Merge branch 'master' into sb-3-0-13

spinnaker · Feb 19, 2025 · e986e74 · e986e74
2 parents 8ffa31a + 15f5d51
commit e986e74
Show file tree

Hide file tree

Showing 23 changed files with 355 additions and 113 deletions.
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -23,6 +23,9 @@ jobs:
           fetch-depth: 0
       - name: Set up QEMU
         uses: docker/setup-qemu-action@v3
+        with:
+          ## Temporary due to bug in qemu:  https://github.com/docker/setup-qemu-action/issues/198
+          image: tonistiigi/binfmt:qemu-v7.0.0-28
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
       - uses: actions/setup-java@v4

diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml
@@ -17,6 +17,9 @@ jobs:
           fetch-depth: 0
       - name: Set up QEMU
         uses: docker/setup-qemu-action@v3
+        with:
+          ## Temporary due to bug in qemu:  https://github.com/docker/setup-qemu-action/issues/198
+          image: tonistiigi/binfmt:qemu-v7.0.0-28
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
       - uses: actions/setup-java@v4

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -43,6 +43,9 @@ jobs:
           echo BRANCH="$BRANCH" >> $GITHUB_ENV
       - name: Set up QEMU
         uses: docker/setup-qemu-action@v3
+        with:
+          ## Temporary due to bug in qemu:  https://github.com/docker/setup-qemu-action/issues/198
+          image: tonistiigi/binfmt:qemu-v7.0.0-28
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
       - uses: actions/setup-java@v4

diff --git a/.../src/main/java/com/netflix/spinnaker/clouddriver/aws/provider/config/ProviderHelpers.java b/.../src/main/java/com/netflix/spinnaker/clouddriver/aws/provider/config/ProviderHelpers.java
@@ -196,7 +196,7 @@ public static BuildResult buildAwsProviderAgents(
               new AmazonCloudFormationCachingAgent(
                   amazonClientProvider, credentials, region.getName(), registry));
         }
-        if (credentials.getEddaEnabled()
+        if (credentials.isEddaEnabled()
             && !eddaTimeoutConfig.getDisabledRegions().contains(region.getName())) {
           newlyAddedAgents.add(
               new EddaLoadBalancerCachingAgent(

diff --git a/...main/java/com/netflix/spinnaker/clouddriver/aws/security/AssumeRoleAmazonCredentials.java b/...main/java/com/netflix/spinnaker/clouddriver/aws/security/AssumeRoleAmazonCredentials.java
@@ -21,6 +21,7 @@
 import com.netflix.spinnaker.fiat.model.resources.Permissions;
 import java.util.List;
 import java.util.Objects;
+import lombok.Getter;
 
 /**
  * Provides an Amazon credential pack that uses Assume Role
@@ -37,11 +38,12 @@ static AWSCredentialsProvider createSTSCredentialsProvider(
       String accountId,
       String assumeRole,
       String sessionName,
+      Integer sessionDurationSeconds,
       String externalId) {
     String assumeRoleValue = Objects.requireNonNull(assumeRole, "assumeRole");
     if (!assumeRoleValue.startsWith("arn:")) {
 
-      /**
+      /*
        * GovCloud and China regions need to have the full arn passed because of differing formats
        * Govcloud: arn:aws-us-gov:iam China: arn:aws-cn:iam Longer term fix is to have separate
        * providers for aws-ec2-gov and aws-ec2-cn since their IAM realms are separate from standard
@@ -58,16 +60,19 @@ static AWSCredentialsProvider createSTSCredentialsProvider(
             credentialsProvider,
             assumeRoleValue,
             Objects.requireNonNull(sessionName, "sessionName"),
+            sessionDurationSeconds,
             accountId,
             externalId);
   }
 
   /** The role to assume on the target account. */
-  private final String assumeRole;
+  @Getter private final String assumeRole;
 
-  private final String sessionName;
+  @Getter private final String sessionName;
 
