S3: add support for STS session tokens #1472
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
joe-maley
reviewed
Jan 13, 2020
| @@ -224,6 +224,9 @@ Status S3::init(const Config& config, ThreadPool* const thread_pool) { | |||
| auto aws_secret_access_key = | |||
| config.get("vfs.s3.aws_secret_access_key", &found); | |||
| assert(found); | |||
| auto aws_session_token = | |||
| config.get("vfs.s3.aws_session_token", &found); | |||
| assert(found); | |||
There was a problem hiding this comment.
The commit message leads me to believe that tokens are not always required. Should we really have an assert here?
There was a problem hiding this comment.
Consistency with the others -- the dict entry is also still expected for the key and secret, even if empty.
joe-maley
approved these changes
Jan 13, 2020
| @@ -224,6 +224,9 @@ Status S3::init(const Config& config, ThreadPool* const thread_pool) { | |||
| auto aws_secret_access_key = | |||
| config.get("vfs.s3.aws_secret_access_key", &found); | |||
| assert(found); | |||
| auto aws_session_token = | |||
| config.get("vfs.s3.aws_session_token", &found); | |||
| assert(found); | |||
ihnorton
force-pushed
the
ihn/s3_support_sts_token
branch
2 times, most recently
from
80a7f33 to
17f6f3a
Compare
If the user has set a session token (for AWS Security Token Service)
then use it:
- https://docs.aws.amazon.com/STS/latest/APIReference/Welcome.html
For testing run: `aws sts get-session-token --duration-seconds 900`. See:
- https://docs.aws.amazon.com/cli/latest/reference/sts/get-session-token.html
ihnorton
force-pushed
the
ihn/s3_support_sts_token
branch
from
17f6f3a to
2a55836
Compare
stavrospapadopoulos
approved these changes
Jan 13, 2020
ihnorton
added a commit
that referenced
this pull request
Jan 16, 2020
ihnorton
added a commit
that referenced
this pull request
Jan 16, 2020
ihnorton
added a commit
to ihnorton/TileDB
that referenced
this pull request
Mar 6, 2020
(cherry picked from commit b46407c)
ihnorton
added a commit
that referenced
this pull request
Mar 6, 2020
(cherry picked from commit b46407c)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Some AWS credentials are issued via the AWS STS, which requires to pass an additional "session token" to the AWSCredentials object.
Fixes issue raised by user in the forum: https://forum.tiledb.com/t/tile-db-s3-documentation/132/5
[ch1468]