Adding session token to S3 credentials
diff --git a/command-line/src/main/java/org/apache/airavata/mft/command/line/sub/s3/storage/S3StorageAddSubCommand.java b/command-line/src/main/java/org/apache/airavata/mft/command/line/sub/s3/storage/S3StorageAddSubCommand.java
index 70ea658..e3e24f5 100644
--- a/command-line/src/main/java/org/apache/airavata/mft/command/line/sub/s3/storage/S3StorageAddSubCommand.java
+++ b/command-line/src/main/java/org/apache/airavata/mft/command/line/sub/s3/storage/S3StorageAddSubCommand.java
@@ -35,6 +35,9 @@
@CommandLine.Option(names = {"-s", "--secret"}, description = "Access Secret")
private String accessSecret;
+ @CommandLine.Option(names = {"-t", "--token"}, description = "Session Token", defaultValue = "")
+ private String sessionToken;
+
@Override
public Integer call() throws Exception {
@@ -46,6 +49,7 @@
.createS3Secret(S3SecretCreateRequest.newBuilder()
.setAccessKey(accessKey)
.setSecretKey(accessSecret)
+ .setSessionToken(sessionToken)
.setAuthzToken(authToken).build());
S3StorageServiceGrpc.S3StorageServiceBlockingStub s3StorageClient = mftApiClient.getStorageServiceClient().s3();
diff --git a/services/secret-service/server/src/main/java/org/apache/airavata/mft/secret/server/backend/sql/entity/S3SecretEntity.java b/services/secret-service/server/src/main/java/org/apache/airavata/mft/secret/server/backend/sql/entity/S3SecretEntity.java
index 75490ed..6f8d290 100644
--- a/services/secret-service/server/src/main/java/org/apache/airavata/mft/secret/server/backend/sql/entity/S3SecretEntity.java
+++ b/services/secret-service/server/src/main/java/org/apache/airavata/mft/secret/server/backend/sql/entity/S3SecretEntity.java
@@ -22,6 +22,9 @@
@Column(name = "SECRET_KEY")
private String secretKey;
+ @Column(name = "SESSION_TOKEN")
+ private String sessionToken;
+
public String getSecretId() {
return secretId;
}
@@ -45,4 +48,12 @@
public void setSecretKey(String secretKey) {
this.secretKey = secretKey;
}
+
+ public String getSessionToken() {
+ return sessionToken;
+ }
+
+ public void setSessionToken(String sessionToken) {
+ this.sessionToken = sessionToken;
+ }
}
diff --git a/services/secret-service/stub/src/main/proto/s3/S3Credential.proto b/services/secret-service/stub/src/main/proto/s3/S3Credential.proto
index ae03770..ca64f61 100644
--- a/services/secret-service/stub/src/main/proto/s3/S3Credential.proto
+++ b/services/secret-service/stub/src/main/proto/s3/S3Credential.proto
@@ -26,6 +26,7 @@
string secretId = 1;
string accessKey = 2;
string secretKey = 3;
+ string sessionToken = 4;
}
message S3SecretGetRequest {
@@ -36,14 +37,16 @@
message S3SecretCreateRequest {
string accessKey = 1;
string secretKey = 2;
- org.apache.airavata.mft.common.AuthToken authzToken = 3;
+ string sessionToken = 3;
+ org.apache.airavata.mft.common.AuthToken authzToken = 4;
}
message S3SecretUpdateRequest {
string secretId = 1;
string accessKey = 2;
string secretKey = 3;
- org.apache.airavata.mft.common.AuthToken authzToken = 4;
+ string sessionToken = 4;
+ org.apache.airavata.mft.common.AuthToken authzToken = 5;
}
message S3SecretUpdateResponse {
diff --git a/transport/s3-transport/src/main/java/org/apache/airavata/mft/transport/s3/S3IncomingConnector.java b/transport/s3-transport/src/main/java/org/apache/airavata/mft/transport/s3/S3IncomingConnector.java
index 19ecfaf..d09ffa2 100644
--- a/transport/s3-transport/src/main/java/org/apache/airavata/mft/transport/s3/S3IncomingConnector.java
+++ b/transport/s3-transport/src/main/java/org/apache/airavata/mft/transport/s3/S3IncomingConnector.java
@@ -1,7 +1,9 @@
package org.apache.airavata.mft.transport.s3;
+import com.amazonaws.auth.AWSCredentials;
import com.amazonaws.auth.AWSStaticCredentialsProvider;
import com.amazonaws.auth.BasicAWSCredentials;
+import com.amazonaws.auth.BasicSessionCredentials;
import com.amazonaws.client.builder.AwsClientBuilder;
import com.amazonaws.services.s3.AmazonS3;