-  private final String externalId;
+  @Getter private final Integer sessionDurationSeconds;
+
+  @Getter private final String externalId;
 
   public AssumeRoleAmazonCredentials(
       @JsonProperty("name") String name,
@@ -84,6 +89,7 @@ public AssumeRoleAmazonCredentials(
       @JsonProperty("allowPrivateThirdPartyImages") boolean allowPrivateThirdPartyImages,
       @JsonProperty("assumeRole") String assumeRole,
       @JsonProperty("sessionName") String sessionName,
+      @JsonProperty("sessionDurationSeconds") Integer sessionDurationSeconds,
       @JsonProperty("externalId") String externalId) {
     this(
         name,
@@ -101,6 +107,7 @@ public AssumeRoleAmazonCredentials(
         null,
         assumeRole,
         sessionName,
+        sessionDurationSeconds,
         externalId);
   }
 
@@ -122,6 +129,7 @@ public AssumeRoleAmazonCredentials(
         credentialsProvider,
         copy.getAssumeRole(),
         copy.getSessionName(),
+        copy.getSessionDurationSeconds(),
         copy.getExternalId());
   }
 
@@ -141,6 +149,7 @@ public AssumeRoleAmazonCredentials(
       AWSCredentialsProvider credentialsProvider,
       String assumeRole,
       String sessionName,
+      Integer sessionDurationSeconds,
       String externalId) {
     super(
         name,
@@ -160,21 +169,11 @@ public AssumeRoleAmazonCredentials(
             accountId,
             assumeRole,
             sessionName == null ? DEFAULT_SESSION_NAME : sessionName,
+            sessionDurationSeconds,
             externalId));
     this.assumeRole = assumeRole;
     this.sessionName = sessionName == null ? DEFAULT_SESSION_NAME : sessionName;
+    this.sessionDurationSeconds = sessionDurationSeconds;
     this.externalId = externalId;
   }
-
-  public String getAssumeRole() {
-    return assumeRole;
-  }
-
-  public String getSessionName() {
-    return sessionName;
-  }
-
-  public String getExternalId() {
-    return externalId;
-  }
 }
diff --git a/...rc/main/java/com/netflix/spinnaker/clouddriver/aws/security/NetflixAmazonCredentials.java b/...rc/main/java/com/netflix/spinnaker/clouddriver/aws/security/NetflixAmazonCredentials.java
@@ -20,11 +20,13 @@
 import com.fasterxml.jackson.annotation.JsonProperty;
 import com.netflix.spinnaker.fiat.model.resources.Permissions;
 import java.util.List;
+import lombok.Getter;
 
 /**
  * An implementation of {@link AmazonCredentials} that is decorated with Netflix concepts like Edda,
  * Discovery, Front50,
  */
+@Getter
 public class NetflixAmazonCredentials extends AmazonCredentials {
   private final String edda;
   private final boolean eddaEnabled;
@@ -108,15 +110,15 @@ public NetflixAmazonCredentials(
         copy.getAllowPrivateThirdPartyImages(),
         credentialsProvider,
         copy.getEdda(),
-        copy.getEddaEnabled(),
+        copy.isEddaEnabled(),
         copy.getDiscovery(),
-        copy.getDiscoveryEnabled(),
+        copy.isDiscoveryEnabled(),
         copy.getFront50(),
-        copy.getFront50Enabled(),
+        copy.isFront50Enabled(),
         copy.getBastionHost(),
-        copy.getBastionEnabled(),
-        copy.getShieldEnabled(),
-        copy.getLambdaEnabled());
+        copy.isBastionEnabled(),
+        copy.isShieldEnabled(),
+        copy.isLambdaEnabled());
   }
 
   NetflixAmazonCredentials(
@@ -165,47 +167,7 @@ public NetflixAmazonCredentials(
     this.front50Enabled = flagValue(front50, front50Enabled);
     this.bastionHost = bastionHost;
     this.bastionEnabled = flagValue(bastionHost, bastionEnabled);
-    this.shieldEnabled = (shieldEnabled == null) ? false : shieldEnabled;
-    this.lambdaEnabled = (lambdaEnabled == null) ? false : lambdaEnabled;
-  }
-
-  public String getEdda() {
-    return edda;
-  }
-
-  public String getDiscovery() {
-    return discovery;
-  }
-
-  public String getFront50() {
-    return front50;
-  }
-
-  public String getBastionHost() {
-    return bastionHost;
-  }
-
-  public boolean getEddaEnabled() {
-    return eddaEnabled;
-  }
-
-  public boolean getDiscoveryEnabled() {
-    return discoveryEnabled;
-  }
-
-  public boolean getFront50Enabled() {
-    return front50Enabled;
-  }
-
-  public boolean getBastionEnabled() {
-    return bastionEnabled;
-  }
-
-  public boolean getShieldEnabled() {
-    return shieldEnabled;
-  }
-
-  public boolean getLambdaEnabled() {
-    return lambdaEnabled;
+    this.shieldEnabled = shieldEnabled != null && shieldEnabled;
+    this.lambdaEnabled = lambdaEnabled != null && lambdaEnabled;
   }
 }
diff --git a/...va/com/netflix/spinnaker/clouddriver/aws/security/NetflixAssumeRoleAmazonCredentials.java b/...va/com/netflix/spinnaker/clouddriver/aws/security/NetflixAssumeRoleAmazonCredentials.java
@@ -20,15 +20,19 @@
 import com.fasterxml.jackson.annotation.JsonProperty;
 import com.netflix.spinnaker.fiat.model.resources.Permissions;
 import java.util.List;
+import lombok.Getter;
 
