Adds support for AWS Credentials

docs/README.md

@@ -297,6 +297,56 @@ node {
 }
 ```
 
+### AWS Credentials
+
+AWS access keys credentials compatible with the [aws-credentials-plugin](https://github.com/jenkinsci/aws-credentials-plugin).
+
+- Value: *awsSecretKey*
+- Tags:
+  - `jenkins:credentials:type` = `awsAccessKeys`
+  - `jenkins:credentials:accesskeyid` = *accesskeyid*
+  - `jenkins:credentials:iamrolearn` = *iamrolearn* (optional)
+  - `jenkins:credentials:iamexternalid` = *iamexternalid* (optional)
+  - `jenkins:credentials:iammfaserialnumberid` = *iammfaserialnumberid* (optional)
+  - `jenkins:credentials:ststokenduration` = *ststokenduration* (optional)
+
+#### Example
+
+AWS CLI:
+
+```bash
+aws secretsmanager create-secret --name 'aws-keys' --secret-string 'supersecret' --tags 'Key=jenkins:credentials:type,Value=awsAccessKeys' 'Key=jenkins:credentials:accesskeyid,Value=youraccesskeyid' --description 'Some AWS access keys'
+```
+
+Declarative Pipeline:
+
+```groovy
+pipeline {
+    agent any
+    environment {
+        // Creates variables AWS_ACCESS_KEY_ID=accesskeyid, AWS_SECRET_ACCESS_KEY=superseccret
+        ARTIFACTORY = credentials('aws-keys')
+    }
+    stages {
+        stage('Foo') {
+            steps {
+              echo 'Hello world'
+            }
+        }
+    }
+}
+```
+
+Scripted Pipeline:
+
+```groovy
+node {
+    withCredentials([aws(credentialsId: 'aws')]) {
+        echo 'Hello world'
+    }
+}
+```
+
 ## Advanced Usage
 
 You may need to deal with multi-field credentials or vendor-specific credential types that the plugin does not (yet) support.

pom.xml

@@ -76,6 +76,11 @@
             <groupId>org.jenkins-ci.plugins.aws-java-sdk</groupId>
             <artifactId>aws-java-sdk-secretsmanager</artifactId>
         </dependency>
+        <dependency>
+            <groupId>org.jenkins-ci.plugins</groupId>
+            <artifactId>aws-credentials</artifactId>
+            <version>218.v1b_e9466ec5da_</version>
+        </dependency>
         <dependency>
             <groupId>io.jenkins</groupId>
             <artifactId>configuration-as-code</artifactId>

src/main/java/io/jenkins/plugins/credentials/secretsmanager/factory/CredentialsFactory.java

@@ -10,6 +10,7 @@
 import edu.umd.cs.findbugs.annotations.NonNull;
 import hudson.util.Secret;
 import io.jenkins.plugins.credentials.secretsmanager.Messages;
+import io.jenkins.plugins.credentials.secretsmanager.factory.aws.AwsAccessKeysCredentials;
 import io.jenkins.plugins.credentials.secretsmanager.factory.certificate.AwsCertificateCredentials;
 import io.jenkins.plugins.credentials.secretsmanager.factory.file.AwsFileCredentials;
 import io.jenkins.plugins.credentials.secretsmanager.factory.ssh_user_private_key.AwsSshUserPrivateKey;
@@ -52,6 +53,13 @@ public static Optional<StandardCredentials> create(String arn, String name, Stri
                 return Optional.of(new AwsCertificateCredentials(name, description, new SecretBytesSupplier(client, arn)));
             case Type.file:
                 return Optional.of(new AwsFileCredentials(name, description, filename, new SecretBytesSupplier(client, arn)));
+            case Type.awsAccessKeys:
+                final String accesskeyid = tags.getOrDefault(Tags.accesskeyid, "");
+                final String iamrolearn = tags.getOrDefault(Tags.iamrolearn, "");
+                final String iamexternalid = tags.getOrDefault(Tags.iamexternalid, "");
+                final String iammfaserialnumberid = tags.getOrDefault(Tags.iammfaserialnumberid, "");
