Initial commit

Author: indyaah

.github/workflows/build.yaml

@@ -0,0 +1,17 @@
+name: Java CI
+
+on: [ push ]
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - name: Set up JDK 11
+        uses: actions/setup-java@v2
+        with:
+          java-version: '11'
+          distribution: 'adopt'
+          cache: maven
+      - name: Build with Maven
+        run: mvn verify

.gitignore

@@ -0,0 +1,2 @@
+.idea/*
+target/

.mvn/jvm.config

@@ -0,0 +1,5 @@
+--add-exports jdk.compiler/com.sun.tools.javac.api=ALL-UNNAMED
+--add-exports jdk.compiler/com.sun.tools.javac.file=ALL-UNNAMED
+--add-exports jdk.compiler/com.sun.tools.javac.parser=ALL-UNNAMED
+--add-exports jdk.compiler/com.sun.tools.javac.tree=ALL-UNNAMED
+--add-exports jdk.compiler/com.sun.tools.javac.util=ALL-UNNAMED

README.md

@@ -0,0 +1,39 @@
+# codeartifact-maven-extension
+
+## Problem Statement
+
+Current [recommended flow](https://docs.aws.amazon.com/codeartifact/latest/ug/maven-mvn.html) for
+using CodeArtifact as maven repository is to export authentication token into your environment and
+use that environment variable as part of user setting.xml (generally at `$M2_HOME/settings.xml`)
+
+This creates a couple of problems;
+
+1. Engineers have to keep exporting the token into their environment every 12 hours.
+2. IDEs (at least IntelliJ) cant resolve maven dependency and keep showing annoying pop-up.
+
+## Solution
+
+The goal of this extension is to allow
+injecting [CodeArtifact Auth token](https://docs.aws.amazon.com/codeartifact/latest/ug/tokens-authentication.html)
+into maven reactor and override values coming from `$M2_HOME/settings.xml`.
+
+## Notes
+
+The implementation is (intentionally) quite brittle and simple.
+
+When `MavenExecutionRequest` is fired in the build reactor; we intercept it and generate a token
+using AWS java SDK. For doing that we rely on following system properties;
+
+1. `CODEARTIFACT_USERNAME` defaults to `aws`
+2. `CODEARTIFACT_DOMAIN`
+3. `CODEARTIFACT_OWNER`
+
+The extension will generate a token for given code artifact domain and owner (account id). Any
+servers in the reactor that are using `CODEARTIFACT_USERNAME`'s value as username would have their
+password overridden dynamically with the geneated token value.
+
+All system properties could be passed from `<properties>` block in your root pom.xml or via CLI (
+e.g `-DCODEARTIFACT_DOMAIN="xxx`)
+
+The underlying AWS client uses default provider chain, which will allow you to override AWS profile
+being used by passing in `-Daws.profile` property (or setting `AWS_PROFILE` env var)

