From a90a3115becc7540647408eb2565fac7bd7ce239 Mon Sep 17 00:00:00 2001 From: Manabu McCloskey Date: Fri, 25 Sep 2020 17:36:29 -0600 Subject: [PATCH 01/14] WIP --- .../security/CredentialsProvider.java | 26 ++ clouddriver-aws/clouddriver-aws.gradle | 1 + .../aws/agent/CleanupAlarmsAgent.groovy | 10 +- .../CleanupDetachedInstancesAgent.groovy | 10 +- .../handlers/BasicAmazonDeployHandler.groovy | 6 +- .../ModifyServerGroupLaunchTemplate.java | 6 +- ...repareModifyServerGroupLaunchTemplate.java | 12 +- .../ops/actions/UpdateAutoScalingGroup.java | 6 +- .../SecurityGroupLookupFactory.groovy | 21 +- .../aws/provider/AwsProvider.groovy | 10 +- ...tractAmazonLoadBalancerCachingAgent.groovy | 2 +- ...ApplicationLoadBalancerCachingAgent.groovy | 2 +- .../agent/AmazonInstanceTypeCachingAgent.java | 14 +- .../AmazonSecurityGroupCachingAgent.groovy | 2 +- .../provider/agent/ClusterCachingAgent.groovy | 2 +- .../ReservationReportCachingAgent.groovy | 9 +- .../AwsInfrastructureProviderConfig.groovy | 74 +---- .../provider/config/AwsProviderConfig.groovy | 174 +---------- .../aws/provider/config/ProviderHelpers.java | 274 ++++++++++++++++++ .../provider/view/AmazonS3DataProvider.java | 10 +- .../AmazonAccountsSynchronizer.groovy | 31 -- .../AmazonBasicCredentialsLoader.java | 102 +++++++ .../security/AmazonCredentialProvider.java | 41 +++ .../AmazonCredentialsInitializer.groovy | 97 +++++-- .../AmazonCredentialsLifecycleHandler.java | 189 ++++++++++++ .../DefaultAmazonAccountsSynchronizer.groovy | 62 ---- ...ader.java => AmazonCredentialsParser.java} | 232 +++++++-------- .../security/config/CredentialsConfig.java | 3 +- .../spinnaker/config/AwsConfiguration.groovy | 48 +-- .../CleanupDetachedInstancesAgentSpec.groovy | 6 +- .../client/ContainerInstanceCacheClient.java | 3 +- .../client/EcsCloudWatchAlarmCacheClient.java | 3 +- .../cache/client/EcsClusterCacheClient.java | 3 +- .../cache/client/EcsInstanceCacheClient.java | 3 +- .../client/EcsLoadbalancerCacheClient.java | 3 +- .../client/EcsTargetGroupCacheClient.java | 3 +- .../ecs/cache/client/IamRoleCacheClient.java | 3 +- .../client/ScalableTargetCacheClient.java | 3 +- .../ecs/cache/client/SecretCacheClient.java | 3 +- .../ecs/cache/client/ServiceCacheClient.java | 3 +- .../client/ServiceDiscoveryCacheClient.java | 3 +- .../cache/client/TargetHealthCacheClient.java | 3 +- .../ecs/cache/client/TaskCacheClient.java | 3 +- .../client/TaskDefinitionCacheClient.java | 3 +- .../cache/client/TaskHealthCacheClient.java | 3 +- .../security/EcsCredentialsInitializer.java | 30 +- .../ecs/view/EcsApplicationProvider.java | 3 +- .../ecs/view/EcsInstanceProvider.java | 2 + .../provider/agent/LambdaAgentProvider.java | 15 +- 49 files changed, 966 insertions(+), 611 deletions(-) create mode 100644 clouddriver-api/src/main/java/com/netflix/spinnaker/clouddriver/security/CredentialsProvider.java create mode 100644 clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/provider/config/ProviderHelpers.java delete mode 100644 clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/security/AmazonAccountsSynchronizer.groovy create mode 100644 clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/security/AmazonBasicCredentialsLoader.java create mode 100644 clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/security/AmazonCredentialProvider.java create mode 100644 clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/security/AmazonCredentialsLifecycleHandler.java delete mode 100644 clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/security/DefaultAmazonAccountsSynchronizer.groovy rename clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/security/config/{CredentialsLoader.java => AmazonCredentialsParser.java} (67%) diff --git a/clouddriver-api/src/main/java/com/netflix/spinnaker/clouddriver/security/CredentialsProvider.java b/clouddriver-api/src/main/java/com/netflix/spinnaker/clouddriver/security/CredentialsProvider.java new file mode 100644 index 00000000000..9ce96ff7e97 --- /dev/null +++ b/clouddriver-api/src/main/java/com/netflix/spinnaker/clouddriver/security/CredentialsProvider.java @@ -0,0 +1,26 @@ +/* + * Copyright 2020 Netflix, Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +package com.netflix.spinnaker.clouddriver.security; + +import java.util.Set; + +public interface CredentialsProvider> { + Set getAll(); + + AccountCredentials getCredentials(String name); +} diff --git a/clouddriver-aws/clouddriver-aws.gradle b/clouddriver-aws/clouddriver-aws.gradle index b88927a5f87..0ebbce53444 100644 --- a/clouddriver-aws/clouddriver-aws.gradle +++ b/clouddriver-aws/clouddriver-aws.gradle @@ -21,6 +21,7 @@ dependencies { implementation "com.netflix.spinnaker.kork:kork-aws" implementation "com.netflix.spinnaker.kork:kork-exceptions" implementation "com.netflix.spinnaker.kork:kork-security" + implementation "com.netflix.spinnaker.kork:kork-credentials" implementation "com.netflix.spinnaker.moniker:moniker" implementation "com.squareup.okhttp:okhttp" implementation "com.squareup.okhttp:okhttp-apache" diff --git a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/agent/CleanupAlarmsAgent.groovy b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/agent/CleanupAlarmsAgent.groovy index d8a0caf35a5..cc84733cfdf 100644 --- a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/agent/CleanupAlarmsAgent.groovy +++ b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/agent/CleanupAlarmsAgent.groovy @@ -29,8 +29,8 @@ import com.netflix.spinnaker.clouddriver.aws.security.AmazonClientProvider import com.netflix.spinnaker.clouddriver.aws.security.AmazonCredentials import com.netflix.spinnaker.clouddriver.aws.security.NetflixAmazonCredentials import com.netflix.spinnaker.clouddriver.cache.CustomScheduledAgent -import com.netflix.spinnaker.clouddriver.security.AccountCredentialsRepository import com.netflix.spinnaker.clouddriver.security.ProviderUtils +import com.netflix.spinnaker.credentials.CredentialsRepository import groovy.util.logging.Slf4j import org.joda.time.DateTime @@ -45,20 +45,20 @@ class CleanupAlarmsAgent implements RunnableAgent, CustomScheduledAgent { public static final Pattern ALARM_NAME_PATTERN = Pattern.compile(".+-v[0-9]{3}-alarm-.+") final AmazonClientProvider amazonClientProvider - final AccountCredentialsRepository accountCredentialsRepository + final CredentialsRepository accountCredentialsRepository final long pollIntervalMillis final long timeoutMillis final int daysToLeave CleanupAlarmsAgent(AmazonClientProvider amazonClientProvider, - AccountCredentialsRepository accountCredentialsRepository, + CredentialsRepository accountCredentialsRepository, int daysToLeave) { this(amazonClientProvider, accountCredentialsRepository, POLL_INTERVAL_MILLIS, DEFAULT_TIMEOUT_MILLIS, daysToLeave) } CleanupAlarmsAgent(AmazonClientProvider amazonClientProvider, - AccountCredentialsRepository accountCredentialsRepository, + CredentialsRepository accountCredentialsRepository, long pollIntervalMillis, long timeoutMills, int daysToLeave) { @@ -120,7 +120,7 @@ class CleanupAlarmsAgent implements RunnableAgent, CustomScheduledAgent { } private Set getAccounts() { - ProviderUtils.buildThreadSafeSetOfAccounts(accountCredentialsRepository, NetflixAmazonCredentials, AmazonCloudProvider.ID) + return accountCredentialsRepository.getAll() } private static Set getAttachedAlarms(AmazonAutoScaling autoScaling) { diff --git a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/agent/CleanupDetachedInstancesAgent.groovy b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/agent/CleanupDetachedInstancesAgent.groovy index c6bdb4176d6..8552b520a56 100644 --- a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/agent/CleanupDetachedInstancesAgent.groovy +++ b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/agent/CleanupDetachedInstancesAgent.groovy @@ -28,8 +28,8 @@ import com.netflix.spinnaker.clouddriver.aws.security.NetflixAmazonCredentials import com.netflix.spinnaker.clouddriver.cache.CustomScheduledAgent import com.netflix.spinnaker.clouddriver.aws.deploy.ops.DetachInstancesAtomicOperation import com.netflix.spinnaker.clouddriver.aws.provider.AwsCleanupProvider -import com.netflix.spinnaker.clouddriver.security.AccountCredentialsRepository import com.netflix.spinnaker.clouddriver.security.ProviderUtils +import com.netflix.spinnaker.credentials.CredentialsRepository import groovy.util.logging.Slf4j import java.util.concurrent.TimeUnit @@ -40,17 +40,17 @@ class CleanupDetachedInstancesAgent implements RunnableAgent, CustomScheduledAge public static final long DEFAULT_TIMEOUT_MILLIS = TimeUnit.MINUTES.toMillis(20) final AmazonClientProvider amazonClientProvider - final AccountCredentialsRepository accountCredentialsRepository + final CredentialsRepository accountCredentialsRepository final long pollIntervalMillis final long timeoutMillis CleanupDetachedInstancesAgent(AmazonClientProvider amazonClientProvider, - AccountCredentialsRepository accountCredentialsRepository) { + CredentialsRepository accountCredentialsRepository) { this(amazonClientProvider, accountCredentialsRepository, DEFAULT_POLL_INTERVAL_MILLIS, DEFAULT_TIMEOUT_MILLIS) } CleanupDetachedInstancesAgent(AmazonClientProvider amazonClientProvider, - AccountCredentialsRepository accountCredentialsRepository, + CredentialsRepository accountCredentialsRepository, long pollIntervalMillis, long timeoutMills) { this.amazonClientProvider = amazonClientProvider @@ -108,7 +108,7 @@ class CleanupDetachedInstancesAgent implements RunnableAgent, CustomScheduledAge } private Set getAccounts() { - ProviderUtils.buildThreadSafeSetOfAccounts(accountCredentialsRepository, NetflixAmazonCredentials, AmazonCloudProvider.ID) + return accountCredentialsRepository.getAll() } /** diff --git a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/deploy/handlers/BasicAmazonDeployHandler.groovy b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/deploy/handlers/BasicAmazonDeployHandler.groovy index 137d9c0262a..2056dd59575 100644 --- a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/deploy/handlers/BasicAmazonDeployHandler.groovy +++ b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/deploy/handlers/BasicAmazonDeployHandler.groovy @@ -46,7 +46,7 @@ import com.netflix.spinnaker.clouddriver.deploy.DeployDescription import com.netflix.spinnaker.clouddriver.deploy.DeployHandler import com.netflix.spinnaker.clouddriver.deploy.DeploymentResult import com.netflix.spinnaker.clouddriver.orchestration.events.CreateServerGroupEvent -import com.netflix.spinnaker.clouddriver.security.AccountCredentialsRepository +import com.netflix.spinnaker.credentials.CredentialsRepository import com.netflix.spinnaker.kork.dynamicconfig.DynamicConfigService import groovy.transform.PackageScope import groovy.util.logging.Slf4j @@ -74,7 +74,7 @@ class BasicAmazonDeployHandler implements DeployHandler accountCredentialsRepository private final AwsConfiguration.AmazonServerGroupProvider amazonServerGroupProvider private final AwsConfiguration.DeployDefaults deployDefaults private final ScalingPolicyCopier scalingPolicyCopier @@ -84,7 +84,7 @@ class BasicAmazonDeployHandler implements DeployHandler deployEvents = [] BasicAmazonDeployHandler(RegionScopedProviderFactory regionScopedProviderFactory, - AccountCredentialsRepository accountCredentialsRepository, + CredentialsRepository accountCredentialsRepository, AwsConfiguration.AmazonServerGroupProvider amazonServerGroupProvider, AwsConfiguration.DeployDefaults deployDefaults, ScalingPolicyCopier scalingPolicyCopier, diff --git a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/deploy/ops/actions/ModifyServerGroupLaunchTemplate.java b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/deploy/ops/actions/ModifyServerGroupLaunchTemplate.java index 07ad6a78068..2bc50b0b51c 100644 --- a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/deploy/ops/actions/ModifyServerGroupLaunchTemplate.java +++ b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/deploy/ops/actions/ModifyServerGroupLaunchTemplate.java @@ -33,7 +33,7 @@ import com.netflix.spinnaker.clouddriver.saga.SagaCommand; import com.netflix.spinnaker.clouddriver.saga.flow.SagaAction; import com.netflix.spinnaker.clouddriver.saga.models.Saga; -import com.netflix.spinnaker.clouddriver.security.AccountCredentialsRepository; +import com.netflix.spinnaker.credentials.CredentialsRepository; import java.util.Collections; import javax.annotation.Nonnull; import lombok.Builder; @@ -46,12 +46,12 @@ public class ModifyServerGroupLaunchTemplate implements SagaAction { private final BlockDeviceConfig blockDeviceConfig; - private final AccountCredentialsRepository credentialsRepository; + private final CredentialsRepository credentialsRepository; private final RegionScopedProviderFactory regionScopedProviderFactory; public ModifyServerGroupLaunchTemplate( BlockDeviceConfig blockDeviceConfig, - AccountCredentialsRepository credentialsRepository, + CredentialsRepository credentialsRepository, RegionScopedProviderFactory regionScopedProviderFactory) { this.blockDeviceConfig = blockDeviceConfig; this.credentialsRepository = credentialsRepository; diff --git a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/deploy/ops/actions/PrepareModifyServerGroupLaunchTemplate.java b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/deploy/ops/actions/PrepareModifyServerGroupLaunchTemplate.java index 86c1a858439..554de007822 100644 --- a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/deploy/ops/actions/PrepareModifyServerGroupLaunchTemplate.java +++ b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/deploy/ops/actions/PrepareModifyServerGroupLaunchTemplate.java @@ -20,7 +20,11 @@ import com.amazonaws.services.autoscaling.model.AutoScalingGroup; import com.amazonaws.services.autoscaling.model.LaunchTemplateSpecification; import com.amazonaws.services.ec2.AmazonEC2; -import com.amazonaws.services.ec2.model.*; +import com.amazonaws.services.ec2.model.LaunchTemplateBlockDeviceMapping; +import com.amazonaws.services.ec2.model.LaunchTemplateIamInstanceProfileSpecification; +import com.amazonaws.services.ec2.model.LaunchTemplateInstanceMarketOptions; +import com.amazonaws.services.ec2.model.LaunchTemplateVersion; +import com.amazonaws.services.ec2.model.ResponseLaunchTemplateData; import com.fasterxml.jackson.annotation.JsonTypeName; import com.fasterxml.jackson.databind.annotation.JsonDeserialize; import com.fasterxml.jackson.databind.annotation.JsonPOJOBuilder; @@ -37,7 +41,7 @@ import com.netflix.spinnaker.clouddriver.saga.SagaCommand; import com.netflix.spinnaker.clouddriver.saga.flow.SagaAction; import com.netflix.spinnaker.clouddriver.saga.models.Saga; -import com.netflix.spinnaker.clouddriver.security.AccountCredentialsRepository; +import com.netflix.spinnaker.credentials.CredentialsRepository; import java.util.ArrayList; import java.util.Collections; import java.util.HashSet; @@ -57,12 +61,12 @@ public class PrepareModifyServerGroupLaunchTemplate implements SagaAction< PrepareModifyServerGroupLaunchTemplate.PrepareModifyServerGroupLaunchTemplateCommand> { private final BlockDeviceConfig blockDeviceConfig; - private final AccountCredentialsRepository credentialsRepository; + private final CredentialsRepository credentialsRepository; private final RegionScopedProviderFactory regionScopedProviderFactory; public PrepareModifyServerGroupLaunchTemplate( BlockDeviceConfig blockDeviceConfig, - AccountCredentialsRepository credentialsRepository, + CredentialsRepository credentialsRepository, RegionScopedProviderFactory regionScopedProviderFactory) { this.blockDeviceConfig = blockDeviceConfig; this.credentialsRepository = credentialsRepository; diff --git a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/deploy/ops/actions/UpdateAutoScalingGroup.java b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/deploy/ops/actions/UpdateAutoScalingGroup.java index 63bccb51529..05f2a691cd0 100644 --- a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/deploy/ops/actions/UpdateAutoScalingGroup.java +++ b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/deploy/ops/actions/UpdateAutoScalingGroup.java @@ -30,7 +30,7 @@ import com.netflix.spinnaker.clouddriver.saga.SagaCommand; import com.netflix.spinnaker.clouddriver.saga.flow.SagaAction; import com.netflix.spinnaker.clouddriver.saga.models.Saga; -import com.netflix.spinnaker.clouddriver.security.AccountCredentialsRepository; +import com.netflix.spinnaker.credentials.CredentialsRepository; import javax.annotation.Nonnull; import lombok.Builder; import lombok.Value; @@ -42,11 +42,11 @@ public class UpdateAutoScalingGroup implements SagaAction { private final RegionScopedProviderFactory regionScopedProviderFactory; - private final AccountCredentialsRepository credentialsRepository; + private final CredentialsRepository credentialsRepository; public UpdateAutoScalingGroup( RegionScopedProviderFactory regionScopedProviderFactory, - AccountCredentialsRepository credentialsRepository) { + CredentialsRepository credentialsRepository) { this.regionScopedProviderFactory = regionScopedProviderFactory; this.credentialsRepository = credentialsRepository; } diff --git a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/deploy/ops/securitygroup/SecurityGroupLookupFactory.groovy b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/deploy/ops/securitygroup/SecurityGroupLookupFactory.groovy index c1c91184369..0a7d8b52fcb 100644 --- a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/deploy/ops/securitygroup/SecurityGroupLookupFactory.groovy +++ b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/deploy/ops/securitygroup/SecurityGroupLookupFactory.groovy @@ -17,25 +17,12 @@ package com.netflix.spinnaker.clouddriver.aws.deploy.ops.securitygroup import com.amazonaws.services.ec2.AmazonEC2 -import com.amazonaws.services.ec2.model.AuthorizeSecurityGroupIngressRequest -import com.amazonaws.services.ec2.model.CreateSecurityGroupRequest -import com.amazonaws.services.ec2.model.CreateTagsRequest -import com.amazonaws.services.ec2.model.DeleteTagsRequest -import com.amazonaws.services.ec2.model.DescribeSecurityGroupsRequest -import com.amazonaws.services.ec2.model.DescribeTagsRequest -import com.amazonaws.services.ec2.model.Filter -import com.amazonaws.services.ec2.model.IpPermission -import com.amazonaws.services.ec2.model.RevokeSecurityGroupIngressRequest -import com.amazonaws.services.ec2.model.SecurityGroup -import com.amazonaws.services.ec2.model.Tag -import com.amazonaws.services.ec2.model.DescribeTagsResult -import com.amazonaws.services.ec2.model.TagDescription -import com.amazonaws.services.ec2.model.UpdateSecurityGroupRuleDescriptionsIngressRequest +import com.amazonaws.services.ec2.model.* import com.google.common.collect.ImmutableSet import com.netflix.spinnaker.clouddriver.aws.deploy.description.UpsertSecurityGroupDescription import com.netflix.spinnaker.clouddriver.aws.security.AmazonClientProvider import com.netflix.spinnaker.clouddriver.aws.security.NetflixAmazonCredentials -import com.netflix.spinnaker.clouddriver.security.AccountCredentialsRepository +import com.netflix.spinnaker.credentials.CredentialsRepository import com.netflix.spinnaker.kork.core.RetrySupport import org.slf4j.Logger import org.slf4j.LoggerFactory @@ -43,10 +30,10 @@ import org.slf4j.LoggerFactory class SecurityGroupLookupFactory { private final AmazonClientProvider amazonClientProvider - private final AccountCredentialsRepository accountCredentialsRepository + private final CredentialsRepository accountCredentialsRepository SecurityGroupLookupFactory(AmazonClientProvider amazonClientProvider, - AccountCredentialsRepository accountCredentialsRepository) { + CredentialsRepository accountCredentialsRepository) { this.amazonClientProvider = amazonClientProvider this.accountCredentialsRepository = accountCredentialsRepository } diff --git a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/provider/AwsProvider.groovy b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/provider/AwsProvider.groovy index c790c7a9446..ae6b273fa23 100644 --- a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/provider/AwsProvider.groovy +++ b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/provider/AwsProvider.groovy @@ -19,13 +19,13 @@ package com.netflix.spinnaker.clouddriver.aws.provider import com.netflix.spinnaker.cats.agent.Agent import com.netflix.spinnaker.cats.agent.AgentSchedulerAware import com.netflix.spinnaker.cats.cache.Cache +import com.netflix.spinnaker.clouddriver.aws.data.Keys import com.netflix.spinnaker.clouddriver.aws.security.NetflixAmazonCredentials import com.netflix.spinnaker.clouddriver.cache.KeyParser import com.netflix.spinnaker.clouddriver.cache.SearchableProvider -import com.netflix.spinnaker.clouddriver.eureka.provider.agent.EurekaAwareProvider -import com.netflix.spinnaker.clouddriver.security.AccountCredentialsRepository -import com.netflix.spinnaker.clouddriver.aws.data.Keys import com.netflix.spinnaker.clouddriver.core.provider.agent.HealthProvidingCachingAgent +import com.netflix.spinnaker.clouddriver.eureka.provider.agent.EurekaAwareProvider +import com.netflix.spinnaker.credentials.CredentialsRepository import static com.netflix.spinnaker.clouddriver.core.provider.agent.Namespace.* @@ -35,7 +35,7 @@ class AwsProvider extends AgentSchedulerAware implements SearchableProvider, Eur final KeyParser keyParser = new Keys() - final AccountCredentialsRepository accountCredentialsRepository + final CredentialsRepository accountCredentialsRepository final Set defaultCaches = [ LOAD_BALANCERS.ns, @@ -58,7 +58,7 @@ class AwsProvider extends AgentSchedulerAware implements SearchableProvider, Eur final Collection agents private Collection healthAgents - AwsProvider(AccountCredentialsRepository accountCredentialsRepository, Collection agents) { + AwsProvider(CredentialsRepository accountCredentialsRepository, Collection agents) { this.agents = agents this.accountCredentialsRepository = accountCredentialsRepository synchronizeHealthAgents() diff --git a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/provider/agent/AbstractAmazonLoadBalancerCachingAgent.groovy b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/provider/agent/AbstractAmazonLoadBalancerCachingAgent.groovy index 120265ff2b1..64c193a8395 100644 --- a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/provider/agent/AbstractAmazonLoadBalancerCachingAgent.groovy +++ b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/provider/agent/AbstractAmazonLoadBalancerCachingAgent.groovy @@ -129,7 +129,7 @@ abstract class AbstractAmazonLoadBalancerCachingAgent implements CachingAgent, O abstract CacheResult loadDataInternal(ProviderCache providerCache) @Override - Collection> pendingOnDemandRequests(ProviderCache providerCache) { + Collection> pendingOnDemandRequests(ProviderCache providerCache) { return [] } diff --git a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/provider/agent/AmazonApplicationLoadBalancerCachingAgent.groovy b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/provider/agent/AmazonApplicationLoadBalancerCachingAgent.groovy index effffbf20f9..2672532ae82 100644 --- a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/provider/agent/AmazonApplicationLoadBalancerCachingAgent.groovy +++ b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/provider/agent/AmazonApplicationLoadBalancerCachingAgent.groovy @@ -382,7 +382,7 @@ class AmazonApplicationLoadBalancerCachingAgent extends AbstractAmazonLoadBalanc } @Override - Collection> pendingOnDemandRequests(ProviderCache providerCache) { + Collection> pendingOnDemandRequests(ProviderCache providerCache) { Collection keys = providerCache.filterIdentifiers( ON_DEMAND.ns, Keys.getLoadBalancerKey("*", "*", "*", "*", "*") diff --git a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/provider/agent/AmazonInstanceTypeCachingAgent.java b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/provider/agent/AmazonInstanceTypeCachingAgent.java index b27cabb7117..3ce6faedbc3 100644 --- a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/provider/agent/AmazonInstanceTypeCachingAgent.java +++ b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/provider/agent/AmazonInstanceTypeCachingAgent.java @@ -32,8 +32,9 @@ import com.netflix.spinnaker.clouddriver.aws.cache.Keys; import com.netflix.spinnaker.clouddriver.aws.provider.AwsInfrastructureProvider; import com.netflix.spinnaker.clouddriver.aws.security.AmazonCredentials; +import com.netflix.spinnaker.clouddriver.aws.security.NetflixAmazonCredentials; import com.netflix.spinnaker.clouddriver.security.AccountCredentials; -import com.netflix.spinnaker.clouddriver.security.AccountCredentialsRepository; +import com.netflix.spinnaker.credentials.CredentialsRepository; import java.io.IOException; import java.io.InputStream; import java.net.URI; @@ -45,6 +46,7 @@ import java.util.HashSet; import java.util.List; import java.util.Map; +import java.util.Objects; import java.util.Optional; import java.util.Set; import java.util.stream.Collectors; @@ -65,7 +67,8 @@ public class AmazonInstanceTypeCachingAgent implements CachingAgent { // https://pricing.us-east-1.amazonaws.com/offers/v1.0/aws/AmazonEC2/current/us-west-2/index.json private final String region; - private final AccountCredentialsRepository accountCredentialsRepository; + private final CredentialsRepository + accountCredentialsRepository; private final URI pricingUri; private final HttpHost pricingHost; private final HttpClient httpClient; @@ -73,14 +76,15 @@ public class AmazonInstanceTypeCachingAgent implements CachingAgent { new ObjectMapper().disable(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES); public AmazonInstanceTypeCachingAgent( - String region, AccountCredentialsRepository accountCredentialsRepository) { + String region, + CredentialsRepository accountCredentialsRepository) { this(region, accountCredentialsRepository, HttpClients.createDefault()); } // VisibleForTesting AmazonInstanceTypeCachingAgent( String region, - AccountCredentialsRepository accountCredentialsRepository, + CredentialsRepository accountCredentialsRepository, HttpClient httpClient) { this.region = region; this.accountCredentialsRepository = accountCredentialsRepository; @@ -102,7 +106,7 @@ public CacheResult loadData(ProviderCache providerCache) { try { Set matchingAccounts = accountCredentialsRepository.getAll().stream() - .filter(AmazonCredentials.class::isInstance) + .filter(Objects::nonNull) .map(AmazonCredentials.class::cast) .filter(ac -> ac.getRegions().stream().anyMatch(r -> region.equals(r.getName()))) .map(AccountCredentials::getName) diff --git a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/provider/agent/AmazonSecurityGroupCachingAgent.groovy b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/provider/agent/AmazonSecurityGroupCachingAgent.groovy index f80ef116343..09c7a0a4cac 100644 --- a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/provider/agent/AmazonSecurityGroupCachingAgent.groovy +++ b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/provider/agent/AmazonSecurityGroupCachingAgent.groovy @@ -165,7 +165,7 @@ class AmazonSecurityGroupCachingAgent implements CachingAgent, OnDemandAgent, Ac } @Override - Collection> pendingOnDemandRequests(ProviderCache providerCache) { + Collection> pendingOnDemandRequests(ProviderCache providerCache) { return [] } diff --git a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/provider/agent/ClusterCachingAgent.groovy b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/provider/agent/ClusterCachingAgent.groovy index d8e82f3d44e..81f6e1e768d 100644 --- a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/provider/agent/ClusterCachingAgent.groovy +++ b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/provider/agent/ClusterCachingAgent.groovy @@ -459,7 +459,7 @@ class ClusterCachingAgent implements CachingAgent, OnDemandAgent, AccountAware, } @Override - Collection> pendingOnDemandRequests(ProviderCache providerCache) { + Collection> pendingOnDemandRequests(ProviderCache providerCache) { def keys = providerCache.filterIdentifiers(ON_DEMAND.ns, Keys.getServerGroupKey("*", "*", account.name, region)) return fetchPendingOnDemandRequests(providerCache, keys) } diff --git a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/provider/agent/ReservationReportCachingAgent.groovy b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/provider/agent/ReservationReportCachingAgent.groovy index 48c2ab71502..597df200bc7 100644 --- a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/provider/agent/ReservationReportCachingAgent.groovy +++ b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/provider/agent/ReservationReportCachingAgent.groovy @@ -50,6 +50,7 @@ import com.netflix.spinnaker.clouddriver.aws.security.AmazonClientProvider import com.netflix.spinnaker.clouddriver.aws.security.AmazonCredentials import com.netflix.spinnaker.clouddriver.aws.security.NetflixAmazonCredentials import com.netflix.spinnaker.clouddriver.cache.CustomScheduledAgent +import com.netflix.spinnaker.credentials.CredentialsRepository import groovy.util.logging.Slf4j import org.springframework.context.ApplicationContext @@ -79,7 +80,7 @@ class ReservationReportCachingAgent implements CachingAgent, CustomScheduledAgen final AmazonClientProvider amazonClientProvider final AmazonS3DataProvider amazonS3DataProvider - final Collection accounts + final CredentialsRepository accountCredentialsRepository; final ObjectMapper objectMapper final AccountReservationDetailSerializer accountReservationDetailSerializer final Set vpcOnlyAccounts @@ -90,13 +91,13 @@ class ReservationReportCachingAgent implements CachingAgent, CustomScheduledAgen ReservationReportCachingAgent(Registry registry, AmazonClientProvider amazonClientProvider, AmazonS3DataProvider amazonS3DataProvider, - Collection accounts, + CredentialsRepository accountCredentialsRepository, ObjectMapper objectMapper, ExecutorService reservationReportPool, ApplicationContext ctx) { this.amazonClientProvider = amazonClientProvider this.amazonS3DataProvider = amazonS3DataProvider - this.accounts = accounts + this.accountCredentialsRepository = accountCredentialsRepository def module = new SimpleModule() accountReservationDetailSerializer = new AccountReservationDetailSerializer() @@ -173,7 +174,7 @@ class ReservationReportCachingAgent implements CachingAgent, CustomScheduledAgen } public Collection getAccounts() { - return accounts; + return accountCredentialsRepository.getAll(); } @Override diff --git a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/provider/config/AwsInfrastructureProviderConfig.groovy b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/provider/config/AwsInfrastructureProviderConfig.groovy index 8e4bb255e66..5119b203c8e 100644 --- a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/provider/config/AwsInfrastructureProviderConfig.groovy +++ b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/provider/config/AwsInfrastructureProviderConfig.groovy @@ -16,86 +16,18 @@ package com.netflix.spinnaker.clouddriver.aws.provider.config -import com.fasterxml.jackson.databind.ObjectMapper -import com.netflix.spectator.api.Registry + import com.netflix.spinnaker.cats.agent.Agent -import com.netflix.spinnaker.clouddriver.aws.AmazonCloudProvider import com.netflix.spinnaker.clouddriver.aws.provider.AwsInfrastructureProvider -import com.netflix.spinnaker.clouddriver.aws.provider.agent.AmazonElasticIpCachingAgent -import com.netflix.spinnaker.clouddriver.aws.provider.agent.AmazonInstanceTypeCachingAgent -import com.netflix.spinnaker.clouddriver.aws.provider.agent.AmazonKeyPairCachingAgent -import com.netflix.spinnaker.clouddriver.aws.provider.agent.AmazonSecurityGroupCachingAgent -import com.netflix.spinnaker.clouddriver.aws.provider.agent.AmazonSubnetCachingAgent -import com.netflix.spinnaker.clouddriver.aws.provider.agent.AmazonVpcCachingAgent -import com.netflix.spinnaker.clouddriver.aws.security.AmazonClientProvider -import com.netflix.spinnaker.clouddriver.aws.security.AmazonCredentials -import com.netflix.spinnaker.clouddriver.aws.security.EddaTimeoutConfig -import com.netflix.spinnaker.clouddriver.aws.security.NetflixAmazonCredentials -import com.netflix.spinnaker.clouddriver.security.AccountCredentialsRepository -import com.netflix.spinnaker.clouddriver.security.ProviderUtils -import org.springframework.beans.factory.annotation.Qualifier import org.springframework.context.annotation.Bean import org.springframework.context.annotation.Configuration -import org.springframework.context.annotation.DependsOn import java.util.concurrent.ConcurrentHashMap @Configuration class AwsInfrastructureProviderConfig { @Bean - @DependsOn('netflixAmazonCredentials') - AwsInfrastructureProvider awsInfrastructureProvider(AmazonClientProvider amazonClientProvider, - AccountCredentialsRepository accountCredentialsRepository, - @Qualifier("amazonObjectMapper") ObjectMapper amazonObjectMapper, - Registry registry, - EddaTimeoutConfig eddaTimeoutConfig) { - def awsInfrastructureProvider = - new AwsInfrastructureProvider(Collections.newSetFromMap(new ConcurrentHashMap())) - - synchronizeAwsInfrastructureProvider(awsInfrastructureProvider, - amazonClientProvider, - accountCredentialsRepository, - amazonObjectMapper, - registry, - eddaTimeoutConfig) - - awsInfrastructureProvider - } - - private static void synchronizeAwsInfrastructureProvider(AwsInfrastructureProvider awsInfrastructureProvider, - AmazonClientProvider amazonClientProvider, - AccountCredentialsRepository accountCredentialsRepository, - @Qualifier("amazonObjectMapper") ObjectMapper amazonObjectMapper, - Registry registry, - EddaTimeoutConfig eddaTimeoutConfig) { - def scheduledAccounts = ProviderUtils.getScheduledAccounts(awsInfrastructureProvider) - def allAccounts = ProviderUtils.buildThreadSafeSetOfAccounts(accountCredentialsRepository, NetflixAmazonCredentials, AmazonCloudProvider.ID) - - Set regions = new HashSet<>(); - allAccounts.each { NetflixAmazonCredentials credentials -> - for (AmazonCredentials.AWSRegion region : credentials.regions) { - if (!scheduledAccounts.contains(credentials.name)) { - def newlyAddedAgents = [] - - if (regions.add(region.name)) { - newlyAddedAgents << new AmazonInstanceTypeCachingAgent(region.name, accountCredentialsRepository) - } - - newlyAddedAgents << new AmazonElasticIpCachingAgent(amazonClientProvider, credentials, region.name) - newlyAddedAgents << new AmazonKeyPairCachingAgent(amazonClientProvider, credentials, region.name) - newlyAddedAgents << new AmazonSecurityGroupCachingAgent(amazonClientProvider, credentials, region.name, amazonObjectMapper, registry, eddaTimeoutConfig) - newlyAddedAgents << new AmazonSubnetCachingAgent(amazonClientProvider, credentials, region.name, amazonObjectMapper) - newlyAddedAgents << new AmazonVpcCachingAgent(amazonClientProvider, credentials, region.name, amazonObjectMapper) - - // If there is an agent scheduler, then this provider has been through the AgentController in the past. - // In that case, we need to do the scheduling here (because accounts have been added to a running system). - if (awsInfrastructureProvider.agentScheduler) { - ProviderUtils.rescheduleAgents(awsInfrastructureProvider, newlyAddedAgents) - } - - awsInfrastructureProvider.agents.addAll(newlyAddedAgents) - } - } - } + AwsInfrastructureProvider awsInfrastructureProvider() { + return new AwsInfrastructureProvider(Collections.newSetFromMap(new ConcurrentHashMap())) } } diff --git a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/provider/config/AwsProviderConfig.groovy b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/provider/config/AwsProviderConfig.groovy index 2390aa84356..5e35d9f3b47 100644 --- a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/provider/config/AwsProviderConfig.groovy +++ b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/provider/config/AwsProviderConfig.groovy @@ -16,43 +16,19 @@ package com.netflix.spinnaker.clouddriver.aws.provider.config -import com.fasterxml.jackson.databind.ObjectMapper + import com.google.common.util.concurrent.ThreadFactoryBuilder -import com.netflix.spectator.api.Registry import com.netflix.spinnaker.cats.agent.Agent -import com.netflix.spinnaker.cats.agent.AgentProvider -import com.netflix.spinnaker.clouddriver.aws.AmazonCloudProvider -import com.netflix.spinnaker.clouddriver.aws.provider.agent.AmazonApplicationLoadBalancerCachingAgent -import com.netflix.spinnaker.clouddriver.aws.provider.agent.AmazonCertificateCachingAgent -import com.netflix.spinnaker.clouddriver.aws.provider.agent.AmazonCloudFormationCachingAgent -import com.netflix.spinnaker.clouddriver.aws.provider.agent.AmazonLaunchTemplateCachingAgent -import com.netflix.spinnaker.clouddriver.aws.provider.agent.AmazonLoadBalancerCachingAgent - -import com.netflix.spinnaker.clouddriver.aws.provider.agent.ReservedInstancesCachingAgent -import com.netflix.spinnaker.clouddriver.aws.provider.view.AmazonS3DataProvider -import com.netflix.spinnaker.clouddriver.aws.security.AmazonClientProvider -import com.netflix.spinnaker.clouddriver.aws.security.AmazonCredentials -import com.netflix.spinnaker.clouddriver.aws.security.EddaTimeoutConfig +import com.netflix.spinnaker.clouddriver.aws.provider.AwsProvider import com.netflix.spinnaker.clouddriver.aws.security.NetflixAmazonCredentials import com.netflix.spinnaker.clouddriver.model.ReservationReport -import com.netflix.spinnaker.clouddriver.security.AccountCredentialsRepository -import com.netflix.spinnaker.clouddriver.security.ProviderUtils -import com.netflix.spinnaker.clouddriver.aws.edda.EddaApiFactory -import com.netflix.spinnaker.clouddriver.aws.provider.AwsProvider -import com.netflix.spinnaker.clouddriver.aws.provider.agent.AmazonLoadBalancerInstanceStateCachingAgent -import com.netflix.spinnaker.clouddriver.aws.provider.agent.ClusterCachingAgent -import com.netflix.spinnaker.clouddriver.aws.provider.agent.EddaLoadBalancerCachingAgent -import com.netflix.spinnaker.clouddriver.aws.provider.agent.ImageCachingAgent -import com.netflix.spinnaker.clouddriver.aws.provider.agent.InstanceCachingAgent -import com.netflix.spinnaker.clouddriver.aws.provider.agent.LaunchConfigCachingAgent -import com.netflix.spinnaker.clouddriver.aws.provider.agent.ReservationReportCachingAgent -import com.netflix.spinnaker.kork.dynamicconfig.DynamicConfigService +import com.netflix.spinnaker.credentials.CredentialsRepository import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty import org.springframework.boot.context.properties.EnableConfigurationProperties -import org.springframework.context.ApplicationContext import org.springframework.context.annotation.Bean import org.springframework.context.annotation.Configuration import org.springframework.context.annotation.DependsOn +import org.springframework.context.annotation.Lazy import java.util.concurrent.ConcurrentHashMap import java.util.concurrent.ExecutorService @@ -62,37 +38,8 @@ import java.util.concurrent.Executors @EnableConfigurationProperties(ReservationReportConfigurationProperties) class AwsProviderConfig { @Bean - @DependsOn('netflixAmazonCredentials') - AwsProvider awsProvider(AmazonCloudProvider amazonCloudProvider, - AmazonClientProvider amazonClientProvider, - AmazonS3DataProvider amazonS3DataProvider, - AccountCredentialsRepository accountCredentialsRepository, - ObjectMapper objectMapper, - EddaApiFactory eddaApiFactory, - ApplicationContext ctx, - Registry registry, - Optional reservationReportPool, - Optional> agentProviders, - EddaTimeoutConfig eddaTimeoutConfig, - DynamicConfigService dynamicConfigService) { - def awsProvider = - new AwsProvider(accountCredentialsRepository, Collections.newSetFromMap(new ConcurrentHashMap())) - - synchronizeAwsProvider(awsProvider, - amazonCloudProvider, - amazonClientProvider, - amazonS3DataProvider, - accountCredentialsRepository, - objectMapper, - eddaApiFactory, - ctx, - registry, - reservationReportPool, - agentProviders.orElse(Collections.emptyList()), - eddaTimeoutConfig, - dynamicConfigService) - - awsProvider + AwsProvider awsProvider(CredentialsRepository accountCredentialsRepository) { + return new AwsProvider(accountCredentialsRepository, Collections.newSetFromMap(new ConcurrentHashMap())) } @Bean @@ -104,113 +51,4 @@ class AwsProviderConfig { .setNameFormat(ReservationReport.class.getSimpleName() + "-%d") .build()); } - - private void synchronizeAwsProvider(AwsProvider awsProvider, - AmazonCloudProvider amazonCloudProvider, - AmazonClientProvider amazonClientProvider, - AmazonS3DataProvider amazonS3DataProvider, - AccountCredentialsRepository accountCredentialsRepository, - ObjectMapper objectMapper, - EddaApiFactory eddaApiFactory, - ApplicationContext ctx, - Registry registry, - Optional reservationReportPool, - Collection agentProviders, - EddaTimeoutConfig eddaTimeoutConfig, - DynamicConfigService dynamicConfigService) { - def scheduledAccounts = ProviderUtils.getScheduledAccounts(awsProvider) - Set allAccounts = ProviderUtils.buildThreadSafeSetOfAccounts(accountCredentialsRepository, NetflixAmazonCredentials, AmazonCloudProvider.ID) - - List newlyAddedAgents = [] - - //only index public images once per region - Set publicRegions = [] - - //sort the accounts in case of a reconfigure, we are more likely to re-index the public images in the same caching agent - //TODO(cfieber)-rework this is after rework of AWS Image/NamedImage keys - allAccounts.sort { it.name }.each { NetflixAmazonCredentials credentials -> - for (AmazonCredentials.AWSRegion region : credentials.regions) { - if (!scheduledAccounts.contains(credentials.name)) { - newlyAddedAgents << new ClusterCachingAgent(amazonCloudProvider, amazonClientProvider, credentials, region.name, objectMapper, registry, eddaTimeoutConfig) - newlyAddedAgents << new LaunchConfigCachingAgent(amazonClientProvider, credentials, region.name, objectMapper, registry) - newlyAddedAgents << new ImageCachingAgent(amazonClientProvider, credentials, region.name, objectMapper, registry, false, dynamicConfigService) - if (!publicRegions.contains(region.name)) { - newlyAddedAgents << new ImageCachingAgent(amazonClientProvider, credentials, region.name, objectMapper, registry, true, dynamicConfigService) - publicRegions.add(region.name) - } - newlyAddedAgents << new InstanceCachingAgent(amazonClientProvider, credentials, region.name, objectMapper, registry) - newlyAddedAgents << new AmazonLoadBalancerCachingAgent(amazonCloudProvider, amazonClientProvider, credentials, region.name, eddaApiFactory.createApi(credentials.edda, region.name), objectMapper, registry) - newlyAddedAgents << new AmazonApplicationLoadBalancerCachingAgent(amazonCloudProvider, amazonClientProvider, credentials, region.name, eddaApiFactory.createApi(credentials.edda, region.name), objectMapper, registry, eddaTimeoutConfig) - newlyAddedAgents << new ReservedInstancesCachingAgent(amazonClientProvider, credentials, region.name, objectMapper, registry) - newlyAddedAgents << new AmazonCertificateCachingAgent(amazonClientProvider, credentials, region.name, objectMapper, registry) - - if (dynamicConfigService.isEnabled("aws.features.cloud-formation", false)) { - newlyAddedAgents << new AmazonCloudFormationCachingAgent(amazonClientProvider, credentials, region.name, registry) - } - - if (credentials.eddaEnabled && !eddaTimeoutConfig.disabledRegions.contains(region.name)) { - newlyAddedAgents << new EddaLoadBalancerCachingAgent(eddaApiFactory.createApi(credentials.edda, region.name), credentials, region.name, objectMapper) - } else { - newlyAddedAgents << new AmazonLoadBalancerInstanceStateCachingAgent( - amazonClientProvider, credentials, region.name, objectMapper, ctx - ) - } - - if (dynamicConfigService.isEnabled("aws.features.launch-templates", false)) { - newlyAddedAgents << new AmazonLaunchTemplateCachingAgent(amazonClientProvider, credentials, region.name, objectMapper, registry) - } - } - } - } - - // If there is an agent scheduler, then this provider has been through the AgentController in the past. - if (reservationReportPool.isPresent()) { - if (awsProvider.agentScheduler) { - synchronizeReservationReportCachingAgentAccounts(awsProvider, allAccounts) - } else { - // This caching agent runs across all accounts in one iteration (to maintain consistency). - newlyAddedAgents << new ReservationReportCachingAgent( - registry, amazonClientProvider, amazonS3DataProvider, allAccounts, objectMapper, reservationReportPool.get(), ctx - ) - } - } - - agentProviders.findAll { it.supports(AwsProvider.PROVIDER_NAME) }.each { - newlyAddedAgents.addAll(it.agents()) - } - - awsProvider.agents.addAll(newlyAddedAgents) - awsProvider.synchronizeHealthAgents() - } - - private static void synchronizeReservationReportCachingAgentAccounts(AwsProvider awsProvider, - Collection allAccounts) { - ReservationReportCachingAgent reservationReportCachingAgent = awsProvider.agents.find { agent -> - agent instanceof ReservationReportCachingAgent - } - - if (reservationReportCachingAgent) { - def reservationReportAccounts = reservationReportCachingAgent.accounts - def oldAccountNames = reservationReportAccounts.collect { it.name } - def newAccountNames = allAccounts.collect { it.name } - def accountNamesToDelete = oldAccountNames - newAccountNames - def accountNamesToAdd = newAccountNames - oldAccountNames - - accountNamesToDelete.each { accountNameToDelete -> - def accountToDelete = reservationReportAccounts.find { it.name == accountNameToDelete } - - if (accountToDelete) { - reservationReportAccounts.remove(accountToDelete) - } - } - - accountNamesToAdd.each { accountNameToAdd -> - def accountToAdd = allAccounts.find { it.name == accountNameToAdd } - - if (accountToAdd) { - reservationReportAccounts.add(accountToAdd) - } - } - } - } } diff --git a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/provider/config/ProviderHelpers.java b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/provider/config/ProviderHelpers.java new file mode 100644 index 00000000000..9a668c0f55c --- /dev/null +++ b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/provider/config/ProviderHelpers.java @@ -0,0 +1,274 @@ +/* + * Copyright 2020 Netflix, Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +package com.netflix.spinnaker.clouddriver.aws.provider.config; + +import com.fasterxml.jackson.databind.ObjectMapper; +import com.netflix.spectator.api.Registry; +import com.netflix.spinnaker.cats.agent.Agent; +import com.netflix.spinnaker.cats.agent.AgentProvider; +import com.netflix.spinnaker.clouddriver.aws.AmazonCloudProvider; +import com.netflix.spinnaker.clouddriver.aws.AwsConfigurationProperties; +import com.netflix.spinnaker.clouddriver.aws.agent.CleanupAlarmsAgent; +import com.netflix.spinnaker.clouddriver.aws.agent.CleanupDetachedInstancesAgent; +import com.netflix.spinnaker.clouddriver.aws.agent.ReconcileClassicLinkSecurityGroupsAgent; +import com.netflix.spinnaker.clouddriver.aws.edda.EddaApiFactory; +import com.netflix.spinnaker.clouddriver.aws.provider.AwsCleanupProvider; +import com.netflix.spinnaker.clouddriver.aws.provider.AwsInfrastructureProvider; +import com.netflix.spinnaker.clouddriver.aws.provider.AwsProvider; +import com.netflix.spinnaker.clouddriver.aws.provider.agent.AmazonApplicationLoadBalancerCachingAgent; +import com.netflix.spinnaker.clouddriver.aws.provider.agent.AmazonCertificateCachingAgent; +import com.netflix.spinnaker.clouddriver.aws.provider.agent.AmazonCloudFormationCachingAgent; +import com.netflix.spinnaker.clouddriver.aws.provider.agent.AmazonElasticIpCachingAgent; +import com.netflix.spinnaker.clouddriver.aws.provider.agent.AmazonInstanceTypeCachingAgent; +import com.netflix.spinnaker.clouddriver.aws.provider.agent.AmazonKeyPairCachingAgent; +import com.netflix.spinnaker.clouddriver.aws.provider.agent.AmazonLaunchTemplateCachingAgent; +import com.netflix.spinnaker.clouddriver.aws.provider.agent.AmazonLoadBalancerCachingAgent; +import com.netflix.spinnaker.clouddriver.aws.provider.agent.AmazonLoadBalancerInstanceStateCachingAgent; +import com.netflix.spinnaker.clouddriver.aws.provider.agent.AmazonSecurityGroupCachingAgent; +import com.netflix.spinnaker.clouddriver.aws.provider.agent.AmazonSubnetCachingAgent; +import com.netflix.spinnaker.clouddriver.aws.provider.agent.AmazonVpcCachingAgent; +import com.netflix.spinnaker.clouddriver.aws.provider.agent.ClusterCachingAgent; +import com.netflix.spinnaker.clouddriver.aws.provider.agent.EddaLoadBalancerCachingAgent; +import com.netflix.spinnaker.clouddriver.aws.provider.agent.ImageCachingAgent; +import com.netflix.spinnaker.clouddriver.aws.provider.agent.InstanceCachingAgent; +import com.netflix.spinnaker.clouddriver.aws.provider.agent.LaunchConfigCachingAgent; +import com.netflix.spinnaker.clouddriver.aws.provider.agent.ReservationReportCachingAgent; +import com.netflix.spinnaker.clouddriver.aws.provider.agent.ReservedInstancesCachingAgent; +import com.netflix.spinnaker.clouddriver.aws.provider.view.AmazonS3DataProvider; +import com.netflix.spinnaker.clouddriver.aws.security.AmazonClientProvider; +import com.netflix.spinnaker.clouddriver.aws.security.EddaTimeoutConfig; +import com.netflix.spinnaker.clouddriver.aws.security.NetflixAmazonCredentials; +import com.netflix.spinnaker.clouddriver.security.ProviderUtils; +import com.netflix.spinnaker.config.AwsConfiguration; +import com.netflix.spinnaker.credentials.CredentialsRepository; +import com.netflix.spinnaker.kork.dynamicconfig.DynamicConfigService; +import java.util.ArrayList; +import java.util.Collection; +import java.util.List; +import java.util.Optional; +import java.util.Set; +import java.util.concurrent.ExecutorService; +import lombok.RequiredArgsConstructor; +import org.springframework.context.ApplicationContext; + +public class ProviderHelpers { + @RequiredArgsConstructor + public static class BuildResult { + public final List agents; + public final Set regionsToAdd; + } + + public static BuildResult buildAwsInfrastructureAgents( + NetflixAmazonCredentials credentials, + AwsInfrastructureProvider awsInfrastructureProvider, + CredentialsRepository accountCredentialsRepository, + AmazonClientProvider amazonClientProvider, + ObjectMapper amazonObjectMapper, + Registry registry, + EddaTimeoutConfig eddaTimeoutConfig, + Set regions) { + Set scheduledAccounts = ProviderUtils.getScheduledAccounts(awsInfrastructureProvider); + List newlyAddedAgents = new ArrayList<>(); + for (NetflixAmazonCredentials.AWSRegion region : credentials.getRegions()) { + if (!scheduledAccounts.contains(credentials.getName())) { + if (regions.add(region.getName())) { + newlyAddedAgents.add( + new AmazonInstanceTypeCachingAgent(region.getName(), accountCredentialsRepository)); + } + newlyAddedAgents.add( + new AmazonElasticIpCachingAgent(amazonClientProvider, credentials, region.getName())); + newlyAddedAgents.add( + new AmazonKeyPairCachingAgent(amazonClientProvider, credentials, region.getName())); + newlyAddedAgents.add( + new AmazonSecurityGroupCachingAgent( + amazonClientProvider, + credentials, + region.getName(), + amazonObjectMapper, + registry, + eddaTimeoutConfig)); + newlyAddedAgents.add( + new AmazonSubnetCachingAgent( + amazonClientProvider, credentials, region.getName(), amazonObjectMapper)); + newlyAddedAgents.add( + new AmazonVpcCachingAgent( + amazonClientProvider, credentials, region.getName(), amazonObjectMapper)); + } + } + return new BuildResult(newlyAddedAgents, regions); + } + + public static BuildResult buildAwsProviderAgents( + NetflixAmazonCredentials credentials, + CredentialsRepository accountCredentialsRepository, + AmazonClientProvider amazonClientProvider, + ObjectMapper objectMapper, + Registry registry, + EddaTimeoutConfig eddaTimeoutConfig, + AwsProvider awsProvider, + AmazonCloudProvider amazonCloudProvider, + DynamicConfigService dynamicConfigService, + EddaApiFactory eddaApiFactory, + Optional reservationReportPool, + Optional> agentProviders, + ApplicationContext ctx, + AmazonS3DataProvider amazonS3DataProvider, + Set publicRegions) { + Set scheduledAccounts = ProviderUtils.getScheduledAccounts(awsProvider); + List newlyAddedAgents = new ArrayList<>(); + for (NetflixAmazonCredentials.AWSRegion region : credentials.getRegions()) { + if (!scheduledAccounts.contains(credentials.getName())) { + newlyAddedAgents.add( + new ClusterCachingAgent( + amazonCloudProvider, + amazonClientProvider, + credentials, + region.getName(), + objectMapper, + registry, + eddaTimeoutConfig)); + newlyAddedAgents.add( + new LaunchConfigCachingAgent( + amazonClientProvider, credentials, region.getName(), objectMapper, registry)); + boolean publicImages = false; + if (!publicRegions.contains(region.getName())) { + publicImages = true; + publicRegions.add(region.getName()); + } + newlyAddedAgents.add( + new ImageCachingAgent( + amazonClientProvider, + credentials, + region.getName(), + objectMapper, + registry, + publicImages, + dynamicConfigService)); + newlyAddedAgents.add( + new InstanceCachingAgent( + amazonClientProvider, credentials, region.getName(), objectMapper, registry)); + newlyAddedAgents.add( + new AmazonLoadBalancerCachingAgent( + amazonCloudProvider, + amazonClientProvider, + credentials, + region.getName(), + eddaApiFactory.createApi(credentials.getEdda(), region.getName()), + objectMapper, + registry)); + newlyAddedAgents.add( + new AmazonApplicationLoadBalancerCachingAgent( + amazonCloudProvider, + amazonClientProvider, + credentials, + region.getName(), + eddaApiFactory.createApi(credentials.getEdda(), region.getName()), + objectMapper, + registry, + eddaTimeoutConfig)); + newlyAddedAgents.add( + new ReservedInstancesCachingAgent( + amazonClientProvider, credentials, region.getName(), objectMapper, registry)); + newlyAddedAgents.add( + new AmazonCertificateCachingAgent( + amazonClientProvider, credentials, region.getName(), objectMapper, registry)); + + if (dynamicConfigService.isEnabled("aws.features.cloud-formation", false)) { + newlyAddedAgents.add( + new AmazonCloudFormationCachingAgent( + amazonClientProvider, credentials, region.getName(), registry)); + } + if (credentials.getEddaEnabled() + && !eddaTimeoutConfig.getDisabledRegions().contains(region.getName())) { + newlyAddedAgents.add( + new EddaLoadBalancerCachingAgent( + eddaApiFactory.createApi(credentials.getEdda(), region.getName()), + credentials, + region.getName(), + objectMapper)); + } else { + newlyAddedAgents.add( + new AmazonLoadBalancerInstanceStateCachingAgent( + amazonClientProvider, credentials, region.getName(), objectMapper, ctx)); + } + if (dynamicConfigService.isEnabled("aws.features.launch-templates", false)) { + newlyAddedAgents.add( + new AmazonLaunchTemplateCachingAgent( + amazonClientProvider, credentials, region.getName(), objectMapper, registry)); + } + } + } + if (reservationReportPool.isPresent() && awsProvider.getAgentScheduler() == null) { + newlyAddedAgents.add( + new ReservationReportCachingAgent( + registry, + amazonClientProvider, + amazonS3DataProvider, + accountCredentialsRepository, + objectMapper, + reservationReportPool.get(), + ctx)); + } + agentProviders.ifPresent( + providers -> + providers.stream() + .filter(it -> it.supports(AwsProvider.PROVIDER_NAME)) + .forEach(provider -> newlyAddedAgents.addAll(provider.agents()))); + return new BuildResult(newlyAddedAgents, publicRegions); + } + + public static List buildAwsCleanupAgents( + NetflixAmazonCredentials credentials, + CredentialsRepository accountCredentialsRepository, + AmazonClientProvider amazonClientProvider, + AwsCleanupProvider awsCleanupProvider, + AwsConfiguration.DeployDefaults deployDefaults, + AwsConfigurationProperties awsConfigurationProperties) { + Set scheduledAccounts = ProviderUtils.getScheduledAccounts(awsCleanupProvider); + List newlyAddedAgents = new ArrayList<>(); + if (!scheduledAccounts.contains(credentials.getName())) { + for (NetflixAmazonCredentials.AWSRegion region : credentials.getRegions()) { + if (deployDefaults.isReconcileClassicLinkAccount(credentials)) { + newlyAddedAgents.add( + new ReconcileClassicLinkSecurityGroupsAgent( + amazonClientProvider, credentials, region.getName(), deployDefaults)); + } + } + } + // AccountCredentialsRepository dependency + // Might not be safe when parallel processing + if (awsCleanupProvider.getAgentScheduler() != null) { + if (awsConfigurationProperties.getCleanup().getAlarms().getEnabled()) { + awsCleanupProvider + .getAgents() + .add( + new CleanupAlarmsAgent( + amazonClientProvider, + accountCredentialsRepository, + awsConfigurationProperties.getCleanup().getAlarms().getDaysToKeep())); + } + awsCleanupProvider + .getAgents() + .add( + new CleanupDetachedInstancesAgent( + amazonClientProvider, accountCredentialsRepository)); + } + awsCleanupProvider.getAgents().addAll(newlyAddedAgents); + return newlyAddedAgents; + } +} diff --git a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/provider/view/AmazonS3DataProvider.java b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/provider/view/AmazonS3DataProvider.java index d77ffe32fad..a9b2775d9f3 100644 --- a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/provider/view/AmazonS3DataProvider.java +++ b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/provider/view/AmazonS3DataProvider.java @@ -16,7 +16,8 @@ package com.netflix.spinnaker.clouddriver.aws.provider.view; -import static com.netflix.spinnaker.clouddriver.aws.provider.view.AmazonS3StaticDataProviderConfiguration.