S3Common.AuthSettings: Allow passing SESSION_TOKEN to AWSCredentials

This sets the infrastructure of loading session_token and passing it directly to all AWSCredentials instances that are created using the AuthSettings. The default SESSION_TOKEN is set to an empty string as documented in AWS SDK reference: https://sdk.amazonaws.com/cpp/api/0.12.9/d4/d27/class_aws_1_1_auth_1_1_a_w_s_credentials.html
2024-11-10 09:32:06 +00:00 · 2023-12-14 10:02:21 +02:00 · 2023-12-14 10:02:21 +02:00 · c696c0bfe7
commit c696c0bfe7
parent 787f1e7ab8
4 changed files with 8 additions and 3 deletions
--- a/src/Coordination/KeeperSnapshotManagerS3.cpp
+++ b/src/Coordination/KeeperSnapshotManagerS3.cpp
@ -76,7 +76,7 @@ void KeeperSnapshotManagerS3::updateS3Configuration(const Poco::Util::AbstractCo

        LOG_INFO(log, "S3 configuration was updated");

-        auto credentials = Aws::Auth::AWSCredentials(auth_settings.access_key_id, auth_settings.secret_access_key);
+        auto credentials = Aws::Auth::AWSCredentials(auth_settings.access_key_id, auth_settings.secret_access_key, auth_settings.session_token);
        auto headers = auth_settings.headers;

        static constexpr size_t s3_max_redirects = 10;
--- a/src/IO/S3Common.cpp
+++ b/src/IO/S3Common.cpp
@ -109,6 +109,8 @@ AuthSettings AuthSettings::loadFromConfig(const std::string & config_elem, const
 {
    auto access_key_id = config.getString(config_elem + ".access_key_id", "");
    auto secret_access_key = config.getString(config_elem + ".secret_access_key", "");
+    auto session_token = config.getString(config_elem + ".session_token", "");
+
    auto region = config.getString(config_elem + ".region", "");
    auto server_side_encryption_customer_key_base64 = config.getString(config_elem + ".server_side_encryption_customer_key_base64", "");

@ -133,7 +135,7 @@ AuthSettings AuthSettings::loadFromConfig(const std::string & config_elem, const

    return AuthSettings
    {
-        std::move(access_key_id), std::move(secret_access_key),
+        std::move(access_key_id), std::move(secret_access_key), std::move(session_token),
        std::move(region),
        std::move(server_side_encryption_customer_key_base64),
        std::move(sse_kms_config),
@ -155,6 +157,8 @@ void AuthSettings::updateFrom(const AuthSettings & from)
        access_key_id = from.access_key_id;
    if (!from.secret_access_key.empty())
        secret_access_key = from.secret_access_key;
+    if (!from.session_token.empty())
+        session_token = from.session_token;

    headers = from.headers;
    region = from.region;
--- a/src/IO/S3Common.h
+++ b/src/IO/S3Common.h
@ -80,6 +80,7 @@ struct AuthSettings

    std::string access_key_id;
    std::string secret_access_key;
+    std::string session_token;
    std::string region;
    std::string server_side_encryption_customer_key_base64;
    ServerSideEncryptionKMSConfig server_side_encryption_kms_config;
--- a/src/Storages/StorageS3.cpp
+++ b/src/Storages/StorageS3.cpp
@ -1460,7 +1460,7 @@ void StorageS3::Configuration::connect(ContextPtr context)

    client_configuration.requestTimeoutMs = request_settings.request_timeout_ms;

-    auto credentials = Aws::Auth::AWSCredentials(auth_settings.access_key_id, auth_settings.secret_access_key);
+    auto credentials = Aws::Auth::AWSCredentials(auth_settings.access_key_id, auth_settings.secret_access_key, auth_settings.session_token);
    client = S3::ClientFactory::instance().create(
        client_configuration,
        url.is_virtual_hosted_style,