9

AWS CodeArtifact, for example, authenticates with a token valid for 12 hours. A typical setup of maven with CodeArtifact is:

<servers>
  <server>
    <id>my-domain--my-repo</id>
    <username>aws</username>
    <password>${env.CODEARTIFACT_AUTH_TOKEN}</password>
  </server>
</servers>

in settings.xml and executing

export CODEARTIFACT_AUTH_TOKEN=$(
      aws codeartifact get-authorization-token \
            --domain my-domain \
            --domain-owner 123456789012 \
            --query authorizationToken \
            --output text
)

in terminal every 12 hours before invoking mvn.

I thought I could have:

<servers>
  <server>
    <id>my-domain--my-repo</id>
    <username>aws</username>
    <password>${codeartifact.auth.token}</password>
  </server>
</servers>

in settings.xml and then have a

<plugin>
  <groupId>org.codehaus.gmaven</groupId>
  <artifactId>gmaven-plugin</artifactId>
  <version>1.5</version>
  <executions>
    <execution>
      <phase>validate</phase>
      <goals>
        <goal>execute</goal>
      </goals>
      <configuration>
        <providerSelection>2.0</providerSelection>
        <properties>
          <script>aws codeartifact get-authorization-token --domain my-domain --domain-owner 123456789012 --query authorizationToken --output text</script>
        </properties>
        <source>
          def command = project.properties.script
          def process = command.execute()
          process.waitFor()

          def token = process.in.text.trim()

          project.properties.setProperty('codeartifact.auth.token', token)
        </source>
      </configuration>
    </execution>
  </executions>
</plugin>

section in pom.xml to automate CodeArtifact token retrieval.

Except it didn't work. I wonder if the idea I have is valid altogether and what didn't work is just implementation flaw. Or is it just not possible to have this kind of automation with maven.

1
  • 4
    Have you been able to solve this? We are also looking for an integration of AWS CodeArtifact and want to automate the process of getting the authorization token.
    – Alig
    Commented Jan 8, 2021 at 6:13

1 Answer 1

Reset to default
0

  1. macOS

    launchctl setenv CODEARTIFACT_AUTH_TOKEN $(aws codeartifact get-authorization-token --domain your-codeartifact-domain --domain-owner 12345678 --region your-codeartifact-region --query authorizationToken --output text --profile your-profile-if-needed)

  2. Windows

    setx CODEARTIFACT_AUTH_TOKEN $(aws codeartifact get-authorization-token --domain your-codeartifact-domain --domain-owner 12345678 --region your-codeartifact-region --query authorizationToken --output text --profile your-profile-if-needed)

This makes the CODEARTIFACT_AUTH_TOKEN env var available to all new processes (such as IDEs) from that point until it expires. Maven will resolve ${env.CODEARTIFACT_AUTH_TOKEN} properly.

I assume Linux users know how to set up their .profile or equivalent.

Not the answer you're looking for? Browse other questions tagged or ask your own question.