Use S3 credentials from environment if set

rdf-delta-server-extra/pom.xml

@@ -72,6 +72,13 @@
       <scope>test</scope>
     </dependency>
 
+    <dependency>
+      <groupId>uk.org.webcompere</groupId>
+      <artifactId>system-stubs-junit4</artifactId>
+      <version>2.1.3</version>
+      <scope>test</scope>
+    </dependency>
+
     <!-- Logging implementation for tests -->
     <dependency>
       <groupId>org.slf4j</groupId>

rdf-delta-server-extra/src/main/java/org/seaborne/delta/server/s3/S3.java

@@ -24,9 +24,7 @@
 import java.util.Properties;
 
 import com.amazonaws.AmazonServiceException;
-import com.amazonaws.auth.AWSCredentialsProvider;
-import com.amazonaws.auth.AWSStaticCredentialsProvider;
-import com.amazonaws.auth.AnonymousAWSCredentials;
+import com.amazonaws.auth.*;
 import com.amazonaws.auth.profile.ProfileCredentialsProvider;
 import com.amazonaws.client.builder.AwsClientBuilder.EndpointConfiguration;
 import com.amazonaws.services.s3.AmazonS3;
@@ -90,7 +88,7 @@ public static AmazonS3 buildS3(LocalServerConfig configuration) {
             // Needed for S3mock
             builder.withPathStyleAccessEnabled(true);
             builder.withEndpointConfiguration(new EndpointConfiguration(endpoint, region));
-            builder.withCredentials(new AWSStaticCredentialsProvider(new AnonymousAWSCredentials()));
+            builder.withCredentials(new EnvironmentVariableOrAnonymousCredentialsProvider());
         }
         if ( credentialsFile != null )
             builder.withCredentials(new ProfileCredentialsProvider(credentialsFile, credentialsProfile));
@@ -154,4 +152,23 @@ public Properties build() {
             return properties;
         }
     }
+
+    private static class EnvironmentVariableOrAnonymousCredentialsProvider implements AWSCredentialsProvider {
+
+        private final EnvironmentVariableCredentialsProvider delegate = new EnvironmentVariableCredentialsProvider();
+
+        @Override
+        public AWSCredentials getCredentials() {
+            try {
+                return delegate.getCredentials();
+            } catch (Exception ignored) {
+                return new AnonymousAWSCredentials();
+            }
+        }
+
+        @Override
+        public void refresh() {
+            delegate.refresh();
+        }
+    }
 }

rdf-delta-server-extra/src/test/java/org/seaborne/delta/server/s3/TestS3EnvironmentCredentials.java

@@ -0,0 +1,88 @@
+package org.seaborne.delta.server.s3;
+
+import com.amazonaws.auth.*;
+import com.amazonaws.services.s3.AmazonS3;
+import org.junit.Rule;
+import org.junit.Test;
+import org.junit.rules.TestName;
+import org.seaborne.delta.server.local.LocalServerConfig;
+import uk.org.webcompere.systemstubs.rules.EnvironmentVariablesRule;
+
+import java.lang.reflect.Field;
+import java.lang.reflect.UndeclaredThrowableException;
+
+import static org.junit.Assert.*;
+
+public class TestS3EnvironmentCredentials {
+
+    @Rule
+    public TestName testName = new TestName();
+
+    @Rule
+    public EnvironmentVariablesRule environmentVariablesRule = new EnvironmentVariablesRule(
+            "AWS_ACCESS_KEY_ID", "key id",
+            "AWS_SECRET_KEY", "key value"
+    );
+
+    @Test
+    public void buildS3_environmentCredentials() {
+        S3Config cfg = S3Config.create()
+                .bucketName("test-bucket")
+                .region("us-east-1")
+                .endpoint("http://localhost:8080")
+                .build();
+        LocalServerConfig config = S3.configZkS3("", cfg);
+        AmazonS3 aws = S3.buildS3(config);
+
+        AWSCredentialsProvider provider = getCredentialsProvider(aws);
+        AWSCredentials credentials = provider.getCredentials();
+
+        assertTrue(credentials instanceof BasicAWSCredentials);
+        assertEquals("key id", credentials.getAWSAccessKeyId());
+        assertEquals("key value", credentials.getAWSSecretKey());
+    }
+
+    @Test
+    public void buildS3_anonymousCredentials() {
+        environmentVariablesRule.set("AWS_ACCESS_KEY_ID", "", "AWS_SECRET_KEY", "");
+
+        S3Config cfg = S3Config.create()
+                .bucketName("test-bucket")
+                .region("us-east-1")
+                .endpoint("http://localhost:8080")
+                .build();
+        LocalServerConfig config = S3.configZkS3("", cfg);
+        AmazonS3 aws = S3.buildS3(config);
+
+        AWSCredentialsProvider provider = getCredentialsProvider(aws);
+        AWSCredentials credentials = provider.getCredentials();
+
+        assertTrue(credentials instanceof AnonymousAWSCredentials);
+        assertNull(credentials.getAWSAccessKeyId());
+        assertNull(credentials.getAWSSecretKey());
+    }
+
+    @Test
+    public void buildS3_defaultCredentials() {
+        S3Config cfg = S3Config.create()
+                .bucketName("test-bucket")
+                .region("us-east-1")
+                .build();
+        LocalServerConfig config = S3.configZkS3("", cfg);
+        AmazonS3 aws = S3.buildS3(config);
+
+        AWSCredentialsProvider provider = getCredentialsProvider(aws);
+        assertTrue(provider instanceof DefaultAWSCredentialsProviderChain);
+    }
+
+    private static AWSCredentialsProvider getCredentialsProvider(AmazonS3 s3) {
+        try {
+            Field field = s3.getClass().getDeclaredField("awsCredentialsProvider");
+            field.setAccessible(true);
+            return (AWSCredentialsProvider) field.get(s3);
+        } catch (NoSuchFieldException | IllegalAccessException e) {
+            throw new UndeclaredThrowableException(e);
+        }
+    }
+
+}