This is an automated email from the ASF dual-hosted git repository.
acosentino pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/camel.git
commit 0a23583c89aca80cc18889c888c89e95c1c7bc98
Author: cvandehey <chad_vande...@intuit.com>
AuthorDate: Thu Feb 15 14:19:40 2018 -0800
CAMEL-12275 - IAM role capabilities. This will allow AWS users to use the
industry standard way of credential acquisition and refresh.
---
.../camel-aws/src/main/docs/aws-s3-component.adoc | 13 +-
.../apache/camel/component/aws/s3/S3Component.java | 5 +-
.../camel/component/aws/s3/S3Configuration.java | 18 ++-
.../apache/camel/component/aws/s3/S3Endpoint.java | 111 +---------------
.../camel/component/aws/s3/client/AWSS3Client.java | 31 +++++
.../aws/s3/client/AWSS3ClientFactory.java | 43 +++++++
.../client/impl/IAMOptimizedAWSS3ClientImpl.java | 109 ++++++++++++++++
.../s3/client/impl/StandardAWSS3ClientImpl.java | 140 +++++++++++++++++++++
.../component/aws/s3/AWSS3ClientFactoryTest.java | 52 ++++++++
.../impl/IAMOptimizedAWSS3ClientImplTest.java | 65 ++++++++++
.../client/impl/StandardAWSS3ClientImplTest.java | 65 ++++++++++
11 files changed, 540 insertions(+), 112 deletions(-)
diff --git a/components/camel-aws/src/main/docs/aws-s3-component.adoc
b/components/camel-aws/src/main/docs/aws-s3-component.adoc
index 5a8d9b7..46c9256 100644
--- a/components/camel-aws/src/main/docs/aws-s3-component.adoc
+++ b/components/camel-aws/src/main/docs/aws-s3-component.adoc
@@ -78,7 +78,7 @@ with the following path and query parameters:
| *bucketNameOrArn* | *Required* Bucket name or ARN | | String
|===
-==== Query Parameters (49 parameters):
+==== Query Parameters (50 parameters):
[width="100%",cols="2,5,^1,2",options="header"]
|===
@@ -89,6 +89,7 @@ with the following path and query parameters:
| *proxyHost* (common) | To define a proxy host when instantiating the SQS
client | | String
| *proxyPort* (common) | Specify a proxy port to be used inside the client
definition. | | Integer
| *region* (common) | The region in which S3 client needs to work | | String
+| *useIAMCredentials* (common) | Set whether the S3 client should expect to
load credentials on an EC2 instance or to expect static credentials to be
passed in. See below for more instruction. | false | boolean
| *encryptionMaterials* (common) | The encryption materials to use in case of
Symmetric/Asymmetric client usage | | EncryptionMaterials
| *useEncryption* (common) | Define if encryption must be used or not | false
| boolean
| *bridgeErrorHandler* (consumer) | Allows for bridging the consumer to the
Camel routing Error Handler which mean any exceptions occurred while the
consumer is trying to pickup incoming messages or the likes will now be
processed as a message and handled by the routing Error Handler. By default the
consumer will use the org.apache.camel.spi.ExceptionHandler to deal with
exceptions that will be logged at WARN or ERROR level and ignored. | false |
boolean
@@ -308,6 +309,16 @@ from("file:tmp/test?fileName=test.txt")
In this way you'll ask to S3, to use the KMS key
3f0637ad-296a-3dfe-a796-e60654fb128c, to encrypt the file test.txt. When you'll
ask to download this file, the decryption will be done directly before the
download.
+#### Use "useIAMCredentials" with the s3 component
+
+To use AWS IAM credentials, you must first verify that the EC2 in which you
are launching the Camel application on has an IAM role associated with it
containing the appropriate policies attached to run effectively.
+Keep in mind that this feature should only be set to "true" on remote
instances. To clarify even further, you must still use static credentials
locally since IAM is an AWS specific component,
+but AWS environments should now be easier to manage. After this is implemented
and understood, you can set the query parameter "useIAMCredentials" to "true"
for AWS environments! To effectively toggle this
+on and off based on local and remote environments, you can consider enabling
this query parameter with system environment variables. For example, your code
could set the "useIAMCredentials" query parameter to "true",
+when the system environment variable called "isRemote" is set to true (there
are many other ways to do this and this should act as a simple example).
Although it doesn't take away the need for static credentials completely,
+using IAM credentials on AWS environments takes away the need to refresh on
remote environments and adds a major security boost (IAM credentials are
refreshed automatically every 6 hours and update when their
+policies are updated). This is the AWS recommended way to manage credentials
and therefore should be used as often as possible.
