[GitHub] nifi pull request #1112: NIFI-2799: AWS Credentials for Assume Role Need Pro...

[ktseytlin]

Github user ktseytlin commented on a diff in the pull request:

    https://github.com/apache/nifi/pull/1112#discussion_r82451576
  
    --- Diff: 
nifi-nar-bundles/nifi-aws-bundle/nifi-aws-processors/src/main/java/org/apache/nifi/processors/aws/credentials/provider/factory/strategies/AssumeRoleCredentialsStrategy.java
 ---
    @@ -113,16 +134,34 @@ public AWSCredentialsProvider 
getDerivedCredentialsProvider(Map<PropertyDescript
             rawMaxSessionTime = (rawMaxSessionTime != null) ? 
rawMaxSessionTime : MAX_SESSION_TIME.getDefaultValue();
             final Integer maxSessionTime = 
Integer.parseInt(rawMaxSessionTime.trim());
             final String assumeRoleExternalId = 
properties.get(ASSUME_ROLE_EXTERNAL_ID);
    +        STSAssumeRoleSessionCredentialsProvider.Builder builder;
    +
    +        // If proxy variables are set, then create Client Configuration 
with those values
    +        if (proxyVariablesValidForAssumeRole(properties)) {
    +            final String assumeRoleProxyHost = 
properties.get(ASSUME_ROLE_PROXY_HOST);
    +            final Integer assumeRoleProxyPort = 
Integer.parseInt(properties.get(ASSUME_ROLE_PROXY_PORT));
    +            ClientConfiguration config = new ClientConfiguration();
    +            config.withProxyHost(assumeRoleProxyHost);
    +            config.withProxyPort(assumeRoleProxyPort);
    +            AWSSecurityTokenService securityTokenService = new 
AWSSecurityTokenServiceClient(config);
    --- End diff --
    
    I also just ran the contribution mvn contrib check that you asked for with 
this fix, and it returns this error: 
    
    ```
    java.lang.IllegalArgumentException: If a custom STS client is set you must 
not set any other client related fields (ClientConfiguration, AWSCredentials, 
Endpoint, etc
                at 
com.amazonaws.util.ValidationUtils.assertAllAreNull(ValidationUtils.java:49)
                at 
com.amazonaws.auth.STSAssumeRoleSessionCredentialsProvider.<init>(STSAssumeRoleSessionCredentialsProvider.java:187)
                at 
com.amazonaws.auth.STSAssumeRoleSessionCredentialsProvider.<init>(STSAssumeRoleSessionCredentialsProvider.java:34)
                at 
com.amazonaws.auth.STSAssumeRoleSessionCredentialsProvider$Builder.build(STSAssumeRoleSessionCredentialsProvider.java:436)
    ```
    
    I wanted to refactor it like that, but again, since I am not able to test 
in my environment the previous work I played it on the safe side.


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---