 /** @see AssumeRoleAmazonCredentials */
+@Getter
 public class NetflixAssumeRoleAmazonCredentials extends NetflixAmazonCredentials {
 
   /** The role to assume on the target account. */
   private final String assumeRole;
 
   private final String sessionName;
 
+  private final Integer sessionDurationSeconds;
+
   private final String externalId;
 
   public NetflixAssumeRoleAmazonCredentials(
@@ -55,6 +59,7 @@ public NetflixAssumeRoleAmazonCredentials(
       @JsonProperty("shieldEnabled") Boolean shieldEnabled,
       @JsonProperty("assumeRole") String assumeRole,
       @JsonProperty("sessionName") String sessionName,
+      @JsonProperty("sessionDurationSeconds") Integer sessionDurationSeconds,
       @JsonProperty("lambdaEnabled") Boolean lambdaEnabled,
       @JsonProperty("externalId") String externalId) {
 
@@ -83,6 +88,7 @@ public NetflixAssumeRoleAmazonCredentials(
         shieldEnabled,
         assumeRole,
         sessionName,
+        sessionDurationSeconds,
         lambdaEnabled,
         externalId);
   }
@@ -104,17 +110,18 @@ public NetflixAssumeRoleAmazonCredentials(
         copy.getAllowPrivateThirdPartyImages(),
         credentialsProvider,
         copy.getEdda(),
-        copy.getEddaEnabled(),
+        copy.isEddaEnabled(),
         copy.getDiscovery(),
-        copy.getDiscoveryEnabled(),
+        copy.isDiscoveryEnabled(),
         copy.getFront50(),
-        copy.getFront50Enabled(),
+        copy.isFront50Enabled(),
         copy.getBastionHost(),
-        copy.getBastionEnabled(),
-        copy.getShieldEnabled(),
+        copy.isBastionEnabled(),
+        copy.isShieldEnabled(),
         copy.getAssumeRole(),
         copy.getSessionName(),
-        copy.getLambdaEnabled(),
+        copy.getSessionDurationSeconds(),
+        copy.isLambdaEnabled(),
         copy.getExternalId());
   }
 
@@ -143,6 +150,7 @@ public NetflixAssumeRoleAmazonCredentials(
       Boolean shieldEnabled,
       String assumeRole,
       String sessionName,
+      Integer sessionDurationSeconds,
       Boolean lambdaEnabled,
       String externalId) {
     super(
@@ -163,6 +171,7 @@ public NetflixAssumeRoleAmazonCredentials(
             accountId,
             assumeRole,
             sessionName == null ? AssumeRoleAmazonCredentials.DEFAULT_SESSION_NAME : sessionName,
+            sessionDurationSeconds,
             externalId),
         edda,
         eddaEnabled,
@@ -177,18 +186,7 @@ public NetflixAssumeRoleAmazonCredentials(
     this.assumeRole = assumeRole;
     this.sessionName =
         sessionName == null ? AssumeRoleAmazonCredentials.DEFAULT_SESSION_NAME : sessionName;
+    this.sessionDurationSeconds = sessionDurationSeconds;
     this.externalId = externalId;
   }
-
-  public String getAssumeRole() {
-    return assumeRole;
-  }
-
-  public String getSessionName() {
-    return sessionName;
-  }
-
-  public String getExternalId() {
-    return externalId;
-  }
 }