleCredentialsProvider.class);
+
+  public static final String EXTERNAL_ID_CONFIG = "external.id";
+  public static final String ROLE_ARN_CONFIG = "role.arn";
+  public static final String SESSION_NAME_CONFIG = "session.name";
+
+  private String externalId;
+  private String roleArn;
+  private String sessionName;
+
+  @Override
+  public void configure(Map<String, ?> map) {
+    externalId = getOptionalField(map, EXTERNAL_ID_CONFIG);
+    roleArn = getRequiredField(map, ROLE_ARN_CONFIG);
+    sessionName = getRequiredField(map, SESSION_NAME_CONFIG);
+  }
+
+  @Override
+  public AWSCredentials getCredentials() {
+    AWSSecurityTokenServiceClientBuilder clientBuilder = AWSSecurityTokenServiceClientBuilder.standard();
+    AWSCredentialsProvider provider = new STSAssumeRoleSessionCredentialsProvider.Builder(roleArn, sessionName)
+        .withStsClient(clientBuilder.defaultClient())
+        .withExternalId(externalId)
+        .build();
+
+    return provider.getCredentials();
+  }
+
+  @Override
+  public void refresh() {
+    //Nothing to do really, since we are assuming a role.
+  }
+
+  private String getOptionalField(final Map<String, ?> map, final String fieldName) {
+    final Object field = map.get(fieldName);
+    if (isNotNull(field)) {
+      return field.toString();
+    }
+    return null;
+  }
+
+  private String getRequiredField(final Map<String, ?> map, final String fieldName) {
+    final Object field = map.get(fieldName);
+    verifyNotNull(field, fieldName);
+    final String fieldValue = field.toString();
+    verifyNotNullOrEmpty(fieldValue, fieldName);
+
+    return fieldValue;
+  }
+
+  private boolean isNotNull(final Object field) {
+    return null != field;
+  }
+
+  private boolean isNotNullOrEmpty(final String field) {
+    return null != field && !field.isEmpty();
+  }
+
+  private void verifyNotNull(final Object field, final String fieldName) {
+    if (!isNotNull(field)) {
+      throw new IllegalArgumentException(String.format("The field '%1s' should not be null", fieldName));
+    }
+  }
+
+  private void verifyNotNullOrEmpty(final String field, final String fieldName) {
+    if (!isNotNullOrEmpty(field)) {
+      throw new IllegalArgumentException(String.format("The field '%1s' should not be null or empty", fieldName));
+    }
+  }
+
+}