From d2f80b1645c6b6f611130451cd8875ee78dc3b46 Mon Sep 17 00:00:00 2001 From: Peter Turcsanyi Date: Wed, 8 Mar 2023 12:30:05 +0100 Subject: [PATCH] NIFI-11260 Added STS SSL Context Service for AWS Credentials Provider This closes #7021 Signed-off-by: David Handermann --- .../CredentialPropertyDescriptors.java | 10 ++ .../factory/CredentialsProviderFactory.java | 33 +++---- .../provider/factory/CredentialsStrategy.java | 15 ++- .../AbstractBooleanCredentialsStrategy.java | 14 ++- .../AbstractCredentialsStrategy.java | 19 ++-- .../AccessKeyPairCredentialsStrategy.java | 15 ++- .../AnonymousCredentialsStrategy.java | 8 +- .../AssumeRoleCredentialsStrategy.java | 91 +++++++++++-------- .../ExplicitDefaultCredentialsStrategy.java | 10 +- .../strategies/FileCredentialsStrategy.java | 10 +- .../ImplicitDefaultCredentialsStrategy.java | 7 +- .../NamedProfileCredentialsStrategy.java | 11 +-- ...SCredentialsProviderControllerService.java | 25 ++--- .../TestCredentialsProviderFactory.java | 55 ++++------- 14 files changed, 156 insertions(+), 167 deletions(-) diff --git a/nifi-nar-bundles/nifi-aws-bundle/nifi-aws-abstract-processors/src/main/java/org/apache/nifi/processors/aws/credentials/provider/factory/CredentialPropertyDescriptors.java b/nifi-nar-bundles/nifi-aws-bundle/nifi-aws-abstract-processors/src/main/java/org/apache/nifi/processors/aws/credentials/provider/factory/CredentialPropertyDescriptors.java index 6c2fc2b8db..f693e97992 100644 --- a/nifi-nar-bundles/nifi-aws-bundle/nifi-aws-abstract-processors/src/main/java/org/apache/nifi/processors/aws/credentials/provider/factory/CredentialPropertyDescriptors.java +++ b/nifi-nar-bundles/nifi-aws-bundle/nifi-aws-abstract-processors/src/main/java/org/apache/nifi/processors/aws/credentials/provider/factory/CredentialPropertyDescriptors.java @@ -23,6 +23,7 @@ import org.apache.nifi.components.resource.ResourceType; import org.apache.nifi.expression.ExpressionLanguageScope; import org.apache.nifi.processor.util.StandardValidators; import org.apache.nifi.processors.aws.AwsPropertyDescriptors; +import org.apache.nifi.ssl.SSLContextService; import software.amazon.awssdk.regions.Region; import java.util.ArrayList; @@ -173,6 +174,15 @@ public class CredentialPropertyDescriptors { .dependsOn(ASSUME_ROLE_ARN) .build(); + public static final PropertyDescriptor ASSUME_ROLE_SSL_CONTEXT_SERVICE = new PropertyDescriptor.Builder() + .name("assume-role-ssl-context-service") + .displayName("Assume Role SSL Context Service") + .description("SSL Context Service used when connecting to the STS Endpoint.") + .identifiesControllerService(SSLContextService.class) + .required(false) + .dependsOn(ASSUME_ROLE_ARN) + .build(); + /** * Assume Role Proxy variables for configuring proxy to retrieve keys */ diff --git a/nifi-nar-bundles/nifi-aws-bundle/nifi-aws-processors/src/main/java/org/apache/nifi/processors/aws/credentials/provider/factory/CredentialsProviderFactory.java b/nifi-nar-bundles/nifi-aws-bundle/nifi-aws-processors/src/main/java/org/apache/nifi/processors/aws/credentials/provider/factory/CredentialsProviderFactory.java index 545f3a283a..e1249693f2 100644 --- a/nifi-nar-bundles/nifi-aws-bundle/nifi-aws-processors/src/main/java/org/apache/nifi/processors/aws/credentials/provider/factory/CredentialsProviderFactory.java +++ b/nifi-nar-bundles/nifi-aws-bundle/nifi-aws-processors/src/main/java/org/apache/nifi/processors/aws/credentials/provider/factory/CredentialsProviderFactory.java @@ -19,11 +19,10 @@ package org.apache.nifi.processors.aws.credentials.provider.factory; import java.util.ArrayList; import java.util.Collection; import java.util.List; -import java.util.Map; -import org.apache.nifi.components.PropertyDescriptor; import org.apache.nifi.components.ValidationContext; import org.apache.nifi.components.ValidationResult; +import org.apache.nifi.context.PropertyContext; import org.apache.nifi.processors.aws.credentials.provider.factory.strategies.ExplicitDefaultCredentialsStrategy; import org.apache.nifi.processors.aws.credentials.provider.factory.strategies.AccessKeyPairCredentialsStrategy; import org.apache.nifi.processors.aws.credentials.provider.factory.strategies.FileCredentialsStrategy; @@ -66,20 +65,15 @@ public class CredentialsProviderFactory { strategies.add(new AssumeRoleCredentialsStrategy()); } - public CredentialsStrategy selectPrimaryStrategy(final Map properties) { + public CredentialsStrategy selectPrimaryStrategy(final PropertyContext propertyContext) { for (CredentialsStrategy strategy : strategies) { - if (strategy.canCreatePrimaryCredential(properties)) { + if (strategy.canCreatePrimaryCredential(propertyContext)) { return strategy; } } return null; } - public CredentialsStrategy selectPrimaryStrategy(final ValidationContext validationContext) { - final Map properties = validationContext.getProperties(); - return selectPrimaryStrategy(properties); - } - /** * Validates AWS credential properties against the configured strategies to report any validation errors. * @return Validation errors @@ -104,15 +98,14 @@ public class CredentialsProviderFactory { * the factory. * @return AWSCredentialsProvider implementation */ - public AWSCredentialsProvider getCredentialsProvider(final Map properties) { - final CredentialsStrategy primaryStrategy = selectPrimaryStrategy(properties); - AWSCredentialsProvider primaryCredentialsProvider = primaryStrategy.getCredentialsProvider(properties); + public AWSCredentialsProvider getCredentialsProvider(final PropertyContext propertyContext) { + final CredentialsStrategy primaryStrategy = selectPrimaryStrategy(propertyContext); + AWSCredentialsProvider primaryCredentialsProvider = primaryStrategy.getCredentialsProvider(propertyContext); AWSCredentialsProvider derivedCredentialsProvider = null; for (CredentialsStrategy strategy : strategies) { - if (strategy.canCreateDerivedCredential(properties)) { - derivedCredentialsProvider = strategy.getDerivedCredentialsProvider(properties, - primaryCredentialsProvider); + if (strategy.canCreateDerivedCredential(propertyContext)) { + derivedCredentialsProvider = strategy.getDerivedCredentialsProvider(propertyContext, primaryCredentialsProvider); break; } } @@ -129,14 +122,14 @@ public class CredentialsProviderFactory { * the factory. * @return AwsCredentialsProvider implementation */ - public AwsCredentialsProvider getAwsCredentialsProvider(final Map properties) { - final CredentialsStrategy primaryStrategy = selectPrimaryStrategy(properties); - final AwsCredentialsProvider primaryCredentialsProvider = primaryStrategy.getAwsCredentialsProvider(properties); + public AwsCredentialsProvider getAwsCredentialsProvider(final PropertyContext propertyContext) { + final CredentialsStrategy primaryStrategy = selectPrimaryStrategy(propertyContext); + final AwsCredentialsProvider primaryCredentialsProvider = primaryStrategy.getAwsCredentialsProvider(propertyContext); AwsCredentialsProvider derivedCredentialsProvider = null; for (final CredentialsStrategy strategy : strategies) { - if (strategy.canCreateDerivedCredential(properties)) { - derivedCredentialsProvider = strategy.getDerivedAwsCredentialsProvider(properties, primaryCredentialsProvider); + if (strategy.canCreateDerivedCredential(propertyContext)) { + derivedCredentialsProvider = strategy.getDerivedAwsCredentialsProvider(propertyContext, primaryCredentialsProvider); break; } } diff --git a/nifi-nar-bundles/nifi-aws-bundle/nifi-aws-processors/src/main/java/org/apache/nifi/processors/aws/credentials/provider/factory/CredentialsStrategy.java b/nifi-nar-bundles/nifi-aws-bundle/nifi-aws-processors/src/main/java/org/apache/nifi/processors/aws/credentials/provider/factory/CredentialsStrategy.java index 05dc871ca4..718ec7c98c 100644 --- a/nifi-nar-bundles/nifi-aws-bundle/nifi-aws-processors/src/main/java/org/apache/nifi/processors/aws/credentials/provider/factory/CredentialsStrategy.java +++ b/nifi-nar-bundles/nifi-aws-bundle/nifi-aws-processors/src/main/java/org/apache/nifi/processors/aws/credentials/provider/factory/CredentialsStrategy.java @@ -17,13 +17,12 @@ package org.apache.nifi.processors.aws.credentials.provider.factory; import com.amazonaws.auth.AWSCredentialsProvider; -import org.apache.nifi.components.PropertyDescriptor; import org.apache.nifi.components.ValidationContext; import org.apache.nifi.components.ValidationResult; +import org.apache.nifi.context.PropertyContext; import software.amazon.awssdk.auth.credentials.AwsCredentialsProvider; import java.util.Collection; -import java.util.Map; /** @@ -43,13 +42,13 @@ public interface CredentialsStrategy { * Determines if this strategy can create primary credentials using the given properties. * @return true if primary credentials can be created */ - boolean canCreatePrimaryCredential(Map properties); + boolean canCreatePrimaryCredential(PropertyContext propertyContext); /** * Determines if this strategy can create derived credentials using the given properties. * @return true if derived credentials can be created */ - boolean canCreateDerivedCredential(Map properties); + boolean canCreateDerivedCredential(PropertyContext propertyContext); /** * Validates the properties belonging to this strategy, given the selected primary strategy. Errors may result @@ -63,25 +62,25 @@ public interface CredentialsStrategy { /** * Creates an AWSCredentialsProvider instance for this strategy, given the properties defined by the user. */ - AWSCredentialsProvider getCredentialsProvider(Map properties); + AWSCredentialsProvider getCredentialsProvider(PropertyContext propertyContext); /** * Creates an AWSCredentialsProvider instance for this strategy, given the properties defined by the user and * the AWSCredentialsProvider from the winning primary strategy. */ - AWSCredentialsProvider getDerivedCredentialsProvider(Map properties, + AWSCredentialsProvider getDerivedCredentialsProvider(PropertyContext propertyContext, AWSCredentialsProvider primaryCredentialsProvider); /** * Creates an AwsCredentialsProvider instance for this strategy, given the properties defined by the user. */ - AwsCredentialsProvider getAwsCredentialsProvider(Map properties); + AwsCredentialsProvider getAwsCredentialsProvider(PropertyContext propertyContext); /** * Creates an AwsCredentialsProvider instance for this strategy, given the properties defined by the user and * the AwsCredentialsProvider from the winning primary strategy. */ - AwsCredentialsProvider getDerivedAwsCredentialsProvider(Map properties, + AwsCredentialsProvider getDerivedAwsCredentialsProvider(PropertyContext propertyContext, AwsCredentialsProvider primaryCredentialsProvider); } diff --git a/nifi-nar-bundles/nifi-aws-bundle/nifi-aws-processors/src/main/java/org/apache/nifi/processors/aws/credentials/provider/factory/strategies/AbstractBooleanCredentialsStrategy.java b/nifi-nar-bundles/nifi-aws-bundle/nifi-aws-processors/src/main/java/org/apache/nifi/processors/aws/credentials/provider/factory/strategies/AbstractBooleanCredentialsStrategy.java index 4079d5a364..17edf38127 100644 --- a/nifi-nar-bundles/nifi-aws-bundle/nifi-aws-processors/src/main/java/org/apache/nifi/processors/aws/credentials/provider/factory/strategies/AbstractBooleanCredentialsStrategy.java +++ b/nifi-nar-bundles/nifi-aws-bundle/nifi-aws-processors/src/main/java/org/apache/nifi/processors/aws/credentials/provider/factory/strategies/AbstractBooleanCredentialsStrategy.java @@ -18,11 +18,12 @@ package org.apache.nifi.processors.aws.credentials.provider.factory.strategies; import java.util.ArrayList; import java.util.Collection; -import java.util.Map; import org.apache.nifi.components.PropertyDescriptor; +import org.apache.nifi.components.PropertyValue; import org.apache.nifi.components.ValidationContext; import org.apache.nifi.components.ValidationResult; +import org.apache.nifi.context.PropertyContext; import org.apache.nifi.processors.aws.credentials.provider.factory.CredentialsStrategy; @@ -42,8 +43,15 @@ public abstract class AbstractBooleanCredentialsStrategy extends AbstractCredent } @Override - public boolean canCreatePrimaryCredential(final Map properties) { - final String useStrategyString = properties.get(strategyProperty); + public boolean canCreatePrimaryCredential(final PropertyContext propertyContext) { + PropertyValue strategyPropertyValue = propertyContext.getProperty(strategyProperty); + if (strategyPropertyValue == null) { + return false; + } + if (strategyProperty.isExpressionLanguageSupported()) { + strategyPropertyValue = strategyPropertyValue.evaluateAttributeExpressions(); + } + final String useStrategyString = strategyPropertyValue.getValue(); final Boolean useStrategy = Boolean.parseBoolean(useStrategyString); return useStrategy; } diff --git a/nifi-nar-bundles/nifi-aws-bundle/nifi-aws-processors/src/main/java/org/apache/nifi/processors/aws/credentials/provider/factory/strategies/AbstractCredentialsStrategy.java b/nifi-nar-bundles/nifi-aws-bundle/nifi-aws-processors/src/main/java/org/apache/nifi/processors/aws/credentials/provider/factory/strategies/AbstractCredentialsStrategy.java index 5940bf28f2..f5ed8ab551 100644 --- a/nifi-nar-bundles/nifi-aws-bundle/nifi-aws-processors/src/main/java/org/apache/nifi/processors/aws/credentials/provider/factory/strategies/AbstractCredentialsStrategy.java +++ b/nifi-nar-bundles/nifi-aws-bundle/nifi-aws-processors/src/main/java/org/apache/nifi/processors/aws/credentials/provider/factory/strategies/AbstractCredentialsStrategy.java @@ -18,11 +18,12 @@ package org.apache.nifi.processors.aws.credentials.provider.factory.strategies; import java.util.ArrayList; import java.util.Collection; -import java.util.Map; import org.apache.nifi.components.PropertyDescriptor; +import org.apache.nifi.components.PropertyValue; import org.apache.nifi.components.ValidationContext; import org.apache.nifi.components.ValidationResult; +import org.apache.nifi.context.PropertyContext; import org.apache.nifi.processors.aws.credentials.provider.factory.CredentialsStrategy; import com.amazonaws.auth.AWSCredentialsProvider; @@ -42,12 +43,10 @@ public abstract class AbstractCredentialsStrategy implements CredentialsStrategy } @Override - public boolean canCreatePrimaryCredential(final Map properties) { + public boolean canCreatePrimaryCredential(final PropertyContext propertyContext) { for (final PropertyDescriptor requiredProperty : requiredProperties) { - final