Added documentation and added another constructor for both region and IAM role.

akshayar · akshayar · commit b56dcc636994 · 2023-05-07T11:57:55.000+05:30
diff --git a/README.md b/README.md
@@ -8,6 +8,7 @@ This package implements an authentication plugin for the open-source Datastax Ja
 
 The plugin depends on the AWS SDK for Java. It uses `AWSCredentialsProvider` to obtain credentials. Because the IAuthenticator interface operates at the level of `InetSocketAddress`, you must specify the service endpoint to use for the connection.
 You can provide the Region in the constructor programmatically, via the `AWS_REGION` environment variable, or via the `aws.region` system property.
+You can also provide the IAM role, with which you want to connect with KeySpaces, in the constructor programmatically, via advanced.auth-provider.aws-role property in the conf file.
 
 The full documentation for the plugin is available at
 https://docs.aws.amazon.com/keyspaces/latest/devguide/programmatic.credentials.html#programmatic.credentials.SigV4_KEYSPACES.
@@ -35,29 +36,44 @@ You can specify the Region using one of the following four methods:
 * Constructor
 * Configuration
 
-## Environment Variable
+### Environment Variable
 
 You can use the `AWS_REGION` environment variable to match the endpoint that you are communicating with by setting it as part of your application start-up, as follows.
 
 ``` shell
 $ export AWS_Region=us-east-1
 ```
-## System Property
+### System Property
 
 You can use the `aws.region` Java system property by specifying it on the command line, as follows.
 
 ``` shell
 $ java -Daws.region=us=east-1 ...
 ```
 
-## Constructor
+### Constructor
 
 One of the constructors for `software.aws.mcs.auth.SigV4AuthProvider` takes a `String` representing the Region that will be used for that instance.
 
-## Configuration
+### Configuration
 
 Set the Region explicitly in your `advanced.auth-provider.class` configuration (see example below), by specifying the `advanced.auth-provider.aws-region` property.
 
+## Assume IAM Role Configuration
+
+You must configure the AWS Region that the plugin will use when authenticating using mechanism mentioned above. 
+You can also specify IAM Role (including cross-account IAM role) configuraiton using one of the 2 methods: 
+* Constructor
+* Configuration
+
+### Constructor
+
+One of the constructors for `software.aws.mcs.auth.SigV4AuthProvider` takes two String , first represening the region and second one representing IAM role ARN. 
+
+### Configuration
+
+Set the IAM Role explicitly in your `advanced.auth-provider.class` configuration (see example below), by specifying the `advanced.auth-provider.aws-role` property.
+
 ## Add the Authentication Plugin to the Application
 
 The authentication plugin supports version 4.x of the DataStax Java Driver for Cassandra.
diff --git a/src/main/java/software/aws/mcs/auth/SigV4AuthProvider.java b/src/main/java/software/aws/mcs/auth/SigV4AuthProvider.java
@@ -47,6 +47,7 @@
 import com.datastax.oss.driver.api.core.config.DriverOption;
 import com.datastax.oss.driver.api.core.context.DriverContext;
 import com.datastax.oss.driver.api.core.metadata.EndPoint;
+import org.apache.commons.lang3.StringUtils;
 import software.amazon.awssdk.auth.credentials.AwsCredentials;
 import software.amazon.awssdk.auth.credentials.AwsCredentialsProvider;
 import software.amazon.awssdk.auth.credentials.AwsSessionCredentials;
@@ -55,9 +56,7 @@
 import software.amazon.awssdk.regions.Region;
 import software.amazon.awssdk.regions.providers.DefaultAwsRegionProviderChain;
 import software.amazon.awssdk.services.sts.StsClient;
-import software.amazon.awssdk.services.sts.StsClientBuilder;
 import software.amazon.awssdk.services.sts.auth.StsAssumeRoleCredentialsProvider;
-import software.amazon.awssdk.services.sts.auth.StsGetSessionTokenCredentialsProvider;
 import software.amazon.awssdk.services.sts.model.AssumeRoleRequest;
 
 import static software.amazon.awssdk.auth.credentials.DefaultCredentialsProvider.create;
@@ -112,11 +111,7 @@ public String getPath() {
             }
         };
 
-    private final static DriverOption ROLE_OPTION = new DriverOption() {
-        public String getPath() {
-            return "advanced.auth-provider.aws-role";
-        }
-    };
+    private final static DriverOption ROLE_OPTION = () -> "advanced.auth-provider.aws-role";
 
     /**
      * This constructor is provided so that the driver can create
@@ -152,8 +147,19 @@ public SigV4AuthProvider(DriverContext driverContext) {
      * null value indicates to use the AWS_REGION environment
      * variable, or the "aws.region" system property to configure it.
      */
+    public SigV4AuthProvider(final String region) {
+        this(create(), region);
+    }
+
+    /**
+     * Create a new Provider, using the specified region and IAM role to assume.
+     * @param region the region (e.g. us-east-1) to use for signing. A
+     * null value indicates to use the AWS_REGION environment
+     * variable, or the "aws.region" system property to configure it.
+     * @param roleArn The IAM Role ARN which the connecting client should assume before connecting with Amazon Keyspaces.
+     */
     public SigV4AuthProvider(final String region,final String roleArn) {
-        this(Optional.ofNullable(roleArn).map(r->(AwsCredentialsProvider)createSTSRoleCredentialProvider(r,"keyspaces-session",region)).orElse(create()), region);
+        this(Optional.ofNullable(roleArn).map(r->(AwsCredentialsProvider)createSTSRoleCredentialProvider(r,region)).orElse(create()), region);
     }
 
     /**
@@ -393,10 +399,12 @@ static int indexOf(byte[] target, byte[] pattern) {
      * @param roleArn The ARN of the role to assume
      * @param sessionName The name of the session
      * @param stsRegion The region of the STS endpoint
-     * @return
+     * @return The STS role credential provider
      */
     private static StsAssumeRoleCredentialsProvider createSTSRoleCredentialProvider(String roleArn,
-                                                                     String sessionName, String stsRegion) {
+                                                                     String stsRegion) {
+        final String roleName= StringUtils.substringAfterLast(roleArn,":");
+        final String sessionName="keyspaces-session-"+roleName+System.currentTimeMillis();
         StsClient stsClient = StsClient.builder()
                 .region(Region.of(stsRegion))
                 .build();