*; +import static com.netflix.spinnaker.clouddriver.aws.provider.view.AmazonS3StaticDataProviderConfiguration.AdhocRecord; +import static com.netflix.spinnaker.clouddriver.aws.provider.view.AmazonS3StaticDataProviderConfiguration.StaticRecord; import com.amazonaws.services.s3.AmazonS3; import com.amazonaws.services.s3.model.S3Object; @@ -29,7 +30,7 @@ import com.netflix.spinnaker.clouddriver.aws.security.NetflixAmazonCredentials; import com.netflix.spinnaker.clouddriver.model.DataProvider; import com.netflix.spinnaker.clouddriver.security.AccountCredentials; -import com.netflix.spinnaker.clouddriver.security.AccountCredentialsRepository; +import com.netflix.spinnaker.credentials.CredentialsRepository; import java.io.IOException; import java.io.OutputStream; import java.util.List; @@ -49,7 +50,8 @@ public class AmazonS3DataProvider implements DataProvider { private final ObjectMapper objectMapper; private final AmazonClientProvider amazonClientProvider; - private final AccountCredentialsRepository accountCredentialsRepository; + private final CredentialsRepository + accountCredentialsRepository; private final AmazonS3StaticDataProviderConfiguration configuration; private final Set supportedIdentifiers; @@ -84,7 +86,7 @@ public Object load(String id) throws IOException { public AmazonS3DataProvider( @Qualifier("amazonObjectMapper") ObjectMapper objectMapper, AmazonClientProvider amazonClientProvider, - AccountCredentialsRepository accountCredentialsRepository, + CredentialsRepository accountCredentialsRepository, AmazonS3StaticDataProviderConfiguration configuration) { this.objectMapper = objectMapper; this.amazonClientProvider = amazonClientProvider; diff --git a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/security/AmazonAccountsSynchronizer.groovy b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/security/AmazonAccountsSynchronizer.groovy deleted file mode 100644 index f00687b46ce..00000000000 --- a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/security/AmazonAccountsSynchronizer.groovy +++ /dev/null @@ -1,31 +0,0 @@ -/* - * Copyright 2020 Armory - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package com.netflix.spinnaker.clouddriver.aws.security - -import com.netflix.spinnaker.cats.module.CatsModule -import com.netflix.spinnaker.clouddriver.aws.security.config.CredentialsConfig -import com.netflix.spinnaker.clouddriver.aws.security.config.CredentialsLoader -import com.netflix.spinnaker.clouddriver.security.AccountCredentialsRepository - -interface AmazonAccountsSynchronizer { - - List synchronize( - CredentialsLoader credentialsLoader, - CredentialsConfig credentialsConfig, AccountCredentialsRepository accountCredentialsRepository, - DefaultAccountConfigurationProperties defaultAccountConfigurationProperties, - CatsModule catsModule) -} diff --git a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/security/AmazonBasicCredentialsLoader.java b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/security/AmazonBasicCredentialsLoader.java new file mode 100644 index 00000000000..60b218216ca --- /dev/null +++ b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/security/AmazonBasicCredentialsLoader.java @@ -0,0 +1,102 @@ +/* + * Copyright 2020 Netflix, Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +package com.netflix.spinnaker.clouddriver.aws.security; + +import com.amazonaws.SDKGlobalConfiguration; +import com.amazonaws.regions.Regions; +import com.amazonaws.util.CollectionUtils; +import com.netflix.spinnaker.clouddriver.aws.security.config.CredentialsConfig; +import com.netflix.spinnaker.credentials.CredentialsRepository; +import com.netflix.spinnaker.credentials.definition.BasicCredentialsLoader; +import com.netflix.spinnaker.credentials.definition.CredentialsDefinitionSource; +import com.netflix.spinnaker.credentials.definition.CredentialsParser; +import java.util.*; +import java.util.concurrent.ConcurrentHashMap; +import java.util.stream.Collectors; +import org.apache.commons.lang3.StringUtils; + +public class AmazonBasicCredentialsLoader< + T extends CredentialsConfig.Account, U extends NetflixAmazonCredentials> + extends BasicCredentialsLoader { + protected final CredentialsConfig credentialsConfig; + protected final DefaultAccountConfigurationProperties defaultAccountConfigurationProperties; + protected final Map loadedDefinitions = new ConcurrentHashMap<>(); + protected String defaultEnvironment; + protected String defaultAccountType; + + public AmazonBasicCredentialsLoader( + CredentialsDefinitionSource definitionSource, + CredentialsParser parser, + CredentialsRepository credentialsRepository, + CredentialsConfig credentialsConfig, + DefaultAccountConfigurationProperties defaultAccountConfigurationProperties) { + super(definitionSource, parser, credentialsRepository); + this.credentialsConfig = credentialsConfig; + this.defaultAccountConfigurationProperties = defaultAccountConfigurationProperties; + this.defaultEnvironment = + defaultAccountConfigurationProperties.getEnvironment() != null + ? defaultAccountConfigurationProperties.getEnvironment() + : defaultAccountConfigurationProperties.getEnv(); + this.defaultAccountType = + defaultAccountConfigurationProperties.getAccountType() != null + ? defaultAccountConfigurationProperties.getAccountType() + : defaultAccountConfigurationProperties.getEnv(); + if (!StringUtils.isEmpty(credentialsConfig.getAccessKeyId())) { + System.setProperty( + SDKGlobalConfiguration.ACCESS_KEY_SYSTEM_PROPERTY, credentialsConfig.getAccessKeyId()); + } + if (!StringUtils.isEmpty(credentialsConfig.getSecretAccessKey())) { + System.setProperty( + SDKGlobalConfiguration.SECRET_KEY_SYSTEM_PROPERTY, + credentialsConfig.getSecretAccessKey()); + } + } + + @Override + public void load() { + if (CollectionUtils.isNullOrEmpty(credentialsConfig.getAccounts()) + && (StringUtils.isEmpty(credentialsConfig.getDefaultAssumeRole()))) { + credentialsConfig.setAccounts( + Collections.singletonList( + new CredentialsConfig.Account() { + { + setName(defaultAccountConfigurationProperties.getEnv()); + setEnvironment(defaultEnvironment); + setAccountType(defaultAccountType); + } + })); + if (CollectionUtils.isNullOrEmpty(credentialsConfig.getDefaultRegions())) { + List regions = + new ArrayList<>( + Arrays.asList( + Regions.US_EAST_1, Regions.US_WEST_1, Regions.US_WEST_2, Regions.EU_WEST_1)); + credentialsConfig.setDefaultRegions( + regions.stream() + .map( + it -> + new CredentialsConfig.Region() { + { + setName(it.getName()); + } + }) + .collect(Collectors.toList())); + } + } + this.parse(definitionSource.getCredentialsDefinitions()); + } +} diff --git a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/security/AmazonCredentialProvider.java b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/security/AmazonCredentialProvider.java new file mode 100644 index 00000000000..bf466251499 --- /dev/null +++ b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/security/AmazonCredentialProvider.java @@ -0,0 +1,41 @@ +/* + * Copyright 2020 Netflix, Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +package com.netflix.spinnaker.clouddriver.aws.security; + +import com.netflix.spinnaker.clouddriver.security.CredentialsProvider; +import com.netflix.spinnaker.credentials.CredentialsRepository; +import java.util.Set; + +public class AmazonCredentialProvider + implements CredentialsProvider { + private final CredentialsRepository repository; + + public AmazonCredentialProvider(CredentialsRepository repository) { + this.repository = repository; + } + + @Override + public Set getAll() { + return repository.getAll(); + } + + @Override + public T getCredentials(String name) { + return repository.getOne(name); + } +} diff --git a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/security/AmazonCredentialsInitializer.groovy b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/security/AmazonCredentialsInitializer.groovy index 4e943cec845..28b910f53cc 100644 --- a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/security/AmazonCredentialsInitializer.groovy +++ b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/security/AmazonCredentialsInitializer.groovy @@ -17,14 +17,28 @@ package com.netflix.spinnaker.clouddriver.aws.security import com.amazonaws.auth.AWSCredentialsProvider +import com.netflix.spinnaker.clouddriver.aws.AmazonCloudProvider +import com.netflix.spinnaker.clouddriver.aws.security.config.AmazonCredentialsParser import com.netflix.spinnaker.clouddriver.aws.security.config.CredentialsConfig -import com.netflix.spinnaker.clouddriver.aws.security.config.CredentialsLoader -import com.netflix.spinnaker.clouddriver.security.AccountCredentialsRepository +import com.netflix.spinnaker.clouddriver.aws.security.config.CredentialsConfig.Account +import com.netflix.spinnaker.clouddriver.security.CredentialsInitializerSynchronizable +import com.netflix.spinnaker.credentials.CredentialsLifecycleHandler +import com.netflix.spinnaker.credentials.CredentialsRepository +import com.netflix.spinnaker.credentials.MapBackedCredentialsRepository +import com.netflix.spinnaker.credentials.definition.AbstractCredentialsLoader +import com.netflix.spinnaker.credentials.definition.CredentialsDefinitionSource +import com.netflix.spinnaker.credentials.definition.CredentialsParser +import com.netflix.spinnaker.credentials.poller.Poller import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean import org.springframework.boot.context.properties.ConfigurationProperties import org.springframework.boot.context.properties.EnableConfigurationProperties import org.springframework.context.annotation.Bean import org.springframework.context.annotation.Configuration +import org.springframework.context.annotation.DependsOn +import org.springframework.context.annotation.Lazy + +import javax.annotation.Nullable +import javax.annotation.PostConstruct @Configuration @EnableConfigurationProperties(DefaultAccountConfigurationProperties) @@ -47,28 +61,77 @@ class AmazonCredentialsInitializer { } @Bean - @ConditionalOnMissingBean(CredentialsLoader.class) - CredentialsLoader credentialsLoader(AWSCredentialsProvider awsCredentialsProvider, - AmazonClientProvider amazonClientProvider, - Class credentialsType) { - new CredentialsLoader(awsCredentialsProvider, amazonClientProvider, credentialsType) +// @ConditionalOnMissingBean( +// value = [Account.class, NetflixAmazonCredentials.class], +// parameterizedContainer = AmazonCredentialsParser.class +// ) + CredentialsParser amazonCredentialsParser(AWSCredentialsProvider awsCredentialsProvider, + AmazonClientProvider amazonClientProvider, + Class credentialsType, CredentialsConfig credentialsConfig + ) { + new AmazonCredentialsParser<>( + awsCredentialsProvider, amazonClientProvider, credentialsType, credentialsConfig) } @Bean - @ConditionalOnMissingBean(AmazonAccountsSynchronizer.class) - AmazonAccountsSynchronizer amazonAccountsSynchronizer() { - new DefaultAmazonAccountsSynchronizer() + @ConditionalOnMissingBean( + value = NetflixAmazonCredentials.class, + parameterizedContainer = CredentialsRepository.class) + CredentialsRepository amazonCredentialsRepository( + @Lazy CredentialsLifecycleHandler eventHandler + ) { + return new MapBackedCredentialsRepository(AmazonCloudProvider.ID, eventHandler) } @Bean - List netflixAmazonCredentials( - CredentialsLoader credentialsLoader, - CredentialsConfig credentialsConfig, - AccountCredentialsRepository accountCredentialsRepository, - DefaultAccountConfigurationProperties defaultAccountConfigurationProperties, - AmazonAccountsSynchronizer amazonAccountsSynchronizer) { + @ConditionalOnMissingBean( + value = NetflixAmazonCredentials.class, + parameterizedContainer = AmazonCredentialProvider.class) + AmazonCredentialProvider amazonCredentialProvider( + CredentialsRepository amazonCredentialsRepository + ) { + return new AmazonCredentialProvider<>(amazonCredentialsRepository) + } - amazonAccountsSynchronizer.synchronize(credentialsLoader, credentialsConfig, accountCredentialsRepository, defaultAccountConfigurationProperties, null) + @Bean + @ConditionalOnMissingBean( + value = NetflixAmazonCredentials.class, + parameterizedContainer = AbstractCredentialsLoader.class) + AbstractCredentialsLoader amazonCredentialsLoader( + CredentialsParser amazonCredentialsParser, + @Nullable CredentialsDefinitionSource amazonCredentialsSource, + CredentialsConfig credentialsConfig, + CredentialsRepository repository, + DefaultAccountConfigurationProperties defaultAccountConfigurationProperties + ) { + if (amazonCredentialsSource == null) { + amazonCredentialsSource = { -> credentialsConfig.getAccounts() } as CredentialsDefinitionSource + } + return new AmazonBasicCredentialsLoader( + amazonCredentialsSource, + amazonCredentialsParser, + repository, + credentialsConfig, + defaultAccountConfigurationProperties + ) } + @Bean + @DependsOn("amazonCredentialsLifecycleHandler") + @ConditionalOnMissingBean( + value = Account.class, + parameterizedContainer = CredentialsDefinitionSource.class + ) + CredentialsInitializerSynchronizable AmazonCredentialsInitializerSynchronizable( + AbstractCredentialsLoader amazonCredentialsLoader + ) { + final Poller poller = new Poller<>(amazonCredentialsLoader); + return new CredentialsInitializerSynchronizable() { + @PostConstruct + @Override + void synchronize() { + poller.run() + } + } + } } diff --git a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/security/AmazonCredentialsLifecycleHandler.java b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/security/AmazonCredentialsLifecycleHandler.java new file mode 100644 index 00000000000..050b53d6458 --- /dev/null +++ b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/security/AmazonCredentialsLifecycleHandler.java @@ -0,0 +1,189 @@ +/* + * Copyright 2020 Netflix, Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +package com.netflix.spinnaker.clouddriver.aws.security; + +import com.fasterxml.jackson.databind.ObjectMapper; +import com.netflix.spectator.api.Registry; +import com.netflix.spinnaker.cats.agent.Agent; +import com.netflix.spinnaker.cats.agent.AgentProvider; +import com.netflix.spinnaker.cats.module.CatsModule; +import com.netflix.spinnaker.clouddriver.aws.AmazonCloudProvider; +import com.netflix.spinnaker.clouddriver.aws.AwsConfigurationProperties; +import com.netflix.spinnaker.clouddriver.aws.edda.EddaApiFactory; +import com.netflix.spinnaker.clouddriver.aws.provider.AwsCleanupProvider; +import com.netflix.spinnaker.clouddriver.aws.provider.AwsInfrastructureProvider; +import com.netflix.spinnaker.clouddriver.aws.provider.AwsProvider; +import com.netflix.spinnaker.clouddriver.aws.provider.agent.ReservationReportCachingAgent; +import com.netflix.spinnaker.clouddriver.aws.provider.config.ProviderHelpers; +import com.netflix.spinnaker.clouddriver.aws.provider.view.AmazonS3DataProvider; +import com.netflix.spinnaker.clouddriver.security.ProviderUtils; +import com.netflix.spinnaker.config.AwsConfiguration.DeployDefaults; +import com.netflix.spinnaker.credentials.CredentialsLifecycleHandler; +import com.netflix.spinnaker.credentials.CredentialsRepository; +import com.netflix.spinnaker.kork.dynamicconfig.DynamicConfigService; +import java.util.Collection; +import java.util.Collections; +import java.util.HashSet; +import java.util.List; +import java.util.Optional; +import java.util.Set; +import java.util.concurrent.ExecutorService; +import lombok.RequiredArgsConstructor; +import lombok.extern.slf4j.Slf4j; +import org.jetbrains.annotations.NotNull; +import org.springframework.beans.factory.annotation.Qualifier; +import org.springframework.context.ApplicationContext; +import org.springframework.context.annotation.Lazy; +import org.springframework.stereotype.Component; + +@Component +@Lazy +@Slf4j +@RequiredArgsConstructor +public class AmazonCredentialsLifecycleHandler + implements CredentialsLifecycleHandler { + protected final AwsCleanupProvider awsCleanupProvider; + protected final AwsInfrastructureProvider awsInfrastructureProvider; + protected final AwsProvider awsProvider; + protected final AmazonCloudProvider amazonCloudProvider; + protected final AmazonClientProvider amazonClientProvider; + protected final AmazonS3DataProvider amazonS3DataProvider; + protected final CatsModule catsModule; + + protected final AwsConfigurationProperties awsConfigurationProperties; + protected final ObjectMapper objectMapper; + protected final @Qualifier("amazonObjectMapper") ObjectMapper amazonObjectMapper; + protected final EddaApiFactory eddaApiFactory; + protected final ApplicationContext ctx; + protected final Registry registry; + protected final Optional reservationReportPool; + protected final Optional> agentProviders; + protected final EddaTimeoutConfig eddaTimeoutConfig; + protected final DynamicConfigService dynamicConfigService; + protected final DeployDefaults deployDefaults; + protected final CredentialsRepository + accountCredentialsRepository; // Circular dependency. + private Set publicRegions = new HashSet<>(); + private Set awsInfraRegions = new HashSet<>(); + + @Override + public void credentialsAdded(@NotNull NetflixAmazonCredentials credentials) { + scheduleAgents(credentials); + synchronizeReservationReportCachingAgentAccounts(credentials, true); + } + + @Override + public void credentialsUpdated(@NotNull NetflixAmazonCredentials credentials) { + ProviderUtils.unscheduleAndDeregisterAgents( + Collections.singleton(credentials.getName()), catsModule); + scheduleAgents(credentials); + synchronizeReservationReportCachingAgentAccounts(credentials, true); + } + + @Override + public void credentialsDeleted(NetflixAmazonCredentials credentials) { + ProviderUtils.unscheduleAndDeregisterAgents( + Collections.singleton(credentials.getName()), catsModule); + synchronizeReservationReportCachingAgentAccounts(credentials, false); + } + + private void scheduleAgents(NetflixAmazonCredentials credentials) { + scheduleAWSProviderAgents(credentials); + scheduleAwsInfrastructureProviderAgents(credentials); + scheduleAwsCleanupAgents(credentials); + } + + private void scheduleAwsInfrastructureProviderAgents(NetflixAmazonCredentials credentials) { + ProviderHelpers.BuildResult result = + ProviderHelpers.buildAwsInfrastructureAgents( + credentials, + awsInfrastructureProvider, + accountCredentialsRepository, + amazonClientProvider, + amazonObjectMapper, + registry, + eddaTimeoutConfig, + this.awsInfraRegions); + if (awsInfrastructureProvider.getAgentScheduler() != null) { + ProviderUtils.rescheduleAgents(awsInfrastructureProvider, result.agents); + } + awsInfrastructureProvider.getAgents().addAll(result.agents); + this.awsInfraRegions.addAll(result.regionsToAdd); + } + + private void scheduleAWSProviderAgents(NetflixAmazonCredentials credentials) { + // parallel safe? + ProviderHelpers.BuildResult buildResult = + ProviderHelpers.buildAwsProviderAgents( + credentials, + accountCredentialsRepository, + amazonClientProvider, + objectMapper, + registry, + eddaTimeoutConfig, + awsProvider, + amazonCloudProvider, + dynamicConfigService, + eddaApiFactory, + reservationReportPool, + agentProviders, + ctx, + amazonS3DataProvider, + publicRegions); + if (awsProvider.getAgentScheduler() != null) { + ProviderUtils.rescheduleAgents(awsProvider, buildResult.agents); + } + awsProvider.getAgents().addAll(buildResult.agents); + this.publicRegions.addAll(buildResult.regionsToAdd); + awsProvider.synchronizeHealthAgents(); + } + + private void scheduleAwsCleanupAgents(NetflixAmazonCredentials credentials) { + List newlyAddedAgents = + ProviderHelpers.buildAwsCleanupAgents( + credentials, + accountCredentialsRepository, + amazonClientProvider, + awsCleanupProvider, + deployDefaults, + awsConfigurationProperties); + if (awsCleanupProvider.getAgentScheduler() != null) { + ProviderUtils.rescheduleAgents(awsCleanupProvider, newlyAddedAgents); + } + awsCleanupProvider.getAgents().addAll(newlyAddedAgents); + } + + // This needs to be moved else where. + private void synchronizeReservationReportCachingAgentAccounts( + NetflixAmazonCredentials credentials, boolean add) { + ReservationReportCachingAgent reservationReportCachingAgent = + awsProvider.getAgents().stream() + .filter(agent -> agent instanceof ReservationReportCachingAgent) + .map(ReservationReportCachingAgent.class::cast) + .findFirst() + .orElse(null); + if (reservationReportCachingAgent != null) { + Collection reservationReportAccounts = + reservationReportCachingAgent.getAccounts(); + reservationReportAccounts.removeIf(it -> it.getName().equals(credentials.getName())); + if (add) { + reservationReportAccounts.add(credentials); + } + } + } +} diff --git a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/security/DefaultAmazonAccountsSynchronizer.groovy b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/security/DefaultAmazonAccountsSynchronizer.groovy deleted file mode 100644 index 3a1113adf40..00000000000 --- a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/security/DefaultAmazonAccountsSynchronizer.groovy +++ /dev/null @@ -1,62 +0,0 @@ -/* - * Copyright 2020 Armory - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package com.netflix.spinnaker.clouddriver.aws.security - -import com.netflix.spinnaker.cats.module.CatsModule -import com.netflix.spinnaker.clouddriver.aws.security.config.CredentialsConfig -import com.netflix.spinnaker.clouddriver.aws.security.config.CredentialsLoader -import com.netflix.spinnaker.clouddriver.security.AccountCredentialsRepository -import com.netflix.spinnaker.clouddriver.security.ProviderUtils - -import static com.amazonaws.regions.Regions.* - -class DefaultAmazonAccountsSynchronizer implements AmazonAccountsSynchronizer { - - List synchronize( - CredentialsLoader credentialsLoader, - CredentialsConfig credentialsConfig, - AccountCredentialsRepository accountCredentialsRepository, - DefaultAccountConfigurationProperties defaultAccountConfigurationProperties, - CatsModule catsModule) { - if (!credentialsConfig.accounts && !credentialsConfig.defaultAssumeRole) { - def defaultEnvironment = defaultAccountConfigurationProperties.environment ?: defaultAccountConfigurationProperties.env - def defaultAccountType = defaultAccountConfigurationProperties.accountType ?: defaultAccountConfigurationProperties.env - credentialsConfig.accounts = [new CredentialsConfig.Account(name: defaultAccountConfigurationProperties.env, environment: defaultEnvironment, accountType: defaultAccountType)] - if (!credentialsConfig.defaultRegions) { - credentialsConfig.defaultRegions = [US_EAST_1, US_WEST_1, US_WEST_2, EU_WEST_1].collect { - new CredentialsConfig.Region(name: it.name) - } - } - } - - List accounts = credentialsLoader.load(credentialsConfig) - - def (ArrayList accountsToAdd, List namesOfDeletedAccounts) = - ProviderUtils.calculateAccountDeltas(accountCredentialsRepository, NetflixAmazonCredentials, accounts) - - accountsToAdd.each { NetflixAmazonCredentials account -> - accountCredentialsRepository.save(account.name, account) - } - - ProviderUtils.unscheduleAndDeregisterAgents(namesOfDeletedAccounts, catsModule) - - accountCredentialsRepository.all.findAll { - it instanceof NetflixAmazonCredentials - } as List - } - -} diff --git a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/security/config/CredentialsLoader.java b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/security/config/AmazonCredentialsParser.java similarity index 67% rename from clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/security/config/CredentialsLoader.java rename to clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/security/config/AmazonCredentialsParser.java index 7ec05fadddf..5a428edd8f6 100644 --- a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/security/config/CredentialsLoader.java +++ b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/security/config/AmazonCredentialsParser.java @@ -1,17 +1,18 @@ /* - * Copyright 2015 Netflix, Inc. + * Copyright 2020 Netflix, Inc. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. + * */ package com.netflix.spinnaker.clouddriver.aws.security.config; @@ -20,12 +21,10 @@ import com.amazonaws.auth.AWSCredentialsProvider; import com.fasterxml.jackson.databind.DeserializationFeature; import com.fasterxml.jackson.databind.ObjectMapper; -import com.netflix.spinnaker.clouddriver.aws.security.AWSAccountInfoLookup; -import com.netflix.spinnaker.clouddriver.aws.security.AmazonClientProvider; -import com.netflix.spinnaker.clouddriver.aws.security.AmazonCredentials; -import com.netflix.spinnaker.clouddriver.aws.security.DefaultAWSAccountInfoLookup; +import com.netflix.spinnaker.clouddriver.aws.security.*; import com.netflix.spinnaker.clouddriver.aws.security.config.CredentialsConfig.Account; import com.netflix.spinnaker.clouddriver.aws.security.config.CredentialsConfig.Region; +import com.netflix.spinnaker.credentials.definition.CredentialsParser; import java.lang.reflect.Constructor; import java.lang.reflect.InvocationTargetException; import java.util.*; @@ -34,59 +33,31 @@ import java.util.regex.Pattern; import java.util.stream.Collectors; import org.apache.commons.lang3.StringUtils; +import org.jetbrains.annotations.NotNull; +import org.jetbrains.annotations.Nullable; -public class CredentialsLoader { +public class AmazonCredentialsParser + implements CredentialsParser { private final AWSCredentialsProvider credentialsProvider; private final AWSAccountInfoLookup awsAccountInfoLookup; private final Map templateValues; - private final CredentialTranslator credentialTranslator; + private final CredentialTranslator credentialTranslator; private final ObjectMapper objectMapper; + private final CredentialsConfig credentialsConfig; - public CredentialsLoader( - AWSCredentialsProvider credentialsProvider, - AmazonClientProvider amazonClientProvider, - Class credentialsType) { - this( - credentialsProvider, - amazonClientProvider, - credentialsType, - Collections.emptyMap()); - } - - public CredentialsLoader( + public AmazonCredentialsParser( AWSCredentialsProvider credentialsProvider, AmazonClientProvider amazonClientProvider, - Class credentialsType, - Map templateValues) { - this( - credentialsProvider, - new DefaultAWSAccountInfoLookup(credentialsProvider, amazonClientProvider), - credentialsType, - templateValues); - } - - public CredentialsLoader( - AWSCredentialsProvider credentialsProvider, - AWSAccountInfoLookup awsAccountInfoLookup, - Class credentialsType) { - this( - credentialsProvider, - awsAccountInfoLookup, - credentialsType, - Collections.emptyMap()); - } - - public CredentialsLoader( - AWSCredentialsProvider credentialsProvider, - AWSAccountInfoLookup awsAccountInfoLookup, - Class credentialsType, - Map templateValues) { + Class credentialsType, + CredentialsConfig credentialsConfig) { this.credentialsProvider = Objects.requireNonNull(credentialsProvider, "credentialsProvider"); - this.awsAccountInfoLookup = awsAccountInfoLookup; - this.templateValues = templateValues; + this.awsAccountInfoLookup = + new DefaultAWSAccountInfoLookup(credentialsProvider, amazonClientProvider); + this.templateValues = Collections.emptyMap(); this.objectMapper = new ObjectMapper(); this.credentialTranslator = findTranslator(credentialsType, this.objectMapper); + this.credentialsConfig = credentialsConfig; } private Lazy> createDefaults(final List defaults) { @@ -142,7 +113,9 @@ private List initRegions(Lazy> defaults, List toIni } for (Iterator lookups = toLookup.iterator(); lookups.hasNext(); ) { - Region fromDefault = find(defaults.get(), lookups.next()); + List r = defaults.get(); + String a = lookups.next(); + Region fromDefault = find(r, a); if (fromDefault != null) { lookups.remove(); result.add(fromDefault); @@ -200,19 +173,19 @@ private static List toRegion(List src) { return result; } - public T load(String accountName) throws Throwable { + public V load(String accountName) throws Throwable { CredentialsConfig config = new CredentialsConfig(); Account account = new Account(); account.setName(accountName); config.setAccounts(Arrays.asList(account)); - List result = load(config); + List result = load(config); if (result.size() != 1) { throw new IllegalStateException("failed to create account"); } return result.get(0); } - public List load(CredentialsConfig source) throws Throwable { + public List load(CredentialsConfig source) throws Throwable { final CredentialsConfig config = objectMapper.convertValue(source, CredentialsConfig.class); if (config.getAccounts() == null || config.getAccounts().isEmpty()) { @@ -227,84 +200,101 @@ public List load(CredentialsConfig source) throws Throwable { System.setProperty( SDKGlobalConfiguration.SECRET_KEY_SYSTEM_PROPERTY, config.getSecretAccessKey()); } - Lazy> defaultRegions = createDefaults(config.getDefaultRegions()); - List initializedAccounts = new ArrayList<>(config.getAccounts().size()); + List initializedAccounts = new ArrayList<>(config.getAccounts().size()); for (Account account : config.getAccounts()) { - if (account.getAccountId() == null) { - if (!credentialTranslator.resolveAccountId()) { - throw new IllegalArgumentException( - "accountId is required and not resolvable for this credentials type"); - } - account.setAccountId(awsAccountInfoLookup.findAccountId()); - } + initializedAccounts.add(parseAccount(config, account)); + } + return initializedAccounts.stream() + .filter(AmazonCredentials::isEnabled) + .collect(Collectors.toList()); + } - if (account.getEnvironment() == null) { - account.setEnvironment(account.getName()); + @Nullable + @Override + public V parse(@NotNull U account) { + try { + V a = parseAccount(credentialsConfig, account); + if (a.isEnabled()) { + return a; } + } catch (Throwable t) { + // t.printStackTrace(); + return null; + } + return null; + } - if (account.getAccountType() == null) { - account.setAccountType(account.getName()); + private V parseAccount(CredentialsConfig config, Account account) throws Throwable { + Lazy> defaultRegions = createDefaults(config.getDefaultRegions()); + if (account.getAccountId() == null) { + if (!credentialTranslator.resolveAccountId()) { + throw new IllegalArgumentException( + "accountId is required and not resolvable for this credentials type"); } + account.setAccountId(awsAccountInfoLookup.findAccountId()); + } - account.setRegions(initRegions(defaultRegions, account.getRegions())); - account.setDefaultSecurityGroups( - account.getDefaultSecurityGroups() != null - ? account.getDefaultSecurityGroups() - : config.getDefaultSecurityGroups()); - account.setLifecycleHooks( - account.getLifecycleHooks() != null - ? account.getLifecycleHooks() - : config.getDefaultLifecycleHooks()); - account.setEnabled(Optional.ofNullable(account.getEnabled()).orElse(true)); - - Map templateContext = new HashMap<>(templateValues); - templateContext.put("name", account.getName()); - templateContext.put("accountId", account.getAccountId()); - templateContext.put("environment", account.getEnvironment()); - templateContext.put("accountType", account.getAccountType()); - - account.setDefaultKeyPair( - templateFirstNonNull( - templateContext, account.getDefaultKeyPair(), config.getDefaultKeyPairTemplate())); - account.setEdda( - templateFirstNonNull( - templateContext, account.getEdda(), config.getDefaultEddaTemplate())); - account.setFront50( - templateFirstNonNull( - templateContext, account.getFront50(), config.getDefaultFront50Template())); - account.setDiscovery( - templateFirstNonNull( - templateContext, account.getDiscovery(), config.getDefaultDiscoveryTemplate())); - account.setAssumeRole( - templateFirstNonNull( - templateContext, account.getAssumeRole(), config.getDefaultAssumeRole())); - account.setSessionName( - templateFirstNonNull( - templateContext, account.getSessionName(), config.getDefaultSessionName())); - account.setBastionHost( - templateFirstNonNull( - templateContext, account.getBastionHost(), config.getDefaultBastionHostTemplate())); - - if (account.getLifecycleHooks() != null) { - for (CredentialsConfig.LifecycleHook lifecycleHook : account.getLifecycleHooks()) { - lifecycleHook.setRoleARN( - templateFirstNonNull( - templateContext, - lifecycleHook.getRoleARN(), - config.getDefaultLifecycleHookRoleARNTemplate())); - lifecycleHook.setNotificationTargetARN( - templateFirstNonNull( - templateContext, - lifecycleHook.getNotificationTargetARN(), - config.getDefaultLifecycleHookNotificationTargetARNTemplate())); - } - } + if (account.getEnvironment() == null) { + account.setEnvironment(account.getName()); + } - initializedAccounts.add(credentialTranslator.translate(credentialsProvider, account)); + if (account.getAccountType() == null) { + account.setAccountType(account.getName()); } - return initializedAccounts.stream() - .filter(AmazonCredentials::isEnabled) - .collect(Collectors.toList()); + + account.setRegions(initRegions(defaultRegions, account.getRegions())); + account.setDefaultSecurityGroups( + account.getDefaultSecurityGroups() != null + ? account.getDefaultSecurityGroups() + : config.getDefaultSecurityGroups()); + account.setLifecycleHooks( + account.getLifecycleHooks() != null + ? account.getLifecycleHooks() + : config.getDefaultLifecycleHooks()); + account.setEnabled(Optional.ofNullable(account.getEnabled()).orElse(true)); + + Map templateContext = new HashMap<>(templateValues); + templateContext.put("name", account.getName()); + templateContext.put("accountId", account.getAccountId()); + templateContext.put("environment", account.getEnvironment()); + templateContext.put("accountType", account.getAccountType()); + + account.setDefaultKeyPair( + templateFirstNonNull( + templateContext, account.getDefaultKeyPair(), config.getDefaultKeyPairTemplate())); + account.setEdda( + templateFirstNonNull(templateContext, account.getEdda(), config.getDefaultEddaTemplate())); + account.setFront50( + templateFirstNonNull( + templateContext, account.getFront50(), config.getDefaultFront50Template())); + account.setDiscovery( + templateFirstNonNull( + templateContext, account.getDiscovery(), config.getDefaultDiscoveryTemplate())); + account.setAssumeRole( + templateFirstNonNull( + templateContext, account.getAssumeRole(), config.getDefaultAssumeRole())); + account.setSessionName( + templateFirstNonNull( + templateContext, account.getSessionName(), config.getDefaultSessionName())); + account.setBastionHost( + templateFirstNonNull( + templateContext, account.getBastionHost(), config.getDefaultBastionHostTemplate())); + + if (account.getLifecycleHooks() != null) { + for (CredentialsConfig.LifecycleHook lifecycleHook : account.getLifecycleHooks()) { + lifecycleHook.setRoleARN( + templateFirstNonNull( + templateContext, + lifecycleHook.getRoleARN(), + config.getDefaultLifecycleHookRoleARNTemplate())); + lifecycleHook.setNotificationTargetARN( + templateFirstNonNull( + templateContext, + lifecycleHook.getNotificationTargetARN(), + config.getDefaultLifecycleHookNotificationTargetARNTemplate())); + } + } + return credentialTranslator.translate(credentialsProvider, account); } private static class Lazy { diff --git a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/security/config/CredentialsConfig.java b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/security/config/CredentialsConfig.java index 3b42c7489d3..8ba9a4e92d1 100644 --- a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/security/config/CredentialsConfig.java +++ b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/security/config/CredentialsConfig.java @@ -16,6 +16,7 @@ package com.netflix.spinnaker.clouddriver.aws.security.config; +import com.netflix.spinnaker.credentials.definition.CredentialsDefinition; import com.netflix.spinnaker.fiat.model.resources.Permissions; import java.util.List; @@ -130,7 +131,7 @@ public void setDefaultResult(String defaultResult) { } } - public static class Account { + public static class Account implements CredentialsDefinition { private String name; private String environment; private String accountType; diff --git a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/config/AwsConfiguration.groovy b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/config/AwsConfiguration.groovy index 36d3f0277ed..0c5a4cb6df7 100644 --- a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/config/AwsConfiguration.groovy +++ b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/config/AwsConfiguration.groovy @@ -50,6 +50,7 @@ import com.netflix.spinnaker.clouddriver.event.SpinnakerEvent import com.netflix.spinnaker.clouddriver.saga.config.SagaAutoConfiguration import com.netflix.spinnaker.clouddriver.security.AccountCredentialsRepository import com.netflix.spinnaker.clouddriver.security.ProviderUtils +import com.netflix.spinnaker.credentials.CredentialsRepository import com.netflix.spinnaker.kork.aws.AwsComponents import com.netflix.spinnaker.kork.aws.bastion.BastionConfig import com.netflix.spinnaker.kork.dynamicconfig.DynamicConfigService @@ -184,9 +185,9 @@ class AwsConfiguration { } @Bean - @DependsOn('netflixAmazonCredentials') + @DependsOn('amazonCredentialsLoader') BasicAmazonDeployHandler basicAmazonDeployHandler(RegionScopedProviderFactory regionScopedProviderFactory, - AccountCredentialsRepository accountCredentialsRepository, + CredentialsRepository accountCredentialsRepository, DeployDefaults deployDefaults, ScalingPolicyCopier scalingPolicyCopier, BlockDeviceConfig blockDeviceConfig, @@ -210,56 +211,21 @@ class AwsConfiguration { } @Bean - @DependsOn('netflixAmazonCredentials') + @DependsOn('amazonCredentialsLoader') AwsCleanupProvider awsOperationProvider(AwsConfigurationProperties awsConfigurationProperties, AmazonClientProvider amazonClientProvider, AccountCredentialsRepository accountCredentialsRepository, DeployDefaults deployDefaults) { - def awsCleanupProvider = new AwsCleanupProvider(Collections.newSetFromMap(new ConcurrentHashMap())) - - synchronizeAwsCleanupProvider(awsConfigurationProperties, awsCleanupProvider, amazonClientProvider, accountCredentialsRepository, deployDefaults) - - awsCleanupProvider + return new AwsCleanupProvider(Collections.newSetFromMap(new ConcurrentHashMap())) } @Bean - @DependsOn('netflixAmazonCredentials') + @DependsOn('amazonCredentialsLoader') SecurityGroupLookupFactory securityGroupLookup(AmazonClientProvider amazonClientProvider, - AccountCredentialsRepository accountCredentialsRepository) { + CredentialsRepository accountCredentialsRepository) { new SecurityGroupLookupFactory(amazonClientProvider, accountCredentialsRepository) } - private static void synchronizeAwsCleanupProvider(AwsConfigurationProperties awsConfigurationProperties, - AwsCleanupProvider awsCleanupProvider, - AmazonClientProvider amazonClientProvider, - AccountCredentialsRepository accountCredentialsRepository, - DeployDefaults deployDefaults) { - def scheduledAccounts = ProviderUtils.getScheduledAccounts(awsCleanupProvider) - Set allAccounts = ProviderUtils.buildThreadSafeSetOfAccounts(accountCredentialsRepository, NetflixAmazonCredentials, AmazonCloudProvider.ID) - - List newlyAddedAgents = [] - - allAccounts.each { account -> - if (!scheduledAccounts.contains(account)) { - account.regions.each { region -> - if (deployDefaults.isReconcileClassicLinkAccount(account)) { - newlyAddedAgents << new ReconcileClassicLinkSecurityGroupsAgent( - amazonClientProvider, account, region.name, deployDefaults - ) - } - } - } - } - - if (!awsCleanupProvider.agentScheduler) { - if (awsConfigurationProperties.cleanup.alarms.enabled) { - awsCleanupProvider.agents.add(new CleanupAlarmsAgent(amazonClientProvider, accountCredentialsRepository, awsConfigurationProperties.cleanup.alarms.daysToKeep)) - } - awsCleanupProvider.agents.add(new CleanupDetachedInstancesAgent(amazonClientProvider, accountCredentialsRepository)) - } - awsCleanupProvider.agents.addAll(newlyAddedAgents) - } - @Bean AmazonServerGroupProvider amazonServerGroupProvider(ApplicationContext applicationContext) { return new AmazonServerGroupProvider(applicationContext) diff --git a/clouddriver-aws/src/test/groovy/com/netflix/spinnaker/clouddriver/aws/agent/CleanupDetachedInstancesAgentSpec.groovy b/clouddriver-aws/src/test/groovy/com/netflix/spinnaker/clouddriver/aws/agent/CleanupDetachedInstancesAgentSpec.groovy index 1a9c3177ffd..8f538821c5f 100644 --- a/clouddriver-aws/src/test/groovy/com/netflix/spinnaker/clouddriver/aws/agent/CleanupDetachedInstancesAgentSpec.groovy +++ b/clouddriver-aws/src/test/groovy/com/netflix/spinnaker/clouddriver/aws/agent/CleanupDetachedInstancesAgentSpec.groovy @@ -27,7 +27,10 @@ import com.amazonaws.services.ec2.model.TerminateInstancesRequest import com.netflix.spinnaker.clouddriver.aws.TestCredential import com.netflix.spinnaker.clouddriver.aws.security.AmazonClientProvider import com.netflix.spinnaker.clouddriver.aws.deploy.ops.DetachInstancesAtomicOperation +import com.netflix.spinnaker.clouddriver.aws.security.NetflixAmazonCredentials import com.netflix.spinnaker.clouddriver.security.AccountCredentialsRepository +import com.netflix.spinnaker.credentials.CredentialsRepository +import com.netflix.spinnaker.credentials.MapBackedCredentialsRepository import spock.lang.Shared import spock.lang.Specification import spock.lang.Unroll @@ -46,8 +49,7 @@ class CleanupDetachedInstancesAgentSpec extends Specification { 1 * getAmazonEC2(test, "us-east-1", true) >> { amazonEC2USE } 0 * _ } - - def accountCredentialsRepository = Mock(AccountCredentialsRepository) { + def accountCredentialsRepository = Mock(MapBackedCredentialsRepository) { 1 * getAll() >> [test] 0 * _ } diff --git a/clouddriver-ecs/src/main/java/com/netflix/spinnaker/clouddriver/ecs/cache/client/ContainerInstanceCacheClient.java b/clouddriver-ecs/src/main/java/com/netflix/spinnaker/clouddriver/ecs/cache/client/ContainerInstanceCacheClient.java index 07ac5f51d69..a3d5e29f12e 100644 --- a/clouddriver-ecs/src/main/java/com/netflix/spinnaker/clouddriver/ecs/cache/client/ContainerInstanceCacheClient.java +++ b/clouddriver-ecs/src/main/java/com/netflix/spinnaker/clouddriver/ecs/cache/client/ContainerInstanceCacheClient.java @@ -23,13 +23,14 @@ import com.netflix.spinnaker.clouddriver.ecs.cache.model.ContainerInstance; import java.util.Map; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.context.annotation.Lazy; import org.springframework.stereotype.Component; @Component public class ContainerInstanceCacheClient extends AbstractCacheClient { @Autowired - public ContainerInstanceCacheClient(Cache cacheView) { + public ContainerInstanceCacheClient(@Lazy Cache cacheView) { super(cacheView, CONTAINER_INSTANCES.toString()); } diff --git a/clouddriver-ecs/src/main/java/com/netflix/spinnaker/clouddriver/ecs/cache/client/EcsCloudWatchAlarmCacheClient.java b/clouddriver-ecs/src/main/java/com/netflix/spinnaker/clouddriver/ecs/cache/client/EcsCloudWatchAlarmCacheClient.java index 0635329ef33..eee33010d84 100644 --- a/clouddriver-ecs/src/main/java/com/netflix/spinnaker/clouddriver/ecs/cache/client/EcsCloudWatchAlarmCacheClient.java +++ b/clouddriver-ecs/src/main/java/com/netflix/spinnaker/clouddriver/ecs/cache/client/EcsCloudWatchAlarmCacheClient.java @@ -27,13 +27,14 @@ import java.util.List; import java.util.Map; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.context.annotation.Lazy; import org.springframework.stereotype.Component; @Component public class EcsCloudWatchAlarmCacheClient extends AbstractCacheClient { @Autowired - public EcsCloudWatchAlarmCacheClient(Cache cacheView) { + public EcsCloudWatchAlarmCacheClient(@Lazy Cache cacheView) { super(cacheView, ALARMS.toString()); } diff --git a/clouddriver-ecs/src/main/java/com/netflix/spinnaker/clouddriver/ecs/cache/client/EcsClusterCacheClient.java b/clouddriver-ecs/src/main/java/com/netflix/spinnaker/clouddriver/ecs/cache/client/EcsClusterCacheClient.java index 2b48f375b46..e3a616f2511 100644 --- a/clouddriver-ecs/src/main/java/com/netflix/spinnaker/clouddriver/ecs/cache/client/EcsClusterCacheClient.java +++ b/clouddriver-ecs/src/main/java/com/netflix/spinnaker/clouddriver/ecs/cache/client/EcsClusterCacheClient.java @@ -23,13 +23,14 @@ import com.netflix.spinnaker.clouddriver.ecs.cache.model.EcsCluster; import java.util.Map; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.context.annotation.Lazy; import org.springframework.stereotype.Component; @Component public class EcsClusterCacheClient extends AbstractCacheClient { @Autowired - public EcsClusterCacheClient(Cache cacheView) { + public EcsClusterCacheClient(@Lazy Cache cacheView) { super(cacheView, ECS_CLUSTERS.toString()); } diff --git a/clouddriver-ecs/src/main/java/com/netflix/spinnaker/clouddriver/ecs/cache/client/EcsInstanceCacheClient.java b/clouddriver-ecs/src/main/java/com/netflix/spinnaker/clouddriver/ecs/cache/client/EcsInstanceCacheClient.java index 4a521d260b2..01a86970daf 100644 --- a/clouddriver-ecs/src/main/java/com/netflix/spinnaker/clouddriver/ecs/cache/client/EcsInstanceCacheClient.java +++ b/clouddriver-ecs/src/main/java/com/netflix/spinnaker/clouddriver/ecs/cache/client/EcsInstanceCacheClient.java @@ -25,6 +25,7 @@ import java.util.Collection; import java.util.Set; import java.util.stream.Collectors; +import org.springframework.context.annotation.Lazy; import org.springframework.stereotype.Component; @Component @@ -33,7 +34,7 @@ public class EcsInstanceCacheClient { private final Cache cacheView; private final ObjectMapper objectMapper; - public EcsInstanceCacheClient(Cache cacheView, ObjectMapper objectMapper) { + public EcsInstanceCacheClient(@Lazy Cache cacheView, ObjectMapper objectMapper) { this.cacheView = cacheView; this.objectMapper = objectMapper; } diff --git a/clouddriver-ecs/src/main/java/com/netflix/spinnaker/clouddriver/ecs/cache/client/EcsLoadbalancerCacheClient.java b/clouddriver-ecs/src/main/java/com/netflix/spinnaker/clouddriver/ecs/cache/client/EcsLoadbalancerCacheClient.java index 08321e3369a..231bfefb16d 100644 --- a/clouddriver-ecs/src/main/java/com/netflix/spinnaker/clouddriver/ecs/cache/client/EcsLoadbalancerCacheClient.java +++ b/clouddriver-ecs/src/main/java/com/netflix/spinnaker/clouddriver/ecs/cache/client/EcsLoadbalancerCacheClient.java @@ -28,6 +28,7 @@ import com.netflix.spinnaker.clouddriver.ecs.provider.view.EcsAccountMapper; import java.util.