boolean containsRequiredProperty = properties.containsKey(requiredProperty); - final String propertyValue = properties.get(requiredProperty); - final boolean containsValue = propertyValue != null; - if (!containsRequiredProperty || !containsValue) { + final PropertyValue propertyValue = propertyContext.getProperty(requiredProperty); + if (!propertyValue.isSet()) { return false; } } @@ -81,7 +80,7 @@ public abstract class AbstractCredentialsStrategy implements CredentialsStrategy return validationFailureResults; } - public abstract AWSCredentialsProvider getCredentialsProvider(final Map properties); + public abstract AWSCredentialsProvider getCredentialsProvider(final PropertyContext propertyContext); public String getName() { return name; @@ -89,18 +88,18 @@ public abstract class AbstractCredentialsStrategy implements CredentialsStrategy @Override - public boolean canCreateDerivedCredential(final Map properties) { + public boolean canCreateDerivedCredential(final PropertyContext propertyContext) { return false; } @Override - public AWSCredentialsProvider getDerivedCredentialsProvider(final Map properties, + public AWSCredentialsProvider getDerivedCredentialsProvider(final PropertyContext propertyContext, final AWSCredentialsProvider primaryCredentialsProvider) { return null; } @Override - public AwsCredentialsProvider getDerivedAwsCredentialsProvider(final Map properties, + public AwsCredentialsProvider getDerivedAwsCredentialsProvider(final PropertyContext propertyContext, final AwsCredentialsProvider primaryCredentialsProvider) { return null; } diff --git a/nifi-nar-bundles/nifi-aws-bundle/nifi-aws-processors/src/main/java/org/apache/nifi/processors/aws/credentials/provider/factory/strategies/AccessKeyPairCredentialsStrategy.java b/nifi-nar-bundles/nifi-aws-bundle/nifi-aws-processors/src/main/java/org/apache/nifi/processors/aws/credentials/provider/factory/strategies/AccessKeyPairCredentialsStrategy.java index 16251dae5b..142d10c76f 100644 --- a/nifi-nar-bundles/nifi-aws-bundle/nifi-aws-processors/src/main/java/org/apache/nifi/processors/aws/credentials/provider/factory/strategies/AccessKeyPairCredentialsStrategy.java +++ b/nifi-nar-bundles/nifi-aws-bundle/nifi-aws-processors/src/main/java/org/apache/nifi/processors/aws/credentials/provider/factory/strategies/AccessKeyPairCredentialsStrategy.java @@ -20,12 +20,11 @@ import com.amazonaws.auth.AWSCredentialsProvider; import com.amazonaws.auth.BasicAWSCredentials; import com.amazonaws.internal.StaticCredentialsProvider; import org.apache.nifi.components.PropertyDescriptor; +import org.apache.nifi.context.PropertyContext; import org.apache.nifi.processors.aws.credentials.provider.factory.CredentialPropertyDescriptors; import software.amazon.awssdk.auth.credentials.AwsBasicCredentials; import software.amazon.awssdk.auth.credentials.AwsCredentialsProvider; -import java.util.Map; - /** * Supports AWS credentials defined by an Access Key and Secret Key pair. @@ -43,17 +42,17 @@ public class AccessKeyPairCredentialsStrategy extends AbstractCredentialsStrateg } @Override - public AWSCredentialsProvider getCredentialsProvider(final Map properties) { - final String accessKey = properties.get(CredentialPropertyDescriptors.ACCESS_KEY); - final String secretKey = properties.get(CredentialPropertyDescriptors.SECRET_KEY); + public AWSCredentialsProvider getCredentialsProvider(final PropertyContext propertyContext) { + final String accessKey = propertyContext.getProperty(CredentialPropertyDescriptors.ACCESS_KEY).evaluateAttributeExpressions().getValue(); + final String secretKey = propertyContext.getProperty(CredentialPropertyDescriptors.SECRET_KEY).evaluateAttributeExpressions().getValue(); final BasicAWSCredentials credentials = new BasicAWSCredentials(accessKey, secretKey); return new StaticCredentialsProvider(credentials); } @Override - public AwsCredentialsProvider getAwsCredentialsProvider(final Map properties) { - final String accessKey = properties.get(CredentialPropertyDescriptors.ACCESS_KEY); - final String secretKey = properties.get(CredentialPropertyDescriptors.SECRET_KEY); + public AwsCredentialsProvider getAwsCredentialsProvider(final PropertyContext propertyContext) { + final String accessKey = propertyContext.getProperty(CredentialPropertyDescriptors.ACCESS_KEY).evaluateAttributeExpressions().getValue(); + final String secretKey = propertyContext.getProperty(CredentialPropertyDescriptors.SECRET_KEY).evaluateAttributeExpressions().getValue(); return software.amazon.awssdk.auth.credentials.StaticCredentialsProvider.create(AwsBasicCredentials.create(accessKey, secretKey)); } diff --git a/nifi-nar-bundles/nifi-aws-bundle/nifi-aws-processors/src/main/java/org/apache/nifi/processors/aws/credentials/provider/factory/strategies/AnonymousCredentialsStrategy.java b/nifi-nar-bundles/nifi-aws-bundle/nifi-aws-processors/src/main/java/org/apache/nifi/processors/aws/credentials/provider/factory/strategies/AnonymousCredentialsStrategy.java index 416163d0ce..fef0ad61cc 100644 --- a/nifi-nar-bundles/nifi-aws-bundle/nifi-aws-processors/src/main/java/org/apache/nifi/processors/aws/credentials/provider/factory/strategies/AnonymousCredentialsStrategy.java +++ b/nifi-nar-bundles/nifi-aws-bundle/nifi-aws-processors/src/main/java/org/apache/nifi/processors/aws/credentials/provider/factory/strategies/AnonymousCredentialsStrategy.java @@ -19,13 +19,11 @@ package org.apache.nifi.processors.aws.credentials.provider.factory.strategies; import com.amazonaws.auth.AWSCredentialsProvider; import com.amazonaws.auth.AnonymousAWSCredentials; import com.amazonaws.internal.StaticCredentialsProvider; -import org.apache.nifi.components.PropertyDescriptor; +import org.apache.nifi.context.PropertyContext; import org.apache.nifi.processors.aws.credentials.provider.factory.CredentialPropertyDescriptors; import software.amazon.awssdk.auth.credentials.AnonymousCredentialsProvider; import software.amazon.awssdk.auth.credentials.AwsCredentialsProvider; -import java.util.Map; - /** * Supports Anonymous AWS credentials. @@ -40,13 +38,13 @@ public class AnonymousCredentialsStrategy extends AbstractBooleanCredentialsStra } @Override - public AWSCredentialsProvider getCredentialsProvider(final Map properties) { + public AWSCredentialsProvider getCredentialsProvider(final PropertyContext propertyContext) { AnonymousAWSCredentials credentials = new AnonymousAWSCredentials(); return new StaticCredentialsProvider(credentials); } @Override - public AwsCredentialsProvider getAwsCredentialsProvider(final Map properties) { + public AwsCredentialsProvider getAwsCredentialsProvider(final PropertyContext propertyContext) { return AnonymousCredentialsProvider.create(); } diff --git a/nifi-nar-bundles/nifi-aws-bundle/nifi-aws-processors/src/main/java/org/apache/nifi/processors/aws/credentials/provider/factory/strategies/AssumeRoleCredentialsStrategy.java b/nifi-nar-bundles/nifi-aws-bundle/nifi-aws-processors/src/main/java/org/apache/nifi/processors/aws/credentials/provider/factory/strategies/AssumeRoleCredentialsStrategy.java index a55efd6f8c..16a0cebec0 100644 --- a/nifi-nar-bundles/nifi-aws-bundle/nifi-aws-processors/src/main/java/org/apache/nifi/processors/aws/credentials/provider/factory/strategies/AssumeRoleCredentialsStrategy.java +++ b/nifi-nar-bundles/nifi-aws-bundle/nifi-aws-processors/src/main/java/org/apache/nifi/processors/aws/credentials/provider/factory/strategies/AssumeRoleCredentialsStrategy.java @@ -20,12 +20,15 @@ import com.amazonaws.ClientConfiguration; import com.amazonaws.auth.AWSCredentialsProvider; import com.amazonaws.auth.STSAssumeRoleSessionCredentialsProvider; import com.amazonaws.services.securitytoken.AWSSecurityTokenServiceClient; +import org.apache.http.conn.ssl.SSLConnectionSocketFactory; import org.apache.nifi.components.PropertyDescriptor; import org.apache.nifi.components.ValidationContext; import org.apache.nifi.components.ValidationResult; +import org.apache.nifi.context.PropertyContext; import org.apache.nifi.processors.aws.credentials.provider.factory.CredentialsStrategy; import org.apache.nifi.processors.aws.signer.AwsCustomSignerUtil; import org.apache.nifi.processors.aws.signer.AwsSignerType; +import org.apache.nifi.ssl.SSLContextService; import software.amazon.awssdk.auth.credentials.AwsCredentialsProvider; import software.amazon.awssdk.http.apache.ApacheHttpClient; import software.amazon.awssdk.regions.Region; @@ -34,17 +37,18 @@ import software.amazon.awssdk.services.sts.StsClientBuilder; import software.amazon.awssdk.services.sts.auth.StsAssumeRoleCredentialsProvider; import software.amazon.awssdk.services.sts.model.AssumeRoleRequest; +import javax.net.ssl.SSLContext; import java.net.URI; import java.time.Duration; import java.util.ArrayList; import java.util.Collection; -import java.util.Map; import static org.apache.nifi.processors.aws.credentials.provider.factory.CredentialPropertyDescriptors.ASSUME_ROLE_ARN; import static org.apache.nifi.processors.aws.credentials.provider.factory.CredentialPropertyDescriptors.ASSUME_ROLE_EXTERNAL_ID; import static org.apache.nifi.processors.aws.credentials.provider.factory.CredentialPropertyDescriptors.ASSUME_ROLE_NAME; import static org.apache.nifi.processors.aws.credentials.provider.factory.CredentialPropertyDescriptors.ASSUME_ROLE_PROXY_HOST; import static org.apache.nifi.processors.aws.credentials.provider.factory.CredentialPropertyDescriptors.ASSUME_ROLE_PROXY_PORT; +import static org.apache.nifi.processors.aws.credentials.provider.factory.CredentialPropertyDescriptors.ASSUME_ROLE_SSL_CONTEXT_SERVICE; import static org.apache.nifi.processors.aws.credentials.provider.factory.CredentialPropertyDescriptors.ASSUME_ROLE_STS_CUSTOM_SIGNER_CLASS_NAME; import static org.apache.nifi.processors.aws.credentials.provider.factory.CredentialPropertyDescriptors.ASSUME_ROLE_STS_ENDPOINT; import static org.apache.nifi.processors.aws.credentials.provider.factory.CredentialPropertyDescriptors.ASSUME_ROLE_STS_REGION; @@ -72,14 +76,14 @@ public class AssumeRoleCredentialsStrategy extends AbstractCredentialsStrategy { } @Override - public boolean canCreatePrimaryCredential(final Map properties) { + public boolean canCreatePrimaryCredential(final PropertyContext propertyContext) { return false; } @Override - public boolean canCreateDerivedCredential(final Map properties) { - final String assumeRoleArn = properties.get(ASSUME_ROLE_ARN); - final String assumeRoleName = properties.get(ASSUME_ROLE_NAME); + public boolean canCreateDerivedCredential(final PropertyContext propertyContext) { + final String assumeRoleArn = propertyContext.getProperty(ASSUME_ROLE_ARN).getValue(); + final String assumeRoleName = propertyContext.getProperty(ASSUME_ROLE_NAME).getValue(); if (assumeRoleArn != null && !assumeRoleArn.isEmpty() && assumeRoleName != null && !assumeRoleName.isEmpty()) { return true; @@ -87,9 +91,9 @@ public class AssumeRoleCredentialsStrategy extends AbstractCredentialsStrategy { return false; } - public boolean proxyVariablesValidForAssumeRole(final Map properties){ - final String assumeRoleProxyHost = properties.get(ASSUME_ROLE_PROXY_HOST); - final String assumeRoleProxyPort = properties.get(ASSUME_ROLE_PROXY_PORT); + protected boolean proxyVariablesValidForAssumeRole(final PropertyContext propertyContext) { + final String assumeRoleProxyHost = propertyContext.getProperty(ASSUME_ROLE_PROXY_HOST).getValue(); + final String assumeRoleProxyPort = propertyContext.getProperty(ASSUME_ROLE_PROXY_PORT).getValue(); if (assumeRoleProxyHost != null && !assumeRoleProxyHost.isEmpty() && assumeRoleProxyPort != null && !assumeRoleProxyPort.isEmpty()) { return true; @@ -130,36 +134,41 @@ public class AssumeRoleCredentialsStrategy extends AbstractCredentialsStrategy { } @Override - public AWSCredentialsProvider getCredentialsProvider(final Map properties) { + public AWSCredentialsProvider getCredentialsProvider(final PropertyContext propertyContext) { throw new UnsupportedOperationException(); } @Override - public AWSCredentialsProvider getDerivedCredentialsProvider(final Map properties, + public AWSCredentialsProvider getDerivedCredentialsProvider(final PropertyContext propertyContext, final AWSCredentialsProvider primaryCredentialsProvider) { - final String assumeRoleArn = properties.get(ASSUME_ROLE_ARN); - final String assumeRoleName = properties.get(ASSUME_ROLE_NAME); - String rawMaxSessionTime = properties.get(MAX_SESSION_TIME); - rawMaxSessionTime = rawMaxSessionTime == null ? MAX_SESSION_TIME.getDefaultValue() : rawMaxSessionTime; - final Integer maxSessionTime = Integer.parseInt(rawMaxSessionTime.trim()); - final String assumeRoleExternalId = properties.get(ASSUME_ROLE_EXTERNAL_ID); - final String assumeRoleSTSRegion = properties.get(ASSUME_ROLE_STS_REGION); - final String assumeRoleSTSEndpoint = properties.get(ASSUME_ROLE_STS_ENDPOINT); - final String assumeRoleSTSSigner = properties.get(ASSUME_ROLE_STS_SIGNER_OVERRIDE); + final String assumeRoleArn = propertyContext.getProperty(ASSUME_ROLE_ARN).getValue(); + final String assumeRoleName = propertyContext.getProperty(ASSUME_ROLE_NAME).getValue(); + final int maxSessionTime = propertyContext.getProperty(MAX_SESSION_TIME).asInteger(); + final String assumeRoleExternalId = propertyContext.getProperty(ASSUME_ROLE_EXTERNAL_ID).getValue(); + final String assumeRoleSTSRegion = propertyContext.getProperty(ASSUME_ROLE_STS_REGION).getValue(); + final String assumeRoleSTSEndpoint = propertyContext.getProperty(ASSUME_ROLE_STS_ENDPOINT).getValue(); + final String assumeRoleSTSSigner = propertyContext.getProperty(ASSUME_ROLE_STS_SIGNER_OVERRIDE).getValue(); + final SSLContextService sslContextService = propertyContext.getProperty(ASSUME_ROLE_SSL_CONTEXT_SERVICE).asControllerService(SSLContextService.class); + STSAssumeRoleSessionCredentialsProvider.Builder builder; - ClientConfiguration config = new ClientConfiguration(); + final ClientConfiguration config = new ClientConfiguration(); + + if (sslContextService != null) { + final SSLContext sslContext = sslContextService.createContext(); + config.getApacheHttpClientConfig().setSslSocketFactory(new SSLConnectionSocketFactory(sslContext)); + } // If proxy variables are set, then create Client Configuration with those values - if (proxyVariablesValidForAssumeRole(properties)) { - final String assumeRoleProxyHost = properties.get(ASSUME_ROLE_PROXY_HOST); - final