+
### Dependencies
Maven users will need to add the following dependency to their pom.xml.
diff --git
a/components/camel-aws/src/main/java/org/apache/camel/component/aws/s3/S3Component.java
b/components/camel-aws/src/main/java/org/apache/camel/component/aws/s3/S3Component.java
index f17dc31..0d2c440 100644
---
a/components/camel-aws/src/main/java/org/apache/camel/component/aws/s3/S3Component.java
+++
b/components/camel-aws/src/main/java/org/apache/camel/component/aws/s3/S3Component.java
@@ -14,6 +14,7 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
+
package org.apache.camel.component.aws.s3;
import java.util.Map;
@@ -67,8 +68,8 @@ public class S3Component extends DefaultComponent {
if (ObjectHelper.isEmpty(configuration.getRegion())) {
setRegion(region);
}
- if (configuration.getAmazonS3Client() == null &&
(configuration.getAccessKey() == null || configuration.getSecretKey() == null))
{
- throw new IllegalArgumentException("AmazonS3Client or accessKey
and secretKey must be specified");
+ if (!configuration.isUseIAMCredentials() &&
configuration.getAmazonS3Client() == null && (configuration.getAccessKey() ==
null || configuration.getSecretKey() == null)) {
+ throw new IllegalArgumentException("useIAMCredentials is set to
false, AmazonS3Client or accessKey and secretKey must be specified");
}
S3Endpoint endpoint = new S3Endpoint(uri, this, configuration);
diff --git
a/components/camel-aws/src/main/java/org/apache/camel/component/aws/s3/S3Configuration.java
b/components/camel-aws/src/main/java/org/apache/camel/component/aws/s3/S3Configuration.java
index a3a08ac..74a9379 100644
---
a/components/camel-aws/src/main/java/org/apache/camel/component/aws/s3/S3Configuration.java
+++
b/components/camel-aws/src/main/java/org/apache/camel/component/aws/s3/S3Configuration.java
@@ -84,6 +84,8 @@ public class S3Configuration implements Cloneable {
private boolean useAwsKMS;
@UriParam(label = "producer,advanced")
private String awsKMSKeyId;
+ @UriParam(defaultValue = "false")
+ private boolean useIAMCredentials;
public long getPartSize() {
return partSize;
@@ -403,7 +405,7 @@ public class S3Configuration implements Cloneable {
public boolean isDualstackEnabled() {
return dualstackEnabled;
}
-
+
/**
* Define if Dualstack enabled is true or false
*/
@@ -433,7 +435,19 @@ public class S3Configuration implements Cloneable {
this.forceGlobalBucketAccessEnabled = forceGlobalBucketAccessEnabled;
}
- boolean hasProxyConfiguration() {
+ /**
+ * Set whether the S3 client should expect to load credentials on an EC2
instance or to
+ * expect static credentials to be passed in.
+ */
+ public void setUseIAMCredentials(Boolean useIAMCredentials) {
+ this.useIAMCredentials = useIAMCredentials;
+ }
+
+ public Boolean isUseIAMCredentials() {
+ return useIAMCredentials;
+ }
+
+ public boolean hasProxyConfiguration() {
return ObjectHelper.isNotEmpty(getProxyHost()) &&
ObjectHelper.isNotEmpty(getProxyPort());
}
diff --git
a/components/camel-aws/src/main/java/org/apache/camel/component/aws/s3/S3Endpoint.java
b/components/camel-aws/src/main/java/org/apache/camel/component/aws/s3/S3Endpoint.java
index ae4c9ec..fd02c52 100644
---
a/components/camel-aws/src/main/java/org/apache/camel/component/aws/s3/S3Endpoint.java
+++
b/components/camel-aws/src/main/java/org/apache/camel/component/aws/s3/S3Endpoint.java
@@ -17,21 +17,11 @@
package org.apache.camel.component.aws.s3;
import com.amazonaws.AmazonServiceException;
-import com.amazonaws.ClientConfiguration;
-import com.amazonaws.auth.AWSCredentials;
-import com.amazonaws.auth.AWSCredentialsProvider;
-import com.amazonaws.auth.AWSStaticCredentialsProvider;
-import com.amazonaws.auth.BasicAWSCredentials;
-import com.amazonaws.regions.Regions;
import com.amazonaws.services.s3.AmazonS3;
-import com.amazonaws.services.s3.AmazonS3ClientBuilder;
-import com.amazonaws.services.s3.AmazonS3EncryptionClientBuilder;
import com.amazonaws.services.s3.model.CreateBucketRequest;
import com.amazonaws.services.s3.model.ListObjectsRequest;
import com.amazonaws.services.s3.model.ObjectMetadata;
import com.amazonaws.services.s3.model.S3Object;
-import com.amazonaws.services.s3.model.StaticEncryptionMaterialsProvider;
-
import org.apache.camel.CamelContext;
import org.apache.camel.Component;
import org.apache.camel.Consumer;
@@ -40,6 +30,7 @@ import org.apache.camel.ExchangePattern;
import org.apache.camel.Message;
import org.apache.camel.Processor;
import org.apache.camel.Producer;
+import org.apache.camel.component.aws.s3.client.AWSS3ClientFactory;
import org.apache.camel.impl.ScheduledPollEndpoint;
import org.apache.camel.spi.Metadata;
import org.apache.camel.spi.UriEndpoint;
@@ -47,7 +38,6 @@ import org.apache.camel.spi.UriParam;
import org.apache.camel.spi.UriPath;
import org.apache.camel.support.SynchronizationAdapter;
import org.apache.camel.util.IOHelper;
-import org.apache.camel.util.ObjectHelper;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -102,7 +92,8 @@ public class S3Endpoint extends ScheduledPollEndpoint {
public void doStart() throws Exception {
super.doStart();
- s3Client = configuration.getAmazonS3Client() != null ?
