Fix the lease coordination table permissions (opensearch-project#5097)

* Fix the lease coordination table permissions Signed-off-by: Souvik Bose <[email protected]> * Address review comments Signed-off-by: Souvik Bose <[email protected]> --------- Signed-off-by: Souvik Bose <[email protected]> Co-authored-by: Souvik Bose <[email protected]>
sb2k16 · Oct 22, 2024 · e26deaa · e26deaa
1 parent 5bfcac8
commit e26deaa
Show file tree

Hide file tree

Showing 5 changed files with 85 additions and 1 deletion.
diff --git a/...ws-plugin-api/src/main/java/org/opensearch/dataprepper/aws/api/AwsCredentialsOptions.java b/...ws-plugin-api/src/main/java/org/opensearch/dataprepper/aws/api/AwsCredentialsOptions.java
@@ -16,23 +16,28 @@
  */
 public class AwsCredentialsOptions {
     private static final AwsCredentialsOptions DEFAULT_OPTIONS = new AwsCredentialsOptions();
+    private static final AwsCredentialsOptions DEFAULT_OPTIONS_WITH_DEFAULT_CREDS_PROVIDER =
+            AwsCredentialsOptions.builder().withUseDefaultCredentialsProvider(true).build();
     private final String stsRoleArn;
     private final String stsExternalId;
     private final Region region;
     private final Map<String, String> stsHeaderOverrides;
+    private final boolean useDefaultCredentialsProvider;
 
     private AwsCredentialsOptions(final Builder builder) {
         this.stsRoleArn = builder.stsRoleArn;
         this.stsExternalId = builder.stsExternalId;
         this.region = builder.region;
         this.stsHeaderOverrides = builder.stsHeaderOverrides != null ? new HashMap<>(builder.stsHeaderOverrides) : Collections.emptyMap();
+        this.useDefaultCredentialsProvider = builder.useDefaultCredentialsProvider;
     }
 
     private AwsCredentialsOptions() {
         this.stsRoleArn = null;
         this.stsExternalId = null;
         this.region = null;
         this.stsHeaderOverrides = Collections.emptyMap();
+        this.useDefaultCredentialsProvider = false;
     }
 
     /**
@@ -49,6 +54,10 @@ public static AwsCredentialsOptions defaultOptions() {
         return DEFAULT_OPTIONS;
     }
 
+    public static AwsCredentialsOptions defaultOptionsWithDefaultCredentialsProvider() {
+        return DEFAULT_OPTIONS_WITH_DEFAULT_CREDS_PROVIDER;
+    }
+
     public String getStsRoleArn() {
         return stsRoleArn;
     }
@@ -65,6 +74,10 @@ public Map<String, String> getStsHeaderOverrides() {
         return stsHeaderOverrides;
     }
 
+    public boolean isUseDefaultCredentialsProvider() {
+        return useDefaultCredentialsProvider;
+    }
+
     /**
      * Builder class for {@link AwsCredentialsOptions}.
      */
@@ -73,6 +86,7 @@ public static class Builder {
         private String stsExternalId;
         private Region region;
         private Map<String, String> stsHeaderOverrides = Collections.emptyMap();
+        private boolean useDefaultCredentialsProvider = false;
 
         /**
          * Sets the STS role ARN to use.
@@ -122,6 +136,17 @@ public Builder withStsHeaderOverrides(final Map<String, String> stsHeaderOverrid
             return this;
         }
 
+        /**
+         * Configures whether to use default credentials.
+         *
+         * @param useDefaultCredentialsProvider
+         * @return The {@link Builder} for continuing to build
+         */
+        public Builder withUseDefaultCredentialsProvider(final boolean useDefaultCredentialsProvider) {
+            this.useDefaultCredentialsProvider = useDefaultCredentialsProvider;
+            return this;
+        }
+
         /**
          * Builds the {@link AwsCredentialsOptions}.
          *

diff --git a/...lugin-api/src/test/java/org/opensearch/dataprepper/aws/api/AwsCredentialsOptionsTest.java b/...lugin-api/src/test/java/org/opensearch/dataprepper/aws/api/AwsCredentialsOptionsTest.java
@@ -19,6 +19,7 @@
 import static org.hamcrest.CoreMatchers.nullValue;
 import static org.hamcrest.CoreMatchers.sameInstance;
 import static org.hamcrest.MatcherAssert.assertThat;
+import static org.junit.jupiter.api.Assertions.assertTrue;
 
