Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: Add options to specify AWS credential source for RDS functions #3289

Draft
wants to merge 2 commits into
base: master
Choose a base branch
from

Conversation

hairyhum
Copy link
Contributor

Change Overview

Currently AWS credentials are always taken from the profile, which limits
the ability to export into non-s3 storage and s3 storage in other regions.

Added options to specify a separate secret or use IAM role for service account.

Pull request type

Please check the type of change your PR introduces:

  • 🚧 Work in Progress
  • 🌈 Refactoring (no functional changes, no api changes)
  • 🐹 Trivial/Minor
  • 🐛 Bugfix
  • 🌻 Feature
  • 🗺️ Documentation
  • 🤖 Test
  • 🏗️ Build

Issues

  • fixes #issue-number

Test Plan

  • Run RDS example with new arguments added in the blueprint

    • Secret credentials with S3 in another region
    • Serviceaccount credentials
  • 💪 Manual

  • ⚡ Unit test

  • 💚 E2E

Currently AWS credentials are always taken from the profile, which limits
the ability to export into non-s3 storage and s3 storage in other regions.

Added options to specify a separate secret or use IAM role for service account.
@viveksinghggits
Copy link
Contributor

viveksinghggits commented Dec 24, 2024

Hi @hairyhum,
I was looking into the changes and was wondering if it would be a good idea to just extend profile in such a way that we can accept the new fields/IAM from profile instead of introducing the new secret way.
I think introducing the secret to accept the creds complicates the things and maybe complicates blueprints as well. And the other reason would be, profile usually is the resource where we say object store details should be defined.
Or, do you think it's not a good idea to just extend the profile for this new thing.

@hairyhum
Copy link
Contributor Author

hairyhum commented Dec 24, 2024

I was looking into the changes and was wondering if it would be a good idea to just extend profile in such a way that we can accept the new fields/IAM from profile instead of introducing the new secret way.

There is a principal issue with using profile as a source of the credentials. Because the credentials here are the data source credentials, while profile is by design the data destination credential.
So we either need to extend profile to have both source and destination, which doesn't make sense outside of RDS case, or we need to use another API to supply source credentials.

And the other reason would be, profile usually is the resource where we say object store details should be defined.

And it is still the case even with this change (unless I messed up and introduced a bug). There is no intention to switch away from profiles as destination (e.g. object store) configuration.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants