Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: Allow creation of async clients with credentials obtained from the datadestination #521

Open
bmg13 opened this issue Feb 12, 2025 · 1 comment
Open

feat: Allow creation of async clients with credentials obtained from the datadestination #521

bmg13 opened this issue Feb 12, 2025 · 1 comment
Labels
feature_request New feature request, awaiting triage triage all new issues awaiting classification

Comments

@bmg13
Copy link
Contributor

bmg13 commented Feb 12, 2025

Feature Request

While working on this TractusX-edc issue, which involves using the AWS provisioner available in this repo for AWS S3 transfers, it was found that the following (async) clients check the credentials in this chain, however there is not an option to use the credentials (acessKeyId+secretAccessKeyId or keyname if applicable) provided in the tp datadestination.
So the proposal is to apply this suggestion (like seen here already for the s3Client) to the next already existing clients:

  • S3AsyncClient
  • IamAsyncClient
  • StsAsyncClient

Which Areas Would Be Affected?

Every TP that intends on using own credentials instead of the ones stored during the boot here, if any.

Why Is the Feature Desired?

To give more flexibility and allow the usage of this provision with an expected application (data destination with target credentials).

Further Notes

We are aware that the creation of the bucket during provision should only happen if bucket does not already exist (if exists, an exception is thrown), however proposal to update that logic will likely appear on a different issue to not mix up contexts.

Solution Proposal

Similarly to what is seen for the S3Client, overload async client creation based on provided SecretToken passing a StaticCredentialsProvider when any credentials are present.
This should be very straightforward for all three and may be similar to the next example (for S3AsyncClient)

if (token != null) {
            if (token instanceof AwsTemporarySecretToken temporary) {
                var credentials = AwsSessionCredentials.create(temporary.accessKeyId(), temporary.secretAccessKey(),
                        temporary.sessionToken());
                return createS3AsyncClient(StaticCredentialsProvider.create(credentials), region, endpointOverride);
            }
            if (token instanceof AwsSecretToken secretToken) {
                var credentials = AwsBasicCredentials.create(secretToken.getAccessKeyId(), secretToken.getSecretAccessKey());
                return createS3AsyncClient(StaticCredentialsProvider.create(credentials), region, endpointOverride);
            }
            throw new EdcException(String.format("SecretToken %s is not supported", token.getClass()));
        } else {
            return s3AsyncClients.computeIfAbsent(key, s -> createS3AsyncClient(clientRequest.region(), clientRequest.endpointOverride()));
        }

As mentioned, this approach is very similar to already existing behavior.
This will require to update S3BucketResourceDefinition to include the needed credentials and, in the corresponding generator (S3ConsumerResourceDefinitionGenerator), include them in the response.
@bmg13 bmg13 added feature_request New feature request, awaiting triage triage all new issues awaiting classification labels Feb 12, 2025
@github-actions GitHub Actions
Copy link

Thanks for your contribution 🔥 We will take a look asap 🚀

This was referenced Feb 21, 2025
Draft
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
feature_request New feature request, awaiting triage triage all new issues awaiting classification
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@bmg13