Merge pull request spinnaker#2 from nimakaviani/feature/ecs-dynamic-a…

…ccount

clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/security/AmazonBasicCredentialsLoader.java

@@ -26,7 +26,6 @@
 import com.netflix.spinnaker.credentials.definition.CredentialsDefinitionSource;
 import com.netflix.spinnaker.credentials.definition.CredentialsParser;
 import java.util.*;
-import java.util.concurrent.ConcurrentHashMap;
 import java.util.stream.Collectors;
 import org.apache.commons.lang3.StringUtils;
 
@@ -35,7 +34,6 @@ public class AmazonBasicCredentialsLoader<
     extends BasicCredentialsLoader<T, U> {
   protected final CredentialsConfig credentialsConfig;
   protected final DefaultAccountConfigurationProperties defaultAccountConfigurationProperties;
-  protected final Map<String, T> loadedDefinitions = new ConcurrentHashMap<>();
   protected String defaultEnvironment;
   protected String defaultAccountType;
 

clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/security/AmazonCredentialsInitializer.groovy

@@ -39,7 +39,6 @@ import org.springframework.context.annotation.Lazy
 import org.springframework.context.annotation.Primary
 
 import javax.annotation.Nullable
-import javax.annotation.PostConstruct
 
 @Configuration
 @EnableConfigurationProperties(DefaultAccountConfigurationProperties)
@@ -53,7 +52,9 @@ class AmazonCredentialsInitializer {
   }
 
   @Bean
-  Class<? extends NetflixAmazonCredentials> credentialsType(CredentialsConfig credentialsConfig) {
+  Class<? extends NetflixAmazonCredentials> credentialsType(
+    CredentialsConfig credentialsConfig
+  ) {
     if (!credentialsConfig.accounts && !credentialsConfig.defaultAssumeRole) {
       NetflixAmazonCredentials
     } else {
@@ -62,23 +63,19 @@ class AmazonCredentialsInitializer {
   }
 
   @Bean
-//  @ConditionalOnMissingBean(
-//    value = [Account.class, NetflixAmazonCredentials.class],
-//    parameterizedContainer = AmazonCredentialsParser.class
-//  )
-  CredentialsParser<Account, NetflixAmazonCredentials> amazonCredentialsParser(AWSCredentialsProvider awsCredentialsProvider,
-                                                                               AmazonClientProvider amazonClientProvider,
-                                                                               Class<? extends NetflixAmazonCredentials> credentialsType, CredentialsConfig credentialsConfig
+  CredentialsParser<Account, NetflixAmazonCredentials> amazonCredentialsParser(
+    AWSCredentialsProvider awsCredentialsProvider,
+    AmazonClientProvider amazonClientProvider,
+    Class<? extends NetflixAmazonCredentials> credentialsType, CredentialsConfig credentialsConfig
   ) {
-    new AmazonCredentialsParser<>(
-      awsCredentialsProvider, amazonClientProvider, credentialsType, credentialsConfig)
+    new AmazonCredentialsParser<>(awsCredentialsProvider, amazonClientProvider, credentialsType, credentialsConfig)
   }
 
   @Bean
-  @Primary // needed for ECS repo. ECS and AWS repos should be merged.
   @ConditionalOnMissingBean(
     value = NetflixAmazonCredentials.class,
-    parameterizedContainer = CredentialsRepository.class)
+    parameterizedContainer = CredentialsRepository.class
+  )
   CredentialsRepository<NetflixAmazonCredentials> amazonCredentialsRepository(
     @Lazy CredentialsLifecycleHandler<NetflixAmazonCredentials> eventHandler
   ) {
@@ -88,7 +85,8 @@ class AmazonCredentialsInitializer {
   @Bean
   @ConditionalOnMissingBean(
     value = NetflixAmazonCredentials.class,
-    parameterizedContainer = AmazonCredentialProvider.class)
+    parameterizedContainer = AmazonCredentialProvider.class
+  )
   AmazonCredentialProvider<NetflixAmazonCredentials>  amazonCredentialProvider(
     CredentialsRepository<NetflixAmazonCredentials> amazonCredentialsRepository
   ) {
@@ -98,7 +96,8 @@ class AmazonCredentialsInitializer {
   @Bean
   @ConditionalOnMissingBean(
     value = NetflixAmazonCredentials.class,
-    parameterizedContainer = AbstractCredentialsLoader.class)
+    parameterizedContainer = AbstractCredentialsLoader.class
+  )
   AbstractCredentialsLoader<? extends NetflixAmazonCredentials> amazonCredentialsLoader(
     CredentialsParser<Account, NetflixAmazonCredentials>  amazonCredentialsParser,
     @Nullable CredentialsDefinitionSource<Account> amazonCredentialsSource,

clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/security/AmazonCredentialsLifecycleHandler.java

