[incubator-dlab] branch EPMCDLAB-1186 updated: DLAB-000 added possibility to specify iam endpoint and region

Mon, 18 Feb 2019 06:16:38 -0800 

This is an automated email from the ASF dual-hosted git repository.

bhliva pushed a commit to branch EPMCDLAB-1186
in repository https://gitbox.apache.org/repos/asf/incubator-dlab.git


The following commit(s) were added to refs/heads/EPMCDLAB-1186 by this push:
     new 0c7788f  DLAB-000 added possibility to specify iam endpoint and region
0c7788f is described below

commit 0c7788ff0e8077a659384a34320c01f0d302ead6
Author: bhliva <[email protected]>
AuthorDate: Mon Feb 18 16:15:54 2019 +0200

    DLAB-000 added possibility to specify iam endpoint and region
---
 .../com/epam/dlab/auth/aws/dao/AwsUserDAOImpl.java | 28 ++++++++++++++++++----
 services/security-service/security.yml             |  2 ++
 .../dlab/auth/SecurityServiceConfiguration.java    | 13 ++++++++++
 .../auth/modules/AwsSecurityServiceModule.java     | 13 ++++++++++
 4 files changed, 52 insertions(+), 4 deletions(-)

diff --git 
a/services/security-aws/src/main/java/com/epam/dlab/auth/aws/dao/AwsUserDAOImpl.java
 
b/services/security-aws/src/main/java/com/epam/dlab/auth/aws/dao/AwsUserDAOImpl.java
index 16cc24b..bc3fa65 100644
--- 
a/services/security-aws/src/main/java/com/epam/dlab/auth/aws/dao/AwsUserDAOImpl.java
+++ 
b/services/security-aws/src/main/java/com/epam/dlab/auth/aws/dao/AwsUserDAOImpl.java
@@ -13,30 +13,40 @@
  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  See the License for the specific language governing permissions and
  limitations under the License.
-
  ****************************************************************************/
 
 package com.epam.dlab.auth.aws.dao;
 
 import com.amazonaws.auth.AWSCredentials;
+import com.amazonaws.regions.Region;
+import com.amazonaws.regions.Regions;
 import com.amazonaws.services.identitymanagement.AmazonIdentityManagement;
 import 
com.amazonaws.services.identitymanagement.AmazonIdentityManagementClient;
 import com.amazonaws.services.identitymanagement.model.*;
 import com.google.inject.Inject;
 import com.google.inject.Singleton;
+import com.google.inject.name.Named;
 import lombok.extern.slf4j.Slf4j;
 
+import javax.annotation.Nullable;
 import java.util.List;
+import java.util.Optional;
 
 @Singleton
 @Slf4j
 public class AwsUserDAOImpl implements AwsUserDAO {
 
+       private final String endpoint;
+       private final String region;
        private volatile AmazonIdentityManagement aim;
 
        @Inject
-       public AwsUserDAOImpl(AWSCredentials credentials) {
-               this.aim = new AmazonIdentityManagementClient(credentials);
+       public AwsUserDAOImpl(AWSCredentials credentials,
+                                                 @Nullable 
@Named("iamEndpoint") String endpoint,
+                                                 @Nullable @Named("iamRegion") 
String region) {
+               this.endpoint = endpoint;
+               this.region = region;
+               this.aim = getClient(credentials);
        }
 
        @Override
@@ -48,7 +58,7 @@ public class AwsUserDAOImpl implements AwsUserDAO {
 
        @Override
        public void updateCredentials(AWSCredentials credentials) {
-               this.aim = new AmazonIdentityManagementClient(credentials);
+               this.aim = getClient(credentials);
        }
 
        @Override
@@ -75,4 +85,14 @@ public class AwsUserDAOImpl implements AwsUserDAO {
                }
                return user;
        }
+
+       private AmazonIdentityManagementClient getClient(AWSCredentials 
credentials) {
+               final AmazonIdentityManagementClient client =
+                               new AmazonIdentityManagementClient(credentials);
+               Optional.ofNullable(endpoint)
+                               .ifPresent(client::setEndpoint);
+               Optional.ofNullable(region)
+                               .ifPresent(r -> 
client.setRegion(Region.getRegion(Regions.fromName(r))));
+               return client;
+       }
 }
diff --git a/services/security-service/security.yml 
b/services/security-service/security.yml
index aa294e3..7707c26 100644
--- a/services/security-service/security.yml
+++ b/services/security-service/security.yml
@@ -150,6 +150,8 @@ userInfoPersistenceEnabled: true
 
 <#if CLOUD_TYPE == "aws">
 awsUserIdentificationEnabled: true
+awsUserIdentificationEndpoint: http://${REPOSITORY_HOST}/iam
+awsUserIdentificationEndpointRegion: us-east-1
 loginAuthenticationTimeout: 10
 <#elseif CLOUD_TYPE == "azure">
 loginAuthenticationTimeout: 20
diff --git 
a/services/security-service/src/main/java/com/epam/dlab/auth/SecurityServiceConfiguration.java
 
b/services/security-service/src/main/java/com/epam/dlab/auth/SecurityServiceConfiguration.java
index 5593978..3ed3aa2 100644
--- 
a/services/security-service/src/main/java/com/epam/dlab/auth/SecurityServiceConfiguration.java
+++ 
b/services/security-service/src/main/java/com/epam/dlab/auth/SecurityServiceConfiguration.java
@@ -58,6 +58,11 @@ public class SecurityServiceConfiguration extends 
ServiceConfiguration {
 
        private LdapConnectionConfig ldapConfiguration;
 
+       @JsonProperty
+       private String awsUserIdentificationEndpoint;
+       @JsonProperty
+       private String awsUserIdentificationEndpointRegion;
+
        public SecurityServiceConfiguration() {
                super();
        }
@@ -117,4 +122,12 @@ public class SecurityServiceConfiguration extends 
ServiceConfiguration {
        public GcpLoginConfiguration getGcpLoginConfiguration() {
                return gcpLoginConfiguration;
        }
+
+       public String getAwsUserIdentificationEndpoint() {
+               return awsUserIdentificationEndpoint;
+       }
+
+       public String getAwsUserIdentificationEndpointRegion() {
+               return awsUserIdentificationEndpointRegion;
+       }
 }
diff --git 
a/services/security-service/src/main/java/com/epam/dlab/auth/modules/AwsSecurityServiceModule.java
 
b/services/security-service/src/main/java/com/epam/dlab/auth/modules/AwsSecurityServiceModule.java
index d07bb7a..779ada4 100644
--- 
a/services/security-service/src/main/java/com/epam/dlab/auth/modules/AwsSecurityServiceModule.java
+++ 
b/services/security-service/src/main/java/com/epam/dlab/auth/modules/AwsSecurityServiceModule.java
@@ -30,6 +30,7 @@ import com.epam.dlab.cloud.CloudModule;
 import com.google.inject.Injector;
 import com.google.inject.Provides;
 import com.google.inject.Singleton;
+import com.google.inject.name.Named;
 import io.dropwizard.setup.Environment;
 
 public class AwsSecurityServiceModule extends CloudModule {
@@ -67,6 +68,18 @@ public class AwsSecurityServiceModule extends CloudModule {
                }
        }
 
+       @Provides
+       @Named("iamEndpoint")
+       private String iamEndpoint() {
+               return conf.getAwsUserIdentificationEndpoint();
+       }
+
+       @Provides
+       @Named("iamRegion")
+       private String iamRegion() {
+               return conf.getAwsUserIdentificationEndpointRegion();
+       }
+
        private AWSCredentials devAwsCredentials() {
                return new AWSCredentials() {
                        @Override


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to