configuration.getAmazonS3Client() : createS3Client();
+ s3Client = configuration.getAmazonS3Client() != null ?
configuration.getAmazonS3Client()
+ : AWSS3ClientFactory.getAWSS3Client(configuration,
getMaxConnections()).getS3Client();
String fileName = getConfiguration().getFileName();
@@ -146,7 +137,7 @@ public class S3Endpoint extends ScheduledPollEndpoint {
LOG.trace("Bucket policy updated");
}
}
-
+
@Override
public void doStop() throws Exception {
if (s3Client != null) {
@@ -228,100 +219,6 @@ public class S3Endpoint extends ScheduledPollEndpoint {
return s3Client;
}
- /**
- * Provide the possibility to override this method for an mock
- * implementation
- */
- AmazonS3 createS3Client() {
-
- AmazonS3 client = null;
- AmazonS3ClientBuilder clientBuilder = null;
- AmazonS3EncryptionClientBuilder encClientBuilder = null;
- ClientConfiguration clientConfiguration = null;
- boolean isClientConfigFound = false;
- if (configuration.hasProxyConfiguration()) {
- clientConfiguration = new ClientConfiguration();
- clientConfiguration.setProxyHost(configuration.getProxyHost());
- clientConfiguration.setProxyPort(configuration.getProxyPort());
- clientConfiguration.setMaxConnections(getMaxConnections());
- isClientConfigFound = true;
- } else {
- clientConfiguration = new ClientConfiguration();
- clientConfiguration.setMaxConnections(getMaxConnections());
- isClientConfigFound = true;
- }
- if (configuration.getAccessKey() != null &&
configuration.getSecretKey() != null) {
- AWSCredentials credentials = new
BasicAWSCredentials(configuration.getAccessKey(), configuration.getSecretKey());
- AWSCredentialsProvider credentialsProvider = new
AWSStaticCredentialsProvider(credentials);
- if (isClientConfigFound && !configuration.isUseEncryption()) {
- clientBuilder =
AmazonS3ClientBuilder.standard().withClientConfiguration(clientConfiguration).withCredentials(credentialsProvider);
- } else if (isClientConfigFound && configuration.isUseEncryption())
{
- StaticEncryptionMaterialsProvider encryptionMaterialsProvider
= new StaticEncryptionMaterialsProvider(configuration.getEncryptionMaterials());
- encClientBuilder =
AmazonS3EncryptionClientBuilder.standard().withClientConfiguration(clientConfiguration).withCredentials(credentialsProvider)
- .withEncryptionMaterials(encryptionMaterialsProvider);
- } else {
- clientBuilder =
AmazonS3ClientBuilder.standard().withCredentials(credentialsProvider);
- }
- if (!configuration.isUseEncryption()) {
- if (ObjectHelper.isNotEmpty(configuration.getRegion())) {
- clientBuilder =
clientBuilder.withRegion(Regions.valueOf(configuration.getRegion()));
- }
- clientBuilder =
clientBuilder.withPathStyleAccessEnabled(configuration.isPathStyleAccess());
- clientBuilder =
clientBuilder.withChunkedEncodingDisabled(configuration.isChunkedEncodingDisabled());
- clientBuilder =
clientBuilder.withAccelerateModeEnabled(configuration.isAccelerateModeEnabled());
- clientBuilder =
clientBuilder.withDualstackEnabled(configuration.isDualstackEnabled());
- clientBuilder =
clientBuilder.withPayloadSigningEnabled(configuration.isPayloadSigningEnabled());
- clientBuilder =
clientBuilder.withForceGlobalBucketAccessEnabled(configuration.isForceGlobalBucketAccessEnabled());
- client = clientBuilder.build();
- } else {
- if (ObjectHelper.isNotEmpty(configuration.getRegion())) {
- encClientBuilder =
encClientBuilder.withRegion(Regions.valueOf(configuration.getRegion()));
- }
- encClientBuilder =
encClientBuilder.withPathStyleAccessEnabled(configuration.isPathStyleAccess());
- encClientBuilder =
encClientBuilder.withChunkedEncodingDisabled(configuration.isChunkedEncodingDisabled());
- encClientBuilder =
encClientBuilder.withAccelerateModeEnabled(configuration.isAccelerateModeEnabled());
- encClientBuilder =
encClientBuilder.withDualstackEnabled(configuration.isDualstackEnabled());
- encClientBuilder =
encClientBuilder.withPayloadSigningEnabled(configuration.isPayloadSigningEnabled());
- encClientBuilder =
encClientBuilder.withForceGlobalBucketAccessEnabled(configuration.isForceGlobalBucketAccessEnabled());
- client = encClientBuilder.build();
- }
- } else {
- if (isClientConfigFound && !configuration.isUseEncryption()) {