*; import java.util.stream.Collectors; +import org.springframework.context.annotation.Lazy; import org.springframework.stereotype.Component; @Component @@ -38,7 +39,7 @@ public class EcsLoadbalancerCacheClient { private final EcsAccountMapper ecsAccountMapper; public EcsLoadbalancerCacheClient( - Cache cacheView, ObjectMapper objectMapper, EcsAccountMapper ecsAccountMapper) { + @Lazy Cache cacheView, ObjectMapper objectMapper, EcsAccountMapper ecsAccountMapper) { this.cacheView = cacheView; this.objectMapper = objectMapper; this.ecsAccountMapper = ecsAccountMapper; diff --git a/clouddriver-ecs/src/main/java/com/netflix/spinnaker/clouddriver/ecs/cache/client/EcsTargetGroupCacheClient.java b/clouddriver-ecs/src/main/java/com/netflix/spinnaker/clouddriver/ecs/cache/client/EcsTargetGroupCacheClient.java index 82828b86ba9..0b457e02958 100644 --- a/clouddriver-ecs/src/main/java/com/netflix/spinnaker/clouddriver/ecs/cache/client/EcsTargetGroupCacheClient.java +++ b/clouddriver-ecs/src/main/java/com/netflix/spinnaker/clouddriver/ecs/cache/client/EcsTargetGroupCacheClient.java @@ -32,6 +32,7 @@ import java.util.Map; import java.util.Set; import java.util.stream.Collectors; +import org.springframework.context.annotation.Lazy; import org.springframework.stereotype.Component; @Component @@ -40,7 +41,7 @@ public class EcsTargetGroupCacheClient { private final Cache cacheView; private final ObjectMapper objectMapper; - public EcsTargetGroupCacheClient(Cache cacheView, ObjectMapper objectMapper) { + public EcsTargetGroupCacheClient(@Lazy Cache cacheView, ObjectMapper objectMapper) { this.cacheView = cacheView; this.objectMapper = objectMapper; } diff --git a/clouddriver-ecs/src/main/java/com/netflix/spinnaker/clouddriver/ecs/cache/client/IamRoleCacheClient.java b/clouddriver-ecs/src/main/java/com/netflix/spinnaker/clouddriver/ecs/cache/client/IamRoleCacheClient.java index a019800520d..818974d8d8c 100644 --- a/clouddriver-ecs/src/main/java/com/netflix/spinnaker/clouddriver/ecs/cache/client/IamRoleCacheClient.java +++ b/clouddriver-ecs/src/main/java/com/netflix/spinnaker/clouddriver/ecs/cache/client/IamRoleCacheClient.java @@ -29,13 +29,14 @@ import java.util.Set; import java.util.stream.Collectors; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.context.annotation.Lazy; import org.springframework.stereotype.Component; @Component public class IamRoleCacheClient extends AbstractCacheClient { @Autowired - public IamRoleCacheClient(Cache cacheView) { + public IamRoleCacheClient(@Lazy Cache cacheView) { super(cacheView, IAM_ROLE.toString()); } diff --git a/clouddriver-ecs/src/main/java/com/netflix/spinnaker/clouddriver/ecs/cache/client/ScalableTargetCacheClient.java b/clouddriver-ecs/src/main/java/com/netflix/spinnaker/clouddriver/ecs/cache/client/ScalableTargetCacheClient.java index 0304563194f..badb13fbdfb 100644 --- a/clouddriver-ecs/src/main/java/com/netflix/spinnaker/clouddriver/ecs/cache/client/ScalableTargetCacheClient.java +++ b/clouddriver-ecs/src/main/java/com/netflix/spinnaker/clouddriver/ecs/cache/client/ScalableTargetCacheClient.java @@ -23,6 +23,7 @@ import com.netflix.spinnaker.cats.cache.Cache; import com.netflix.spinnaker.cats.cache.CacheData; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.context.annotation.Lazy; import org.springframework.stereotype.Component; @Component @@ -30,7 +31,7 @@ public class ScalableTargetCacheClient extends AbstractCacheClient { @Autowired - public SecretCacheClient(Cache cacheView) { + public SecretCacheClient(@Lazy Cache cacheView) { super(cacheView, SECRETS.toString()); } diff --git a/clouddriver-ecs/src/main/java/com/netflix/spinnaker/clouddriver/ecs/cache/client/ServiceCacheClient.java b/clouddriver-ecs/src/main/java/com/netflix/spinnaker/clouddriver/ecs/cache/client/ServiceCacheClient.java index 9b9c725d2a6..ac1f48179e3 100644 --- a/clouddriver-ecs/src/main/java/com/netflix/spinnaker/clouddriver/ecs/cache/client/ServiceCacheClient.java +++ b/clouddriver-ecs/src/main/java/com/netflix/spinnaker/clouddriver/ecs/cache/client/ServiceCacheClient.java @@ -28,6 +28,7 @@ import java.util.List; import java.util.Map; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.context.annotation.Lazy; import org.springframework.stereotype.Component; @Component @@ -35,7 +36,7 @@ public class ServiceCacheClient extends AbstractCacheClient { private ObjectMapper objectMapper; @Autowired - public ServiceCacheClient(Cache cacheView, ObjectMapper objectMapper) { + public ServiceCacheClient(@Lazy Cache cacheView, ObjectMapper objectMapper) { super(cacheView, SERVICES.toString()); this.objectMapper = objectMapper; } diff --git a/clouddriver-ecs/src/main/java/com/netflix/spinnaker/clouddriver/ecs/cache/client/ServiceDiscoveryCacheClient.java b/clouddriver-ecs/src/main/java/com/netflix/spinnaker/clouddriver/ecs/cache/client/ServiceDiscoveryCacheClient.java index 9ef409dbe52..5edd1f6adbc 100644 --- a/clouddriver-ecs/src/main/java/com/netflix/spinnaker/clouddriver/ecs/cache/client/ServiceDiscoveryCacheClient.java +++ b/clouddriver-ecs/src/main/java/com/netflix/spinnaker/clouddriver/ecs/cache/client/ServiceDiscoveryCacheClient.java @@ -22,13 +22,14 @@ import com.netflix.spinnaker.clouddriver.ecs.cache.model.ServiceDiscoveryRegistry; import java.util.Map; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.context.annotation.Lazy; import org.springframework.stereotype.Component; @Component public class ServiceDiscoveryCacheClient extends AbstractCacheClient { @Autowired - public ServiceDiscoveryCacheClient(Cache cacheView) { + public ServiceDiscoveryCacheClient(@Lazy Cache cacheView) { super(cacheView, SERVICE_DISCOVERY_REGISTRIES.toString()); } diff --git a/clouddriver-ecs/src/main/java/com/netflix/spinnaker/clouddriver/ecs/cache/client/TargetHealthCacheClient.java b/clouddriver-ecs/src/main/java/com/netflix/spinnaker/clouddriver/ecs/cache/client/TargetHealthCacheClient.java index 74ba5cde49a..ee01e5245ed 100644 --- a/clouddriver-ecs/src/main/java/com/netflix/spinnaker/clouddriver/ecs/cache/client/TargetHealthCacheClient.java +++ b/clouddriver-ecs/src/main/java/com/netflix/spinnaker/clouddriver/ecs/cache/client/TargetHealthCacheClient.java @@ -27,6 +27,7 @@ import java.util.List; import java.util.Map; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.context.annotation.Lazy; import org.springframework.stereotype.Component; @Component @@ -34,7 +35,7 @@ public class TargetHealthCacheClient extends AbstractCacheClient { private ObjectMapper objectMapper; @Autowired - public TaskCacheClient(Cache cacheView, ObjectMapper objectMapper) { + public TaskCacheClient(@Lazy Cache cacheView, ObjectMapper objectMapper) { super(cacheView, TASKS.toString()); this.objectMapper = objectMapper; } diff --git a/clouddriver-ecs/src/main/java/com/netflix/spinnaker/clouddriver/ecs/cache/client/TaskDefinitionCacheClient.java b/clouddriver-ecs/src/main/java/com/netflix/spinnaker/clouddriver/ecs/cache/client/TaskDefinitionCacheClient.java index 07f243b5484..82abd3aabf8 100644 --- a/clouddriver-ecs/src/main/java/com/netflix/spinnaker/clouddriver/ecs/cache/client/TaskDefinitionCacheClient.java +++ b/clouddriver-ecs/src/main/java/com/netflix/spinnaker/clouddriver/ecs/cache/client/TaskDefinitionCacheClient.java @@ -28,6 +28,7 @@ import java.util.List; import java.util.Map; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.context.annotation.Lazy; import org.springframework.stereotype.Component; @Component @@ -35,7 +36,7 @@ public class TaskDefinitionCacheClient extends AbstractCacheClient { @Autowired - public TaskHealthCacheClient(Cache cacheView) { + public TaskHealthCacheClient(@Lazy Cache cacheView) { super(cacheView, HEALTH.toString()); } diff --git a/clouddriver-ecs/src/main/java/com/netflix/spinnaker/clouddriver/ecs/security/EcsCredentialsInitializer.java b/clouddriver-ecs/src/main/java/com/netflix/spinnaker/clouddriver/ecs/security/EcsCredentialsInitializer.java index 4a0fdf1d21f..24f03a18f8d 100644 --- a/clouddriver-ecs/src/main/java/com/netflix/spinnaker/clouddriver/ecs/security/EcsCredentialsInitializer.java +++ b/clouddriver-ecs/src/main/java/com/netflix/spinnaker/clouddriver/ecs/security/EcsCredentialsInitializer.java @@ -18,10 +18,11 @@ import com.netflix.spinnaker.clouddriver.aws.security.NetflixAmazonCredentials; import com.netflix.spinnaker.clouddriver.aws.security.NetflixAssumeRoleAmazonCredentials; +import com.netflix.spinnaker.clouddriver.aws.security.config.AmazonCredentialsParser; import com.netflix.spinnaker.clouddriver.aws.security.config.CredentialsConfig; -import com.netflix.spinnaker.clouddriver.aws.security.config.CredentialsLoader; import com.netflix.spinnaker.clouddriver.security.AccountCredentials; -import com.netflix.spinnaker.clouddriver.security.AccountCredentialsRepository; +import com.netflix.spinnaker.credentials.CredentialsRepository; +import com.netflix.spinnaker.credentials.definition.CredentialsParser; import java.util.Collections; import java.util.LinkedList; import java.util.List; @@ -40,20 +41,24 @@ public ECSCredentialsConfig ecsCredentialsConfig() { } @Bean - @DependsOn("netflixAmazonCredentials") + @DependsOn("amazonCredentialsLoader") public List netflixECSCredentials( - CredentialsLoader credentialsLoader, - ECSCredentialsConfig credentialsConfig, - AccountCredentialsRepository accountCredentialsRepository) + CredentialsRepository accountCredentialsRepository, + CredentialsParser + amazonCredentialsParser, + ECSCredentialsConfig credentialsConfig) throws Throwable { return synchronizeECSAccounts( - credentialsLoader, credentialsConfig, accountCredentialsRepository); + accountCredentialsRepository, + (AmazonCredentialsParser) amazonCredentialsParser, + credentialsConfig); } private List synchronizeECSAccounts( - CredentialsLoader credentialsLoader, - ECSCredentialsConfig ecsCredentialsConfig, - AccountCredentialsRepository accountCredentialsRepository) + CredentialsRepository accountCredentialsRepository, + AmazonCredentialsParser + amazonCredentialsParser, + ECSCredentialsConfig ecsCredentialsConfig) throws Throwable { // TODO: add support for mutable accounts. @@ -78,11 +83,12 @@ private List synchronizeECSAccounts( NetflixECSCredentials ecsCredentials = new NetflixAssumeRoleEcsCredentials( - (NetflixAssumeRoleAmazonCredentials) credentialsLoader.load(ecsCopy).get(0), + (NetflixAssumeRoleAmazonCredentials) + amazonCredentialsParser.load(ecsCopy).get(0), ecsAccount.getAwsAccount()); credentials.add(ecsCredentials); - accountCredentialsRepository.save(ecsAccount.getName(), ecsCredentials); + accountCredentialsRepository.save(ecsCredentials); break; } } diff --git a/clouddriver-ecs/src/main/java/com/netflix/spinnaker/clouddriver/ecs/view/EcsApplicationProvider.java b/clouddriver-ecs/src/main/java/com/netflix/spinnaker/clouddriver/ecs/view/EcsApplicationProvider.java index d452c65273e..75a82886e55 100644 --- a/clouddriver-ecs/src/main/java/com/netflix/spinnaker/clouddriver/ecs/view/EcsApplicationProvider.java +++ b/clouddriver-ecs/src/main/java/com/netflix/spinnaker/clouddriver/ecs/view/EcsApplicationProvider.java @@ -31,6 +31,7 @@ import java.util.Map; import java.util.Set; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.context.annotation.Lazy; import org.springframework.stereotype.Component; @Component @@ -42,7 +43,7 @@ public class EcsApplicationProvider implements ApplicationProvider { @Autowired public EcsApplicationProvider( AccountCredentialsProvider accountCredentialsProvider, - ServiceCacheClient serviceCacheClient) { + @Lazy ServiceCacheClient serviceCacheClient) { this.accountCredentialsProvider = accountCredentialsProvider; this.serviceCacheClient = serviceCacheClient; } diff --git a/clouddriver-ecs/src/main/java/com/netflix/spinnaker/clouddriver/ecs/view/EcsInstanceProvider.java b/clouddriver-ecs/src/main/java/com/netflix/spinnaker/clouddriver/ecs/view/EcsInstanceProvider.java index f8bdfeadca6..541e7a6922b 100644 --- a/clouddriver-ecs/src/main/java/com/netflix/spinnaker/clouddriver/ecs/view/EcsInstanceProvider.java +++ b/clouddriver-ecs/src/main/java/com/netflix/spinnaker/clouddriver/ecs/view/EcsInstanceProvider.java @@ -30,9 +30,11 @@ import java.util.Map; import org.apache.commons.lang3.StringUtils; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.context.annotation.Lazy; import org.springframework.stereotype.Component; @Component +@Lazy public class EcsInstanceProvider implements InstanceProvider { private final TaskCacheClient taskCacheClient; diff --git a/clouddriver-lambda/src/main/java/com/netflix/spinnaker/clouddriver/lambda/provider/agent/LambdaAgentProvider.java b/clouddriver-lambda/src/main/java/com/netflix/spinnaker/clouddriver/lambda/provider/agent/LambdaAgentProvider.java index 56a645f5d8f..4fa83aeadad 100644 --- a/clouddriver-lambda/src/main/java/com/netflix/spinnaker/clouddriver/lambda/provider/agent/LambdaAgentProvider.java +++ b/clouddriver-lambda/src/main/java/com/netflix/spinnaker/clouddriver/lambda/provider/agent/LambdaAgentProvider.java @@ -24,27 +24,28 @@ import com.netflix.spinnaker.clouddriver.aws.security.AmazonClientProvider; import com.netflix.spinnaker.clouddriver.aws.security.AmazonCredentials; import com.netflix.spinnaker.clouddriver.aws.security.NetflixAmazonCredentials; -import com.netflix.spinnaker.clouddriver.security.AccountCredentialsProvider; +import com.netflix.spinnaker.credentials.CredentialsRepository; import java.util.ArrayList; import java.util.Collection; import java.util.List; +import java.util.Objects; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.context.annotation.Lazy; import org.springframework.stereotype.Component; @Component public class LambdaAgentProvider implements AgentProvider { private final ObjectMapper objectMapper; - - private final AccountCredentialsProvider accountCredentialsProvider; + private final CredentialsRepository credentialsRepository; private final AmazonClientProvider amazonClientProvider; @Autowired public LambdaAgentProvider( - AccountCredentialsProvider accountCredentialsProvider, + @Lazy CredentialsRepository credentialsRepository, AmazonClientProvider amazonClientProvider) { this.objectMapper = AmazonObjectMapperConfigurer.createConfigured(); - this.accountCredentialsProvider = accountCredentialsProvider; + this.credentialsRepository = credentialsRepository; this.amazonClientProvider = amazonClientProvider; } @@ -57,8 +58,8 @@ public boolean supports(String providerName) { public Collection agents() { List agents = new ArrayList<>(); - accountCredentialsProvider.getAll().stream() - .filter(c -> c instanceof NetflixAmazonCredentials) + credentialsRepository.getAll().stream() + .filter(Objects::nonNull) .map(c -> (NetflixAmazonCredentials) c) .filter(NetflixAmazonCredentials::getLambdaEnabled) .forEach( From 68619dd25f0b2ca24a797f50e656a441705ab878 Mon Sep 17 00:00:00 2001 From: Manabu McCloskey Date: Wed, 30 Sep 2020 15:11:16 -0600 Subject: [PATCH 02/14] Use CredentialsProvider instead of AccountCredentialsProvider --- .../AmazonClusterController.groovy | 4 ++-- .../ops/AllowLaunchAtomicOperation.groovy | 12 +++++------ .../ops/CopyLastAsgAtomicOperation.groovy | 13 ++++++------ .../AllowLaunchDescriptionValidator.groovy | 7 ++++--- ...sicAmazonDeployDescriptionValidator.groovy | 9 +++++---- ...eteAmazonSnapshotDescriptionValidator.java | 7 ++++--- ...chConfigurationDescriptionValidator.groovy | 9 +++++---- ...ifyServerGroupLaunchTemplateValidator.java | 7 ++++--- .../aws/health/AmazonHealthIndicator.groovy | 8 +++----- .../InstanceTerminationLifecycleWorker.java | 20 ++++++++++++++----- ...nceTerminationLifecycleWorkerProvider.java | 6 +++--- .../LaunchFailureNotificationAgent.java | 6 +++--- ...aunchFailureNotificationAgentProvider.java | 6 +++--- ...LaunchFailureNotificationCleanupAgent.java | 6 +++--- .../LifecycleSubscriberConfiguration.java | 5 +++-- .../view/AmazonCloudMetricProvider.groovy | 13 ++++-------- .../view/AmazonInstanceProvider.groovy | 12 +++++------ .../view/AmazonSecurityGroupProvider.groovy | 7 ++++--- .../AmazonCredentialsInitializer.groovy | 2 +- 19 files changed, 84 insertions(+), 75 deletions(-) diff --git a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/controllers/AmazonClusterController.groovy b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/controllers/AmazonClusterController.groovy index 4c5c6dcc7ee..fcd4325b19a 100644 --- a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/controllers/AmazonClusterController.groovy +++ b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/controllers/AmazonClusterController.groovy @@ -19,8 +19,8 @@ package com.netflix.spinnaker.clouddriver.aws.controllers import com.amazonaws.services.autoscaling.model.Activity import com.amazonaws.services.autoscaling.model.DescribeScalingActivitiesRequest import com.netflix.spinnaker.clouddriver.aws.security.AmazonClientProvider +import com.netflix.spinnaker.clouddriver.aws.security.AmazonCredentialProvider import com.netflix.spinnaker.clouddriver.aws.security.NetflixAmazonCredentials -import com.netflix.spinnaker.clouddriver.security.AccountCredentialsProvider import org.springframework.beans.factory.annotation.Autowired import org.springframework.http.HttpStatus import org.springframework.http.ResponseEntity @@ -31,7 +31,7 @@ import org.springframework.web.bind.annotation.* class AmazonClusterController { @Autowired - AccountCredentialsProvider accountCredentialsProvider + AmazonCredentialProvider accountCredentialsProvider @Autowired AmazonClientProvider amazonClientProvider diff --git a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/deploy/ops/AllowLaunchAtomicOperation.groovy b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/deploy/ops/AllowLaunchAtomicOperation.groovy index 0801fb4c3b8..a9c5927eca3 100644 --- a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/deploy/ops/AllowLaunchAtomicOperation.groovy +++ b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/deploy/ops/AllowLaunchAtomicOperation.groovy @@ -18,18 +18,18 @@ package com.netflix.spinnaker.clouddriver.aws.deploy.ops import com.amazonaws.services.ec2.AmazonEC2 import com.amazonaws.services.ec2.model.* +import com.netflix.spinnaker.clouddriver.aws.deploy.AmiIdResolver +import com.netflix.spinnaker.clouddriver.aws.deploy.ResolvedAmiResult +import com.netflix.spinnaker.clouddriver.aws.deploy.description.AllowLaunchDescription +import com.netflix.spinnaker.clouddriver.aws.model.AwsResultsRetriever import com.netflix.spinnaker.clouddriver.aws.security.AmazonClientProvider +import com.netflix.spinnaker.clouddriver.aws.security.AmazonCredentialProvider import com.netflix.spinnaker.clouddriver.aws.security.AmazonCredentials import com.netflix.spinnaker.clouddriver.aws.security.NetflixAmazonCredentials import com.netflix.spinnaker.clouddriver.data.task.Task import com.netflix.spinnaker.clouddriver.data.task.TaskRepository import com.netflix.spinnaker.clouddriver.helpers.OperationPoller import com.netflix.spinnaker.clouddriver.orchestration.AtomicOperation -import com.netflix.spinnaker.clouddriver.security.AccountCredentialsProvider -import com.netflix.spinnaker.clouddriver.aws.deploy.AmiIdResolver -import com.netflix.spinnaker.clouddriver.aws.deploy.ResolvedAmiResult -import com.netflix.spinnaker.clouddriver.aws.deploy.description.AllowLaunchDescription -import com.netflix.spinnaker.clouddriver.aws.model.AwsResultsRetriever import com.netflix.spinnaker.kork.core.RetrySupport import groovy.transform.Canonical import org.springframework.beans.factory.annotation.Autowired @@ -51,7 +51,7 @@ class AllowLaunchAtomicOperation implements AtomicOperation { AmazonClientProvider amazonClientProvider @Autowired - AccountCredentialsProvider accountCredentialsProvider + AmazonCredentialProvider accountCredentialsProvider @Override ResolvedAmiResult operate(List priorOutputs) { diff --git a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/deploy/ops/CopyLastAsgAtomicOperation.groovy b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/deploy/ops/CopyLastAsgAtomicOperation.groovy index 1be231cdeb1..fc64b758080 100644 --- a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/deploy/ops/CopyLastAsgAtomicOperation.groovy +++ b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/deploy/ops/CopyLastAsgAtomicOperation.groovy @@ -15,6 +15,7 @@ */ package com.netflix.spinnaker.clouddriver.aws.deploy.ops + import com.amazonaws.services.autoscaling.model.AutoScalingGroup import com.amazonaws.services.autoscaling.model.DescribeAutoScalingGroupsRequest import com.amazonaws.services.ec2.model.DescribeSubnetsRequest @@ -22,21 +23,21 @@ import com.amazonaws.services.ec2.model.LaunchTemplateVersion import com.amazonaws.services.elasticloadbalancingv2.model.DescribeTargetGroupsRequest import com.netflix.frigga.Names import com.netflix.frigga.autoscaling.AutoScalingGroupNameBuilder +import com.netflix.spinnaker.clouddriver.aws.deploy.description.BasicAmazonDeployDescription +import com.netflix.spinnaker.clouddriver.aws.deploy.handlers.BasicAmazonDeployHandler import com.netflix.spinnaker.clouddriver.aws.deploy.userdata.LocalFileUserDataProperties import com.netflix.spinnaker.clouddriver.aws.deploy.validators.BasicAmazonDeployDescriptionValidator +import com.netflix.spinnaker.clouddriver.aws.model.SubnetData import com.netflix.spinnaker.clouddriver.aws.security.AmazonClientProvider +import com.netflix.spinnaker.clouddriver.aws.security.AmazonCredentialProvider import com.netflix.spinnaker.clouddriver.aws.security.NetflixAmazonCredentials +import com.netflix.spinnaker.clouddriver.aws.services.RegionScopedProviderFactory import com.netflix.spinnaker.clouddriver.data.task.Task import com.netflix.spinnaker.clouddriver.data.task.TaskRepository import com.netflix.spinnaker.clouddriver.deploy.DeploymentResult import com.netflix.spinnaker.clouddriver.deploy.DescriptionValidationErrors import com.netflix.spinnaker.clouddriver.deploy.DescriptionValidationException import com.netflix.spinnaker.clouddriver.orchestration.AtomicOperation -import com.netflix.spinnaker.clouddriver.security.AccountCredentialsProvider -import com.netflix.spinnaker.clouddriver.aws.deploy.description.BasicAmazonDeployDescription -import com.netflix.spinnaker.clouddriver.aws.deploy.handlers.BasicAmazonDeployHandler -import com.netflix.spinnaker.clouddriver.aws.model.SubnetData -import com.netflix.spinnaker.clouddriver.aws.services.RegionScopedProviderFactory import org.springframework.beans.factory.annotation.Autowired class CopyLastAsgAtomicOperation implements AtomicOperation { @@ -56,7 +57,7 @@ class CopyLastAsgAtomicOperation implements AtomicOperation { AmazonClientProvider amazonClientProvider @Autowired - AccountCredentialsProvider accountCredentialsProvider + AmazonCredentialProvider accountCredentialsProvider @Autowired RegionScopedProviderFactory regionScopedProviderFactory diff --git a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/deploy/validators/AllowLaunchDescriptionValidator.groovy b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/deploy/validators/AllowLaunchDescriptionValidator.groovy index 6e0cf95d3ef..f3a423dad42 100644 --- a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/deploy/validators/AllowLaunchDescriptionValidator.groovy +++ b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/deploy/validators/AllowLaunchDescriptionValidator.groovy @@ -16,17 +16,18 @@ package com.netflix.spinnaker.clouddriver.aws.deploy.validators +import com.netflix.spinnaker.clouddriver.aws.deploy.description.AllowLaunchDescription +import com.netflix.spinnaker.clouddriver.aws.security.AmazonCredentialProvider +import com.netflix.spinnaker.clouddriver.aws.security.NetflixAmazonCredentials import com.netflix.spinnaker.clouddriver.deploy.DescriptionValidator import com.netflix.spinnaker.clouddriver.deploy.ValidationErrors -import com.netflix.spinnaker.clouddriver.security.AccountCredentialsProvider -import com.netflix.spinnaker.clouddriver.aws.deploy.description.AllowLaunchDescription import org.springframework.beans.factory.annotation.Autowired import org.springframework.stereotype.Component @Component("allowLaunchDescriptionValidator") class AllowLaunchDescriptionValidator extends DescriptionValidator { @Autowired - AccountCredentialsProvider accountCredentialsProvider + AmazonCredentialProvider accountCredentialsProvider @Override void validate(List priorDescriptions, AllowLaunchDescription description, ValidationErrors errors) { diff --git a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/deploy/validators/BasicAmazonDeployDescriptionValidator.groovy b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/deploy/validators/BasicAmazonDeployDescriptionValidator.groovy index 379e12b23fc..412a1338b8e 100644 --- a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/deploy/validators/BasicAmazonDeployDescriptionValidator.groovy +++ b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/deploy/validators/BasicAmazonDeployDescriptionValidator.groovy @@ -17,12 +17,13 @@ package com.netflix.spinnaker.clouddriver.aws.deploy.validators import com.netflix.spinnaker.clouddriver.aws.AmazonOperation +import com.netflix.spinnaker.clouddriver.aws.deploy.description.BasicAmazonDeployDescription +import com.netflix.spinnaker.clouddriver.aws.model.AmazonBlockDevice +import com.netflix.spinnaker.clouddriver.aws.security.AmazonCredentialProvider import com.netflix.spinnaker.clouddriver.aws.security.AmazonCredentials +import com.netflix.spinnaker.clouddriver.aws.security.NetflixAmazonCredentials import com.netflix.spinnaker.clouddriver.deploy.ValidationErrors import com.netflix.spinnaker.clouddriver.orchestration.AtomicOperations -import com.netflix.spinnaker.clouddriver.security.AccountCredentialsProvider -import com.netflix.spinnaker.clouddriver.aws.model.AmazonBlockDevice -import com.netflix.spinnaker.clouddriver.aws.deploy.description.BasicAmazonDeployDescription import groovy.transform.stc.ClosureParams import groovy.transform.stc.SimpleType import org.springframework.beans.factory.annotation.Autowired @@ -32,7 +33,7 @@ import org.springframework.stereotype.Component @AmazonOperation(AtomicOperations.CREATE_SERVER_GROUP) class BasicAmazonDeployDescriptionValidator extends AmazonDescriptionValidationSupport { @Autowired - AccountCredentialsProvider accountCredentialsProvider + AmazonCredentialProvider accountCredentialsProvider @Override void validate(List priorDescriptions, BasicAmazonDeployDescription description, ValidationErrors errors) { diff --git a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/deploy/validators/DeleteAmazonSnapshotDescriptionValidator.java b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/deploy/validators/DeleteAmazonSnapshotDescriptionValidator.java index 91b906342c1..39f99081763 100644 --- a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/deploy/validators/DeleteAmazonSnapshotDescriptionValidator.java +++ b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/deploy/validators/DeleteAmazonSnapshotDescriptionValidator.java @@ -20,9 +20,10 @@ import com.netflix.spinnaker.clouddriver.aws.AmazonOperation; import com.netflix.spinnaker.clouddriver.aws.deploy.description.DeleteAmazonSnapshotDescription; +import com.netflix.spinnaker.clouddriver.aws.security.AmazonCredentialProvider; +import com.netflix.spinnaker.clouddriver.aws.security.NetflixAmazonCredentials; import com.netflix.spinnaker.clouddriver.deploy.ValidationErrors; import com.netflix.spinnaker.clouddriver.orchestration.AtomicOperations; -import com.netflix.spinnaker.clouddriver.security.AccountCredentialsProvider; import java.util.List; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; @@ -32,11 +33,11 @@ public class DeleteAmazonSnapshotDescriptionValidator extends AmazonDescriptionValidationSupport { - AccountCredentialsProvider accountCredentialsProvider; + AmazonCredentialProvider accountCredentialsProvider; @Autowired public DeleteAmazonSnapshotDescriptionValidator( - AccountCredentialsProvider accountCredentialsProvider) { + AmazonCredentialProvider accountCredentialsProvider) { this.accountCredentialsProvider = accountCredentialsProvider; } diff --git a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/deploy/validators/ModifyAsgLaunchConfigurationDescriptionValidator.groovy b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/deploy/validators/ModifyAsgLaunchConfigurationDescriptionValidator.groovy index 84bdb717ef9..9e94f5fadd3 100644 --- a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/deploy/validators/ModifyAsgLaunchConfigurationDescriptionValidator.groovy +++ b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/deploy/validators/ModifyAsgLaunchConfigurationDescriptionValidator.groovy @@ -17,12 +17,13 @@ package com.netflix.spinnaker.clouddriver.aws.deploy.validators import com.netflix.spinnaker.clouddriver.aws.AmazonOperation +import com.netflix.spinnaker.clouddriver.aws.deploy.description.ModifyAsgLaunchConfigurationDescription +import com.netflix.spinnaker.clouddriver.aws.model.AmazonBlockDevice +import com.netflix.spinnaker.clouddriver.aws.security.AmazonCredentialProvider import com.netflix.spinnaker.clouddriver.aws.security.AmazonCredentials +import com.netflix.spinnaker.clouddriver.aws.security.NetflixAmazonCredentials import com.netflix.spinnaker.clouddriver.deploy.ValidationErrors import com.netflix.spinnaker.clouddriver.orchestration.AtomicOperations -import com.netflix.spinnaker.clouddriver.security.AccountCredentialsProvider -import com.netflix.spinnaker.clouddriver.aws.deploy.description.ModifyAsgLaunchConfigurationDescription -import com.netflix.spinnaker.clouddriver.aws.model.AmazonBlockDevice import org.springframework.beans.factory.annotation.Autowired import org.springframework.stereotype.Component @@ -30,7 +31,7 @@ import org.springframework.stereotype.Component @Component("modifyAsgLaunchConfigurationDescriptionValidator") class ModifyAsgLaunchConfigurationDescriptionValidator extends AmazonDescriptionValidationSupport { @Autowired - AccountCredentialsProvider accountCredentialsProvider + AmazonCredentialProvider accountCredentialsProvider @Override void validate(List priorDescriptions, ModifyAsgLaunchConfigurationDescription description, ValidationErrors errors) { diff --git a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/deploy/validators/ModifyServerGroupLaunchTemplateValidator.java b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/deploy/validators/ModifyServerGroupLaunchTemplateValidator.java index 32c697fb0bd..da71d9ad910 100644 --- a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/deploy/validators/ModifyServerGroupLaunchTemplateValidator.java +++ b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/deploy/validators/ModifyServerGroupLaunchTemplateValidator.java @@ -20,11 +20,12 @@ import com.netflix.spinnaker.clouddriver.aws.AmazonOperation; import com.netflix.spinnaker.clouddriver.aws.deploy.description.ModifyServerGroupLaunchTemplateDescription; import com.netflix.spinnaker.clouddriver.aws.model.AmazonBlockDevice; +import com.netflix.spinnaker.clouddriver.aws.security.AmazonCredentialProvider; import com.netflix.spinnaker.clouddriver.aws.security.AmazonCredentials; +import com.netflix.spinnaker.clouddriver.aws.security.NetflixAmazonCredentials; import com.netflix.spinnaker.clouddriver.deploy.ValidationErrors; import com.netflix.spinnaker.clouddriver.orchestration.AtomicOperations; import com.netflix.spinnaker.clouddriver.security.AccountCredentials; -import com.netflix.spinnaker.clouddriver.security.AccountCredentialsProvider; import java.util.List; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; @@ -33,11 +34,11 @@ @Component("modifyServerGroupLaunchTemplateDescriptionValidator") public class ModifyServerGroupLaunchTemplateValidator extends AmazonDescriptionValidationSupport { - private final AccountCredentialsProvider accountCredentialsProvider; + private final AmazonCredentialProvider accountCredentialsProvider; @Autowired public ModifyServerGroupLaunchTemplateValidator( - AccountCredentialsProvider accountCredentialsProvider) { + AmazonCredentialProvider accountCredentialsProvider) { this.accountCredentialsProvider = accountCredentialsProvider; } diff --git a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/health/AmazonHealthIndicator.groovy b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/health/AmazonHealthIndicator.groovy index 7ac9763930d..de9fcc68ad8 100644 --- a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/health/AmazonHealthIndicator.groovy +++ b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/health/AmazonHealthIndicator.groovy @@ -19,12 +19,10 @@ package com.netflix.spinnaker.clouddriver.aws.health import com.amazonaws.AmazonClientException import com.amazonaws.AmazonServiceException import com.amazonaws.services.ec2.AmazonEC2 -import com.amazonaws.services.ec2.model.AmazonEC2Exception -import com.netflix.spectator.api.Counter import com.netflix.spectator.api.Registry import com.netflix.spinnaker.clouddriver.aws.security.AmazonClientProvider +import com.netflix.spinnaker.clouddriver.aws.security.AmazonCredentialProvider import com.netflix.spinnaker.clouddriver.aws.security.NetflixAmazonCredentials -import com.netflix.spinnaker.clouddriver.security.AccountCredentialsProvider import groovy.transform.InheritConstructors import org.slf4j.Logger import org.slf4j.LoggerFactory @@ -44,7 +42,7 @@ class AmazonHealthIndicator implements HealthIndicator { private static final Logger LOG = LoggerFactory.getLogger(AmazonHealthIndicator) - private final AccountCredentialsProvider accountCredentialsProvider + private final AmazonCredentialProvider accountCredentialsProvider private final AmazonClientProvider amazonClientProvider private final AtomicReference lastException = new AtomicReference<>(null) @@ -53,7 +51,7 @@ class AmazonHealthIndicator implements HealthIndicator { private final AtomicLong errors; @Autowired - AmazonHealthIndicator(AccountCredentialsProvider accountCredentialsProvider, + AmazonHealthIndicator(AmazonCredentialProvider accountCredentialsProvider, AmazonClientProvider amazonClientProvider, Registry registry) { this.accountCredentialsProvider = accountCredentialsProvider diff --git a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/lifecycle/InstanceTerminationLifecycleWorker.java b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/lifecycle/InstanceTerminationLifecycleWorker.java index 7ce30ebb6fa..e94f5eb3399 100644 --- a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/lifecycle/InstanceTerminationLifecycleWorker.java +++ b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/lifecycle/InstanceTerminationLifecycleWorker.java @@ -15,7 +15,11 @@ */ package com.netflix.spinnaker.clouddriver.aws.lifecycle; -import com.amazonaws.auth.policy.*; +import com.amazonaws.auth.policy.Condition; +import com.amazonaws.auth.policy.Policy; +import com.amazonaws.auth.policy.Principal; +import com.amazonaws.auth.policy.Resource; +import com.amazonaws.auth.policy.Statement; import com.amazonaws.auth.policy.Statement.Effect; import com.amazonaws.auth.policy.actions.SNSActions; import com.amazonaws.auth.policy.actions.SQSActions; @@ -32,15 +36,21 @@ import com.netflix.spectator.api.Registry; import com.netflix.spinnaker.clouddriver.aws.deploy.ops.discovery.AwsEurekaSupport; import com.netflix.spinnaker.clouddriver.aws.security.AmazonClientProvider; +import com.netflix.spinnaker.clouddriver.aws.security.AmazonCredentialProvider; import com.netflix.spinnaker.clouddriver.aws.security.AmazonCredentials.LifecycleHook; import com.netflix.spinnaker.clouddriver.aws.security.NetflixAmazonCredentials; import com.netflix.spinnaker.clouddriver.eureka.api.Eureka; import com.netflix.spinnaker.clouddriver.eureka.deploy.ops.AbstractEurekaSupport.DiscoveryStatus; import com.netflix.spinnaker.clouddriver.security.AccountCredentials; -import com.netflix.spinnaker.clouddriver.security.AccountCredentialsProvider; import java.io.IOException; import java.time.Duration; -import java.util.*; +import java.util.Arrays; +import java.util.Collections; +import java.util.Date; +import java.util.HashMap; +import java.util.HashSet; +import java.util.List; +import java.util.Set; import java.util.stream.Collectors; import javax.inject.Provider; import org.slf4j.Logger; @@ -59,7 +69,7 @@ public class InstanceTerminationLifecycleWorker implements Runnable { ObjectMapper objectMapper; AmazonClientProvider amazonClientProvider; - AccountCredentialsProvider accountCredentialsProvider; + AmazonCredentialProvider accountCredentialsProvider; InstanceTerminationConfigurationProperties properties; Provider discoverySupport; Registry registry; @@ -72,7 +82,7 @@ public class InstanceTerminationLifecycleWorker implements Runnable { public InstanceTerminationLifecycleWorker( ObjectMapper objectMapper, AmazonClientProvider amazonClientProvider, - AccountCredentialsProvider accountCredentialsProvider, + AmazonCredentialProvider accountCredentialsProvider, InstanceTerminationConfigurationProperties properties, Provider discoverySupport, Registry registry) { diff --git a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/lifecycle/InstanceTerminationLifecycleWorkerProvider.java b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/lifecycle/InstanceTerminationLifecycleWorkerProvider.java index 20e06b74105..065f2d6d5d0 100644 --- a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/lifecycle/InstanceTerminationLifecycleWorkerProvider.java +++ b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/lifecycle/InstanceTerminationLifecycleWorkerProvider.java @@ -20,8 +20,8 @@ import com.netflix.spectator.api.Registry; import com.netflix.spinnaker.clouddriver.aws.deploy.ops.discovery.AwsEurekaSupport; import com.netflix.spinnaker.clouddriver.aws.security.AmazonClientProvider; +import com.netflix.spinnaker.clouddriver.aws.security.AmazonCredentialProvider; import com.netflix.spinnaker.clouddriver.aws.security.NetflixAmazonCredentials; -import com.netflix.spinnaker.clouddriver.security.AccountCredentialsProvider; import java.util.concurrent.ExecutorService; import java.util.concurrent.Executors; import java.util.concurrent.RejectedExecutionException; @@ -47,7 +47,7 @@ public class InstanceTerminationLifecycleWorkerProvider { private final ObjectMapper objectMapper; private final AmazonClientProvider amazonClientProvider; - private final AccountCredentialsProvider accountCredentialsProvider; + private final AmazonCredentialProvider accountCredentialsProvider; private final InstanceTerminationConfigurationProperties properties; private final Provider discoverySupport; private final Registry registry; @@ -56,7 +56,7 @@ public class InstanceTerminationLifecycleWorkerProvider { InstanceTerminationLifecycleWorkerProvider( @Qualifier("amazonObjectMapper") ObjectMapper objectMapper, AmazonClientProvider amazonClientProvider, - AccountCredentialsProvider accountCredentialsProvider, + AmazonCredentialProvider accountCredentialsProvider, InstanceTerminationConfigurationProperties properties, Provider discoverySupport, Registry registry) { diff --git a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/lifecycle/LaunchFailureNotificationAgent.java b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/lifecycle/LaunchFailureNotificationAgent.java index cec0d53cf6d..36220383c39 100644 --- a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/lifecycle/LaunchFailureNotificationAgent.java +++ b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/lifecycle/LaunchFailureNotificationAgent.java @@ -35,10 +35,10 @@ import com.netflix.spinnaker.clouddriver.aws.AmazonCloudProvider; import com.netflix.spinnaker.clouddriver.aws.provider.AwsProvider; import com.netflix.spinnaker.clouddriver.aws.security.AmazonClientProvider; +import com.netflix.spinnaker.clouddriver.aws.security.AmazonCredentialProvider; import com.netflix.spinnaker.clouddriver.aws.security.NetflixAmazonCredentials; import com.netflix.spinnaker.clouddriver.cache.CustomScheduledAgent; import com.netflix.spinnaker.clouddriver.security.AccountCredentials; -import com.netflix.spinnaker.clouddriver.security.AccountCredentialsProvider; import com.netflix.spinnaker.clouddriver.tags.EntityTagger; import java.io.IOException; import java.util.Collections; @@ -64,7 +64,7 @@ class LaunchFailureNotificationAgent implements RunnableAgent, CustomScheduledAg private final ObjectMapper objectMapper; private final AmazonClientProvider amazonClientProvider; - private final AccountCredentialsProvider accountCredentialsProvider; + private final AmazonCredentialProvider accountCredentialsProvider; private final LaunchFailureConfigurationProperties properties; private final EntityTagger serverGroupTagger; @@ -77,7 +77,7 @@ class LaunchFailureNotificationAgent implements RunnableAgent, CustomScheduledAg LaunchFailureNotificationAgent( ObjectMapper objectMapper, AmazonClientProvider amazonClientProvider, - AccountCredentialsProvider accountCredentialsProvider, + AmazonCredentialProvider accountCredentialsProvider, LaunchFailureConfigurationProperties properties, EntityTagger serverGroupTagger) { this.objectMapper = objectMapper; diff --git a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/lifecycle/LaunchFailureNotificationAgentProvider.java b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/lifecycle/LaunchFailureNotificationAgentProvider.java index 6f5a8c3066e..09411af23dd 100644 --- a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/lifecycle/LaunchFailureNotificationAgentProvider.java +++ b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/lifecycle/LaunchFailureNotificationAgentProvider.java @@ -21,8 +21,8 @@ import com.netflix.spinnaker.cats.agent.AgentProvider; import com.netflix.spinnaker.clouddriver.aws.provider.AwsProvider; import com.netflix.spinnaker.clouddriver.aws.security.AmazonClientProvider; +import com.netflix.spinnaker.clouddriver.aws.security.AmazonCredentialProvider; import com.netflix.spinnaker.clouddriver.aws.security.NetflixAmazonCredentials; -import com.netflix.spinnaker.clouddriver.security.AccountCredentialsProvider; import com.netflix.spinnaker.clouddriver.tags.EntityTagger; import java.util.Collection; import java.util.List; @@ -35,14 +35,14 @@ public class LaunchFailureNotificationAgentProvider implements AgentProvider { private final ObjectMapper objectMapper; private final AmazonClientProvider amazonClientProvider; - private final AccountCredentialsProvider accountCredentialsProvider; + private final AmazonCredentialProvider accountCredentialsProvider; private final LaunchFailureConfigurationProperties properties; private final EntityTagger entityTagger; LaunchFailureNotificationAgentProvider( ObjectMapper objectMapper, AmazonClientProvider amazonClientProvider, - AccountCredentialsProvider accountCredentialsProvider, + AmazonCredentialProvider accountCredentialsProvider, LaunchFailureConfigurationProperties properties, EntityTagger entityTagger) { this.objectMapper = objectMapper; diff --git a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/lifecycle/LaunchFailureNotificationCleanupAgent.java b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/lifecycle/LaunchFailureNotificationCleanupAgent.java index 39b00a2c4ff..ed0b36a1e8d 100644 --- a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/lifecycle/LaunchFailureNotificationCleanupAgent.java +++ b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/lifecycle/LaunchFailureNotificationCleanupAgent.java @@ -26,10 +26,10 @@ import com.netflix.spinnaker.clouddriver.aws.AmazonCloudProvider; import com.netflix.spinnaker.clouddriver.aws.provider.AwsProvider; import com.netflix.spinnaker.clouddriver.aws.security.AmazonClientProvider; +import com.netflix.spinnaker.clouddriver.aws.security.AmazonCredentialProvider; import com.netflix.spinnaker.clouddriver.aws.security.NetflixAmazonCredentials; import com.netflix.spinnaker.clouddriver.cache.CustomScheduledAgent; import com.netflix.spinnaker.clouddriver.model.EntityTags; -import com.netflix.spinnaker.clouddriver.security.AccountCredentialsProvider; import com.netflix.spinnaker.clouddriver.tags.EntityTagger; import java.lang.reflect.InvocationTargetException; import java.lang.reflect.UndeclaredThrowableException; @@ -47,12 +47,12 @@ public class LaunchFailureNotificationCleanupAgent implements RunnableAgent, Cus private static final int MAX_RESULTS = 10000; private final AmazonClientProvider amazonClientProvider; - private final AccountCredentialsProvider accountCredentialsProvider; + private final AmazonCredentialProvider accountCredentialsProvider; private final EntityTagger serverGroupTagger; LaunchFailureNotificationCleanupAgent( AmazonClientProvider amazonClientProvider, - AccountCredentialsProvider accountCredentialsProvider, + AmazonCredentialProvider accountCredentialsProvider, EntityTagger serverGroupTagger) { this.amazonClientProvider = amazonClientProvider; this.accountCredentialsProvider = accountCredentialsProvider; diff --git a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/lifecycle/LifecycleSubscriberConfiguration.java b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/lifecycle/LifecycleSubscriberConfiguration.java index 6885d38ebf2..e7cac4a93f7 100644 --- a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/lifecycle/LifecycleSubscriberConfiguration.java +++ b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/lifecycle/LifecycleSubscriberConfiguration.java @@ -18,7 +18,8 @@ import com.fasterxml.jackson.databind.ObjectMapper; import com.netflix.spinnaker.clouddriver.aws.security.AmazonClientProvider; -import com.netflix.spinnaker.clouddriver.security.AccountCredentialsProvider; +import com.netflix.spinnaker.clouddriver.aws.security.AmazonCredentialProvider; +import com.netflix.spinnaker.clouddriver.aws.security.NetflixAmazonCredentials; import com.netflix.spinnaker.clouddriver.tags.EntityTagger; import org.springframework.beans.factory.annotation.Qualifier; import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty; @@ -38,7 +39,7 @@ class LifecycleSubscriberConfiguration { LaunchFailureNotificationAgentProvider launchFailureNotificationAgentProvider( @Qualifier("amazonObjectMapper") ObjectMapper objectMapper, AmazonClientProvider amazonClientProvider, - AccountCredentialsProvider accountCredentialsProvider, + AmazonCredentialProvider accountCredentialsProvider, LaunchFailureConfigurationProperties properties, EntityTagger entityTagger) { return new LaunchFailureNotificationAgentProvider( diff --git a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/provider/view/AmazonCloudMetricProvider.groovy b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/provider/view/AmazonCloudMetricProvider.groovy index 0f82abbe445..7d34aa15a85 100644 --- a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/provider/view/AmazonCloudMetricProvider.groovy +++ b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/provider/view/AmazonCloudMetricProvider.groovy @@ -17,19 +17,14 @@ package com.netflix.spinnaker.clouddriver.aws.provider.view import com.amazonaws.services.cloudwatch.AmazonCloudWatch -import com.amazonaws.services.cloudwatch.model.Dimension -import com.amazonaws.services.cloudwatch.model.DimensionFilter -import com.amazonaws.services.cloudwatch.model.GetMetricStatisticsRequest -import com.amazonaws.services.cloudwatch.model.GetMetricStatisticsResult -import com.amazonaws.services.cloudwatch.model.ListMetricsRequest +import com.amazonaws.services.cloudwatch.model.* import com.netflix.spinnaker.clouddriver.aws.AmazonCloudProvider -import com.netflix.spinnaker.clouddriver.aws.model.AmazonMetricDatapoint import com.netflix.spinnaker.clouddriver.aws.model.AmazonMetricDescriptor import com.netflix.spinnaker.clouddriver.aws.model.AmazonMetricStatistics import com.netflix.spinnaker.clouddriver.aws.security.AmazonClientProvider +import com.netflix.spinnaker.clouddriver.aws.security.AmazonCredentialProvider import com.netflix.spinnaker.clouddriver.aws.security.NetflixAmazonCredentials import com.netflix.spinnaker.clouddriver.model.CloudMetricProvider -import com.netflix.spinnaker.clouddriver.security.AccountCredentialsProvider import org.springframework.beans.factory.annotation.Autowired import org.springframework.stereotype.Component @@ -37,12 +32,12 @@ import org.springframework.stereotype.Component class AmazonCloudMetricProvider implements CloudMetricProvider { final AmazonClientProvider amazonClientProvider - final AccountCredentialsProvider accountCredentialsProvider + final AmazonCredentialProvider accountCredentialsProvider final AmazonCloudProvider amazonCloudProvider @Autowired AmazonCloudMetricProvider(AmazonClientProvider amazonClientProvider, - AccountCredentialsProvider accountCredentialsProvider, + AmazonCredentialProvider accountCredentialsProvider, AmazonCloudProvider amazonCloudProvider) { this.amazonClientProvider = amazonClientProvider this.accountCredentialsProvider = accountCredentialsProvider diff --git a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/provider/view/AmazonInstanceProvider.groovy b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/provider/view/AmazonInstanceProvider.groovy index 07addb59ccc..e0c1defa825 100644 --- a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/provider/view/AmazonInstanceProvider.groovy +++ b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/provider/view/AmazonInstanceProvider.groovy @@ -20,19 +20,17 @@ import com.amazonaws.services.ec2.model.GetConsoleOutputRequest import com.netflix.spinnaker.cats.cache.Cache import com.netflix.spinnaker.cats.cache.CacheData import com.netflix.spinnaker.clouddriver.aws.AmazonCloudProvider +import com.netflix.spinnaker.clouddriver.aws.data.Keys +import com.netflix.spinnaker.clouddriver.aws.model.AmazonInstance import com.netflix.spinnaker.clouddriver.aws.security.AmazonClientProvider +import com.netflix.spinnaker.clouddriver.aws.security.AmazonCredentialProvider import com.netflix.spinnaker.clouddriver.aws.security.NetflixAmazonCredentials import com.netflix.spinnaker.clouddriver.core.provider.agent.ExternalHealthProvider import com.netflix.spinnaker.clouddriver.model.InstanceProvider -import com.netflix.spinnaker.clouddriver.security.AccountCredentialsProvider -import com.netflix.spinnaker.clouddriver.aws.data.Keys -import com.netflix.spinnaker.clouddriver.aws.model.AmazonInstance import org.springframework.beans.factory.annotation.Autowired import org.springframework.stereotype.Component -import static com.netflix.spinnaker.clouddriver.core.provider.agent.Namespace.HEALTH -import static com.netflix.spinnaker.clouddriver.core.provider.agent.Namespace.INSTANCES -import static com.netflix.spinnaker.clouddriver.core.provider.agent.Namespace.SERVER_GROUPS +import static com.netflix.spinnaker.clouddriver.core.provider.agent.Namespace.