zipkin.autoconfigure.collector.sqs.ZipkinSQSCredentialsAutoConfiguration.java Source code

Java tutorial

Introduction

Here is the source code for zipkin.autoconfigure.collector.sqs.ZipkinSQSCredentialsAutoConfiguration.java

Source

/**
 * Copyright 2016-2017 The OpenZipkin Authors
 *
 * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
 * in compliance with the License. You may obtain a copy of the License at
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software distributed under the License
 * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
 * or implied. See the License for the specific language governing permissions and limitations under
 * the License.
 */
package zipkin.autoconfigure.collector.sqs;

import com.amazonaws.auth.AWSCredentialsProvider;
import com.amazonaws.auth.AWSStaticCredentialsProvider;
import com.amazonaws.auth.BasicAWSCredentials;
import com.amazonaws.auth.DefaultAWSCredentialsProviderChain;
import com.amazonaws.auth.STSAssumeRoleSessionCredentialsProvider;
import com.amazonaws.services.securitytoken.AWSSecurityTokenService;
import com.amazonaws.services.securitytoken.AWSSecurityTokenServiceClientBuilder;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.autoconfigure.condition.ConditionOutcome;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.autoconfigure.condition.SpringBootCondition;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.ConditionContext;
import org.springframework.context.annotation.Conditional;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.type.AnnotatedTypeMetadata;

@Configuration
@EnableConfigurationProperties(ZipkinSQSCollectorProperties.class)
@Conditional(ZipkinSQSCollectorAutoConfiguration.SQSSetCondition.class)
public class ZipkinSQSCredentialsAutoConfiguration {

    /** Setup {@link AWSSecurityTokenService} client an IAM role to assume is given. */
    @Bean
    @ConditionalOnMissingBean
    @Conditional(STSSetCondition.class)
    AWSSecurityTokenService securityTokenService(ZipkinSQSCollectorProperties properties) {
        return AWSSecurityTokenServiceClientBuilder.standard()
                .withCredentials(getDefaultCredentialsProvider(properties)).withRegion(properties.awsStsRegion)
                .build();
    }

    @Autowired(required = false)
    private AWSSecurityTokenService securityTokenService;

    /** By default, get credentials from the {@link DefaultAWSCredentialsProviderChain */
    @Bean
    @ConditionalOnMissingBean
    AWSCredentialsProvider credentialsProvider(ZipkinSQSCollectorProperties properties) {
        if (securityTokenService != null) {
            return new STSAssumeRoleSessionCredentialsProvider.Builder(properties.awsStsRoleArn, "zipkin-server")
                    .withStsClient(securityTokenService).build();
        } else {
            return getDefaultCredentialsProvider(properties);
        }
    }

    private static AWSCredentialsProvider getDefaultCredentialsProvider(ZipkinSQSCollectorProperties properties) {
        AWSCredentialsProvider provider = new DefaultAWSCredentialsProviderChain();

        // Create credentials provider from ID and secret if given.
        if (!isNullOrEmpty(properties.awsAccessKeyId) && !isNullOrEmpty(properties.awsSecretAccessKey)) {
            provider = new AWSStaticCredentialsProvider(
                    new BasicAWSCredentials(properties.awsAccessKeyId, properties.awsSecretAccessKey));
        }

        return provider;
    }

    private static boolean isNullOrEmpty(String value) {
        return (value == null || value.equals(""));
    }

    /**
     * This condition passes when {@link ZipkinSQSCollectorProperties#getAwsStsRoleArn()} is set to
     * non-empty.
     *
     * <p>This is here because the yaml defaults this property to empty like this, and spring-boot
     * doesn't have an option to treat empty properties as unset.
     *
     * <pre>{@code
     * aws-sts-role-arn: ${SQS_AWS_STS_ROLE_ARN:}
     * }</pre>
     */
    static final class STSSetCondition extends SpringBootCondition {

        private static final String PROPERTY_NAME = "zipkin.collector.sqs.aws-sts-role-arn";

        @Override
        public ConditionOutcome getMatchOutcome(ConditionContext context, AnnotatedTypeMetadata a) {

            String queueUrl = context.getEnvironment().getProperty(PROPERTY_NAME);

            return isEmpty(queueUrl) ? ConditionOutcome.noMatch(PROPERTY_NAME + " isn't set")
                    : ConditionOutcome.match();
        }

        private static boolean isEmpty(String s) {
            return s == null || s.isEmpty();
        }
    }
}