Skip to content

Commit 42f1fba

Browse files
shbodyagermanosin
shbodya
and
germanosin
authored
Add assume role support (#45)
Co-authored-by: German Osin <german.osin@gmail.com>
1 parent 8b8a9a2 commit 42f1fba

2 files changed

Lines changed: 25 additions & 1 deletion

File tree

src/main/java/io/kafbat/ui/serde/glue/GlueSerde.java

Lines changed: 17 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -55,6 +55,8 @@
5555
import software.amazon.awssdk.services.glue.model.GetSchemaVersionResponse;
5656
import software.amazon.awssdk.services.glue.model.SchemaId;
5757
import software.amazon.awssdk.services.glue.model.SchemaVersionNumber;
58+
import software.amazon.awssdk.services.sts.StsClient;
59+
import software.amazon.awssdk.services.sts.auth.StsAssumeRoleCredentialsProvider;
5860

5961
public class GlueSerde implements Serde {
6062

@@ -88,6 +90,7 @@ public void configure(PropertyResolver serdeProperties,
8890
serdeProperties.getProperty("region", String.class)
8991
.orElseThrow(() -> new IllegalArgumentException("region not provided for GlueSerde")),
9092
serdeProperties.getProperty("endpoint", String.class).orElse(null),
93+
serdeProperties.getProperty("roleArn", String.class).orElse(null),
9194
serdeProperties.getProperty("registry", String.class)
9295
.orElseThrow(() -> new IllegalArgumentException("registry not provided for GlueSerde")),
9396
serdeProperties.getProperty("keySchemaNameTemplate", String.class)
@@ -114,6 +117,7 @@ public void configure(PropertyResolver serdeProperties,
114117
void configure(AwsCredentialsProvider credentialsProvider,
115118
String region,
116119
@Nullable String endpoint,
120+
@Nullable String roleArn,
117121
String registryName,
118122
@Nullable String keySchemaNameTemplate,
119123
String valueSchemaNameTemplate,
@@ -160,6 +164,19 @@ static AwsCredentialsProvider createCredentialsProvider(PropertyResolver serdePr
160164
.orElseGet(() -> () -> AwsBasicCredentials.create(awsAccessKey.get(), awsSecretKey.get()));
161165
}
162166

167+
Optional<String> roleArn = serdeProperties.getProperty("roleArn", String.class);
168+
if (roleArn.isPresent()) {
169+
return StsAssumeRoleCredentialsProvider.builder()
170+
.refreshRequest(b -> b.roleArn(roleArn.get())
171+
.roleSessionName("kafbat-ui-" + UUID.randomUUID()))
172+
.stsClient(StsClient.builder()
173+
.credentialsProvider(DefaultCredentialsProvider.create())
174+
.region(Region.of(serdeProperties.getProperty("region", String.class)
175+
.orElseThrow(() -> new IllegalArgumentException("region required for assume role"))))
176+
.build())
177+
.build();
178+
}
179+
163180
Optional<String> profileName = serdeProperties.getProperty("awsProfileName", String.class);
164181
Optional<String> profileFile = serdeProperties.getProperty("awsProfileFile", String.class);
165182
if (profileName.isPresent() || profileFile.isPresent()) {

src/test/java/io/kafbat/ui/serde/glue/GlueSerdeTest.java

Lines changed: 8 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -83,8 +83,9 @@ class GlueSerdeTest {
8383

8484
private static final String REGISTRY_NAME = "kui-glue-serde-test-registry";
8585

86+
private static final Network NETWORK = Network.newNetwork();
8687
private static final KafkaContainer KAFKA = new KafkaContainer(
87-
DockerImageName.parse("confluentinc/cp-kafka:7.2.1")).withNetwork(Network.SHARED);
88+
DockerImageName.parse("confluentinc/cp-kafka:7.2.1")).withNetwork(NETWORK);
8889

8990
private static GlueClient GLUE_CLIENT;
9091

@@ -115,6 +116,7 @@ static void checkCredsResolving() {
115116
@AfterAll
116117
static void tearDown() {
117118
KAFKA.close();
119+
NETWORK.close();
118120
try {
119121
GLUE_CLIENT.deleteRegistry(
120122
DeleteRegistryRequest.builder().registryId(
@@ -194,6 +196,7 @@ private <T> void checkDeserializerIsCompatibleWithKafkaLibrarySerializer(
194196
DefaultCredentialsProvider.create(),
195197
REGION,
196198
null,
199+
null,
197200
REGISTRY_NAME,
198201
null,
199202
"%s",
@@ -228,6 +231,7 @@ private <T> void checkSerializerIsCompatibleWithKafkaLibraryDeserializer(
228231
DefaultCredentialsProvider.create(),
229232
REGION,
230233
null,
234+
null,
231235
REGISTRY_NAME,
232236
null,
233237
"%s",
@@ -403,6 +407,7 @@ void canSerializeAndCanDeserializeCheckTopicSchemaMappingMap() {
403407
DefaultCredentialsProvider.create(),
404408
REGION,
405409
null,
410+
null,
406411
REGISTRY_NAME,
407412
null,
408413
"%s",
@@ -457,6 +462,7 @@ void canSerializeAndCanDeserializeUsesTopicKVTemplateToFindSchemas() {
457462
DefaultCredentialsProvider.create(),
458463
REGION,
459464
null,
465+
null,
460466
REGISTRY_NAME,
461467
"%s-key",
462468
"%s-value",
@@ -484,6 +490,7 @@ void canDeserializeReturnsTrueForAnyTopicIfSchemaExistenceCheckIsDisabled() {
484490
DefaultCredentialsProvider.create(),
485491
REGION,
486492
null,
493+
null,
487494
REGISTRY_NAME,
488495
"%s-key",
489496
"%s-value",

0 commit comments

Comments
 (0)