* @Component class AmazonInstanceProvider implements InstanceProvider { @@ -52,7 +50,7 @@ class AmazonInstanceProvider implements InstanceProvider AmazonClientProvider amazonClientProvider @Autowired - AccountCredentialsProvider accountCredentialsProvider + AmazonCredentialProvider accountCredentialsProvider @Override AmazonInstance getInstance(String account, String region, String id) { diff --git a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/provider/view/AmazonSecurityGroupProvider.groovy b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/provider/view/AmazonSecurityGroupProvider.groovy index 60b971113ef..185288041b8 100644 --- a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/provider/view/AmazonSecurityGroupProvider.groovy +++ b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/provider/view/AmazonSecurityGroupProvider.groovy @@ -27,13 +27,14 @@ import com.netflix.spinnaker.cats.cache.RelationshipCacheFilter import com.netflix.spinnaker.clouddriver.aws.AmazonCloudProvider import com.netflix.spinnaker.clouddriver.aws.cache.Keys import com.netflix.spinnaker.clouddriver.aws.model.AmazonSecurityGroup +import com.netflix.spinnaker.clouddriver.aws.security.AmazonCredentialProvider import com.netflix.spinnaker.clouddriver.aws.security.AmazonCredentials +import com.netflix.spinnaker.clouddriver.aws.security.NetflixAmazonCredentials import com.netflix.spinnaker.clouddriver.model.AddressableRange import com.netflix.spinnaker.clouddriver.model.SecurityGroupProvider import com.netflix.spinnaker.clouddriver.model.securitygroups.IpRangeRule import com.netflix.spinnaker.clouddriver.model.securitygroups.Rule import com.netflix.spinnaker.clouddriver.model.securitygroups.SecurityGroupRule -import com.netflix.spinnaker.clouddriver.security.AccountCredentialsProvider import groovy.transform.Canonical import org.springframework.beans.factory.annotation.Autowired import org.springframework.beans.factory.annotation.Qualifier @@ -45,13 +46,13 @@ import static com.netflix.spinnaker.clouddriver.aws.cache.Keys.Namespace.SECURIT class AmazonSecurityGroupProvider implements SecurityGroupProvider { final String cloudProvider = AmazonCloudProvider.ID - final AccountCredentialsProvider accountCredentialsProvider + final AmazonCredentialProvider accountCredentialsProvider final Cache cacheView final ObjectMapper objectMapper final Set accounts @Autowired - AmazonSecurityGroupProvider(AccountCredentialsProvider accountCredentialsProvider, + AmazonSecurityGroupProvider(AmazonCredentialProvider accountCredentialsProvider, Cache cacheView, @Qualifier("amazonObjectMapper") ObjectMapper objectMapper) { this.accountCredentialsProvider = accountCredentialsProvider diff --git a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/security/AmazonCredentialsInitializer.groovy b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/security/AmazonCredentialsInitializer.groovy index 28b910f53cc..fcef8cefee0 100644 --- a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/security/AmazonCredentialsInitializer.groovy +++ b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/security/AmazonCredentialsInitializer.groovy @@ -87,7 +87,7 @@ class AmazonCredentialsInitializer { @ConditionalOnMissingBean( value = NetflixAmazonCredentials.class, parameterizedContainer = AmazonCredentialProvider.class) - AmazonCredentialProvider amazonCredentialProvider( + AmazonCredentialProvider amazonCredentialProvider( CredentialsRepository amazonCredentialsRepository ) { return new AmazonCredentialProvider<>(amazonCredentialsRepository) From 7769c2c0d7e3de4f7eb9bed3084bc9f302453c97 Mon Sep 17 00:00:00 2001 From: Manabu McCloskey Date: Thu, 1 Oct 2020 16:20:11 -0600 Subject: [PATCH 03/14] WIP not working --- .../aws/agent/CleanupAlarmsAgent.groovy | 6 +- .../CleanupDetachedInstancesAgent.groovy | 6 +- .../handlers/BasicAmazonDeployHandler.groovy | 4 +- .../ModifyServerGroupLaunchTemplate.java | 4 +- ...repareModifyServerGroupLaunchTemplate.java | 4 +- .../ops/actions/UpdateAutoScalingGroup.java | 4 +- .../SecurityGroupLookupFactory.groovy | 4 +- .../aws/provider/AwsProvider.groovy | 4 +- .../agent/AmazonInstanceTypeCachingAgent.java | 8 +- .../ReservationReportCachingAgent.groovy | 4 +- .../provider/config/AwsProviderConfig.groovy | 2 +- .../aws/provider/config/ProviderHelpers.java | 6 +- .../provider/view/AmazonS3DataProvider.java | 5 +- .../AmazonCredentialsInitializer.groovy | 5 +- .../AmazonCredentialsLifecycleHandler.java | 2 +- .../config/AmazonCredentialsParser.java | 11 - .../security/config/CredentialsConfig.java | 2 +- .../spinnaker/config/AwsConfiguration.groovy | 4 +- .../clouddriver/ecs/provider/EcsProvider.java | 6 +- .../provider/config/EcsProviderConfig.java | 7 +- .../ecs/security/CredentialsLoader.java | 426 ++++++++++++++++++ .../security/ECSBasicCredentialsLoader.java | 36 ++ .../ecs/security/ECSCredentialsConfig.java | 3 +- .../ECSCredentialsLifeCycleHandler.java | 168 +++++++ .../ecs/security/ECSCredentialsParser.java | 76 ++++ .../security/EcsCredentialsInitializer.java | 84 +++- 26 files changed, 813 insertions(+), 78 deletions(-) create mode 100644 clouddriver-ecs/src/main/java/com/netflix/spinnaker/clouddriver/ecs/security/CredentialsLoader.java create mode 100644 clouddriver-ecs/src/main/java/com/netflix/spinnaker/clouddriver/ecs/security/ECSBasicCredentialsLoader.java create mode 100644 clouddriver-ecs/src/main/java/com/netflix/spinnaker/clouddriver/ecs/security/ECSCredentialsLifeCycleHandler.java create mode 100644 clouddriver-ecs/src/main/java/com/netflix/spinnaker/clouddriver/ecs/security/ECSCredentialsParser.java diff --git a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/agent/CleanupAlarmsAgent.groovy b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/agent/CleanupAlarmsAgent.groovy index cc84733cfdf..dcd2511ac9d 100644 --- a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/agent/CleanupAlarmsAgent.groovy +++ b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/agent/CleanupAlarmsAgent.groovy @@ -45,20 +45,20 @@ class CleanupAlarmsAgent implements RunnableAgent, CustomScheduledAgent { public static final Pattern ALARM_NAME_PATTERN = Pattern.compile(".+-v[0-9]{3}-alarm-.+") final AmazonClientProvider amazonClientProvider - final CredentialsRepository accountCredentialsRepository + final CredentialsRepository accountCredentialsRepository final long pollIntervalMillis final long timeoutMillis final int daysToLeave CleanupAlarmsAgent(AmazonClientProvider amazonClientProvider, - CredentialsRepository accountCredentialsRepository, + CredentialsRepository accountCredentialsRepository, int daysToLeave) { this(amazonClientProvider, accountCredentialsRepository, POLL_INTERVAL_MILLIS, DEFAULT_TIMEOUT_MILLIS, daysToLeave) } CleanupAlarmsAgent(AmazonClientProvider amazonClientProvider, - CredentialsRepository accountCredentialsRepository, + CredentialsRepository accountCredentialsRepository, long pollIntervalMillis, long timeoutMills, int daysToLeave) { diff --git a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/agent/CleanupDetachedInstancesAgent.groovy b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/agent/CleanupDetachedInstancesAgent.groovy index 8552b520a56..2b2281c1717 100644 --- a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/agent/CleanupDetachedInstancesAgent.groovy +++ b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/agent/CleanupDetachedInstancesAgent.groovy @@ -40,17 +40,17 @@ class CleanupDetachedInstancesAgent implements RunnableAgent, CustomScheduledAge public static final long DEFAULT_TIMEOUT_MILLIS = TimeUnit.MINUTES.toMillis(20) final AmazonClientProvider amazonClientProvider - final CredentialsRepository accountCredentialsRepository + final CredentialsRepository accountCredentialsRepository final long pollIntervalMillis final long timeoutMillis CleanupDetachedInstancesAgent(AmazonClientProvider amazonClientProvider, - CredentialsRepository accountCredentialsRepository) { + CredentialsRepository accountCredentialsRepository) { this(amazonClientProvider, accountCredentialsRepository, DEFAULT_POLL_INTERVAL_MILLIS, DEFAULT_TIMEOUT_MILLIS) } CleanupDetachedInstancesAgent(AmazonClientProvider amazonClientProvider, - CredentialsRepository accountCredentialsRepository, + CredentialsRepository accountCredentialsRepository, long pollIntervalMillis, long timeoutMills) { this.amazonClientProvider = amazonClientProvider diff --git a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/deploy/handlers/BasicAmazonDeployHandler.groovy b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/deploy/handlers/BasicAmazonDeployHandler.groovy index 2056dd59575..0c6a4bb59d7 100644 --- a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/deploy/handlers/BasicAmazonDeployHandler.groovy +++ b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/deploy/handlers/BasicAmazonDeployHandler.groovy @@ -74,7 +74,7 @@ class BasicAmazonDeployHandler implements DeployHandler accountCredentialsRepository + private final CredentialsRepository accountCredentialsRepository private final AwsConfiguration.AmazonServerGroupProvider amazonServerGroupProvider private final AwsConfiguration.DeployDefaults deployDefaults private final ScalingPolicyCopier scalingPolicyCopier @@ -84,7 +84,7 @@ class BasicAmazonDeployHandler implements DeployHandler deployEvents = [] BasicAmazonDeployHandler(RegionScopedProviderFactory regionScopedProviderFactory, - CredentialsRepository accountCredentialsRepository, + CredentialsRepository accountCredentialsRepository, AwsConfiguration.AmazonServerGroupProvider amazonServerGroupProvider, AwsConfiguration.DeployDefaults deployDefaults, ScalingPolicyCopier scalingPolicyCopier, diff --git a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/deploy/ops/actions/ModifyServerGroupLaunchTemplate.java b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/deploy/ops/actions/ModifyServerGroupLaunchTemplate.java index 2bc50b0b51c..9ad5fcc4dd9 100644 --- a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/deploy/ops/actions/ModifyServerGroupLaunchTemplate.java +++ b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/deploy/ops/actions/ModifyServerGroupLaunchTemplate.java @@ -46,12 +46,12 @@ public class ModifyServerGroupLaunchTemplate implements SagaAction { private final BlockDeviceConfig blockDeviceConfig; - private final CredentialsRepository credentialsRepository; + private final CredentialsRepository credentialsRepository; private final RegionScopedProviderFactory regionScopedProviderFactory; public ModifyServerGroupLaunchTemplate( BlockDeviceConfig blockDeviceConfig, - CredentialsRepository credentialsRepository, + CredentialsRepository credentialsRepository, RegionScopedProviderFactory regionScopedProviderFactory) { this.blockDeviceConfig = blockDeviceConfig; this.credentialsRepository = credentialsRepository; diff --git a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/deploy/ops/actions/PrepareModifyServerGroupLaunchTemplate.java b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/deploy/ops/actions/PrepareModifyServerGroupLaunchTemplate.java index 554de007822..cd0861a60f3 100644 --- a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/deploy/ops/actions/PrepareModifyServerGroupLaunchTemplate.java +++ b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/deploy/ops/actions/PrepareModifyServerGroupLaunchTemplate.java @@ -61,12 +61,12 @@ public class PrepareModifyServerGroupLaunchTemplate implements SagaAction< PrepareModifyServerGroupLaunchTemplate.PrepareModifyServerGroupLaunchTemplateCommand> { private final BlockDeviceConfig blockDeviceConfig; - private final CredentialsRepository credentialsRepository; + private final CredentialsRepository credentialsRepository; private final RegionScopedProviderFactory regionScopedProviderFactory; public PrepareModifyServerGroupLaunchTemplate( BlockDeviceConfig blockDeviceConfig, - CredentialsRepository credentialsRepository, + CredentialsRepository credentialsRepository, RegionScopedProviderFactory regionScopedProviderFactory) { this.blockDeviceConfig = blockDeviceConfig; this.credentialsRepository = credentialsRepository; diff --git a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/deploy/ops/actions/UpdateAutoScalingGroup.java b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/deploy/ops/actions/UpdateAutoScalingGroup.java index 05f2a691cd0..272bea7a532 100644 --- a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/deploy/ops/actions/UpdateAutoScalingGroup.java +++ b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/deploy/ops/actions/UpdateAutoScalingGroup.java @@ -42,11 +42,11 @@ public class UpdateAutoScalingGroup implements SagaAction { private final RegionScopedProviderFactory regionScopedProviderFactory; - private final CredentialsRepository credentialsRepository; + private final CredentialsRepository credentialsRepository; public UpdateAutoScalingGroup( RegionScopedProviderFactory regionScopedProviderFactory, - CredentialsRepository credentialsRepository) { + CredentialsRepository credentialsRepository) { this.regionScopedProviderFactory = regionScopedProviderFactory; this.credentialsRepository = credentialsRepository; } diff --git a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/deploy/ops/securitygroup/SecurityGroupLookupFactory.groovy b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/deploy/ops/securitygroup/SecurityGroupLookupFactory.groovy index 0a7d8b52fcb..740a29d50a4 100644 --- a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/deploy/ops/securitygroup/SecurityGroupLookupFactory.groovy +++ b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/deploy/ops/securitygroup/SecurityGroupLookupFactory.groovy @@ -30,10 +30,10 @@ import org.slf4j.LoggerFactory class SecurityGroupLookupFactory { private final AmazonClientProvider amazonClientProvider - private final CredentialsRepository accountCredentialsRepository + private final CredentialsRepository accountCredentialsRepository SecurityGroupLookupFactory(AmazonClientProvider amazonClientProvider, - CredentialsRepository accountCredentialsRepository) { + CredentialsRepository accountCredentialsRepository) { this.amazonClientProvider = amazonClientProvider this.accountCredentialsRepository = accountCredentialsRepository } diff --git a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/provider/AwsProvider.groovy b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/provider/AwsProvider.groovy index ae6b273fa23..f75de45efa6 100644 --- a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/provider/AwsProvider.groovy +++ b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/provider/AwsProvider.groovy @@ -35,7 +35,7 @@ class AwsProvider extends AgentSchedulerAware implements SearchableProvider, Eur final KeyParser keyParser = new Keys() - final CredentialsRepository accountCredentialsRepository + final CredentialsRepository accountCredentialsRepository final Set defaultCaches = [ LOAD_BALANCERS.ns, @@ -58,7 +58,7 @@ class AwsProvider extends AgentSchedulerAware implements SearchableProvider, Eur final Collection agents private Collection healthAgents - AwsProvider(CredentialsRepository accountCredentialsRepository, Collection agents) { + AwsProvider(CredentialsRepository accountCredentialsRepository, Collection agents) { this.agents = agents this.accountCredentialsRepository = accountCredentialsRepository synchronizeHealthAgents() diff --git a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/provider/agent/AmazonInstanceTypeCachingAgent.java b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/provider/agent/AmazonInstanceTypeCachingAgent.java index 3ce6faedbc3..17c2bd3fc07 100644 --- a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/provider/agent/AmazonInstanceTypeCachingAgent.java +++ b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/provider/agent/AmazonInstanceTypeCachingAgent.java @@ -67,8 +67,7 @@ public class AmazonInstanceTypeCachingAgent implements CachingAgent { // https://pricing.us-east-1.amazonaws.com/offers/v1.0/aws/AmazonEC2/current/us-west-2/index.json private final String region; - private final CredentialsRepository - accountCredentialsRepository; + private final CredentialsRepository accountCredentialsRepository; private final URI pricingUri; private final HttpHost pricingHost; private final HttpClient httpClient; @@ -76,15 +75,14 @@ public class AmazonInstanceTypeCachingAgent implements CachingAgent { new ObjectMapper().disable(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES); public AmazonInstanceTypeCachingAgent( - String region, - CredentialsRepository accountCredentialsRepository) { + String region, CredentialsRepository accountCredentialsRepository) { this(region, accountCredentialsRepository, HttpClients.createDefault()); } // VisibleForTesting AmazonInstanceTypeCachingAgent( String region, - CredentialsRepository accountCredentialsRepository, + CredentialsRepository accountCredentialsRepository, HttpClient httpClient) { this.region = region; this.accountCredentialsRepository = accountCredentialsRepository; diff --git a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/provider/agent/ReservationReportCachingAgent.groovy b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/provider/agent/ReservationReportCachingAgent.groovy index 597df200bc7..b0e1c24162f 100644 --- a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/provider/agent/ReservationReportCachingAgent.groovy +++ b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/provider/agent/ReservationReportCachingAgent.groovy @@ -80,7 +80,7 @@ class ReservationReportCachingAgent implements CachingAgent, CustomScheduledAgen final AmazonClientProvider amazonClientProvider final AmazonS3DataProvider amazonS3DataProvider - final CredentialsRepository accountCredentialsRepository; + final CredentialsRepository accountCredentialsRepository; final ObjectMapper objectMapper final AccountReservationDetailSerializer accountReservationDetailSerializer final Set vpcOnlyAccounts @@ -91,7 +91,7 @@ class ReservationReportCachingAgent implements CachingAgent, CustomScheduledAgen ReservationReportCachingAgent(Registry registry, AmazonClientProvider amazonClientProvider, AmazonS3DataProvider amazonS3DataProvider, - CredentialsRepository accountCredentialsRepository, + CredentialsRepository accountCredentialsRepository, ObjectMapper objectMapper, ExecutorService reservationReportPool, ApplicationContext ctx) { diff --git a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/provider/config/AwsProviderConfig.groovy b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/provider/config/AwsProviderConfig.groovy index 5e35d9f3b47..91190436bf5 100644 --- a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/provider/config/AwsProviderConfig.groovy +++ b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/provider/config/AwsProviderConfig.groovy @@ -38,7 +38,7 @@ import java.util.concurrent.Executors @EnableConfigurationProperties(ReservationReportConfigurationProperties) class AwsProviderConfig { @Bean - AwsProvider awsProvider(CredentialsRepository accountCredentialsRepository) { + AwsProvider awsProvider(CredentialsRepository accountCredentialsRepository) { return new AwsProvider(accountCredentialsRepository, Collections.newSetFromMap(new ConcurrentHashMap())) } diff --git a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/provider/config/ProviderHelpers.java b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/provider/config/ProviderHelpers.java index 9a668c0f55c..1e676c2b61c 100644 --- a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/provider/config/ProviderHelpers.java +++ b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/provider/config/ProviderHelpers.java @@ -76,7 +76,7 @@ public static class BuildResult { public static BuildResult buildAwsInfrastructureAgents( NetflixAmazonCredentials credentials, AwsInfrastructureProvider awsInfrastructureProvider, - CredentialsRepository accountCredentialsRepository, + CredentialsRepository accountCredentialsRepository, AmazonClientProvider amazonClientProvider, ObjectMapper amazonObjectMapper, Registry registry, @@ -115,7 +115,7 @@ public static BuildResult buildAwsInfrastructureAgents( public static BuildResult buildAwsProviderAgents( NetflixAmazonCredentials credentials, - CredentialsRepository accountCredentialsRepository, + CredentialsRepository accountCredentialsRepository, AmazonClientProvider amazonClientProvider, ObjectMapper objectMapper, Registry registry, @@ -234,7 +234,7 @@ public static BuildResult buildAwsProviderAgents( public static List buildAwsCleanupAgents( NetflixAmazonCredentials credentials, - CredentialsRepository accountCredentialsRepository, + CredentialsRepository accountCredentialsRepository, AmazonClientProvider amazonClientProvider, AwsCleanupProvider awsCleanupProvider, AwsConfiguration.DeployDefaults deployDefaults, diff --git a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/provider/view/AmazonS3DataProvider.java b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/provider/view/AmazonS3DataProvider.java index a9b2775d9f3..9466a58cf2e 100644 --- a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/provider/view/AmazonS3DataProvider.java +++ b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/provider/view/AmazonS3DataProvider.java @@ -50,8 +50,7 @@ public class AmazonS3DataProvider implements DataProvider { private final ObjectMapper objectMapper; private final AmazonClientProvider amazonClientProvider; - private final CredentialsRepository - accountCredentialsRepository; + private final CredentialsRepository accountCredentialsRepository; private final AmazonS3StaticDataProviderConfiguration configuration; private final Set supportedIdentifiers; @@ -86,7 +85,7 @@ public Object load(String id) throws IOException { public AmazonS3DataProvider( @Qualifier("amazonObjectMapper") ObjectMapper objectMapper, AmazonClientProvider amazonClientProvider, - CredentialsRepository accountCredentialsRepository, + CredentialsRepository accountCredentialsRepository, AmazonS3StaticDataProviderConfiguration configuration) { this.objectMapper = objectMapper; this.amazonClientProvider = amazonClientProvider; diff --git a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/security/AmazonCredentialsInitializer.groovy b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/security/AmazonCredentialsInitializer.groovy index fcef8cefee0..13b8735a9d9 100644 --- a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/security/AmazonCredentialsInitializer.groovy +++ b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/security/AmazonCredentialsInitializer.groovy @@ -98,7 +98,7 @@ class AmazonCredentialsInitializer { value = NetflixAmazonCredentials.class, parameterizedContainer = AbstractCredentialsLoader.class) AbstractCredentialsLoader amazonCredentialsLoader( - CredentialsParser amazonCredentialsParser, + CredentialsParser amazonCredentialsParser, @Nullable CredentialsDefinitionSource amazonCredentialsSource, CredentialsConfig credentialsConfig, CredentialsRepository repository, @@ -122,12 +122,11 @@ class AmazonCredentialsInitializer { value = Account.class, parameterizedContainer = CredentialsDefinitionSource.class ) - CredentialsInitializerSynchronizable AmazonCredentialsInitializerSynchronizable( + CredentialsInitializerSynchronizable amazonCredentialsInitializerSynchronizable( AbstractCredentialsLoader amazonCredentialsLoader ) { final Poller poller = new Poller<>(amazonCredentialsLoader); return new CredentialsInitializerSynchronizable() { - @PostConstruct @Override void synchronize() { poller.run() diff --git a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/security/AmazonCredentialsLifecycleHandler.java b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/security/AmazonCredentialsLifecycleHandler.java index 050b53d6458..45e50def0f8 100644 --- a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/security/AmazonCredentialsLifecycleHandler.java +++ b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/security/AmazonCredentialsLifecycleHandler.java @@ -76,7 +76,7 @@ public class AmazonCredentialsLifecycleHandler protected final EddaTimeoutConfig eddaTimeoutConfig; protected final DynamicConfigService dynamicConfigService; protected final DeployDefaults deployDefaults; - protected final CredentialsRepository + protected final CredentialsRepository accountCredentialsRepository; // Circular dependency. private Set publicRegions = new HashSet<>(); private Set awsInfraRegions = new HashSet<>(); diff --git a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/security/config/AmazonCredentialsParser.java b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/security/config/AmazonCredentialsParser.java index 5a428edd8f6..757d8323749 100644 --- a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/security/config/AmazonCredentialsParser.java +++ b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/security/config/AmazonCredentialsParser.java @@ -17,7 +17,6 @@ package com.netflix.spinnaker.clouddriver.aws.security.config; -import com.amazonaws.SDKGlobalConfiguration; import com.amazonaws.auth.AWSCredentialsProvider; import com.fasterxml.jackson.databind.DeserializationFeature; import com.fasterxml.jackson.databind.ObjectMapper; @@ -32,7 +31,6 @@ import java.util.function.Function; import java.util.regex.Pattern; import java.util.stream.Collectors; -import org.apache.commons.lang3.StringUtils; import org.jetbrains.annotations.NotNull; import org.jetbrains.annotations.Nullable; @@ -191,15 +189,6 @@ public List load(CredentialsConfig source) throws Throwable { if (config.getAccounts() == null || config.getAccounts().isEmpty()) { return Collections.emptyList(); } - - if (!StringUtils.isEmpty(config.getAccessKeyId())) { - System.setProperty( - SDKGlobalConfiguration.ACCESS_KEY_SYSTEM_PROPERTY, config.getAccessKeyId()); - } - if (!StringUtils.isEmpty(config.getSecretAccessKey())) { - System.setProperty( - SDKGlobalConfiguration.SECRET_KEY_SYSTEM_PROPERTY, config.getSecretAccessKey()); - } List initializedAccounts = new ArrayList<>(config.getAccounts().size()); for (Account account : config.getAccounts()) { initializedAccounts.add(parseAccount(config, account)); diff --git a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/security/config/CredentialsConfig.java b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/security/config/CredentialsConfig.java index 8ba9a4e92d1..8ca272a8c4b 100644 --- a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/security/config/CredentialsConfig.java +++ b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/security/config/CredentialsConfig.java @@ -63,7 +63,7 @@ public void setDeprecated(Boolean deprecated) { this.deprecated = deprecated; } - Region copyOf() { + public Region copyOf() { Region clone = new Region(); clone.setName(getName()); clone.setAvailabilityZones(getAvailabilityZones()); diff --git a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/config/AwsConfiguration.groovy b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/config/AwsConfiguration.groovy index 0c5a4cb6df7..a7617b66da3 100644 --- a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/config/AwsConfiguration.groovy +++ b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/config/AwsConfiguration.groovy @@ -187,7 +187,7 @@ class AwsConfiguration { @Bean @DependsOn('amazonCredentialsLoader') BasicAmazonDeployHandler basicAmazonDeployHandler(RegionScopedProviderFactory regionScopedProviderFactory, - CredentialsRepository accountCredentialsRepository, + CredentialsRepository accountCredentialsRepository, DeployDefaults deployDefaults, ScalingPolicyCopier scalingPolicyCopier, BlockDeviceConfig blockDeviceConfig, @@ -222,7 +222,7 @@ class AwsConfiguration { @Bean @DependsOn('amazonCredentialsLoader') SecurityGroupLookupFactory securityGroupLookup(AmazonClientProvider amazonClientProvider, - CredentialsRepository accountCredentialsRepository) { + CredentialsRepository accountCredentialsRepository) { new SecurityGroupLookupFactory(amazonClientProvider, accountCredentialsRepository) } diff --git a/clouddriver-ecs/src/main/java/com/netflix/spinnaker/clouddriver/ecs/provider/EcsProvider.java b/clouddriver-ecs/src/main/java/com/netflix/spinnaker/clouddriver/ecs/provider/EcsProvider.java index bf89b1958ad..3a8b195ae89 100644 --- a/clouddriver-ecs/src/main/java/com/netflix/spinnaker/clouddriver/ecs/provider/EcsProvider.java +++ b/clouddriver-ecs/src/main/java/com/netflix/spinnaker/clouddriver/ecs/provider/EcsProvider.java @@ -29,7 +29,6 @@ import com.netflix.spinnaker.clouddriver.cache.SearchableProvider; import com.netflix.spinnaker.clouddriver.core.provider.agent.HealthProvidingCachingAgent; import com.netflix.spinnaker.clouddriver.ecs.cache.Keys; -import com.netflix.spinnaker.clouddriver.security.AccountCredentialsRepository; import java.util.Arrays; import java.util.Collection; import java.util.Collections; @@ -56,14 +55,11 @@ public class EcsProvider extends AgentSchedulerAware implements SearchableProvid private static final Map urlMappingTemplates = new HashMap<>(); private final Collection agents; - private final AccountCredentialsRepository accountCredentialsRepository; private final Keys keys = new Keys(); private Collection healthAgents; - public EcsProvider( - AccountCredentialsRepository accountCredentialsRepository, Collection agents) { + public EcsProvider(Collection agents) { this.agents = agents; - this.accountCredentialsRepository = accountCredentialsRepository; } @Override diff --git a/clouddriver-ecs/src/main/java/com/netflix/spinnaker/clouddriver/ecs/provider/config/EcsProviderConfig.java b/clouddriver-ecs/src/main/java/com/netflix/spinnaker/clouddriver/ecs/provider/config/EcsProviderConfig.java index 9a33adaf5fc..e1bee67014a 100644 --- a/clouddriver-ecs/src/main/java/com/netflix/spinnaker/clouddriver/ecs/provider/config/EcsProviderConfig.java +++ b/clouddriver-ecs/src/main/java/com/netflix/spinnaker/clouddriver/ecs/provider/config/EcsProviderConfig.java @@ -55,10 +55,7 @@ public EcsProvider ecsProvider( Registry registry, IamPolicyReader iamPolicyReader, ObjectMapper objectMapper) { - EcsProvider provider = - new EcsProvider( - accountCredentialsRepository, - Collections.newSetFromMap(new ConcurrentHashMap())); + EcsProvider provider = new EcsProvider(Collections.newSetFromMap(new ConcurrentHashMap<>())); synchronizeEcsProvider( provider, accountCredentialsRepository, @@ -169,7 +166,7 @@ private void synchronizeEcsProvider( } } } - + ProviderUtils.rescheduleAgents(ecsProvider, newAgents); ecsProvider.getAgents().addAll(newAgents); ecsProvider.synchronizeHealthAgents(); } diff --git a/clouddriver-ecs/src/main/java/com/netflix/spinnaker/clouddriver/ecs/security/CredentialsLoader.java b/clouddriver-ecs/src/main/java/com/netflix/spinnaker/clouddriver/ecs/security/CredentialsLoader.java new file mode 100644 index 00000000000..ab201666720 --- /dev/null +++ b/clouddriver-ecs/src/main/java/com/netflix/spinnaker/clouddriver/ecs/security/CredentialsLoader.java @@ -0,0 +1,426 @@ +/* + * Copyright 2015 Netflix, Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package com.netflix.spinnaker.clouddriver.ecs.security; + +import com.amazonaws.SDKGlobalConfiguration; +import com.amazonaws.auth.AWSCredentialsProvider; +import com.fasterxml.jackson.databind.DeserializationFeature; +import com.fasterxml.jackson.databind.ObjectMapper; +import com.netflix.spinnaker.clouddriver.aws.security.AWSAccountInfoLookup; +import com.netflix.spinnaker.clouddriver.aws.security.AmazonClientProvider; +import com.netflix.spinnaker.clouddriver.aws.security.AmazonCredentials; +import com.netflix.spinnaker.clouddriver.aws.security.DefaultAWSAccountInfoLookup; +import com.netflix.spinnaker.clouddriver.aws.security.config.CredentialsConfig; +import com.netflix.spinnaker.clouddriver.aws.security.config.CredentialsConfig.Account; +import com.netflix.spinnaker.clouddriver.aws.security.config.CredentialsConfig.Region; +import java.lang.reflect.Constructor; +import java.lang.reflect.InvocationTargetException; +import java.util.*; +import java.util.concurrent.atomic.AtomicReference; +import java.util.function.Function; +import java.util.regex.Pattern; +import java.util.stream.Collectors; +import org.apache.commons.lang3.StringUtils; + +public class CredentialsLoader { + + private final AWSCredentialsProvider credentialsProvider; + private final AWSAccountInfoLookup awsAccountInfoLookup; + private final Map templateValues; + private final CredentialTranslator credentialTranslator; + private final ObjectMapper objectMapper; + + public CredentialsLoader( + AWSCredentialsProvider credentialsProvider, + AmazonClientProvider amazonClientProvider, + Class credentialsType) { + this( + credentialsProvider, + amazonClientProvider, + credentialsType, + Collections.emptyMap()); + } + + public CredentialsLoader( + AWSCredentialsProvider credentialsProvider, + AmazonClientProvider amazonClientProvider, + Class credentialsType, + Map templateValues) { + this( + credentialsProvider, + new DefaultAWSAccountInfoLookup(credentialsProvider, amazonClientProvider), + credentialsType, + templateValues); + } + + public CredentialsLoader( + AWSCredentialsProvider credentialsProvider, + AWSAccountInfoLookup awsAccountInfoLookup, + Class credentialsType) { + this( + credentialsProvider, + awsAccountInfoLookup, + credentialsType, + Collections.emptyMap()); + } + + public CredentialsLoader( + AWSCredentialsProvider credentialsProvider, + AWSAccountInfoLookup awsAccountInfoLookup, + Class credentialsType, + Map templateValues) { + this.credentialsProvider = Objects.requireNonNull(credentialsProvider, "credentialsProvider"); + this.awsAccountInfoLookup = awsAccountInfoLookup; + this.templateValues = templateValues; + this.objectMapper = new ObjectMapper(); + this.credentialTranslator = findTranslator(credentialsType, this.objectMapper); + } + + private Lazy> createDefaults(final List defaults) { + return new Lazy<>( + new Lazy.Loader>() { + @Override + public List get() { + if (defaults == null) { + return toRegion(awsAccountInfoLookup.listRegions()); + } else { + List result = new ArrayList<>(defaults.size()); + List toLookup = new ArrayList<>(); + for (Region def : defaults) { + if (def.getAvailabilityZones() == null || def.getAvailabilityZones().isEmpty()) { + toLookup.add(def.getName()); + } else { + result.add(def); + } + } + if (!toLookup.isEmpty()) { + List resolved = toRegion(awsAccountInfoLookup.listRegions(toLookup)); + for (Region region : resolved) { + Region fromDefault = find(defaults, region.getName()); + if (fromDefault != null) { + region.setPreferredZones(fromDefault.getPreferredZones()); + region.setDeprecated(fromDefault.getDeprecated()); + } + } + result.addAll(resolved); + } + return result; + } + } + }); + } + + private List initRegions(Lazy> defaults, List toInit) { + if (toInit == null) { + return defaults.get(); + } + + Map toInitByName = + toInit.stream().collect(Collectors.toMap(Region::getName, Function.identity())); + + List result = new ArrayList<>(toInit.size()); + List toLookup = new ArrayList<>(); + for (Region r : toInit) { + if (r.getAvailabilityZones() == null || r.getAvailabilityZones().isEmpty()) { + toLookup.add(r.getName()); + } else { + result.add(r); + } + } + + for (Iterator lookups = toLookup.iterator(); lookups.hasNext(); ) { + Region fromDefault = find(defaults.get(), lookups.next()); + if (fromDefault != null) { + lookups.remove(); + result.add(fromDefault); + } + } + if (!toLookup.isEmpty()) { + List resolved = toRegion(awsAccountInfoLookup.listRegions(toLookup)); + for (Region region : resolved) { + Region src = find(toInit, region.getName()); + if (src == null || src.getPreferredZones() == null) { + src = find(defaults.get(), region.getName()); + } + + if (src != null) { + region.setPreferredZones(src.getPreferredZones()); + } + } + result.addAll(resolved); + } + + // make a clone of all regions such that modifications apply only to this specific instance (and + // not global defaults) + result = result.stream().map(Region::copyOf).collect(Collectors.toList()); + + for (Region r : result) { + Region toInitRegion = toInitByName.get(r.getName()); + if (toInitRegion != null && toInitRegion.getDeprecated() != null) { + r.setDeprecated(toInitRegion.getDeprecated()); + } + } + + return result; + } + + private static Region find(List src, String name) { + if (src != null) { + for (Region r : src) { + if (r.getName().equals(name)) { + return r; + } + } + } + return null; + } + + private static List toRegion(List src) { + List result = new ArrayList<>(src.size()); + for (AmazonCredentials.AWSRegion r : src) { + Region region = new Region(); + region.setName(r.getName()); + region.setAvailabilityZones(new ArrayList<>(r.getAvailabilityZones())); + region.setPreferredZones(new ArrayList<>(r.getPreferredZones())); + result.add(region); + } + return result; + } + + public T load(String accountName) throws Throwable { + CredentialsConfig config = new CredentialsConfig(); + Account account = new Account(); + account.setName(accountName); + config.setAccounts(Arrays.asList(account)); + List result = load(config); + if (result.size() != 1) { + throw new IllegalStateException("failed to create account"); + } + return result.get(0); + } + + public List load(CredentialsConfig source) throws Throwable { + final CredentialsConfig config = objectMapper.convertValue(source, CredentialsConfig.class); + + if (config.getAccounts() == null || config.getAccounts().isEmpty()) { + return Collections.emptyList(); + } + + if (!StringUtils.isEmpty(config.getAccessKeyId())) { + System.setProperty( + SDKGlobalConfiguration.ACCESS_KEY_SYSTEM_PROPERTY, config.getAccessKeyId()); + } + if (!StringUtils.isEmpty(config.getSecretAccessKey())) { + System.setProperty( + SDKGlobalConfiguration.SECRET_KEY_SYSTEM_PROPERTY, config.getSecretAccessKey()); + } + Lazy> defaultRegions = createDefaults(config.getDefaultRegions()); + List initializedAccounts = new ArrayList<>(config.getAccounts().size()); + for (Account account : config.getAccounts()) { + if (account.getAccountId() == null) { + if (!credentialTranslator.resolveAccountId()) { + throw new IllegalArgumentException( + "accountId is required and not resolvable for this credentials type"); + } + account.setAccountId(awsAccountInfoLookup.findAccountId()); + } + + if (account.getEnvironment() == null) { + account.setEnvironment(account.getName()); + } + + if (account.getAccountType() == null) { + account.setAccountType(account.getName()); + } + + account.setRegions(initRegions(defaultRegions, account.getRegions())); + account.setDefaultSecurityGroups( + account.getDefaultSecurityGroups() != null + ? account.getDefaultSecurityGroups() + : config.getDefaultSecurityGroups()); + account.setLifecycleHooks( + account.getLifecycleHooks() != null + ? account.getLifecycleHooks() + : config.getDefaultLifecycleHooks()); + account.setEnabled(Optional.ofNullable(account.getEnabled()).orElse(true)); + + Map templateContext = new HashMap<>(templateValues); + templateContext.put("name", account.getName()); + templateContext.put("accountId", account.getAccountId()); + templateContext.put("environment", account.getEnvironment()); + templateContext.put("accountType", account.getAccountType()); + + account.setDefaultKeyPair( + templateFirstNonNull( + templateContext, account.getDefaultKeyPair(), config.getDefaultKeyPairTemplate())); + account.setEdda( + templateFirstNonNull( + templateContext, account.getEdda(), config.getDefaultEddaTemplate())); + account.setFront50( + templateFirstNonNull( + templateContext, account.getFront50(), config.getDefaultFront50Template())); + account.setDiscovery( + templateFirstNonNull( + templateContext, account.getDiscovery(), config.getDefaultDiscoveryTemplate())); + account.setAssumeRole( + templateFirstNonNull( + templateContext, account.getAssumeRole(), config.getDefaultAssumeRole())); + account.setSessionName( + templateFirstNonNull( + templateContext, account.getSessionName(), config.getDefaultSessionName())); + account.setBastionHost( + templateFirstNonNull( + templateContext, account.getBastionHost(), config.getDefaultBastionHostTemplate())); + + if (account.getLifecycleHooks() != null) { + for (CredentialsConfig.LifecycleHook lifecycleHook : account.getLifecycleHooks()) { + lifecycleHook.setRoleARN( + templateFirstNonNull( + templateContext, + lifecycleHook.getRoleARN(), + config.getDefaultLifecycleHookRoleARNTemplate())); + lifecycleHook.setNotificationTargetARN( + templateFirstNonNull( + templateContext, + lifecycleHook.getNotificationTargetARN(), + config.getDefaultLifecycleHookNotificationTargetARNTemplate())); + } + } + + initializedAccounts.add(credentialTranslator.translate(credentialsProvider, account)); + } + return initializedAccounts.stream() + .filter(AmazonCredentials::isEnabled) + .collect(Collectors.toList()); + } + + private static class Lazy { + public static interface Loader { + T get(); + } + + private final Loader loader; + private final AtomicReference ref = new AtomicReference<>(); + + public Lazy(Loader loader) { + this.loader = loader; + } + + public T get() { + if (ref.get() == null) { + ref.set(loader.get()); + } + return ref.get(); + } + } + + private static String templateFirstNonNull(Map substitutions, String... values) { + for (String value : values) { + if (value != null) { + return StringTemplater.render(value, substitutions); + } + } + return null; + } + + static CredentialTranslator findTranslator( + Class credentialsType, ObjectMapper objectMapper) { + return new CopyConstructorTranslator<>(objectMapper, credentialsType); + } + + static interface CredentialTranslator { + Class getCredentialType(); + + boolean resolveAccountId(); + + T translate(AWSCredentialsProvider credentialsProvider, Account account) throws Throwable; + } + + static class CopyConstructorTranslator + implements CredentialTranslator { + + private final ObjectMapper objectMapper; + private final Class credentialType; + private final Constructor copyConstructor; + + public CopyConstructorTranslator(ObjectMapper objectMapper, Class credentialType) { + this.objectMapper = objectMapper.disable(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES); + this.credentialType = credentialType; + try { + copyConstructor = + credentialType.getConstructor(credentialType, AWSCredentialsProvider.class); + } catch (NoSuchMethodException nsme) { + throw new IllegalArgumentException( + "Class " + + credentialType + + " must supply a constructor with " + + credentialType + + ", " + + AWSCredentialsProvider.class + + " args."); + } + } + + @Override + public Class getCredentialType() { + return credentialType; + } + + @Override + public boolean resolveAccountId() { + try { + credentialType.getMethod("getAssumeRole"); + return false; + } catch (NoSuchMethodException nsme) { + return true; + } + } + + @Override + public T translate(AWSCredentialsProvider credentialsProvider, Account account) + throws Throwable { + T immutableInstance = objectMapper.convertValue(account, credentialType); + try { + return copyConstructor.newInstance(immutableInstance, credentialsProvider); + } catch (InvocationTargetException ite) { + throw ite.getTargetException(); + } + } + } + + static class StringTemplater { + public static String render(String template, Map substitutions) { + String base = template; + int iterations = 0; + boolean changed = true; + while (changed && iterations < 10) { + iterations++; + String previous = base; + for (Map.Entry substitution : substitutions.entrySet()) { + base = + base.replaceAll( + Pattern.quote("{{" + substitution.getKey() + "}}"), substitution.getValue()); + } + changed = !previous.equals(base); + } + if (changed) { + throw new RuntimeException("too many levels of templatery"); + } + return base; + } + } +} diff --git a/clouddriver-ecs/src/main/java/com/netflix/spinnaker/clouddriver/ecs/security/ECSBasicCredentialsLoader.java b/clouddriver-ecs/src/main/java/com/netflix/spinnaker/clouddriver/ecs/security/ECSBasicCredentialsLoader.java new file mode 100644 index 00000000000..f62092a2aec --- /dev/null +++ b/clouddriver-ecs/src/main/java/com/netflix/spinnaker/clouddriver/ecs/security/ECSBasicCredentialsLoader.java @@ -0,0 +1,36 @@ +/* + * Copyright 2020 Netflix, Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +package com.netflix.spinnaker.clouddriver.ecs.security; + +import com.netflix.spinnaker.clouddriver.aws.security.NetflixAmazonCredentials; +import com.netflix.spinnaker.credentials.CredentialsRepository; +import com.netflix.spinnaker.credentials.definition.BasicCredentialsLoader; +import com.netflix.spinnaker.credentials.definition.CredentialsDefinitionSource; +import com.netflix.spinnaker.credentials.definition.CredentialsParser; + +public class ECSBasicCredentialsLoader< + T extends ECSCredentialsConfig.Account, U extends NetflixAmazonCredentials> + extends BasicCredentialsLoader { + + public ECSBasicCredentialsLoader( + CredentialsDefinitionSource definitionSource, + CredentialsParser parser, + CredentialsRepository credentialsRepository) { + super(definitionSource, parser, credentialsRepository); + } +} diff --git a/clouddriver-ecs/src/main/java/com/netflix/spinnaker/clouddriver/ecs/security/ECSCredentialsConfig.java b/clouddriver-ecs/src/main/java/com/netflix/spinnaker/clouddriver/ecs/security/ECSCredentialsConfig.java index 9e2eae8e8af..e9d3ccb76c7 100644 --- a/clouddriver-ecs/src/main/java/com/netflix/spinnaker/clouddriver/ecs/security/ECSCredentialsConfig.java +++ b/clouddriver-ecs/src/main/java/com/netflix/spinnaker/clouddriver/ecs/security/ECSCredentialsConfig.java @@ -16,6 +16,7 @@ package com.netflix.spinnaker.clouddriver.ecs.security; +import com.netflix.spinnaker.credentials.definition.CredentialsDefinition; import java.util.List; import lombok.Data; @@ -24,7 +25,7 @@ public class ECSCredentialsConfig { List accounts; @Data - public static class Account { + public static class Account implements CredentialsDefinition { private String name; private String awsAccount; } diff --git a/clouddriver-ecs/src/main/java/com/netflix/spinnaker/clouddriver/ecs/security/ECSCredentialsLifeCycleHandler.java b/clouddriver-ecs/src/main/java/com/netflix/spinnaker/clouddriver/ecs/security/ECSCredentialsLifeCycleHandler.java new file mode 100644 index 00000000000..f9ab06105a3 --- /dev/null +++ b/clouddriver-ecs/src/main/java/com/netflix/spinnaker/clouddriver/ecs/security/ECSCredentialsLifeCycleHandler.java @@ -0,0 +1,168 @@ +/* + * Copyright 2020 Netflix, Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +package com.netflix.spinnaker.clouddriver.ecs.security; + +import com.amazonaws.auth.AWSCredentialsProvider; +import com.fasterxml.jackson.databind.ObjectMapper; +import com.netflix.spectator.api.Registry; +import com.netflix.spinnaker.cats.agent.Agent; +import com.netflix.spinnaker.cats.module.CatsModule; +import com.netflix.spinnaker.clouddriver.aws.security.AmazonClientProvider; +import com.netflix.spinnaker.clouddriver.aws.security.AmazonCredentials; +import com.netflix.spinnaker.clouddriver.ecs.provider.EcsProvider; +import com.netflix.spinnaker.clouddriver.ecs.provider.agent.ContainerInstanceCachingAgent; +import com.netflix.spinnaker.clouddriver.ecs.provider.agent.EcsCloudMetricAlarmCachingAgent; +import com.netflix.spinnaker.clouddriver.ecs.provider.agent.EcsClusterCachingAgent; +import com.netflix.spinnaker.clouddriver.ecs.provider.agent.IamPolicyReader; +import com.netflix.spinnaker.clouddriver.ecs.provider.agent.IamRoleCachingAgent; +import com.netflix.spinnaker.clouddriver.ecs.provider.agent.ScalableTargetsCachingAgent; +import com.netflix.spinnaker.clouddriver.ecs.provider.agent.SecretCachingAgent; +import com.netflix.spinnaker.clouddriver.ecs.provider.agent.ServiceCachingAgent; +import com.netflix.spinnaker.clouddriver.ecs.provider.agent.ServiceDiscoveryCachingAgent; +import com.netflix.spinnaker.clouddriver.ecs.provider.agent.TargetHealthCachingAgent; +import com.netflix.spinnaker.clouddriver.ecs.provider.agent.TaskCachingAgent; +import com.netflix.spinnaker.clouddriver.ecs.provider.agent.TaskDefinitionCachingAgent; +import com.netflix.spinnaker.clouddriver.ecs.provider.agent.TaskHealthCachingAgent; +import com.netflix.spinnaker.clouddriver.security.ProviderUtils; +import com.netflix.spinnaker.credentials.CredentialsLifecycleHandler; +import java.util.Collections; +import java.util.LinkedList; +import java.util.List; +import java.util.Set; +import lombok.RequiredArgsConstructor; +import lombok.extern.slf4j.Slf4j; +import org.jetbrains.annotations.NotNull; +import org.springframework.stereotype.Component; + +@Slf4j +@RequiredArgsConstructor +@Component +public class ECSCredentialsLifeCycleHandler + implements CredentialsLifecycleHandler { + protected final EcsProvider ecsProvider; + protected final AmazonClientProvider amazonClientProvider; + protected final AWSCredentialsProvider awsCredentialsProvider; + protected final Registry registry; + protected final IamPolicyReader iamPolicyReader; + protected final ObjectMapper objectMapper; + protected final CatsModule catsModule; + + @Override + public void credentialsAdded(@NotNull NetflixECSCredentials credentials) { + scheduleAgents(credentials); + } + + @Override + public void credentialsUpdated(@NotNull NetflixECSCredentials credentials) { + ProviderUtils.unscheduleAndDeregisterAgents( + Collections.singleton(credentials.getName()), catsModule); + scheduleAgents(credentials); + } + + @Override + public void credentialsDeleted(NetflixECSCredentials credentials) { + ProviderUtils.unscheduleAndDeregisterAgents( + Collections.singleton(credentials.getName()), catsModule); + } + + private void scheduleAgents(NetflixECSCredentials credentials) { + Set scheduledAccounts = ProviderUtils.getScheduledAccounts(ecsProvider); + List newAgents = new LinkedList<>(); + newAgents.add( + new IamRoleCachingAgent( + credentials, amazonClientProvider, awsCredentialsProvider, iamPolicyReader)); + if (!scheduledAccounts.contains(credentials.getName())) { + for (AmazonCredentials.AWSRegion region : credentials.getRegions()) { + newAgents.add( + new EcsClusterCachingAgent( + credentials, region.getName(), amazonClientProvider, awsCredentialsProvider)); + newAgents.add( + new ServiceCachingAgent( + credentials, + region.getName(), + amazonClientProvider, + awsCredentialsProvider, + registry)); + newAgents.add( + new TaskCachingAgent( + credentials, + region.getName(), + amazonClientProvider, + awsCredentialsProvider, + registry)); + newAgents.add( + new ContainerInstanceCachingAgent( + credentials, + region.getName(), + amazonClientProvider, + awsCredentialsProvider, + registry)); + newAgents.add( + new TaskDefinitionCachingAgent( + credentials, + region.getName(), + amazonClientProvider, + awsCredentialsProvider, + registry, + objectMapper)); + newAgents.add( + new TaskHealthCachingAgent( + credentials, + region.getName(), + amazonClientProvider, + awsCredentialsProvider, + objectMapper)); + newAgents.add( + new EcsCloudMetricAlarmCachingAgent( + credentials, region.getName(), amazonClientProvider, awsCredentialsProvider)); + newAgents.add( + new ScalableTargetsCachingAgent( + credentials, + region.getName(), + amazonClientProvider, + awsCredentialsProvider, + objectMapper)); + newAgents.add( + new SecretCachingAgent( + credentials, + region.getName(), + amazonClientProvider, + awsCredentialsProvider, + objectMapper)); + newAgents.add( + new ServiceDiscoveryCachingAgent( + credentials, + region.getName(), + amazonClientProvider, + awsCredentialsProvider, + objectMapper)); + newAgents.add( + new TargetHealthCachingAgent( + credentials, + region.getName(), + amazonClientProvider, + awsCredentialsProvider, + objectMapper)); + } + } + + ProviderUtils.rescheduleAgents(ecsProvider, newAgents); + ecsProvider.getAgents().addAll(newAgents); + ecsProvider.synchronizeHealthAgents(); + } +} diff --git a/clouddriver-ecs/src/main/java/com/netflix/spinnaker/clouddriver/ecs/security/ECSCredentialsParser.java b/clouddriver-ecs/src/main/java/com/netflix/spinnaker/clouddriver/ecs/security/ECSCredentialsParser.java new file mode 100644 index 00000000000..33f763f2212 --- /dev/null +++ b/clouddriver-ecs/src/main/java/com/netflix/spinnaker/clouddriver/ecs/security/ECSCredentialsParser.java @@ -0,0 +1,76 @@ +/* + * Copyright 2020 Netflix, Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +package com.netflix.spinnaker.clouddriver.ecs.security; + +import com.amazonaws.auth.AWSCredentialsProvider; +import com.netflix.spinnaker.clouddriver.aws.security.AmazonClientProvider; +import com.netflix.spinnaker.clouddriver.aws.security.NetflixAmazonCredentials; +import com.netflix.spinnaker.clouddriver.aws.security.NetflixAssumeRoleAmazonCredentials; +import com.netflix.spinnaker.clouddriver.aws.security.config.CredentialsConfig; +import com.netflix.spinnaker.clouddriver.security.AccountCredentials; +import com.netflix.spinnaker.clouddriver.security.AccountCredentialsProvider; +import com.netflix.spinnaker.credentials.definition.CredentialsParser; +import java.util.Collections; +import org.jetbrains.annotations.Nullable; + +// public class ECSCredentialsParser + +public class ECSCredentialsParser + implements CredentialsParser { + + private final AccountCredentialsProvider accountCredentialsProvider; + private final CredentialsLoader credentialsLoader; + + public ECSCredentialsParser( + Class credentialsType, + AccountCredentialsProvider accountCredentialsProvider, + AWSCredentialsProvider awsCredentialsProvider, + AmazonClientProvider amazonClientProvider) { + this.accountCredentialsProvider = accountCredentialsProvider; + this.credentialsLoader = + new CredentialsLoader<>(awsCredentialsProvider, amazonClientProvider, credentialsType); + } + + @Nullable + @Override + public NetflixECSCredentials parse(ECSCredentialsConfig.Account credentials) { + for (AccountCredentials accountCredentials : accountCredentialsProvider.getAll()) { + if (accountCredentials instanceof NetflixAmazonCredentials + && credentials.getAwsAccount().equals(accountCredentials.getName())) { + + NetflixAmazonCredentials netflixAmazonCredentials = + (NetflixAmazonCredentials) accountCredentials; + CredentialsConfig.Account account = + EcsAccountBuilder.build(netflixAmazonCredentials, credentials.getName(), "ecs"); + CredentialsConfig ecsCopy = new CredentialsConfig(); + ecsCopy.setAccounts(Collections.singletonList(account)); + + try { + return new NetflixAssumeRoleEcsCredentials( + (NetflixAssumeRoleAmazonCredentials) credentialsLoader.load(ecsCopy).get(0), + credentials.getName()); + } catch (Throwable throwable) { + throwable.printStackTrace(); + return null; + } + } + } + return null; + } +} diff --git a/clouddriver-ecs/src/main/java/com/netflix/spinnaker/clouddriver/ecs/security/EcsCredentialsInitializer.java b/clouddriver-ecs/src/main/java/com/netflix/spinnaker/clouddriver/ecs/security/EcsCredentialsInitializer.java index 24f03a18f8d..7c4f4212167 100644 --- a/clouddriver-ecs/src/main/java/com/netflix/spinnaker/clouddriver/ecs/security/EcsCredentialsInitializer.java +++ b/clouddriver-ecs/src/main/java/com/netflix/spinnaker/clouddriver/ecs/security/EcsCredentialsInitializer.java @@ -16,13 +16,14 @@ package com.netflix.spinnaker.clouddriver.ecs.security; +import com.amazonaws.auth.AWSCredentialsProvider; +import com.netflix.spinnaker.clouddriver.aws.security.AmazonClientProvider; import com.netflix.spinnaker.clouddriver.aws.security.NetflixAmazonCredentials; import com.netflix.spinnaker.clouddriver.aws.security.NetflixAssumeRoleAmazonCredentials; -import com.netflix.spinnaker.clouddriver.aws.security.config.AmazonCredentialsParser; import com.netflix.spinnaker.clouddriver.aws.security.config.CredentialsConfig; import com.netflix.spinnaker.clouddriver.security.AccountCredentials; -import com.netflix.spinnaker.credentials.CredentialsRepository; -import com.netflix.spinnaker.credentials.definition.CredentialsParser; +import com.netflix.spinnaker.clouddriver.security.AccountCredentialsProvider; +import com.netflix.spinnaker.clouddriver.security.AccountCredentialsRepository; import java.util.Collections; import java.util.LinkedList; import java.util.List; @@ -40,33 +41,83 @@ public ECSCredentialsConfig ecsCredentialsConfig() { return new ECSCredentialsConfig(); } + // @Bean + // @DependsOn("amazonCredentialsLoader") + // @ConditionalOnMissingBean( + // value = NetflixECSCredentials.class, + // parameterizedContainer = CredentialsRepository.class) + // CredentialsRepository amazonECSCredentialsRepository( + // CredentialsLifecycleHandler eventHandler + // ) { + // return new MapBackedCredentialsRepository<>(EcsCloudProvider.ID, eventHandler); + // } + + // @Bean + // @DependsOn("amazonCredentialsLoader") + // CredentialsParser ecsCredentialsParser( + // Class credentialsType, + // AccountCredentialsProvider accountCredentialsProvider, + // AWSCredentialsProvider awsCredentialsProvider, + // AmazonClientProvider amazonClientProvider + // ) { + // return new ECSCredentialsParser<>(credentialsType, accountCredentialsProvider, + // awsCredentialsProvider, amazonClientProvider); + // } + + // @Bean + // AbstractCredentialsLoader ecsCredentialsLoader( + // CredentialsParser + // amazonCredentialsParser, + // @Nullable CredentialsDefinitionSource ecsCredentialsSource, + // CredentialsRepository repository, + // ECSCredentialsConfig ecsCredentialsConfig) { + // if (ecsCredentialsSource == null) { + // ecsCredentialsSource = ecsCredentialsConfig::getAccounts; + // } + // return new ECSBasicCredentialsLoader<>( + // ecsCredentialsSource, + // amazonCredentialsParser, + // repository + // ); + // } + @Bean @DependsOn("amazonCredentialsLoader") public List netflixECSCredentials( - CredentialsRepository accountCredentialsRepository, - CredentialsParser - amazonCredentialsParser, - ECSCredentialsConfig credentialsConfig) + AccountCredentialsRepository accountCredentialsRepository, + AccountCredentialsProvider accountCredentialsProvider, + ECSCredentialsConfig credentialsConfig, + AWSCredentialsProvider awsCredentialsProvider, + AmazonClientProvider amazonClientProvider, + Class credentialsType) throws Throwable { return synchronizeECSAccounts( accountCredentialsRepository, - (AmazonCredentialsParser) amazonCredentialsParser, - credentialsConfig); + accountCredentialsProvider, + credentialsConfig, + awsCredentialsProvider, + amazonClientProvider, + credentialsType); } private List synchronizeECSAccounts( - CredentialsRepository accountCredentialsRepository, - AmazonCredentialsParser - amazonCredentialsParser, - ECSCredentialsConfig ecsCredentialsConfig) + AccountCredentialsRepository + accountCredentialsRepository, // legacy. Dependency needs to be removed + AccountCredentialsProvider accountCredentialsProvider, + ECSCredentialsConfig ecsCredentialsConfig, + AWSCredentialsProvider awsCredentialsProvider, + AmazonClientProvider amazonClientProvider, + Class credentialsType) throws Throwable { // TODO: add support for mutable accounts. // List deltaAccounts = ProviderUtils.calculateAccountDeltas(accountCredentialsRepository, // NetflixAmazonCredentials.class, accounts); List credentials = new LinkedList<>(); + CredentialsLoader credentialsLoader = + new CredentialsLoader<>(awsCredentialsProvider, amazonClientProvider, credentialsType); - for (AccountCredentials accountCredentials : accountCredentialsRepository.getAll()) { + for (AccountCredentials accountCredentials : accountCredentialsProvider.getAll()) { if (accountCredentials instanceof NetflixAmazonCredentials) { for (ECSCredentialsConfig.Account ecsAccount : ecsCredentialsConfig.getAccounts()) { if (ecsAccount.getAwsAccount().equals(accountCredentials.getName())) { @@ -83,12 +134,11 @@ private List synchronizeECSAccounts( NetflixECSCredentials ecsCredentials = new NetflixAssumeRoleEcsCredentials( - (NetflixAssumeRoleAmazonCredentials) - amazonCredentialsParser.load(ecsCopy).get(0), + (NetflixAssumeRoleAmazonCredentials) credentialsLoader.load(ecsCopy).get(0), ecsAccount.getAwsAccount()); credentials.add(ecsCredentials); - accountCredentialsRepository.save(ecsCredentials); + accountCredentialsRepository.save(ecsAccount.getName(), ecsCredentials); break; } } From c9704f7e1464c3eeec1fc92ca2aef8c12a6fa4f1 Mon Sep 17 00:00:00 2001 From: Manabu McCloskey Date: Fri, 2 Oct 2020 13:12:32 -0600 Subject: [PATCH 04/14] WIP at least it runs agents --- .../AmazonCredentialsInitializer.groovy | 2 + .../provider/config/EcsProviderConfig.java | 3 +- .../ecs/provider/view/EcsAccountMapper.java | 3 +- .../security/EcsCredentialsInitializer.java | 205 +++++++++--------- 4 files changed, 105 insertions(+), 108 deletions(-) diff --git a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/security/AmazonCredentialsInitializer.groovy b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/security/AmazonCredentialsInitializer.groovy index 13b8735a9d9..a4a9f86c4de 100644 --- a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/security/AmazonCredentialsInitializer.groovy +++ b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/security/AmazonCredentialsInitializer.groovy @@ -36,6 +36,7 @@ import org.springframework.context.annotation.Bean import org.springframework.context.annotation.Configuration import org.springframework.context.annotation.DependsOn import org.springframework.context.annotation.Lazy +import org.springframework.context.annotation.Primary import javax.annotation.Nullable import javax.annotation.PostConstruct @@ -74,6 +75,7 @@ class AmazonCredentialsInitializer { } @Bean + @Primary // needed for ECS repo. ECS and AWS repos should be merged. @ConditionalOnMissingBean( value = NetflixAmazonCredentials.class, parameterizedContainer = CredentialsRepository.class) diff --git a/clouddriver-ecs/src/main/java/com/netflix/spinnaker/clouddriver/ecs/provider/config/EcsProviderConfig.java b/clouddriver-ecs/src/main/java/com/netflix/spinnaker/clouddriver/ecs/provider/config/EcsProviderConfig.java index e1bee67014a..78a0ad530af 100644 --- a/clouddriver-ecs/src/main/java/com/netflix/spinnaker/clouddriver/ecs/provider/config/EcsProviderConfig.java +++ b/clouddriver-ecs/src/main/java/com/netflix/spinnaker/clouddriver/ecs/provider/config/EcsProviderConfig.java @@ -36,7 +36,6 @@ import java.util.concurrent.ConcurrentHashMap; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; -import org.springframework.context.annotation.DependsOn; @Configuration public class EcsProviderConfig { @@ -47,7 +46,7 @@ public IamPolicyReader iamPolicyReader(ObjectMapper objectMapper) { } @Bean - @DependsOn("netflixECSCredentials") + // @DependsOn("netflixECSCredentials") public EcsProvider ecsProvider( AccountCredentialsRepository accountCredentialsRepository, AmazonClientProvider amazonClientProvider, diff --git a/clouddriver-ecs/src/main/java/com/netflix/spinnaker/clouddriver/ecs/provider/view/EcsAccountMapper.java b/clouddriver-ecs/src/main/java/com/netflix/spinnaker/clouddriver/ecs/provider/view/EcsAccountMapper.java index be30d9dd211..96d9d40c174 100644 --- a/clouddriver-ecs/src/main/java/com/netflix/spinnaker/clouddriver/ecs/provider/view/EcsAccountMapper.java +++ b/clouddriver-ecs/src/main/java/com/netflix/spinnaker/clouddriver/ecs/provider/view/EcsAccountMapper.java @@ -27,11 +27,10 @@ import java.util.Set; import java.util.stream.Collectors; import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.context.annotation.DependsOn; import org.springframework.stereotype.Component; @Component -@DependsOn("netflixECSCredentials") +// @DependsOn("netflixECSCredentials") public class EcsAccountMapper { final AccountCredentialsProvider accountCredentialsProvider; diff --git a/clouddriver-ecs/src/main/java/com/netflix/spinnaker/clouddriver/ecs/security/EcsCredentialsInitializer.java b/clouddriver-ecs/src/main/java/com/netflix/spinnaker/clouddriver/ecs/security/EcsCredentialsInitializer.java index 7c4f4212167..e44a48c68eb 100644 --- a/clouddriver-ecs/src/main/java/com/netflix/spinnaker/clouddriver/ecs/security/EcsCredentialsInitializer.java +++ b/clouddriver-ecs/src/main/java/com/netflix/spinnaker/clouddriver/ecs/security/EcsCredentialsInitializer.java @@ -19,14 +19,16 @@ import com.amazonaws.auth.AWSCredentialsProvider; import com.netflix.spinnaker.clouddriver.aws.security.AmazonClientProvider; import com.netflix.spinnaker.clouddriver.aws.security.NetflixAmazonCredentials; -import com.netflix.spinnaker.clouddriver.aws.security.NetflixAssumeRoleAmazonCredentials; -import com.netflix.spinnaker.clouddriver.aws.security.config.CredentialsConfig; -import com.netflix.spinnaker.clouddriver.security.AccountCredentials; +import com.netflix.spinnaker.clouddriver.ecs.EcsCloudProvider; import com.netflix.spinnaker.clouddriver.security.AccountCredentialsProvider; -import com.netflix.spinnaker.clouddriver.security.AccountCredentialsRepository; -import java.util.Collections; -import java.util.LinkedList; -import java.util.List; +import com.netflix.spinnaker.credentials.CredentialsLifecycleHandler; +import com.netflix.spinnaker.credentials.CredentialsRepository; +import com.netflix.spinnaker.credentials.MapBackedCredentialsRepository; +import com.netflix.spinnaker.credentials.definition.AbstractCredentialsLoader; +import com.netflix.spinnaker.credentials.definition.CredentialsDefinitionSource; +import com.netflix.spinnaker.credentials.definition.CredentialsParser; +import javax.annotation.Nullable; +import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean; import org.springframework.boot.context.properties.ConfigurationProperties; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; @@ -41,110 +43,105 @@ public ECSCredentialsConfig ecsCredentialsConfig() { return new ECSCredentialsConfig(); } - // @Bean - // @DependsOn("amazonCredentialsLoader") - // @ConditionalOnMissingBean( - // value = NetflixECSCredentials.class, - // parameterizedContainer = CredentialsRepository.class) - // CredentialsRepository amazonECSCredentialsRepository( - // CredentialsLifecycleHandler eventHandler - // ) { - // return new MapBackedCredentialsRepository<>(EcsCloudProvider.ID, eventHandler); - // } - - // @Bean - // @DependsOn("amazonCredentialsLoader") - // CredentialsParser ecsCredentialsParser( - // Class credentialsType, - // AccountCredentialsProvider accountCredentialsProvider, - // AWSCredentialsProvider awsCredentialsProvider, - // AmazonClientProvider amazonClientProvider - // ) { - // return new ECSCredentialsParser<>(credentialsType, accountCredentialsProvider, - // awsCredentialsProvider, amazonClientProvider); - // } - - // @Bean - // AbstractCredentialsLoader ecsCredentialsLoader( - // CredentialsParser - // amazonCredentialsParser, - // @Nullable CredentialsDefinitionSource ecsCredentialsSource, - // CredentialsRepository repository, - // ECSCredentialsConfig ecsCredentialsConfig) { - // if (ecsCredentialsSource == null) { - // ecsCredentialsSource = ecsCredentialsConfig::getAccounts; - // } - // return new ECSBasicCredentialsLoader<>( - // ecsCredentialsSource, - // amazonCredentialsParser, - // repository - // ); - // } - @Bean @DependsOn("amazonCredentialsLoader") - public List netflixECSCredentials( - AccountCredentialsRepository accountCredentialsRepository, - AccountCredentialsProvider accountCredentialsProvider, - ECSCredentialsConfig credentialsConfig, - AWSCredentialsProvider awsCredentialsProvider, - AmazonClientProvider amazonClientProvider, - Class credentialsType) - throws Throwable { - return synchronizeECSAccounts( - accountCredentialsRepository, - accountCredentialsProvider, - credentialsConfig, - awsCredentialsProvider, - amazonClientProvider, - credentialsType); + @ConditionalOnMissingBean( + value = NetflixECSCredentials.class, + parameterizedContainer = CredentialsRepository.class) + CredentialsRepository amazonECSCredentialsRepository( + CredentialsLifecycleHandler eventHandler) { + return new MapBackedCredentialsRepository<>(EcsCloudProvider.ID, eventHandler); } - private List synchronizeECSAccounts( - AccountCredentialsRepository - accountCredentialsRepository, // legacy. Dependency needs to be removed + @Bean + @DependsOn("amazonCredentialsLoader") + CredentialsParser ecsCredentialsParser( + Class credentialsType, AccountCredentialsProvider accountCredentialsProvider, - ECSCredentialsConfig ecsCredentialsConfig, AWSCredentialsProvider awsCredentialsProvider, - AmazonClientProvider amazonClientProvider, - Class credentialsType) - throws Throwable { - - // TODO: add support for mutable accounts. - // List deltaAccounts = ProviderUtils.calculateAccountDeltas(accountCredentialsRepository, - // NetflixAmazonCredentials.class, accounts); - List credentials = new LinkedList<>(); - CredentialsLoader credentialsLoader = - new CredentialsLoader<>(awsCredentialsProvider, amazonClientProvider, credentialsType); - - for (AccountCredentials accountCredentials : accountCredentialsProvider.getAll()) { - if (accountCredentials instanceof NetflixAmazonCredentials) { - for (ECSCredentialsConfig.Account ecsAccount : ecsCredentialsConfig.getAccounts()) { - if (ecsAccount.getAwsAccount().equals(accountCredentials.getName())) { - - NetflixAmazonCredentials netflixAmazonCredentials = - (NetflixAmazonCredentials) accountCredentials; - - // TODO: accountCredentials should be serializable or somehow cloneable. - CredentialsConfig.Account account = - EcsAccountBuilder.build(netflixAmazonCredentials, ecsAccount.getName(), "ecs"); - - CredentialsConfig ecsCopy = new CredentialsConfig(); - ecsCopy.setAccounts(Collections.singletonList(account)); - - NetflixECSCredentials ecsCredentials = - new NetflixAssumeRoleEcsCredentials( - (NetflixAssumeRoleAmazonCredentials) credentialsLoader.load(ecsCopy).get(0), - ecsAccount.getAwsAccount()); - credentials.add(ecsCredentials); + AmazonClientProvider amazonClientProvider) { + return new ECSCredentialsParser<>( + credentialsType, accountCredentialsProvider, awsCredentialsProvider, amazonClientProvider); + } - accountCredentialsRepository.save(ecsAccount.getName(), ecsCredentials); - break; - } - } - } + @Bean + AbstractCredentialsLoader ecsCredentialsLoader( + CredentialsParser + amazonCredentialsParser, + @Nullable CredentialsDefinitionSource ecsCredentialsSource, + CredentialsRepository repository, + ECSCredentialsConfig ecsCredentialsConfig) { + if (ecsCredentialsSource == null) { + ecsCredentialsSource = ecsCredentialsConfig::getAccounts; } - - return credentials; + return new ECSBasicCredentialsLoader<>( + ecsCredentialsSource, amazonCredentialsParser, repository); } + + // @Bean + // @DependsOn("amazonCredentialsLoader") + // public List netflixECSCredentials( + // AccountCredentialsRepository accountCredentialsRepository, + // AccountCredentialsProvider accountCredentialsProvider, + // ECSCredentialsConfig credentialsConfig, + // AWSCredentialsProvider awsCredentialsProvider, + // AmazonClientProvider amazonClientProvider, + // Class credentialsType) + // throws Throwable { + // return synchronizeECSAccounts( + // accountCredentialsRepository, + // accountCredentialsProvider, + // credentialsConfig, + // awsCredentialsProvider, + // amazonClientProvider, + // credentialsType); + // } + // + // private List synchronizeECSAccounts( + // AccountCredentialsRepository + // accountCredentialsRepository, // legacy. Dependency needs to be removed + // AccountCredentialsProvider accountCredentialsProvider, + // ECSCredentialsConfig ecsCredentialsConfig, + // AWSCredentialsProvider awsCredentialsProvider, + // AmazonClientProvider amazonClientProvider, + // Class credentialsType) + // throws Throwable { + // + // // TODO: add support for mutable accounts. + // // List deltaAccounts = ProviderUtils.calculateAccountDeltas(accountCredentialsRepository, + // // NetflixAmazonCredentials.class, accounts); + // List credentials = new LinkedList<>(); + // CredentialsLoader credentialsLoader = + // new CredentialsLoader<>(awsCredentialsProvider, amazonClientProvider, credentialsType); + // + // for (AccountCredentials accountCredentials : accountCredentialsProvider.getAll()) { + // if (accountCredentials instanceof NetflixAmazonCredentials) { + // for (ECSCredentialsConfig.Account ecsAccount : ecsCredentialsConfig.getAccounts()) { + // if (ecsAccount.getAwsAccount().equals(accountCredentials.getName())) { + // + // NetflixAmazonCredentials netflixAmazonCredentials = + // (NetflixAmazonCredentials) accountCredentials; + // + // // TODO: accountCredentials should be serializable or somehow cloneable. + // CredentialsConfig.Account account = + // EcsAccountBuilder.build(netflixAmazonCredentials, ecsAccount.getName(), "ecs"); + // + // CredentialsConfig ecsCopy = new CredentialsConfig(); + // ecsCopy.setAccounts(Collections.singletonList(account)); + // + // NetflixECSCredentials ecsCredentials = + // new NetflixAssumeRoleEcsCredentials( + // (NetflixAssumeRoleAmazonCredentials) credentialsLoader.load(ecsCopy).get(0), + // ecsAccount.getAwsAccount()); + // credentials.add(ecsCredentials); + // + // accountCredentialsRepository.save(ecsAccount.getName(), ecsCredentials); + // break; + // } + // } + // } + // } + // + // return credentials; + // } } From 3ba0a5d7fba18c1a2a69ed71e0a68f1d5583d33d Mon Sep 17 00:00:00 2001 From: Manabu McCloskey Date: Fri, 2 Oct 2020 14:54:47 -0600 Subject: [PATCH 05/14] Ensure ECS credentials repo is added to composite repository --- .../ecs/security/EcsCredentialsInitializer.java | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/clouddriver-ecs/src/main/java/com/netflix/spinnaker/clouddriver/ecs/security/EcsCredentialsInitializer.java b/clouddriver-ecs/src/main/java/com/netflix/spinnaker/clouddriver/ecs/security/EcsCredentialsInitializer.java index e44a48c68eb..97bed25c159 100644 --- a/clouddriver-ecs/src/main/java/com/netflix/spinnaker/clouddriver/ecs/security/EcsCredentialsInitializer.java +++ b/clouddriver-ecs/src/main/java/com/netflix/spinnaker/clouddriver/ecs/security/EcsCredentialsInitializer.java @@ -20,7 +20,9 @@ import com.netflix.spinnaker.clouddriver.aws.security.AmazonClientProvider; import com.netflix.spinnaker.clouddriver.aws.security.NetflixAmazonCredentials; import com.netflix.spinnaker.clouddriver.ecs.EcsCloudProvider; +import com.netflix.spinnaker.clouddriver.security.AccountCredentials; import com.netflix.spinnaker.clouddriver.security.AccountCredentialsProvider; +import com.netflix.spinnaker.credentials.CompositeCredentialsRepository; import com.netflix.spinnaker.credentials.CredentialsLifecycleHandler; import com.netflix.spinnaker.credentials.CredentialsRepository; import com.netflix.spinnaker.credentials.MapBackedCredentialsRepository; @@ -70,10 +72,13 @@ AbstractCredentialsLoader ecsCredentialsLoader( amazonCredentialsParser, @Nullable CredentialsDefinitionSource ecsCredentialsSource, CredentialsRepository repository, - ECSCredentialsConfig ecsCredentialsConfig) { + ECSCredentialsConfig ecsCredentialsConfig, + CompositeCredentialsRepository compositeCredentialsRepository) { + compositeCredentialsRepository.registerRepository(repository); if (ecsCredentialsSource == null) { ecsCredentialsSource = ecsCredentialsConfig::getAccounts; } + return new ECSBasicCredentialsLoader<>( ecsCredentialsSource, amazonCredentialsParser, repository); } From 1c290e5b0b356e52a05837d2150dbd6c0d8a7b98 Mon Sep 17 00:00:00 2001 From: Manabu McCloskey Date: Fri, 2 Oct 2020 15:04:09 -0600 Subject: [PATCH 06/14] Remove ECSBasicCredentialsLoader --- .../security/ECSBasicCredentialsLoader.java | 36 ------------------- .../security/EcsCredentialsInitializer.java | 2 +- 2 files changed, 1 insertion(+), 37 deletions(-) delete mode 100644 clouddriver-ecs/src/main/java/com/netflix/spinnaker/clouddriver/ecs/security/ECSBasicCredentialsLoader.java diff --git a/clouddriver-ecs/src/main/java/com/netflix/spinnaker/clouddriver/ecs/security/ECSBasicCredentialsLoader.java b/clouddriver-ecs/src/main/java/com/netflix/spinnaker/clouddriver/ecs/security/ECSBasicCredentialsLoader.java deleted file mode 100644 index f62092a2aec..00000000000 --- a/clouddriver-ecs/src/main/java/com/netflix/spinnaker/clouddriver/ecs/security/ECSBasicCredentialsLoader.java +++ /dev/null @@ -1,36 +0,0 @@ -/* - * Copyright 2020 Netflix, Inc. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ - -package com.netflix.spinnaker.clouddriver.ecs.security; - -import com.netflix.spinnaker.clouddriver.aws.security.NetflixAmazonCredentials; -import com.netflix.spinnaker.credentials.CredentialsRepository; -import com.netflix.spinnaker.credentials.definition.BasicCredentialsLoader; -import com.netflix.spinnaker.credentials.definition.CredentialsDefinitionSource; -import com.netflix.spinnaker.credentials.definition.CredentialsParser; - -public class ECSBasicCredentialsLoader< - T extends ECSCredentialsConfig.Account, U extends NetflixAmazonCredentials> - extends BasicCredentialsLoader { - - public ECSBasicCredentialsLoader( - CredentialsDefinitionSource definitionSource, - CredentialsParser parser, - CredentialsRepository credentialsRepository) { - super(definitionSource, parser, credentialsRepository); - } -} diff --git a/clouddriver-ecs/src/main/java/com/netflix/spinnaker/clouddriver/ecs/security/EcsCredentialsInitializer.java b/clouddriver-ecs/src/main/java/com/netflix/spinnaker/clouddriver/ecs/security/EcsCredentialsInitializer.java index 97bed25c159..e69943c1c95 100644 --- a/clouddriver-ecs/src/main/java/com/netflix/spinnaker/clouddriver/ecs/security/EcsCredentialsInitializer.java +++ b/clouddriver-ecs/src/main/java/com/netflix/spinnaker/clouddriver/ecs/security/EcsCredentialsInitializer.java @@ -79,7 +79,7 @@ AbstractCredentialsLoader ecsCredentialsLoader( ecsCredentialsSource = ecsCredentialsConfig::getAccounts; } - return new ECSBasicCredentialsLoader<>( + return new BasicCredentialsLoader<>( ecsCredentialsSource, amazonCredentialsParser, repository); } From d8be7028403a4d3dba0877c612a1050211a2da93 Mon Sep 17 00:00:00 2001 From: Manabu McCloskey Date: Fri, 2 Oct 2020 15:50:59 -0600 Subject: [PATCH 07/14] clean up --- .../provider/config/EcsProviderConfig.java | 136 +----------------- .../security/EcsCredentialsInitializer.java | 4 +- 2 files changed, 4 insertions(+), 136 deletions(-) diff --git a/clouddriver-ecs/src/main/java/com/netflix/spinnaker/clouddriver/ecs/provider/config/EcsProviderConfig.java b/clouddriver-ecs/src/main/java/com/netflix/spinnaker/clouddriver/ecs/provider/config/EcsProviderConfig.java index 78a0ad530af..c590138a7a0 100644 --- a/clouddriver-ecs/src/main/java/com/netflix/spinnaker/clouddriver/ecs/provider/config/EcsProviderConfig.java +++ b/clouddriver-ecs/src/main/java/com/netflix/spinnaker/clouddriver/ecs/provider/config/EcsProviderConfig.java @@ -16,23 +16,10 @@ package com.netflix.spinnaker.clouddriver.ecs.provider.config; -import static com.netflix.spinnaker.clouddriver.aws.security.AmazonCredentials.AWSRegion; - -import com.amazonaws.auth.AWSCredentialsProvider; import com.fasterxml.jackson.databind.ObjectMapper; -import com.netflix.spectator.api.Registry; -import com.netflix.spinnaker.cats.agent.Agent; -import com.netflix.spinnaker.clouddriver.aws.security.AmazonClientProvider; -import com.netflix.spinnaker.clouddriver.aws.security.NetflixAmazonCredentials; -import com.netflix.spinnaker.clouddriver.ecs.EcsCloudProvider; import com.netflix.spinnaker.clouddriver.ecs.provider.EcsProvider; -import com.netflix.spinnaker.clouddriver.ecs.provider.agent.*; -import com.netflix.spinnaker.clouddriver.security.AccountCredentialsRepository; -import com.netflix.spinnaker.clouddriver.security.ProviderUtils; +import com.netflix.spinnaker.clouddriver.ecs.provider.agent.IamPolicyReader; import java.util.Collections; -import java.util.LinkedList; -import java.util.List; -import java.util.Set; import java.util.concurrent.ConcurrentHashMap; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; @@ -46,127 +33,8 @@ public IamPolicyReader iamPolicyReader(ObjectMapper objectMapper) { } @Bean - // @DependsOn("netflixECSCredentials") - public EcsProvider ecsProvider( - AccountCredentialsRepository accountCredentialsRepository, - AmazonClientProvider amazonClientProvider, - AWSCredentialsProvider awsCredentialsProvider, - Registry registry, - IamPolicyReader iamPolicyReader, - ObjectMapper objectMapper) { + public EcsProvider ecsProvider() { EcsProvider provider = new EcsProvider(Collections.newSetFromMap(new ConcurrentHashMap<>())); - synchronizeEcsProvider( - provider, - accountCredentialsRepository, - amazonClientProvider, - awsCredentialsProvider, - registry, - iamPolicyReader, - objectMapper); return provider; } - - private void synchronizeEcsProvider( - EcsProvider ecsProvider, - AccountCredentialsRepository accountCredentialsRepository, - AmazonClientProvider amazonClientProvider, - AWSCredentialsProvider awsCredentialsProvider, - Registry registry, - IamPolicyReader iamPolicyReader, - ObjectMapper objectMapper) { - - Set scheduledAccounts = ProviderUtils.getScheduledAccounts(ecsProvider); - Set allAccounts = - ProviderUtils.buildThreadSafeSetOfAccounts( - accountCredentialsRepository, NetflixAmazonCredentials.class, EcsCloudProvider.ID); - List newAgents = new LinkedList<>(); - - for (NetflixAmazonCredentials credentials : allAccounts) { - newAgents.add( - new IamRoleCachingAgent( - credentials, - amazonClientProvider, - awsCredentialsProvider, - iamPolicyReader)); // IAM is region-agnostic, so one caching agent per account is - // enough - - for (AWSRegion region : credentials.getRegions()) { - if (!scheduledAccounts.contains(credentials.getName())) { - newAgents.add( - new EcsClusterCachingAgent( - credentials, region.getName(), amazonClientProvider, awsCredentialsProvider)); - newAgents.add( - new ServiceCachingAgent( - credentials, - region.getName(), - amazonClientProvider, - awsCredentialsProvider, - registry)); - newAgents.add( - new TaskCachingAgent( - credentials, - region.getName(), - amazonClientProvider, - awsCredentialsProvider, - registry)); - newAgents.add( - new ContainerInstanceCachingAgent( - credentials, - region.getName(), - amazonClientProvider, - awsCredentialsProvider, - registry)); - newAgents.add( - new TaskDefinitionCachingAgent( - credentials, - region.getName(), - amazonClientProvider, - awsCredentialsProvider, - registry, - objectMapper)); - newAgents.add( - new TaskHealthCachingAgent( - credentials, - region.getName(), - amazonClientProvider, - awsCredentialsProvider, - objectMapper)); - newAgents.add( - new EcsCloudMetricAlarmCachingAgent( - credentials, region.getName(), amazonClientProvider, awsCredentialsProvider)); - newAgents.add( - new ScalableTargetsCachingAgent( - credentials, - region.getName(), - amazonClientProvider, - awsCredentialsProvider, - objectMapper)); - newAgents.add( - new SecretCachingAgent( - credentials, - region.getName(), - amazonClientProvider, - awsCredentialsProvider, - objectMapper)); - newAgents.add( - new ServiceDiscoveryCachingAgent( - credentials, - region.getName(), - amazonClientProvider, - awsCredentialsProvider, - objectMapper)); - newAgents.add( - new TargetHealthCachingAgent( - credentials, - region.getName(), - amazonClientProvider, - awsCredentialsProvider, - objectMapper)); - } - } - } - ProviderUtils.rescheduleAgents(ecsProvider, newAgents); - ecsProvider.getAgents().addAll(newAgents); - ecsProvider.synchronizeHealthAgents(); - } } diff --git a/clouddriver-ecs/src/main/java/com/netflix/spinnaker/clouddriver/ecs/security/EcsCredentialsInitializer.java b/clouddriver-ecs/src/main/java/com/netflix/spinnaker/clouddriver/ecs/security/EcsCredentialsInitializer.java index e69943c1c95..d0edc689c07 100644 --- a/clouddriver-ecs/src/main/java/com/netflix/spinnaker/clouddriver/ecs/security/EcsCredentialsInitializer.java +++ b/clouddriver-ecs/src/main/java/com/netflix/spinnaker/clouddriver/ecs/security/EcsCredentialsInitializer.java @@ -27,6 +27,7 @@ import com.netflix.spinnaker.credentials.CredentialsRepository; import com.netflix.spinnaker.credentials.MapBackedCredentialsRepository; import com.netflix.spinnaker.credentials.definition.AbstractCredentialsLoader; +import com.netflix.spinnaker.credentials.definition.BasicCredentialsLoader; import com.netflix.spinnaker.credentials.definition.CredentialsDefinitionSource; import com.netflix.spinnaker.credentials.definition.CredentialsParser; import javax.annotation.Nullable; @@ -79,8 +80,7 @@ AbstractCredentialsLoader ecsCredentialsLoader( ecsCredentialsSource = ecsCredentialsConfig::getAccounts; } - return new BasicCredentialsLoader<>( - ecsCredentialsSource, amazonCredentialsParser, repository); + return new BasicCredentialsLoader<>(ecsCredentialsSource, amazonCredentialsParser, repository); } // @Bean From 048c08187d9057a1cdb8d7b9b6358de5706ded87 Mon Sep 17 00:00:00 2001 From: Manabu McCloskey Date: Fri, 2 Oct 2020 16:54:38 -0600 Subject: [PATCH 08/14] remove CredentialsLoader --- .../config/AmazonCredentialsParser.java | 2 +- .../provider/config/EcsProviderConfig.java | 3 +- .../ecs/security/CredentialsLoader.java | 426 ------------------ .../ecs/security/ECSCredentialsConfig.java | 7 +- .../ecs/security/ECSCredentialsParser.java | 22 +- .../security/EcsCredentialsInitializer.java | 23 +- .../services/ContainerInformationService.java | 2 +- 7 files changed, 26 insertions(+), 459 deletions(-) delete mode 100644 clouddriver-ecs/src/main/java/com/netflix/spinnaker/clouddriver/ecs/security/CredentialsLoader.java diff --git a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/security/config/AmazonCredentialsParser.java b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/security/config/AmazonCredentialsParser.java index 757d8323749..b041bba3cc9 100644 --- a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/security/config/AmazonCredentialsParser.java +++ b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/security/config/AmazonCredentialsParser.java @@ -175,7 +175,7 @@ public V load(String accountName) throws Throwable { CredentialsConfig config = new CredentialsConfig(); Account account = new Account(); account.setName(accountName); - config.setAccounts(Arrays.asList(account)); + config.setAccounts(Collections.singletonList(account)); List result = load(config); if (result.size() != 1) { throw new IllegalStateException("failed to create account"); diff --git a/clouddriver-ecs/src/main/java/com/netflix/spinnaker/clouddriver/ecs/provider/config/EcsProviderConfig.java b/clouddriver-ecs/src/main/java/com/netflix/spinnaker/clouddriver/ecs/provider/config/EcsProviderConfig.java index c590138a7a0..6a9b1c51ce3 100644 --- a/clouddriver-ecs/src/main/java/com/netflix/spinnaker/clouddriver/ecs/provider/config/EcsProviderConfig.java +++ b/clouddriver-ecs/src/main/java/com/netflix/spinnaker/clouddriver/ecs/provider/config/EcsProviderConfig.java @@ -34,7 +34,6 @@ public IamPolicyReader iamPolicyReader(ObjectMapper objectMapper) { @Bean public EcsProvider ecsProvider() { - EcsProvider provider = new EcsProvider(Collections.newSetFromMap(new ConcurrentHashMap<>())); - return provider; + return new EcsProvider(Collections.newSetFromMap(new ConcurrentHashMap<>())); } } diff --git a/clouddriver-ecs/src/main/java/com/netflix/spinnaker/clouddriver/ecs/security/CredentialsLoader.java b/clouddriver-ecs/src/main/java/com/netflix/spinnaker/clouddriver/ecs/security/CredentialsLoader.java deleted file mode 100644 index ab201666720..00000000000 --- a/clouddriver-ecs/src/main/java/com/netflix/spinnaker/clouddriver/ecs/security/CredentialsLoader.java +++ /dev/null @@ -1,426 +0,0 @@ -/* - * Copyright 2015 Netflix, Inc. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package com.netflix.spinnaker.clouddriver.ecs.security; - -import com.amazonaws.SDKGlobalConfiguration; -import com.amazonaws.auth.AWSCredentialsProvider; -import com.fasterxml.jackson.databind.DeserializationFeature; -import com.fasterxml.jackson.databind.ObjectMapper; -import com.netflix.spinnaker.clouddriver.aws.security.AWSAccountInfoLookup; -import com.netflix.spinnaker.clouddriver.aws.security.AmazonClientProvider; -import com.netflix.spinnaker.clouddriver.aws.security.AmazonCredentials; -import com.netflix.spinnaker.clouddriver.aws.security.DefaultAWSAccountInfoLookup; -import com.netflix.spinnaker.clouddriver.aws.security.config.CredentialsConfig; -import com.netflix.spinnaker.clouddriver.aws.security.config.CredentialsConfig.Account; -import com.netflix.spinnaker.clouddriver.aws.security.config.CredentialsConfig.Region; -import java.lang.reflect.Constructor; -import java.lang.reflect.InvocationTargetException; -import java.util.*; -import java.util.concurrent.atomic.AtomicReference; -import java.util.function.Function; -import java.util.regex.Pattern; -import java.util.stream.Collectors; -import org.apache.commons.lang3.StringUtils; - -public class CredentialsLoader { - - private final AWSCredentialsProvider credentialsProvider; - private final AWSAccountInfoLookup awsAccountInfoLookup; - private final Map templateValues; - private final CredentialTranslator credentialTranslator; - private final ObjectMapper objectMapper; - - public CredentialsLoader( - AWSCredentialsProvider credentialsProvider, - AmazonClientProvider amazonClientProvider, - Class credentialsType) { - this( - credentialsProvider, - amazonClientProvider, - credentialsType, - Collections.emptyMap()); - } - - public CredentialsLoader( - AWSCredentialsProvider credentialsProvider, - AmazonClientProvider amazonClientProvider, - Class credentialsType, - Map templateValues) { - this( - credentialsProvider, - new DefaultAWSAccountInfoLookup(credentialsProvider, amazonClientProvider), - credentialsType, - templateValues); - } - - public CredentialsLoader( - AWSCredentialsProvider credentialsProvider, - AWSAccountInfoLookup awsAccountInfoLookup, - Class credentialsType) { - this( - credentialsProvider, - awsAccountInfoLookup, - credentialsType, - Collections.emptyMap()); - } - - public CredentialsLoader( - AWSCredentialsProvider credentialsProvider, - AWSAccountInfoLookup awsAccountInfoLookup, - Class credentialsType, - Map templateValues) { - this.credentialsProvider = Objects.requireNonNull(credentialsProvider, "credentialsProvider"); - this.awsAccountInfoLookup = awsAccountInfoLookup; - this.templateValues = templateValues; - this.objectMapper = new ObjectMapper(); - this.credentialTranslator = findTranslator(credentialsType, this.objectMapper); - } - - private Lazy> createDefaults(final List defaults) { - return new Lazy<>( - new Lazy.Loader>() { - @Override - public List get() { - if (defaults == null) { - return toRegion(awsAccountInfoLookup.listRegions()); - } else { - List result = new ArrayList<>(defaults.size()); - List toLookup = new ArrayList<>(); - for (Region def : defaults) { - if (def.getAvailabilityZones() == null || def.getAvailabilityZones().isEmpty()) { - toLookup.add(def.getName()); - } else { - result.add(def); - } - } - if (!toLookup.isEmpty()) { - List resolved = toRegion(awsAccountInfoLookup.listRegions(toLookup)); - for (Region region : resolved) { - Region fromDefault = find(defaults, region.getName()); - if (fromDefault != null) { - region.setPreferredZones(fromDefault.getPreferredZones()); - region.setDeprecated(fromDefault.getDeprecated()); - } - } - result.addAll(resolved); - } - return result; - } - } - }); - } - - private List initRegions(Lazy> defaults, List toInit) { - if (toInit == null) { - return defaults.get(); - } - - Map toInitByName = - toInit.stream().collect(Collectors.toMap(Region::getName, Function.identity())); - - List result = new ArrayList<>(toInit.size()); - List toLookup = new ArrayList<>(); - for (Region r : toInit) { - if (r.getAvailabilityZones() == null || r.getAvailabilityZones().isEmpty()) { - toLookup.add(r.getName()); - } else { - result.add(r); - } - } - - for (Iterator lookups = toLookup.iterator(); lookups.hasNext(); ) { - Region fromDefault = find(defaults.get(), lookups.next()); - if (fromDefault != null) { - lookups.remove(); - result.add(fromDefault); - } - } - if (!toLookup.isEmpty()) { - List resolved = toRegion(awsAccountInfoLookup.listRegions(toLookup)); - for (Region region : resolved) { - Region src = find(toInit, region.getName()); - if (src == null || src.getPreferredZones() == null) { - src = find(defaults.get(), region.getName()); - } - - if (src != null) { - region.setPreferredZones(src.getPreferredZones()); - } - } - result.addAll(resolved); - } - - // make a clone of all regions such that modifications apply only to this specific instance (and - // not global defaults) - result = result.stream().map(Region::copyOf).collect(Collectors.toList()); - - for (Region r : result) { - Region toInitRegion = toInitByName.get(r.getName()); - if (toInitRegion != null && toInitRegion.getDeprecated() != null) { - r.setDeprecated(toInitRegion.getDeprecated()); - } - } - - return result; - } - - private static Region find(List src, String name) { - if (src != null) { - for (Region r : src) { - if (r.getName().equals(name)) { - return r; - } - } - } - return null; - } - - private static List toRegion(List src) { - List result = new ArrayList<>(src.size()); - for (AmazonCredentials.AWSRegion r : src) { - Region region = new Region(); - region.setName(r.getName()); - region.setAvailabilityZones(new ArrayList<>(r.getAvailabilityZones())); - region.setPreferredZones(new ArrayList<>(r.getPreferredZones())); - result.add(region); - } - return result; - } - - public T load(String accountName) throws Throwable { - CredentialsConfig config = new CredentialsConfig(); - Account account = new Account(); - account.setName(accountName); - config.setAccounts(Arrays.asList(account)); - List result = load(config); - if (result.size() != 1) { - throw new IllegalStateException("failed to create account"); - } - return result.get(0); - } - - public List load(CredentialsConfig source) throws Throwable { - final CredentialsConfig config = objectMapper.convertValue(source, CredentialsConfig.class); - - if (config.getAccounts() == null || config.getAccounts().isEmpty()) { - return Collections.emptyList(); - } - - if (!StringUtils.isEmpty(config.getAccessKeyId())) { - System.setProperty( - SDKGlobalConfiguration.ACCESS_KEY_SYSTEM_PROPERTY, config.getAccessKeyId()); - } - if (!StringUtils.isEmpty(config.getSecretAccessKey())) { - System.setProperty( - SDKGlobalConfiguration.SECRET_KEY_SYSTEM_PROPERTY, config.getSecretAccessKey()); - } - Lazy> defaultRegions = createDefaults(config.getDefaultRegions()); - List initializedAccounts = new ArrayList<>(config.getAccounts().size()); - for (Account account : config.getAccounts()) { - if (account.getAccountId() == null) { - if (!credentialTranslator.resolveAccountId()) { - throw new IllegalArgumentException( - "accountId is required and not resolvable for this credentials type"); - } - account.setAccountId(awsAccountInfoLookup.findAccountId()); - } - - if (account.getEnvironment() == null) { - account.setEnvironment(account.getName()); - } - - if (account.getAccountType() == null) { - account.setAccountType(account.getName()); - } - - account.setRegions(initRegions(defaultRegions, account.getRegions())); - account.setDefaultSecurityGroups( - account.getDefaultSecurityGroups() != null - ? account.getDefaultSecurityGroups() - : config.getDefaultSecurityGroups()); - account.setLifecycleHooks( - account.getLifecycleHooks() != null - ? account.getLifecycleHooks() - : config.getDefaultLifecycleHooks()); - account.setEnabled(Optional.ofNullable(account.getEnabled()).orElse(true)); - - Map templateContext = new HashMap<>(templateValues); - templateContext.put("name", account.getName()); - templateContext.put("accountId", account.getAccountId()); - templateContext.put("environment", account.getEnvironment()); - templateContext.put("accountType", account.getAccountType()); - - account.setDefaultKeyPair( - templateFirstNonNull( - templateContext, account.getDefaultKeyPair(), config.getDefaultKeyPairTemplate())); - account.setEdda( - templateFirstNonNull( - templateContext, account.getEdda(), config.getDefaultEddaTemplate())); - account.setFront50( - templateFirstNonNull( - templateContext, account.getFront50(), config.getDefaultFront50Template())); - account.setDiscovery( - templateFirstNonNull( - templateContext, account.getDiscovery(), config.getDefaultDiscoveryTemplate())); - account.setAssumeRole( - templateFirstNonNull( - templateContext, account.getAssumeRole(), config.getDefaultAssumeRole())); - account.setSessionName( - templateFirstNonNull( - templateContext, account.getSessionName(), config.getDefaultSessionName())); - account.setBastionHost( - templateFirstNonNull( - templateContext, account.getBastionHost(), config.getDefaultBastionHostTemplate())); - - if (account.getLifecycleHooks() != null) { - for (CredentialsConfig.LifecycleHook lifecycleHook : account.getLifecycleHooks()) { - lifecycleHook.setRoleARN( - templateFirstNonNull( - templateContext, - lifecycleHook.getRoleARN(), - config.getDefaultLifecycleHookRoleARNTemplate())); - lifecycleHook.setNotificationTargetARN( - templateFirstNonNull( - templateContext, - lifecycleHook.getNotificationTargetARN(), - config.getDefaultLifecycleHookNotificationTargetARNTemplate())); - } - } - - initializedAccounts.add(credentialTranslator.translate(credentialsProvider, account)); - } - return initializedAccounts.stream() - .filter(AmazonCredentials::isEnabled) - .collect(Collectors.toList()); - } - - private static class Lazy { - public static interface Loader { - T get(); - } - - private final Loader loader; - private final AtomicReference ref = new AtomicReference<>(); - - public Lazy(Loader loader) { - this.loader = loader; - } - - public T get() { - if (ref.get() == null) { - ref.set(loader.get()); - } - return ref.get(); - } - } - - private static String templateFirstNonNull(Map substitutions, String... values) { - for (String value : values) { - if (value != null) { - return StringTemplater.render(value, substitutions); - } - } - return null; - } - - static CredentialTranslator findTranslator( - Class credentialsType, ObjectMapper objectMapper) { - return new CopyConstructorTranslator<>(objectMapper, credentialsType); - } - - static interface CredentialTranslator { - Class getCredentialType(); - - boolean resolveAccountId(); - - T translate(AWSCredentialsProvider credentialsProvider, Account account) throws Throwable; - } - - static class CopyConstructorTranslator - implements CredentialTranslator { - - private final ObjectMapper objectMapper; - private final Class credentialType; - private final Constructor copyConstructor; - - public CopyConstructorTranslator(ObjectMapper objectMapper, Class credentialType) { - this.objectMapper = objectMapper.disable(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES); - this.credentialType = credentialType; - try { - copyConstructor = - credentialType.getConstructor(credentialType, AWSCredentialsProvider.class); - } catch (NoSuchMethodException nsme) { - throw new IllegalArgumentException( - "Class " - + credentialType - + " must supply a constructor with " - + credentialType - + ", " - + AWSCredentialsProvider.class - + " args."); - } - } - - @Override - public Class getCredentialType() { - return credentialType; - } - - @Override - public boolean resolveAccountId() { - try { - credentialType.getMethod("getAssumeRole"); - return false; - } catch (NoSuchMethodException nsme) { - return true; - } - } - - @Override - public T translate(AWSCredentialsProvider credentialsProvider, Account account) - throws Throwable { - T immutableInstance = objectMapper.convertValue(account, credentialType); - try { - return copyConstructor.newInstance(immutableInstance, credentialsProvider); - } catch (InvocationTargetException ite) { - throw ite.getTargetException(); - } - } - } - - static class StringTemplater { - public static String render(String template, Map substitutions) { - String base = template; - int iterations = 0; - boolean changed = true; - while (changed && iterations < 10) { - iterations++; - String previous = base; - for (Map.Entry substitution : substitutions.entrySet()) { - base = - base.replaceAll( - Pattern.quote("{{" + substitution.getKey() + "}}"), substitution.getValue()); - } - changed = !previous.equals(base); - } - if (changed) { - throw new RuntimeException("too many levels of templatery"); - } - return base; - } - } -} diff --git a/clouddriver-ecs/src/main/java/com/netflix/spinnaker/clouddriver/ecs/security/ECSCredentialsConfig.java b/clouddriver-ecs/src/main/java/com/netflix/spinnaker/clouddriver/ecs/security/ECSCredentialsConfig.java index e9d3ccb76c7..644c183446a 100644 --- a/clouddriver-ecs/src/main/java/com/netflix/spinnaker/clouddriver/ecs/security/ECSCredentialsConfig.java +++ b/clouddriver-ecs/src/main/java/com/netflix/spinnaker/clouddriver/ecs/security/ECSCredentialsConfig.java @@ -16,16 +16,17 @@ package com.netflix.spinnaker.clouddriver.ecs.security; +import com.netflix.spinnaker.clouddriver.aws.security.config.CredentialsConfig; import com.netflix.spinnaker.credentials.definition.CredentialsDefinition; import java.util.List; import lombok.Data; @Data -public class ECSCredentialsConfig { - List accounts; +public class ECSCredentialsConfig extends CredentialsConfig { + List ecsAccounts; @Data - public static class Account implements CredentialsDefinition { + public static class ECSAccount implements CredentialsDefinition { private String name; private String awsAccount; } diff --git a/clouddriver-ecs/src/main/java/com/netflix/spinnaker/clouddriver/ecs/security/ECSCredentialsParser.java b/clouddriver-ecs/src/main/java/com/netflix/spinnaker/clouddriver/ecs/security/ECSCredentialsParser.java index 33f763f2212..ec80cc129aa 100644 --- a/clouddriver-ecs/src/main/java/com/netflix/spinnaker/clouddriver/ecs/security/ECSCredentialsParser.java +++ b/clouddriver-ecs/src/main/java/com/netflix/spinnaker/clouddriver/ecs/security/ECSCredentialsParser.java @@ -17,39 +17,35 @@ package com.netflix.spinnaker.clouddriver.ecs.security; -import com.amazonaws.auth.AWSCredentialsProvider; -import com.netflix.spinnaker.clouddriver.aws.security.AmazonClientProvider; import com.netflix.spinnaker.clouddriver.aws.security.NetflixAmazonCredentials; import com.netflix.spinnaker.clouddriver.aws.security.NetflixAssumeRoleAmazonCredentials; import com.netflix.spinnaker.clouddriver.aws.security.config.CredentialsConfig; import com.netflix.spinnaker.clouddriver.security.AccountCredentials; import com.netflix.spinnaker.clouddriver.security.AccountCredentialsProvider; import com.netflix.spinnaker.credentials.definition.CredentialsParser; -import java.util.Collections; +import org.jetbrains.annotations.NotNull; import org.jetbrains.annotations.Nullable; // public class ECSCredentialsParser public class ECSCredentialsParser - implements CredentialsParser { + implements CredentialsParser { private final AccountCredentialsProvider accountCredentialsProvider; - private final CredentialsLoader credentialsLoader; + private final CredentialsParser + credentialsLoader; public ECSCredentialsParser( - Class credentialsType, AccountCredentialsProvider accountCredentialsProvider, - AWSCredentialsProvider awsCredentialsProvider, - AmazonClientProvider amazonClientProvider) { + CredentialsParser credentialsLoader) { this.accountCredentialsProvider = accountCredentialsProvider; - this.credentialsLoader = - new CredentialsLoader<>(awsCredentialsProvider, amazonClientProvider, credentialsType); + this.credentialsLoader = credentialsLoader; } @Nullable @Override - public NetflixECSCredentials parse(ECSCredentialsConfig.Account credentials) { + public NetflixECSCredentials parse(ECSCredentialsConfig.