refactor ec2 client creation

* remove use of deprecated AWS SDK classes
* use builders for EC2 clients
* some cleanup and refactoring
* clarify endpoint vs region usage

Author: gschueler

src/main/java/com/dtolabs/rundeck/plugin/resources/ec2/EC2ResourceModelSource.java

@@ -23,12 +23,16 @@
 */
 package com.dtolabs.rundeck.plugin.resources.ec2;
 
-import com.amazonaws.auth.*;
 import com.amazonaws.ClientConfiguration;
+import com.amazonaws.auth.*;
+import com.amazonaws.regions.RegionUtils;
+import com.amazonaws.regions.Regions;
 import com.amazonaws.services.securitytoken.AWSSecurityTokenService;
 import com.amazonaws.services.securitytoken.AWSSecurityTokenServiceClientBuilder;
-import com.amazonaws.services.securitytoken.model.*;
-import com.dtolabs.rundeck.core.common.*;
+import com.amazonaws.services.securitytoken.model.AssumeRoleRequest;
+import com.amazonaws.services.securitytoken.model.AssumeRoleResult;
+import com.amazonaws.services.securitytoken.model.Credentials;
+import com.dtolabs.rundeck.core.common.INodeSet;
 import com.dtolabs.rundeck.core.plugins.configuration.ConfigurationException;
 import com.dtolabs.rundeck.core.resources.ResourceModelSource;
 import com.dtolabs.rundeck.core.resources.ResourceModelSourceException;
@@ -40,7 +44,9 @@
 import org.slf4j.LoggerFactory;
 
 import java.io.*;
-import java.util.*;
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.Properties;
 import java.util.concurrent.ExecutionException;
 import java.util.concurrent.ExecutorService;
 import java.util.concurrent.Executors;
@@ -91,8 +97,7 @@ public class EC2ResourceModelSource implements ResourceModelSource {
     final String externalId;
     int pageResults;
 
-    AWSCredentials credentials;
-    ClientConfiguration clientConfiguration = new ClientConfiguration();;
+    ClientConfiguration clientConfiguration = new ClientConfiguration();
 
     INodeSet iNodeSet;
     static final Properties defaultMapping = new Properties();
@@ -153,6 +158,7 @@ public class EC2ResourceModelSource implements ResourceModelSource {
     }
 
     public EC2ResourceModelSource(final Properties configuration, final Services services) {
+        this.services = services;
         this.accessKey = configuration.getProperty(EC2ResourceModelSourceFactory.ACCESS_KEY);
         this.secretKey = configuration.getProperty(EC2ResourceModelSourceFactory.SECRET_KEY);
         this.region = configuration.getProperty(EC2ResourceModelSourceFactory.REGION);
@@ -202,53 +208,64 @@ public EC2ResourceModelSource(final Properties configuration, final Services ser
                 EC2ResourceModelSourceFactory.RUNNING_ONLY));
             logger.info("[debug] runningOnly:" + runningOnly);
         }
-        if (null != accessKey && null != secretKeyStoragePath) {
 
-            KeyStorageTree keyStorage = services.getService(KeyStorageTree.class);
-            String secretKey =  getPasswordFromKeyStorage(secretKeyStoragePath, keyStorage);
 
-            credentials = new BasicAWSCredentials(accessKey.trim(), secretKey.trim());
-        }else if (null != accessKey && null != secretKey) {
-            credentials = new BasicAWSCredentials(accessKey.trim(), secretKey.trim());
-        }
         if (null != httpProxyHost && !"".equals(httpProxyHost)) {
-            clientConfiguration.setProxyHost(httpProxyHost);
-            clientConfiguration.setProxyPort(httpProxyPort);
-            clientConfiguration.setProxyUsername(httpProxyUser);
-            clientConfiguration.setProxyPassword(httpProxyPass);
+            this.clientConfiguration.setProxyHost(httpProxyHost);
+            this.clientConfiguration.setProxyPort(httpProxyPort);
+            this.clientConfiguration.setProxyUsername(httpProxyUser);
+            this.clientConfiguration.setProxyPassword(httpProxyPass);
         }
-        queryAsync = !("true".equals(configuration.getProperty(SYNCHRONOUS_LOAD)) || refreshInterval <= 0);
 
-        initialize();
-    }
+        queryAsync = !("true".equals(configuration.getProperty(SYNCHRONOUS_LOAD)) || refreshInterval <= 0);
 
-    private void initialize() {
         final ArrayList<String> params = new ArrayList<String>();
         if (null != filterParams) {
             Collections.addAll(params, filterParams.split(";"));
         }
         loadMapping();
 
