Merge pull request #127 from rundeck-plugins/RUN-1261-add-externalid-…

…property RUN-1261: Add external id field for the cross-account auth method
rundeck-plugins · Jul 10, 2023 · 9601a3e · 9601a3e
2 parents 231e2ed + a4c3efd
commit 9601a3e
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 4 deletions.
diff --git a/src/main/java/com/dtolabs/rundeck/plugin/resources/ec2/EC2ResourceModelSource.java b/src/main/java/com/dtolabs/rundeck/plugin/resources/ec2/EC2ResourceModelSource.java
@@ -85,6 +85,7 @@ public class EC2ResourceModelSource implements ResourceModelSource {
     Future<INodeSet> futureResult = null;
     final Properties mapping = new Properties();
     final String assumeRoleArn;
+    final String externalId;
     int pageResults;
 
     AWSCredentials credentials;
@@ -156,6 +157,8 @@ public EC2ResourceModelSource(final Properties configuration, final Services ser
         this.endpoint = configuration.getProperty(EC2ResourceModelSourceFactory.ENDPOINT);
         this.pageResults = Integer.parseInt(configuration.getProperty(EC2ResourceModelSourceFactory.MAX_RESULTS));
         this.httpProxyHost = configuration.getProperty(EC2ResourceModelSourceFactory.HTTP_PROXY_HOST);
+        this.assumeRoleArn = configuration.getProperty(EC2ResourceModelSourceFactory.ROLE_ARN);
+        this.externalId = configuration.getProperty(EC2ResourceModelSourceFactory.EXTERNAL_ID);
         int proxyPort = 80;
 
         final String proxyPortStr = configuration.getProperty(EC2ResourceModelSourceFactory.HTTP_PROXY_PORT);
@@ -201,12 +204,8 @@ public EC2ResourceModelSource(final Properties configuration, final Services ser
             String secretKey =  getPasswordFromKeyStorage(secretKeyStoragePath, keyStorage);
 
             credentials = new BasicAWSCredentials(accessKey.trim(), secretKey.trim());
-            assumeRoleArn = null;
         }else if (null != accessKey && null != secretKey) {
             credentials = new BasicAWSCredentials(accessKey.trim(), secretKey.trim());
-            assumeRoleArn = null;
-        } else {
-            assumeRoleArn = configuration.getProperty(EC2ResourceModelSourceFactory.ROLE_ARN);
         }
         if (null != httpProxyHost && !"".equals(httpProxyHost)) {
             clientConfiguration.setProxyHost(httpProxyHost);
@@ -230,6 +229,9 @@ private void initialize() {
             //        sts_client.setEndpoint("sts-endpoint.amazonaws.com");
             AssumeRoleRequest assumeRoleRequest = new AssumeRoleRequest();
             assumeRoleRequest.setRoleArn(assumeRoleArn);
+            if(externalId!=null){
+                assumeRoleRequest.setExternalId(externalId);
+            }
             assumeRoleRequest.setRoleSessionName("RundeckEC2ResourceModelSourceSession");
             AssumeRoleResult assumeRoleResult = sts_client.assumeRole(assumeRoleRequest);
             Credentials assumeCredentials = assumeRoleResult.getCredentials();

diff --git a/src/main/java/com/dtolabs/rundeck/plugin/resources/ec2/EC2ResourceModelSourceFactory.java b/src/main/java/com/dtolabs/rundeck/plugin/resources/ec2/EC2ResourceModelSourceFactory.java
@@ -62,6 +62,7 @@ public class EC2ResourceModelSourceFactory implements ResourceModelSourceFactory
     public static final String SECRET_KEY = "secretKey";
     public static final String SECRET_KEY_STORAGE_PATH = "secretKeyStoragePath";
     public static final String ROLE_ARN = "assumeRoleArn";
+    public static final String EXTERNAL_ID = "externalId";
     public static final String REGION = "region";
     public static final String MAPPING_FILE = "mappingFile";
     public static final String REFRESH_INTERVAL = "refreshInterval";