pom.xml

@@ -0,0 +1,104 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+    xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+
+    <groupId>com.github.indyaah</groupId>
+    <artifactId>codeartifact-maven-extension</artifactId>
+    <version>1.0.0</version>
+
+    <properties>
+        <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+        <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
+
+        <maven.compiler.source>1.8</maven.compiler.source>
+        <maven.compiler.target>1.8</maven.compiler.target>
+
+        <codeartifact.version>2.17.136</codeartifact.version>
+        <maven.version>3.8.4</maven.version>
+        <plexus.version>2.1.1</plexus.version>
+
+        <maven-plugin.version>3.6.4</maven-plugin.version>
+        <fmt-maven-plugin.version>2.13</fmt-maven-plugin.version>
+
+    </properties>
+
+    <dependencies>
+        <dependency>
+            <groupId>org.apache.maven</groupId>
+            <artifactId>maven-plugin-api</artifactId>
+            <version>${maven.version}</version>
+            <scope>provided</scope>
+        </dependency>
+
+        <dependency>
+            <groupId>org.apache.maven</groupId>
+            <artifactId>maven-core</artifactId>
+            <version>${maven.version}</version>
+            <scope>provided</scope>
+        </dependency>
+
+        <dependency>
+            <groupId>org.apache.maven</groupId>
+            <artifactId>maven-embedder</artifactId>
+            <version>${maven.version}</version>
+            <scope>provided</scope>
+        </dependency>
+
+        <dependency>
+            <groupId>org.apache.maven.plugin-tools</groupId>
+            <artifactId>maven-plugin-annotations</artifactId>
+            <version>${maven-plugin.version}</version>
+            <scope>provided</scope>
+        </dependency>
+
+
+        <dependency>
+            <groupId>org.codehaus.plexus</groupId>
+            <artifactId>plexus-component-annotations</artifactId>
+            <version>${plexus.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>software.amazon.awssdk</groupId>
+            <artifactId>codeartifact</artifactId>
+            <version>${codeartifact.version}</version>
+        </dependency>
+    </dependencies>
+
+    <build>
+        <plugins>
+            <plugin>
+                <groupId>org.codehaus.plexus</groupId>
+                <artifactId>plexus-component-metadata</artifactId>
+                <version>${plexus.version}</version>
+                <executions>
+                    <execution>
+                        <goals>
+                            <goal>generate-metadata</goal>
+                        </goals>
+                    </execution>
+                </executions>
+            </plugin>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-plugin-plugin</artifactId>
+                <version>${maven-plugin.version}</version>
+            </plugin>
+            <plugin>
+                <groupId>com.coveo</groupId>
+                <artifactId>fmt-maven-plugin</artifactId>
+                <version>${fmt-maven-plugin.version}</version>
+                <executions>
+                    <execution>
+                        <goals>
+                            <goal>check</goal>
+                        </goals>
+                    </execution>
+                </executions>
+            </plugin>
+
+        </plugins>
+
+    </build>
+</project>

src/main/java/com/github/indyaah/coreartifact/maven/CodeArtifactTokenInjectingSpy.java

@@ -0,0 +1,38 @@
+package com.github.indyaah.coreartifact.maven;
+
+import java.util.Properties;
+import javax.inject.Named;
+import org.apache.maven.eventspy.AbstractEventSpy;
+import org.apache.maven.execution.MavenExecutionRequest;
+import software.amazon.awssdk.services.codeartifact.CodeartifactClient;
+import software.amazon.awssdk.services.codeartifact.model.GetAuthorizationTokenRequest;
+import software.amazon.awssdk.services.codeartifact.model.GetAuthorizationTokenResponse;
+
+@Named("codeartifact-token")
+public class CodeArtifactTokenInjectingSpy extends AbstractEventSpy {
+
+  private final CodeartifactClient codeartifactClient = CodeartifactClient.builder().build();
+
+  @Override
+  public void onEvent(final Object event) {
+    if (!(event instanceof MavenExecutionRequest)) {
+      return;
+    }
+    final MavenExecutionRequest request = (MavenExecutionRequest) event;
+    final Properties systemProperties = request.getSystemProperties();
+
+    final String username = systemProperties.getProperty("CODEARTIFACT_USERNAME", "aws");
+    final String domain = systemProperties.getProperty("CODEARTIFACT_DOMAIN");
+    final String owner = systemProperties.getProperty("CODEARTIFACT_OWNER");
+
+    final GetAuthorizationTokenRequest tokenRequest =
+        GetAuthorizationTokenRequest.builder().domain(domain).domainOwner(owner).build();
+    final GetAuthorizationTokenResponse response =
+        codeartifactClient.getAuthorizationToken(tokenRequest);
+    final String token = response.authorizationToken();
+
+    request.getServers().stream()
+        .filter(server -> username.equalsIgnoreCase(server.getUsername()))
+        .forEach(server -> server.setPassword(token));
+  }
+}