Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

S3: add support for STS session tokens #1472

Merged
merged 1 commit into from Jan 13, 2020
Merged

S3: add support for STS session tokens #1472

merged 1 commit into from Jan 13, 2020

Conversation

@ihnorton
Copy link
Member

ihnorton commented Jan 13, 2020

Some AWS credentials are issued via the AWS STS, which requires to pass an additional "session token" to the AWSCredentials object.

Fixes issue raised by user in the forum: https://forum.tiledb.com/t/tile-db-s3-documentation/132/5

[ch1468]

@@ -224,6 +224,9 @@ Status S3::init(const Config& config, ThreadPool* const thread_pool) {
auto aws_secret_access_key =
config.get("vfs.s3.aws_secret_access_key", &found);
assert(found);
auto aws_session_token =
config.get("vfs.s3.aws_session_token", &found);
assert(found);

This comment has been minimized.

Copy link
@joe-maley

joe-maley Jan 13, 2020

Contributor

The commit message leads me to believe that tokens are not always required. Should we really have an assert here?

This comment has been minimized.

Copy link
@ihnorton

ihnorton Jan 13, 2020

Author Member

Consistency with the others -- the dict entry is also still expected for the key and secret, even if empty.

This comment has been minimized.

Copy link
@joe-maley

joe-maley Jan 13, 2020

Contributor

ah, thanks!

Copy link
Contributor

joe-maley left a comment

LGTM

@@ -224,6 +224,9 @@ Status S3::init(const Config& config, ThreadPool* const thread_pool) {
auto aws_secret_access_key =
config.get("vfs.s3.aws_secret_access_key", &found);
assert(found);
auto aws_session_token =
config.get("vfs.s3.aws_session_token", &found);
assert(found);

This comment has been minimized.

Copy link
@joe-maley

joe-maley Jan 13, 2020

Contributor

ah, thanks!

@ihnorton ihnorton force-pushed the ihn/s3_support_sts_token branch 2 times, most recently from 80a7f33 to 17f6f3a Jan 13, 2020
If the user has set a session token (for AWS Security Token Service)
then use it:
    - https://docs.aws.amazon.com/STS/latest/APIReference/Welcome.html

For testing run: `aws sts get-session-token --duration-seconds 900`. See:
    - https://docs.aws.amazon.com/cli/latest/reference/sts/get-session-token.html
@ihnorton ihnorton force-pushed the ihn/s3_support_sts_token branch from 17f6f3a to 2a55836 Jan 13, 2020
@ihnorton ihnorton merged commit 06a6b63 into dev Jan 13, 2020
9 of 11 checks passed
9 of 11 checks passed
continuous-integration/travis-ci/pr The Travis CI build is in progress
Details
continuous-integration/travis-ci/push The Travis CI build is in progress
Details
TileDB-Inc.TileDB Build #20200113.7 succeeded
Details
TileDB-Inc.TileDB (Windows VS2015) Windows VS2015 succeeded
Details
TileDB-Inc.TileDB (Windows VS2017) Windows VS2017 succeeded
Details
TileDB-Inc.TileDB (linux) linux succeeded
Details
TileDB-Inc.TileDB (linux_asan) linux_asan succeeded
Details
TileDB-Inc.TileDB (linux_hdfs) linux_hdfs succeeded
Details
TileDB-Inc.TileDB (linux_s3) linux_s3 succeeded
Details
TileDB-Inc.TileDB (linux_serialization) linux_serialization succeeded
Details
TileDB-Inc.TileDB (macOS) macOS succeeded
Details
@ihnorton ihnorton deleted the ihn/s3_support_sts_token branch Jan 13, 2020
ihnorton added a commit that referenced this pull request Jan 16, 2020
ihnorton added a commit that referenced this pull request Jan 16, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked issues

Successfully merging this pull request may close these issues.

None yet

3 participants
You can’t perform that action at this time.