ProfileFile-based credentials provider implementation (#21)

Co-authored-by: iliax <[email protected]>
provectus · Jun 23, 2023 · c309c90 · c309c90
1 parent 8a38724
commit c309c90
Show file tree

Hide file tree

Showing 2 changed files with 26 additions and 5 deletions.
diff --git a/docker-compose/setup-example.yaml b/docker-compose/setup-example.yaml
@@ -32,9 +32,14 @@ services:
       # schema name -> topics pattern where it will be used for values. Optional.
       kafka.clusters.0.serde.0.properties.topicValuesSchemas.some-topic-value: "some-topic1|some-topic2"
       kafka.clusters.0.serde.0.properties.topicValuesSchemas.another-topic-val: "another-topic-value"
-      # you can explicitly specify aws creds on serde level (not globally). Optional.
+
+      # you can explicitly specify aws creds on serde level (not globally, Optional.):
+      # by providing access keys:
       kafka.clusters.0.serde.0.properties.awsAccessKeyId:  '{ AWS_ACCESS_KEY_ID }'
       kafka.clusters.0.serde.0.properties.awsSecretAccessKey:  '{ AWS_SECRET_ACCESS_KEY }'
+      # or by using profile path properties:
+      kafka.clusters.0.serde.0.properties.awsProfileName: '{ profile which will be looked in profile file, "default" by default}'
+      kafka.clusters.0.serde.0.properties.awsProfileFile: '{ path to profile path, "~/.aws/credentials" by default }'
 
     volumes:
       - ./../target:/glue-serde

diff --git a/src/main/java/com/provectus/kafka/ui/serdes/glue/GlueSerde.java b/src/main/java/com/provectus/kafka/ui/serdes/glue/GlueSerde.java
@@ -21,6 +21,7 @@
 
 import java.net.URI;
 import java.nio.ByteBuffer;
+import java.nio.file.Path;
 import java.util.List;
 import java.util.Map;
 import java.util.UUID;
@@ -34,17 +35,16 @@
 import lombok.NonNull;
 import org.apache.avro.Schema;
 import org.apache.avro.generic.GenericRecord;
-import software.amazon.awssdk.auth.credentials.AwsBasicCredentials;
-import software.amazon.awssdk.auth.credentials.AwsCredentialsProvider;
-import software.amazon.awssdk.auth.credentials.AwsSessionCredentials;
-import software.amazon.awssdk.auth.credentials.DefaultCredentialsProvider;
+import software.amazon.awssdk.auth.credentials.*;
 import software.amazon.awssdk.http.apache.ApacheHttpClient;
 import com.provectus.kafka.ui.serde.api.PropertyResolver;
 import com.provectus.kafka.ui.serde.api.SchemaDescription;
 import com.provectus.kafka.ui.serde.api.Serde;
 
 import java.util.Optional;
 
+import software.amazon.awssdk.profiles.ProfileFile;
+import software.amazon.awssdk.profiles.ProfileFileSystemSetting;
 import software.amazon.awssdk.regions.Region;
 import software.amazon.awssdk.services.glue.GlueClient;
 import software.amazon.awssdk.services.glue.model.DataFormat;
@@ -161,6 +161,22 @@ static AwsCredentialsProvider createCredentialsProvider(PropertyResolver serdePr
       return () -> AwsSessionCredentials.create(awsAccessKey.get(), awsSecretKey.get(), awsSessionToken.get());
     }
 
+    Optional<String> profileName = serdeProperties.getProperty("awsProfileName", String.class);
+    Optional<String> profileFile = serdeProperties.getProperty("awsProfileFile", String.class);
+    if (profileName.isPresent() || profileFile.isPresent()) {
+      ProfileFile file = profileFile.map(filePath ->
+              ProfileFile.builder()
+                  .type(ProfileFile.Type.CREDENTIALS)
+                  .content(Path.of(filePath))
+                  .build()
+          )
+          .orElse(ProfileFile.defaultProfileFile());
+      return ProfileCredentialsProvider.builder()
+          .profileName(profileName.orElse(ProfileFileSystemSetting.AWS_PROFILE.defaultValue()))
+          .profileFile(file)
+          .build();
+    }
+
     // if creds properties weren't specified explicitly - using default creds provider
     return DefaultCredentialsProvider.create();
   }