Add Instance Profile Auth

hms-dbmi · Jan 15, 2024 · af78ccd · af78ccd
1 parent 4d95e62
commit af78ccd
Show file tree

Hide file tree

Showing 3 changed files with 21 additions and 4 deletions.
diff --git a/uploader/env-proto b/uploader/env-proto
@@ -4,10 +4,19 @@ AWS_SESSION_TOKEN=
 AWS_DATA_UPLOAD_ROLE=arn:aws:iam::111111111111:role/PicSureDataUploadRole
 AWS_SHARED_SECRET=
 AWS_S3_BUCKET_NAME=
-AWS_REGION
+AWS_REGION=us-east-1
 AWS_KEY_ID
+AUTH_METHOD=user
 
 DATA_UPLOAD_DB_DATABASE=data-upload
 DATA_UPLOAD_DB_HOST=uploader-db
 DATA_UPLOAD_DB_PASS=mycoolpassword
-DATA_UPLOAD_DB_USER=datauploaduser
+DATA_UPLOAD_DB_USER=datauploaduser
+DATA_UPLOAD_DB_ROOT_PASS=mycoolpassword
+
+FILE_SHARING_ROOT=/gic_query_results
+
+INSTITUTIONS=bch-dev
+HOME_INSTITUTION_NAME=bch-dev
+HOME_INSTITUTION_DISPLAY=BCH
+HOME_INSTITUTION_LONG_DISPLAY=Boston Children's Hospital
diff --git a/uploader/src/main/java/edu/harvard/dbmi/avillach/dataupload/aws/AWSConfiguration.java b/uploader/src/main/java/edu/harvard/dbmi/avillach/dataupload/aws/AWSConfiguration.java
@@ -66,8 +66,9 @@ public StsClient stsClients(
     }
 
     @Bean
-    @ConditionalOnProperty(name = "production", havingValue = "true")
+    @ConditionalOnProperty(name = "aws.authentication.method", havingValue = "user")
     AwsCredentials credentials() {
+        LOG.info("Authentication method is user. Attempting to resolve user credentials.");
         if (Strings.isBlank(key)) {
             LOG.error("No AWS key. Can't create client. Exiting");
             context.close();
@@ -82,6 +83,12 @@ AwsCredentials credentials() {
             return AwsSessionCredentials.create(key, secret, token);
         }
     }
+    @Bean
+    @ConditionalOnProperty(name = "aws.authentication.method", havingValue = "instance-profile")
+    AwsCredentials ipCredentials() {
+        LOG.info("Authentication method is instance-profile. Attempting to resolve instance profile credentials.");
+        return InstanceProfileCredentialsProvider.create().resolveCredentials();
+    }
 
     @Bean
     @ConditionalOnProperty(name = "production", havingValue = "true")

diff --git a/uploader/src/main/resources/application.properties b/uploader/src/main/resources/application.properties
@@ -12,11 +12,12 @@ aws.s3.session_token=${AWS_SESSION_TOKEN:}
 aws.s3.institution=${INSTITUTIONS}
 aws.region=${AWS_REGION}
 aws.kms.key_ids=${AWS_KEY_ID}
+aws.authentication.method=${AUTH_METHOD:noauth}
 
 production=true
 enable_file_sharing=true
 file_sharing_root=${FILE_SHARING_ROOT}
 institution.name=${HOME_INSTITUTION_NAME}
 institution.short-display=${HOME_INSTITUTION_DISPLAY}
 institution.long-display=${HOME_INSTITUTION_LONG_DISPLAY}
-server.port=80
+server.port=${PORT:80}