-        if (this.credentials == null) {
-            if(this.externalId != null && this.assumeRoleArnCombinedWithExtId != null){
-                this.credentials = createAwsCredentials(null, this.assumeRoleArnCombinedWithExtId, this.externalId);
-            }
+        mapper = new InstanceToNodeMapper(createEc2Supplier(), mapping, pageResults);
+        mapper.setFilterParams(params);
+        mapper.setEndpoint(endpoint);
+        mapper.setRegion(region);
+        mapper.setRunningStateOnly(runningOnly);
+    }
 
-            if(assumeRoleArn != null) {
-                AWSCredentialsProvider provider = null;
-                if(this.credentials != null){
-                    provider = new AWSStaticCredentialsProvider(credentials);
-                }
 
-                credentials = createAwsCredentials(provider, assumeRoleArn, null);
+    protected AWSCredentials createCredentials() {
+        if (null != accessKey && null != secretKeyStoragePath) {
+            KeyStorageTree keyStorage = services.getService(KeyStorageTree.class);
+            String secretKey = getPasswordFromKeyStorage(secretKeyStoragePath, keyStorage);
+            return new BasicAWSCredentials(accessKey.trim(), secretKey.trim());
+        } else if (null != accessKey && null != secretKey) {
+            return new BasicAWSCredentials(accessKey.trim(), secretKey.trim());
+        }
+
+        AWSCredentials credentials = null;
+        if (this.externalId != null && this.assumeRoleArnCombinedWithExtId != null) {
+            credentials = createAwsCredentials(null, this.assumeRoleArnCombinedWithExtId, this.externalId);
+        }
+
+        if (assumeRoleArn != null) {
+            AWSCredentialsProvider provider = null;
+            if (credentials != null) {
+                provider = new AWSStaticCredentialsProvider(credentials);
             }
+
+            return createAwsCredentials(provider, assumeRoleArn, null);
         }
+        return credentials;
+    }
 
-        mapper = new InstanceToNodeMapper(this.credentials, mapping, clientConfiguration, pageResults);
-        mapper.setFilterParams(params);
-        mapper.setEndpoint(endpoint);
-        mapper.setRegion(region);
-        mapper.setRunningStateOnly(runningOnly);
+
+    private EC2SupplierImpl createEc2Supplier() {
+        return new EC2SupplierImpl(
+                createCredentials(),
+                clientConfiguration,
+                // Use old default us-east-1 for AWS EC2, to maintain default behavior for existing configurations
+                RegionUtils.getRegion(Regions.US_EAST_1.getName())
+        );
     }
 
     private AWSCredentials createAwsCredentials(AWSCredentialsProvider provider, String assumeRoleArn, String externalId) {

src/main/java/com/dtolabs/rundeck/plugin/resources/ec2/EC2ResourceModelSourceFactory.java

@@ -77,8 +77,10 @@ public class EC2ResourceModelSourceFactory implements ResourceModelSourceFactory
     public static final String HTTP_PROXY_PASS = "httpProxyPass";
     public static final String MAX_RESULTS = "pageResults";
 
+    public EC2ResourceModelSourceFactory() {
+
+    }
     public EC2ResourceModelSourceFactory(final Framework framework) {
-        this.framework = framework;
     }
 
     public ResourceModelSource createResourceModelSource(Services services, final Properties configuration) throws ConfigurationException {
@@ -92,6 +94,10 @@ public ResourceModelSource createResourceModelSource(Properties configuration) t
     }
 
     static Description DESC = DescriptionBuilder.builder()
+
+    public static final Map<String, Object> PASSWORD_OPTIONS = Collections.singletonMap(StringRenderingConstants.DISPLAY_TYPE_KEY, StringRenderingConstants.DisplayType.PASSWORD);
+
+    public static final Description DESC = DescriptionBuilder.builder()
             .name(PROVIDER_NAME)
             .title("AWS EC2 Resources")
             .description("Produces nodes from AWS EC2")
@@ -106,7 +112,7 @@ public ResourceModelSource createResourceModelSource(Properties configuration) t
                             null,
                             null,
                             null,
-                            Collections.singletonMap("displayType", (Object) StringRenderingConstants.DisplayType.PASSWORD)
+                            PASSWORD_OPTIONS
                     )
             )
             .property(
@@ -118,11 +124,11 @@ public ResourceModelSource createResourceModelSource(Properties configuration) t
                             null,
                             null,
                             null,
-                            new HashMap<String, Object>(){{
-                                put(StringRenderingConstants.SELECTION_ACCESSOR_KEY,StringRenderingConstants.SelectionAccessor.STORAGE_PATH);
-                                put(StringRenderingConstants.STORAGE_PATH_ROOT_KEY,"keys");
-                                put(StringRenderingConstants.STORAGE_FILE_META_FILTER_KEY, "Rundeck-data-type=password");
-                            }}
+                            Map.of(
+                                StringRenderingConstants.SELECTION_ACCESSOR_KEY, StringRenderingConstants.SelectionAccessor.STORAGE_PATH,
+                                StringRenderingConstants.STORAGE_PATH_ROOT_KEY, "keys",
+                                StringRenderingConstants.STORAGE_FILE_META_FILTER_KEY, "Rundeck-data-type=password"
+                            )
                     )
             )
             .property(

