Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(s3): support default credentials provider in AWS S3 storage #37

Draft
wants to merge 3 commits into
base: main
Choose a base branch
from
Draft

feat(s3): support default credentials provider in AWS S3 storage #37

wants to merge 3 commits into from

Conversation

rohilsurana
Copy link

@rohilsurana rohilsurana commented Jan 13, 2025
edited
Loading

Problem

Currently the only way to set AWS credentials is via setting the static credentials as environment variables or by passing as a flag when executing.
Some systems already have credentials setup using different ways provided by aws like credentials file, config file or EC2 profiles.

Solution

This PR adds support for using AWS S3 credentials from default credentials provider chain in the SDK.
The order for the AWS SDK golang is documented at [1].
The order for duckdb is documented at [2].

Changes

  • Adds a new configuration AWS_CREDENTIALS_TYPE with options STATIC and DEFAULT.
    • STATIC maintains the old behaviour and uses the supplied static credentials.
    • DEFAULT uses the AWS SDK and DuckDB default credentials chain.
  • AWS client config changes for syncing tables
  • DuckDB create secret query changes for creating S3 secret as per new config.
  • Update README with details of the new config.
  • Add aws credentials refresh for duckdb as it does not update credentials when expired.

[1] AWS SDK Golang - https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials
[2] DuckDB S3 API Support - https://duckdb.org/docs/extensions/httpfs/s3api.html#credential_chain-provider

@rohilsurana rohilsurana marked this pull request as draft January 17, 2025 05:38
rohilsurana
rohilsurana commented Jan 17, 2025
View reviewed changes
src/duckdb.go
Comment on lines +52 to +64
ticker := time.NewTicker(10 * time.Minute)
time.Tick(10 * time.Minute)
go func() {
for {
select {
case <-ticker.C:
duckdb.setAwsCredentials(ctx)
case <-duckdb.refreshQuit:
ticker.Stop()
return
}
}
}()
Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This refresh logic is required because duckdb doesn't refresh credentials. Ref - duckdb/duckdb-aws#26

TODO: refactor to provide refresh interval as a config.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@rohilsurana