- clientBuilder = AmazonS3ClientBuilder.standard();
- } else if (isClientConfigFound && configuration.isUseEncryption())
{
- StaticEncryptionMaterialsProvider encryptionMaterialsProvider
= new StaticEncryptionMaterialsProvider(configuration.getEncryptionMaterials());
- encClientBuilder =
AmazonS3EncryptionClientBuilder.standard().withClientConfiguration(clientConfiguration).withEncryptionMaterials(encryptionMaterialsProvider);
- } else {
- clientBuilder =
AmazonS3ClientBuilder.standard().withClientConfiguration(clientConfiguration);
- }
- if (!configuration.isUseEncryption()) {
- if (ObjectHelper.isNotEmpty(configuration.getRegion())) {
- clientBuilder =
clientBuilder.withRegion(Regions.valueOf(configuration.getRegion()));
- }
- clientBuilder =
clientBuilder.withPathStyleAccessEnabled(configuration.isPathStyleAccess());
- clientBuilder =
clientBuilder.withChunkedEncodingDisabled(configuration.isChunkedEncodingDisabled());
- clientBuilder =
clientBuilder.withAccelerateModeEnabled(configuration.isAccelerateModeEnabled());
- clientBuilder =
clientBuilder.withDualstackEnabled(configuration.isDualstackEnabled());
- clientBuilder =
clientBuilder.withPayloadSigningEnabled(configuration.isPayloadSigningEnabled());
- clientBuilder =
clientBuilder.withForceGlobalBucketAccessEnabled(configuration.isForceGlobalBucketAccessEnabled());
- client = clientBuilder.build();
-
- } else {
- if (ObjectHelper.isNotEmpty(configuration.getRegion())) {
- encClientBuilder =
encClientBuilder.withRegion(Regions.valueOf(configuration.getRegion()));
- }
- encClientBuilder =
encClientBuilder.withPathStyleAccessEnabled(configuration.isPathStyleAccess());
- encClientBuilder =
encClientBuilder.withChunkedEncodingDisabled(configuration.isChunkedEncodingDisabled());
- encClientBuilder =
encClientBuilder.withAccelerateModeEnabled(configuration.isAccelerateModeEnabled());
- encClientBuilder =
encClientBuilder.withDualstackEnabled(configuration.isDualstackEnabled());
- encClientBuilder =
encClientBuilder.withPayloadSigningEnabled(configuration.isPayloadSigningEnabled());
- encClientBuilder =
encClientBuilder.withForceGlobalBucketAccessEnabled(configuration.isForceGlobalBucketAccessEnabled());
- client = encClientBuilder.build();
- }
- }
- return client;
- }
-
public int getMaxMessagesPerPoll() {
return maxMessagesPerPoll;
}
diff --git
a/components/camel-aws/src/main/java/org/apache/camel/component/aws/s3/client/AWSS3Client.java
b/components/camel-aws/src/main/java/org/apache/camel/component/aws/s3/client/AWSS3Client.java
new file mode 100644
index 0000000..b9dfe4c
--- /dev/null
+++
b/components/camel-aws/src/main/java/org/apache/camel/component/aws/s3/client/AWSS3Client.java
@@ -0,0 +1,31 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.camel.component.aws.s3.client;
+
+import com.amazonaws.services.s3.AmazonS3;
+
+/**
+ * Mange the required actions of an s3 client for either local or remote.
+ */
+public interface AWSS3Client {
+
+ /**
+ * Returns an s3 client after a factory method determines which one to
return.
+ * @return AmazonS3 AmazonS3
+ */
+ AmazonS3 getS3Client();
+}
diff --git
a/components/camel-aws/src/main/java/org/apache/camel/component/aws/s3/client/AWSS3ClientFactory.java
b/components/camel-aws/src/main/java/org/apache/camel/component/aws/s3/client/AWSS3ClientFactory.java
new file mode 100644
index 0000000..a38728a
--- /dev/null
+++
b/components/camel-aws/src/main/java/org/apache/camel/component/aws/s3/client/AWSS3ClientFactory.java
@@ -0,0 +1,43 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.camel.component.aws.s3.client;
+
+import org.apache.camel.component.aws.s3.S3Configuration;
+import
org.apache.camel.component.aws.s3.client.impl.IAMOptimizedAWSS3ClientImpl;
+import org.apache.camel.component.aws.s3.client.impl.StandardAWSS3ClientImpl;
+
+/**
+ * Factory class to return the correct type of AWS S3 aws.
+ */
+public final class AWSS3ClientFactory {
+
+ private AWSS3ClientFactory() {
+ // Prevent instantiation of this factory class.
+ throw new RuntimeException("Do not instantiate a Factory class! Refer
to the class "
+ + "to learn how to properly use this
factory implementation.");
+ }
+
+ /**
+ * Return the correct aws s3 client (based on remote vs local).
