feat(artifacts) Implement S3 artifacts #2468
Conversation
benjaminws
changed the title
ghost
mentioned this pull request
| @Data | ||
| public class S3ArtifactAccount extends ArtifactAccount | ||
| { | ||
| private String name = "s3-account"; |
There was a problem hiding this comment.
I don't think we want a default name here.
Also -- should this list a role to assume? To allow for multiple accounts w/ different creds
There was a problem hiding this comment.
That's a great question. I was hoping for input on that. I think that would be useful, then we could tweak halyard to take the roles in the cli setup.
There was a problem hiding this comment.
Ok, following up here. I want to make sure I understand before implementing it. So the behavior of the code as is will be to use the default credential provider, resolving whatever it can from the instance, the env, or configuration, etc. You're saying we could add a list of roles to assume, adding those as potential credentials to use?
There was a problem hiding this comment.
I'm not familiar enough with AWS creds to give a firm answer, but I know that AWS accounts (even on running on GCE) can assume control over multiple other accounts using accountId and assumeRule like done for the AWS provider. https://github.com/spinnaker/halyard/blob/master/halyard-config/src/main/java/com/netflix/spinnaker/halyard/config/model/v1/providers/aws/AwsAccount.java#L36
Maybe we can implement this as is, and then defer to @imosquera to implement the multi-account logic?
| @@ -0,0 +1,28 @@ | |||
| /* | |||
| * Copyright 2018 Netflix, Inc. | |||
There was a problem hiding this comment.
Oh, I would make these "Datadog"
There was a problem hiding this comment.
👍 going to adjust. silly gradle plugins.
|
I could use an assist. Using the code in this PR I can't seem to make Given the behavior of this method is to try various other auth mechanisms, I've ensured there are none available in the environment or otherwise for the user running clouddriver. I've also ensured that all the necessary IAM bits are in place, and I can access objects in the requested bucket using Additionally, I've also attempted to use the Thoughts? |
|
I got this working by moving the |
…driver into benjaminws/s3-artifacts
|
Looks good! Can you file an issue that we need to support more than just default credentials? |
Implement S3 artifacts in clouddriver to support spinnaker/spinnaker#2595
Looking for feedback. The logic for determining if the artifact reference is a valid bucket/path was lifted directly from the GCS implementation.