import com.amazonaws.services.s3.AmazonS3ClientBuilder;
@@ -61,7 +63,14 @@
.setAuthzToken(cc.getAuthToken())
.setSecretId(cc.getCredentialToken()).build());
- BasicAWSCredentials awsCreds = new BasicAWSCredentials(s3Secret.getAccessKey(), s3Secret.getSecretKey());
+ AWSCredentials awsCreds;
+ if (s3Secret.getSessionToken() == null || s3Secret.getSessionToken().equals("")) {
+ awsCreds = new BasicAWSCredentials(s3Secret.getAccessKey(), s3Secret.getSecretKey());
+ } else {
+ awsCreds = new BasicSessionCredentials(s3Secret.getAccessKey(),
+ s3Secret.getSecretKey(),
+ s3Secret.getSessionToken());
+ }
s3Client = AmazonS3ClientBuilder.standard()
.withEndpointConfiguration(new AwsClientBuilder.EndpointConfiguration(
diff --git a/transport/s3-transport/src/main/java/org/apache/airavata/mft/transport/s3/S3MetadataCollector.java b/transport/s3-transport/src/main/java/org/apache/airavata/mft/transport/s3/S3MetadataCollector.java
index d512a07..80d946e 100644
--- a/transport/s3-transport/src/main/java/org/apache/airavata/mft/transport/s3/S3MetadataCollector.java
+++ b/transport/s3-transport/src/main/java/org/apache/airavata/mft/transport/s3/S3MetadataCollector.java
@@ -17,8 +17,10 @@
package org.apache.airavata.mft.transport.s3;
+import com.amazonaws.auth.AWSCredentials;
import com.amazonaws.auth.AWSStaticCredentialsProvider;
import com.amazonaws.auth.BasicAWSCredentials;
+import com.amazonaws.auth.BasicSessionCredentials;
import com.amazonaws.client.builder.AwsClientBuilder;
import com.amazonaws.services.s3.AmazonS3;
import com.amazonaws.services.s3.AmazonS3ClientBuilder;
@@ -73,7 +75,14 @@
SecretServiceClient secretClient = SecretServiceClientBuilder.buildClient(secretServiceHost, secretServicePort);
S3Secret s3Secret = secretClient.s3().getS3Secret(S3SecretGetRequest.newBuilder().setSecretId(credentialToken).build());
- BasicAWSCredentials awsCreds = new BasicAWSCredentials(s3Secret.getAccessKey(), s3Secret.getSecretKey());
+ AWSCredentials awsCreds;
+ if (s3Secret.getSessionToken() == null || s3Secret.getSessionToken().equals("")) {
+ awsCreds = new BasicAWSCredentials(s3Secret.getAccessKey(), s3Secret.getSecretKey());
+ } else {
+ awsCreds = new BasicSessionCredentials(s3Secret.getAccessKey(),
+ s3Secret.getSecretKey(),
+ s3Secret.getSessionToken());
+ }
AmazonS3 s3Client = AmazonS3ClientBuilder.standard()
.withEndpointConfiguration(new AwsClientBuilder.EndpointConfiguration(
diff --git a/transport/s3-transport/src/main/java/org/apache/airavata/mft/transport/s3/S3OutgoingConnector.java b/transport/s3-transport/src/main/java/org/apache/airavata/mft/transport/s3/S3OutgoingConnector.java
index b598919..617e50c 100644
--- a/transport/s3-transport/src/main/java/org/apache/airavata/mft/transport/s3/S3OutgoingConnector.java
+++ b/transport/s3-transport/src/main/java/org/apache/airavata/mft/transport/s3/S3OutgoingConnector.java
@@ -1,7 +1,9 @@
package org.apache.airavata.mft.transport.s3;
+import com.amazonaws.auth.AWSCredentials;
import com.amazonaws.auth.AWSStaticCredentialsProvider;
import com.amazonaws.auth.BasicAWSCredentials;
+import com.amazonaws.auth.BasicSessionCredentials;
import com.amazonaws.client.builder.AwsClientBuilder;
import com.amazonaws.services.s3.AmazonS3;
import com.amazonaws.services.s3.AmazonS3ClientBuilder;
@@ -63,7 +65,14 @@
.setAuthzToken(cc.getAuthToken())
.setSecretId(cc.getCredentialToken()).build());
- BasicAWSCredentials awsCreds = new BasicAWSCredentials(s3Secret.getAccessKey(), s3Secret.getSecretKey());
+ AWSCredentials awsCreds;
+ if (s3Secret.getSessionToken() == null || s3Secret.getSessionToken().equals("")) {
+ awsCreds = new BasicAWSCredentials(s3Secret.getAccessKey(), s3Secret.getSecretKey());
+ } else {
+ awsCreds = new BasicSessionCredentials(s3Secret.getAccessKey(),
+ s3Secret.getSecretKey(),
+ s3Secret.getSessionToken());
+ }
s3Client = AmazonS3ClientBuilder.standard()
.withEndpointConfiguration(new AwsClientBuilder.EndpointConfiguration(