@NotNull ECSAccount credentials) { for (AccountCredentials accountCredentials : accountCredentialsProvider.getAll()) { if (accountCredentials instanceof NetflixAmazonCredentials && credentials.getAwsAccount().equals(accountCredentials.getName())) { @@ -58,12 +54,10 @@ public NetflixECSCredentials parse(ECSCredentialsConfig.Account credentials) { (NetflixAmazonCredentials) accountCredentials; CredentialsConfig.Account account = EcsAccountBuilder.build(netflixAmazonCredentials, credentials.getName(), "ecs"); - CredentialsConfig ecsCopy = new CredentialsConfig(); - ecsCopy.setAccounts(Collections.singletonList(account)); try { return new NetflixAssumeRoleEcsCredentials( - (NetflixAssumeRoleAmazonCredentials) credentialsLoader.load(ecsCopy).get(0), + (NetflixAssumeRoleAmazonCredentials) credentialsLoader.parse(account), credentials.getName()); } catch (Throwable throwable) { throwable.printStackTrace(); diff --git a/clouddriver-ecs/src/main/java/com/netflix/spinnaker/clouddriver/ecs/security/EcsCredentialsInitializer.java b/clouddriver-ecs/src/main/java/com/netflix/spinnaker/clouddriver/ecs/security/EcsCredentialsInitializer.java index d0edc689c07..ee1c180a935 100644 --- a/clouddriver-ecs/src/main/java/com/netflix/spinnaker/clouddriver/ecs/security/EcsCredentialsInitializer.java +++ b/clouddriver-ecs/src/main/java/com/netflix/spinnaker/clouddriver/ecs/security/EcsCredentialsInitializer.java @@ -16,9 +16,8 @@ package com.netflix.spinnaker.clouddriver.ecs.security; -import com.amazonaws.auth.AWSCredentialsProvider; -import com.netflix.spinnaker.clouddriver.aws.security.AmazonClientProvider; import com.netflix.spinnaker.clouddriver.aws.security.NetflixAmazonCredentials; +import com.netflix.spinnaker.clouddriver.aws.security.config.CredentialsConfig; import com.netflix.spinnaker.clouddriver.ecs.EcsCloudProvider; import com.netflix.spinnaker.clouddriver.security.AccountCredentials; import com.netflix.spinnaker.clouddriver.security.AccountCredentialsProvider; @@ -58,29 +57,29 @@ CredentialsRepository amazonECSCredentialsRepository( @Bean @DependsOn("amazonCredentialsLoader") - CredentialsParser ecsCredentialsParser( - Class credentialsType, + CredentialsParser ecsCredentialsParser( AccountCredentialsProvider accountCredentialsProvider, - AWSCredentialsProvider awsCredentialsProvider, - AmazonClientProvider amazonClientProvider) { - return new ECSCredentialsParser<>( - credentialsType, accountCredentialsProvider, awsCredentialsProvider, amazonClientProvider); + CredentialsParser + amazonCredentialsParser) { + return new ECSCredentialsParser( + accountCredentialsProvider, amazonCredentialsParser); } @Bean AbstractCredentialsLoader ecsCredentialsLoader( - CredentialsParser + CredentialsParser amazonCredentialsParser, - @Nullable CredentialsDefinitionSource ecsCredentialsSource, + @Nullable CredentialsDefinitionSource ecsCredentialsSource, CredentialsRepository repository, ECSCredentialsConfig ecsCredentialsConfig, CompositeCredentialsRepository compositeCredentialsRepository) { compositeCredentialsRepository.registerRepository(repository); if (ecsCredentialsSource == null) { - ecsCredentialsSource = ecsCredentialsConfig::getAccounts; + ecsCredentialsSource = ecsCredentialsConfig::getEcsAccounts; } - return new BasicCredentialsLoader<>(ecsCredentialsSource, amazonCredentialsParser, repository); + return new BasicCredentialsLoader( + ecsCredentialsSource, amazonCredentialsParser, repository); } // @Bean diff --git a/clouddriver-ecs/src/main/java/com/netflix/spinnaker/clouddriver/ecs/services/ContainerInformationService.java b/clouddriver-ecs/src/main/java/com/netflix/spinnaker/clouddriver/ecs/services/ContainerInformationService.java index 03762991196..0ab031a5a56 100644 --- a/clouddriver-ecs/src/main/java/com/netflix/spinnaker/clouddriver/ecs/services/ContainerInformationService.java +++ b/clouddriver-ecs/src/main/java/com/netflix/spinnaker/clouddriver/ecs/services/ContainerInformationService.java @@ -243,7 +243,7 @@ public Instance getEc2Instance(String ecsAccount, String region, Task task) { } private String getAwsAccountName(String ecsAccountName) { - for (ECSCredentialsConfig.Account ecsAccount : ecsCredentialsConfig.getAccounts()) { + for (ECSCredentialsConfig.ECSAccount ecsAccount : ecsCredentialsConfig.getEcsAccounts()) { if (ecsAccount.getName().equals(ecsAccountName)) { return ecsAccount.getAwsAccount(); } From 600554d54e76f7a531041da21c5c36ec2ae1da0f Mon Sep 17 00:00:00 2001 From: Nima Kaviani Date: Sat, 3 Oct 2020 19:38:21 -0700 Subject: [PATCH 09/14] update the ecs initializer - simplify ECS Creds parser - fixup circular dependency to amazonCredentialsLoader - minor cleanup --- .../AmazonBasicCredentialsLoader.java | 2 - .../AmazonCredentialsInitializer.groovy | 29 ++++--- .../AmazonCredentialsLifecycleHandler.java | 38 ++++----- .../spinnaker/config/AwsConfiguration.groovy | 37 ++++----- .../ecs/security/ECSCredentialsConfig.java | 5 +- .../ecs/security/ECSCredentialsParser.java | 59 ++++++------- .../security/EcsCredentialsInitializer.java | 83 ++----------------- .../services/ContainerInformationService.java | 2 +- 8 files changed, 83 insertions(+), 172 deletions(-) diff --git a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/security/AmazonBasicCredentialsLoader.java b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/security/AmazonBasicCredentialsLoader.java index 60b218216ca..0f81e88391e 100644 --- a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/security/AmazonBasicCredentialsLoader.java +++ b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/security/AmazonBasicCredentialsLoader.java @@ -26,7 +26,6 @@ import com.netflix.spinnaker.credentials.definition.CredentialsDefinitionSource; import com.netflix.spinnaker.credentials.definition.CredentialsParser; import java.util.*; -import java.util.concurrent.ConcurrentHashMap; import java.util.stream.Collectors; import org.apache.commons.lang3.StringUtils; @@ -35,7 +34,6 @@ public class AmazonBasicCredentialsLoader< extends BasicCredentialsLoader { protected final CredentialsConfig credentialsConfig; protected final DefaultAccountConfigurationProperties defaultAccountConfigurationProperties; - protected final Map loadedDefinitions = new ConcurrentHashMap<>(); protected String defaultEnvironment; protected String defaultAccountType; diff --git a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/security/AmazonCredentialsInitializer.groovy b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/security/AmazonCredentialsInitializer.groovy index a4a9f86c4de..fd4bd229b73 100644 --- a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/security/AmazonCredentialsInitializer.groovy +++ b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/security/AmazonCredentialsInitializer.groovy @@ -39,7 +39,6 @@ import org.springframework.context.annotation.Lazy import org.springframework.context.annotation.Primary import javax.annotation.Nullable -import javax.annotation.PostConstruct @Configuration @EnableConfigurationProperties(DefaultAccountConfigurationProperties) @@ -53,7 +52,9 @@ class AmazonCredentialsInitializer { } @Bean - Class credentialsType(CredentialsConfig credentialsConfig) { + Class credentialsType( + CredentialsConfig credentialsConfig + ) { if (!credentialsConfig.accounts && !credentialsConfig.defaultAssumeRole) { NetflixAmazonCredentials } else { @@ -62,23 +63,19 @@ class AmazonCredentialsInitializer { } @Bean -// @ConditionalOnMissingBean( -// value = [Account.class, NetflixAmazonCredentials.class], -// parameterizedContainer = AmazonCredentialsParser.class -// ) - CredentialsParser amazonCredentialsParser(AWSCredentialsProvider awsCredentialsProvider, - AmazonClientProvider amazonClientProvider, - Class credentialsType, CredentialsConfig credentialsConfig + CredentialsParser amazonCredentialsParser( + AWSCredentialsProvider awsCredentialsProvider, + AmazonClientProvider amazonClientProvider, + Class credentialsType, CredentialsConfig credentialsConfig ) { - new AmazonCredentialsParser<>( - awsCredentialsProvider, amazonClientProvider, credentialsType, credentialsConfig) + new AmazonCredentialsParser<>(awsCredentialsProvider, amazonClientProvider, credentialsType, credentialsConfig) } @Bean - @Primary // needed for ECS repo. ECS and AWS repos should be merged. @ConditionalOnMissingBean( value = NetflixAmazonCredentials.class, - parameterizedContainer = CredentialsRepository.class) + parameterizedContainer = CredentialsRepository.class + ) CredentialsRepository amazonCredentialsRepository( @Lazy CredentialsLifecycleHandler eventHandler ) { @@ -88,7 +85,8 @@ class AmazonCredentialsInitializer { @Bean @ConditionalOnMissingBean( value = NetflixAmazonCredentials.class, - parameterizedContainer = AmazonCredentialProvider.class) + parameterizedContainer = AmazonCredentialProvider.class + ) AmazonCredentialProvider amazonCredentialProvider( CredentialsRepository amazonCredentialsRepository ) { @@ -98,7 +96,8 @@ class AmazonCredentialsInitializer { @Bean @ConditionalOnMissingBean( value = NetflixAmazonCredentials.class, - parameterizedContainer = AbstractCredentialsLoader.class) + parameterizedContainer = AbstractCredentialsLoader.class + ) AbstractCredentialsLoader amazonCredentialsLoader( CredentialsParser amazonCredentialsParser, @Nullable CredentialsDefinitionSource amazonCredentialsSource, diff --git a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/security/AmazonCredentialsLifecycleHandler.java b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/security/AmazonCredentialsLifecycleHandler.java index 45e50def0f8..64f76e9cf0f 100644 --- a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/security/AmazonCredentialsLifecycleHandler.java +++ b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/security/AmazonCredentialsLifecycleHandler.java @@ -57,26 +57,26 @@ @RequiredArgsConstructor public class AmazonCredentialsLifecycleHandler implements CredentialsLifecycleHandler { - protected final AwsCleanupProvider awsCleanupProvider; - protected final AwsInfrastructureProvider awsInfrastructureProvider; - protected final AwsProvider awsProvider; - protected final AmazonCloudProvider amazonCloudProvider; - protected final AmazonClientProvider amazonClientProvider; - protected final AmazonS3DataProvider amazonS3DataProvider; - protected final CatsModule catsModule; + private final AwsCleanupProvider awsCleanupProvider; + private final AwsInfrastructureProvider awsInfrastructureProvider; + private final AwsProvider awsProvider; + private final AmazonCloudProvider amazonCloudProvider; + private final AmazonClientProvider amazonClientProvider; + private final AmazonS3DataProvider amazonS3DataProvider; + private final CatsModule catsModule; - protected final AwsConfigurationProperties awsConfigurationProperties; - protected final ObjectMapper objectMapper; - protected final @Qualifier("amazonObjectMapper") ObjectMapper amazonObjectMapper; - protected final EddaApiFactory eddaApiFactory; - protected final ApplicationContext ctx; - protected final Registry registry; - protected final Optional reservationReportPool; - protected final Optional> agentProviders; - protected final EddaTimeoutConfig eddaTimeoutConfig; - protected final DynamicConfigService dynamicConfigService; - protected final DeployDefaults deployDefaults; - protected final CredentialsRepository + private final AwsConfigurationProperties awsConfigurationProperties; + private final ObjectMapper objectMapper; + private final @Qualifier("amazonObjectMapper") ObjectMapper amazonObjectMapper; + private final EddaApiFactory eddaApiFactory; + private final ApplicationContext ctx; + private final Registry registry; + private final Optional reservationReportPool; + private final Optional> agentProviders; + private final EddaTimeoutConfig eddaTimeoutConfig; + private final DynamicConfigService dynamicConfigService; + private final DeployDefaults deployDefaults; + private final CredentialsRepository accountCredentialsRepository; // Circular dependency. private Set publicRegions = new HashSet<>(); private Set awsInfraRegions = new HashSet<>(); diff --git a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/config/AwsConfiguration.groovy b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/config/AwsConfiguration.groovy index a7617b66da3..54eedb3d201 100644 --- a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/config/AwsConfiguration.groovy +++ b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/config/AwsConfiguration.groovy @@ -22,11 +22,7 @@ import com.fasterxml.jackson.databind.ObjectMapper import com.netflix.awsobjectmapper.AmazonObjectMapperConfigurer import com.netflix.spectator.api.Registry import com.netflix.spinnaker.cats.agent.Agent -import com.netflix.spinnaker.clouddriver.aws.AmazonCloudProvider import com.netflix.spinnaker.clouddriver.aws.AwsConfigurationProperties -import com.netflix.spinnaker.clouddriver.aws.agent.CleanupAlarmsAgent -import com.netflix.spinnaker.clouddriver.aws.agent.CleanupDetachedInstancesAgent -import com.netflix.spinnaker.clouddriver.aws.agent.ReconcileClassicLinkSecurityGroupsAgent import com.netflix.spinnaker.clouddriver.aws.deploy.BlockDeviceConfig import com.netflix.spinnaker.clouddriver.aws.deploy.handlers.BasicAmazonDeployHandler import com.netflix.spinnaker.clouddriver.aws.deploy.ops.securitygroup.SecurityGroupLookupFactory @@ -49,7 +45,6 @@ import com.netflix.spinnaker.clouddriver.core.limits.ServiceLimitConfiguration import com.netflix.spinnaker.clouddriver.event.SpinnakerEvent import com.netflix.spinnaker.clouddriver.saga.config.SagaAutoConfiguration import com.netflix.spinnaker.clouddriver.security.AccountCredentialsRepository -import com.netflix.spinnaker.clouddriver.security.ProviderUtils import com.netflix.spinnaker.credentials.CredentialsRepository import com.netflix.spinnaker.kork.aws.AwsComponents import com.netflix.spinnaker.kork.aws.bastion.BastionConfig @@ -185,14 +180,16 @@ class AwsConfiguration { } @Bean - @DependsOn('amazonCredentialsLoader') - BasicAmazonDeployHandler basicAmazonDeployHandler(RegionScopedProviderFactory regionScopedProviderFactory, - CredentialsRepository accountCredentialsRepository, - DeployDefaults deployDefaults, - ScalingPolicyCopier scalingPolicyCopier, - BlockDeviceConfig blockDeviceConfig, - DynamicConfigService dynamicConfigService, - AmazonServerGroupProvider amazonServerGroupProvider) { + @DependsOn('amazonCredentialsRepository') + BasicAmazonDeployHandler basicAmazonDeployHandler( + RegionScopedProviderFactory regionScopedProviderFactory, + CredentialsRepository accountCredentialsRepository, + DeployDefaults deployDefaults, + ScalingPolicyCopier scalingPolicyCopier, + BlockDeviceConfig blockDeviceConfig, + DynamicConfigService dynamicConfigService, + AmazonServerGroupProvider amazonServerGroupProvider + ) { new BasicAmazonDeployHandler( regionScopedProviderFactory, accountCredentialsRepository, @@ -211,18 +208,16 @@ class AwsConfiguration { } @Bean - @DependsOn('amazonCredentialsLoader') - AwsCleanupProvider awsOperationProvider(AwsConfigurationProperties awsConfigurationProperties, - AmazonClientProvider amazonClientProvider, - AccountCredentialsRepository accountCredentialsRepository, - DeployDefaults deployDefaults) { + AwsCleanupProvider awsOperationProvider() { return new AwsCleanupProvider(Collections.newSetFromMap(new ConcurrentHashMap())) } @Bean - @DependsOn('amazonCredentialsLoader') - SecurityGroupLookupFactory securityGroupLookup(AmazonClientProvider amazonClientProvider, - CredentialsRepository accountCredentialsRepository) { + @DependsOn('amazonCredentialsRepository') + SecurityGroupLookupFactory securityGroupLookup( + AmazonClientProvider amazonClientProvider, + CredentialsRepository accountCredentialsRepository + ) { new SecurityGroupLookupFactory(amazonClientProvider, accountCredentialsRepository) } diff --git a/clouddriver-ecs/src/main/java/com/netflix/spinnaker/clouddriver/ecs/security/ECSCredentialsConfig.java b/clouddriver-ecs/src/main/java/com/netflix/spinnaker/clouddriver/ecs/security/ECSCredentialsConfig.java index 644c183446a..b1e87b46aa7 100644 --- a/clouddriver-ecs/src/main/java/com/netflix/spinnaker/clouddriver/ecs/security/ECSCredentialsConfig.java +++ b/clouddriver-ecs/src/main/java/com/netflix/spinnaker/clouddriver/ecs/security/ECSCredentialsConfig.java @@ -16,14 +16,13 @@ package com.netflix.spinnaker.clouddriver.ecs.security; -import com.netflix.spinnaker.clouddriver.aws.security.config.CredentialsConfig; import com.netflix.spinnaker.credentials.definition.CredentialsDefinition; import java.util.List; import lombok.Data; @Data -public class ECSCredentialsConfig extends CredentialsConfig { - List ecsAccounts; +public class ECSCredentialsConfig { + List accounts; @Data public static class ECSAccount implements CredentialsDefinition { diff --git a/clouddriver-ecs/src/main/java/com/netflix/spinnaker/clouddriver/ecs/security/ECSCredentialsParser.java b/clouddriver-ecs/src/main/java/com/netflix/spinnaker/clouddriver/ecs/security/ECSCredentialsParser.java index ec80cc129aa..099e6efcbb1 100644 --- a/clouddriver-ecs/src/main/java/com/netflix/spinnaker/clouddriver/ecs/security/ECSCredentialsParser.java +++ b/clouddriver-ecs/src/main/java/com/netflix/spinnaker/clouddriver/ecs/security/ECSCredentialsParser.java @@ -17,54 +17,45 @@ package com.netflix.spinnaker.clouddriver.ecs.security; +import com.netflix.spinnaker.clouddriver.aws.AmazonCloudProvider; import com.netflix.spinnaker.clouddriver.aws.security.NetflixAmazonCredentials; import com.netflix.spinnaker.clouddriver.aws.security.NetflixAssumeRoleAmazonCredentials; import com.netflix.spinnaker.clouddriver.aws.security.config.CredentialsConfig; +import com.netflix.spinnaker.clouddriver.ecs.provider.EcsProvider; import com.netflix.spinnaker.clouddriver.security.AccountCredentials; -import com.netflix.spinnaker.clouddriver.security.AccountCredentialsProvider; +import com.netflix.spinnaker.credentials.CompositeCredentialsRepository; import com.netflix.spinnaker.credentials.definition.CredentialsParser; +import lombok.AllArgsConstructor; import org.jetbrains.annotations.NotNull; -import org.jetbrains.annotations.Nullable; - -// public class ECSCredentialsParser +@AllArgsConstructor public class ECSCredentialsParser implements CredentialsParser { - private final AccountCredentialsProvider accountCredentialsProvider; - private final CredentialsParser - credentialsLoader; - - public ECSCredentialsParser( - AccountCredentialsProvider accountCredentialsProvider, - CredentialsParser credentialsLoader) { - this.accountCredentialsProvider = accountCredentialsProvider; - this.credentialsLoader = credentialsLoader; - } + private CompositeCredentialsRepository compositeCredentialsRepository; + private CredentialsParser parser; - @Nullable @Override public NetflixECSCredentials parse(ECSCredentialsConfig.@NotNull ECSAccount credentials) { - for (AccountCredentials accountCredentials : accountCredentialsProvider.getAll()) { - if (accountCredentials instanceof NetflixAmazonCredentials - && credentials.getAwsAccount().equals(accountCredentials.getName())) { - - NetflixAmazonCredentials netflixAmazonCredentials = - (NetflixAmazonCredentials) accountCredentials; - CredentialsConfig.Account account = - EcsAccountBuilder.build(netflixAmazonCredentials, credentials.getName(), "ecs"); + NetflixAmazonCredentials netflixAmazonCredentials; + try { + netflixAmazonCredentials = + (NetflixAmazonCredentials) + compositeCredentialsRepository.getCredentials( + credentials.getAwsAccount(), AmazonCloudProvider.ID); + } catch (Throwable throwable) { + throwable.printStackTrace(); + return null; + } - try { - return new NetflixAssumeRoleEcsCredentials( - (NetflixAssumeRoleAmazonCredentials) credentialsLoader.parse(account), - credentials.getName()); - } catch (Throwable throwable) { - throwable.printStackTrace(); - return null; - } - } + CredentialsConfig.Account account = + EcsAccountBuilder.build(netflixAmazonCredentials, credentials.getName(), EcsProvider.NAME); + try { + return new NetflixAssumeRoleEcsCredentials( + (NetflixAssumeRoleAmazonCredentials) parser.parse(account), credentials.getName()); + } catch (Throwable throwable) { + throwable.printStackTrace(); + return null; } - return null; } } diff --git a/clouddriver-ecs/src/main/java/com/netflix/spinnaker/clouddriver/ecs/security/EcsCredentialsInitializer.java b/clouddriver-ecs/src/main/java/com/netflix/spinnaker/clouddriver/ecs/security/EcsCredentialsInitializer.java index ee1c180a935..ca8b5acbb53 100644 --- a/clouddriver-ecs/src/main/java/com/netflix/spinnaker/clouddriver/ecs/security/EcsCredentialsInitializer.java +++ b/clouddriver-ecs/src/main/java/com/netflix/spinnaker/clouddriver/ecs/security/EcsCredentialsInitializer.java @@ -20,7 +20,6 @@ import com.netflix.spinnaker.clouddriver.aws.security.config.CredentialsConfig; import com.netflix.spinnaker.clouddriver.ecs.EcsCloudProvider; import com.netflix.spinnaker.clouddriver.security.AccountCredentials; -import com.netflix.spinnaker.clouddriver.security.AccountCredentialsProvider; import com.netflix.spinnaker.credentials.CompositeCredentialsRepository; import com.netflix.spinnaker.credentials.CredentialsLifecycleHandler; import com.netflix.spinnaker.credentials.CredentialsRepository; @@ -58,94 +57,24 @@ CredentialsRepository amazonECSCredentialsRepository( @Bean @DependsOn("amazonCredentialsLoader") CredentialsParser ecsCredentialsParser( - AccountCredentialsProvider accountCredentialsProvider, + CompositeCredentialsRepository compositeCredentialsRepository, CredentialsParser amazonCredentialsParser) { - return new ECSCredentialsParser( - accountCredentialsProvider, amazonCredentialsParser); + return new ECSCredentialsParser<>(compositeCredentialsRepository, amazonCredentialsParser); } @Bean + @DependsOn("ecsCredentialsParser") AbstractCredentialsLoader ecsCredentialsLoader( CredentialsParser amazonCredentialsParser, - @Nullable CredentialsDefinitionSource ecsCredentialsSource, CredentialsRepository repository, ECSCredentialsConfig ecsCredentialsConfig, - CompositeCredentialsRepository compositeCredentialsRepository) { - compositeCredentialsRepository.registerRepository(repository); + @Nullable CredentialsDefinitionSource ecsCredentialsSource) { if (ecsCredentialsSource == null) { - ecsCredentialsSource = ecsCredentialsConfig::getEcsAccounts; + ecsCredentialsSource = ecsCredentialsConfig::getAccounts; } - return new BasicCredentialsLoader( - ecsCredentialsSource, amazonCredentialsParser, repository); + return new BasicCredentialsLoader<>(ecsCredentialsSource, amazonCredentialsParser, repository); } - - // @Bean - // @DependsOn("amazonCredentialsLoader") - // public List netflixECSCredentials( - // AccountCredentialsRepository accountCredentialsRepository, - // AccountCredentialsProvider accountCredentialsProvider, - // ECSCredentialsConfig credentialsConfig, - // AWSCredentialsProvider awsCredentialsProvider, - // AmazonClientProvider amazonClientProvider, - // Class credentialsType) - // throws Throwable { - // return synchronizeECSAccounts( - // accountCredentialsRepository, - // accountCredentialsProvider, - // credentialsConfig, - // awsCredentialsProvider, - // amazonClientProvider, - // credentialsType); - // } - // - // private List synchronizeECSAccounts( - // AccountCredentialsRepository - // accountCredentialsRepository, // legacy. Dependency needs to be removed - // AccountCredentialsProvider accountCredentialsProvider, - // ECSCredentialsConfig ecsCredentialsConfig, - // AWSCredentialsProvider awsCredentialsProvider, - // AmazonClientProvider amazonClientProvider, - // Class credentialsType) - // throws Throwable { - // - // // TODO: add support for mutable accounts. - // // List deltaAccounts = ProviderUtils.calculateAccountDeltas(accountCredentialsRepository, - // // NetflixAmazonCredentials.class, accounts); - // List credentials = new LinkedList<>(); - // CredentialsLoader credentialsLoader = - // new CredentialsLoader<>(awsCredentialsProvider, amazonClientProvider, credentialsType); - // - // for (AccountCredentials accountCredentials : accountCredentialsProvider.getAll()) { - // if (accountCredentials instanceof NetflixAmazonCredentials) { - // for (ECSCredentialsConfig.Account ecsAccount : ecsCredentialsConfig.getAccounts()) { - // if (ecsAccount.getAwsAccount().equals(accountCredentials.getName())) { - // - // NetflixAmazonCredentials netflixAmazonCredentials = - // (NetflixAmazonCredentials) accountCredentials; - // - // // TODO: accountCredentials should be serializable or somehow cloneable. - // CredentialsConfig.Account account = - // EcsAccountBuilder.build(netflixAmazonCredentials, ecsAccount.getName(), "ecs"); - // - // CredentialsConfig ecsCopy = new CredentialsConfig(); - // ecsCopy.setAccounts(Collections.singletonList(account)); - // - // NetflixECSCredentials ecsCredentials = - // new NetflixAssumeRoleEcsCredentials( - // (NetflixAssumeRoleAmazonCredentials) credentialsLoader.load(ecsCopy).get(0), - // ecsAccount.getAwsAccount()); - // credentials.add(ecsCredentials); - // - // accountCredentialsRepository.save(ecsAccount.getName(), ecsCredentials); - // break; - // } - // } - // } - // } - // - // return credentials; - // } } diff --git a/clouddriver-ecs/src/main/java/com/netflix/spinnaker/clouddriver/ecs/services/ContainerInformationService.java b/clouddriver-ecs/src/main/java/com/netflix/spinnaker/clouddriver/ecs/services/ContainerInformationService.java index 0ab031a5a56..05f5af7d656 100644 --- a/clouddriver-ecs/src/main/java/com/netflix/spinnaker/clouddriver/ecs/services/ContainerInformationService.java +++ b/clouddriver-ecs/src/main/java/com/netflix/spinnaker/clouddriver/ecs/services/ContainerInformationService.java @@ -243,7 +243,7 @@ public Instance getEc2Instance(String ecsAccount, String region, Task task) { } private String getAwsAccountName(String ecsAccountName) { - for (ECSCredentialsConfig.ECSAccount ecsAccount : ecsCredentialsConfig.getEcsAccounts()) { + for (ECSCredentialsConfig.ECSAccount ecsAccount : ecsCredentialsConfig.getAccounts()) { if (ecsAccount.getName().equals(ecsAccountName)) { return ecsAccount.getAwsAccount(); } From 29a117feccb7a1e5a9489bad013d459e5adcb626 Mon Sep 17 00:00:00 2001 From: Nima Kaviani Date: Sun, 4 Oct 2020 11:36:38 -0700 Subject: [PATCH 10/14] wip add BaseProvider - remove configurations for providers where not necessary - simplifying the code for Handlers - minor fixes to ProviderHelpers --- .../aws/provider/AwsCleanupProvider.groovy | 16 ++------ .../provider/AwsInfrastructureProvider.groovy | 20 ++-------- .../aws/provider/AwsProvider.groovy | 12 +++--- .../{config => }/ProviderHelpers.java | 40 +++++++------------ .../AwsInfrastructureProviderConfig.groovy | 33 --------------- .../provider/config/AwsProviderConfig.groovy | 2 +- .../AmazonCredentialsLifecycleHandler.java | 40 +++++++++---------- .../spinnaker/config/AwsConfiguration.groovy | 5 --- .../clouddriver/ecs/provider/EcsProvider.java | 17 ++------ .../provider/config/EcsProviderConfig.java | 4 +- .../ECSCredentialsLifeCycleHandler.java | 9 ++--- 11 files changed, 56 insertions(+), 142 deletions(-) rename clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/provider/{config => }/ProviderHelpers.java (91%) delete mode 100644 clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/provider/config/AwsInfrastructureProviderConfig.groovy diff --git a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/provider/AwsCleanupProvider.groovy b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/provider/AwsCleanupProvider.groovy index 14220624f76..b30a287b084 100644 --- a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/provider/AwsCleanupProvider.groovy +++ b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/provider/AwsCleanupProvider.groovy @@ -19,23 +19,15 @@ package com.netflix.spinnaker.clouddriver.aws.provider import com.netflix.spinnaker.cats.agent.Agent import com.netflix.spinnaker.cats.agent.AgentSchedulerAware import com.netflix.spinnaker.cats.provider.Provider +import com.netflix.spinnaker.clouddriver.security.BaseProvider +import org.springframework.stereotype.Component -class AwsCleanupProvider extends AgentSchedulerAware implements Provider { +@Component +class AwsCleanupProvider extends BaseProvider implements Provider { public static final String PROVIDER_NAME = AwsCleanupProvider.name - private final Collection agents - - AwsCleanupProvider(Collection agents) { - this.agents = agents - } - @Override String getProviderName() { return PROVIDER_NAME } - - @Override - Collection getAgents() { - return agents - } } diff --git a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/provider/AwsInfrastructureProvider.groovy b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/provider/AwsInfrastructureProvider.groovy index d205c2250aa..1a6be946b3f 100644 --- a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/provider/AwsInfrastructureProvider.groovy +++ b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/provider/AwsInfrastructureProvider.groovy @@ -17,39 +17,27 @@ package com.netflix.spinnaker.clouddriver.aws.provider import com.fasterxml.jackson.core.type.TypeReference -import com.netflix.spinnaker.cats.agent.Agent -import com.netflix.spinnaker.cats.agent.AgentSchedulerAware -import com.netflix.spinnaker.clouddriver.aws.AmazonCloudProvider import com.netflix.spinnaker.clouddriver.cache.KeyParser import com.netflix.spinnaker.clouddriver.cache.SearchableProvider import com.netflix.spinnaker.clouddriver.aws.cache.Keys +import com.netflix.spinnaker.clouddriver.security.BaseProvider +import org.springframework.stereotype.Component import static com.netflix.spinnaker.clouddriver.aws.cache.Keys.Namespace.SECURITY_GROUPS -import static com.netflix.spinnaker.clouddriver.cache.SearchableProvider.SearchableResource -class AwsInfrastructureProvider extends AgentSchedulerAware implements SearchableProvider { +@Component +class AwsInfrastructureProvider extends BaseProvider implements SearchableProvider { public static final TypeReference> ATTRIBUTES = new TypeReference>() {} public static final String PROVIDER_NAME = AwsInfrastructureProvider.name - private final Collection agents - private final KeyParser keyParser = new Keys() - AwsInfrastructureProvider(Collection agents) { - this.agents = agents - } - @Override String getProviderName() { return PROVIDER_NAME } - @Override - Collection getAgents() { - agents - } - final Set defaultCaches = [SECURITY_GROUPS.ns].asImmutable() final Map urlMappingTemplates = [ diff --git a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/provider/AwsProvider.groovy b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/provider/AwsProvider.groovy index f75de45efa6..00dff215dc7 100644 --- a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/provider/AwsProvider.groovy +++ b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/provider/AwsProvider.groovy @@ -25,11 +25,12 @@ import com.netflix.spinnaker.clouddriver.cache.KeyParser import com.netflix.spinnaker.clouddriver.cache.SearchableProvider import com.netflix.spinnaker.clouddriver.core.provider.agent.HealthProvidingCachingAgent import com.netflix.spinnaker.clouddriver.eureka.provider.agent.EurekaAwareProvider +import com.netflix.spinnaker.clouddriver.security.BaseProvider import com.netflix.spinnaker.credentials.CredentialsRepository import static com.netflix.spinnaker.clouddriver.core.provider.agent.Namespace.* -class AwsProvider extends AgentSchedulerAware implements SearchableProvider, EurekaAwareProvider { +class AwsProvider extends BaseProvider implements SearchableProvider, EurekaAwareProvider { public static final String PROVIDER_NAME = AwsProvider.name @@ -55,11 +56,10 @@ class AwsProvider extends AgentSchedulerAware implements SearchableProvider, Eur (new AmazonSearchableResource(INSTANCES.ns)): new InstanceSearchResultHydrator(), ] - final Collection agents private Collection healthAgents - AwsProvider(CredentialsRepository accountCredentialsRepository, Collection agents) { - this.agents = agents + AwsProvider(CredentialsRepository accountCredentialsRepository) { + super() this.accountCredentialsRepository = accountCredentialsRepository synchronizeHealthAgents() } @@ -76,9 +76,7 @@ class AwsProvider extends AgentSchedulerAware implements SearchableProvider, Eur } Collection getHealthAgents() { - def allHealthAgents = [] - allHealthAgents.addAll(this.healthAgents) - Collections.unmodifiableCollection(allHealthAgents) + Collections.unmodifiableCollection(this.healthAgents) } @Override diff --git a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/provider/config/ProviderHelpers.java b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/provider/ProviderHelpers.java similarity index 91% rename from clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/provider/config/ProviderHelpers.java rename to clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/provider/ProviderHelpers.java index 1e676c2b61c..cef729c6726 100644 --- a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/provider/config/ProviderHelpers.java +++ b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/provider/ProviderHelpers.java @@ -15,7 +15,7 @@ * */ -package com.netflix.spinnaker.clouddriver.aws.provider.config; +package com.netflix.spinnaker.clouddriver.aws.provider; import com.fasterxml.jackson.databind.ObjectMapper; import com.netflix.spectator.api.Registry; @@ -27,9 +27,6 @@ import com.netflix.spinnaker.clouddriver.aws.agent.CleanupDetachedInstancesAgent; import com.netflix.spinnaker.clouddriver.aws.agent.ReconcileClassicLinkSecurityGroupsAgent; import com.netflix.spinnaker.clouddriver.aws.edda.EddaApiFactory; -import com.netflix.spinnaker.clouddriver.aws.provider.AwsCleanupProvider; -import com.netflix.spinnaker.clouddriver.aws.provider.AwsInfrastructureProvider; -import com.netflix.spinnaker.clouddriver.aws.provider.AwsProvider; import com.netflix.spinnaker.clouddriver.aws.provider.agent.AmazonApplicationLoadBalancerCachingAgent; import com.netflix.spinnaker.clouddriver.aws.provider.agent.AmazonCertificateCachingAgent; import com.netflix.spinnaker.clouddriver.aws.provider.agent.AmazonCloudFormationCachingAgent; @@ -57,20 +54,19 @@ import com.netflix.spinnaker.config.AwsConfiguration; import com.netflix.spinnaker.credentials.CredentialsRepository; import com.netflix.spinnaker.kork.dynamicconfig.DynamicConfigService; -import java.util.ArrayList; -import java.util.Collection; -import java.util.List; -import java.util.Optional; -import java.util.Set; +import java.util.*; import java.util.concurrent.ExecutorService; +import lombok.Getter; import lombok.RequiredArgsConstructor; import org.springframework.context.ApplicationContext; public class ProviderHelpers { + + @Getter @RequiredArgsConstructor public static class BuildResult { - public final List agents; - public final Set regionsToAdd; + private final List agents; + private final Set regionsToAdd; } public static BuildResult buildAwsInfrastructureAgents( @@ -250,25 +246,19 @@ public static List buildAwsCleanupAgents( } } } - // AccountCredentialsRepository dependency + // AccountCredentialsRepository dependency // Might not be safe when parallel processing if (awsCleanupProvider.getAgentScheduler() != null) { if (awsConfigurationProperties.getCleanup().getAlarms().getEnabled()) { - awsCleanupProvider - .getAgents() - .add( - new CleanupAlarmsAgent( - amazonClientProvider, - accountCredentialsRepository, - awsConfigurationProperties.getCleanup().getAlarms().getDaysToKeep())); + newlyAddedAgents.add( + new CleanupAlarmsAgent( + amazonClientProvider, + accountCredentialsRepository, + awsConfigurationProperties.getCleanup().getAlarms().getDaysToKeep())); } - awsCleanupProvider - .getAgents() - .add( - new CleanupDetachedInstancesAgent( - amazonClientProvider, accountCredentialsRepository)); + newlyAddedAgents.add( + new CleanupDetachedInstancesAgent(amazonClientProvider, accountCredentialsRepository)); } - awsCleanupProvider.getAgents().addAll(newlyAddedAgents); return newlyAddedAgents; } } diff --git a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/provider/config/AwsInfrastructureProviderConfig.groovy b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/provider/config/AwsInfrastructureProviderConfig.groovy deleted file mode 100644 index 5119b203c8e..00000000000 --- a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/provider/config/AwsInfrastructureProviderConfig.groovy +++ /dev/null @@ -1,33 +0,0 @@ -/* - * Copyright 2015 Netflix, Inc. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package com.netflix.spinnaker.clouddriver.aws.provider.config - - -import com.netflix.spinnaker.cats.agent.Agent -import com.netflix.spinnaker.clouddriver.aws.provider.AwsInfrastructureProvider -import org.springframework.context.annotation.Bean -import org.springframework.context.annotation.Configuration - -import java.util.concurrent.ConcurrentHashMap - -@Configuration -class AwsInfrastructureProviderConfig { - @Bean - AwsInfrastructureProvider awsInfrastructureProvider() { - return new AwsInfrastructureProvider(Collections.newSetFromMap(new ConcurrentHashMap())) - } -} diff --git a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/provider/config/AwsProviderConfig.groovy b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/provider/config/AwsProviderConfig.groovy index 91190436bf5..10968d59786 100644 --- a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/provider/config/AwsProviderConfig.groovy +++ b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/provider/config/AwsProviderConfig.groovy @@ -39,7 +39,7 @@ import java.util.concurrent.Executors class AwsProviderConfig { @Bean AwsProvider awsProvider(CredentialsRepository accountCredentialsRepository) { - return new AwsProvider(accountCredentialsRepository, Collections.newSetFromMap(new ConcurrentHashMap())) + return new AwsProvider(accountCredentialsRepository) } @Bean diff --git a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/security/AmazonCredentialsLifecycleHandler.java b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/security/AmazonCredentialsLifecycleHandler.java index 64f76e9cf0f..7d85eb352ce 100644 --- a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/security/AmazonCredentialsLifecycleHandler.java +++ b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/security/AmazonCredentialsLifecycleHandler.java @@ -28,10 +28,9 @@ import com.netflix.spinnaker.clouddriver.aws.provider.AwsCleanupProvider; import com.netflix.spinnaker.clouddriver.aws.provider.AwsInfrastructureProvider; import com.netflix.spinnaker.clouddriver.aws.provider.AwsProvider; +import com.netflix.spinnaker.clouddriver.aws.provider.ProviderHelpers; import com.netflix.spinnaker.clouddriver.aws.provider.agent.ReservationReportCachingAgent; -import com.netflix.spinnaker.clouddriver.aws.provider.config.ProviderHelpers; import com.netflix.spinnaker.clouddriver.aws.provider.view.AmazonS3DataProvider; -import com.netflix.spinnaker.clouddriver.security.ProviderUtils; import com.netflix.spinnaker.config.AwsConfiguration.DeployDefaults; import com.netflix.spinnaker.credentials.CredentialsLifecycleHandler; import com.netflix.spinnaker.credentials.CredentialsRepository; @@ -89,19 +88,27 @@ public void credentialsAdded(@NotNull NetflixAmazonCredentials credentials) { @Override public void credentialsUpdated(@NotNull NetflixAmazonCredentials credentials) { - ProviderUtils.unscheduleAndDeregisterAgents( - Collections.singleton(credentials.getName()), catsModule); + // TODO(nimak) - ensure that unscheduling does what is exptected in removing the right agents + // TODO - this is to be tested against the old behavior + unscheduleAgents(credentials); scheduleAgents(credentials); synchronizeReservationReportCachingAgentAccounts(credentials, true); } @Override public void credentialsDeleted(NetflixAmazonCredentials credentials) { - ProviderUtils.unscheduleAndDeregisterAgents( - Collections.singleton(credentials.getName()), catsModule); + // TODO(nimak) - ensure that unscheduling does what is exptected in removing the right agents + // TODO - this is to be tested against the old behavior + unscheduleAgents(credentials); synchronizeReservationReportCachingAgentAccounts(credentials, false); } + private void unscheduleAgents(NetflixAmazonCredentials credentials) { + awsInfrastructureProvider.removeAgentsForAccounts(Collections.singleton(credentials.getName())); + awsCleanupProvider.removeAgentsForAccounts(Collections.singleton(credentials.getName())); + awsProvider.removeAgentsForAccounts(Collections.singleton(credentials.getName())); + } + private void scheduleAgents(NetflixAmazonCredentials credentials) { scheduleAWSProviderAgents(credentials); scheduleAwsInfrastructureProviderAgents(credentials); @@ -119,11 +126,8 @@ private void scheduleAwsInfrastructureProviderAgents(NetflixAmazonCredentials cr registry, eddaTimeoutConfig, this.awsInfraRegions); - if (awsInfrastructureProvider.getAgentScheduler() != null) { - ProviderUtils.rescheduleAgents(awsInfrastructureProvider, result.agents); - } - awsInfrastructureProvider.getAgents().addAll(result.agents); - this.awsInfraRegions.addAll(result.regionsToAdd); + awsInfrastructureProvider.addAgents(result.getAgents()); + this.awsInfraRegions.addAll(result.getRegionsToAdd()); } private void scheduleAWSProviderAgents(NetflixAmazonCredentials credentials) { @@ -145,11 +149,9 @@ private void scheduleAWSProviderAgents(NetflixAmazonCredentials credentials) { ctx, amazonS3DataProvider, publicRegions); - if (awsProvider.getAgentScheduler() != null) { - ProviderUtils.rescheduleAgents(awsProvider, buildResult.agents); - } - awsProvider.getAgents().addAll(buildResult.agents); - this.publicRegions.addAll(buildResult.regionsToAdd); + + awsProvider.addAgents(buildResult.getAgents()); + this.publicRegions.addAll(buildResult.getRegionsToAdd()); awsProvider.synchronizeHealthAgents(); } @@ -162,10 +164,8 @@ private void scheduleAwsCleanupAgents(NetflixAmazonCredentials credentials) { awsCleanupProvider, deployDefaults, awsConfigurationProperties); - if (awsCleanupProvider.getAgentScheduler() != null) { - ProviderUtils.rescheduleAgents(awsCleanupProvider, newlyAddedAgents); - } - awsCleanupProvider.getAgents().addAll(newlyAddedAgents); + + awsCleanupProvider.addAgents(newlyAddedAgents); } // This needs to be moved else where. diff --git a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/config/AwsConfiguration.groovy b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/config/AwsConfiguration.groovy index 54eedb3d201..a3897c8ffaa 100644 --- a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/config/AwsConfiguration.groovy +++ b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/config/AwsConfiguration.groovy @@ -207,11 +207,6 @@ class AwsConfiguration { new BlockDeviceConfig(deployDefaults) } - @Bean - AwsCleanupProvider awsOperationProvider() { - return new AwsCleanupProvider(Collections.newSetFromMap(new ConcurrentHashMap())) - } - @Bean @DependsOn('amazonCredentialsRepository') SecurityGroupLookupFactory securityGroupLookup( diff --git a/clouddriver-ecs/src/main/java/com/netflix/spinnaker/clouddriver/ecs/provider/EcsProvider.java b/clouddriver-ecs/src/main/java/com/netflix/spinnaker/clouddriver/ecs/provider/EcsProvider.java index 3a8b195ae89..e2e9e1af4eb 100644 --- a/clouddriver-ecs/src/main/java/com/netflix/spinnaker/clouddriver/ecs/provider/EcsProvider.java +++ b/clouddriver-ecs/src/main/java/com/netflix/spinnaker/clouddriver/ecs/provider/EcsProvider.java @@ -24,11 +24,10 @@ import static com.netflix.spinnaker.clouddriver.ecs.cache.Keys.Namespace.TASKS; import static com.netflix.spinnaker.clouddriver.ecs.cache.Keys.Namespace.TASK_DEFINITIONS; -import com.netflix.spinnaker.cats.agent.Agent; -import com.netflix.spinnaker.cats.agent.AgentSchedulerAware; import com.netflix.spinnaker.clouddriver.cache.SearchableProvider; import com.netflix.spinnaker.clouddriver.core.provider.agent.HealthProvidingCachingAgent; import com.netflix.spinnaker.clouddriver.ecs.cache.Keys; +import com.netflix.spinnaker.clouddriver.security.BaseProvider; import java.util.Arrays; import java.util.Collection; import java.util.Collections; @@ -38,7 +37,7 @@ import java.util.Set; import java.util.stream.Collectors; -public class EcsProvider extends AgentSchedulerAware implements SearchableProvider { +public class EcsProvider extends BaseProvider implements SearchableProvider { public static final String NAME = EcsProvider.class.getName(); private static final Set defaultCaches = @@ -54,14 +53,9 @@ public class EcsProvider extends AgentSchedulerAware implements SearchableProvid private static final Map urlMappingTemplates = new HashMap<>(); - private final Collection agents; private final Keys keys = new Keys(); private Collection healthAgents; - public EcsProvider(Collection agents) { - this.agents = agents; - } - @Override public Set getDefaultCaches() { return defaultCaches; @@ -89,15 +83,10 @@ public String getProviderName() { return NAME; } - @Override - public Collection getAgents() { - return agents; - } - public void synchronizeHealthAgents() { healthAgents = Collections.unmodifiableCollection( - agents.stream() + getAgents().stream() .filter(a -> a instanceof HealthProvidingCachingAgent) .map(a -> (HealthProvidingCachingAgent) a) .collect(Collectors.toList())); diff --git a/clouddriver-ecs/src/main/java/com/netflix/spinnaker/clouddriver/ecs/provider/config/EcsProviderConfig.java b/clouddriver-ecs/src/main/java/com/netflix/spinnaker/clouddriver/ecs/provider/config/EcsProviderConfig.java index 6a9b1c51ce3..cd405c845df 100644 --- a/clouddriver-ecs/src/main/java/com/netflix/spinnaker/clouddriver/ecs/provider/config/EcsProviderConfig.java +++ b/clouddriver-ecs/src/main/java/com/netflix/spinnaker/clouddriver/ecs/provider/config/EcsProviderConfig.java @@ -19,8 +19,6 @@ import com.fasterxml.jackson.databind.ObjectMapper; import com.netflix.spinnaker.clouddriver.ecs.provider.EcsProvider; import com.netflix.spinnaker.clouddriver.ecs.provider.agent.IamPolicyReader; -import java.util.Collections; -import java.util.concurrent.ConcurrentHashMap; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; @@ -34,6 +32,6 @@ public IamPolicyReader iamPolicyReader(ObjectMapper objectMapper) { @Bean public EcsProvider ecsProvider() { - return new EcsProvider(Collections.newSetFromMap(new ConcurrentHashMap<>())); + return new EcsProvider(); } } diff --git a/clouddriver-ecs/src/main/java/com/netflix/spinnaker/clouddriver/ecs/security/ECSCredentialsLifeCycleHandler.java b/clouddriver-ecs/src/main/java/com/netflix/spinnaker/clouddriver/ecs/security/ECSCredentialsLifeCycleHandler.java index f9ab06105a3..6f2ebb8bc56 100644 --- a/clouddriver-ecs/src/main/java/com/netflix/spinnaker/clouddriver/ecs/security/ECSCredentialsLifeCycleHandler.java +++ b/clouddriver-ecs/src/main/java/com/netflix/spinnaker/clouddriver/ecs/security/ECSCredentialsLifeCycleHandler.java @@ -69,15 +69,13 @@ public void credentialsAdded(@NotNull NetflixECSCredentials credentials) { @Override public void credentialsUpdated(@NotNull NetflixECSCredentials credentials) { - ProviderUtils.unscheduleAndDeregisterAgents( - Collections.singleton(credentials.getName()), catsModule); + ecsProvider.removeAgentsForAccounts(Collections.singleton(credentials.getName())); scheduleAgents(credentials); } @Override public void credentialsDeleted(NetflixECSCredentials credentials) { - ProviderUtils.unscheduleAndDeregisterAgents( - Collections.singleton(credentials.getName()), catsModule); + ecsProvider.removeAgentsForAccounts(Collections.singleton(credentials.getName())); } private void scheduleAgents(NetflixECSCredentials credentials) { @@ -161,8 +159,7 @@ private void scheduleAgents(NetflixECSCredentials credentials) { } } - ProviderUtils.rescheduleAgents(ecsProvider, newAgents); - ecsProvider.getAgents().addAll(newAgents); + ecsProvider.addAgents(newAgents); ecsProvider.synchronizeHealthAgents(); } } From b66c2f7381d6d073bda76a78ef8f33ec024da33c Mon Sep 17 00:00:00 2001 From: Manabu McCloskey Date: Mon, 5 Oct 2020 14:18:11 -0600 Subject: [PATCH 11/14] Remove AccountCredentialsProvier --- .../security/CredentialsProvider.java | 26 ------------ .../AmazonClusterController.groovy | 6 +-- .../ops/AllowLaunchAtomicOperation.groovy | 8 ++-- .../ops/CopyLastAsgAtomicOperation.groovy | 6 +-- .../AllowLaunchDescriptionValidator.groovy | 6 +-- ...hClassicLinkVpcDescriptionValidator.groovy | 2 +- ...sicAmazonDeployDescriptionValidator.groovy | 6 +-- ...mazonLoadBalancerDescriptionValidator.java | 3 +- ...zonLoadBalancerDescriptionValidator.groovy | 2 +- ...eteAmazonSnapshotDescriptionValidator.java | 9 ++-- ...teSecurityGroupDescriptionValidator.groovy | 2 +- ...chConfigurationDescriptionValidator.groovy | 6 +-- ...ifyServerGroupLaunchTemplateValidator.java | 11 ++--- ...RebootInstancesDescriptionValidator.groovy | 2 +- ...minateInstancesDescriptionValidator.groovy | 2 +- ...UpsertAmazonDNSDescriptionValidator.groovy | 2 +- ...rtSecurityGroupDescriptionValidator.groovy | 5 +-- .../aws/health/AmazonHealthIndicator.groovy | 8 ++-- .../InstanceTerminationLifecycleWorker.java | 17 ++++---- ...nceTerminationLifecycleWorkerProvider.java | 21 +++++----- .../LaunchFailureNotificationAgent.java | 12 +++--- ...aunchFailureNotificationAgentProvider.java | 9 ++-- ...LaunchFailureNotificationCleanupAgent.java | 14 +++---- .../LifecycleSubscriberConfiguration.java | 4 +- .../view/AmazonCloudMetricProvider.groovy | 8 ++-- .../view/AmazonInstanceProvider.groovy | 6 +-- .../view/AmazonSecurityGroupProvider.groovy | 8 ++-- .../security/AmazonCredentialProvider.java | 41 ------------------- .../AmazonCredentialsInitializer.groovy | 12 +----- 29 files changed, 96 insertions(+), 168 deletions(-) delete mode 100644 clouddriver-api/src/main/java/com/netflix/spinnaker/clouddriver/security/CredentialsProvider.java delete mode 100644 clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/security/AmazonCredentialProvider.java diff --git a/clouddriver-api/src/main/java/com/netflix/spinnaker/clouddriver/security/CredentialsProvider.java b/clouddriver-api/src/main/java/com/netflix/spinnaker/clouddriver/security/CredentialsProvider.java deleted file mode 100644 index 9ce96ff7e97..00000000000 --- a/clouddriver-api/src/main/java/com/netflix/spinnaker/clouddriver/security/CredentialsProvider.java +++ /dev/null @@ -1,26 +0,0 @@ -/* - * Copyright 2020 Netflix, Inc. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ - -package com.netflix.spinnaker.clouddriver.security; - -import java.util.Set; - -public interface CredentialsProvider> { - Set getAll(); - - AccountCredentials getCredentials(String name); -} diff --git a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/controllers/AmazonClusterController.groovy b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/controllers/AmazonClusterController.groovy index fcd4325b19a..4609b57429b 100644 --- a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/controllers/AmazonClusterController.groovy +++ b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/controllers/AmazonClusterController.groovy @@ -19,8 +19,8 @@ package com.netflix.spinnaker.clouddriver.aws.controllers import com.amazonaws.services.autoscaling.model.Activity import com.amazonaws.services.autoscaling.model.DescribeScalingActivitiesRequest import com.netflix.spinnaker.clouddriver.aws.security.AmazonClientProvider -import com.netflix.spinnaker.clouddriver.aws.security.AmazonCredentialProvider import com.netflix.spinnaker.clouddriver.aws.security.NetflixAmazonCredentials +import com.netflix.spinnaker.credentials.CredentialsRepository import org.springframework.beans.factory.annotation.Autowired import org.springframework.http.HttpStatus import org.springframework.http.ResponseEntity @@ -31,7 +31,7 @@ import org.springframework.web.bind.annotation.* class AmazonClusterController { @Autowired - AmazonCredentialProvider accountCredentialsProvider + CredentialsRepository accountCredentialsProvider @Autowired AmazonClientProvider amazonClientProvider @@ -40,7 +40,7 @@ class AmazonClusterController { @RequestMapping(value = "/scalingActivities", method = RequestMethod.GET) ResponseEntity getScalingActivities(@PathVariable String account, @PathVariable String serverGroupName, @RequestParam(value = "region", required = true) String region) { - def credentials = accountCredentialsProvider.getCredentials(account) + def credentials = accountCredentialsProvider.getOne(account) if (!