Add IAM Roles support

laurilehmijoki · May 29, 2014 · 8db64c5 · 8db64c5
1 parent 6d29559
commit 8db64c5
Show file tree

Hide file tree

Showing 4 changed files with 23 additions and 7 deletions.
diff --git a/src/main/scala/s3/website/CloudFront.scala b/src/main/scala/s3/website/CloudFront.scala
@@ -9,6 +9,7 @@ import s3.website.S3.{SuccessfulDelete, PushSuccessReport, SuccessfulUpload}
 import com.amazonaws.auth.BasicAWSCredentials
 import java.net.URI
 import scala.concurrent.{ExecutionContextExecutor, Future}
+import s3.website.model.Config.awsCredentials
 
 object CloudFront {
   def invalidate(invalidationBatch: InvalidationBatch, distributionId: String, attempt: Attempt = 1)
@@ -63,8 +64,7 @@ object CloudFront {
     def reportMessage = s"Failed to invalidate the CloudFront distribution (${error.getMessage})"
   }
 
-  def awsCloudFrontClient(config: Config) =
-    new AmazonCloudFrontClient(new BasicAWSCredentials(config.s3_id, config.s3_secret))
+  def awsCloudFrontClient(config: Config) = new AmazonCloudFrontClient(awsCredentials(config))
 
   def toInvalidationBatches(pushSuccessReports: Seq[PushSuccessReport])(implicit config: Config): Seq[InvalidationBatch] = {
     val invalidationPaths: Seq[String] = {

diff --git a/src/main/scala/s3/website/S3.scala b/src/main/scala/s3/website/S3.scala
@@ -21,6 +21,7 @@ import scala.concurrent.duration.TimeUnit
 import java.util.concurrent.TimeUnit.SECONDS
 import s3.website.S3.SuccessfulUpload.humanizeUploadSpeed
 import java.io.FileInputStream
+import s3.website.model.Config.awsCredentials
 
 object S3 {
 
@@ -105,7 +106,7 @@ object S3 {
       None // We are not interested in tracking durations of PUT requests that don't contain data. Redirect is an example of such request.
   }
 
-  def awsS3Client(config: Config) = new AmazonS3Client(new BasicAWSCredentials(config.s3_id, config.s3_secret))
+  def awsS3Client(config: Config) = new AmazonS3Client(awsCredentials(config))
 
   def resolveS3Files(nextMarker: Option[String] = None, alreadyResolved: Seq[S3File] = Nil,  attempt: Attempt = 1)
                               (implicit config: Config, s3Settings: S3Setting, ec: ExecutionContextExecutor, logger: Logger, pushMode: PushMode):

diff --git a/src/main/scala/s3/website/model/Config.scala b/src/main/scala/s3/website/model/Config.scala
@@ -4,10 +4,11 @@ import scala.util.{Failure, Try}
 import scala.collection.JavaConversions._
 import s3.website.Ruby.rubyRuntime
 import s3.website.ErrorReport
+import com.amazonaws.auth.{AWSCredentialsProvider, BasicAWSCredentials, DefaultAWSCredentialsProviderChain}
 
 case class Config(
-  s3_id:                      String,
-  s3_secret:                  String,
+  s3_id:                      Option[String], // If undefined, use IAM Roles (http://docs.aws.amazon.com/AWSSdkDocsJava/latest/DeveloperGuide/java-dg-roles.html)
+  s3_secret:                  Option[String], // If undefined, use IAM Roles (http://docs.aws.amazon.com/AWSSdkDocsJava/latest/DeveloperGuide/java-dg-roles.html)
   s3_bucket:                  String,
   s3_endpoint:                S3Endpoint,
   max_age:                    Option[Either[Int, Map[String, Int]]],
@@ -23,6 +24,20 @@ case class Config(
 )
 
 object Config {
+
+  def awsCredentials(config: Config): AWSCredentialsProvider = {
+    val credentialsFromConfigFile = for {
+      s3_id <- config.s3_id
+      s3_secret <- config.s3_secret
+    } yield new BasicAWSCredentials(s3_id, s3_secret)
+    credentialsFromConfigFile.fold(new DefaultAWSCredentialsProviderChain: AWSCredentialsProvider)(credentials =>
+      new AWSCredentialsProvider {
+        def getCredentials = credentials
+        def refresh() = {}
+      }
+    )
+  }
+
   def loadOptionalBooleanOrStringSeq(key: String)(implicit unsafeYaml: UnsafeYaml): Either[ErrorReport, Option[Either[Boolean, Seq[String]]]] = {
     val yamlValue = for {
       optionalValue <- loadOptionalValue(key)

diff --git a/src/main/scala/s3/website/model/Site.scala b/src/main/scala/s3/website/model/Site.scala
@@ -31,8 +31,8 @@ object Site {
       case Success(yamlObject) =>
         implicit val unsafeYaml = UnsafeYaml(yamlObject)
         val config: Either[ErrorReport, Config] = for {
-          s3_id <- loadRequiredString("s3_id").right
-          s3_secret <- loadRequiredString("s3_secret").right
+          s3_id <- loadOptionalString("s3_id").right
+          s3_secret <- loadOptionalString("s3_secret").right
           s3_bucket <- loadRequiredString("s3_bucket").right
           s3_endpoint <- loadEndpoint.right
           max_age <- loadMaxAge.right