Merge pull request #157 from mobsuccess-devops/feat/replace-credentia…

…ls-and-providers

feat: replace credentials and providers with v2

src/main/java/software/amazon/msk/auth/iam/CompatibilityHelper.java

@@ -1,23 +1,33 @@
 package software.amazon.msk.auth.iam;
 
+import com.amazonaws.auth.AWSCredentials;
+import com.amazonaws.auth.BasicAWSCredentials;
+import com.amazonaws.auth.BasicSessionCredentials;
+import software.amazon.awssdk.auth.credentials.AwsCredentials;
+import software.amazon.awssdk.auth.credentials.AwsSessionCredentials;
 import software.amazon.awssdk.core.exception.SdkClientException;
 import software.amazon.awssdk.core.exception.SdkException;
 
 public class CompatibilityHelper {
 
   /**
-   * Convert an exception to an SdkException
+   * Convert credentials from v2 to v1
    *
-   * @param e Exception to convert
-   * @return SdkException
+   * @param newCreadientials v2 credentials
+   * @return v1 credentials
    */
-  public static SdkException toSdkException(Exception e) {
-    if (e instanceof com.amazonaws.SdkClientException) {
-      return SdkClientException.create(e.getMessage(), e.getCause());
-    } else if (e instanceof SdkException) {
-      return (SdkException) e;
+  public static AWSCredentials toV1Credentials(AwsCredentials newCreadientials) {
+    if (newCreadientials instanceof AwsSessionCredentials) {
+      return new BasicSessionCredentials(
+          newCreadientials.accessKeyId(),
+          newCreadientials.secretAccessKey(),
+          ((AwsSessionCredentials) newCreadientials).sessionToken()
+      );
     } else {
-      return SdkException.create(e.getMessage(), e);
+      return new BasicAWSCredentials(
+          newCreadientials.accessKeyId(),
+          newCreadientials.secretAccessKey()
+      );
     }
   }
 }

src/main/java/software/amazon/msk/auth/iam/IAMClientCallbackHandler.java

@@ -15,8 +15,8 @@
 */
 package software.amazon.msk.auth.iam;
 
-import com.amazonaws.auth.AWSCredentialsProvider;
-import com.amazonaws.auth.DefaultAWSCredentialsProviderChain;
+import software.amazon.awssdk.auth.credentials.AwsCredentialsProvider;
+import software.amazon.awssdk.auth.credentials.DefaultCredentialsProvider;
 import software.amazon.msk.auth.iam.internals.AWSCredentialsCallback;
 import software.amazon.msk.auth.iam.internals.MSKCredentialProvider;
 import lombok.NonNull;
@@ -40,7 +40,7 @@
  */
 public class IAMClientCallbackHandler implements AuthenticateCallbackHandler {
     private static final Logger log = LoggerFactory.getLogger(IAMClientCallbackHandler.class);
-    private AWSCredentialsProvider provider;
+    private AwsCredentialsProvider provider;
 
     @Override
     public void configure(Map<String, ?> configs,
@@ -51,8 +51,8 @@ public void configure(Map<String, ?> configs,
         }
         final Optional<AppConfigurationEntry> configEntry = jaasConfigEntries.stream()
                 .filter(j -> IAMLoginModule.class.getCanonicalName().equals(j.getLoginModuleName())).findFirst();
-        provider = configEntry.map(c -> (AWSCredentialsProvider) new MSKCredentialProvider(c.getOptions()))
-                .orElse(DefaultAWSCredentialsProviderChain.getInstance());
+        provider = configEntry.map(c -> (AwsCredentialsProvider) new MSKCredentialProvider(c.getOptions()))
+                .orElse(DefaultCredentialsProvider.create());
     }
 
     @Override
@@ -96,8 +96,7 @@ protected void handleCallback(AWSCredentialsCallback callback) throws IOExceptio
             log.debug("Selecting provider {} to load credentials", provider.getClass().getName());
         }
         try {
-            provider.refresh();
-            callback.setAwsCredentials(provider.getCredentials());
+            callback.setAwsCredentials(provider.resolveCredentials());
         } catch (Exception e) {
             callback.setLoadingException(e);
         }

src/main/java/software/amazon/msk/auth/iam/IAMOAuthBearerLoginCallbackHandler.java

@@ -37,11 +37,11 @@
 
 import com.amazonaws.AmazonWebServiceRequest;
 import com.amazonaws.DefaultRequest;
-import com.amazonaws.auth.AWSCredentials;
-import com.amazonaws.auth.AWSCredentialsProvider;
-import com.amazonaws.auth.DefaultAWSCredentialsProviderChain;
 
 import lombok.NonNull;
+import software.amazon.awssdk.auth.credentials.AwsCredentials;
+import software.amazon.awssdk.auth.credentials.AwsCredentialsProvider;
+import software.amazon.awssdk.auth.credentials.DefaultCredentialsProvider;
 import software.amazon.awssdk.core.exception.SdkClientException;
 import software.amazon.awssdk.http.SdkHttpFullRequest;
 import software.amazon.awssdk.http.SdkHttpMethod;
@@ -66,7 +66,7 @@ public class IAMOAuthBearerLoginCallbackHandler implements AuthenticateCallbackH
 
     private final AWS4SignedPayloadGenerator aws4Signer = new AWS4SignedPayloadGenerator();
 