(credentials instanceof NetflixAmazonCredentials)) { return new ResponseEntity([message: "bad credentials"], HttpStatus.BAD_REQUEST) } diff --git a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/deploy/ops/AllowLaunchAtomicOperation.groovy b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/deploy/ops/AllowLaunchAtomicOperation.groovy index a9c5927eca3..2d7832e34d9 100644 --- a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/deploy/ops/AllowLaunchAtomicOperation.groovy +++ b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/deploy/ops/AllowLaunchAtomicOperation.groovy @@ -23,13 +23,13 @@ import com.netflix.spinnaker.clouddriver.aws.deploy.ResolvedAmiResult import com.netflix.spinnaker.clouddriver.aws.deploy.description.AllowLaunchDescription import com.netflix.spinnaker.clouddriver.aws.model.AwsResultsRetriever import com.netflix.spinnaker.clouddriver.aws.security.AmazonClientProvider -import com.netflix.spinnaker.clouddriver.aws.security.AmazonCredentialProvider import com.netflix.spinnaker.clouddriver.aws.security.AmazonCredentials import com.netflix.spinnaker.clouddriver.aws.security.NetflixAmazonCredentials import com.netflix.spinnaker.clouddriver.data.task.Task import com.netflix.spinnaker.clouddriver.data.task.TaskRepository import com.netflix.spinnaker.clouddriver.helpers.OperationPoller import com.netflix.spinnaker.clouddriver.orchestration.AtomicOperation +import com.netflix.spinnaker.credentials.CredentialsRepository import com.netflix.spinnaker.kork.core.RetrySupport import groovy.transform.Canonical import org.springframework.beans.factory.annotation.Autowired @@ -51,14 +51,14 @@ class AllowLaunchAtomicOperation implements AtomicOperation { AmazonClientProvider amazonClientProvider @Autowired - AmazonCredentialProvider accountCredentialsProvider + CredentialsRepository accountCredentialsProvider @Override ResolvedAmiResult operate(List priorOutputs) { task.updateStatus BASE_PHASE, "Initializing Allow Launch Operation..." def sourceCredentials = description.credentials - def targetCredentials = accountCredentialsProvider.getCredentials(description.targetAccount) as NetflixAmazonCredentials + def targetCredentials = accountCredentialsProvider.getOne(description.targetAccount) as NetflixAmazonCredentials def sourceAmazonEC2 = amazonClientProvider.getAmazonEC2(description.credentials, description.region, true) def targetAmazonEC2 = amazonClientProvider.getAmazonEC2(targetCredentials, description.region, true) @@ -83,7 +83,7 @@ class AllowLaunchAtomicOperation implements AtomicOperation { // Spinnaker, switch to using that for modifying the image if (resolvedAmi.ownerId != sourceCredentials.accountId) { if (resolvedAmi.getRegion()) { - ownerCredentials = accountCredentialsProvider.all.find { accountCredentials -> + ownerCredentials = accountCredentialsProvider.getAll().find { accountCredentials -> accountCredentials instanceof NetflixAmazonCredentials && ((AmazonCredentials) accountCredentials).accountId == resolvedAmi.ownerId } as NetflixAmazonCredentials diff --git a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/deploy/ops/CopyLastAsgAtomicOperation.groovy b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/deploy/ops/CopyLastAsgAtomicOperation.groovy index fc64b758080..87d02bf29b5 100644 --- a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/deploy/ops/CopyLastAsgAtomicOperation.groovy +++ b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/deploy/ops/CopyLastAsgAtomicOperation.groovy @@ -29,7 +29,6 @@ import com.netflix.spinnaker.clouddriver.aws.deploy.userdata.LocalFileUserDataPr import com.netflix.spinnaker.clouddriver.aws.deploy.validators.BasicAmazonDeployDescriptionValidator import com.netflix.spinnaker.clouddriver.aws.model.SubnetData import com.netflix.spinnaker.clouddriver.aws.security.AmazonClientProvider -import com.netflix.spinnaker.clouddriver.aws.security.AmazonCredentialProvider import com.netflix.spinnaker.clouddriver.aws.security.NetflixAmazonCredentials import com.netflix.spinnaker.clouddriver.aws.services.RegionScopedProviderFactory import com.netflix.spinnaker.clouddriver.data.task.Task @@ -38,6 +37,7 @@ import com.netflix.spinnaker.clouddriver.deploy.DeploymentResult import com.netflix.spinnaker.clouddriver.deploy.DescriptionValidationErrors import com.netflix.spinnaker.clouddriver.deploy.DescriptionValidationException import com.netflix.spinnaker.clouddriver.orchestration.AtomicOperation +import com.netflix.spinnaker.credentials.CredentialsRepository import org.springframework.beans.factory.annotation.Autowired class CopyLastAsgAtomicOperation implements AtomicOperation { @@ -57,7 +57,7 @@ class CopyLastAsgAtomicOperation implements AtomicOperation { AmazonClientProvider amazonClientProvider @Autowired - AmazonCredentialProvider accountCredentialsProvider + CredentialsRepository accountCredentialsProvider @Autowired RegionScopedProviderFactory regionScopedProviderFactory @@ -91,7 +91,7 @@ class CopyLastAsgAtomicOperation implements AtomicOperation { def sourceAsgCredentials if (description.source.account && description.source.region && description.source.asgName) { sourceRegion = description.source.region - sourceAsgCredentials = accountCredentialsProvider.getCredentials(description.source.account) as NetflixAmazonCredentials + sourceAsgCredentials = accountCredentialsProvider.getOne(description.source.account) as NetflixAmazonCredentials def sourceAutoScaling = amazonClientProvider.getAutoScaling(sourceAsgCredentials, sourceRegion, true) def request = new DescribeAutoScalingGroupsRequest(autoScalingGroupNames: [description.source.asgName]) List ancestorAsgs = sourceAutoScaling.describeAutoScalingGroups(request).autoScalingGroups diff --git a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/deploy/validators/AllowLaunchDescriptionValidator.groovy b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/deploy/validators/AllowLaunchDescriptionValidator.groovy index f3a423dad42..a0b8210ae32 100644 --- a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/deploy/validators/AllowLaunchDescriptionValidator.groovy +++ b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/deploy/validators/AllowLaunchDescriptionValidator.groovy @@ -17,17 +17,17 @@ package com.netflix.spinnaker.clouddriver.aws.deploy.validators import com.netflix.spinnaker.clouddriver.aws.deploy.description.AllowLaunchDescription -import com.netflix.spinnaker.clouddriver.aws.security.AmazonCredentialProvider import com.netflix.spinnaker.clouddriver.aws.security.NetflixAmazonCredentials import com.netflix.spinnaker.clouddriver.deploy.DescriptionValidator import com.netflix.spinnaker.clouddriver.deploy.ValidationErrors +import com.netflix.spinnaker.credentials.CredentialsRepository import org.springframework.beans.factory.annotation.Autowired import org.springframework.stereotype.Component @Component("allowLaunchDescriptionValidator") class AllowLaunchDescriptionValidator extends DescriptionValidator { @Autowired - AmazonCredentialProvider accountCredentialsProvider + CredentialsRepository accountCredentialsProvider @Override void validate(List priorDescriptions, AllowLaunchDescription description, ValidationErrors errors) { @@ -39,7 +39,7 @@ class AllowLaunchDescriptionValidator extends DescriptionValidator { @Autowired - AmazonCredentialProvider accountCredentialsProvider + CredentialsRepository accountCredentialsProvider @Override void validate(List priorDescriptions, BasicAmazonDeployDescription description, ValidationErrors errors) { @@ -42,7 +42,7 @@ class BasicAmazonDeployDescriptionValidator extends AmazonDescriptionValidationS if (!description.credentials) { errors.rejectValue "credentials", "basicAmazonDeployDescription.credentials.empty" } else { - credentials = accountCredentialsProvider.getCredentials(description?.credentials?.name) + credentials = accountCredentialsProvider.getOne(description?.credentials?.name) if (!(credentials instanceof AmazonCredentials)) { errors.rejectValue("credentials", "basicAmazonDeployDescription.credentials.invalid") } diff --git a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/deploy/validators/CreateAmazonLoadBalancerDescriptionValidator.java b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/deploy/validators/CreateAmazonLoadBalancerDescriptionValidator.java index 754a6a8c75a..ca640525fcb 100644 --- a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/deploy/validators/CreateAmazonLoadBalancerDescriptionValidator.java +++ b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/deploy/validators/CreateAmazonLoadBalancerDescriptionValidator.java @@ -26,11 +26,12 @@ import com.netflix.spinnaker.clouddriver.aws.security.AmazonCredentials; import com.netflix.spinnaker.clouddriver.deploy.ValidationErrors; import com.netflix.spinnaker.clouddriver.orchestration.AtomicOperations; +import org.springframework.stereotype.Component; + import java.util.HashSet; import java.util.List; import java.util.Map; import java.util.Set; -import org.springframework.stereotype.Component; @AmazonOperation(AtomicOperations.UPSERT_LOAD_BALANCER) @Component("createAmazonLoadBalancerDescriptionValidator") diff --git a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/deploy/validators/DeleteAmazonLoadBalancerDescriptionValidator.groovy b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/deploy/validators/DeleteAmazonLoadBalancerDescriptionValidator.groovy index 49745cd08f6..8f00ade0e46 100644 --- a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/deploy/validators/DeleteAmazonLoadBalancerDescriptionValidator.groovy +++ b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/deploy/validators/DeleteAmazonLoadBalancerDescriptionValidator.groovy @@ -17,9 +17,9 @@ package com.netflix.spinnaker.clouddriver.aws.deploy.validators import com.netflix.spinnaker.clouddriver.aws.AmazonOperation +import com.netflix.spinnaker.clouddriver.aws.deploy.description.DeleteAmazonLoadBalancerDescription import com.netflix.spinnaker.clouddriver.deploy.ValidationErrors import com.netflix.spinnaker.clouddriver.orchestration.AtomicOperations -import com.netflix.spinnaker.clouddriver.aws.deploy.description.DeleteAmazonLoadBalancerDescription import org.springframework.stereotype.Component @AmazonOperation(AtomicOperations.DELETE_LOAD_BALANCER) diff --git a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/deploy/validators/DeleteAmazonSnapshotDescriptionValidator.java b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/deploy/validators/DeleteAmazonSnapshotDescriptionValidator.java index 39f99081763..ca413b569d6 100644 --- a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/deploy/validators/DeleteAmazonSnapshotDescriptionValidator.java +++ b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/deploy/validators/DeleteAmazonSnapshotDescriptionValidator.java @@ -20,24 +20,25 @@ import com.netflix.spinnaker.clouddriver.aws.AmazonOperation; import com.netflix.spinnaker.clouddriver.aws.deploy.description.DeleteAmazonSnapshotDescription; -import com.netflix.spinnaker.clouddriver.aws.security.AmazonCredentialProvider; import com.netflix.spinnaker.clouddriver.aws.security.NetflixAmazonCredentials; import com.netflix.spinnaker.clouddriver.deploy.ValidationErrors; import com.netflix.spinnaker.clouddriver.orchestration.AtomicOperations; -import java.util.List; +import com.netflix.spinnaker.credentials.CredentialsRepository; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; +import java.util.List; + @AmazonOperation(AtomicOperations.DELETE_SNAPSHOT) @Component public class DeleteAmazonSnapshotDescriptionValidator extends AmazonDescriptionValidationSupport { - AmazonCredentialProvider accountCredentialsProvider; + CredentialsRepository accountCredentialsProvider; @Autowired public DeleteAmazonSnapshotDescriptionValidator( - AmazonCredentialProvider accountCredentialsProvider) { + CredentialsRepository accountCredentialsProvider) { this.accountCredentialsProvider = accountCredentialsProvider; } diff --git a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/deploy/validators/DeleteSecurityGroupDescriptionValidator.groovy b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/deploy/validators/DeleteSecurityGroupDescriptionValidator.groovy index da49aa485b7..2e48570635e 100644 --- a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/deploy/validators/DeleteSecurityGroupDescriptionValidator.groovy +++ b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/deploy/validators/DeleteSecurityGroupDescriptionValidator.groovy @@ -17,10 +17,10 @@ package com.netflix.spinnaker.clouddriver.aws.deploy.validators import com.netflix.spinnaker.clouddriver.aws.AmazonOperation +import com.netflix.spinnaker.clouddriver.aws.deploy.description.DeleteSecurityGroupDescription import com.netflix.spinnaker.clouddriver.aws.security.AmazonClientProvider import com.netflix.spinnaker.clouddriver.deploy.ValidationErrors import com.netflix.spinnaker.clouddriver.orchestration.AtomicOperations -import com.netflix.spinnaker.clouddriver.aws.deploy.description.DeleteSecurityGroupDescription import org.springframework.beans.factory.annotation.Autowired import org.springframework.stereotype.Component diff --git a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/deploy/validators/ModifyAsgLaunchConfigurationDescriptionValidator.groovy b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/deploy/validators/ModifyAsgLaunchConfigurationDescriptionValidator.groovy index 9e94f5fadd3..40e5895ce38 100644 --- a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/deploy/validators/ModifyAsgLaunchConfigurationDescriptionValidator.groovy +++ b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/deploy/validators/ModifyAsgLaunchConfigurationDescriptionValidator.groovy @@ -19,11 +19,11 @@ package com.netflix.spinnaker.clouddriver.aws.deploy.validators import com.netflix.spinnaker.clouddriver.aws.AmazonOperation import com.netflix.spinnaker.clouddriver.aws.deploy.description.ModifyAsgLaunchConfigurationDescription import com.netflix.spinnaker.clouddriver.aws.model.AmazonBlockDevice -import com.netflix.spinnaker.clouddriver.aws.security.AmazonCredentialProvider import com.netflix.spinnaker.clouddriver.aws.security.AmazonCredentials import com.netflix.spinnaker.clouddriver.aws.security.NetflixAmazonCredentials import com.netflix.spinnaker.clouddriver.deploy.ValidationErrors import com.netflix.spinnaker.clouddriver.orchestration.AtomicOperations +import com.netflix.spinnaker.credentials.CredentialsRepository import org.springframework.beans.factory.annotation.Autowired import org.springframework.stereotype.Component @@ -31,7 +31,7 @@ import org.springframework.stereotype.Component @Component("modifyAsgLaunchConfigurationDescriptionValidator") class ModifyAsgLaunchConfigurationDescriptionValidator extends AmazonDescriptionValidationSupport { @Autowired - AmazonCredentialProvider accountCredentialsProvider + CredentialsRepository accountCredentialsProvider @Override void validate(List priorDescriptions, ModifyAsgLaunchConfigurationDescription description, ValidationErrors errors) { @@ -41,7 +41,7 @@ class ModifyAsgLaunchConfigurationDescriptionValidator extends AmazonDescription if (!description.credentials) { errors.rejectValue "credentials", "modifyAsgLaunchConfigurationDescription.credentials.empty" } else { - def credentials = accountCredentialsProvider.getCredentials(description?.credentials?.name) + def credentials = accountCredentialsProvider.getOne(description?.credentials?.name) if (!(credentials instanceof AmazonCredentials)) { errors.rejectValue("credentials", "modifyAsgLaunchConfigurationDescription.credentials.invalid") } diff --git a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/deploy/validators/ModifyServerGroupLaunchTemplateValidator.java b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/deploy/validators/ModifyServerGroupLaunchTemplateValidator.java index da71d9ad910..83f0025b0b3 100644 --- a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/deploy/validators/ModifyServerGroupLaunchTemplateValidator.java +++ b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/deploy/validators/ModifyServerGroupLaunchTemplateValidator.java @@ -20,25 +20,26 @@ import com.netflix.spinnaker.clouddriver.aws.AmazonOperation; import com.netflix.spinnaker.clouddriver.aws.deploy.description.ModifyServerGroupLaunchTemplateDescription; import com.netflix.spinnaker.clouddriver.aws.model.AmazonBlockDevice; -import com.netflix.spinnaker.clouddriver.aws.security.AmazonCredentialProvider; import com.netflix.spinnaker.clouddriver.aws.security.AmazonCredentials; import com.netflix.spinnaker.clouddriver.aws.security.NetflixAmazonCredentials; import com.netflix.spinnaker.clouddriver.deploy.ValidationErrors; import com.netflix.spinnaker.clouddriver.orchestration.AtomicOperations; import com.netflix.spinnaker.clouddriver.security.AccountCredentials; -import java.util.List; +import com.netflix.spinnaker.credentials.CredentialsRepository; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; +import java.util.List; + @AmazonOperation(AtomicOperations.UPDATE_LAUNCH_TEMPLATE) @Component("modifyServerGroupLaunchTemplateDescriptionValidator") public class ModifyServerGroupLaunchTemplateValidator extends AmazonDescriptionValidationSupport { - private final AmazonCredentialProvider accountCredentialsProvider; + private final CredentialsRepository accountCredentialsProvider; @Autowired public ModifyServerGroupLaunchTemplateValidator( - AmazonCredentialProvider accountCredentialsProvider) { + CredentialsRepository accountCredentialsProvider) { this.accountCredentialsProvider = accountCredentialsProvider; } @@ -55,7 +56,7 @@ public void validate( "credentials", "modifyservergrouplaunchtemplatedescription.credentials.empty"); } else { AccountCredentials credentials = - accountCredentialsProvider.getCredentials(description.getCredentials().getName()); + accountCredentialsProvider.getOne(description.getCredentials().getName()); if (!(credentials instanceof AmazonCredentials)) { errors.rejectValue( "credentials", "modifyservergrouplaunchtemplatedescription.credentials.invalid"); diff --git a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/deploy/validators/RebootInstancesDescriptionValidator.groovy b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/deploy/validators/RebootInstancesDescriptionValidator.groovy index a3c95a9979a..f1e7c187568 100644 --- a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/deploy/validators/RebootInstancesDescriptionValidator.groovy +++ b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/deploy/validators/RebootInstancesDescriptionValidator.groovy @@ -17,9 +17,9 @@ package com.netflix.spinnaker.clouddriver.aws.deploy.validators import com.netflix.spinnaker.clouddriver.aws.AmazonOperation +import com.netflix.spinnaker.clouddriver.aws.deploy.description.RebootInstancesDescription import com.netflix.spinnaker.clouddriver.deploy.ValidationErrors import com.netflix.spinnaker.clouddriver.orchestration.AtomicOperations -import com.netflix.spinnaker.clouddriver.aws.deploy.description.RebootInstancesDescription import org.springframework.stereotype.Component @AmazonOperation(AtomicOperations.REBOOT_INSTANCES) diff --git a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/deploy/validators/TerminateInstancesDescriptionValidator.groovy b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/deploy/validators/TerminateInstancesDescriptionValidator.groovy index 86328c9593b..064c7b6bcdf 100644 --- a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/deploy/validators/TerminateInstancesDescriptionValidator.groovy +++ b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/deploy/validators/TerminateInstancesDescriptionValidator.groovy @@ -16,9 +16,9 @@ package com.netflix.spinnaker.clouddriver.aws.deploy.validators import com.netflix.spinnaker.clouddriver.aws.AmazonOperation +import com.netflix.spinnaker.clouddriver.aws.deploy.description.TerminateInstancesDescription import com.netflix.spinnaker.clouddriver.deploy.ValidationErrors import com.netflix.spinnaker.clouddriver.orchestration.AtomicOperations -import com.netflix.spinnaker.clouddriver.aws.deploy.description.TerminateInstancesDescription import org.springframework.stereotype.Component @AmazonOperation(AtomicOperations.TERMINATE_INSTANCES) diff --git a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/deploy/validators/UpsertAmazonDNSDescriptionValidator.groovy b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/deploy/validators/UpsertAmazonDNSDescriptionValidator.groovy index 975ce461dd5..81e9b7b40ef 100644 --- a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/deploy/validators/UpsertAmazonDNSDescriptionValidator.groovy +++ b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/deploy/validators/UpsertAmazonDNSDescriptionValidator.groovy @@ -16,9 +16,9 @@ package com.netflix.spinnaker.clouddriver.aws.deploy.validators -import com.netflix.spinnaker.clouddriver.aws.security.AmazonClientProvider import com.netflix.spinnaker.clouddriver.aws.deploy.description.UpsertAmazonDNSDescription import com.netflix.spinnaker.clouddriver.aws.deploy.description.UpsertAmazonLoadBalancerDescription +import com.netflix.spinnaker.clouddriver.aws.security.AmazonClientProvider import com.netflix.spinnaker.clouddriver.deploy.ValidationErrors import org.springframework.beans.factory.annotation.Autowired import org.springframework.stereotype.Component diff --git a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/deploy/validators/UpsertSecurityGroupDescriptionValidator.groovy b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/deploy/validators/UpsertSecurityGroupDescriptionValidator.groovy index 365a4024643..cf9814687e4 100644 --- a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/deploy/validators/UpsertSecurityGroupDescriptionValidator.groovy +++ b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/deploy/validators/UpsertSecurityGroupDescriptionValidator.groovy @@ -17,11 +17,10 @@ package com.netflix.spinnaker.clouddriver.aws.deploy.validators import com.netflix.spinnaker.clouddriver.aws.AmazonOperation -import com.netflix.spinnaker.clouddriver.deploy.ValidationErrors -import com.netflix.spinnaker.clouddriver.orchestration.AtomicOperations import com.netflix.spinnaker.clouddriver.aws.deploy.description.UpsertSecurityGroupDescription -import com.netflix.spinnaker.clouddriver.aws.model.SecurityGroupNotFoundException import com.netflix.spinnaker.clouddriver.aws.services.RegionScopedProviderFactory +import com.netflix.spinnaker.clouddriver.deploy.ValidationErrors +import com.netflix.spinnaker.clouddriver.orchestration.AtomicOperations import org.springframework.beans.factory.annotation.Autowired import org.springframework.stereotype.Component diff --git a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/health/AmazonHealthIndicator.groovy b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/health/AmazonHealthIndicator.groovy index de9fcc68ad8..a467be89400 100644 --- a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/health/AmazonHealthIndicator.groovy +++ b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/health/AmazonHealthIndicator.groovy @@ -21,8 +21,8 @@ import com.amazonaws.AmazonServiceException import com.amazonaws.services.ec2.AmazonEC2 import com.netflix.spectator.api.Registry import com.netflix.spinnaker.clouddriver.aws.security.AmazonClientProvider -import com.netflix.spinnaker.clouddriver.aws.security.AmazonCredentialProvider import com.netflix.spinnaker.clouddriver.aws.security.NetflixAmazonCredentials +import com.netflix.spinnaker.credentials.CredentialsRepository import groovy.transform.InheritConstructors import org.slf4j.Logger import org.slf4j.LoggerFactory @@ -42,7 +42,7 @@ class AmazonHealthIndicator implements HealthIndicator { private static final Logger LOG = LoggerFactory.getLogger(AmazonHealthIndicator) - private final AmazonCredentialProvider accountCredentialsProvider + private final CredentialsRepository accountCredentialsProvider private final AmazonClientProvider amazonClientProvider private final AtomicReference lastException = new AtomicReference<>(null) @@ -51,7 +51,7 @@ class AmazonHealthIndicator implements HealthIndicator { private final AtomicLong errors; @Autowired - AmazonHealthIndicator(AmazonCredentialProvider accountCredentialsProvider, + AmazonHealthIndicator(CredentialsRepository accountCredentialsProvider, AmazonClientProvider amazonClientProvider, Registry registry) { this.accountCredentialsProvider = accountCredentialsProvider @@ -78,7 +78,7 @@ class AmazonHealthIndicator implements HealthIndicator { @Scheduled(fixedDelay = 120000L) void checkHealth() { try { - Set amazonCredentials = accountCredentialsProvider.all.findAll { + Set amazonCredentials = accountCredentialsProvider.getAll().findAll { it instanceof NetflixAmazonCredentials } as Set for (NetflixAmazonCredentials credentials in amazonCredentials) { diff --git a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/lifecycle/InstanceTerminationLifecycleWorker.java b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/lifecycle/InstanceTerminationLifecycleWorker.java index e94f5eb3399..35c7dbbf37e 100644 --- a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/lifecycle/InstanceTerminationLifecycleWorker.java +++ b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/lifecycle/InstanceTerminationLifecycleWorker.java @@ -36,12 +36,18 @@ import com.netflix.spectator.api.Registry; import com.netflix.spinnaker.clouddriver.aws.deploy.ops.discovery.AwsEurekaSupport; import com.netflix.spinnaker.clouddriver.aws.security.AmazonClientProvider; -import com.netflix.spinnaker.clouddriver.aws.security.AmazonCredentialProvider; import com.netflix.spinnaker.clouddriver.aws.security.AmazonCredentials.LifecycleHook; import com.netflix.spinnaker.clouddriver.aws.security.NetflixAmazonCredentials; import com.netflix.spinnaker.clouddriver.eureka.api.Eureka; import com.netflix.spinnaker.clouddriver.eureka.deploy.ops.AbstractEurekaSupport.DiscoveryStatus; import com.netflix.spinnaker.clouddriver.security.AccountCredentials; +import com.netflix.spinnaker.credentials.CredentialsRepository; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.http.HttpStatus; +import retrofit.RetrofitError; + +import javax.inject.Provider; import java.io.IOException; import java.time.Duration; import java.util.Arrays; @@ -52,11 +58,6 @@ import java.util.List; import java.util.Set; import java.util.stream.Collectors; -import javax.inject.Provider; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.http.HttpStatus; -import retrofit.RetrofitError; public class InstanceTerminationLifecycleWorker implements Runnable { @@ -69,7 +70,7 @@ public class InstanceTerminationLifecycleWorker implements Runnable { ObjectMapper objectMapper; AmazonClientProvider amazonClientProvider; - AmazonCredentialProvider accountCredentialsProvider; + CredentialsRepository accountCredentialsProvider; InstanceTerminationConfigurationProperties properties; Provider discoverySupport; Registry registry; @@ -82,7 +83,7 @@ public class InstanceTerminationLifecycleWorker implements Runnable { public InstanceTerminationLifecycleWorker( ObjectMapper objectMapper, AmazonClientProvider amazonClientProvider, - AmazonCredentialProvider accountCredentialsProvider, + CredentialsRepository accountCredentialsProvider, InstanceTerminationConfigurationProperties properties, Provider discoverySupport, Registry registry) { diff --git a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/lifecycle/InstanceTerminationLifecycleWorkerProvider.java b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/lifecycle/InstanceTerminationLifecycleWorkerProvider.java index 065f2d6d5d0..acc58b099ec 100644 --- a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/lifecycle/InstanceTerminationLifecycleWorkerProvider.java +++ b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/lifecycle/InstanceTerminationLifecycleWorkerProvider.java @@ -20,14 +20,8 @@ import com.netflix.spectator.api.Registry; import com.netflix.spinnaker.clouddriver.aws.deploy.ops.discovery.AwsEurekaSupport; import com.netflix.spinnaker.clouddriver.aws.security.AmazonClientProvider; -import com.netflix.spinnaker.clouddriver.aws.security.AmazonCredentialProvider; import com.netflix.spinnaker.clouddriver.aws.security.NetflixAmazonCredentials; -import java.util.concurrent.ExecutorService; -import java.util.concurrent.Executors; -import java.util.concurrent.RejectedExecutionException; -import java.util.regex.Pattern; -import javax.annotation.PostConstruct; -import javax.inject.Provider; +import com.netflix.spinnaker.credentials.CredentialsRepository; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; @@ -35,6 +29,13 @@ import org.springframework.boot.autoconfigure.condition.ConditionalOnExpression; import org.springframework.stereotype.Component; +import javax.annotation.PostConstruct; +import javax.inject.Provider; +import java.util.concurrent.ExecutorService; +import java.util.concurrent.Executors; +import java.util.concurrent.RejectedExecutionException; +import java.util.regex.Pattern; + @Component @ConditionalOnExpression( "${aws.lifecycle-subscribers.instance-termination.enabled:false} && ${caching.write-enabled:true}") @@ -47,7 +48,7 @@ public class InstanceTerminationLifecycleWorkerProvider { private final ObjectMapper objectMapper; private final AmazonClientProvider amazonClientProvider; - private final AmazonCredentialProvider accountCredentialsProvider; + private final CredentialsRepository accountCredentialsProvider; private final InstanceTerminationConfigurationProperties properties; private final Provider discoverySupport; private final Registry registry; @@ -56,7 +57,7 @@ public class InstanceTerminationLifecycleWorkerProvider { InstanceTerminationLifecycleWorkerProvider( @Qualifier("amazonObjectMapper") ObjectMapper objectMapper, AmazonClientProvider amazonClientProvider, - AmazonCredentialProvider accountCredentialsProvider, + CredentialsRepository accountCredentialsProvider, InstanceTerminationConfigurationProperties properties, Provider discoverySupport, Registry registry) { @@ -72,7 +73,7 @@ public class InstanceTerminationLifecycleWorkerProvider { public void start() { NetflixAmazonCredentials credentials = (NetflixAmazonCredentials) - accountCredentialsProvider.getCredentials(properties.getAccountName()); + accountCredentialsProvider.getOne(properties.getAccountName()); ExecutorService executorService = Executors.newFixedThreadPool( credentials.getRegions().size(), diff --git a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/lifecycle/LaunchFailureNotificationAgent.java b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/lifecycle/LaunchFailureNotificationAgent.java index 36220383c39..11bfd0cd221 100644 --- a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/lifecycle/LaunchFailureNotificationAgent.java +++ b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/lifecycle/LaunchFailureNotificationAgent.java @@ -35,11 +35,14 @@ import com.netflix.spinnaker.clouddriver.aws.AmazonCloudProvider; import com.netflix.spinnaker.clouddriver.aws.provider.AwsProvider; import com.netflix.spinnaker.clouddriver.aws.security.AmazonClientProvider; -import com.netflix.spinnaker.clouddriver.aws.security.AmazonCredentialProvider; import com.netflix.spinnaker.clouddriver.aws.security.NetflixAmazonCredentials; import com.netflix.spinnaker.clouddriver.cache.CustomScheduledAgent; import com.netflix.spinnaker.clouddriver.security.AccountCredentials; import com.netflix.spinnaker.clouddriver.tags.EntityTagger; +import com.netflix.spinnaker.credentials.CredentialsRepository; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + import java.io.IOException; import java.util.Collections; import java.util.List; @@ -48,8 +51,6 @@ import java.util.concurrent.atomic.AtomicInteger; import java.util.regex.Matcher; import java.util.stream.Collectors; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; /** * An Agent that subscribes to a particular SQS queue and tags any server groups that had launch @@ -64,7 +65,7 @@ class LaunchFailureNotificationAgent implements RunnableAgent, CustomScheduledAg private final ObjectMapper objectMapper; private final AmazonClientProvider amazonClientProvider; - private final AmazonCredentialProvider accountCredentialsProvider; + private final CredentialsRepository accountCredentialsProvider; private final LaunchFailureConfigurationProperties properties; private final EntityTagger serverGroupTagger; @@ -77,7 +78,7 @@ class LaunchFailureNotificationAgent implements RunnableAgent, CustomScheduledAg LaunchFailureNotificationAgent( ObjectMapper objectMapper, AmazonClientProvider amazonClientProvider, - AmazonCredentialProvider accountCredentialsProvider, + CredentialsRepository accountCredentialsProvider, LaunchFailureConfigurationProperties properties, EntityTagger serverGroupTagger) { this.objectMapper = objectMapper; @@ -119,7 +120,6 @@ public long getTimeoutMillis() { public void run() { List allAccountIds = accountCredentialsProvider.getAll().stream() - .filter(c -> c instanceof NetflixAmazonCredentials) .map(AccountCredentials::getAccountId) .collect(Collectors.toList()); diff --git a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/lifecycle/LaunchFailureNotificationAgentProvider.java b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/lifecycle/LaunchFailureNotificationAgentProvider.java index 09411af23dd..aa57593aa7c 100644 --- a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/lifecycle/LaunchFailureNotificationAgentProvider.java +++ b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/lifecycle/LaunchFailureNotificationAgentProvider.java @@ -21,9 +21,10 @@ import com.netflix.spinnaker.cats.agent.AgentProvider; import com.netflix.spinnaker.clouddriver.aws.provider.AwsProvider; import com.netflix.spinnaker.clouddriver.aws.security.AmazonClientProvider; -import com.netflix.spinnaker.clouddriver.aws.security.AmazonCredentialProvider; import com.netflix.spinnaker.clouddriver.aws.security.NetflixAmazonCredentials; import com.netflix.spinnaker.clouddriver.tags.EntityTagger; +import com.netflix.spinnaker.credentials.CredentialsRepository; + import java.util.Collection; import java.util.List; import java.util.regex.Pattern; @@ -35,14 +36,14 @@ public class LaunchFailureNotificationAgentProvider implements AgentProvider { private final ObjectMapper objectMapper; private final AmazonClientProvider amazonClientProvider; - private final AmazonCredentialProvider accountCredentialsProvider; + private final CredentialsRepository accountCredentialsProvider; private final LaunchFailureConfigurationProperties properties; private final EntityTagger entityTagger; LaunchFailureNotificationAgentProvider( ObjectMapper objectMapper, AmazonClientProvider amazonClientProvider, - AmazonCredentialProvider accountCredentialsProvider, + CredentialsRepository accountCredentialsProvider, LaunchFailureConfigurationProperties properties, EntityTagger entityTagger) { this.objectMapper = objectMapper; @@ -61,7 +62,7 @@ public boolean supports(String providerName) { public Collection agents() { NetflixAmazonCredentials credentials = (NetflixAmazonCredentials) - accountCredentialsProvider.getCredentials(properties.getAccountName()); + accountCredentialsProvider.getOne(properties.getAccountName()); // an agent for each region in the specified account List agents = diff --git a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/lifecycle/LaunchFailureNotificationCleanupAgent.java b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/lifecycle/LaunchFailureNotificationCleanupAgent.java index ed0b36a1e8d..662c50460f8 100644 --- a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/lifecycle/LaunchFailureNotificationCleanupAgent.java +++ b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/lifecycle/LaunchFailureNotificationCleanupAgent.java @@ -26,19 +26,20 @@ import com.netflix.spinnaker.clouddriver.aws.AmazonCloudProvider; import com.netflix.spinnaker.clouddriver.aws.provider.AwsProvider; import com.netflix.spinnaker.clouddriver.aws.security.AmazonClientProvider; -import com.netflix.spinnaker.clouddriver.aws.security.AmazonCredentialProvider; import com.netflix.spinnaker.clouddriver.aws.security.NetflixAmazonCredentials; import com.netflix.spinnaker.clouddriver.cache.CustomScheduledAgent; import com.netflix.spinnaker.clouddriver.model.EntityTags; import com.netflix.spinnaker.clouddriver.tags.EntityTagger; +import com.netflix.spinnaker.credentials.CredentialsRepository; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + import java.lang.reflect.InvocationTargetException; import java.lang.reflect.UndeclaredThrowableException; import java.util.Collection; import java.util.List; import java.util.Optional; import java.util.concurrent.TimeUnit; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; public class LaunchFailureNotificationCleanupAgent implements RunnableAgent, CustomScheduledAgent { private static final Logger log = LoggerFactory.getLogger(LaunchFailureNotificationAgent.class); @@ -47,12 +48,12 @@ public class LaunchFailureNotificationCleanupAgent implements RunnableAgent, Cus private static final int MAX_RESULTS = 10000; private final AmazonClientProvider amazonClientProvider; - private final AmazonCredentialProvider accountCredentialsProvider; + private final CredentialsRepository accountCredentialsProvider; private final EntityTagger serverGroupTagger; LaunchFailureNotificationCleanupAgent( AmazonClientProvider amazonClientProvider, - AmazonCredentialProvider accountCredentialsProvider, + CredentialsRepository accountCredentialsProvider, EntityTagger serverGroupTagger) { this.amazonClientProvider = amazonClientProvider; this.accountCredentialsProvider = accountCredentialsProvider; @@ -93,8 +94,7 @@ public void run() { entityTags -> { EntityTags.EntityRef entityRef = entityTags.getEntityRef(); Optional credentials = - Optional.ofNullable(accountCredentialsProvider.getCredentials(entityRef.getAccount())) - .filter((c) -> c instanceof NetflixAmazonCredentials) + Optional.ofNullable(accountCredentialsProvider.getOne(entityRef.getAccount())) .map(NetflixAmazonCredentials.class::cast); if (!credentials.isPresent()) { diff --git a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/lifecycle/LifecycleSubscriberConfiguration.java b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/lifecycle/LifecycleSubscriberConfiguration.java index e7cac4a93f7..e704e319096 100644 --- a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/lifecycle/LifecycleSubscriberConfiguration.java +++ b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/lifecycle/LifecycleSubscriberConfiguration.java @@ -18,9 +18,9 @@ import com.fasterxml.jackson.databind.ObjectMapper; import com.netflix.spinnaker.clouddriver.aws.security.AmazonClientProvider; -import com.netflix.spinnaker.clouddriver.aws.security.AmazonCredentialProvider; import com.netflix.spinnaker.clouddriver.aws.security.NetflixAmazonCredentials; import com.netflix.spinnaker.clouddriver.tags.EntityTagger; +import com.netflix.spinnaker.credentials.CredentialsRepository; import org.springframework.beans.factory.annotation.Qualifier; import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty; import org.springframework.boot.context.properties.EnableConfigurationProperties; @@ -39,7 +39,7 @@ class LifecycleSubscriberConfiguration { LaunchFailureNotificationAgentProvider launchFailureNotificationAgentProvider( @Qualifier("amazonObjectMapper") ObjectMapper objectMapper, AmazonClientProvider amazonClientProvider, - AmazonCredentialProvider accountCredentialsProvider, + CredentialsRepository accountCredentialsProvider, LaunchFailureConfigurationProperties properties, EntityTagger entityTagger) { return new LaunchFailureNotificationAgentProvider( diff --git a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/provider/view/AmazonCloudMetricProvider.groovy b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/provider/view/AmazonCloudMetricProvider.groovy index 7d34aa15a85..a8a087e4b87 100644 --- a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/provider/view/AmazonCloudMetricProvider.groovy +++ b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/provider/view/AmazonCloudMetricProvider.groovy @@ -22,9 +22,9 @@ import com.netflix.spinnaker.clouddriver.aws.AmazonCloudProvider import com.netflix.spinnaker.clouddriver.aws.model.AmazonMetricDescriptor import com.netflix.spinnaker.clouddriver.aws.model.AmazonMetricStatistics import com.netflix.spinnaker.clouddriver.aws.security.AmazonClientProvider -import com.netflix.spinnaker.clouddriver.aws.security.AmazonCredentialProvider import com.netflix.spinnaker.clouddriver.aws.security.NetflixAmazonCredentials import com.netflix.spinnaker.clouddriver.model.CloudMetricProvider +import com.netflix.spinnaker.credentials.CredentialsRepository import org.springframework.beans.factory.annotation.Autowired import org.springframework.stereotype.Component @@ -32,12 +32,12 @@ import org.springframework.stereotype.Component class AmazonCloudMetricProvider implements CloudMetricProvider { final AmazonClientProvider amazonClientProvider - final AmazonCredentialProvider accountCredentialsProvider + final CredentialsRepository accountCredentialsProvider final AmazonCloudProvider amazonCloudProvider @Autowired AmazonCloudMetricProvider(AmazonClientProvider amazonClientProvider, - AmazonCredentialProvider accountCredentialsProvider, + CredentialsRepository accountCredentialsProvider, AmazonCloudProvider amazonCloudProvider) { this.amazonClientProvider = amazonClientProvider this.accountCredentialsProvider = accountCredentialsProvider @@ -115,7 +115,7 @@ class AmazonCloudMetricProvider implements CloudMetricProvider AmazonClientProvider amazonClientProvider @Autowired - AmazonCredentialProvider accountCredentialsProvider + CredentialsRepository accountCredentialsProvider @Override AmazonInstance getInstance(String account, String region, String id) { @@ -84,7 +84,7 @@ class AmazonInstanceProvider implements InstanceProvider } String getConsoleOutput(String account, String region, String id) { - def credentials = accountCredentialsProvider.getCredentials(account) + def credentials = accountCredentialsProvider.getOne(account) if (!(credentials instanceof NetflixAmazonCredentials)) { throw new IllegalArgumentException("Invalid credentials: ${account}:${region}") } diff --git a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/provider/view/AmazonSecurityGroupProvider.groovy b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/provider/view/AmazonSecurityGroupProvider.groovy index 185288041b8..e433c63639c 100644 --- a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/provider/view/AmazonSecurityGroupProvider.groovy +++ b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/provider/view/AmazonSecurityGroupProvider.groovy @@ -27,7 +27,6 @@ import com.netflix.spinnaker.cats.cache.RelationshipCacheFilter import com.netflix.spinnaker.clouddriver.aws.AmazonCloudProvider import com.netflix.spinnaker.clouddriver.aws.cache.Keys import com.netflix.spinnaker.clouddriver.aws.model.AmazonSecurityGroup -import com.netflix.spinnaker.clouddriver.aws.security.AmazonCredentialProvider import com.netflix.spinnaker.clouddriver.aws.security.AmazonCredentials import com.netflix.spinnaker.clouddriver.aws.security.NetflixAmazonCredentials import com.netflix.spinnaker.clouddriver.model.AddressableRange @@ -35,6 +34,7 @@ import com.netflix.spinnaker.clouddriver.model.SecurityGroupProvider import com.netflix.spinnaker.clouddriver.model.securitygroups.IpRangeRule import com.netflix.spinnaker.clouddriver.model.securitygroups.Rule import com.netflix.spinnaker.clouddriver.model.securitygroups.SecurityGroupRule +import com.netflix.spinnaker.credentials.CredentialsRepository import groovy.transform.Canonical import org.springframework.beans.factory.annotation.Autowired import org.springframework.beans.factory.annotation.Qualifier @@ -46,20 +46,20 @@ import static com.netflix.spinnaker.clouddriver.aws.cache.Keys.Namespace.SECURIT class AmazonSecurityGroupProvider implements SecurityGroupProvider { final String cloudProvider = AmazonCloudProvider.ID - final AmazonCredentialProvider accountCredentialsProvider + final CredentialsRepository accountCredentialsProvider final Cache cacheView final ObjectMapper objectMapper final Set accounts @Autowired - AmazonSecurityGroupProvider(AmazonCredentialProvider accountCredentialsProvider, + AmazonSecurityGroupProvider(CredentialsRepository accountCredentialsProvider, Cache cacheView, @Qualifier("amazonObjectMapper") ObjectMapper objectMapper) { this.accountCredentialsProvider = accountCredentialsProvider this.cacheView = cacheView this.objectMapper = objectMapper - final allAmazonCredentials = (Set) accountCredentialsProvider.all.findAll { + final allAmazonCredentials = (Set) accountCredentialsProvider.getAll().findAll { it instanceof AmazonCredentials } accounts = ImmutableSet.copyOf(allAmazonCredentials) diff --git a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/security/AmazonCredentialProvider.java b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/security/AmazonCredentialProvider.java deleted file mode 100644 index bf466251499..00000000000 --- a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/security/AmazonCredentialProvider.java +++ /dev/null @@ -1,41 +0,0 @@ -/* - * Copyright 2020 Netflix, Inc. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ - -package com.netflix.spinnaker.clouddriver.aws.security; - -import com.netflix.spinnaker.clouddriver.security.CredentialsProvider; -import com.netflix.spinnaker.credentials.CredentialsRepository; -import java.util.Set; - -public class AmazonCredentialProvider - implements CredentialsProvider { - private final CredentialsRepository repository; - - public AmazonCredentialProvider(CredentialsRepository repository) { - this.repository = repository; - } - - @Override - public Set getAll() { - return repository.getAll(); - } - - @Override - public T getCredentials(String name) { - return repository.getOne(name); - } -} diff --git a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/security/AmazonCredentialsInitializer.groovy b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/security/AmazonCredentialsInitializer.groovy index fd4bd229b73..5277f101e4d 100644 --- a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/security/AmazonCredentialsInitializer.groovy +++ b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/security/AmazonCredentialsInitializer.groovy @@ -72,6 +72,7 @@ class AmazonCredentialsInitializer { } @Bean + @Primary @ConditionalOnMissingBean( value = NetflixAmazonCredentials.class, parameterizedContainer = CredentialsRepository.class @@ -82,17 +83,6 @@ class AmazonCredentialsInitializer { return new MapBackedCredentialsRepository(AmazonCloudProvider.ID, eventHandler) } - @Bean - @ConditionalOnMissingBean( - value = NetflixAmazonCredentials.class, - parameterizedContainer = AmazonCredentialProvider.class - ) - AmazonCredentialProvider amazonCredentialProvider( - CredentialsRepository amazonCredentialsRepository - ) { - return new AmazonCredentialProvider<>(amazonCredentialsRepository) - } - @Bean @ConditionalOnMissingBean( value = NetflixAmazonCredentials.class, From 04b1f6c183579063127769b09f17a76136e9681d Mon Sep 17 00:00:00 2001 From: Manabu McCloskey Date: Mon, 5 Oct 2020 15:09:03 -0600 Subject: [PATCH 12/14] Rename accountCredentialsRepository to credentialsRepository --- .../AmazonClusterController.groovy | 6 +-- .../ops/AllowLaunchAtomicOperation.groovy | 6 +-- .../ops/CopyLastAsgAtomicOperation.groovy | 4 +- .../AllowLaunchDescriptionValidator.groovy | 4 +- ...sicAmazonDeployDescriptionValidator.groovy | 4 +- ...mazonLoadBalancerDescriptionValidator.java | 3 +- ...eteAmazonSnapshotDescriptionValidator.java | 9 ++--- ...chConfigurationDescriptionValidator.groovy | 4 +- ...ifyServerGroupLaunchTemplateValidator.java | 14 +++---- .../aws/health/AmazonHealthIndicator.groovy | 8 ++-- .../InstanceTerminationLifecycleWorker.java | 23 ++++++----- ...nceTerminationLifecycleWorkerProvider.java | 24 ++++++------ .../LaunchFailureNotificationAgent.java | 15 ++++---- ...aunchFailureNotificationAgentProvider.java | 14 +++---- ...LaunchFailureNotificationCleanupAgent.java | 13 +++---- .../LifecycleSubscriberConfiguration.java | 4 +- .../aws/provider/AwsProvider.groovy | 13 +++---- .../agent/AmazonInstanceTypeCachingAgent.java | 2 - .../view/AmazonCloudMetricProvider.groovy | 8 ++-- .../view/AmazonInstanceProvider.groovy | 4 +- .../view/AmazonSecurityGroupProvider.groovy | 8 ++-- .../AmazonClusterControllerSpec.groovy | 2 +- .../AllowLaunchAtomicOperationUnitSpec.groovy | 38 +++++++++---------- ...AllowLaunchDescriptionValidatorSpec.groovy | 2 +- ...mazonDeployDescriptionValidatorSpec.groovy | 2 +- 25 files changed, 110 insertions(+), 124 deletions(-) diff --git a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/controllers/AmazonClusterController.groovy b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/controllers/AmazonClusterController.groovy index 4609b57429b..aa0ffee5399 100644 --- a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/controllers/AmazonClusterController.groovy +++ b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/controllers/AmazonClusterController.groovy @@ -31,7 +31,7 @@ import org.springframework.web.bind.annotation.* class AmazonClusterController { @Autowired - CredentialsRepository accountCredentialsProvider + CredentialsRepository credentialsRepository @Autowired AmazonClientProvider amazonClientProvider @@ -40,8 +40,8 @@ class AmazonClusterController { @RequestMapping(value = "/scalingActivities", method = RequestMethod.GET) ResponseEntity getScalingActivities(@PathVariable String account, @PathVariable String serverGroupName, @RequestParam(value = "region", required = true) String region) { - def credentials = accountCredentialsProvider.getOne(account) - if (!(credentials instanceof NetflixAmazonCredentials)) { + def credentials = credentialsRepository.getOne(account) + if (credentials == null) { return new ResponseEntity([message: "bad credentials"], HttpStatus.BAD_REQUEST) } def autoScaling = amazonClientProvider.getAutoScaling(credentials, region) diff --git a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/deploy/ops/AllowLaunchAtomicOperation.groovy b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/deploy/ops/AllowLaunchAtomicOperation.groovy index 2d7832e34d9..50e70c55c18 100644 --- a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/deploy/ops/AllowLaunchAtomicOperation.groovy +++ b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/deploy/ops/AllowLaunchAtomicOperation.groovy @@ -51,14 +51,14 @@ class AllowLaunchAtomicOperation implements AtomicOperation { AmazonClientProvider amazonClientProvider @Autowired - CredentialsRepository accountCredentialsProvider + CredentialsRepository credentialsRepository @Override ResolvedAmiResult operate(List priorOutputs) { task.updateStatus BASE_PHASE, "Initializing Allow Launch Operation..." def sourceCredentials = description.credentials - def targetCredentials = accountCredentialsProvider.getOne(description.targetAccount) as NetflixAmazonCredentials + def targetCredentials = credentialsRepository.getOne(description.targetAccount) as NetflixAmazonCredentials def sourceAmazonEC2 = amazonClientProvider.getAmazonEC2(description.credentials, description.region, true) def targetAmazonEC2 = amazonClientProvider.getAmazonEC2(targetCredentials, description.region, true) @@ -83,7 +83,7 @@ class AllowLaunchAtomicOperation implements AtomicOperation { // Spinnaker, switch to using that for modifying the image if (resolvedAmi.ownerId != sourceCredentials.accountId) { if (resolvedAmi.getRegion()) { - ownerCredentials = accountCredentialsProvider.getAll().find { accountCredentials -> + ownerCredentials = credentialsRepository.getAll().find { accountCredentials -> accountCredentials instanceof NetflixAmazonCredentials && ((AmazonCredentials) accountCredentials).accountId == resolvedAmi.ownerId } as NetflixAmazonCredentials diff --git a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/deploy/ops/CopyLastAsgAtomicOperation.groovy b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/deploy/ops/CopyLastAsgAtomicOperation.groovy index 87d02bf29b5..38bee339e81 100644 --- a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/deploy/ops/CopyLastAsgAtomicOperation.groovy +++ b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/deploy/ops/CopyLastAsgAtomicOperation.groovy @@ -57,7 +57,7 @@ class CopyLastAsgAtomicOperation implements AtomicOperation { AmazonClientProvider amazonClientProvider @Autowired - CredentialsRepository accountCredentialsProvider + CredentialsRepository credentialsRepository @Autowired RegionScopedProviderFactory regionScopedProviderFactory @@ -91,7 +91,7 @@ class CopyLastAsgAtomicOperation implements AtomicOperation { def sourceAsgCredentials if (description.source.account && description.source.region && description.source.asgName) { sourceRegion = description.source.region - sourceAsgCredentials = accountCredentialsProvider.getOne(description.source.account) as NetflixAmazonCredentials + sourceAsgCredentials = credentialsRepository.getOne(description.source.account) as NetflixAmazonCredentials def sourceAutoScaling = amazonClientProvider.getAutoScaling(sourceAsgCredentials, sourceRegion, true) def request = new DescribeAutoScalingGroupsRequest(autoScalingGroupNames: [description.source.asgName]) List ancestorAsgs = sourceAutoScaling.describeAutoScalingGroups(request).autoScalingGroups diff --git a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/deploy/validators/AllowLaunchDescriptionValidator.groovy b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/deploy/validators/AllowLaunchDescriptionValidator.groovy index a0b8210ae32..81c760832cc 100644 --- a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/deploy/validators/AllowLaunchDescriptionValidator.groovy +++ b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/deploy/validators/AllowLaunchDescriptionValidator.groovy @@ -27,7 +27,7 @@ import org.springframework.stereotype.Component @Component("allowLaunchDescriptionValidator") class AllowLaunchDescriptionValidator extends DescriptionValidator { @Autowired - CredentialsRepository accountCredentialsProvider + CredentialsRepository credentialsRepository @Override void validate(List priorDescriptions, AllowLaunchDescription description, ValidationErrors errors) { @@ -39,7 +39,7 @@ class AllowLaunchDescriptionValidator extends DescriptionValidator { @Autowired - CredentialsRepository accountCredentialsProvider + CredentialsRepository credentialsRepository @Override void validate(List priorDescriptions, BasicAmazonDeployDescription description, ValidationErrors errors) { @@ -42,7 +42,7 @@ class BasicAmazonDeployDescriptionValidator extends AmazonDescriptionValidationS if (!description.credentials) { errors.rejectValue "credentials", "basicAmazonDeployDescription.credentials.empty" } else { - credentials = accountCredentialsProvider.getOne(description?.credentials?.name) + credentials = credentialsRepository.getOne(description?.credentials?.name) if (!