[ALS-7716] Userless pushes for AVL role

Luke Sikina · Luke Sikina · commit edb5d265dc8e · 2025-03-28T10:13:47.000-04:00
diff --git a/uploader/src/main/java/edu/harvard/dbmi/avillach/dataupload/aws/AWSClientBuilder.java b/uploader/src/main/java/edu/harvard/dbmi/avillach/dataupload/aws/AWSClientBuilder.java
@@ -3,9 +3,11 @@
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Value;
 import org.springframework.context.annotation.Profile;
 import org.springframework.stereotype.Service;
 import software.amazon.awssdk.auth.credentials.AwsSessionCredentials;
+import software.amazon.awssdk.auth.credentials.InstanceProfileCredentialsProvider;
 import software.amazon.awssdk.auth.credentials.StaticCredentialsProvider;
 import software.amazon.awssdk.http.SdkHttpClient;
 import software.amazon.awssdk.services.s3.S3Client;
@@ -27,18 +29,21 @@ public class AWSClientBuilder {
     private final StsClientProvider stsClientProvider;
     private final S3ClientBuilder s3ClientBuilder;
     private final SdkHttpClient sdkHttpClient;
+    private final boolean retainRole;
 
     @Autowired
     public AWSClientBuilder(
         Map<String, SiteAWSInfo> sites,
         StsClientProvider stsClientProvider,
         S3ClientBuilder s3ClientBuilder,
-        @Autowired(required = false) SdkHttpClient sdkHttpClient
+        @Autowired(required = false) SdkHttpClient sdkHttpClient,
+        @Value("${s3.retain_role:false}") boolean retainRole
     ) {
         this.sites = sites;
         this.stsClientProvider = stsClientProvider;
         this.s3ClientBuilder = s3ClientBuilder;
         this.sdkHttpClient = sdkHttpClient;
+        this.retainRole = false;
     }
 
     public Optional<S3Client> buildClientForSite(String siteName) {
@@ -48,6 +53,14 @@ public Optional<S3Client> buildClientForSite(String siteName) {
             return Optional.empty();
         }
 
+        if (retainRole) {
+            log.info("s3.retain_role set to true. Will retain current role rather than assuming one for site");
+            S3Client client = s3ClientBuilder
+                .credentialsProvider(InstanceProfileCredentialsProvider.create())
+                .build();
+            return Optional.of(client);
+        }
+
         log.info("Found site, making assume role request");
         SiteAWSInfo site = sites.get(siteName);
         AssumeRoleRequest roleRequest = AssumeRoleRequest.builder()
diff --git a/uploader/src/test/java/edu/harvard/dbmi/avillach/dataupload/aws/AWSClientBuilderTest.java b/uploader/src/test/java/edu/harvard/dbmi/avillach/dataupload/aws/AWSClientBuilderTest.java
@@ -6,10 +6,8 @@
 import org.mockito.Mockito;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.test.context.SpringBootTest;
-import org.springframework.boot.test.mock.mockito.MockBean;
-import org.springframework.boot.test.mock.mockito.SpyBean;
-import org.springframework.context.annotation.Profile;
 import org.springframework.test.context.ActiveProfiles;
+import org.springframework.test.context.bean.override.mockito.MockitoBean;
 import software.amazon.awssdk.auth.credentials.AwsCredentialsProvider;
 import software.amazon.awssdk.auth.credentials.AwsSessionCredentials;
 import software.amazon.awssdk.auth.credentials.StaticCredentialsProvider;
@@ -28,16 +26,16 @@
 @SpringBootTest
 class AWSClientBuilderTest {
 
-    @MockBean
+    @MockitoBean
     Map<String, SiteAWSInfo> sites;
 
-    @MockBean
+    @MockitoBean
     StsClient stsClient;
 
-    @MockBean
+    @MockitoBean
     StsClientProvider stsClientProvider;
 
-    @MockBean
+    @MockitoBean
     S3ClientBuilder s3ClientBuilder;
 
     @Autowired
diff --git a/uploader/src/test/java/edu/harvard/dbmi/avillach/dataupload/hpds/HPDSConnectionVerifierTest.java b/uploader/src/test/java/edu/harvard/dbmi/avillach/dataupload/hpds/HPDSConnectionVerifierTest.java
@@ -5,25 +5,22 @@
 import org.junit.jupiter.api.Assertions;
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.io.TempDir;
-import org.mockito.ArgumentMatcher;
 import org.mockito.Mockito;
 import org.springframework.boot.test.context.SpringBootTest;
-import org.springframework.boot.test.mock.mockito.MockBean;
+import org.springframework.test.context.bean.override.mockito.MockitoBean;
 
 import java.io.IOException;
 import java.nio.file.Files;
 import java.nio.file.Path;
 import java.util.UUID;
 
-import static org.junit.jupiter.api.Assertions.*;
-
 @SpringBootTest
 class HPDSConnectionVerifierTest {
 
-    @MockBean
+    @MockitoBean
     private HPDSClient client;
 
-    @MockBean
+    @MockitoBean
     private UUIDGenerator generator;
 
     private final Query query = new Query();