Integer assumeRoleProxyPort = Integer.parseInt(properties.get(ASSUME_ROLE_PROXY_PORT)); + if (proxyVariablesValidForAssumeRole(propertyContext)) { + final String assumeRoleProxyHost = propertyContext.getProperty(ASSUME_ROLE_PROXY_HOST).getValue(); + final int assumeRoleProxyPort = propertyContext.getProperty(ASSUME_ROLE_PROXY_PORT).asInteger(); config.withProxyHost(assumeRoleProxyHost); config.withProxyPort(assumeRoleProxyPort); } final AwsSignerType assumeRoleSTSSignerType = AwsSignerType.forValue(assumeRoleSTSSigner); if (assumeRoleSTSSignerType == CUSTOM_SIGNER) { - final String signerClassName = properties.get(ASSUME_ROLE_STS_CUSTOM_SIGNER_CLASS_NAME); + final String signerClassName = propertyContext.getProperty(ASSUME_ROLE_STS_CUSTOM_SIGNER_CLASS_NAME).evaluateAttributeExpressions().getValue(); config.withSignerOverride(AwsCustomSignerUtil.registerCustomSigner(signerClassName)); } else if (assumeRoleSTSSignerType != DEFAULT_SIGNER) { @@ -190,29 +199,33 @@ public class AssumeRoleCredentialsStrategy extends AbstractCredentialsStrategy { } @Override - public AwsCredentialsProvider getAwsCredentialsProvider(final Map properties) { + public AwsCredentialsProvider getAwsCredentialsProvider(final PropertyContext propertyContext) { throw new UnsupportedOperationException(); } @Override - public AwsCredentialsProvider getDerivedAwsCredentialsProvider(final Map properties, - AwsCredentialsProvider primaryCredentialsProvider) { - final String assumeRoleArn = properties.get(ASSUME_ROLE_ARN); - final String assumeRoleName = properties.get(ASSUME_ROLE_NAME); - String rawMaxSessionTime = properties.get(MAX_SESSION_TIME); - rawMaxSessionTime = rawMaxSessionTime == null ? MAX_SESSION_TIME.getDefaultValue() : rawMaxSessionTime; - final Integer maxSessionTime = Integer.parseInt(rawMaxSessionTime.trim()); - final String assumeRoleExternalId = properties.get(ASSUME_ROLE_EXTERNAL_ID); - final String assumeRoleSTSEndpoint = properties.get(ASSUME_ROLE_STS_ENDPOINT); - final String stsRegion = properties.get(ASSUME_ROLE_STS_REGION); + public AwsCredentialsProvider getDerivedAwsCredentialsProvider(final PropertyContext propertyContext, + final AwsCredentialsProvider primaryCredentialsProvider) { + final String assumeRoleArn = propertyContext.getProperty(ASSUME_ROLE_ARN).getValue(); + final String assumeRoleName = propertyContext.getProperty(ASSUME_ROLE_NAME).getValue(); + final int maxSessionTime = propertyContext.getProperty(MAX_SESSION_TIME).asInteger(); + final String assumeRoleExternalId = propertyContext.getProperty(ASSUME_ROLE_EXTERNAL_ID).getValue(); + final String assumeRoleSTSEndpoint = propertyContext.getProperty(ASSUME_ROLE_STS_ENDPOINT).getValue(); + final String stsRegion = propertyContext.getProperty(ASSUME_ROLE_STS_REGION).getValue(); + final SSLContextService sslContextService = propertyContext.getProperty(ASSUME_ROLE_SSL_CONTEXT_SERVICE).asControllerService(SSLContextService.class); final StsAssumeRoleCredentialsProvider.Builder builder = StsAssumeRoleCredentialsProvider.builder(); - // If proxy variables are set, then create Client Configuration with those values final ApacheHttpClient.Builder httpClientBuilder = ApacheHttpClient.builder(); - if (proxyVariablesValidForAssumeRole(properties)) { - final String assumeRoleProxyHost = properties.get(ASSUME_ROLE_PROXY_HOST); - final Integer assumeRoleProxyPort = Integer.parseInt(properties.get(ASSUME_ROLE_PROXY_PORT)); + + if (sslContextService != null) { + final SSLContext sslContext = sslContextService.createContext(); + httpClientBuilder.socketFactory(new SSLConnectionSocketFactory(sslContext)); + } + + if (proxyVariablesValidForAssumeRole(propertyContext)) { + final String assumeRoleProxyHost = propertyContext.getProperty(ASSUME_ROLE_PROXY_HOST).getValue(); + final int assumeRoleProxyPort = propertyContext.getProperty(ASSUME_ROLE_PROXY_PORT).asInteger(); final software.amazon.awssdk.http.apache.ProxyConfiguration proxyConfig = software.amazon.awssdk.http.apache.ProxyConfiguration.builder() .endpoint(URI.create(String.format("%s:%s", assumeRoleProxyHost, assumeRoleProxyPort))) .build(); diff --git a/nifi-nar-bundles/nifi-aws-bundle/nifi-aws-processors/src/main/java/org/apache/nifi/processors/aws/credentials/provider/factory/strategies/ExplicitDefaultCredentialsStrategy.java b/nifi-nar-bundles/nifi-aws-bundle/nifi-aws-processors/src/main/java/org/apache/nifi/processors/aws/credentials/provider/factory/strategies/ExplicitDefaultCredentialsStrategy.java index 03c2ba9a3f..889be287a2 100644 --- a/nifi-nar-bundles/nifi-aws-bundle/nifi-aws-processors/src/main/java/org/apache/nifi/processors/aws/credentials/provider/factory/strategies/ExplicitDefaultCredentialsStrategy.java +++ b/nifi-nar-bundles/nifi-aws-bundle/nifi-aws-processors/src/main/java/org/apache/nifi/processors/aws/credentials/provider/factory/strategies/ExplicitDefaultCredentialsStrategy.java @@ -16,9 +16,7 @@ */ package org.apache.nifi.processors.aws.credentials.provider.factory.strategies; -import java.util.Map; - -import org.apache.nifi.components.PropertyDescriptor; +import org.apache.nifi.context.PropertyContext; import org.apache.nifi.processors.aws.credentials.provider.factory.CredentialPropertyDescriptors; import com.amazonaws.auth.AWSCredentialsProvider; @@ -40,13 +38,13 @@ public class ExplicitDefaultCredentialsStrategy extends AbstractBooleanCredentia super("Default Credentials", CredentialPropertyDescriptors.USE_DEFAULT_CREDENTIALS); } - @Override - public AWSCredentialsProvider getCredentialsProvider(final Map properties) { + @Override + public AWSCredentialsProvider getCredentialsProvider(final PropertyContext propertyContext) { return new DefaultAWSCredentialsProviderChain(); } @Override - public AwsCredentialsProvider getAwsCredentialsProvider(final Map properties) { + public AwsCredentialsProvider getAwsCredentialsProvider(final PropertyContext propertyContext) { return DefaultCredentialsProvider.create(); } diff --git a/nifi-nar-bundles/nifi-aws-bundle/nifi-aws-processors/src/main/java/org/apache/nifi/processors/aws/credentials/provider/factory/strategies/FileCredentialsStrategy.java b/nifi-nar-bundles/nifi-aws-bundle/nifi-aws-processors/src/main/java/org/apache/nifi/processors/aws/credentials/provider/factory/strategies/FileCredentialsStrategy.java index 06bfec0139..9d5f0dc75c 100644 --- a/nifi-nar-bundles/nifi-aws-bundle/nifi-aws-processors/src/main/java/org/apache/nifi/processors/aws/credentials/provider/factory/strategies/FileCredentialsStrategy.java +++ b/nifi-nar-bundles/nifi-aws-bundle/nifi-aws-processors/src/main/java/org/apache/nifi/processors/aws/credentials/provider/factory/strategies/FileCredentialsStrategy.java @@ -19,12 +19,12 @@ package org.apache.nifi.processors.aws.credentials.provider.factory.strategies; import com.amazonaws.auth.AWSCredentialsProvider; import com.amazonaws.auth.PropertiesFileCredentialsProvider; import org.apache.nifi.components.PropertyDescriptor; +import org.apache.nifi.context.PropertyContext; import org.apache.nifi.processors.aws.credentials.provider.PropertiesCredentialsProvider; import org.apache.nifi.processors.aws.credentials.provider.factory.CredentialPropertyDescriptors; import