(credentials instanceof AmazonCredentials)) { errors.rejectValue("credentials", "basicAmazonDeployDescription.credentials.invalid") } diff --git a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/deploy/validators/CreateAmazonLoadBalancerDescriptionValidator.java b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/deploy/validators/CreateAmazonLoadBalancerDescriptionValidator.java index ca640525fcb..754a6a8c75a 100644 --- a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/deploy/validators/CreateAmazonLoadBalancerDescriptionValidator.java +++ b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/deploy/validators/CreateAmazonLoadBalancerDescriptionValidator.java @@ -26,12 +26,11 @@ import com.netflix.spinnaker.clouddriver.aws.security.AmazonCredentials; import com.netflix.spinnaker.clouddriver.deploy.ValidationErrors; import com.netflix.spinnaker.clouddriver.orchestration.AtomicOperations; -import org.springframework.stereotype.Component; - import java.util.HashSet; import java.util.List; import java.util.Map; import java.util.Set; +import org.springframework.stereotype.Component; @AmazonOperation(AtomicOperations.UPSERT_LOAD_BALANCER) @Component("createAmazonLoadBalancerDescriptionValidator") diff --git a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/deploy/validators/DeleteAmazonSnapshotDescriptionValidator.java b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/deploy/validators/DeleteAmazonSnapshotDescriptionValidator.java index ca413b569d6..adffabc1e1a 100644 --- a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/deploy/validators/DeleteAmazonSnapshotDescriptionValidator.java +++ b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/deploy/validators/DeleteAmazonSnapshotDescriptionValidator.java @@ -24,22 +24,21 @@ import com.netflix.spinnaker.clouddriver.deploy.ValidationErrors; import com.netflix.spinnaker.clouddriver.orchestration.AtomicOperations; import com.netflix.spinnaker.credentials.CredentialsRepository; +import java.util.List; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; -import java.util.List; - @AmazonOperation(AtomicOperations.DELETE_SNAPSHOT) @Component public class DeleteAmazonSnapshotDescriptionValidator extends AmazonDescriptionValidationSupport { - CredentialsRepository accountCredentialsProvider; + CredentialsRepository credentialsRepository; @Autowired public DeleteAmazonSnapshotDescriptionValidator( - CredentialsRepository accountCredentialsProvider) { - this.accountCredentialsProvider = accountCredentialsProvider; + CredentialsRepository credentialsRepository) { + this.credentialsRepository = credentialsRepository; } @Override diff --git a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/deploy/validators/ModifyAsgLaunchConfigurationDescriptionValidator.groovy b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/deploy/validators/ModifyAsgLaunchConfigurationDescriptionValidator.groovy index 40e5895ce38..06aab84ca5e 100644 --- a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/deploy/validators/ModifyAsgLaunchConfigurationDescriptionValidator.groovy +++ b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/deploy/validators/ModifyAsgLaunchConfigurationDescriptionValidator.groovy @@ -31,7 +31,7 @@ import org.springframework.stereotype.Component @Component("modifyAsgLaunchConfigurationDescriptionValidator") class ModifyAsgLaunchConfigurationDescriptionValidator extends AmazonDescriptionValidationSupport { @Autowired - CredentialsRepository accountCredentialsProvider + CredentialsRepository credentialsRepository @Override void validate(List priorDescriptions, ModifyAsgLaunchConfigurationDescription description, ValidationErrors errors) { @@ -41,7 +41,7 @@ class ModifyAsgLaunchConfigurationDescriptionValidator extends AmazonDescription if (!description.credentials) { errors.rejectValue "credentials", "modifyAsgLaunchConfigurationDescription.credentials.empty" } else { - def credentials = accountCredentialsProvider.getOne(description?.credentials?.name) + def credentials = credentialsRepository.getOne(description?.credentials?.name) if (!(credentials instanceof AmazonCredentials)) { errors.rejectValue("credentials", "modifyAsgLaunchConfigurationDescription.credentials.invalid") } diff --git a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/deploy/validators/ModifyServerGroupLaunchTemplateValidator.java b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/deploy/validators/ModifyServerGroupLaunchTemplateValidator.java index 83f0025b0b3..bc011520cab 100644 --- a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/deploy/validators/ModifyServerGroupLaunchTemplateValidator.java +++ b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/deploy/validators/ModifyServerGroupLaunchTemplateValidator.java @@ -20,27 +20,25 @@ import com.netflix.spinnaker.clouddriver.aws.AmazonOperation; import com.netflix.spinnaker.clouddriver.aws.deploy.description.ModifyServerGroupLaunchTemplateDescription; import com.netflix.spinnaker.clouddriver.aws.model.AmazonBlockDevice; -import com.netflix.spinnaker.clouddriver.aws.security.AmazonCredentials; import com.netflix.spinnaker.clouddriver.aws.security.NetflixAmazonCredentials; import com.netflix.spinnaker.clouddriver.deploy.ValidationErrors; import com.netflix.spinnaker.clouddriver.orchestration.AtomicOperations; import com.netflix.spinnaker.clouddriver.security.AccountCredentials; import com.netflix.spinnaker.credentials.CredentialsRepository; +import java.util.List; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; -import java.util.List; - @AmazonOperation(AtomicOperations.UPDATE_LAUNCH_TEMPLATE) @Component("modifyServerGroupLaunchTemplateDescriptionValidator") public class ModifyServerGroupLaunchTemplateValidator extends AmazonDescriptionValidationSupport { - private final CredentialsRepository accountCredentialsProvider; + private final CredentialsRepository credentialsRepository; @Autowired public ModifyServerGroupLaunchTemplateValidator( - CredentialsRepository accountCredentialsProvider) { - this.accountCredentialsProvider = accountCredentialsProvider; + CredentialsRepository credentialsRepository) { + this.credentialsRepository = credentialsRepository; } @Override @@ -56,8 +54,8 @@ public void validate( "credentials", "modifyservergrouplaunchtemplatedescription.credentials.empty"); } else { AccountCredentials credentials = - accountCredentialsProvider.getOne(description.getCredentials().getName()); - if (!(credentials instanceof AmazonCredentials)) { + credentialsRepository.getOne(description.getCredentials().getName()); + if (credentials == null) { errors.rejectValue( "credentials", "modifyservergrouplaunchtemplatedescription.credentials.invalid"); } diff --git a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/health/AmazonHealthIndicator.groovy b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/health/AmazonHealthIndicator.groovy index a467be89400..ce2ec1c00bd 100644 --- a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/health/AmazonHealthIndicator.groovy +++ b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/health/AmazonHealthIndicator.groovy @@ -42,7 +42,7 @@ class AmazonHealthIndicator implements HealthIndicator { private static final Logger LOG = LoggerFactory.getLogger(AmazonHealthIndicator) - private final CredentialsRepository accountCredentialsProvider + private final CredentialsRepository credentialsRepository private final AmazonClientProvider amazonClientProvider private final AtomicReference lastException = new AtomicReference<>(null) @@ -51,10 +51,10 @@ class AmazonHealthIndicator implements HealthIndicator { private final AtomicLong errors; @Autowired - AmazonHealthIndicator(CredentialsRepository accountCredentialsProvider, + AmazonHealthIndicator(CredentialsRepository credentialsRepository, AmazonClientProvider amazonClientProvider, Registry registry) { - this.accountCredentialsProvider = accountCredentialsProvider + this.credentialsRepository = credentialsRepository this.amazonClientProvider = amazonClientProvider this.errors = registry.gauge("health.amazon.errors", new AtomicLong(0)) @@ -78,7 +78,7 @@ class AmazonHealthIndicator implements HealthIndicator { @Scheduled(fixedDelay = 120000L) void checkHealth() { try { - Set amazonCredentials = accountCredentialsProvider.getAll().findAll { + Set amazonCredentials = credentialsRepository.getAll().findAll { it instanceof NetflixAmazonCredentials } as Set for (NetflixAmazonCredentials credentials in amazonCredentials) { diff --git a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/lifecycle/InstanceTerminationLifecycleWorker.java b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/lifecycle/InstanceTerminationLifecycleWorker.java index 35c7dbbf37e..dc4e22a612b 100644 --- a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/lifecycle/InstanceTerminationLifecycleWorker.java +++ b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/lifecycle/InstanceTerminationLifecycleWorker.java @@ -42,12 +42,6 @@ import com.netflix.spinnaker.clouddriver.eureka.deploy.ops.AbstractEurekaSupport.DiscoveryStatus; import com.netflix.spinnaker.clouddriver.security.AccountCredentials; import com.netflix.spinnaker.credentials.CredentialsRepository; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.http.HttpStatus; -import retrofit.RetrofitError; - -import javax.inject.Provider; import java.io.IOException; import java.time.Duration; import java.util.Arrays; @@ -58,6 +52,11 @@ import java.util.List; import java.util.Set; import java.util.stream.Collectors; +import javax.inject.Provider; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.http.HttpStatus; +import retrofit.RetrofitError; public class InstanceTerminationLifecycleWorker implements Runnable { @@ -70,7 +69,7 @@ public class InstanceTerminationLifecycleWorker implements Runnable { ObjectMapper objectMapper; AmazonClientProvider amazonClientProvider; - CredentialsRepository accountCredentialsProvider; + CredentialsRepository credentialsRepository; InstanceTerminationConfigurationProperties properties; Provider discoverySupport; Registry registry; @@ -83,18 +82,18 @@ public class InstanceTerminationLifecycleWorker implements Runnable { public InstanceTerminationLifecycleWorker( ObjectMapper objectMapper, AmazonClientProvider amazonClientProvider, - CredentialsRepository accountCredentialsProvider, + CredentialsRepository credentialsRepository, InstanceTerminationConfigurationProperties properties, Provider discoverySupport, Registry registry) { this.objectMapper = objectMapper; this.amazonClientProvider = amazonClientProvider; - this.accountCredentialsProvider = accountCredentialsProvider; + this.credentialsRepository = credentialsRepository; this.properties = properties; this.discoverySupport = discoverySupport; this.registry = registry; - Set accountCredentials = accountCredentialsProvider.getAll(); + Set accountCredentials = credentialsRepository.getAll(); this.queueARN = new ARN(accountCredentials, properties.getQueueARN()); this.topicARN = new ARN(accountCredentials, properties.getTopicARN()); } @@ -124,7 +123,7 @@ private void listenForMessages() { AmazonSQS amazonSQS = amazonClientProvider.getAmazonSQS(queueARN.account, queueARN.region); AmazonSNS amazonSNS = amazonClientProvider.getAmazonSNS(topicARN.account, topicARN.region); - Set accountCredentials = accountCredentialsProvider.getAll(); + Set accountCredentials = credentialsRepository.getAll(); List allAccountIds = getAllAccountIds(accountCredentials); this.queueId = @@ -261,7 +260,7 @@ private static void deleteMessage(AmazonSQS amazonSQS, String queueUrl, Message } private NetflixAmazonCredentials getAccountCredentialsById(String accountId) { - for (AccountCredentials credentials : accountCredentialsProvider.getAll()) { + for (AccountCredentials credentials : credentialsRepository.getAll()) { if (credentials.getAccountId() != null && credentials.getAccountId().equals(accountId)) { return (NetflixAmazonCredentials) credentials; } diff --git a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/lifecycle/InstanceTerminationLifecycleWorkerProvider.java b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/lifecycle/InstanceTerminationLifecycleWorkerProvider.java index acc58b099ec..42da9da1b5f 100644 --- a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/lifecycle/InstanceTerminationLifecycleWorkerProvider.java +++ b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/lifecycle/InstanceTerminationLifecycleWorkerProvider.java @@ -22,6 +22,12 @@ import com.netflix.spinnaker.clouddriver.aws.security.AmazonClientProvider; import com.netflix.spinnaker.clouddriver.aws.security.NetflixAmazonCredentials; import com.netflix.spinnaker.credentials.CredentialsRepository; +import java.util.concurrent.ExecutorService; +import java.util.concurrent.Executors; +import java.util.concurrent.RejectedExecutionException; +import java.util.regex.Pattern; +import javax.annotation.PostConstruct; +import javax.inject.Provider; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; @@ -29,13 +35,6 @@ import org.springframework.boot.autoconfigure.condition.ConditionalOnExpression; import org.springframework.stereotype.Component; -import javax.annotation.PostConstruct; -import javax.inject.Provider; -import java.util.concurrent.ExecutorService; -import java.util.concurrent.Executors; -import java.util.concurrent.RejectedExecutionException; -import java.util.regex.Pattern; - @Component @ConditionalOnExpression( "${aws.lifecycle-subscribers.instance-termination.enabled:false} && ${caching.write-enabled:true}") @@ -48,7 +47,7 @@ public class InstanceTerminationLifecycleWorkerProvider { private final ObjectMapper objectMapper; private final AmazonClientProvider amazonClientProvider; - private final CredentialsRepository accountCredentialsProvider; + private final CredentialsRepository credentialsRepository; private final InstanceTerminationConfigurationProperties properties; private final Provider discoverySupport; private final Registry registry; @@ -57,13 +56,13 @@ public class InstanceTerminationLifecycleWorkerProvider { InstanceTerminationLifecycleWorkerProvider( @Qualifier("amazonObjectMapper") ObjectMapper objectMapper, AmazonClientProvider amazonClientProvider, - CredentialsRepository accountCredentialsProvider, + CredentialsRepository credentialsRepository, InstanceTerminationConfigurationProperties properties, Provider discoverySupport, Registry registry) { this.objectMapper = objectMapper; this.amazonClientProvider = amazonClientProvider; - this.accountCredentialsProvider = accountCredentialsProvider; + this.credentialsRepository = credentialsRepository; this.properties = properties; this.discoverySupport = discoverySupport; this.registry = registry; @@ -72,8 +71,7 @@ public class InstanceTerminationLifecycleWorkerProvider { @PostConstruct public void start() { NetflixAmazonCredentials credentials = - (NetflixAmazonCredentials) - accountCredentialsProvider.getOne(properties.getAccountName()); + (NetflixAmazonCredentials) credentialsRepository.getOne(properties.getAccountName()); ExecutorService executorService = Executors.newFixedThreadPool( credentials.getRegions().size(), @@ -90,7 +88,7 @@ public void start() { new InstanceTerminationLifecycleWorker( objectMapper, amazonClientProvider, - accountCredentialsProvider, + credentialsRepository, new InstanceTerminationConfigurationProperties( properties.getAccountName(), properties diff --git a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/lifecycle/LaunchFailureNotificationAgent.java b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/lifecycle/LaunchFailureNotificationAgent.java index 11bfd0cd221..91efb792d3c 100644 --- a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/lifecycle/LaunchFailureNotificationAgent.java +++ b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/lifecycle/LaunchFailureNotificationAgent.java @@ -40,9 +40,6 @@ import com.netflix.spinnaker.clouddriver.security.AccountCredentials; import com.netflix.spinnaker.clouddriver.tags.EntityTagger; import com.netflix.spinnaker.credentials.CredentialsRepository; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - import java.io.IOException; import java.util.Collections; import java.util.List; @@ -51,6 +48,8 @@ import java.util.concurrent.atomic.AtomicInteger; import java.util.regex.Matcher; import java.util.stream.Collectors; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; /** * An Agent that subscribes to a particular SQS queue and tags any server groups that had launch @@ -65,7 +64,7 @@ class LaunchFailureNotificationAgent implements RunnableAgent, CustomScheduledAg private final ObjectMapper objectMapper; private final AmazonClientProvider amazonClientProvider; - private final CredentialsRepository accountCredentialsProvider; + private final CredentialsRepository credentialsRepository; private final LaunchFailureConfigurationProperties properties; private final EntityTagger serverGroupTagger; @@ -78,16 +77,16 @@ class LaunchFailureNotificationAgent implements RunnableAgent, CustomScheduledAg LaunchFailureNotificationAgent( ObjectMapper objectMapper, AmazonClientProvider amazonClientProvider, - CredentialsRepository accountCredentialsProvider, + CredentialsRepository credentialsRepository, LaunchFailureConfigurationProperties properties, EntityTagger serverGroupTagger) { this.objectMapper = objectMapper; this.amazonClientProvider = amazonClientProvider; - this.accountCredentialsProvider = accountCredentialsProvider; + this.credentialsRepository = credentialsRepository; this.properties = properties; this.serverGroupTagger = serverGroupTagger; - Set accountCredentials = accountCredentialsProvider.getAll(); + Set accountCredentials = credentialsRepository.getAll(); this.topicARN = new ARN(accountCredentials, properties.getTopicARN()); this.queueARN = new ARN(accountCredentials, properties.getQueueARN()); } @@ -119,7 +118,7 @@ public long getTimeoutMillis() { @Override public void run() { List allAccountIds = - accountCredentialsProvider.getAll().stream() + credentialsRepository.getAll().stream() .map(AccountCredentials::getAccountId) .collect(Collectors.toList()); diff --git a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/lifecycle/LaunchFailureNotificationAgentProvider.java b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/lifecycle/LaunchFailureNotificationAgentProvider.java index aa57593aa7c..74fab9afb39 100644 --- a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/lifecycle/LaunchFailureNotificationAgentProvider.java +++ b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/lifecycle/LaunchFailureNotificationAgentProvider.java @@ -24,7 +24,6 @@ import com.netflix.spinnaker.clouddriver.aws.security.NetflixAmazonCredentials; import com.netflix.spinnaker.clouddriver.tags.EntityTagger; import com.netflix.spinnaker.credentials.CredentialsRepository; - import java.util.Collection; import java.util.List; import java.util.regex.Pattern; @@ -36,19 +35,19 @@ public class LaunchFailureNotificationAgentProvider implements AgentProvider { private final ObjectMapper objectMapper; private final AmazonClientProvider amazonClientProvider; - private final CredentialsRepository accountCredentialsProvider; + private final CredentialsRepository credentialsRepository; private final LaunchFailureConfigurationProperties properties; private final EntityTagger entityTagger; LaunchFailureNotificationAgentProvider( ObjectMapper objectMapper, AmazonClientProvider amazonClientProvider, - CredentialsRepository accountCredentialsProvider, + CredentialsRepository credentialsRepository, LaunchFailureConfigurationProperties properties, EntityTagger entityTagger) { this.objectMapper = objectMapper; this.amazonClientProvider = amazonClientProvider; - this.accountCredentialsProvider = accountCredentialsProvider; + this.credentialsRepository = credentialsRepository; this.properties = properties; this.entityTagger = entityTagger; } @@ -61,8 +60,7 @@ public boolean supports(String providerName) { @Override public Collection agents() { NetflixAmazonCredentials credentials = - (NetflixAmazonCredentials) - accountCredentialsProvider.getOne(properties.getAccountName()); + (NetflixAmazonCredentials) credentialsRepository.getOne(properties.getAccountName()); // an agent for each region in the specified account List agents = @@ -72,7 +70,7 @@ public Collection agents() { new LaunchFailureNotificationAgent( objectMapper, amazonClientProvider, - accountCredentialsProvider, + credentialsRepository, new LaunchFailureConfigurationProperties( properties.getAccountName(), properties @@ -94,7 +92,7 @@ public Collection agents() { // an agent that will cleanup stale notifications across all accounts + region agents.add( new LaunchFailureNotificationCleanupAgent( - amazonClientProvider, accountCredentialsProvider, entityTagger)); + amazonClientProvider, credentialsRepository, entityTagger)); return agents; } diff --git a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/lifecycle/LaunchFailureNotificationCleanupAgent.java b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/lifecycle/LaunchFailureNotificationCleanupAgent.java index 662c50460f8..9f0021b674f 100644 --- a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/lifecycle/LaunchFailureNotificationCleanupAgent.java +++ b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/lifecycle/LaunchFailureNotificationCleanupAgent.java @@ -31,15 +31,14 @@ import com.netflix.spinnaker.clouddriver.model.EntityTags; import com.netflix.spinnaker.clouddriver.tags.EntityTagger; import com.netflix.spinnaker.credentials.CredentialsRepository; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - import java.lang.reflect.InvocationTargetException; import java.lang.reflect.UndeclaredThrowableException; import java.util.Collection; import java.util.List; import java.util.Optional; import java.util.concurrent.TimeUnit; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; public class LaunchFailureNotificationCleanupAgent implements RunnableAgent, CustomScheduledAgent { private static final Logger log = LoggerFactory.getLogger(LaunchFailureNotificationAgent.class); @@ -48,15 +47,15 @@ public class LaunchFailureNotificationCleanupAgent implements RunnableAgent, Cus private static final int MAX_RESULTS = 10000; private final AmazonClientProvider amazonClientProvider; - private final CredentialsRepository accountCredentialsProvider; + private final CredentialsRepository credentialsRepository; private final EntityTagger serverGroupTagger; LaunchFailureNotificationCleanupAgent( AmazonClientProvider amazonClientProvider, - CredentialsRepository accountCredentialsProvider, + CredentialsRepository credentialsRepository, EntityTagger serverGroupTagger) { this.amazonClientProvider = amazonClientProvider; - this.accountCredentialsProvider = accountCredentialsProvider; + this.credentialsRepository = credentialsRepository; this.serverGroupTagger = serverGroupTagger; } @@ -94,7 +93,7 @@ public void run() { entityTags -> { EntityTags.EntityRef entityRef = entityTags.getEntityRef(); Optional credentials = - Optional.ofNullable(accountCredentialsProvider.getOne(entityRef.getAccount())) + Optional.ofNullable(credentialsRepository.getOne(entityRef.getAccount())) .map(NetflixAmazonCredentials.class::cast); if (!credentials.isPresent()) { diff --git a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/lifecycle/LifecycleSubscriberConfiguration.java b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/lifecycle/LifecycleSubscriberConfiguration.java index e704e319096..b7a8ef0a40e 100644 --- a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/lifecycle/LifecycleSubscriberConfiguration.java +++ b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/lifecycle/LifecycleSubscriberConfiguration.java @@ -39,10 +39,10 @@ class LifecycleSubscriberConfiguration { LaunchFailureNotificationAgentProvider launchFailureNotificationAgentProvider( @Qualifier("amazonObjectMapper") ObjectMapper objectMapper, AmazonClientProvider amazonClientProvider, - CredentialsRepository accountCredentialsProvider, + CredentialsRepository credentialsRepository, LaunchFailureConfigurationProperties properties, EntityTagger entityTagger) { return new LaunchFailureNotificationAgentProvider( - objectMapper, amazonClientProvider, accountCredentialsProvider, properties, entityTagger); + objectMapper, amazonClientProvider, credentialsRepository, properties, entityTagger); } } diff --git a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/provider/AwsProvider.groovy b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/provider/AwsProvider.groovy index 00dff215dc7..a1024653424 100644 --- a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/provider/AwsProvider.groovy +++ b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/provider/AwsProvider.groovy @@ -16,8 +16,7 @@ package com.netflix.spinnaker.clouddriver.aws.provider -import com.netflix.spinnaker.cats.agent.Agent -import com.netflix.spinnaker.cats.agent.AgentSchedulerAware + import com.netflix.spinnaker.cats.cache.Cache import com.netflix.spinnaker.clouddriver.aws.data.Keys import com.netflix.spinnaker.clouddriver.aws.security.NetflixAmazonCredentials @@ -36,7 +35,7 @@ class AwsProvider extends BaseProvider implements SearchableProvider, EurekaAwar final KeyParser keyParser = new Keys() - final CredentialsRepository accountCredentialsRepository + final CredentialsRepository credentialsRepository final Set defaultCaches = [ LOAD_BALANCERS.ns, @@ -58,9 +57,9 @@ class AwsProvider extends BaseProvider implements SearchableProvider, EurekaAwar private Collection healthAgents - AwsProvider(CredentialsRepository accountCredentialsRepository) { + AwsProvider(CredentialsRepository credentialsRepository) { super() - this.accountCredentialsRepository = accountCredentialsRepository + this.credentialsRepository = credentialsRepository synchronizeHealthAgents() } @@ -131,14 +130,14 @@ class AwsProvider extends BaseProvider implements SearchableProvider, EurekaAwar private String getCredentialName(String accountId, boolean allowMultipleEurekaPerAccount, String eurekaAccountName) { if (allowMultipleEurekaPerAccount) { - def credentialName = accountCredentialsRepository.all.find { + def credentialName = credentialsRepository.all.find { it instanceof NetflixAmazonCredentials && it.accountId == accountId && it.name == eurekaAccountName }?.name if (credentialName) { return credentialName } } - return accountCredentialsRepository.all.find { + return credentialsRepository.all.find { it instanceof NetflixAmazonCredentials && it.accountId == accountId }?.name } diff --git a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/provider/agent/AmazonInstanceTypeCachingAgent.java b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/provider/agent/AmazonInstanceTypeCachingAgent.java index 17c2bd3fc07..e60af44ce6a 100644 --- a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/provider/agent/AmazonInstanceTypeCachingAgent.java +++ b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/provider/agent/AmazonInstanceTypeCachingAgent.java @@ -46,7 +46,6 @@ import java.util.HashSet; import java.util.List; import java.util.Map; -import java.util.Objects; import java.util.Optional; import java.util.Set; import java.util.stream.Collectors; @@ -104,7 +103,6 @@ public CacheResult loadData(ProviderCache providerCache) { try { Set matchingAccounts = accountCredentialsRepository.getAll().stream() - .filter(Objects::nonNull) .map(AmazonCredentials.class::cast) .filter(ac -> ac.getRegions().stream().anyMatch(r -> region.equals(r.getName()))) .map(AccountCredentials::getName) diff --git a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/provider/view/AmazonCloudMetricProvider.groovy b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/provider/view/AmazonCloudMetricProvider.groovy index a8a087e4b87..a7962b01487 100644 --- a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/provider/view/AmazonCloudMetricProvider.groovy +++ b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/provider/view/AmazonCloudMetricProvider.groovy @@ -32,15 +32,15 @@ import org.springframework.stereotype.Component class AmazonCloudMetricProvider implements CloudMetricProvider { final AmazonClientProvider amazonClientProvider - final CredentialsRepository accountCredentialsProvider + final CredentialsRepository credentialsRepository final AmazonCloudProvider amazonCloudProvider @Autowired AmazonCloudMetricProvider(AmazonClientProvider amazonClientProvider, - CredentialsRepository accountCredentialsProvider, + CredentialsRepository credentialsRepository, AmazonCloudProvider amazonCloudProvider) { this.amazonClientProvider = amazonClientProvider - this.accountCredentialsProvider = accountCredentialsProvider + this.credentialsRepository = credentialsRepository this.amazonCloudProvider = amazonCloudProvider } @@ -115,7 +115,7 @@ class AmazonCloudMetricProvider implements CloudMetricProvider AmazonClientProvider amazonClientProvider @Autowired - CredentialsRepository accountCredentialsProvider + CredentialsRepository credentialsRepository @Override AmazonInstance getInstance(String account, String region, String id) { @@ -84,7 +84,7 @@ class AmazonInstanceProvider implements InstanceProvider } String getConsoleOutput(String account, String region, String id) { - def credentials = accountCredentialsProvider.getOne(account) + def credentials = credentialsRepository.getOne(account) if (!(credentials instanceof NetflixAmazonCredentials)) { throw new IllegalArgumentException("Invalid credentials: ${account}:${region}") } diff --git a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/provider/view/AmazonSecurityGroupProvider.groovy b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/provider/view/AmazonSecurityGroupProvider.groovy index e433c63639c..d548f32432e 100644 --- a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/provider/view/AmazonSecurityGroupProvider.groovy +++ b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/provider/view/AmazonSecurityGroupProvider.groovy @@ -46,20 +46,20 @@ import static com.netflix.spinnaker.clouddriver.aws.cache.Keys.Namespace.SECURIT class AmazonSecurityGroupProvider implements SecurityGroupProvider { final String cloudProvider = AmazonCloudProvider.ID - final CredentialsRepository accountCredentialsProvider + final CredentialsRepository credentialsRepository final Cache cacheView final ObjectMapper objectMapper final Set accounts @Autowired - AmazonSecurityGroupProvider(CredentialsRepository accountCredentialsProvider, + AmazonSecurityGroupProvider(CredentialsRepository credentialsRepository, Cache cacheView, @Qualifier("amazonObjectMapper") ObjectMapper objectMapper) { - this.accountCredentialsProvider = accountCredentialsProvider + this.credentialsRepository = credentialsRepository this.cacheView = cacheView this.objectMapper = objectMapper - final allAmazonCredentials = (Set) accountCredentialsProvider.getAll().findAll { + final allAmazonCredentials = (Set) credentialsRepository.getAll().findAll { it instanceof AmazonCredentials } accounts = ImmutableSet.copyOf(allAmazonCredentials) diff --git a/clouddriver-aws/src/test/groovy/com/netflix/spinnaker/clouddriver/aws/controllers/AmazonClusterControllerSpec.groovy b/clouddriver-aws/src/test/groovy/com/netflix/spinnaker/clouddriver/aws/controllers/AmazonClusterControllerSpec.groovy index f9a42e0a5ad..80a43e2c6fc 100644 --- a/clouddriver-aws/src/test/groovy/com/netflix/spinnaker/clouddriver/aws/controllers/AmazonClusterControllerSpec.groovy +++ b/clouddriver-aws/src/test/groovy/com/netflix/spinnaker/clouddriver/aws/controllers/AmazonClusterControllerSpec.groovy @@ -40,7 +40,7 @@ class AmazonClusterControllerSpec extends Specification { def provider = Stub(AmazonClientProvider) provider.getAutoScaling(creds, region) >> autoScaling controller.amazonClientProvider = provider - controller.accountCredentialsProvider = credsProvider + controller.credentialsRepository = credsProvider when: def result = controller.getScalingActivities(account, asgName, region) diff --git a/clouddriver-aws/src/test/groovy/com/netflix/spinnaker/clouddriver/aws/deploy/ops/AllowLaunchAtomicOperationUnitSpec.groovy b/clouddriver-aws/src/test/groovy/com/netflix/spinnaker/clouddriver/aws/deploy/ops/AllowLaunchAtomicOperationUnitSpec.groovy index ac6973aa5fc..c072c743343 100644 --- a/clouddriver-aws/src/test/groovy/com/netflix/spinnaker/clouddriver/aws/deploy/ops/AllowLaunchAtomicOperationUnitSpec.groovy +++ b/clouddriver-aws/src/test/groovy/com/netflix/spinnaker/clouddriver/aws/deploy/ops/AllowLaunchAtomicOperationUnitSpec.groovy @@ -60,7 +60,7 @@ class AllowLaunchAtomicOperationUnitSpec extends Specification { getCredentials('target') >> target } def op = new AllowLaunchAtomicOperation(new AllowLaunchDescription(amiName: 'super-awesome-ami', targetAccount: 'target', credentials: source)) - op.accountCredentialsProvider = creds + op.credentialsRepository = creds op.amazonClientProvider = provider when: @@ -98,13 +98,13 @@ class AllowLaunchAtomicOperationUnitSpec extends Specification { def description = new AllowLaunchDescription(targetAccount: "prod", amiName: "ami-123456", region: "us-west-1", credentials: testCredentials) def op = new AllowLaunchAtomicOperation(description) op.amazonClientProvider = provider - op.accountCredentialsProvider = Mock(AccountCredentialsProvider) + op.credentialsRepository = Mock(AccountCredentialsProvider) when: op.operate([]) then: - with(op.accountCredentialsProvider){ + with(op.credentialsRepository){ 1 * getCredentials("prod") >> prodCredentials } with(provider) { @@ -129,13 +129,13 @@ class AllowLaunchAtomicOperationUnitSpec extends Specification { def description = new AllowLaunchDescription(targetAccount: "prod", amiName: "ami-123456", region: "us-west-1", credentials: testCredentials) def op = new AllowLaunchAtomicOperation(description) op.amazonClientProvider = provider - op.accountCredentialsProvider = Mock(AccountCredentialsProvider) + op.credentialsRepository = Mock(AccountCredentialsProvider) when: op.operate([]) then: - with(op.accountCredentialsProvider){ + with(op.credentialsRepository){ 1 * getCredentials("prod") >> prodCredentials } with(provider) { @@ -164,13 +164,13 @@ class AllowLaunchAtomicOperationUnitSpec extends Specification { def description = new AllowLaunchDescription(targetAccount: "test", amiName: "ami-123456", region: "us-west-1", credentials: testCredentials) def op = new AllowLaunchAtomicOperation(description) op.amazonClientProvider = provider - op.accountCredentialsProvider = Mock(AccountCredentialsProvider) + op.credentialsRepository = Mock(AccountCredentialsProvider) when: op.operate([]) then: - with(op.accountCredentialsProvider){ + with(op.credentialsRepository){ 1 * getCredentials("test") >> testCredentials } with(provider) { @@ -197,13 +197,13 @@ class AllowLaunchAtomicOperationUnitSpec extends Specification { def description = new AllowLaunchDescription(targetAccount: 'target', amiName: 'ami-123456', region: 'us-west-1', credentials: sourceCredentials) def op = new AllowLaunchAtomicOperation(description) op.amazonClientProvider = Mock(AmazonClientProvider) - op.accountCredentialsProvider = Mock(AccountCredentialsProvider) + op.credentialsRepository = Mock(AccountCredentialsProvider) when: op.operate([]) then: - with(op.accountCredentialsProvider) { + with(op.credentialsRepository) { 1 * getCredentials('target') >> targetCredentials 1 * getAll() >> [sourceCredentials, targetCredentials, ownerCredentials] } @@ -238,14 +238,14 @@ class AllowLaunchAtomicOperationUnitSpec extends Specification { def description = new AllowLaunchDescription(targetAccount: 'target', amiName: 'ami-123456', region: 'us-west-1', credentials: ownerCredentials) def op = new AllowLaunchAtomicOperation(description) op.amazonClientProvider = Mock(AmazonClientProvider) - op.accountCredentialsProvider = Mock(AccountCredentialsProvider) + op.credentialsRepository = Mock(AccountCredentialsProvider) when: op.operate([]) then: - with(op.accountCredentialsProvider) { + with(op.credentialsRepository) { 1 * getCredentials('target') >> targetCredentials } @@ -275,13 +275,13 @@ class AllowLaunchAtomicOperationUnitSpec extends Specification { def description = new AllowLaunchDescription(targetAccount: 'target', amiName: 'ami-123456', region: 'us-west-2', credentials: sourceCredentials) def op = new AllowLaunchAtomicOperation(description) op.amazonClientProvider = Mock(AmazonClientProvider) - op.accountCredentialsProvider = Mock(AccountCredentialsProvider) + op.credentialsRepository = Mock(AccountCredentialsProvider) when: op.operate([]) then: - with(op.accountCredentialsProvider) { + with(op.credentialsRepository) { 1 * getCredentials('target') >> targetCredentials } with(op.amazonClientProvider) { @@ -317,13 +317,13 @@ class AllowLaunchAtomicOperationUnitSpec extends Specification { def description = new AllowLaunchDescription(targetAccount: 'target', amiName: 'ami-123456', region: 'us-west-1', credentials: ownerCredentials) def op = new AllowLaunchAtomicOperation(description) op.amazonClientProvider = Mock(AmazonClientProvider) - op.accountCredentialsProvider = Mock(AccountCredentialsProvider) + op.credentialsRepository = Mock(AccountCredentialsProvider) when: op.operate([]) then: - with(op.accountCredentialsProvider) { + with(op.credentialsRepository) { 1 * getCredentials('target') >> targetCredentials } @@ -359,13 +359,13 @@ class AllowLaunchAtomicOperationUnitSpec extends Specification { def description = new AllowLaunchDescription(targetAccount: 'target', amiName: 'ami-123456', region: 'us-west-1', credentials: sourceCredentials) def op = new AllowLaunchAtomicOperation(description) op.amazonClientProvider = Mock(AmazonClientProvider) - op.accountCredentialsProvider = Mock(AccountCredentialsProvider) + op.credentialsRepository = Mock(AccountCredentialsProvider) when: op.operate([]) then: - with(op.accountCredentialsProvider) { + with(op.credentialsRepository) { 1 * getCredentials('target') >> targetCredentials 1 * getAll() >> [sourceCredentials, targetCredentials] } @@ -392,14 +392,14 @@ class AllowLaunchAtomicOperationUnitSpec extends Specification { def description = new AllowLaunchDescription(targetAccount: 'target', amiName: 'ami-123456', region: 'us-west-1', credentials: sourceCredentials) def op = new AllowLaunchAtomicOperation(description) op.amazonClientProvider = Mock(AmazonClientProvider) - op.accountCredentialsProvider = Mock(AccountCredentialsProvider) + op.credentialsRepository = Mock(AccountCredentialsProvider) when: op.operate([]) then: thrown IllegalArgumentException - with(op.accountCredentialsProvider) { + with(op.credentialsRepository) { 1 * getCredentials('target') >> targetCredentials 1 * getAll() >> [sourceCredentials, targetCredentials] } diff --git a/clouddriver-aws/src/test/groovy/com/netflix/spinnaker/clouddriver/aws/deploy/validators/AllowLaunchDescriptionValidatorSpec.groovy b/clouddriver-aws/src/test/groovy/com/netflix/spinnaker/clouddriver/aws/deploy/validators/AllowLaunchDescriptionValidatorSpec.groovy index 9b5e52a10ff..d074cff28b5 100644 --- a/clouddriver-aws/src/test/groovy/com/netflix/spinnaker/clouddriver/aws/deploy/validators/AllowLaunchDescriptionValidatorSpec.groovy +++ b/clouddriver-aws/src/test/groovy/com/netflix/spinnaker/clouddriver/aws/deploy/validators/AllowLaunchDescriptionValidatorSpec.groovy @@ -43,7 +43,7 @@ class AllowLaunchDescriptionValidatorSpec extends Specification { setup: AllowLaunchDescriptionValidator validator = new AllowLaunchDescriptionValidator() def credentialsHolder = Mock(AccountCredentialsProvider) - validator.accountCredentialsProvider = credentialsHolder + validator.credentialsRepository = credentialsHolder def description = new AllowLaunchDescription(targetAccount: "foo") def errors = Mock(ValidationErrors) diff --git a/clouddriver-aws/src/test/groovy/com/netflix/spinnaker/clouddriver/aws/deploy/validators/BasicAmazonDeployDescriptionValidatorSpec.groovy b/clouddriver-aws/src/test/groovy/com/netflix/spinnaker/clouddriver/aws/deploy/validators/BasicAmazonDeployDescriptionValidatorSpec.groovy index 57a48a3b14b..4f4efbe9a63 100644 --- a/clouddriver-aws/src/test/groovy/com/netflix/spinnaker/clouddriver/aws/deploy/validators/BasicAmazonDeployDescriptionValidatorSpec.groovy +++ b/clouddriver-aws/src/test/groovy/com/netflix/spinnaker/clouddriver/aws/deploy/validators/BasicAmazonDeployDescriptionValidatorSpec.groovy @@ -41,7 +41,7 @@ class BasicAmazonDeployDescriptionValidatorSpec extends Specification { def credentialsRepo = new MapBackedAccountCredentialsRepository() def credentialsProvider = new DefaultAccountCredentialsProvider(credentialsRepo) credentialsRepo.save(ACCOUNT_NAME, amazonCredentials) - validator.accountCredentialsProvider = credentialsProvider + validator.credentialsRepository = credentialsProvider } void "pass validation with proper description inputs"() { From 350f1827db559ee793f17defd727b43ce837840a Mon Sep 17 00:00:00 2001 From: Manabu McCloskey Date: Mon, 5 Oct 2020 16:40:11 -0600 Subject: [PATCH 13/14] WIP --- .../spinnaker/cats/agent/AgentProvider.java | 5 ++- ...aunchFailureNotificationAgentProvider.java | 19 ++++----- .../LifecycleSubscriberConfiguration.java | 11 +++++- .../aws/provider/ProviderHelpers.java | 2 +- .../provider/agent/LambdaAgentProvider.java | 39 +++++++------------ 5 files changed, 36 insertions(+), 40 deletions(-) diff --git a/clouddriver-api/src/main/java/com/netflix/spinnaker/cats/agent/AgentProvider.java b/clouddriver-api/src/main/java/com/netflix/spinnaker/cats/agent/AgentProvider.java index 80878bf2bc7..f13c30038fa 100644 --- a/clouddriver-api/src/main/java/com/netflix/spinnaker/cats/agent/AgentProvider.java +++ b/clouddriver-api/src/main/java/com/netflix/spinnaker/cats/agent/AgentProvider.java @@ -16,6 +16,7 @@ package com.netflix.spinnaker.cats.agent; +import com.netflix.spinnaker.credentials.Credentials; import com.netflix.spinnaker.kork.annotations.Beta; import java.util.Collection; @@ -23,5 +24,7 @@ public interface AgentProvider { boolean supports(String providerName); - Collection agents(); + default Collection agents(Credentials credentials) { + return null; + } } diff --git a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/lifecycle/LaunchFailureNotificationAgentProvider.java b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/lifecycle/LaunchFailureNotificationAgentProvider.java index 74fab9afb39..b80dfab44d3 100644 --- a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/lifecycle/LaunchFailureNotificationAgentProvider.java +++ b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/lifecycle/LaunchFailureNotificationAgentProvider.java @@ -23,6 +23,7 @@ import com.netflix.spinnaker.clouddriver.aws.security.AmazonClientProvider; import com.netflix.spinnaker.clouddriver.aws.security.NetflixAmazonCredentials; import com.netflix.spinnaker.clouddriver.tags.EntityTagger; +import com.netflix.spinnaker.credentials.Credentials; import com.netflix.spinnaker.credentials.CredentialsRepository; import java.util.Collection; import java.util.List; @@ -58,13 +59,12 @@ public boolean supports(String providerName) { } @Override - public Collection agents() { - NetflixAmazonCredentials credentials = - (NetflixAmazonCredentials) credentialsRepository.getOne(properties.getAccountName()); + public Collection agents(Credentials credentials) { + NetflixAmazonCredentials netflixAmazonCredentials = (NetflixAmazonCredentials) credentials; // an agent for each region in the specified account List agents = - credentials.getRegions().stream() + netflixAmazonCredentials.getRegions().stream() .map( region -> new LaunchFailureNotificationAgent( @@ -77,23 +77,20 @@ public Collection agents() { .getTopicARN() .replaceAll(REGION_TEMPLATE_PATTERN, region.getName()) .replaceAll( - ACCOUNT_ID_TEMPLATE_PATTERN, credentials.getAccountId()), + ACCOUNT_ID_TEMPLATE_PATTERN, + netflixAmazonCredentials.getAccountId()), properties .getQueueARN() .replaceAll(REGION_TEMPLATE_PATTERN, region.getName()) .replaceAll( - ACCOUNT_ID_TEMPLATE_PATTERN, credentials.getAccountId()), + ACCOUNT_ID_TEMPLATE_PATTERN, + netflixAmazonCredentials.getAccountId()), properties.getMaxMessagesPerCycle(), properties.getVisibilityTimeout(), properties.getWaitTimeSeconds()), entityTagger)) .collect(Collectors.toList()); - // an agent that will cleanup stale notifications across all accounts + region - agents.add( - new LaunchFailureNotificationCleanupAgent( - amazonClientProvider, credentialsRepository, entityTagger)); - return agents; } } diff --git a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/lifecycle/LifecycleSubscriberConfiguration.java b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/lifecycle/LifecycleSubscriberConfiguration.java index b7a8ef0a40e..4c56554ad8d 100644 --- a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/lifecycle/LifecycleSubscriberConfiguration.java +++ b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/lifecycle/LifecycleSubscriberConfiguration.java @@ -17,10 +17,13 @@ package com.netflix.spinnaker.clouddriver.aws.lifecycle; import com.fasterxml.jackson.databind.ObjectMapper; +import com.netflix.spinnaker.clouddriver.aws.provider.AwsProvider; import com.netflix.spinnaker.clouddriver.aws.security.AmazonClientProvider; import com.netflix.spinnaker.clouddriver.aws.security.NetflixAmazonCredentials; import com.netflix.spinnaker.clouddriver.tags.EntityTagger; import com.netflix.spinnaker.credentials.CredentialsRepository; +import java.util.ArrayList; +import java.util.Collections; import org.springframework.beans.factory.annotation.Qualifier; import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty; import org.springframework.boot.context.properties.EnableConfigurationProperties; @@ -41,7 +44,13 @@ LaunchFailureNotificationAgentProvider launchFailureNotificationAgentProvider( AmazonClientProvider amazonClientProvider, CredentialsRepository credentialsRepository, LaunchFailureConfigurationProperties properties, - EntityTagger entityTagger) { + EntityTagger entityTagger, + AwsProvider awsProvider) { + awsProvider.addAgents( + new ArrayList<>( + Collections.singletonList( + new LaunchFailureNotificationCleanupAgent( + amazonClientProvider, credentialsRepository, entityTagger)))); return new LaunchFailureNotificationAgentProvider( objectMapper, amazonClientProvider, credentialsRepository, properties, entityTagger); } diff --git a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/provider/ProviderHelpers.java b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/provider/ProviderHelpers.java index cef729c6726..337c649d7f7 100644 --- a/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/provider/ProviderHelpers.java +++ b/clouddriver-aws/src/main/groovy/com/netflix/spinnaker/clouddriver/aws/provider/ProviderHelpers.java @@ -224,7 +224,7 @@ public static BuildResult buildAwsProviderAgents( providers -> providers.stream() .filter(it -> it.supports(AwsProvider.PROVIDER_NAME)) - .forEach(provider -> newlyAddedAgents.addAll(provider.agents()))); + .forEach(provider -> newlyAddedAgents.addAll(provider.agents(credentials)))); return new BuildResult(newlyAddedAgents, publicRegions); } diff --git a/clouddriver-lambda/src/main/java/com/netflix/spinnaker/clouddriver/lambda/provider/agent/LambdaAgentProvider.java b/clouddriver-lambda/src/main/java/com/netflix/spinnaker/clouddriver/lambda/provider/agent/LambdaAgentProvider.java index 4fa83aeadad..618f44b1f7b 100644 --- a/clouddriver-lambda/src/main/java/com/netflix/spinnaker/clouddriver/lambda/provider/agent/LambdaAgentProvider.java +++ b/clouddriver-lambda/src/main/java/com/netflix/spinnaker/clouddriver/lambda/provider/agent/LambdaAgentProvider.java @@ -24,28 +24,21 @@ import com.netflix.spinnaker.clouddriver.aws.security.AmazonClientProvider; import com.netflix.spinnaker.clouddriver.aws.security.AmazonCredentials; import com.netflix.spinnaker.clouddriver.aws.security.NetflixAmazonCredentials; -import com.netflix.spinnaker.credentials.CredentialsRepository; +import com.netflix.spinnaker.credentials.Credentials; import java.util.ArrayList; import java.util.Collection; import java.util.List; -import java.util.Objects; import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.context.annotation.Lazy; import org.springframework.stereotype.Component; @Component public class LambdaAgentProvider implements AgentProvider { private final ObjectMapper objectMapper; - private final CredentialsRepository credentialsRepository; private final AmazonClientProvider amazonClientProvider; @Autowired - public LambdaAgentProvider( - @Lazy CredentialsRepository credentialsRepository, - AmazonClientProvider amazonClientProvider) { + public LambdaAgentProvider(AmazonClientProvider amazonClientProvider) { this.objectMapper = AmazonObjectMapperConfigurer.createConfigured(); - - this.credentialsRepository = credentialsRepository; this.amazonClientProvider = amazonClientProvider; } @@ -55,24 +48,18 @@ public boolean supports(String providerName) { } @Override - public Collection agents() { + public Collection agents(Credentials credentials) { List agents = new ArrayList<>(); - - credentialsRepository.getAll().stream() - .filter(Objects::nonNull) - .map(c -> (NetflixAmazonCredentials) c) - .filter(NetflixAmazonCredentials::getLambdaEnabled) - .forEach( - credentials -> { - agents.add(new IamRoleCachingAgent(objectMapper, credentials, amazonClientProvider)); - - for (AmazonCredentials.AWSRegion region : credentials.getRegions()) { - agents.add( - new LambdaCachingAgent( - objectMapper, amazonClientProvider, credentials, region.getName())); - } - }); - + NetflixAmazonCredentials netflixAmazonCredentials = (NetflixAmazonCredentials) credentials; + if (netflixAmazonCredentials.getLambdaEnabled()) { + agents.add( + new IamRoleCachingAgent(objectMapper, netflixAmazonCredentials, amazonClientProvider)); + for (AmazonCredentials.AWSRegion region : netflixAmazonCredentials.getRegions()) { + agents.add( + new LambdaCachingAgent( + objectMapper, amazonClientProvider, netflixAmazonCredentials, region.getName())); + } + } return agents; } } From bed90989341a298b97ff7c10da8c938a855a43e6 Mon Sep 17 00:00:00 2001 From: Nima Kaviani Date: Mon, 5 Oct 2020 23:01:28 -0700 Subject: [PATCH 14/14] wip - remove defaulting --- .../java/com/netflix/spinnaker/cats/agent/AgentProvider.java | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/clouddriver-api/src/main/java/com/netflix/spinnaker/cats/agent/AgentProvider.java b/clouddriver-api/src/main/java/com/netflix/spinnaker/cats/agent/AgentProvider.java index f13c30038fa..a2215136493 100644 --- a/clouddriver-api/src/main/java/com/netflix/spinnaker/cats/agent/AgentProvider.java +++ b/clouddriver-api/src/main/java/com/netflix/spinnaker/cats/agent/AgentProvider.java @@ -24,7 +24,5 @@ public interface AgentProvider { boolean supports(String providerName); - default Collection agents(Credentials credentials) { - return null; - } + Collection agents(Credentials credentials); }