assumeRole patch

gistfile1.txt

diff --git a/build.gradle b/build.gradle
index b35e9a3..c8b2ba3 100644
--- a/build.gradle
+++ b/build.gradle
@@ -33,7 +33,7 @@ dependencies {
     compile 'com.sun.jersey:jersey-server:1.11'
     compile 'com.sun.jersey:jersey-servlet:1.11'
     compile 'org.slf4j:slf4j-api:1.6.4'
-    compile('com.amazonaws:aws-java-sdk:1.3.11') {
+    compile('com.amazonaws:aws-java-sdk:1.4.4.1') {
         exclude group:'org.codehaus.jackson'
     }
     compile 'joda-time:joda-time:2.0'
diff --git a/src/main/scala/com/netflix/edda/aws/AwsClient.scala b/src/main/scala/com/netflix/edda/aws/AwsClient.scala
index 379de56..cbb4409 100644
--- a/src/main/scala/com/netflix/edda/aws/AwsClient.scala
+++ b/src/main/scala/com/netflix/edda/aws/AwsClient.scala
@@ -28,13 +28,16 @@ import com.amazonaws.services.s3.AmazonS3Client
 import com.amazonaws.services.sqs.AmazonSQSClient
 import com.amazonaws.services.cloudwatch.AmazonCloudWatchClient
 import com.amazonaws.services.route53.AmazonRoute53Client
+import com.amazonaws.services.securitytoken.AWSSecurityTokenServiceClient
+import com.amazonaws.services.securitytoken.model.AssumeRoleRequest
+import com.amazonaws.services.securitytoken.model.AssumeRoleResult
 
 /** provides access to AWS service client objects
   *
   * @param credentials provider used to connect to AWS services
   * @param region used to select endpoint for AWS services
   */
-class AwsClient(val provider: AWSCredentialsProvider, val region: String) {
+class AwsClient(var provider: AWSCredentialsProvider, val region: String) {
 
   /** uses [[com.amazonaws.auth.AWSCredentials]] to create AWSCredentialsProvider
     *
@@ -60,6 +63,21 @@ class AwsClient(val provider: AWSCredentialsProvider, val region: String) {
   def this(accessKey: String, secretKey: String, region: String) =
     this(new BasicAWSCredentials(accessKey, secretKey), region)
 
+  def assumeRole(arn: String): AwsClient = {
+    val client = securityToken
+    provider = new AWSCredentialsProvider() {
+      val req = (new AssumeRoleRequest).withRoleArn(arn)
+      def update = {
+        var result = client.assumeRole(req) 
+        new BasicAWSCredentials(result.getCredentials.getAccessKeyId, result.getCredentials.getSecretAccessKey)
+      }
+      var cred = update
+      def getCredentials = cred
+      def refresh = cred = update
+    }
+    this
+  }
+
   /** get [[com.amazonaws.services.ec2.AmazonEC2Client]] object */
   def ec2 = {
     val client = new AmazonEC2Client(provider)
@@ -121,4 +139,11 @@ class AwsClient(val provider: AWSCredentialsProvider, val region: String) {
       client.setEndpoint("route53.amazonaws.com")
       client
    }
+
+  def securityToken = {
+    val client = new AWSSecurityTokenServiceClient(provider);
+    client.setEndpoint("sts.amazonaws.com");
+    client
+  }
+
 }
diff --git a/src/main/scala/com/netflix/edda/basic/BasicServer.scala b/src/main/scala/com/netflix/edda/basic/BasicServer.scala
index 26bea9d..9dafaba 100644
--- a/src/main/scala/com/netflix/edda/basic/BasicServer.scala
+++ b/src/main/scala/com/netflix/edda/basic/BasicServer.scala
@@ -57,13 +57,17 @@ class BasicServer extends HttpServlet {
     val bm = new BasicBeanMapper with AwsBeanMapper
 
     val awsClientFactory = (account: String) => {
-      Utils.getProperty("edda", "aws.accessKey", account, "").get match {
+      val client = Utils.getProperty("edda", "aws.accessKey", account, "").get match {
         case v if v.isEmpty => new AwsClient(Utils.getProperty("edda", "region", account, "").get)
         case accessKey => new AwsClient(
           accessKey,
           Utils.getProperty("edda", "aws.secretKey", account, "").get,
           Utils.getProperty("edda", "region", account, "").get)
       }
+      Utils.getProperty("edda", "aws.assumeRoleArn", account, "").get match {
+        case v if v.isEmpty => client
+        case arn => client.assumeRole(arn)
+      }
     }
 
     AwsCollectionBuilder.buildAll(BasicContext, awsClientFactory, bm, elector, dsFactory)