making credentials configurable (see awslabs#61)

stefanofornari · Jun 25, 2023 · 96d00a5 · 96d00a5
1 parent e67ffb6
commit 96d00a5
Show file tree

Hide file tree

Showing 4 changed files with 99 additions and 4 deletions.
diff --git a/src/main/java/software/amazon/nio/spi/s3/S3FileSystem.java b/src/main/java/software/amazon/nio/spi/s3/S3FileSystem.java
@@ -47,7 +47,7 @@ public class S3FileSystem extends FileSystem {
     private boolean open = true;
     private final Set<S3SeekableByteChannel> openChannels = new HashSet<>();
 
-    private final AwsCredentials credentials;
+    private AwsCredentials credentials;
 
     private S3AsyncClient client;
 
@@ -86,6 +86,18 @@ protected S3FileSystem(URI uri, S3FileSystemProvider s3FileSystemProvider, S3Nio
         // that accept endpoint, bucket and credentials
         //
         credentials = getCredentials(uri);
+        if ((credentials == null) && (config != null)) {
+            //
+            // Here, no credentials have been provided in the URI, let's check
+            // if we have them in the configuration map
+            //
+            credentials = config.getCredentials();
+        }
+
+        //
+        // if here credentials are still null, no overrides have been provided,
+        // the defauls environment/system properties will be used
+        //
 
         String host = uri.getHost(); int port = uri.getPort();
         if ((port > 0) || (host.indexOf('.') > 0)) {

diff --git a/src/main/java/software/amazon/nio/spi/s3/config/S3NioSpiConfiguration.java b/src/main/java/software/amazon/nio/spi/s3/config/S3NioSpiConfiguration.java
@@ -15,12 +15,17 @@
 import java.util.Objects;
 import java.util.Optional;
 import java.util.Properties;
+import software.amazon.awssdk.auth.credentials.AwsBasicCredentials;
+import software.amazon.awssdk.auth.credentials.AwsCredentials;
 
 /**
  * Object to hold configuration of the S3 NIO SPI
  */
 public class S3NioSpiConfiguration {
 
+    public static final String AWS_ACCESS_KEY_PROPERTY = "aws.accessKey";
+    public static final String AWS_SECRET_ACCESS_KEY_PROPERTY = "aws.secretAccessKey";
+
     /**
      * The name of the maximum fragment size property
      */
@@ -93,6 +98,7 @@ public S3NioSpiConfiguration(Map<String, ?> overrides){
      */
     protected S3NioSpiConfiguration(Properties overrides) {
         Objects.requireNonNull(overrides);
+        System.out.println(overrides.keySet());
         overrides.stringPropertyNames()
             .forEach(key -> properties.setProperty(key, overrides.getProperty(key)));
     }
@@ -129,6 +135,20 @@ public String getEndpointProtocol() {
         return S3_SPI_ENDPOINT_PROTOCOL_DEFAULT;
     }
 
+    /**
+     * Get the configured credentials
+     * @return the configured value or the default if not overridden
+     */
+    public AwsCredentials getCredentials() {
+        if (properties.containsKey(AWS_ACCESS_KEY_PROPERTY)) {
+            return AwsBasicCredentials.create(properties.getProperty(AWS_ACCESS_KEY_PROPERTY),
+                properties.getProperty(AWS_SECRET_ACCESS_KEY_PROPERTY)
+           );
+        }
+
+        return null;
+    }
+
     // ------------------------------------------------------- protected methods
 
     /**

diff --git a/.../s3/S3FileSystemProviderEndpointTest.java → ...3FileSystemProviderConfigurationTest.java b/.../s3/S3FileSystemProviderEndpointTest.java → ...3FileSystemProviderConfigurationTest.java
@@ -11,9 +11,11 @@
 import java.util.Map;
 import static org.junit.jupiter.api.Assertions.assertEquals;
 import org.junit.jupiter.api.Test;
+import static software.amazon.nio.spi.s3.config.S3NioSpiConfiguration.AWS_ACCESS_KEY_PROPERTY;
+import static software.amazon.nio.spi.s3.config.S3NioSpiConfiguration.AWS_SECRET_ACCESS_KEY_PROPERTY;
 import static software.amazon.nio.spi.s3.config.S3NioSpiConfiguration.S3_SPI_ENDPOINT_PROTOCOL_PROPERTY;
 
-public class S3FileSystemProviderEndpointTest {
+public class S3FileSystemProviderConfigurationTest {
 
     final FakeAsyncS3ClientBuilder BUILDER = new FakeAsyncS3ClientBuilder();
 
@@ -79,5 +81,51 @@ public void setEndpointProtocolThroughSystemProperties() throws Exception {
         });
     }
 