+ * @param maxConnections max connections
+ * @return AWSS3Client
+ */
+ public static AWSS3Client getAWSS3Client(S3Configuration configuration,
int maxConnections) {
+ return configuration.isUseIAMCredentials() ? new
IAMOptimizedAWSS3ClientImpl(configuration, maxConnections)
+ : new StandardAWSS3ClientImpl(configuration, maxConnections);
+ }
+}
diff --git
a/components/camel-aws/src/main/java/org/apache/camel/component/aws/s3/client/impl/IAMOptimizedAWSS3ClientImpl.java
b/components/camel-aws/src/main/java/org/apache/camel/component/aws/s3/client/impl/IAMOptimizedAWSS3ClientImpl.java
new file mode 100644
index 0000000..a754aff
--- /dev/null
+++
b/components/camel-aws/src/main/java/org/apache/camel/component/aws/s3/client/impl/IAMOptimizedAWSS3ClientImpl.java
@@ -0,0 +1,109 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.camel.component.aws.s3.client.impl;
+
+import com.amazonaws.ClientConfiguration;
+import com.amazonaws.auth.InstanceProfileCredentialsProvider;
+import com.amazonaws.regions.Regions;
+import com.amazonaws.services.s3.AmazonS3;
+import com.amazonaws.services.s3.AmazonS3ClientBuilder;
+import com.amazonaws.services.s3.AmazonS3EncryptionClientBuilder;
+import com.amazonaws.services.s3.model.StaticEncryptionMaterialsProvider;
+import org.apache.camel.component.aws.s3.S3Configuration;
+import org.apache.camel.component.aws.s3.client.AWSS3Client;
+import org.apache.camel.util.ObjectHelper;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+/**
+ * Manage an AWS s3 client for all users to use (enabling temporary creds).
+ * This implementation is for remote instances to manage the credentials on
their own (eliminating credential rotations)
+ */
+public class IAMOptimizedAWSS3ClientImpl implements AWSS3Client {
+ private static final Logger LOG =
LoggerFactory.getLogger(IAMOptimizedAWSS3ClientImpl.class);
+ private S3Configuration configuration;
+ private int maxConnections;
+
+ /**
+ * Constructor that uses the config file.
+ */
+ public IAMOptimizedAWSS3ClientImpl(S3Configuration configuration, int
maxConnections) {
+ LOG.trace("Creating an AWS S3 client for an ec2 instance with IAM
temporary credentials (normal for ec2s).");
+ this.configuration = configuration;
+ this.maxConnections = maxConnections;
+ }
+
+ /**
+ * Getting the s3 aws client that is used.
+ * @return Amazon S3 Client.
+ */
+ public AmazonS3 getS3Client() {
+ AmazonS3 client = null;
+ AmazonS3ClientBuilder clientBuilder = null;
+ AmazonS3EncryptionClientBuilder encClientBuilder = null;
+ ClientConfiguration clientConfiguration = null;
+ if (configuration.hasProxyConfiguration()) {
+ clientConfiguration = new ClientConfiguration();
+ clientConfiguration.setProxyHost(configuration.getProxyHost());
+ clientConfiguration.setProxyPort(configuration.getProxyPort());
+ clientConfiguration.setMaxConnections(maxConnections);
+ } else {
+ clientConfiguration = new ClientConfiguration();
+ clientConfiguration.setMaxConnections(maxConnections);
+ }
+
+ if (configuration.getAccessKey() != null ||
configuration.getSecretKey() != null) {
+ LOG.trace("Do not pass in unnecessary static credentials when
selecting the IAM credential option.");
+ }
+
+ if (!configuration.isUseEncryption()) {
+ clientBuilder = AmazonS3ClientBuilder
+ .standard()
+ .withCredentials(new
InstanceProfileCredentialsProvider(false));
+ } else if (configuration.isUseEncryption()) {
+ StaticEncryptionMaterialsProvider encryptionMaterialsProvider =
new StaticEncryptionMaterialsProvider(
+ configuration.getEncryptionMaterials());
+ encClientBuilder = AmazonS3EncryptionClientBuilder
+ .standard()
+
.withClientConfiguration(clientConfiguration)
+
.withEncryptionMaterials(encryptionMaterialsProvider)
+ .withCredentials(new
InstanceProfileCredentialsProvider(false));
+ } else {
+ clientBuilder = AmazonS3ClientBuilder
+ .standard()
+
.withClientConfiguration(clientConfiguration)
+ .withCredentials(new
InstanceProfileCredentialsProvider(false));
+ }
+
+ if (!configuration.isUseEncryption()) {
+ if (ObjectHelper.isNotEmpty(configuration.getRegion())) {
+ clientBuilder =
clientBuilder.withRegion(Regions.fromName(configuration.getRegion()));
+ }
+ clientBuilder =
clientBuilder.withPathStyleAccessEnabled(configuration.isPathStyleAccess());
+ client = clientBuilder.build();
+ } else {
+ if (ObjectHelper.isNotEmpty(configuration.getRegion())) {
+ encClientBuilder =