software.amazon.awssdk.auth.credentials.AwsCredentialsProvider; import java.io.File; -import java.util.Map; /** @@ -47,14 +47,14 @@ public class FileCredentialsStrategy extends AbstractCredentialsStrategy { } @Override - public AWSCredentialsProvider getCredentialsProvider(final Map properties) { - final String credentialsFile = properties.get(CredentialPropertyDescriptors.CREDENTIALS_FILE); + public AWSCredentialsProvider getCredentialsProvider(final PropertyContext propertyContext) { + final String credentialsFile = propertyContext.getProperty(CredentialPropertyDescriptors.CREDENTIALS_FILE).getValue(); return new PropertiesFileCredentialsProvider(credentialsFile); } @Override - public AwsCredentialsProvider getAwsCredentialsProvider(final Map properties) { - final String credentialsFile = properties.get(CredentialPropertyDescriptors.CREDENTIALS_FILE); + public AwsCredentialsProvider getAwsCredentialsProvider(final PropertyContext propertyContext) { + final String credentialsFile = propertyContext.getProperty(CredentialPropertyDescriptors.CREDENTIALS_FILE).getValue(); return new PropertiesCredentialsProvider(new File(credentialsFile)); } diff --git a/nifi-nar-bundles/nifi-aws-bundle/nifi-aws-processors/src/main/java/org/apache/nifi/processors/aws/credentials/provider/factory/strategies/ImplicitDefaultCredentialsStrategy.java b/nifi-nar-bundles/nifi-aws-bundle/nifi-aws-processors/src/main/java/org/apache/nifi/processors/aws/credentials/provider/factory/strategies/ImplicitDefaultCredentialsStrategy.java index ab4e025f06..9bc4c90e35 100644 --- a/nifi-nar-bundles/nifi-aws-bundle/nifi-aws-processors/src/main/java/org/apache/nifi/processors/aws/credentials/provider/factory/strategies/ImplicitDefaultCredentialsStrategy.java +++ b/nifi-nar-bundles/nifi-aws-bundle/nifi-aws-processors/src/main/java/org/apache/nifi/processors/aws/credentials/provider/factory/strategies/ImplicitDefaultCredentialsStrategy.java @@ -19,11 +19,10 @@ package org.apache.nifi.processors.aws.credentials.provider.factory.strategies; import com.amazonaws.auth.AWSCredentialsProvider; import com.amazonaws.auth.DefaultAWSCredentialsProviderChain; import org.apache.nifi.components.PropertyDescriptor; +import org.apache.nifi.context.PropertyContext; import software.amazon.awssdk.auth.credentials.AwsCredentialsProvider; import software.amazon.awssdk.auth.credentials.DefaultCredentialsProvider; -import java.util.Map; - /** * Supports AWS Default Credentials. Compared to ExplicitDefaultCredentialsStrategy, this strategy is always @@ -37,12 +36,12 @@ public class ImplicitDefaultCredentialsStrategy extends AbstractCredentialsStrat } @Override - public AWSCredentialsProvider getCredentialsProvider(final Map properties) { + public AWSCredentialsProvider getCredentialsProvider(final PropertyContext propertyContext) { return new DefaultAWSCredentialsProviderChain(); } @Override - public AwsCredentialsProvider getAwsCredentialsProvider(final Map properties) { + public AwsCredentialsProvider getAwsCredentialsProvider(final PropertyContext propertyContext) { return DefaultCredentialsProvider.create(); } } diff --git a/nifi-nar-bundles/nifi-aws-bundle/nifi-aws-processors/src/main/java/org/apache/nifi/processors/aws/credentials/provider/factory/strategies/NamedProfileCredentialsStrategy.java b/nifi-nar-bundles/nifi-aws-bundle/nifi-aws-processors/src/main/java/org/apache/nifi/processors/aws/credentials/provider/factory/strategies/NamedProfileCredentialsStrategy.java index 8f9ff36fa4..311c17bc00 100644 --- a/nifi-nar-bundles/nifi-aws-bundle/nifi-aws-processors/src/main/java/org/apache/nifi/processors/aws/credentials/provider/factory/strategies/NamedProfileCredentialsStrategy.java +++ b/nifi-nar-bundles/nifi-aws-bundle/nifi-aws-processors/src/main/java/org/apache/nifi/processors/aws/credentials/provider/factory/strategies/NamedProfileCredentialsStrategy.java @@ -16,9 +16,8 @@ */ package org.apache.nifi.processors.aws.credentials.provider.factory.strategies; -import java.util.Map; - import org.apache.nifi.components.PropertyDescriptor; +import org.apache.nifi.context.PropertyContext; import org.apache.nifi.processors.aws.credentials.provider.factory.CredentialPropertyDescriptors; import com.amazonaws.auth.AWSCredentialsProvider; @@ -41,14 +40,14 @@ public class NamedProfileCredentialsStrategy extends AbstractCredentialsStrategy } @Override - public AWSCredentialsProvider getCredentialsProvider(final Map properties) { - final String profileName = properties.get(CredentialPropertyDescriptors.PROFILE_NAME); + public AWSCredentialsProvider getCredentialsProvider(final PropertyContext propertyContext) { + final String profileName = propertyContext.getProperty(CredentialPropertyDescriptors.PROFILE_NAME).evaluateAttributeExpressions().getValue(); return new ProfileCredentialsProvider(profileName); } @Override - public AwsCredentialsProvider getAwsCredentialsProvider(final Map properties) { - final String profileName = properties.get(CredentialPropertyDescriptors.PROFILE_NAME); + public AwsCredentialsProvider getAwsCredentialsProvider(final PropertyContext propertyContext) { + final String profileName = propertyContext.getProperty(CredentialPropertyDescriptors.PROFILE_NAME).evaluateAttributeExpressions().getValue(); return software.amazon.awssdk.auth.credentials.ProfileCredentialsProvider.create(profileName); } } diff --git a/nifi-nar-bundles/nifi-aws-bundle/nifi-aws-processors/src/main/java/org/apache/nifi/processors/aws/credentials/provider/service/AWSCredentialsProviderControllerService.java b/nifi-nar-bundles/nifi-aws-bundle/nifi-aws-processors/src/main/java/org/apache/nifi/processors/aws/credentials/provider/service/AWSCredentialsProviderControllerService.java index b02dadbcc5..ef06d3d951 100644 --- a/nifi-nar-bundles/nifi-aws-bundle/nifi-aws-processors/src/main/java/org/apache/nifi/processors/aws/credentials/provider/service/AWSCredentialsProviderControllerService.java +++ b/nifi-nar-bundles/nifi-aws-bundle/nifi-aws-processors/src/main/java/org/apache/nifi/processors/aws/credentials/provider/service/AWSCredentialsProviderControllerService.java @@ -36,14 +36,13 @@ import software.amazon.awssdk.auth.credentials.AwsCredentialsProvider; import java.util.ArrayList; import java.util.Collection; import java.util.Collections; -import java.util.HashMap; import java.util.List; -import java.util.Map; import static org.apache.nifi.processors.aws.credentials.provider.factory.CredentialPropertyDescriptors.ACCESS_KEY; import static org.apache.nifi.processors.aws.credentials.provider.factory.CredentialPropertyDescriptors.ASSUME_ROLE_EXTERNAL_ID; import static org.apache.nifi.processors.aws.credentials.provider.factory.CredentialPropertyDescriptors.ASSUME_ROLE_PROXY_HOST; import static org.apache.nifi.processors.aws.credentials.provider.factory.CredentialPropertyDescriptors.ASSUME_ROLE_PROXY_PORT; +import static org.apache.nifi.processors.aws.credentials.provider.factory.CredentialPropertyDescriptors.ASSUME_ROLE_SSL_CONTEXT_SERVICE; import static org.apache.nifi.processors.aws.credentials.provider.factory.CredentialPropertyDescriptors.ASSUME_ROLE_STS_ENDPOINT; import static