@@ -57,26 +57,26 @@
 @RequiredArgsConstructor
 public class AmazonCredentialsLifecycleHandler
     implements CredentialsLifecycleHandler<NetflixAmazonCredentials> {
-  protected final AwsCleanupProvider awsCleanupProvider;
-  protected final AwsInfrastructureProvider awsInfrastructureProvider;
-  protected final AwsProvider awsProvider;
-  protected final AmazonCloudProvider amazonCloudProvider;
-  protected final AmazonClientProvider amazonClientProvider;
-  protected final AmazonS3DataProvider amazonS3DataProvider;
-  protected final CatsModule catsModule;
+  private final AwsCleanupProvider awsCleanupProvider;
+  private final AwsInfrastructureProvider awsInfrastructureProvider;
+  private final AwsProvider awsProvider;
+  private final AmazonCloudProvider amazonCloudProvider;
+  private final AmazonClientProvider amazonClientProvider;
+  private final AmazonS3DataProvider amazonS3DataProvider;
+  private final CatsModule catsModule;
 
-  protected final AwsConfigurationProperties awsConfigurationProperties;
-  protected final ObjectMapper objectMapper;
-  protected final @Qualifier("amazonObjectMapper") ObjectMapper amazonObjectMapper;
-  protected final EddaApiFactory eddaApiFactory;
-  protected final ApplicationContext ctx;
-  protected final Registry registry;
-  protected final Optional<ExecutorService> reservationReportPool;
-  protected final Optional<Collection<AgentProvider>> agentProviders;
-  protected final EddaTimeoutConfig eddaTimeoutConfig;
-  protected final DynamicConfigService dynamicConfigService;
-  protected final DeployDefaults deployDefaults;
-  protected final CredentialsRepository<NetflixAmazonCredentials>
+  private final AwsConfigurationProperties awsConfigurationProperties;
+  private final ObjectMapper objectMapper;
+  private final @Qualifier("amazonObjectMapper") ObjectMapper amazonObjectMapper;
+  private final EddaApiFactory eddaApiFactory;
+  private final ApplicationContext ctx;
+  private final Registry registry;
+  private final Optional<ExecutorService> reservationReportPool;
+  private final Optional<Collection<AgentProvider>> agentProviders;
+  private final EddaTimeoutConfig eddaTimeoutConfig;
+  private final DynamicConfigService dynamicConfigService;
+  private final DeployDefaults deployDefaults;
+  private final CredentialsRepository<NetflixAmazonCredentials>
       accountCredentialsRepository; // Circular dependency.
   private Set<String> publicRegions = new HashSet<>();
   private Set<String> awsInfraRegions = new HashSet<>();

clouddriver-aws/src/main/groovy/com/netflix/spinnaker/config/AwsConfiguration.groovy