+                final String ststokenduration = tags.get(Tags.ststokenduration);
+                return Optional.of(new AwsAccessKeysCredentials(name, description, new SecretSupplier(client, arn), accesskeyid, iamrolearn, iamexternalid, iammfaserialnumberid, ststokenduration != null ? Integer.parseInt(ststokenduration) : null));
             default:
                 return Optional.empty();
         }

src/main/java/io/jenkins/plugins/credentials/secretsmanager/factory/Tags.java

@@ -9,7 +9,11 @@ public abstract class Tags {
     public static final String filename = namespace + "filename";
     public static final String type = namespace + "type";
     public static final String username = namespace + "username";
-
+    public static final String accesskeyid = namespace + "accesskeyid";
+    public static final String iamrolearn = namespace + "iamrolearn";
+    public static final String iamexternalid = namespace + "iamexternalid";
+    public static final String iammfaserialnumberid = namespace + "iammfaserialnumberid";
+    public static final String ststokenduration = namespace + "ststokenduration";
     private Tags() {
 
     }

src/main/java/io/jenkins/plugins/credentials/secretsmanager/factory/Type.java

@@ -9,7 +9,7 @@ public abstract class Type {
     public static final String usernamePassword = "usernamePassword";
     public static final String sshUserPrivateKey = "sshUserPrivateKey";
     public static final String string = "string";
-
+    public static final String awsAccessKeys = "awsAccessKeys";
     private Type() {
 
     }

src/main/java/io/jenkins/plugins/credentials/secretsmanager/factory/aws/AwsAccessKeysCredentials.java

@@ -0,0 +1,110 @@
+package io.jenkins.plugins.credentials.secretsmanager.factory.aws;
+
+import com.amazonaws.auth.AWSCredentials;
+import com.amazonaws.auth.AWSCredentialsProvider;
+import com.cloudbees.jenkins.plugins.awscredentials.AWSCredentialsImpl;
+import com.cloudbees.jenkins.plugins.awscredentials.AmazonWebServicesCredentials;
+import com.cloudbees.plugins.credentials.CredentialsProvider;
+import com.cloudbees.plugins.credentials.CredentialsScope;
+import com.cloudbees.plugins.credentials.impl.BaseStandardCredentials;
+import hudson.Extension;
+import hudson.util.Secret;
+import io.jenkins.plugins.credentials.secretsmanager.AwsCredentialsProvider;
+import io.jenkins.plugins.credentials.secretsmanager.Messages;
+import org.apache.commons.lang3.NotImplementedException;
+
+import javax.annotation.Nonnull;
+import java.util.function.Supplier;
+
+public class AwsAccessKeysCredentials extends BaseStandardCredentials implements AmazonWebServicesCredentials, AWSCredentialsProvider {
+
+    private final Supplier<Secret> awsSecretKeySupplier;
+
+    private final String awsAccessKeyId;
+    private final String iamRoleArn;
+    private final String iamExternalId;
+    private final String iamMfaSerialNumber;
+    private final Integer stsTokenDuration;
+
+    public AwsAccessKeysCredentials(String id, String description, Supplier<Secret> awsSecretKeySupplier, String awsAccessKeyId, String iamRoleArn, String iamExternalId, String iamMfaSerialNumber, Integer stsTokenDuration) {
+        super(id, description);
+        this.awsAccessKeyId = awsAccessKeyId;
+        this.awsSecretKeySupplier = awsSecretKeySupplier;
+        this.iamRoleArn = iamRoleArn;
+        this.iamExternalId = iamExternalId;
+        this.iamMfaSerialNumber = iamMfaSerialNumber;
+        this.stsTokenDuration = stsTokenDuration;
+    }
+
+    @Override
+    public String getDisplayName() {