encClientBuilder.withRegion(Regions.fromName(configuration.getRegion()));
+ }
+ encClientBuilder =
encClientBuilder.withPathStyleAccessEnabled(configuration.isPathStyleAccess());
+ client = encClientBuilder.build();
+ }
+
+ return client;
+ }
+}
diff --git
a/components/camel-aws/src/main/java/org/apache/camel/component/aws/s3/client/impl/StandardAWSS3ClientImpl.java
b/components/camel-aws/src/main/java/org/apache/camel/component/aws/s3/client/impl/StandardAWSS3ClientImpl.java
new file mode 100644
index 0000000..580c14f
--- /dev/null
+++
b/components/camel-aws/src/main/java/org/apache/camel/component/aws/s3/client/impl/StandardAWSS3ClientImpl.java
@@ -0,0 +1,140 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.camel.component.aws.s3.client.impl;
+
+import com.amazonaws.ClientConfiguration;
+import com.amazonaws.auth.AWSCredentials;
+import com.amazonaws.auth.AWSCredentialsProvider;
+import com.amazonaws.auth.AWSStaticCredentialsProvider;
+import com.amazonaws.auth.BasicAWSCredentials;
+import com.amazonaws.regions.Regions;
+import com.amazonaws.services.s3.AmazonS3;
+import com.amazonaws.services.s3.AmazonS3ClientBuilder;
+import com.amazonaws.services.s3.AmazonS3EncryptionClientBuilder;
+import com.amazonaws.services.s3.model.StaticEncryptionMaterialsProvider;
+import org.apache.camel.component.aws.s3.S3Configuration;
+import org.apache.camel.component.aws.s3.client.AWSS3Client;
+import org.apache.camel.util.ObjectHelper;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+/**
+ * Manage an AWS s3 client for all users to use.
+ * This implementation is for local instances to use a static and solid
credential set.
+ */
+public class StandardAWSS3ClientImpl implements AWSS3Client {
+ private static final Logger LOG =
LoggerFactory.getLogger(StandardAWSS3ClientImpl.class);
+ private S3Configuration configuration;
+ private int maxConnections;
+
+ /**
+ * Constructor that uses the config file.
+ */
+ public StandardAWSS3ClientImpl(S3Configuration configuration, int
maxConnections) {
+ LOG.trace("Creating an AWS S3 manager using static credentials.");
+ this.configuration = configuration;
+ this.maxConnections = maxConnections;
+ }
+
+ /**
+ * Getting the s3 aws client that is used.
+ * @return Amazon S3 Client.
+ */
+ public AmazonS3 getS3Client() {
+ AmazonS3 client = null;
+ AmazonS3ClientBuilder clientBuilder = null;
+ AmazonS3EncryptionClientBuilder encClientBuilder = null;
+ ClientConfiguration clientConfiguration = null;
+
+ if (configuration.hasProxyConfiguration()) {
+ clientConfiguration = new ClientConfiguration();
+ clientConfiguration.setProxyHost(configuration.getProxyHost());
+ clientConfiguration.setProxyPort(configuration.getProxyPort());
+ clientConfiguration.setMaxConnections(maxConnections);
+ } else {
+ clientConfiguration = new ClientConfiguration();
+ clientConfiguration.setMaxConnections(maxConnections);
+ }
+
+ if (configuration.getAccessKey() != null &&
configuration.getSecretKey() != null) {
+ AWSCredentials credentials = new
BasicAWSCredentials(configuration.getAccessKey(), configuration.getSecretKey());
+ AWSCredentialsProvider credentialsProvider = new
AWSStaticCredentialsProvider(credentials);
+ if (!configuration.isUseEncryption()) {
+ clientBuilder = AmazonS3ClientBuilder
+ .standard()
+
.withClientConfiguration(clientConfiguration).withCredentials(credentialsProvider);
+ } else if (configuration.isUseEncryption()) {
+ StaticEncryptionMaterialsProvider encryptionMaterialsProvider
+ = new
StaticEncryptionMaterialsProvider(configuration.getEncryptionMaterials());
+ encClientBuilder = AmazonS3EncryptionClientBuilder
+ .standard()
+
.withClientConfiguration(clientConfiguration)
+ .withCredentials(credentialsProvider)
+
.withEncryptionMaterials(encryptionMaterialsProvider);
+ } else {
+ clientBuilder = AmazonS3ClientBuilder
+ .standard()
+ .withCredentials(credentialsProvider);
+ }
+
+ if (!configuration.isUseEncryption()) {
+ if (ObjectHelper.isNotEmpty(configuration.getRegion())) {
+ clientBuilder =
clientBuilder.withRegion(Regions.fromName(configuration.getRegion()));
+ }
+ clientBuilder =
clientBuilder.withPathStyleAccessEnabled(configuration.isPathStyleAccess());
+ client = clientBuilder.build();
+ } else {
+ if (ObjectHelper.isNotEmpty(configuration.getRegion())) {
+ encClientBuilder =
encClientBuilder.withRegion(Regions.fromName(configuration.getRegion()));
+ }
+ encClientBuilder =
