Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow usage/configuration of IAM for Minio Client #850

Open
SidhNor opened this issue Sep 28, 2022 · 5 comments
Open

Allow usage/configuration of IAM for Minio Client #850

SidhNor opened this issue Sep 28, 2022 · 5 comments
Labels
Check: BackEnd

Comments

@SidhNor
Copy link

SidhNor commented Sep 28, 2022

Current implementation has MinioClient initialisation set in stone here:

https://github.com/reportportal/commons-dao/blob/develop/src/main/java/com/epam/ta/reportportal/config/DataStoreConfiguration.java#L49

Would be nice to provide a possibility to configure the client with IamProvider, something like below

    @Bean
    @ConditionalOnExpression("${datastore.type} == 'minio' and ${datastore.minio.auth} == 'iam'")
    public MinioClient minioClient(
        @Value("${datastore.minio.endpoint}") String endpoint,
        @Value("${datastore.minio.region}") String region
    ) throws InvalidPortException, InvalidEndpointException {
        Provider provider = new IamAwsProvider(null, null);

        return MinioClient.builder()
            .endpoint(endpoint)
            .credentialsProvider(provider)
            .build();
    }
@SidhNor SidhNor changed the title Allow usage/configuration of IAM roles for Minio Client Allow usage/configuration of IAM for Minio Client Sep 28, 2022
@IvanKustau
Copy link
Contributor

IvanKustau commented Jan 9, 2023
edited
Loading

Hi, we are going to replace MinioClient with JCloud in version 5.7.4, which would use different providers for different binary stores like AWS S3, Minio, etc.
Example for AWS S3:

        @Bean
	@ConditionalOnProperty(name = "datastore.type", havingValue = "s3")
	public BlobStore s3BlobStore(@Value("${datastore.s3.accessKey}") String accessKey, @Value("${datastore.s3.secretKey}") String secretKey,
			@Value("${datastore.s3.region}") String region) {
		Iterable<Module> modules = ImmutableSet.of(new CustomBucketToRegionModule(region));

		BlobStoreContext blobStoreContext = ContextBuilder.newBuilder("aws-s3")
				.modules(modules)
				.credentials(accessKey, secretKey)
				.buildView(BlobStoreContext.class);

		return blobStoreContext.getBlobStore();

Do you still need ability to allow IamProvider in here?

@SidhNor
Copy link
Author

SidhNor commented Jan 9, 2023

Hi @IvanKustau
The main purpose is to not use accessKey + secretKey - but rather the AWS IAM capabilities.
Probably this can be achieved via https://github.com/apache/jclouds-labs-aws - but wasn't updated for a while

@SidhNor
Copy link
Author

SidhNor commented Jan 9, 2023

But will definitely require a different config bean along with S3 that does not require access key and secret

@IvanKustau
Copy link
Contributor

Couldn't find any kind of documentation or examples on jclouds-labs.
The only useful thing to make this possible that I've found is https://github.com/hazelcast/hazelcast-jclouds.
Maybe we can use this to make possible IAM role configuration

@SidhNor
Copy link
Author

SidhNor commented Jan 9, 2023

An implementation can be seen here as well https://github.com/minio/minio-java/blob/304b5b7dc036423d34acfdddd504ceea0098f98a/api/src/main/java/io/minio/credentials/IamAwsProvider.java

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Check: BackEnd
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@SidhNor @miracle8484 @IvanKustau