+    @Test
+    public void setCredentialsThroughMap() throws Exception {
+        S3FileSystemProvider p = new S3FileSystemProvider();
+        Map<String, String> env = new HashMap<>();
+        env.put(AWS_ACCESS_KEY_PROPERTY, "envkey");
+        env.put(AWS_SECRET_ACCESS_KEY_PROPERTY, "envsecret");
+
+        restoreSystemProperties(() -> {
+            System.setProperty("aws.region", "us-west-1");
+            System.setProperty(AWS_ACCESS_KEY_PROPERTY, "systemkey");
+            System.setProperty(AWS_SECRET_ACCESS_KEY_PROPERTY, "systemsecret");
+
+            S3FileSystem fs = p.newFileSystem(URI.create("s3://some.where.com:1010/bucket"), env);
+            fs.clientProvider.asyncClientBuilder = BUILDER;
+            fs.client(); fs.close();
+
+            assertEquals("bucket", fs.bucketName());
+            assertEquals("some.where.com:1010", fs.endpoint());
+            assertEquals("https://some.where.com:1010", BUILDER.endpointOverride.toString());
+            assertEquals("envkey", BUILDER.credentialsProvider.resolveCredentials().accessKeyId());
+            assertEquals("envsecret", BUILDER.credentialsProvider.resolveCredentials().secretAccessKey());
+        });
+    }
+
+    @Test
+    public void setCredentialsThroughURI() throws Exception {
+        S3FileSystemProvider p = new S3FileSystemProvider();
+        Map<String, String> env = new HashMap<>();
+        env.put(AWS_ACCESS_KEY_PROPERTY, "envkey");
+        env.put(AWS_SECRET_ACCESS_KEY_PROPERTY, "envsecret");
+
+        restoreSystemProperties(() -> {
+            System.setProperty("aws.region", "us-west-1");
+
+            S3FileSystem fs = p.newFileSystem(URI.create("s3://urikey:[email protected]:1010/bucket"), env);
+            fs.clientProvider.asyncClientBuilder = BUILDER;
+            fs.client(); fs.close();
+
+            assertEquals("bucket", fs.bucketName());
+            assertEquals("some.where.com:1010", fs.endpoint());
+            assertEquals("https://some.where.com:1010", BUILDER.endpointOverride.toString());
+            assertEquals("urikey", BUILDER.credentialsProvider.resolveCredentials().accessKeyId());
+            assertEquals("urisecret", BUILDER.credentialsProvider.resolveCredentials().secretAccessKey());
+        });
+    }
+
 
 }
diff --git a/src/test/java/software/amazon/nio/spi/s3/config/S3NioSpiConfigurationTest.java b/src/test/java/software/amazon/nio/spi/s3/config/S3NioSpiConfigurationTest.java
@@ -10,10 +10,12 @@
 import java.util.Map;
 import java.util.Properties;
 
-import static org.junit.jupiter.api.Assertions.assertEquals;
-import static org.junit.jupiter.api.Assertions.assertThrows;
+import static org.junit.jupiter.api.Assertions.*;
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
+import software.amazon.awssdk.auth.credentials.AwsCredentials;
+import static software.amazon.nio.spi.s3.config.S3NioSpiConfiguration.AWS_ACCESS_KEY_PROPERTY;
+import static software.amazon.nio.spi.s3.config.S3NioSpiConfiguration.AWS_SECRET_ACCESS_KEY_PROPERTY;
 import static software.amazon.nio.spi.s3.config.S3NioSpiConfiguration.S3_SPI_READ_MAX_FRAGMENT_SIZE_PROPERTY;
 
 public class S3NioSpiConfigurationTest {
@@ -71,6 +73,19 @@ public void endpointProtocol() {
         assertEquals(S3NioSpiConfiguration.S3_SPI_ENDPOINT_PROTOCOL_DEFAULT, badOverriddenConfig.getEndpointProtocol());
     }
 
+    @Test
+    public void credentials() {
+        assertNull(new S3NioSpiConfiguration().getCredentials());
+
+        Properties env = new Properties();
+        env.setProperty(AWS_ACCESS_KEY_PROPERTY, "envkey");
+        env.put(AWS_SECRET_ACCESS_KEY_PROPERTY, "envsecret");
+
+        AwsCredentials credentials = new S3NioSpiConfiguration(env).getCredentials();
+        assertEquals("envkey", credentials.accessKeyId());
+        assertEquals("envsecret", credentials.secretAccessKey());
+    }
+
     @Test
     public void convertPropertyNameToEnvVar() {
         String expected = "FOO_BAA_FIZZ_BUZZ";