-    private AWSCredentialsProvider credentialsProvider;
+    private AwsCredentialsProvider credentialsProvider;
     private AwsRegionProvider awsRegionProvider;
     private boolean configured = false;
 
@@ -90,8 +90,8 @@ public void configure(Map<String, ?> configs,
                         .equals(j.getLoginModuleName()))
                 .findFirst();
 
-        credentialsProvider = configEntry.map(c -> (AWSCredentialsProvider) new MSKCredentialProvider(c.getOptions()))
-                .orElse(DefaultAWSCredentialsProviderChain.getInstance());
+        credentialsProvider = configEntry.map(c -> (AwsCredentialsProvider) new MSKCredentialProvider(c.getOptions()))
+                .orElse(DefaultCredentialsProvider.create());
 
         awsRegionProvider = new DefaultAwsRegionProviderChain();
         configured = true;
@@ -136,8 +136,7 @@ private void handleCallback(OAuthBearerTokenCallback callback) throws IOExceptio
         if (callback.token() != null) {
             throw new IllegalArgumentException("Callback had a token already");
         }
-        credentialsProvider.refresh();
-        AWSCredentials awsCredentials = credentialsProvider.getCredentials();
+        AwsCredentials awsCredentials = credentialsProvider.resolveCredentials();
 
         // Generate token value i.e. Base64 encoded pre-signed URL string
         String tokenValue = generateTokenValue(awsCredentials, getCurrentRegion());
@@ -152,7 +151,7 @@ private void handleCallback(OAuthBearerTokenCallback callback) throws IOExceptio
      * @param region aws region
      * @return a base64 encoded token string
      */
-    private String generateTokenValue(@NonNull final AWSCredentials awsCredentials, @NonNull final Region region) {
+    private String generateTokenValue(@NonNull final AwsCredentials awsCredentials, @NonNull final Region region) {
         final String userAgentValue = UserAgentUtils.getUserAgentValue();
         final AuthenticationRequestParams authenticationRequestParams = AuthenticationRequestParams
                 .create(getHostName(region), awsCredentials, userAgentValue);

src/main/java/software/amazon/msk/auth/iam/internals/AWS4SignedPayloadGenerator.java

@@ -35,6 +35,7 @@
 import java.util.Set;
 import java.util.StringJoiner;
 import java.util.concurrent.TimeUnit;
+import software.amazon.msk.auth.iam.CompatibilityHelper;
 
 /**
  * This class is used to generate the AWS Sigv4 signed authentication payload sent by the IAMSaslClient to the broker.
@@ -74,7 +75,7 @@ public DefaultRequest presignRequest(@NonNull AuthenticationRequestParams params
         final AWS4Signer signer = getConfiguredSigner(params);
         final DefaultRequest request = createRequestForSigning(params);
 
-        signer.presignRequest(request, params.getAwsCredentials(), getExpiryDate());
+        signer.presignRequest(request, CompatibilityHelper.toV1Credentials(params.getAwsCredentials()), getExpiryDate());
         return request;
     }
 

src/main/java/software/amazon/msk/auth/iam/internals/AWSCredentialsCallback.java

@@ -15,9 +15,9 @@
 */
 package software.amazon.msk.auth.iam.internals;
 
-import com.amazonaws.auth.AWSCredentials;
 import lombok.Getter;
 import lombok.NonNull;
+import software.amazon.awssdk.auth.credentials.AwsCredentials;
 import software.amazon.msk.auth.iam.IAMClientCallbackHandler;
 
 import javax.security.auth.callback.Callback;
@@ -30,11 +30,11 @@
  */
 public class AWSCredentialsCallback implements Callback {
     @Getter
-    private AWSCredentials awsCredentials = null;
+    private AwsCredentials awsCredentials = null;
     @Getter
     private Exception loadingException = null;
 
-    public void setAwsCredentials(@NonNull AWSCredentials awsCredentials) {
+    public void setAwsCredentials(@NonNull AwsCredentials awsCredentials) {
         this.awsCredentials = awsCredentials;
         this.loadingException = null;
     }

src/main/java/software/amazon/msk/auth/iam/internals/AuthenticationRequestParams.java

@@ -15,7 +15,6 @@
 */
 package software.amazon.msk.auth.iam.internals;
 
-import com.amazonaws.auth.AWSCredentials;
 import com.amazonaws.regions.Region;
 import com.amazonaws.regions.RegionMetadata;
 import com.amazonaws.partitions.PartitionsLoader;
@@ -26,6 +25,7 @@
 import lombok.NonNull;
 
 import java.util.Optional;
+import software.amazon.awssdk.auth.credentials.AwsCredentials;
 
 /**
  * This class represents the parameters that will be used to generate the Sigv4 signature
@@ -47,7 +47,7 @@ public class AuthenticationRequestParams {
     @NonNull
     private final String host;
     @NonNull
-    private final AWSCredentials awsCredentials;
+    private final AwsCredentials awsCredentials;
     @NonNull
     private final Region region;
     @NonNull
@@ -58,7 +58,7 @@ public String getServiceScope() {
     }
 
     public static AuthenticationRequestParams create(@NonNull String host,
-            AWSCredentials credentials,
+            AwsCredentials credentials,
             @NonNull String userAgent) throws IllegalArgumentException {
         Region region = Optional.ofNullable(regionMetadata.tryGetRegionByEndpointDnsSuffix(host))
                 .orElseGet(() -> Regions.getCurrentRegion());