This is an automated email from the ASF dual-hosted git repository.
dimuthuupe pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/airavata-mft.git
The following commit(s) were added to refs/heads/master by this push:
new 0e24ffc Adding session token to S3 credentials
0e24ffc is described below
commit 0e24ffc19619fe798687957212373fc2a79ec9d5
Author: Dimuthu Wannipurage <[email protected]>
AuthorDate: Wed Sep 21 23:22:41 2022 -0400
Adding session token to S3 credentials
---
.../command/line/sub/s3/storage/S3StorageAddSubCommand.java | 4 ++++
.../mft/secret/server/backend/sql/entity/S3SecretEntity.java | 11 +++++++++++
.../secret-service/stub/src/main/proto/s3/S3Credential.proto | 7 +++++--
.../apache/airavata/mft/transport/s3/S3IncomingConnector.java | 11 ++++++++++-
.../apache/airavata/mft/transport/s3/S3MetadataCollector.java | 11 ++++++++++-
.../apache/airavata/mft/transport/s3/S3OutgoingConnector.java | 11 ++++++++++-
6 files changed, 50 insertions(+), 5 deletions(-)
diff --git
a/command-line/src/main/java/org/apache/airavata/mft/command/line/sub/s3/storage/S3StorageAddSubCommand.java
b/command-line/src/main/java/org/apache/airavata/mft/command/line/sub/s3/storage/S3StorageAddSubCommand.java
index 70ea658..e3e24f5 100644
---
a/command-line/src/main/java/org/apache/airavata/mft/command/line/sub/s3/storage/S3StorageAddSubCommand.java
+++
b/command-line/src/main/java/org/apache/airavata/mft/command/line/sub/s3/storage/S3StorageAddSubCommand.java
@@ -35,6 +35,9 @@ public class S3StorageAddSubCommand implements
Callable<Integer> {
@CommandLine.Option(names = {"-s", "--secret"}, description = "Access
Secret")
private String accessSecret;
+ @CommandLine.Option(names = {"-t", "--token"}, description = "Session
Token", defaultValue = "")
+ private String sessionToken;
+
@Override
public Integer call() throws Exception {
@@ -46,6 +49,7 @@ public class S3StorageAddSubCommand implements
Callable<Integer> {
.createS3Secret(S3SecretCreateRequest.newBuilder()
.setAccessKey(accessKey)
.setSecretKey(accessSecret)
+ .setSessionToken(sessionToken)
.setAuthzToken(authToken).build());
S3StorageServiceGrpc.S3StorageServiceBlockingStub s3StorageClient =
mftApiClient.getStorageServiceClient().s3();
diff --git
a/services/secret-service/server/src/main/java/org/apache/airavata/mft/secret/server/backend/sql/entity/S3SecretEntity.java
b/services/secret-service/server/src/main/java/org/apache/airavata/mft/secret/server/backend/sql/entity/S3SecretEntity.java
index 75490ed..6f8d290 100644
---
a/services/secret-service/server/src/main/java/org/apache/airavata/mft/secret/server/backend/sql/entity/S3SecretEntity.java
+++
b/services/secret-service/server/src/main/java/org/apache/airavata/mft/secret/server/backend/sql/entity/S3SecretEntity.java
@@ -22,6 +22,9 @@ public class S3SecretEntity {
@Column(name = "SECRET_KEY")
private String secretKey;
+ @Column(name = "SESSION_TOKEN")
+ private String sessionToken;
+
public String getSecretId() {
return secretId;
}
@@ -45,4 +48,12 @@ public class S3SecretEntity {
public void setSecretKey(String secretKey) {
this.secretKey = secretKey;
}
+
+ public String getSessionToken() {
+ return sessionToken;
+ }
+
+ public void setSessionToken(String sessionToken) {
+ this.sessionToken = sessionToken;
+ }
}
diff --git a/services/secret-service/stub/src/main/proto/s3/S3Credential.proto
b/services/secret-service/stub/src/main/proto/s3/S3Credential.proto
index ae03770..ca64f61 100644
--- a/services/secret-service/stub/src/main/proto/s3/S3Credential.proto
+++ b/services/secret-service/stub/src/main/proto/s3/S3Credential.proto
@@ -26,6 +26,7 @@ message S3Secret {
string secretId = 1;
string accessKey = 2;
string secretKey = 3;
+ string sessionToken = 4;
}
message S3SecretGetRequest {
@@ -36,14 +37,16 @@ message S3SecretGetRequest {
message S3SecretCreateRequest {
string accessKey = 1;
string secretKey = 2;
- org.apache.airavata.mft.common.AuthToken authzToken = 3;
+ string sessionToken = 3;
+ org.apache.airavata.mft.common.AuthToken authzToken = 4;
}
message S3SecretUpdateRequest {
string secretId = 1;
string accessKey = 2;
string secretKey = 3;
- org.apache.airavata.mft.common.AuthToken authzToken = 4;
+ string sessionToken = 4;
+ org.apache.airavata.mft.common.AuthToken authzToken = 5;
}
message S3SecretUpdateResponse {
diff --git
a/transport/s3-transport/src/main/java/org/apache/airavata/mft/transport/s3/S3IncomingConnector.java
b/transport/s3-transport/src/main/java/org/apache/airavata/mft/transport/s3/S3IncomingConnector.java
index 19ecfaf..d09ffa2 100644
---
a/transport/s3-transport/src/main/java/org/apache/airavata/mft/transport/s3/S3IncomingConnector.java
