From 53d67b1c903f8e353a9b0b2fc4954b6ff3a4cbd4 Mon Sep 17 00:00:00 2001 From: Paul Hounshell Date: Mon, 8 May 2023 14:04:15 -0400 Subject: [PATCH] Add support for AWS profile in remote cache DSL This allows the remote cache configuration to use a profile name when obtaining AWS credentials. Profiles are an alternate way to provide credentials. The current method of doing this is to set `lookupDefaultAwsCredentials=true` and the environment variable `export AWS_PROFILE=""`, but this requires each developer to set that variable. Moving it into the remote cache configuration allows that setting to be more easily shared, particularly in environments that used shared managed profiles. More about using profiles at https://docs.aws.amazon.com/sdk-for-java/latest/developer-guide/credentials-profiles.html --- CHANGELOG.md | 5 +++++ README.md | 7 ++++++- .../com/github/burrunan/s3cache/AwsS3BuildCache.kt | 1 + .../s3cache/internal/AwsS3BuildCacheServiceFactory.kt | 3 +++ .../internal/AwsS3BuildCacheServiceFactoryTest.kt | 11 +++++++++++ 5 files changed, 26 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index c739275..0a24990 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,8 @@ +#### Unreleased + - *TBD* +#### Changed + - Added support for specifying AWS profile in DSL + #### 1.5 - 2022-10-05 - [4 commits](https://github.com/burrunan/gradle-s3-build-cache/compare/v1.4...v1.5) #### Changed diff --git a/README.md b/README.md index e872699..bf84114 100644 --- a/README.md +++ b/README.md @@ -60,6 +60,7 @@ The AWS S3 build cache implementation has a few configuration options: | `awsAccessKeyId` | The AWS access key id | no | `getenv("S3_BUILD_CACHE_ACCESS_KEY_ID")` | | `awsSecretKey` | The AWS secret key | no | `getenv("S3_BUILD_CACHE_SECRET_KEY")` | | `sessionToken` | The AWS sessionToken when you use temporal credentials | no | `getenv("S3_BUILD_CACHE_SESSION_TOKEN")` | +| `awsProfile` | The AWS profile to use for authentication | no | `getenv("S3_BUILD_CACHE_PROFILE")` | | `lookupDefaultAwsCredentials` | Configures if `DefaultAWSCredentialsProviderChain` could be used to lookup credentials | yes | false | | `showStatistics` | Displays statistics on the remote cache performance | Yes | `true` | | `showStatisticsWhenImpactExceeds` | Specifies minimum duration to trigger printing the stats, milliseconds | Yes | `100` | @@ -135,7 +136,11 @@ environment variables. If you want to use AWS default credentials [`DefaultAWSCredentialsProviderChain`](http://docs.aws.amazon.com/AWSJavaSDK/latest/javadoc/com/amazonaws/auth/DefaultAWSCredentialsProviderChain.html), then configure `lookupDefaultAwsCredentials=true`. -Note: it will still try `S3_BUILD_CACHE_` variables first. + +If you want to use a specific [AWS profile](https://docs.aws.amazon.com/sdk-for-java/latest/developer-guide/credentials-profiles.html), +then configure `awsProfile=""`. + +Note: even with these values set, it will still try `S3_BUILD_CACHE_` variables first. ### S3 Bucket Permissions for cache population diff --git a/src/main/kotlin/com/github/burrunan/s3cache/AwsS3BuildCache.kt b/src/main/kotlin/com/github/burrunan/s3cache/AwsS3BuildCache.kt index 8938638..7530266 100644 --- a/src/main/kotlin/com/github/burrunan/s3cache/AwsS3BuildCache.kt +++ b/src/main/kotlin/com/github/burrunan/s3cache/AwsS3BuildCache.kt @@ -28,6 +28,7 @@ open class AwsS3BuildCache : AbstractBuildCache() { var awsAccessKeyId: String? = System.getenv("S3_BUILD_CACHE_ACCESS_KEY_ID") var awsSecretKey: String? = System.getenv("S3_BUILD_CACHE_SECRET_KEY") var sessionToken: String? = System.getenv("S3_BUILD_CACHE_SESSION_TOKEN") + var awsProfile: String? = System.getenv("S3_BUILD_CACHE_PROFILE") var lookupDefaultAwsCredentials: Boolean = false var showStatistics: Boolean = true var showStatisticsWhenImpactExceeds: Long = 100 diff --git a/src/main/kotlin/com/github/burrunan/s3cache/internal/AwsS3BuildCacheServiceFactory.kt b/src/main/kotlin/com/github/burrunan/s3cache/internal/AwsS3BuildCacheServiceFactory.kt index b3f907d..9b557ea 100644 --- a/src/main/kotlin/com/github/burrunan/s3cache/internal/AwsS3BuildCacheServiceFactory.kt +++ b/src/main/kotlin/com/github/burrunan/s3cache/internal/AwsS3BuildCacheServiceFactory.kt @@ -22,6 +22,7 @@ import org.slf4j.LoggerFactory import software.amazon.awssdk.auth.credentials.AnonymousCredentialsProvider import software.amazon.awssdk.auth.credentials.AwsBasicCredentials import software.amazon.awssdk.auth.credentials.AwsSessionCredentials +import software.amazon.awssdk.auth.credentials.ProfileCredentialsProvider import software.amazon.awssdk.auth.credentials.StaticCredentialsProvider import software.amazon.awssdk.regions.Region import software.amazon.awssdk.services.s3.S3Client @@ -99,6 +100,8 @@ class AwsS3BuildCacheServiceFactory : BuildCacheServiceFactory val credentials = when { config.awsAccessKeyId.isNullOrBlank() || config.awsSecretKey.isNullOrBlank() -> when { config.lookupDefaultAwsCredentials -> return + !config.awsProfile.isNullOrBlank() -> + ProfileCredentialsProvider.create(config.awsProfile) else -> AnonymousCredentialsProvider.create() } else -> diff --git a/src/test/kotlin/com/github/burrunan/s3cache/internal/AwsS3BuildCacheServiceFactoryTest.kt b/src/test/kotlin/com/github/burrunan/s3cache/internal/AwsS3BuildCacheServiceFactoryTest.kt index adf1c61..478327d 100644 --- a/src/test/kotlin/com/github/burrunan/s3cache/internal/AwsS3BuildCacheServiceFactoryTest.kt +++ b/src/test/kotlin/com/github/burrunan/s3cache/internal/AwsS3BuildCacheServiceFactoryTest.kt @@ -125,4 +125,15 @@ class AwsS3BuildCacheServiceFactoryTest { val service = subject.createBuildCacheService(conf, buildCacheDescriber) Assertions.assertNotNull(service) } + + @Test + fun testAWSProfileCredentials() { + val conf = buildCache { + bucket = "my-bucket" + region = "us-west-1" + awsProfile = "any aws profile" + } + val service = subject.createBuildCacheService(conf, buildCacheDescriber) + Assertions.assertNotNull(service) + } }