+        return getId();
+    }
+
+    @Override
+    public AWSCredentials getCredentials(String mfaToken) {
+        return getCredentialsImpl().getCredentials(mfaToken);
+    }
+
+    @Override
+    public AWSCredentials getCredentials() {
+        return getCredentialsImpl().getCredentials();
+    }
+
+    public AWSCredentialsImpl getCredentialsImpl() {
+        AWSCredentialsImpl credentials = new AWSCredentialsImpl(CredentialsScope.GLOBAL, getId(), this.awsAccessKeyId, this.awsSecretKeySupplier.get().getPlainText(), getDescription(),this.iamRoleArn, this.iamMfaSerialNumber, this.iamExternalId);
+        if(stsTokenDuration != null) {
+            credentials.setStsTokenDuration(this.stsTokenDuration);
+        }
+        return credentials;
+    }
+
+    @Override
+    public void refresh() {
+        throw new NotImplementedException();
+    }
+
+    @Extension
+    @SuppressWarnings("unused")
+    public static class DescriptorImpl extends BaseStandardCredentialsDescriptor {
+        @Override
+        @Nonnull
+        public String getDisplayName() {
+            return Messages.awsAccessKeys();
+        }
+
+        @Override
+        public String getIconClassName() {
+            return "symbol-credentials plugin-credentials";
+        }
+
+        @Override
+        public boolean isApplicable(CredentialsProvider provider) {
+            return provider instanceof AwsCredentialsProvider;
+        }
+    }
+
+    public Secret getAwsSecretKey() {
+        return awsSecretKeySupplier.get();
+    }
+
+    public String getAwsAccessKeyId() {
+        return awsAccessKeyId;
+    }
+
+    public String getIamRoleArn() {
+        return iamRoleArn;
+    }
+
+    public String getIamExternalId() {
+        return iamExternalId;
+    }
+
+    public String getIamMfaSerialNumber() {
+        return iamMfaSerialNumber;
+    }
+
+    public Integer getStsTokenDuration() {
+        return stsTokenDuration;
+    }
+}

src/main/java/io/jenkins/plugins/credentials/secretsmanager/factory/aws/AwsAccessKeysSnapshotTaker.java

@@ -0,0 +1,27 @@
+package io.jenkins.plugins.credentials.secretsmanager.factory.aws;
+
+import com.cloudbees.plugins.credentials.CredentialsSnapshotTaker;
+import hudson.Extension;
+import hudson.util.Secret;
+import io.jenkins.plugins.credentials.secretsmanager.factory.Snapshot;
+
+@Extension
+@SuppressWarnings("unused")
+public class AwsAccessKeysSnapshotTaker extends CredentialsSnapshotTaker<AwsAccessKeysCredentials> {
+    @Override
+    public Class<AwsAccessKeysCredentials> type() {
+        return AwsAccessKeysCredentials.class;
+    }
+
+    @Override
+    public AwsAccessKeysCredentials snapshot(AwsAccessKeysCredentials credential) {
+        return new AwsAccessKeysCredentials(credential.getId(), credential.getDescription(), new SecretSnapshot(Secret.fromString(credential.getCredentials().getAWSSecretKey())), credential.getAwsAccessKeyId(), credential.getIamRoleArn(), credential.getIamExternalId(), credential.getIamMfaSerialNumber(), credential.getStsTokenDuration());
+    }
+
+    private static class SecretSnapshot extends Snapshot<Secret> {
+        SecretSnapshot(Secret value) {
+            super(value);
+        }
+    }
+}
+

src/main/resources/io/jenkins/plugins/credentials/secretsmanager/Messages.properties

@@ -4,6 +4,7 @@ secretText = Secret Text
 usernamePassword = Username With Password
 sshUserPrivateKey = SSH User Private Key
 certificate = Certificate
+awsAccessKeys = AWS Credentials
 file = Secret File
 filter = Filter
 filters = Filters