coryb · May 31, 2013 22:14
diff --git a/gistfile1.txt b/gistfile1.txt
 diff --git a/build.gradle b/build.gradle
 index b35e9a3..c8b2ba3 100644
 --- a/build.gradle
 +++ b/build.gradle
 @@ -33,7 +33,7 @@ dependencies {
     compile 'com.sun.jersey:jersey-server:1.11'
     compile 'com.sun.jersey:jersey-servlet:1.11'
     compile 'org.slf4j:slf4j-api:1.6.4'
 -    compile('com.amazonaws:aws-java-sdk:1.3.11') {
 +    compile('com.amazonaws:aws-java-sdk:1.4.4.1') {
         exclude group:'org.codehaus.jackson'
     }
     compile 'joda-time:joda-time:2.0'
 diff --git a/src/main/scala/com/netflix/edda/aws/AwsClient.scala b/src/main/scala/com/netflix/edda/aws/AwsClient.scala
 index 379de56..cbb4409 100644
 --- a/src/main/scala/com/netflix/edda/aws/AwsClient.scala
 +++ b/src/main/scala/com/netflix/edda/aws/AwsClient.scala
 @@ -28,13 +28,16 @@ import com.amazonaws.services.s3.AmazonS3Client
 import com.amazonaws.services.sqs.AmazonSQSClient
 import com.amazonaws.services.cloudwatch.AmazonCloudWatchClient
 import com.amazonaws.services.route53.AmazonRoute53Client
 +import com.amazonaws.services.securitytoken.AWSSecurityTokenServiceClient
 +import com.amazonaws.services.securitytoken.model.AssumeRoleRequest
 +import com.amazonaws.services.securitytoken.model.AssumeRoleResult
 
 /** provides access to AWS service client objects
   *
   * @param credentials provider used to connect to AWS services
   * @param region used to select endpoint for AWS services
   */
 -class AwsClient(val provider: AWSCredentialsProvider, val region: String) {
 +class AwsClient(var provider: AWSCredentialsProvider, val region: String) {
 
   /** uses [[com.amazonaws.auth.AWSCredentials]] to create AWSCredentialsProvider
     *
 @@ -60,6 +63,21 @@ class AwsClient(val provider: AWSCredentialsProvider, val region: String) {
   def this(accessKey: String, secretKey: String, region: String) =
     this(new BasicAWSCredentials(accessKey, secretKey), region)
 
 +  def assumeRole(arn: String): AwsClient = {
 +    val client = securityToken
 +    provider = new AWSCredentialsProvider() {
 +      val req = (new AssumeRoleRequest).withRoleArn(arn)
 +      def update = {
 +        var result = client.assumeRole(req) 
 +        new BasicAWSCredentials(result.getCredentials.getAccessKeyId, result.getCredentials.getSecretAccessKey)
 +      }
 +      var cred = update
 +      def getCredentials = cred
 +      def refresh = cred = update
 +    }
 +    this
 +  }
 +
   /** get [[com.amazonaws.services.ec2.AmazonEC2Client]] object */
   def ec2 = {
     val client = new AmazonEC2Client(provider)
 @@ -121,4 +139,11 @@ class AwsClient(val provider: AWSCredentialsProvider, val region: String) {
       client.setEndpoint("route53.amazonaws.com")
       client
    }
 +
 +  def securityToken = {
 +    val client = new AWSSecurityTokenServiceClient(provider);
 +    client.setEndpoint("sts.amazonaws.com");
 +    client
 +  }
 +
 }
 diff --git a/src/main/scala/com/netflix/edda/basic/BasicServer.scala b/src/main/scala/com/netflix/edda/basic/BasicServer.scala
 index 26bea9d..9dafaba 100644
 --- a/src/main/scala/com/netflix/edda/basic/BasicServer.scala
 +++ b/src/main/scala/com/netflix/edda/basic/BasicServer.scala
 @@ -57,13 +57,17 @@ class BasicServer extends HttpServlet {
     val bm = new BasicBeanMapper with AwsBeanMapper
 
     val awsClientFactory = (account: String) => {
 -      Utils.getProperty("edda", "aws.accessKey", account, "").get match {
 +      val client = Utils.getProperty("edda", "aws.accessKey", account, "").get match {
         case v if v.isEmpty => new AwsClient(Utils.getProperty("edda", "region", account, "").get)
         case accessKey => new AwsClient(
           accessKey,
           Utils.getProperty("edda", "aws.secretKey", account, "").get,
           Utils.getProperty("edda", "region", account, "").get)
       }
 +      Utils.getProperty("edda", "aws.assumeRoleArn", account, "").get match {
 +        case v if v.isEmpty => client
 +        case arn => client.assumeRole(arn)
 +      }
     }
 