org.apache.nifi.processors.aws.credentials.provider.factory.CredentialPropertyDescriptors.ASSUME_ROLE_STS_SIGNER_OVERRIDE; import static org.apache.nifi.processors.aws.credentials.provider.factory.CredentialPropertyDescriptors.CREDENTIALS_FILE; @@ -79,7 +78,7 @@ public class AWSCredentialsProviderControllerService extends AbstractControllerS public static final PropertyDescriptor MAX_SESSION_TIME = CredentialPropertyDescriptors.MAX_SESSION_TIME; public static final PropertyDescriptor ASSUME_ROLE_STS_REGION = CredentialPropertyDescriptors.ASSUME_ROLE_STS_REGION; - private static final List properties; + private static final List PROPERTIES; static { final List props = new ArrayList<>(); @@ -93,6 +92,7 @@ public class AWSCredentialsProviderControllerService extends AbstractControllerS props.add(ASSUME_ROLE_NAME); props.add(MAX_SESSION_TIME); props.add(ASSUME_ROLE_EXTERNAL_ID); + props.add(ASSUME_ROLE_SSL_CONTEXT_SERVICE); props.add(ASSUME_ROLE_PROXY_HOST); props.add(ASSUME_ROLE_PROXY_PORT); props.add(ASSUME_ROLE_STS_REGION); @@ -100,16 +100,16 @@ public class AWSCredentialsProviderControllerService extends AbstractControllerS props.add(ASSUME_ROLE_STS_SIGNER_OVERRIDE); props.add(ASSUME_ROLE_STS_CUSTOM_SIGNER_CLASS_NAME); props.add(ASSUME_ROLE_STS_CUSTOM_SIGNER_MODULE_LOCATION); - properties = Collections.unmodifiableList(props); + PROPERTIES = Collections.unmodifiableList(props); } + private volatile ConfigurationContext context; private volatile AWSCredentialsProvider credentialsProvider; - private volatile Map evaluatedProperties; protected final CredentialsProviderFactory credentialsProviderFactory = new CredentialsProviderFactory(); @Override protected List getSupportedPropertyDescriptors() { - return properties; + return PROPERTIES; } @Override @@ -120,7 +120,7 @@ public class AWSCredentialsProviderControllerService extends AbstractControllerS @Override public AwsCredentialsProvider getAwsCredentialsProvider() { // Avoiding instantiation until actually used, in case v1-related configuration is not compatible with v2 clients - return credentialsProviderFactory.getAwsCredentialsProvider(evaluatedProperties); + return credentialsProviderFactory.getAwsCredentialsProvider(context); } @Override @@ -130,14 +130,9 @@ public class AWSCredentialsProviderControllerService extends AbstractControllerS @OnEnabled public void onConfigured(final ConfigurationContext context) { - evaluatedProperties = new HashMap<>(context.getProperties()); - evaluatedProperties.keySet().forEach(propertyDescriptor -> { - if (propertyDescriptor.isExpressionLanguageSupported()) { - evaluatedProperties.put(propertyDescriptor, - context.getProperty(propertyDescriptor).evaluateAttributeExpressions().getValue()); - } - }); - credentialsProvider = credentialsProviderFactory.getCredentialsProvider(evaluatedProperties); + this.context = context; + + credentialsProvider = credentialsProviderFactory.getCredentialsProvider(context); getLogger().debug("Using credentials provider: " + credentialsProvider.getClass()); } diff --git a/nifi-nar-bundles/nifi-aws-bundle/nifi-aws-processors/src/test/java/org/apache/nifi/processors/aws/credentials/provider/factory/TestCredentialsProviderFactory.java b/nifi-nar-bundles/nifi-aws-bundle/nifi-aws-processors/src/test/java/org/apache/nifi/processors/aws/credentials/provider/factory/TestCredentialsProviderFactory.java index 064a61323e..7d9264776a 100644 --- a/nifi-nar-bundles/nifi-aws-bundle/nifi-aws-processors/src/test/java/org/apache/nifi/processors/aws/credentials/provider/factory/TestCredentialsProviderFactory.java +++ b/nifi-nar-bundles/nifi-aws-bundle/nifi-aws-processors/src/test/java/org/apache/nifi/processors/aws/credentials/provider/factory/TestCredentialsProviderFactory.java @@ -27,7 +27,6 @@ import com.amazonaws.auth.STSAssumeRoleSessionCredentialsProvider; import com.amazonaws.auth.Signer; import com.amazonaws.auth.profile.ProfileCredentialsProvider; import com.amazonaws.internal.StaticCredentialsProvider; -import org.apache.nifi.components.PropertyDescriptor; import org.apache.nifi.processors.aws.credentials.provider.PropertiesCredentialsProvider; import org.apache.nifi.processors.aws.s3.FetchS3Object; import org.apache.nifi.processors.aws.signer.AwsSignerType; @@ -40,11 +39,8 @@ import software.amazon.awssdk.auth.credentials.DefaultCredentialsProvider; import software.amazon.awssdk.regions.Region; import software.amazon.awssdk.services.sts.auth.StsAssumeRoleCredentialsProvider; -import java.util.Map; - import static org.junit.jupiter.api.Assertions.assertEquals; import static org.junit.jupiter.api.Assertions.assertNotNull; -import static org.junit.jupiter.api.Assertions.assertThrows; import static org.mockito.ArgumentMatchers.any; import static org.mockito.Mockito.mock; import static org.mockito.Mockito.verify; @@ -59,14 +55,13 @@ public class TestCredentialsProviderFactory { final TestRunner runner = TestRunners.newTestRunner(MockAWSProcessor.class); runner.assertValid(); - final Map properties = runner.getProcessContext().getProperties(); final CredentialsProviderFactory factory = new CredentialsProviderFactory(); - final AWSCredentialsProvider credentialsProvider = factory.getCredentialsProvider(properties); + final AWSCredentialsProvider credentialsProvider = factory.getCredentialsProvider(runner.getProcessContext()); assertNotNull(credentialsProvider); assertEquals(DefaultAWSCredentialsProviderChain.class, credentialsProvider.getClass(), "credentials provider should be equal"); - final AwsCredentialsProvider credentialsProviderV2 = factory.getAwsCredentialsProvider(properties); + final AwsCredentialsProvider credentialsProviderV2 = factory.getAwsCredentialsProvider(runner.getProcessContext()); assertNotNull(credentialsProviderV2); assertEquals(DefaultCredentialsProvider.class, credentialsProviderV2.getClass(), "credentials provider should be equal"); @@ -78,14 +73,13 @@ public class TestCredentialsProviderFactory { runner.setProperty(CredentialPropertyDescriptors.USE_DEFAULT_CREDENTIALS, "true"); runner.assertValid(); - final Map properties = runner.getProcessContext().getProperties(); final CredentialsProviderFactory factory = new CredentialsProviderFactory(); - final AWSCredentialsProvider credentialsProvider = factory.getCredentialsProvider(properties); + final AWSCredentialsProvider credentialsProvider = factory.getCredentialsProvider(runner.getProcessContext()); assertNotNull(credentialsProvider); assertEquals(DefaultAWSCredentialsProviderChain.class, credentialsProvider.getClass(), "credentials provider should be equal"); - final AwsCredentialsProvider credentialsProviderV2 = factory.getAwsCredentialsProvider(properties); + final AwsCredentialsProvider credentialsProviderV2 = factory.getAwsCredentialsProvider(runner.getProcessContext()); assertNotNull(credentialsProviderV2); assertEquals(DefaultCredentialsProvider.class, credentialsProviderV2.getClass(), "credentials provider should be equal"); @@ -107,14 +101,14 @@ public class TestCredentialsProviderFactory { runner.setProperty(CredentialPropertyDescriptors.SECRET_KEY, "BogusSecretKey"); runner.assertValid(); - final Map properties = runner.getProcessContext().getProperties(); + final CredentialsProviderFactory factory = new