This is an automated email from the ASF dual-hosted git repository. acosentino pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/camel.git
commit eafbb8449d3d9d14e10e8f572a88a3e1c6d0d39c Author: Andrea Cosentino <[email protected]> AuthorDate: Thu Apr 6 07:33:40 2023 +0200 CAMEL-18625 - Provide an option to pass specific AWS SAML Profile - Reload Task Signed-off-by: Andrea Cosentino <[email protected]> --- .../vault/CloudTrailReloadTriggerTask.java | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/components/camel-aws/camel-aws-secrets-manager/src/main/java/org/apache/camel/component/aws/secretsmanager/vault/CloudTrailReloadTriggerTask.java b/components/camel-aws/camel-aws-secrets-manager/src/main/java/org/apache/camel/component/aws/secretsmanager/vault/CloudTrailReloadTriggerTask.java index 9e66c1085d9..e485d8ecc18 100644 --- a/components/camel-aws/camel-aws-secrets-manager/src/main/java/org/apache/camel/component/aws/secretsmanager/vault/CloudTrailReloadTriggerTask.java +++ b/components/camel-aws/camel-aws-secrets-manager/src/main/java/org/apache/camel/component/aws/secretsmanager/vault/CloudTrailReloadTriggerTask.java @@ -39,6 +39,7 @@ import org.apache.camel.vault.AwsVaultConfiguration; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import software.amazon.awssdk.auth.credentials.AwsBasicCredentials; +import software.amazon.awssdk.auth.credentials.ProfileCredentialsProvider; import software.amazon.awssdk.auth.credentials.StaticCredentialsProvider; import software.amazon.awssdk.regions.Region; import software.amazon.awssdk.services.cloudtrail.CloudTrailClient; @@ -49,6 +50,8 @@ import software.amazon.awssdk.services.cloudtrail.model.LookupAttributeKey; import software.amazon.awssdk.services.cloudtrail.model.LookupEventsRequest; import software.amazon.awssdk.services.cloudtrail.model.LookupEventsResponse; import software.amazon.awssdk.services.cloudtrail.model.Resource; +import software.amazon.awssdk.services.secretsmanager.SecretsManagerClient; +import software.amazon.awssdk.services.secretsmanager.SecretsManagerClientBuilder; /** * Period task which checks if AWS secrets has been updated and can trigger Camel to be reloaded. @@ -62,6 +65,12 @@ public class CloudTrailReloadTriggerTask extends ServiceSupport implements Camel private static final String CAMEL_AWS_VAULT_USE_DEFAULT_CREDENTIALS_PROVIDER_ENV = "CAMEL_VAULT_AWS_USE_DEFAULT_CREDENTIALS_PROVIDER"; + private static final String CAMEL_AWS_VAULT_USE_PROFILE_CREDENTIALS_PROVIDER_ENV + = "CAMEL_VAULT_AWS_USE_PROFILE_CREDENTIALS_PROVIDER"; + + private static final String CAMEL_AWS_VAULT_PROFILE_NAME_ENV + = "CAMEL_AWS_VAULT_PROFILE_NAME"; + private static final Logger LOG = LoggerFactory.getLogger(CloudTrailReloadTriggerTask.class); private static final String SECRETSMANAGER_AMAZONAWS_COM = "secretsmanager.amazonaws.com"; @@ -144,6 +153,9 @@ public class CloudTrailReloadTriggerTask extends ServiceSupport implements Camel String region = System.getenv(CAMEL_AWS_VAULT_REGION_ENV); boolean useDefaultCredentialsProvider = Boolean.parseBoolean(System.getenv(CAMEL_AWS_VAULT_USE_DEFAULT_CREDENTIALS_PROVIDER_ENV)); + boolean useProfileCredentialsProvider + = Boolean.parseBoolean(System.getenv(CAMEL_AWS_VAULT_USE_PROFILE_CREDENTIALS_PROVIDER_ENV)); + String profileName = System.getenv(CAMEL_AWS_VAULT_PROFILE_NAME_ENV); if (ObjectHelper.isEmpty(accessKey) && ObjectHelper.isEmpty(secretKey) && ObjectHelper.isEmpty(region)) { AwsVaultConfiguration awsVaultConfiguration = getCamelContext().getVaultConfiguration().aws(); if (ObjectHelper.isNotEmpty(awsVaultConfiguration)) { @@ -163,6 +175,11 @@ public class CloudTrailReloadTriggerTask extends ServiceSupport implements Camel CloudTrailClientBuilder clientBuilder = CloudTrailClient.builder(); clientBuilder.region(Region.of(region)); cloudTrailClient = clientBuilder.build(); + } else if (useProfileCredentialsProvider && ObjectHelper.isNotEmpty(profileName)) { + CloudTrailClientBuilder clientBuilder = CloudTrailClient.builder(); + clientBuilder.credentialsProvider(ProfileCredentialsProvider.create(profileName)); + clientBuilder.region(Region.of(region)); + cloudTrailClient = clientBuilder.build(); } else { throw new RuntimeCamelException( "Using the AWS Secrets Refresh Task requires setting AWS credentials as application properties or environment variables");
