Groovy Grape script to fetch a AWS Code Artifact token
Apache Groovy has a great feature called Grape:
Grape is a JAR dependency manager embedded into Groovy. Grape lets you quickly add maven repository dependencies to your classpath, making scripting even easier. The simplest use is as simple as adding an annotation to your script:
I recently needed a script to fetch a token to consume a AWS Code Artifact repository and save it in a local.properties file.
Script
The following script shows how easy is to do that with a Groovy Script:
codeartifact.groovy
@Grab(group='software.amazon.awssdk', module='codeartifact', version='2.16.42')
@Grab(group='software.amazon.awssdk', module='sts', version='2.16.42')
import software.amazon.awssdk.auth.credentials.ProfileCredentialsProvider
import software.amazon.awssdk.regions.Region
import software.amazon.awssdk.services.codeartifact.CodeartifactClient
import software.amazon.awssdk.services.codeartifact.CodeartifactClientBuilder
import software.amazon.awssdk.services.codeartifact.model.GetAuthorizationTokenRequest
import software.amazon.awssdk.services.codeartifact.model.GetAuthorizationTokenResponse
String awsCodeArtifactRegion = 'eu-central-1'
String awsCodeArtifactDomain = 'XXX'
String awsCodeArtifactOwner = 'YYY'
String awsCodeArtifactRepository = 'libs'
class Token {
String token
Long expiration
}
class TokenRequest {
String owner
String domain
String profile
String region
Integer durationSeconds
}
class TokenFetcher {
static Token fetchToken(TokenRequest tokenRequest) {
CodeartifactClient client = instantiateClient(tokenRequest)
GetAuthorizationTokenRequest request = authorizationTokenRequest(tokenRequest)
GetAuthorizationTokenResponse rsp = client.getAuthorizationToken(request)
new Token(token: rsp.authorizationToken(), expiration: rsp.expiration().toEpochMilli())
}
private static GetAuthorizationTokenRequest authorizationTokenRequest(TokenRequest tokenRequest) {
GetAuthorizationTokenRequest.Builder tokenRequestBuilder = GetAuthorizationTokenRequest.builder()
if (tokenRequest.durationSeconds) {
tokenRequestBuilder = tokenRequestBuilder.durationSeconds(tokenRequest.durationSeconds)
}
tokenRequestBuilder.domain(tokenRequest.domain)
tokenRequestBuilder.domainOwner(tokenRequest.owner)
(GetAuthorizationTokenRequest) tokenRequestBuilder.build()
}
private static CodeartifactClient instantiateClient(TokenRequest tokenRequest) {
CodeartifactClientBuilder builder = CodeartifactClient.builder()
if (tokenRequest.region) {
builder = builder.region(Region.of(tokenRequest.region))
}
if (tokenRequest.profile) {
builder = builder.credentialsProvider(ProfileCredentialsProvider.create(tokenRequest.profile))
}
builder.build()
}
}
TokenRequest tokenRequest = new TokenRequest()
tokenRequest.owner = awsCodeArtifactOwner
tokenRequest.domain = awsCodeArtifactDomain
tokenRequest.durationSeconds = 43200L
tokenRequest.region = awsCodeArtifactRegion
Token token = TokenFetcher.fetchToken(tokenRequest)
println """\
{
"token": "${token.token}",
"expiration": "${token.expiration}",
}
"""
Properties properties = new Properties()
properties.setProperty("expiration","" + token.expiration)
properties.setProperty("codeartifactToken", token.token)
File outputFile = new File('local.properties')
if (!outputFile.exists()) {
outputFile.createNewFile()
}
properties.store(outputFile.newOutputStream(), "")
println "saved token to local.properties"
Run
To execute the script:
- Edit
codeartifact.groovyand enter your AWS Code Artifact region, domain, owner and lib parameters at the top of the file. - Run
aws configureand authenticate with a user with IAM access to AWS Code Artifact. - Run
groovy codeartifact.groovyand obtain a token.
We needed a script instead of using the AWS CLI always, because in some environments we did not have the AWS CLI installed and we only had a AWS Secret Key and Access key ID exposed as environment variables.
Tags:
#groovy
#aws
#awscodeartifact
Oct 2021, 18.