 class AwsCredentialsOptionsTest {
     @Test
@@ -150,4 +151,21 @@ void defaultOptions_returns_same_instance_on_multiple_calls() {
         assertThat(AwsCredentialsOptions.defaultOptions(),
                 sameInstance(AwsCredentialsOptions.defaultOptions()));
     }
+
+
+    @Test
+    void with_DefaultRole() {
+        final AwsCredentialsOptions awsCredentialsOptionsWithDefaultCredentialsProvider
+                = AwsCredentialsOptions.defaultOptionsWithDefaultCredentialsProvider();
+
+        assertThat(awsCredentialsOptionsWithDefaultCredentialsProvider, notNullValue());
+        assertThat(awsCredentialsOptionsWithDefaultCredentialsProvider.getStsRoleArn(), nullValue());
+        assertTrue(awsCredentialsOptionsWithDefaultCredentialsProvider.isUseDefaultCredentialsProvider());
+    }
+
+    @Test
+    void defaultCredentialsOptions_returns_same_instance_on_multiple_calls() {
+        assertThat(AwsCredentialsOptions.defaultOptionsWithDefaultCredentialsProvider(),
+                sameInstance(AwsCredentialsOptions.defaultOptionsWithDefaultCredentialsProvider()));
+    }
 }
diff --git a/...ugin/src/main/java/org/opensearch/dataprepper/plugins/aws/CredentialsProviderFactory.java b/...ugin/src/main/java/org/opensearch/dataprepper/plugins/aws/CredentialsProviderFactory.java
@@ -50,6 +50,10 @@ Region getDefaultRegion() {
     AwsCredentialsProvider providerFromOptions(final AwsCredentialsOptions credentialsOptions) {
         Objects.requireNonNull(credentialsOptions);
 
+        if (credentialsOptions.isUseDefaultCredentialsProvider()) {
+            return DefaultCredentialsProvider.create();
+        }
+
         if(credentialsOptions.getStsRoleArn() != null || defaultStsConfiguration.getAwsStsRoleArn() != null) {
             return createStsCredentials(credentialsOptions);
         }

diff --git a/...-plugins/aws-plugin/src/test/java/org/opensearch/dataprepper/plugins/aws/AwsPluginIT.java b/...-plugins/aws-plugin/src/test/java/org/opensearch/dataprepper/plugins/aws/AwsPluginIT.java
@@ -157,6 +157,42 @@ void test_AwsPlugin_without_STS_role_and_with_default_role_uses_default_role() {
         assertThat(awsCredentialsProvider2, sameInstance(awsCredentialsProvider1));
     }
 
+    @Test
+    void test_AwsPlugin_without_STS_role_and_without_default_role_uses_default_role() {
+
+        createObjectUnderTest().apply(extensionPoints);
+
+        final ArgumentCaptor<ExtensionProvider<AwsCredentialsSupplier>> extensionProviderArgumentCaptor = ArgumentCaptor.forClass(ExtensionProvider.class);
+        verify(extensionPoints).addExtensionProvider(extensionProviderArgumentCaptor.capture());
+
+        final ExtensionProvider<AwsCredentialsSupplier> extensionProvider = extensionProviderArgumentCaptor.getValue();
+
+        final Optional<AwsCredentialsSupplier> optionalSupplier = extensionProvider.provideInstance(context);
+        assertThat(optionalSupplier, notNullValue());
+        assertThat(optionalSupplier.isPresent(), equalTo(true));
+
+        final AwsCredentialsSupplier awsCredentialsSupplier = optionalSupplier.get();
+
+        final AwsCredentialsOptions awsCredentialsOptions1 = AwsCredentialsOptions.builder()
+                .withRegion(Region.US_EAST_1)
+                .withUseDefaultCredentialsProvider(true)
+                .build();
+
+        final AwsCredentialsProvider awsCredentialsProvider1 = awsCredentialsSupplier.getProvider(awsCredentialsOptions1);
+
+        assertThat(awsCredentialsProvider1, instanceOf(DefaultCredentialsProvider.class));
+
+        final AwsCredentialsOptions awsCredentialsOptions2 = AwsCredentialsOptions.builder()
+                .withRegion(Region.US_EAST_1)
+                .withUseDefaultCredentialsProvider(true)
+                .build();
+
+        final AwsCredentialsProvider awsCredentialsProvider2 = awsCredentialsSupplier.getProvider(awsCredentialsOptions2);
+
+        assertThat(awsCredentialsProvider2, instanceOf(DefaultCredentialsProvider.class));
+        assertThat(awsCredentialsProvider2, sameInstance(awsCredentialsProvider1));
+    }
+
     private String createStsRole() {
         return String.format("arn:aws:iam::123456789012:role/%s", UUID.randomUUID());
     }

diff --git a/...src/main/java/org/opensearch/dataprepper/plugins/kinesis/source/KinesisClientFactory.java b/...src/main/java/org/opensearch/dataprepper/plugins/kinesis/source/KinesisClientFactory.java
@@ -33,7 +33,8 @@ public KinesisClientFactory(final AwsCredentialsSupplier awsCredentialsSupplier,
                 .withStsExternalId(awsAuthenticationConfig.getAwsStsExternalId())
                 .withStsHeaderOverrides(awsAuthenticationConfig.getAwsStsHeaderOverrides())
                 .build());
-        defaultCredentialsProvider = awsCredentialsSupplier.getProvider(AwsCredentialsOptions.defaultOptions());
+        defaultCredentialsProvider = awsCredentialsSupplier.getProvider(
+                AwsCredentialsOptions.defaultOptionsWithDefaultCredentialsProvider());
         this.awsAuthenticationConfig = awsAuthenticationConfig;
     }