Skip to content

Commit

Permalink
refactoring: common code moved out of if else loop
Browse files Browse the repository at this point in the history
  • Loading branch information
@amrutha-shanbhag
amrutha-shanbhag committed Sep 30, 2021
1 parent 9302b3f commit f6cd799
Showing 1 changed file with 11 additions and 11 deletions.
22 changes: 11 additions & 11 deletions s3/src/main/java/com/instaclustr/kafka/connect/s3/TransferManagerProvider.java
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
package com.instaclustr.kafka.connect.s3;

import com.amazonaws.ClientConfiguration;
import com.amazonaws.auth.AWSCredentialsProvider;
import com.amazonaws.auth.AWSStaticCredentialsProvider;
import com.amazonaws.auth.BasicAWSCredentials;
import com.amazonaws.auth.STSAssumeRoleSessionCredentialsProvider;
Expand Down Expand Up @@ -38,33 +39,32 @@ public static AmazonS3ClientBuilder getS3ClientBuilderWithRegionAndCredentials(f
String region = getFromConfigOrEnvironment(config, AwsStorageConnectorCommonConfig.AWS_REGION);
String roleArn = getFromConfigOrEnvironment(config, AwsStorageConnectorCommonConfig.AWS_IAM_ROLE_ARN);

AmazonS3ClientBuilder clientBuilder;
AWSStaticCredentialsProvider awsStaticCredentialsProvider = new AWSStaticCredentialsProvider(new BasicAWSCredentials(accessKey, secret));
AWSCredentialsProvider awsCredentialsProvider;

if (roleArn == null || StringUtils.isBlank(roleArn)) {
// authenticate with access key/secret
AWSStaticCredentialsProvider awsStaticCredentialsProvider = new AWSStaticCredentialsProvider(new BasicAWSCredentials(accessKey, secret));
clientBuilder = AmazonS3ClientBuilder.standard()
.withCredentials(awsStaticCredentialsProvider);
// when IAM user has direct access to the S3 bucket
awsCredentialsProvider = awsStaticCredentialsProvider;
} else {
// authenticate with access key/secret, then assume role
// when the IAM user needs to assume the role to access the S3 bucket
AWSSecurityTokenService awsSecurityTokenService = AWSSecurityTokenServiceClientBuilder.standard()
.withCredentials(new AWSStaticCredentialsProvider(new BasicAWSCredentials(accessKey, secret)))
.withCredentials(awsStaticCredentialsProvider)
.build();

STSAssumeRoleSessionCredentialsProvider.Builder assumeRoleBuilder =
new STSAssumeRoleSessionCredentialsProvider.Builder(
roleArn,
UUID.randomUUID().toString().substring(0, 32));

STSAssumeRoleSessionCredentialsProvider credentialsProvider = assumeRoleBuilder
awsCredentialsProvider = assumeRoleBuilder
.withStsClient(awsSecurityTokenService)
.withRoleSessionDurationSeconds((int) TimeUnit.HOURS.toSeconds(1))
.build();

clientBuilder = AmazonS3ClientBuilder.standard()
.withCredentials(credentialsProvider);
}

AmazonS3ClientBuilder clientBuilder = AmazonS3ClientBuilder.standard()
.withCredentials(awsCredentialsProvider);

if (region == null) {
region = AwsStorageConnectorCommonConfig.DEFAULT_AWS_REGION;
clientBuilder.enableForceGlobalBucketAccess();
Expand Down

0 comments on commit f6cd799

Please sign in to comment.