Merge pull request #46 from jglick/AWSCredentialsImpl

Correcting default credentials when using assumed roles

.mvn/extensions.xml

@@ -0,0 +1,7 @@
+<extensions xmlns="http://maven.apache.org/EXTENSIONS/1.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/EXTENSIONS/1.0.0 http://maven.apache.org/xsd/core-extensions-1.0.0.xsd">
+  <extension>
+    <groupId>io.jenkins.tools.incrementals</groupId>
+    <artifactId>git-changelist-maven-extension</artifactId>
+    <version>1.0-beta-7</version>
+  </extension>
+</extensions>

.mvn/maven.config

@@ -0,0 +1,2 @@
+-Pconsume-incrementals
+-Pmight-produce-incrementals

pom.xml

@@ -29,21 +29,22 @@
   <parent>
     <groupId>org.jenkins-ci.plugins</groupId>
     <artifactId>plugin</artifactId>
-    <version>2.11</version>
+    <version>3.25</version>
+    <relativePath />
   </parent>
 
   <artifactId>aws-credentials</artifactId>
-  <version>1.24-SNAPSHOT</version>
+  <version>${revision}${changelist}</version>
   <packaging>hpi</packaging>
 
-  <name>CloudBees Amazon Web Services Credentials Plugin</name>
-  <url>https://wiki.jenkins-ci.org/display/JENKINS/CloudBees+AWS+Credentials+Plugin</url>
+  <name>CloudBees AWS Credentials Plugin</name>
+  <url>https://wiki.jenkins.io/display/JENKINS/CloudBees+AWS+Credentials+Plugin</url>
 
   <scm>
-    <connection>scm:git:git@github.com:jenkinsci/cloudbees-aws-credentials-plugin.git</connection>
-    <developerConnection>scm:git:[email protected]:jenkinsci/cloudbees-aws-credentials-plugin.git
-    </developerConnection>
-    <tag>HEAD</tag>
+    <connection>scm:git:git://github.com/jenkinsci/${project.artifactId}-plugin.git</connection>
+    <developerConnection>scm:git:[email protected]:jenkinsci/${project.artifactId}-plugin.git</developerConnection>
+    <url>https://github.com/jenkinsci/${project.artifactId}-plugin</url>
+    <tag>${scmTag}</tag>
   </scm>
 
   <licenses>
@@ -54,7 +55,10 @@
   </licenses>
 
   <properties>
+    <revision>1.24</revision>
+    <changelist>-SNAPSHOT</changelist>
     <jenkins.version>1.625.1</jenkins.version>
+    <java.level>7</java.level>
   </properties>
 
   <dependencies>
@@ -67,21 +71,13 @@
     <dependency>
       <groupId>org.jenkins-ci.plugins</groupId>
       <artifactId>aws-java-sdk</artifactId>
-      <version>1.10.16</version>
+      <version>1.11.341</version>
     </dependency>
     <dependency>
       <groupId>org.jenkins-ci.plugins</groupId>
       <artifactId>credentials-binding</artifactId>
       <version>1.7</version>
     </dependency>
-    <!-- jenkins dependencies -->
-    <!-- test dependencies -->
-    <dependency>
-      <groupId>org.mockito</groupId>
-      <artifactId>mockito-core</artifactId>
-      <version>1.9.5</version>
-      <scope>test</scope>
-    </dependency>
   </dependencies>
 
   <repositories>

src/main/java/com/cloudbees/jenkins/plugins/awscredentials/AWSCredentialsImpl.java

@@ -29,13 +29,15 @@
 import com.amazonaws.AmazonServiceException;
 import com.amazonaws.ClientConfiguration;
 import com.amazonaws.auth.AWSCredentials;
+import com.amazonaws.auth.AWSStaticCredentialsProvider;
 import com.amazonaws.auth.BasicAWSCredentials;
 import com.amazonaws.auth.BasicSessionCredentials;
-import com.amazonaws.auth.InstanceProfileCredentialsProvider;
 import com.amazonaws.services.ec2.AmazonEC2;
 import com.amazonaws.services.ec2.AmazonEC2Client;
 import com.amazonaws.services.ec2.model.DescribeAvailabilityZonesResult;
+import com.amazonaws.services.securitytoken.AWSSecurityTokenService;
 import com.amazonaws.services.securitytoken.AWSSecurityTokenServiceClient;
+import com.amazonaws.services.securitytoken.AWSSecurityTokenServiceClientBuilder;
 import com.amazonaws.services.securitytoken.model.AssumeRoleRequest;
 import com.amazonaws.services.securitytoken.model.AssumeRoleResult;
 import com.cloudbees.plugins.credentials.CredentialsDescriptor;
@@ -114,14 +116,17 @@ public AWSCredentials getCredentials() {
         if (StringUtils.isBlank(iamRoleArn)) {
             return initialCredentials;
         } else {
+            AWSSecurityTokenService client;
             // Handle the case of delegation to instance profile
             if (StringUtils.isBlank(accessKey) && StringUtils.isBlank(secretKey.getPlainText()) ) {
-                initialCredentials = (new InstanceProfileCredentialsProvider()).getCredentials();
+                client = AWSSecurityTokenServiceClientBuilder.defaultClient();
+            } else {
+                client = AWSSecurityTokenServiceClientBuilder.standard().withCredentials(new AWSStaticCredentialsProvider(initialCredentials)).build();
             }
 
             AssumeRoleRequest assumeRequest = createAssumeRoleRequest(iamRoleArn);
 
-            AssumeRoleResult assumeResult = new AWSSecurityTokenServiceClient(initialCredentials).assumeRole(assumeRequest);
+            AssumeRoleResult assumeResult = client.assumeRole(assumeRequest);
 
             return new BasicSessionCredentials(
                     assumeResult.getCredentials().getAccessKeyId(),
@@ -156,7 +161,7 @@ public String getDisplayName() {
         return accessKey + ":" + iamRoleArn;
     }
 
-    private static AssumeRoleRequest createAssumeRoleRequest(@QueryParameter("iamRoleArn") String iamRoleArn) {
+    private static AssumeRoleRequest createAssumeRoleRequest(String iamRoleArn) {
         return new AssumeRoleRequest()
                 .withRoleArn(iamRoleArn)
                 .withDurationSeconds(STS_CREDENTIALS_DURATION_SECONDS)

src/main/resources/com/cloudbees/jenkins/plugins/awscredentials/AWSCredentialsImpl/help-accessKey.html

@@ -0,0 +1,3 @@
+<div>
+    The access key and secret key may be left blank in case you are selecting an IAM role.
+</div>

src/main/resources/index.jelly

@@ -0,0 +1,7 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<?jelly escape-by-default='true'?>
+<div>
+    Allows storing Amazon IAM credentials within the Jenkins Credentials API.
+    Store Amazon IAM access keys (AWSAccessKeyId and AWSSecretKey) within the Jenkins Credentials API.
+    Also support IAM Roles and IAM MFA Token.
+</div>