From 8eabb1208d3abc035fdf88b8e95a37221869c805 Mon Sep 17 00:00:00 2001 From: Gael Leblan Date: Thu, 7 Nov 2024 16:16:57 +0100 Subject: [PATCH] [backend] Allow for use of AWS IAM Role (#1453) * [backend] Allow for use of AWS IAM Role --- .../src/main/resources/application.properties | 3 ++ .../java/io/openbas/config/MinioConfig.java | 50 +------------------ .../main/java/io/openbas/config/S3Config.java | 18 +++++++ .../java/io/openbas/driver/MinioDriver.java | 38 +++++++++----- 4 files changed, 49 insertions(+), 60 deletions(-) create mode 100644 openbas-model/src/main/java/io/openbas/config/S3Config.java diff --git a/openbas-api/src/main/resources/application.properties b/openbas-api/src/main/resources/application.properties index bae8966c66..932e095734 100644 --- a/openbas-api/src/main/resources/application.properties +++ b/openbas-api/src/main/resources/application.properties @@ -123,6 +123,9 @@ minio.bucket=openbas minio.port=9000 minio.access-key= minio.access-secret= +# S3 configuration +openbas.s3.use-aws-role=false +openbas.s3.sts-endpoint= # Logging logging.level.root=fatal diff --git a/openbas-model/src/main/java/io/openbas/config/MinioConfig.java b/openbas-model/src/main/java/io/openbas/config/MinioConfig.java index aee01c4c06..570fa85bdc 100644 --- a/openbas-model/src/main/java/io/openbas/config/MinioConfig.java +++ b/openbas-model/src/main/java/io/openbas/config/MinioConfig.java @@ -1,11 +1,13 @@ package io.openbas.config; import jakarta.validation.constraints.NotNull; +import lombok.Data; import org.springframework.boot.context.properties.ConfigurationProperties; import org.springframework.stereotype.Component; @Component @ConfigurationProperties(prefix = "minio") +@Data public class MinioConfig { @NotNull private String endpoint; @@ -17,52 +19,4 @@ public class MinioConfig { private int port = 9000; private String bucket = "openbas"; private boolean secure = false; - - public String getAccessKey() { - return accessKey; - } - - public void setAccessKey(String accessKey) { - this.accessKey = accessKey; - } - - public String getAccessSecret() { - return accessSecret; - } - - public void setAccessSecret(String accessSecret) { - this.accessSecret = accessSecret; - } - - public String getEndpoint() { - return endpoint; - } - - public void setEndpoint(String endpoint) { - this.endpoint = endpoint; - } - - public String getBucket() { - return bucket; - } - - public void setBucket(String bucket) { - this.bucket = bucket; - } - - public int getPort() { - return port; - } - - public void setPort(int port) { - this.port = port; - } - - public boolean isSecure() { - return secure; - } - - public void setSecure(boolean secure) { - this.secure = secure; - } } diff --git a/openbas-model/src/main/java/io/openbas/config/S3Config.java b/openbas-model/src/main/java/io/openbas/config/S3Config.java new file mode 100644 index 0000000000..7b27905524 --- /dev/null +++ b/openbas-model/src/main/java/io/openbas/config/S3Config.java @@ -0,0 +1,18 @@ +package io.openbas.config; + +import com.fasterxml.jackson.annotation.JsonProperty; +import lombok.Data; +import org.springframework.boot.context.properties.ConfigurationProperties; +import org.springframework.stereotype.Component; + +@Component +@ConfigurationProperties(prefix = "openbas.s3") +@Data +public class S3Config { + + @JsonProperty("use-aws-role") + private boolean useAwsRole = false; + + @JsonProperty("sts-endpoint") + private String stsEndpoint; +} diff --git a/openbas-model/src/main/java/io/openbas/driver/MinioDriver.java b/openbas-model/src/main/java/io/openbas/driver/MinioDriver.java index f4ce382aa8..6bdc1acf28 100644 --- a/openbas-model/src/main/java/io/openbas/driver/MinioDriver.java +++ b/openbas-model/src/main/java/io/openbas/driver/MinioDriver.java @@ -3,27 +3,41 @@ import io.minio.BucketExistsArgs; import io.minio.MakeBucketArgs; import io.minio.MinioClient; +import io.minio.credentials.*; import io.openbas.config.MinioConfig; -import org.springframework.beans.factory.annotation.Autowired; +import io.openbas.config.S3Config; +import lombok.RequiredArgsConstructor; import org.springframework.context.annotation.Bean; import org.springframework.stereotype.Component; @Component +@RequiredArgsConstructor public class MinioDriver { - private MinioConfig minioConfig; - - @Autowired - public void setMinioConfig(MinioConfig minioConfig) { - this.minioConfig = minioConfig; - } + private final MinioConfig minioConfig; + private final S3Config s3Config; @Bean public MinioClient minioClient() throws Exception { - MinioClient minioClient = - MinioClient.builder() - .endpoint(minioConfig.getEndpoint(), minioConfig.getPort(), minioConfig.isSecure()) - .credentials(minioConfig.getAccessKey(), minioConfig.getAccessSecret()) - .build(); + MinioClient minioClient; + if (s3Config.isUseAwsRole()) { + String stsEndpoint = null; + if (s3Config.getStsEndpoint() != null && !s3Config.getStsEndpoint().isEmpty()) { + stsEndpoint = s3Config.getStsEndpoint(); + } + IamAwsProvider provider = new IamAwsProvider(stsEndpoint, null); + + minioClient = + MinioClient.builder() + .endpoint(minioConfig.getEndpoint()) + .credentialsProvider(provider) + .build(); + } else { + minioClient = + MinioClient.builder() + .endpoint(minioConfig.getEndpoint(), minioConfig.getPort(), minioConfig.isSecure()) + .credentials(minioConfig.getAccessKey(), minioConfig.getAccessSecret()) + .build(); + } // Make bucket if not exist. BucketExistsArgs bucketExistsArgs = BucketExistsArgs.builder().bucket(minioConfig.getBucket()).build();