Make credentials configurable

Close active-elastic-job#42 Close active-elastic-job#33

README.md

@@ -33,12 +33,42 @@ You have your Rails application deployed on the [Amazon Elastic Beanstalk](http:
   * Stay logged in and select the _IAM_ service from the services menu.
   * Create a new user and store the credentials.
   * Attach the **AmazonSQSFullAccess** policy to this user.
-4. Add four environment variables to the web environment
+4. Give your web application permissions to send messages to the SQS queue by adding:
+
   * Select the web environment that is currently hosting your application and open the _Software Configuration_ settings.
     * Add **AWS_ACCESS_KEY_ID** and set it to _access key id_ of the newly created user (from Step 3).
     * Add **AWS_SECRET_ACCESS_KEY** and set it to the _secret access key_ of the newly created user (from Step 3).
     * Add **AWS_REGION** and set it to the _region_ of the SQS queue, created in Step 2.
     * Add **DISABLE_SQS_CONSUMER** and set it to `true`.
+
+  * Alternatively, instead of passing the credentials through the these specific environment variables, you change the configuration and
+  use different variables.
+
+  ```Ruby
+  # config/application.rb
+  module YourApp
+    class Application < Rails::Application
+      config.active_elastic_job.aws_region =  # defaults to ENV['AWS_REGION']
+      config.active_elastic_job.aws_access_key_id = # defaults to ENV['AWS_ACCESS_KEY_ID']
+      config.active_elastic_job.aws_secret_access_key = # defaults to ENV['AWS_SECRET_ACCESS_KEY'] || ENV['AWS_SECRET_KEY'] || ENV['AMAZON_SECRET_ACCESS_KEY']
+      config.active_elastic_job.disable_sqs_confumer = # defaults to ENV['DISABLE_SQS_CONSUMER']
+    end
+  end
+  ```
+
+  * Or , if your web environment is runinng EC2 instances with sufficient permissions, you tell this gem to use the EC2 credentials:
+
+  ```Ruby
+  # config/application.rb
+  module YourApp
+    class Application < Rails::Application
+      config.active_elastic_job.aws_region =  # defaults to ENV['AWS_REGION']
+      config.active_elastic_job.aws_credentials = Aws::InstanceProfileCredentials.new
+      config.active_elastic_job.disable_sqs_confumer = # defaults to ENV['DISABLE_SQS_CONSUMER']
+    end
+  end
+  ```
+
 5. Create a worker environment:
   * Stay logged in and select the _Elastic Beanstalk_ option from the services menu.
   * Select your application, click the _Actions_ button and select **Launch New Environment**.

lib/active_elastic_job/railtie.rb

@@ -1,7 +1,13 @@
 module ActiveElasticJob
   class Railtie < Rails::Railtie
+    config.active_elastic_job = ActiveSupport::OrderedOptions.new
+    config.active_elastic_job.aws_region = ENV['AWS_REGION']
+    config.active_elastic_job.aws_access_key_id = ENV['AWS_ACCESS_KEY_ID']
+    config.active_elastic_job.aws_secret_access_key = ENV['AWS_SECRET_ACCESS_KEY'] || ENV['AWS_SECRET_KEY'] || ENV['AMAZON_SECRET_ACCESS_KEY']
+    config.active_elastic_job.disable_sqs_confumer = ENV['DISABLE_SQS_CONSUMER']
+
     initializer "active_elastic_job.insert_middleware" do |app|
-      disabled = ENV['DISABLE_SQS_CONSUMER']
+      disabled = app.config.active_elastic_job.disable_sqs_confumer
       if disabled == 'false' || disabled.nil?
         if app.config.force_ssl
           app.config.middleware.insert_before(ActionDispatch::SSL,ActiveElasticJob::Rack::SqsMessageConsumer)

lib/active_job/queue_adapters/active_elastic_job_adapter.rb

@@ -171,12 +171,17 @@ def check_job_size!(serialized_job)
         end
 
         def aws_sqs_client
-          @aws_key ||= ENV['AWS_SECRET_ACCESS_KEY'] || ENV['AWS_SECRET_KEY'] || ENV['AMAZON_SECRET_ACCESS_KEY']
-          @aws_sqs_client ||= Aws::SQS::Client.new(
-            access_key_id: ENV['AWS_ACCESS_KEY_ID'],
-            secret_access_key: @aws_key,
-            region: ENV['AWS_REGION']
-          )
+          c =  Rails.application.config.active_elastic_job
+          @aws_sqs_client ||= if c.aws_credentials.present?
+                                Aws::SQS::Client.new(
+                                  credentials: c.aws_credentials,
+                                  region: c.aws_region)
+                              else
+                                Aws::SQS::Client.new(
+                                  access_key_id: c.aws_access_key_id,
+                                  secret_access_key: c.aws_secret_access_key,
+                                  region: c.aws_region)
+                              end
         end
 
         def message_digest(messsage_body)

spec/active_job/queue_adapters/active_elastic_job_adapter_spec.rb

@@ -11,10 +11,37 @@ def initialize; end;
   let(:job) { Helpers::TestJob.new }
   let(:secret_key_base) { "s3krit" }
 
+  let(:rails_app) { double("rails_app") }
+
+  class StubbedConfig
+
+    def aws_access_key_id
+      ENV['AWS_ACCESS_KEY_ID']
+    end
+
+    def aws_secret_access_key
+      ENV['AWS_SECRET_ACCESS_KEY']
+    end
+
+    def aws_region
+      ENV['AWS_REGION']
+    end
+
+    def aws_credentials
+      nil
+    end
+  end
+
+  let(:config) { double('config') }
+
   before do
+    allow(Rails).to receive(:application) { rails_app }
+    allow(rails_app).to receive(:config) { config }
+    allow(config).to receive(:active_elastic_job) { StubbedConfig.new }
     allow(adapter).to receive(:secret_key_base) { secret_key_base }
   end
 
+
   describe ".enqueue" do
     it "selects the correct queue" do
       expect(adapter).to receive(:queue_url).with(job.queue_name).and_return(

spec/integration/rails-app-5.0/config/environments/production.rb

@@ -76,4 +76,6 @@
 
   # Do not dump schema after migrations.
   config.active_record.dump_schema_after_migration = false
+
+  config.active_elastic_job.aws_credentials = Aws::InstanceProfileCredentials.new
 end