src/main/java/com/dtolabs/rundeck/plugin/resources/ec2/EC2Supplier.java

@@ -0,0 +1,31 @@
+package com.dtolabs.rundeck.plugin.resources.ec2;
+
+import com.amazonaws.services.ec2.AmazonEC2;
+
+/**
+ * Interface for supplying AmazonEC2 clients
+ */
+public interface EC2Supplier {
+    /**
+     * Return an AmazonEC2 client for the default region
+     *
+     * @return AmazonEC2 client
+     */
+    AmazonEC2 getEC2ForDefaultRegion();
+
+    /**
+     * Return an AmazonEC2 client for the specified region
+     *
+     * @param region region name
+     * @return AmazonEC2 client
+     */
+    AmazonEC2 getEC2ForRegion(String region);
+
+    /**
+     * Return an AmazonEC2 client for the specified endpoint
+     *
+     * @param endpoint endpoint URL
+     * @return AmazonEC2 client
+     */
+    AmazonEC2 getEC2ForEndpoint(String endpoint);
+}

src/main/java/com/dtolabs/rundeck/plugin/resources/ec2/EC2SupplierImpl.java

@@ -0,0 +1,72 @@
+package com.dtolabs.rundeck.plugin.resources.ec2;
+
+import com.amazonaws.ClientConfiguration;
+import com.amazonaws.auth.AWSCredentials;
+import com.amazonaws.auth.AWSStaticCredentialsProvider;
+import com.amazonaws.client.builder.AwsClientBuilder;
+import com.amazonaws.regions.Region;
+import com.amazonaws.regions.Regions;
+import com.amazonaws.services.ec2.AmazonEC2;
+import com.amazonaws.services.ec2.AmazonEC2ClientBuilder;
+
+
+/**
+ * Implementation of EC2Supplier, uses the AWS SDK to create AmazonEC2 clients via the AmazonEC2ClientBuilder
+ */
+public class EC2SupplierImpl implements EC2Supplier {
+    final private AWSCredentials credentials;
+    final private ClientConfiguration clientConfiguration;
+    final private Region defaultRegion;
+
+    /**
+     * Create an instance with the specified credentials and client configuration
+     *
+     * @param credentials         AWS credentials
+     * @param clientConfiguration client configuration
+     * @param region              default region
+     */
+    public EC2SupplierImpl(AWSCredentials credentials, ClientConfiguration clientConfiguration, Region region) {
+        this.credentials = credentials;
+        this.clientConfiguration = clientConfiguration;
+        this.defaultRegion = region;
+    }
+
+    @Override
+    public AmazonEC2 getEC2ForDefaultRegion() {
+        return getEC2ForRegion(null);
+    }
+
+    /**
+     * Return an AmazonEC2 client for the specified region, if the region is null, the default region is used
+     *
+     * @param region region name
+     * @return AmazonEC2 client
+     */
+    @Override
+    public AmazonEC2 getEC2ForRegion(String region) {
+        if (null == region) {
+            region = defaultRegion.getName();
+        }
+        AmazonEC2ClientBuilder builder = AmazonEC2ClientBuilder.standard().withRegion(region).withClientConfiguration(clientConfiguration);
+        if (null != credentials) {
+            builder.withCredentials(new AWSStaticCredentialsProvider(credentials));
+        }
+        return builder.build();
+    }
+
+    @Override
+    public AmazonEC2 getEC2ForEndpoint(String endpoint) {
+        if (null == endpoint) {
+            return getEC2ForDefaultRegion();
+        }
+        AwsClientBuilder.EndpointConfiguration endpointConfiguration = new AwsClientBuilder.EndpointConfiguration(endpoint, null);
+        AmazonEC2ClientBuilder amazonEC2ClientBuilder = AmazonEC2ClientBuilder.standard().withEndpointConfiguration(endpointConfiguration);
+        if (null != credentials) {
+            amazonEC2ClientBuilder.withCredentials(new AWSStaticCredentialsProvider(credentials));
+        }
+        if (null != clientConfiguration) {
+            amazonEC2ClientBuilder.withClientConfiguration(clientConfiguration);
+        }
+        return amazonEC2ClientBuilder.build();
+    }
+}