encClientBuilder.withPathStyleAccessEnabled(configuration.isPathStyleAccess());
+ client = encClientBuilder.build();
+ }
+ } else {
+ if (!configuration.isUseEncryption()) {
+ clientBuilder = AmazonS3ClientBuilder.standard();
+ } else if (configuration.isUseEncryption()) {
+ StaticEncryptionMaterialsProvider encryptionMaterialsProvider
+ = new
StaticEncryptionMaterialsProvider(configuration.getEncryptionMaterials());
+ encClientBuilder = AmazonS3EncryptionClientBuilder
+ .standard()
+
.withClientConfiguration(clientConfiguration)
+
.withEncryptionMaterials(encryptionMaterialsProvider);
+ } else {
+ clientBuilder = AmazonS3ClientBuilder
+ .standard()
+
.withClientConfiguration(clientConfiguration);
+ }
+
+ if (!configuration.isUseEncryption()) {
+ if (ObjectHelper.isNotEmpty(configuration.getRegion())) {
+ clientBuilder =
clientBuilder.withRegion(Regions.valueOf(configuration.getRegion()));
+ }
+ clientBuilder =
clientBuilder.withPathStyleAccessEnabled(configuration.isPathStyleAccess());
+ client = clientBuilder.build();
+ } else {
+ if (ObjectHelper.isNotEmpty(configuration.getRegion())) {
+ encClientBuilder =
encClientBuilder.withRegion(Regions.valueOf(configuration.getRegion()));
+ }
+ encClientBuilder =
encClientBuilder.withPathStyleAccessEnabled(configuration.isPathStyleAccess());
+ client = encClientBuilder.build();
+ }
+ }
+ return client;
+ }
+}
diff --git
a/components/camel-aws/src/test/java/org/apache/camel/component/aws/s3/AWSS3ClientFactoryTest.java
b/components/camel-aws/src/test/java/org/apache/camel/component/aws/s3/AWSS3ClientFactoryTest.java
new file mode 100644
index 0000000..a28a704
--- /dev/null
+++
b/components/camel-aws/src/test/java/org/apache/camel/component/aws/s3/AWSS3ClientFactoryTest.java
@@ -0,0 +1,52 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.camel.component.aws.s3;
+
+import org.apache.camel.component.aws.s3.client.AWSS3Client;
+import org.apache.camel.component.aws.s3.client.AWSS3ClientFactory;
+import
org.apache.camel.component.aws.s3.client.impl.IAMOptimizedAWSS3ClientImpl;
+import org.apache.camel.component.aws.s3.client.impl.StandardAWSS3ClientImpl;
+import org.junit.Assert;
+import org.junit.Test;
+
+public class AWSS3ClientFactoryTest {
+ private static final int MAX_CONNECTIONS = 1;
+
+ @Test
+ public void getStandardS3ClientDefault() {
+ S3Configuration s3Configuration = new S3Configuration();
+ AWSS3Client awss3Client =
AWSS3ClientFactory.getAWSS3Client(s3Configuration, MAX_CONNECTIONS);
+ Assert.assertTrue(awss3Client instanceof StandardAWSS3ClientImpl);
+ }
+
+ @Test
+ public void getStandardS3Client() {
+ S3Configuration s3Configuration = new S3Configuration();
+ s3Configuration.setUseIAMCredentials(false);
+ AWSS3Client awss3Client =
AWSS3ClientFactory.getAWSS3Client(s3Configuration, MAX_CONNECTIONS);
+ Assert.assertTrue(awss3Client instanceof StandardAWSS3ClientImpl);
+ }
+
+ @Test
+ public void getIAMOptimizedS3Client() {
+ S3Configuration s3Configuration = new S3Configuration();
+ s3Configuration.setUseIAMCredentials(true);
+ AWSS3Client awss3Client =
AWSS3ClientFactory.getAWSS3Client(s3Configuration, MAX_CONNECTIONS);
+ Assert.assertTrue(awss3Client instanceof IAMOptimizedAWSS3ClientImpl);
+ }
+}
\ No newline at end of file
diff --git
a/components/camel-aws/src/test/java/org/apache/camel/component/aws/s3/client/impl/IAMOptimizedAWSS3ClientImplTest.java
b/components/camel-aws/src/test/java/org/apache/camel/component/aws/s3/client/impl/IAMOptimizedAWSS3ClientImplTest.java
new file mode 100644
index 0000000..571c409
--- /dev/null
+++
b/components/camel-aws/src/test/java/org/apache/camel/component/aws/s3/client/impl/IAMOptimizedAWSS3ClientImplTest.java
@@ -0,0 +1,65 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.camel.component.aws.s3.client.impl;
+
+import com.amazonaws.services.s3.AmazonS3;
+import com.amazonaws.services.s3.AmazonS3EncryptionClient;
+import com.amazonaws.services.s3.model.EncryptionMaterials;
+import org.apache.camel.component.aws.s3.S3Configuration;
+import org.junit.Assert;
+import org.junit.Test;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.when;
+
+/**
+ * Basic testing to ensure that the IAMOptimizedAWSS3ClientImplTest class is
returning a standard client that is
+ * capable of encryption given certain parameters. This client is new to Camel
as of 02-15-2018 and enables IAM
+ * temporary credentials to improve security.