CredentialsProviderFactory(); - final AWSCredentialsProvider credentialsProvider = factory.getCredentialsProvider(properties); + final AWSCredentialsProvider credentialsProvider = factory.getCredentialsProvider(runner.getProcessContext()); assertNotNull(credentialsProvider); assertEquals(StaticCredentialsProvider.class, credentialsProvider.getClass(), "credentials provider should be equal"); - final AwsCredentialsProvider credentialsProviderV2 = factory.getAwsCredentialsProvider(properties); + final AwsCredentialsProvider credentialsProviderV2 = factory.getAwsCredentialsProvider(runner.getProcessContext()); assertNotNull(credentialsProviderV2); assertEquals(software.amazon.awssdk.auth.credentials.StaticCredentialsProvider.class, credentialsProviderV2.getClass(), "credentials provider should be equal"); @@ -140,14 +134,13 @@ public class TestCredentialsProviderFactory { runner.setProperty(CredentialPropertyDescriptors.CREDENTIALS_FILE, "src/test/resources/mock-aws-credentials.properties"); runner.assertValid(); - final Map properties = runner.getProcessContext().getProperties(); final CredentialsProviderFactory factory = new CredentialsProviderFactory(); - final AWSCredentialsProvider credentialsProvider = factory.getCredentialsProvider(properties); + final AWSCredentialsProvider credentialsProvider = factory.getCredentialsProvider(runner.getProcessContext()); assertNotNull(credentialsProvider); assertEquals(PropertiesFileCredentialsProvider.class, credentialsProvider.getClass(), "credentials provider should be equal"); - final AwsCredentialsProvider credentialsProviderV2 = factory.getAwsCredentialsProvider(properties); + final AwsCredentialsProvider credentialsProviderV2 = factory.getAwsCredentialsProvider(runner.getProcessContext()); assertNotNull(credentialsProviderV2); assertEquals(PropertiesCredentialsProvider.class, credentialsProviderV2.getClass(), "credentials provider should be equal"); @@ -161,21 +154,11 @@ public class TestCredentialsProviderFactory { runner.setProperty(CredentialPropertyDescriptors.ASSUME_ROLE_NAME, "BogusSession"); runner.assertValid(); - final Map properties = runner.getProcessContext().getProperties(); final CredentialsProviderFactory factory = new CredentialsProviderFactory(); - final AWSCredentialsProvider credentialsProvider = factory.getCredentialsProvider(properties); + final AWSCredentialsProvider credentialsProvider = factory.getCredentialsProvider(runner.getProcessContext()); assertNotNull(credentialsProvider); assertEquals(STSAssumeRoleSessionCredentialsProvider.class, credentialsProvider.getClass(), "credentials provider should be equal"); - - assertThrows(IllegalStateException.class, () -> factory.getAwsCredentialsProvider(properties)); - - runner.setProperty(CredentialPropertyDescriptors.ASSUME_ROLE_STS_REGION, Region.US_WEST_1.id()); - final Map properties2 = runner.getProcessContext().getProperties(); - final AwsCredentialsProvider credentialsProviderV2 = factory.getAwsCredentialsProvider(properties2); - assertNotNull(credentialsProviderV2); - assertEquals(StsAssumeRoleCredentialsProvider.class, - credentialsProviderV2.getClass(), "credentials provider should be equal"); } @Test @@ -194,14 +177,13 @@ public class TestCredentialsProviderFactory { runner.setProperty(CredentialPropertyDescriptors.USE_ANONYMOUS_CREDENTIALS, "true"); runner.assertValid(); - final Map properties = runner.getProcessContext().getProperties(); final CredentialsProviderFactory factory = new CredentialsProviderFactory(); - final AWSCredentialsProvider credentialsProvider = factory.getCredentialsProvider(properties); + final AWSCredentialsProvider credentialsProvider = factory.getCredentialsProvider(runner.getProcessContext()); assertNotNull(credentialsProvider); final AWSCredentials creds = credentialsProvider.getCredentials(); assertEquals(AnonymousAWSCredentials.class, creds.getClass(), "credentials should be equal"); - final AwsCredentialsProvider credentialsProviderV2 = factory.getAwsCredentialsProvider(properties); + final AwsCredentialsProvider credentialsProviderV2 = factory.getAwsCredentialsProvider(runner.getProcessContext()); assertNotNull(credentialsProviderV2); assertEquals(AnonymousCredentialsProvider.class, credentialsProviderV2.getClass(), "credentials provider should be equal"); @@ -222,14 +204,13 @@ public class TestCredentialsProviderFactory { runner.setProperty(CredentialPropertyDescriptors.PROFILE_NAME, "BogusProfile"); runner.assertValid(); - final Map properties = runner.getProcessContext().getProperties(); final CredentialsProviderFactory factory = new CredentialsProviderFactory(); - final AWSCredentialsProvider credentialsProvider = factory.getCredentialsProvider(properties); + final AWSCredentialsProvider credentialsProvider = factory.getCredentialsProvider(runner.getProcessContext()); assertNotNull(credentialsProvider); assertEquals(ProfileCredentialsProvider.class, credentialsProvider.getClass(), "credentials provider should be equal"); - final AwsCredentialsProvider credentialsProviderV2 = factory.getAwsCredentialsProvider(properties); + final AwsCredentialsProvider credentialsProviderV2 = factory.getAwsCredentialsProvider(runner.getProcessContext()); assertNotNull(credentialsProviderV2); assertEquals(software.amazon.awssdk.auth.credentials.ProfileCredentialsProvider.class, credentialsProviderV2.getClass(), "credentials provider should be equal"); @@ -246,14 +227,13 @@ public class TestCredentialsProviderFactory { runner.setProperty(CredentialPropertyDescriptors.ASSUME_ROLE_PROXY_PORT, "8080"); runner.assertValid(); - final Map properties = runner.getProcessContext().getProperties(); final CredentialsProviderFactory factory = new CredentialsProviderFactory(); - final AWSCredentialsProvider credentialsProvider = factory.getCredentialsProvider(properties); + final AWSCredentialsProvider credentialsProvider = factory.getCredentialsProvider(runner.getProcessContext()); assertNotNull(credentialsProvider); assertEquals(STSAssumeRoleSessionCredentialsProvider.class, credentialsProvider.getClass(), "credentials provider should be equal"); - final AwsCredentialsProvider credentialsProviderV2 = factory.getAwsCredentialsProvider(properties); + final AwsCredentialsProvider credentialsProviderV2 = factory.getAwsCredentialsProvider(runner.getProcessContext()); assertNotNull(credentialsProviderV2); assertEquals(StsAssumeRoleCredentialsProvider.class, credentialsProviderV2.getClass(), "credentials provider should be equal"); @@ -300,13 +280,12 @@ public class TestCredentialsProviderFactory { runner.setProperty(CredentialPropertyDescriptors.ASSUME_ROLE_STS_CUSTOM_SIGNER_CLASS_NAME, CustomSTSSigner.class.getName()); runner.assertValid(); - final Map properties = runner.getProcessContext().getProperties(); final CredentialsProviderFactory factory = new CredentialsProviderFactory(); final Signer signerChecker = mock(Signer.class); CustomSTSSigner.setSignerChecker(signerChecker); - final AWSCredentialsProvider credentialsProvider = factory.getCredentialsProvider(properties); + final AWSCredentialsProvider credentialsProvider = factory.getCredentialsProvider(runner.getProcessContext()); try { credentialsProvider.getCredentials();