From a4c3efdd08634c64c9182b0cda6c8a7aef0ad175 Mon Sep 17 00:00:00 2001 From: carlosrfranco Date: Wed, 31 May 2023 10:38:05 -0300 Subject: [PATCH] Add external id field for the cross-account auth method --- .../plugin/resources/ec2/EC2ResourceModelSource.java | 10 ++++++---- .../resources/ec2/EC2ResourceModelSourceFactory.java | 1 + 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/src/main/java/com/dtolabs/rundeck/plugin/resources/ec2/EC2ResourceModelSource.java b/src/main/java/com/dtolabs/rundeck/plugin/resources/ec2/EC2ResourceModelSource.java index 88b43e4c..1124ee3e 100644 --- a/src/main/java/com/dtolabs/rundeck/plugin/resources/ec2/EC2ResourceModelSource.java +++ b/src/main/java/com/dtolabs/rundeck/plugin/resources/ec2/EC2ResourceModelSource.java @@ -85,6 +85,7 @@ public class EC2ResourceModelSource implements ResourceModelSource { Future futureResult = null; final Properties mapping = new Properties(); final String assumeRoleArn; + final String externalId; int pageResults; AWSCredentials credentials; @@ -156,6 +157,8 @@ public EC2ResourceModelSource(final Properties configuration, final Services ser this.endpoint = configuration.getProperty(EC2ResourceModelSourceFactory.ENDPOINT); this.pageResults = Integer.parseInt(configuration.getProperty(EC2ResourceModelSourceFactory.MAX_RESULTS)); this.httpProxyHost = configuration.getProperty(EC2ResourceModelSourceFactory.HTTP_PROXY_HOST); + this.assumeRoleArn = configuration.getProperty(EC2ResourceModelSourceFactory.ROLE_ARN); + this.externalId = configuration.getProperty(EC2ResourceModelSourceFactory.EXTERNAL_ID); int proxyPort = 80; final String proxyPortStr = configuration.getProperty(EC2ResourceModelSourceFactory.HTTP_PROXY_PORT); @@ -201,12 +204,8 @@ public EC2ResourceModelSource(final Properties configuration, final Services ser String secretKey = getPasswordFromKeyStorage(secretKeyStoragePath, keyStorage); credentials = new BasicAWSCredentials(accessKey.trim(), secretKey.trim()); - assumeRoleArn = null; }else if (null != accessKey && null != secretKey) { credentials = new BasicAWSCredentials(accessKey.trim(), secretKey.trim()); - assumeRoleArn = null; - } else { - assumeRoleArn = configuration.getProperty(EC2ResourceModelSourceFactory.ROLE_ARN); } if (null != httpProxyHost && !"".equals(httpProxyHost)) { clientConfiguration.setProxyHost(httpProxyHost); @@ -230,6 +229,9 @@ private void initialize() { // sts_client.setEndpoint("sts-endpoint.amazonaws.com"); AssumeRoleRequest assumeRoleRequest = new AssumeRoleRequest(); assumeRoleRequest.setRoleArn(assumeRoleArn); + if(externalId!=null){ + assumeRoleRequest.setExternalId(externalId); + } assumeRoleRequest.setRoleSessionName("RundeckEC2ResourceModelSourceSession"); AssumeRoleResult assumeRoleResult = sts_client.assumeRole(assumeRoleRequest); Credentials assumeCredentials = assumeRoleResult.getCredentials(); diff --git a/src/main/java/com/dtolabs/rundeck/plugin/resources/ec2/EC2ResourceModelSourceFactory.java b/src/main/java/com/dtolabs/rundeck/plugin/resources/ec2/EC2ResourceModelSourceFactory.java index 35e40c00..8fcd48f8 100644 --- a/src/main/java/com/dtolabs/rundeck/plugin/resources/ec2/EC2ResourceModelSourceFactory.java +++ b/src/main/java/com/dtolabs/rundeck/plugin/resources/ec2/EC2ResourceModelSourceFactory.java @@ -62,6 +62,7 @@ public class EC2ResourceModelSourceFactory implements ResourceModelSourceFactory public static final String SECRET_KEY = "secretKey"; public static final String SECRET_KEY_STORAGE_PATH = "secretKeyStoragePath"; public static final String ROLE_ARN = "assumeRoleArn"; + public static final String EXTERNAL_ID = "externalId"; public static final String REGION = "region"; public static final String MAPPING_FILE = "mappingFile"; public static final String REFRESH_INTERVAL = "refreshInterval";