+ */
+public class IAMOptimizedAWSS3ClientImplTest {
+ private static final int MAX_CONNECTIONS = 1;
+ private EncryptionMaterials encryptionMaterials =
mock(EncryptionMaterials.class);
+
+ @Test
+ public void iamOptimizedAWSS3ClientImplNoEncryption() {
+ IAMOptimizedAWSS3ClientImpl iamOptimizedAWSS3Client = new
IAMOptimizedAWSS3ClientImpl(getS3ConfigurationNoEncryption(), MAX_CONNECTIONS);
+ AmazonS3 s3Client = iamOptimizedAWSS3Client.getS3Client();
+ Assert.assertNotNull(s3Client);
+ Assert.assertFalse(s3Client instanceof AmazonS3EncryptionClient);
+ }
+
+ @Test
+ public void iamOptimizedAWSS3ClientImplUseEncryption() {
+ IAMOptimizedAWSS3ClientImpl iamOptimizedAWSS3Client = new
IAMOptimizedAWSS3ClientImpl(getS3ConfigurationUseEncryption(), MAX_CONNECTIONS);
+ AmazonS3 s3Client = iamOptimizedAWSS3Client.getS3Client();
+ Assert.assertNotNull(s3Client);
+ Assert.assertTrue(s3Client instanceof AmazonS3EncryptionClient);
+ }
+
+ private S3Configuration getS3ConfigurationNoEncryption() {
+ S3Configuration s3Configuration = mock(S3Configuration.class);
+ when(s3Configuration.isUseEncryption()).thenReturn(false);
+ return s3Configuration;
+ }
+
+ private S3Configuration getS3ConfigurationUseEncryption() {
+ S3Configuration s3Configuration = mock(S3Configuration.class);
+ when(s3Configuration.isUseEncryption()).thenReturn(true);
+ return s3Configuration;
+ }
+}
diff --git
a/components/camel-aws/src/test/java/org/apache/camel/component/aws/s3/client/impl/StandardAWSS3ClientImplTest.java
b/components/camel-aws/src/test/java/org/apache/camel/component/aws/s3/client/impl/StandardAWSS3ClientImplTest.java
new file mode 100644
index 0000000..014910d
--- /dev/null
+++
b/components/camel-aws/src/test/java/org/apache/camel/component/aws/s3/client/impl/StandardAWSS3ClientImplTest.java
@@ -0,0 +1,65 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.camel.component.aws.s3.client.impl;
+
+import com.amazonaws.services.s3.AmazonS3;
+import com.amazonaws.services.s3.AmazonS3EncryptionClient;
+import com.amazonaws.services.s3.model.EncryptionMaterials;
+import org.apache.camel.component.aws.s3.S3Configuration;
+import org.junit.Assert;
+import org.junit.Test;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.when;
+
+/**
+ * Basic testing to ensure that the StandardAWSS3ClientImpl class is returning
a standard client that is
+ * capable of encryption given certain parameters. These clients have been in
existence for a long time, but haven't
+ * been properly unit tested.
+ */
+public class StandardAWSS3ClientImplTest {
+ private static final int MAX_CONNECTIONS = 1;
+ private EncryptionMaterials encryptionMaterials =
mock(EncryptionMaterials.class);
+
+ @Test
+ public void standardAWSS3ClientImplNoEncryption() {
+ StandardAWSS3ClientImpl standardAWSS3Client = new
StandardAWSS3ClientImpl(getS3ConfigurationNoEncryption(), MAX_CONNECTIONS);
+ AmazonS3 s3Client = standardAWSS3Client.getS3Client();
+ Assert.assertNotNull(s3Client);
+ Assert.assertFalse(s3Client instanceof AmazonS3EncryptionClient);
+ }
+
+ @Test
+ public void standardAWSS3ClientImplUseEncryption() {
+ StandardAWSS3ClientImpl standardAWSS3Client = new
StandardAWSS3ClientImpl(getS3ConfigurationUseEncryption(), MAX_CONNECTIONS);
+ AmazonS3 s3Client = standardAWSS3Client.getS3Client();
+ Assert.assertNotNull(s3Client);
+ Assert.assertTrue(s3Client instanceof AmazonS3EncryptionClient);
+ }
+
+ private S3Configuration getS3ConfigurationNoEncryption() {
+ S3Configuration s3Configuration = mock(S3Configuration.class);
+ when(s3Configuration.isUseEncryption()).thenReturn(false);
+ return s3Configuration;
+ }
+
+ private S3Configuration getS3ConfigurationUseEncryption() {
+ S3Configuration s3Configuration = mock(S3Configuration.class);
+ when(s3Configuration.isUseEncryption()).thenReturn(true);
+ return s3Configuration;
+ }
+}
--
To stop receiving notification emails like this one, please contact
acosent...@apache.org.
