Allow live events to use vault for credentials

Change-Id: I6116261bec529b8e144408d9606f94ccfe8db833 Reviewed-on: https://gerrit.instructure.com/c/canvas-lms/+/254098 Tested-by: Service Cloud Jenkins <svc.cloudjenkins@instructure.com> Reviewed-by: Ethan Vizitei <evizitei@instructure.com> QA-Review: Jacob Burroughs <jburroughs@instructure.com> Product-Review: Jacob Burroughs <jburroughs@instructure.com>
2020-12-02 15:13:59 -06:00 · 2020-12-02 15:13:59 -06:00 · 19a2bab05c
parent 37e9c9d2c0
commit 19a2bab05c
4 changed files with 33 additions and 0 deletions
--- a/config/initializers/live_events.rb
+++ b/config/initializers/live_events.rb
@ -44,5 +44,12 @@ Rails.configuration.to_prepare do
      plugin_settings
    end
  }
+  LiveEvents.aws_credentials = -> (settings) {
+    if settings['vault_credential_path']
+      Canvas::Vault::AwsCredentialProvider.new(settings['vault_credential_path'])
+    else
+      nil
+    end
+  }
  LiveEvents.stream_client = StubbedClient if ENV['STUB_LIVE_EVENTS_KINESIS']
 end
--- a/gems/live_events/lib/live_events.rb
+++ b/gems/live_events/lib/live_events.rb
@ -34,6 +34,14 @@ module LiveEvents
      @settings.call
    end

+    def aws_credentials=(aws_credentials)
+      @aws_credentials = aws_credentials
+    end
+
+    def aws_credentials(config)
+      @aws_credentials.call(config)
+    end
+
    def max_queue_size=(size)
      @max_queue_size = size
    end
--- a/gems/live_events/lib/live_events/client.rb
+++ b/gems/live_events/lib/live_events/client.rb
@ -57,6 +57,10 @@ module LiveEvents
        aws[:secret_access_key] = plugin_config['aws_secret_access_key_dec']
      end

+      if plugin_config['custom_aws_credentials']
+        aws[:credentials] = LiveEvents.aws_credentials(plugin_config)
+      end
+
      aws[:region] = plugin_config['aws_region'].presence || 'us-east-1'

      if plugin_config['aws_endpoint'].present?
--- a/gems/live_events/spec/live_events/client_spec.rb
+++ b/gems/live_events/spec/live_events/client_spec.rb
@ -84,6 +84,20 @@ describe LiveEvents::Client do
      expect(res[:endpoint]).to eq("http://example.com:6543/")
      LiveEvents.worker.stop!
    end
+
+    it "should load custom creds" do
+      LiveEvents.aws_credentials = -> (settings) {
+        settings['value_to_return']
+      }
+
+      res = LiveEvents::Client.aws_config({
+        'custom_aws_credentials' => 'true',
+        'value_to_return' => 'a_value'
+      })
+
+      expect(res[:credentials]).to eq('a_value')
+      LiveEvents.worker.stop!
+    end
  end

  describe "post_event" do