     AwsCollectionBuilder.buildAll(BasicContext, awsClientFactory, bm, elector, dsFactory)
	diff --git a/build.gradle b/build.gradle
	index b35e9a3..c8b2ba3 100644
	--- a/build.gradle
	+++ b/build.gradle
	@@ -33,7 +33,7 @@ dependencies {
	compile 'com.sun.jersey:jersey-server:1.11'
	compile 'com.sun.jersey:jersey-servlet:1.11'
	compile 'org.slf4j:slf4j-api:1.6.4'
	- compile('com.amazonaws:aws-java-sdk:1.3.11') {
	+ compile('com.amazonaws:aws-java-sdk:1.4.4.1') {
	exclude group:'org.codehaus.jackson'
	}
	compile 'joda-time:joda-time:2.0'
	diff --git a/src/main/scala/com/netflix/edda/aws/AwsClient.scala b/src/main/scala/com/netflix/edda/aws/AwsClient.scala
	index 379de56..cbb4409 100644
	--- a/src/main/scala/com/netflix/edda/aws/AwsClient.scala
	+++ b/src/main/scala/com/netflix/edda/aws/AwsClient.scala
	@@ -28,13 +28,16 @@ import com.amazonaws.services.s3.AmazonS3Client
	import com.amazonaws.services.sqs.AmazonSQSClient
	import com.amazonaws.services.cloudwatch.AmazonCloudWatchClient
	import com.amazonaws.services.route53.AmazonRoute53Client
	+import com.amazonaws.services.securitytoken.AWSSecurityTokenServiceClient
	+import com.amazonaws.services.securitytoken.model.AssumeRoleRequest
	+import com.amazonaws.services.securitytoken.model.AssumeRoleResult

	/** provides access to AWS service client objects
	*
	* @param credentials provider used to connect to AWS services
	* @param region used to select endpoint for AWS services
	*/
	-class AwsClient(val provider: AWSCredentialsProvider, val region: String) {
	+class AwsClient(var provider: AWSCredentialsProvider, val region: String) {

	/** uses [[com.amazonaws.auth.AWSCredentials]] to create AWSCredentialsProvider
	*
	@@ -60,6 +63,21 @@ class AwsClient(val provider: AWSCredentialsProvider, val region: String) {
	def this(accessKey: String, secretKey: String, region: String) =
	this(new BasicAWSCredentials(accessKey, secretKey), region)

	+ def assumeRole(arn: String): AwsClient = {
	+ val client = securityToken
	+ provider = new AWSCredentialsProvider() {
	+ val req = (new AssumeRoleRequest).withRoleArn(arn)
	+ def update = {
	+ var result = client.assumeRole(req)
	+ new BasicAWSCredentials(result.getCredentials.getAccessKeyId, result.getCredentials.getSecretAccessKey)
	+ }
	+ var cred = update
	+ def getCredentials = cred
	+ def refresh = cred = update
	+ }
	+ this
	+ }
	+
	/** get [[com.amazonaws.services.ec2.AmazonEC2Client]] object */
	def ec2 = {
	val client = new AmazonEC2Client(provider)
	@@ -121,4 +139,11 @@ class AwsClient(val provider: AWSCredentialsProvider, val region: String) {
	client.setEndpoint("route53.amazonaws.com")
	client
	}
	+
	+ def securityToken = {
	+ val client = new AWSSecurityTokenServiceClient(provider);
	+ client.setEndpoint("sts.amazonaws.com");
	+ client
	+ }
	+
	}
	diff --git a/src/main/scala/com/netflix/edda/basic/BasicServer.scala b/src/main/scala/com/netflix/edda/basic/BasicServer.scala
	index 26bea9d..9dafaba 100644
	--- a/src/main/scala/com/netflix/edda/basic/BasicServer.scala
	+++ b/src/main/scala/com/netflix/edda/basic/BasicServer.scala
	@@ -57,13 +57,17 @@ class BasicServer extends HttpServlet {
	val bm = new BasicBeanMapper with AwsBeanMapper

	val awsClientFactory = (account: String) => {
	- Utils.getProperty("edda", "aws.accessKey", account, "").get match {
	+ val client = Utils.getProperty("edda", "aws.accessKey", account, "").get match {
	case v if v.isEmpty => new AwsClient(Utils.getProperty("edda", "region", account, "").get)
	case accessKey => new AwsClient(
	accessKey,
	Utils.getProperty("edda", "aws.secretKey", account, "").get,
	Utils.getProperty("edda", "region", account, "").get)
	}
	+ Utils.getProperty("edda", "aws.assumeRoleArn", account, "").get match {
	+ case v if v.isEmpty => client
	+ case arn => client.assumeRole(arn)
	+ }
	}

	AwsCollectionBuilder.buildAll(BasicContext, awsClientFactory, bm, elector, dsFactory)