[backend] Allow for use of AWS IAM Role (#1453)

* [backend] Allow for use of AWS IAM Role
OpenBAS-Platform · Nov 7, 2024 · 8eabb12 · 8eabb12
1 parent 7d15dd7
commit 8eabb12
Show file tree

Hide file tree

Showing 4 changed files with 49 additions and 60 deletions.
diff --git a/openbas-api/src/main/resources/application.properties b/openbas-api/src/main/resources/application.properties
@@ -123,6 +123,9 @@ minio.bucket=openbas
 minio.port=9000
 minio.access-key=<key>
 minio.access-secret=<secret>
+# S3 configuration
+openbas.s3.use-aws-role=false
+openbas.s3.sts-endpoint=<sts_endpoint>
 
 # Logging
 logging.level.root=fatal

diff --git a/openbas-model/src/main/java/io/openbas/config/MinioConfig.java b/openbas-model/src/main/java/io/openbas/config/MinioConfig.java
@@ -1,11 +1,13 @@
 package io.openbas.config;
 
 import jakarta.validation.constraints.NotNull;
+import lombok.Data;
 import org.springframework.boot.context.properties.ConfigurationProperties;
 import org.springframework.stereotype.Component;
 
 @Component
 @ConfigurationProperties(prefix = "minio")
+@Data
 public class MinioConfig {
 
   @NotNull private String endpoint;
@@ -17,52 +19,4 @@ public class MinioConfig {
   private int port = 9000;
   private String bucket = "openbas";
   private boolean secure = false;
-
-  public String getAccessKey() {
-    return accessKey;
-  }
-
-  public void setAccessKey(String accessKey) {
-    this.accessKey = accessKey;
-  }
-
-  public String getAccessSecret() {
-    return accessSecret;
-  }
-
-  public void setAccessSecret(String accessSecret) {
-    this.accessSecret = accessSecret;
-  }
-
-  public String getEndpoint() {
-    return endpoint;
-  }
-
-  public void setEndpoint(String endpoint) {
-    this.endpoint = endpoint;
-  }
-
-  public String getBucket() {
-    return bucket;
-  }
-
-  public void setBucket(String bucket) {
-    this.bucket = bucket;
-  }
-
-  public int getPort() {
-    return port;
-  }
-
-  public void setPort(int port) {
-    this.port = port;
-  }
-
-  public boolean isSecure() {
-    return secure;
-  }
-
-  public void setSecure(boolean secure) {
-    this.secure = secure;
-  }
 }
diff --git a/openbas-model/src/main/java/io/openbas/config/S3Config.java b/openbas-model/src/main/java/io/openbas/config/S3Config.java
@@ -0,0 +1,18 @@
+package io.openbas.config;
+
+import com.fasterxml.jackson.annotation.JsonProperty;
+import lombok.Data;
+import org.springframework.boot.context.properties.ConfigurationProperties;
+import org.springframework.stereotype.Component;
+
+@Component
+@ConfigurationProperties(prefix = "openbas.s3")
+@Data
+public class S3Config {
+
+  @JsonProperty("use-aws-role")
+  private boolean useAwsRole = false;
+
+  @JsonProperty("sts-endpoint")
+  private String stsEndpoint;
+}
diff --git a/openbas-model/src/main/java/io/openbas/driver/MinioDriver.java b/openbas-model/src/main/java/io/openbas/driver/MinioDriver.java
@@ -3,27 +3,41 @@
 import io.minio.BucketExistsArgs;
 import io.minio.MakeBucketArgs;
 import io.minio.MinioClient;
+import io.minio.credentials.*;
 import io.openbas.config.MinioConfig;
-import org.springframework.beans.factory.annotation.Autowired;
+import io.openbas.config.S3Config;
+import lombok.RequiredArgsConstructor;
 import org.springframework.context.annotation.Bean;
 import org.springframework.stereotype.Component;
 
 @Component
+@RequiredArgsConstructor
 public class MinioDriver {
-  private MinioConfig minioConfig;
-
-  @Autowired
-  public void setMinioConfig(MinioConfig minioConfig) {
-    this.minioConfig = minioConfig;
-  }
+  private final MinioConfig minioConfig;
+  private final S3Config s3Config;
 
   @Bean
   public MinioClient minioClient() throws Exception {
-    MinioClient minioClient =
-        MinioClient.builder()
-            .endpoint(minioConfig.getEndpoint(), minioConfig.getPort(), minioConfig.isSecure())
-            .credentials(minioConfig.getAccessKey(), minioConfig.getAccessSecret())
-            .build();
+    MinioClient minioClient;
+    if (s3Config.isUseAwsRole()) {
+      String stsEndpoint = null;
+      if (s3Config.getStsEndpoint() != null && !s3Config.getStsEndpoint().isEmpty()) {
+        stsEndpoint = s3Config.getStsEndpoint();
+      }
+      IamAwsProvider provider = new IamAwsProvider(stsEndpoint, null);
+
+      minioClient =
+          MinioClient.builder()
+              .endpoint(minioConfig.getEndpoint())
+              .credentialsProvider(provider)
+              .build();
+    } else {
+      minioClient =
+          MinioClient.builder()
+              .endpoint(minioConfig.getEndpoint(), minioConfig.getPort(), minioConfig.isSecure())
+              .credentials(minioConfig.getAccessKey(), minioConfig.getAccessSecret())
+              .build();
+    }
     // Make bucket if not exist.
     BucketExistsArgs bucketExistsArgs =
         BucketExistsArgs.builder().bucket(minioConfig.getBucket()).build();