+++
b/transport/s3-transport/src/main/java/org/apache/airavata/mft/transport/s3/S3IncomingConnector.java
@@ -1,7 +1,9 @@
package org.apache.airavata.mft.transport.s3;
+import com.amazonaws.auth.AWSCredentials;
import com.amazonaws.auth.AWSStaticCredentialsProvider;
import com.amazonaws.auth.BasicAWSCredentials;
+import com.amazonaws.auth.BasicSessionCredentials;
import com.amazonaws.client.builder.AwsClientBuilder;
import com.amazonaws.services.s3.AmazonS3;
import com.amazonaws.services.s3.AmazonS3ClientBuilder;
@@ -61,7 +63,14 @@ public class S3IncomingConnector implements
IncomingChunkedConnector, IncomingSt
.setAuthzToken(cc.getAuthToken())
.setSecretId(cc.getCredentialToken()).build());
- BasicAWSCredentials awsCreds = new
BasicAWSCredentials(s3Secret.getAccessKey(), s3Secret.getSecretKey());
+ AWSCredentials awsCreds;
+ if (s3Secret.getSessionToken() == null ||
s3Secret.getSessionToken().equals("")) {
+ awsCreds = new BasicAWSCredentials(s3Secret.getAccessKey(),
s3Secret.getSecretKey());
+ } else {
+ awsCreds = new BasicSessionCredentials(s3Secret.getAccessKey(),
+ s3Secret.getSecretKey(),
+ s3Secret.getSessionToken());
+ }
s3Client = AmazonS3ClientBuilder.standard()
.withEndpointConfiguration(new
AwsClientBuilder.EndpointConfiguration(
diff --git
a/transport/s3-transport/src/main/java/org/apache/airavata/mft/transport/s3/S3MetadataCollector.java
b/transport/s3-transport/src/main/java/org/apache/airavata/mft/transport/s3/S3MetadataCollector.java
index d512a07..80d946e 100644
---
a/transport/s3-transport/src/main/java/org/apache/airavata/mft/transport/s3/S3MetadataCollector.java
+++
b/transport/s3-transport/src/main/java/org/apache/airavata/mft/transport/s3/S3MetadataCollector.java
@@ -17,8 +17,10 @@
package org.apache.airavata.mft.transport.s3;
+import com.amazonaws.auth.AWSCredentials;
import com.amazonaws.auth.AWSStaticCredentialsProvider;
import com.amazonaws.auth.BasicAWSCredentials;
+import com.amazonaws.auth.BasicSessionCredentials;
import com.amazonaws.client.builder.AwsClientBuilder;
import com.amazonaws.services.s3.AmazonS3;
import com.amazonaws.services.s3.AmazonS3ClientBuilder;
@@ -73,7 +75,14 @@ public class S3MetadataCollector implements
MetadataCollector {
SecretServiceClient secretClient =
SecretServiceClientBuilder.buildClient(secretServiceHost, secretServicePort);
S3Secret s3Secret =
secretClient.s3().getS3Secret(S3SecretGetRequest.newBuilder().setSecretId(credentialToken).build());
- BasicAWSCredentials awsCreds = new
BasicAWSCredentials(s3Secret.getAccessKey(), s3Secret.getSecretKey());
+ AWSCredentials awsCreds;
+ if (s3Secret.getSessionToken() == null ||
s3Secret.getSessionToken().equals("")) {
+ awsCreds = new BasicAWSCredentials(s3Secret.getAccessKey(),
s3Secret.getSecretKey());
+ } else {
+ awsCreds = new BasicSessionCredentials(s3Secret.getAccessKey(),
+ s3Secret.getSecretKey(),
+ s3Secret.getSessionToken());
+ }
AmazonS3 s3Client = AmazonS3ClientBuilder.standard()
.withEndpointConfiguration(new
AwsClientBuilder.EndpointConfiguration(
diff --git
a/transport/s3-transport/src/main/java/org/apache/airavata/mft/transport/s3/S3OutgoingConnector.java
b/transport/s3-transport/src/main/java/org/apache/airavata/mft/transport/s3/S3OutgoingConnector.java
index b598919..617e50c 100644
---
a/transport/s3-transport/src/main/java/org/apache/airavata/mft/transport/s3/S3OutgoingConnector.java
+++
b/transport/s3-transport/src/main/java/org/apache/airavata/mft/transport/s3/S3OutgoingConnector.java
@@ -1,7 +1,9 @@
package org.apache.airavata.mft.transport.s3;
+import com.amazonaws.auth.AWSCredentials;
import com.amazonaws.auth.AWSStaticCredentialsProvider;
import com.amazonaws.auth.BasicAWSCredentials;
+import com.amazonaws.auth.BasicSessionCredentials;
import com.amazonaws.client.builder.AwsClientBuilder;
import com.amazonaws.services.s3.AmazonS3;
import com.amazonaws.services.s3.AmazonS3ClientBuilder;
@@ -63,7 +65,14 @@ public class S3OutgoingConnector implements
OutgoingChunkedConnector {
.setAuthzToken(cc.getAuthToken())
.setSecretId(cc.getCredentialToken()).build());
- BasicAWSCredentials awsCreds = new
BasicAWSCredentials(s3Secret.getAccessKey(), s3Secret.getSecretKey());
+ AWSCredentials awsCreds;
+ if (s3Secret.getSessionToken() == null ||
s3Secret.getSessionToken().equals("")) {
+ awsCreds = new BasicAWSCredentials(s3Secret.getAccessKey(),
s3Secret.getSecretKey());
+ } else {
+ awsCreds = new BasicSessionCredentials(s3Secret.getAccessKey(),
+ s3Secret.getSecretKey(),
+ s3Secret.getSessionToken());
+ }
s3Client = AmazonS3ClientBuilder.standard()
.withEndpointConfiguration(new
AwsClientBuilder.EndpointConfiguration(