Skip to content

Commit

Permalink
feat(file-s3): Add support for IAM role authentication to file-s3 pro…
Browse files Browse the repository at this point in the history
…vider
  • Loading branch information
sradevski committed Dec 10, 2024
1 parent bed00e1 commit 400df15
Show file tree
Hide file tree
Showing 3 changed files with 30 additions and 11 deletions.
5 changes: 3 additions & 2 deletions packages/core/types/src/file/providers/s3.ts
Original file line number Diff line number Diff line change
@@ -1,7 +1,8 @@
export interface S3FileServiceOptions {
file_url: string
access_key_id: string
secret_access_key: string
access_key_id?: string
secret_access_key?: string
authentication_method?: "access-key" | "s3-iam-role"
region: string
bucket: string
prefix?: string
Expand Down
2 changes: 1 addition & 1 deletion packages/modules/providers/file-s3/package.json
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@
"license": "MIT",
"scripts": {
"test": "jest --passWithNoTests src",
"test:integration": "jest --forceExit -- integration-tests/**/__tests__/**/*.spec.ts",
"test:integration": "jest --forceExit -- integration-tests/__tests__/*.spec.ts",
"build": "rimraf dist && tsc --build ./tsconfig.json",
"watch": "tsc --watch"
},
Expand Down
34 changes: 26 additions & 8 deletions packages/modules/providers/file-s3/src/services/s3-file.ts
Original file line number Diff line number Diff line change
Expand Up @@ -23,10 +23,10 @@ type InjectedDependencies = {
}

interface S3FileServiceConfig {
// TODO: We probably don't need this as either the service should return it or we should be able to calculate it.
fileUrl: string
accessKeyId: string
secretAccessKey: string
accessKeyId?: string
secretAccessKey?: string
authenticationMethod?: "access-key" | "s3-iam-role"
region: string
bucket: string
prefix?: string
Expand All @@ -36,7 +36,6 @@ interface S3FileServiceConfig {
additionalClientConfig?: Record<string, any>
}

// FUTURE: At one point we will probably need to support authenticating with IAM roles instead.
export class S3FileService extends AbstractFileProviderService {
static identifier = "s3"
protected config_: S3FileServiceConfig
Expand All @@ -46,10 +45,23 @@ export class S3FileService extends AbstractFileProviderService {
constructor({ logger }: InjectedDependencies, options: S3FileServiceOptions) {
super()

const authenticationMethod = options.authentication_method ?? "access-key"

if (
authenticationMethod === "access-key" &&
(!options.access_key_id || !options.secret_access_key)
) {
throw new MedusaError(
MedusaError.Types.INVALID_DATA,
`Access key ID and secret access key are required when using access key authentication`
)
}

this.config_ = {
fileUrl: options.file_url,
accessKeyId: options.access_key_id,
secretAccessKey: options.secret_access_key,
authenticationMethod: authenticationMethod,
region: options.region,
bucket: options.bucket,
prefix: options.prefix ?? "",
Expand All @@ -63,11 +75,17 @@ export class S3FileService extends AbstractFileProviderService {
}

protected getClient() {
// If none is provided, the SDK will use the default credentials provider chain, see https://docs.aws.amazon.com/cli/v1/userguide/cli-configure-envvars.html
const credentials =
this.config_.authenticationMethod === "access-key"
? {
accessKeyId: this.config_.accessKeyId!,
secretAccessKey: this.config_.secretAccessKey!,
}
: undefined

const config: S3ClientConfigType = {
credentials: {
accessKeyId: this.config_.accessKeyId,
secretAccessKey: this.config_.secretAccessKey,
},
credentials,
region: this.config_.region,
endpoint: this.config_.endpoint,
...this.config_.additionalClientConfig,
Expand Down

0 comments on commit 400df15

Please sign in to comment.