@@ -22,11 +22,7 @@ import com.fasterxml.jackson.databind.ObjectMapper
 import com.netflix.awsobjectmapper.AmazonObjectMapperConfigurer
 import com.netflix.spectator.api.Registry
 import com.netflix.spinnaker.cats.agent.Agent
-import com.netflix.spinnaker.clouddriver.aws.AmazonCloudProvider
 import com.netflix.spinnaker.clouddriver.aws.AwsConfigurationProperties
-import com.netflix.spinnaker.clouddriver.aws.agent.CleanupAlarmsAgent
-import com.netflix.spinnaker.clouddriver.aws.agent.CleanupDetachedInstancesAgent
-import com.netflix.spinnaker.clouddriver.aws.agent.ReconcileClassicLinkSecurityGroupsAgent
 import com.netflix.spinnaker.clouddriver.aws.deploy.BlockDeviceConfig
 import com.netflix.spinnaker.clouddriver.aws.deploy.handlers.BasicAmazonDeployHandler
 import com.netflix.spinnaker.clouddriver.aws.deploy.ops.securitygroup.SecurityGroupLookupFactory
@@ -49,7 +45,6 @@ import com.netflix.spinnaker.clouddriver.core.limits.ServiceLimitConfiguration
 import com.netflix.spinnaker.clouddriver.event.SpinnakerEvent
 import com.netflix.spinnaker.clouddriver.saga.config.SagaAutoConfiguration
 import com.netflix.spinnaker.clouddriver.security.AccountCredentialsRepository
-import com.netflix.spinnaker.clouddriver.security.ProviderUtils
 import com.netflix.spinnaker.credentials.CredentialsRepository
 import com.netflix.spinnaker.kork.aws.AwsComponents
 import com.netflix.spinnaker.kork.aws.bastion.BastionConfig
@@ -185,14 +180,16 @@ class AwsConfiguration {
   }
 
   @Bean
-  @DependsOn('amazonCredentialsLoader')
-  BasicAmazonDeployHandler basicAmazonDeployHandler(RegionScopedProviderFactory regionScopedProviderFactory,
-                                                    CredentialsRepository<NetflixAmazonCredentials> accountCredentialsRepository,
-                                                    DeployDefaults deployDefaults,
-                                                    ScalingPolicyCopier scalingPolicyCopier,
-                                                    BlockDeviceConfig blockDeviceConfig,
-                                                    DynamicConfigService dynamicConfigService,
-                                                    AmazonServerGroupProvider amazonServerGroupProvider) {
+  @DependsOn('amazonCredentialsRepository')
+  BasicAmazonDeployHandler basicAmazonDeployHandler(
+    RegionScopedProviderFactory regionScopedProviderFactory,
+    CredentialsRepository<NetflixAmazonCredentials> accountCredentialsRepository,
+    DeployDefaults deployDefaults,
+    ScalingPolicyCopier scalingPolicyCopier,
+    BlockDeviceConfig blockDeviceConfig,
+    DynamicConfigService dynamicConfigService,
+    AmazonServerGroupProvider amazonServerGroupProvider
+  ) {
     new BasicAmazonDeployHandler(
       regionScopedProviderFactory,
       accountCredentialsRepository,
@@ -211,18 +208,16 @@ class AwsConfiguration {
   }
 
   @Bean
-  @DependsOn('amazonCredentialsLoader')
-  AwsCleanupProvider awsOperationProvider(AwsConfigurationProperties awsConfigurationProperties,
-                                          AmazonClientProvider amazonClientProvider,
-                                          AccountCredentialsRepository accountCredentialsRepository,
-                                          DeployDefaults deployDefaults) {
+  AwsCleanupProvider awsOperationProvider() {
     return new AwsCleanupProvider(Collections.newSetFromMap(new ConcurrentHashMap<Agent, Boolean>()))
   }
 
   @Bean
-  @DependsOn('amazonCredentialsLoader')
-  SecurityGroupLookupFactory securityGroupLookup(AmazonClientProvider amazonClientProvider,
-                                                 CredentialsRepository<NetflixAmazonCredentials> accountCredentialsRepository) {
+  @DependsOn('amazonCredentialsRepository')
+  SecurityGroupLookupFactory securityGroupLookup(
+    AmazonClientProvider amazonClientProvider,
+    CredentialsRepository<NetflixAmazonCredentials> accountCredentialsRepository
+  ) {
     new SecurityGroupLookupFactory(amazonClientProvider, accountCredentialsRepository)
   }
 

clouddriver-ecs/src/main/java/com/netflix/spinnaker/clouddriver/ecs/security/ECSCredentialsConfig.java

@@ -16,14 +16,13 @@
 
 package com.netflix.spinnaker.clouddriver.ecs.security;
 
-import com.netflix.spinnaker.clouddriver.aws.security.config.CredentialsConfig;
 import com.netflix.spinnaker.credentials.definition.CredentialsDefinition;
 import java.util.List;
 import lombok.Data;
 
 @Data
-public class ECSCredentialsConfig extends CredentialsConfig {
-  List<ECSAccount> ecsAccounts;
+public class ECSCredentialsConfig {
+  List<ECSAccount> accounts;
 
   @Data
   public static class ECSAccount implements CredentialsDefinition {

clouddriver-ecs/src/main/java/com/netflix/spinnaker/clouddriver/ecs/security/ECSCredentialsParser.java

@@ -17,54 +17,45 @@
 
 package com.netflix.spinnaker.clouddriver.ecs.security;
 
+import com.netflix.spinnaker.clouddriver.aws.AmazonCloudProvider;
 import com.netflix.spinnaker.clouddriver.aws.security.NetflixAmazonCredentials;
 import com.netflix.spinnaker.clouddriver.aws.security.NetflixAssumeRoleAmazonCredentials;
 import com.netflix.spinnaker.clouddriver.aws.security.config.CredentialsConfig;
+import com.netflix.spinnaker.clouddriver.ecs.provider.EcsProvider;
 import com.netflix.spinnaker.clouddriver.security.AccountCredentials;
-import com.netflix.spinnaker.clouddriver.security.AccountCredentialsProvider;
+import com.netflix.spinnaker.credentials.CompositeCredentialsRepository;
 import com.netflix.spinnaker.credentials.definition.CredentialsParser;
+import lombok.AllArgsConstructor;
 import org.jetbrains.annotations.NotNull;
-import org.jetbrains.annotations.Nullable;
-
-// public class ECSCredentialsParser<T extends ECSCredentialsConfig.Account, U extends
-// NetflixECSCredentials, V extends NetflixAmazonCredentials>
 
+@AllArgsConstructor
 public class ECSCredentialsParser<T extends NetflixAmazonCredentials>
     implements CredentialsParser<ECSCredentialsConfig.ECSAccount, NetflixECSCredentials> {
 
-  private final AccountCredentialsProvider accountCredentialsProvider;
-  private final CredentialsParser<CredentialsConfig.Account, NetflixAmazonCredentials>
-      credentialsLoader;
-
-  public ECSCredentialsParser(
-      AccountCredentialsProvider accountCredentialsProvider,
-      CredentialsParser<CredentialsConfig.Account, NetflixAmazonCredentials> credentialsLoader) {
-    this.accountCredentialsProvider = accountCredentialsProvider;
-    this.credentialsLoader = credentialsLoader;
-  }
+  private CompositeCredentialsRepository<AccountCredentials> compositeCredentialsRepository;
+  private CredentialsParser<CredentialsConfig.Account, NetflixAmazonCredentials> parser;
 
-  @Nullable
   @Override
   public NetflixECSCredentials parse(ECSCredentialsConfig.@NotNull ECSAccount credentials) {
-    for (AccountCredentials accountCredentials : accountCredentialsProvider.getAll()) {
-      if (accountCredentials instanceof NetflixAmazonCredentials
-          && credentials.getAwsAccount().equals(accountCredentials.getName())) {
-
-        NetflixAmazonCredentials netflixAmazonCredentials =
-            (NetflixAmazonCredentials) accountCredentials;
-        CredentialsConfig.Account account =
-            EcsAccountBuilder.build(netflixAmazonCredentials, credentials.getName(), "ecs");
+    NetflixAmazonCredentials netflixAmazonCredentials;
+    try {
+      netflixAmazonCredentials =
+          (NetflixAmazonCredentials)
+              compositeCredentialsRepository.getCredentials(
+                  credentials.getAwsAccount(), AmazonCloudProvider.ID);
+    } catch (Throwable throwable) {
+      throwable.printStackTrace();
+      return null;
+    }
 
-        try {
-          return new NetflixAssumeRoleEcsCredentials(
-              (NetflixAssumeRoleAmazonCredentials) credentialsLoader.parse(account),
-              credentials.getName());
-        } catch (Throwable throwable) {
-          throwable.printStackTrace();
-          return null;
-        }
-      }
+    CredentialsConfig.Account account =
+        EcsAccountBuilder.build(netflixAmazonCredentials, credentials.getName(), EcsProvider.NAME);
+    try {
+      return new NetflixAssumeRoleEcsCredentials(
+          (NetflixAssumeRoleAmazonCredentials) parser.parse(account), credentials.getName());
+    } catch (Throwable throwable) {
+      throwable.printStackTrace();
+      return null;
     }
-    return null;
   }
 }