Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[FEATURE] Specify AWS Profile, Secret Key or Access Key when using OpenSearch SQL JDBC Driver from a Database Client #22

Open
jkdll opened this issue Oct 11, 2022 · 5 comments
Open

[FEATURE] Specify AWS Profile, Secret Key or Access Key when using OpenSearch SQL JDBC Driver from a Database Client #22

jkdll opened this issue Oct 11, 2022 · 5 comments
Labels
enhancement New feature or request

Comments

@jkdll
Copy link

jkdll commented Oct 11, 2022
edited
Loading

Is your feature request related to a problem?
As an analyst, I would like to connect to Opensearch via a JDBC client such as DBeaver Community Edition.

Currently, the SQL JDBC Driver accepts the parameter auth to use AWS SIGV4.
In this case, the driver can then use an awsCredentialsProvider, which must be created separately. If not specified, the driver uses the default aws profile.
Within DBeaver, I cannot create an awsCredentialsProvider.

What solution would you like?
I would like to be able to use a custom named profile to connect, for example if I have a profile called awsdev or awsprod, I would like to supply this as a parameter to the driver to select which credentials to use, without creating a custom awsCredentialsProvider.

Alternatively, I would like to be able to supply an AWS Access Key and AWS Secret Access Key directly to the JDBC driver to be used.

These two options would allow easier use of the JDBC driver.

What alternatives have you considered?
I am currently researching solutions for creating a custom awsCredentialsProvider within DBeaver or otherwise, however this requires further research and seems unnecessarily laborious.
@jkdll jkdll added the enhancement New feature or request label Oct 11, 2022
@Yury-Fridlyand
Copy link
Collaborator

@jkdll,
It is possible to set environment variables with the keys to a process which uses JDBC driver. For example, you can set/export env vars in the shell and run DBeaver from it.
image

ref: https://docs.aws.amazon.com/sdk-for-java/v1/developer-guide/credentials.html

@jkdll
Copy link
Author

jkdll commented Oct 14, 2022

@Yury-Fridlyand - thank you for the reply. Indeed I can confirm that environment variables do work, but I feel like the experience would be improved if a profile/set of keys can be supplied to the JDBC driver. Can I submit a PR for this?

@Yury-Fridlyand
Copy link
Collaborator

Yes, of course!
There is a related issue for tracking: opensearch-project/sql-odbc#9

@normanj-bitquill
Copy link

I'd like to add to this. Some applications will make use of multiple AWS access keys, so the environment variables are not really a solution.

This line is forcing property values to be String objects.
https://github.com/opensearch-project/sql/blob/2.x/sql-jdbc/src/main/java/org/opensearch/jdbc/Driver.java#L41
https://docs.oracle.com/javase/8/docs/api/java/util/Properties.html#getProperty-java.lang.String-

This makes it very difficult to use the awsCredentialsProvider property.

A better solution is for awsCredentialsProvider to accept a String value. The ConnectionConfig class could then parse the String value and create the AWSCredentialsProvider.

Apache DBCP2 also forces all driver properties to be Strings. It is best to avoid Object values in Driver properties.

@Yury-Fridlyand
Copy link
Collaborator

@jkdll, PRs are welcome!

@dai-chen dai-chen transferred this issue from opensearch-project/sql Dec 14, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@jkdll @normanj-bitquill @Yury-Fridlyand