Uploaded image for project: 'Nuxeo Platform'
  1. Nuxeo Platform
  2. NXP-25075

Add new Nuxeo AWS service to get credentials and other config

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Resolved
    • Priority: Critical
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 9.10-HF20, 10.3
    • Component/s: AWS
    • Release Notes Summary:
      A new Nuxeo AWS service is added to get credentials and other configurations.
    • Impact type:
      API change, Configuration Change
    • Upgrade notes:
      Hide

      A new template aws is available, to define the AWS configuration. When activated (which is automatically done by the marketplace-amazon-s3 package), the following nuxeo.conf properties are available:

      • nuxeo.aws.accessKeyId
      • nuxeo.aws.secretKey
      • nuxeo.aws.region

      They are optional, and if not present the default AWS SDK mechanism for configuring them will be used (environment variables, Java system properties, local AWS profile, container-specific configuration (ECS/EC2)). See https://docs.aws.amazon.com/sdk-for-java/v1/developer-guide/credentials.html#credentials-default and https://docs.aws.amazon.com/sdk-for-java/v1/developer-guide/java-dg-region-selection.html#default-region-provider-chain for more information.

      Instead of using the template, the service can also be configured manually:

        <extension target="org.nuxeo.runtime.aws.AWSConfigurationService" point="configuration">
          <configuration>
            <accessKeyId>MY_ACCESS_KEY_ID</accessKeyId>
            <secretKey>MY_SECRET_KEY</secretKey>
            <region>MY_REGION</region>
          </configuration>
        </extension>
      

      From Java there are two new APIs to get this information:

      • NuxeoAWSCredentialsProvider.getInstance()
      • NuxeoAWSRegionProvider.getInstance().getRegion()

      These credentials and region providers will default to standard AWS SDK behavior if no Nuxeo configuration is provided (see above).

      Show
      A new template aws is available, to define the AWS configuration. When activated (which is automatically done by the marketplace-amazon-s3 package), the following nuxeo.conf properties are available: nuxeo.aws.accessKeyId nuxeo.aws.secretKey nuxeo.aws.region They are optional, and if not present the default AWS SDK mechanism for configuring them will be used (environment variables, Java system properties, local AWS profile, container-specific configuration (ECS/EC2)). See https://docs.aws.amazon.com/sdk-for-java/v1/developer-guide/credentials.html#credentials-default and https://docs.aws.amazon.com/sdk-for-java/v1/developer-guide/java-dg-region-selection.html#default-region-provider-chain for more information. Instead of using the template, the service can also be configured manually: <extension target= "org.nuxeo.runtime.aws.AWSConfigurationService" point= "configuration" > <configuration> <accessKeyId> MY_ACCESS_KEY_ID </accessKeyId> <secretKey> MY_SECRET_KEY </secretKey> <region> MY_REGION </region> </configuration> </extension> From Java there are two new APIs to get this information: NuxeoAWSCredentialsProvider.getInstance() NuxeoAWSRegionProvider.getInstance().getRegion() These credentials and region providers will default to standard AWS SDK behavior if no Nuxeo configuration is provided (see above).
    • Sprint:
      nxFG 10.3.6
    • Story Points:
      3

      Description

      In some Nuxeo packages like nuxeo-cloud-binarymanager the credentials are only resolved by contribution or using the instance role.

      Because of that we can not leverage roles ( requires SESSION_TOKEN ) or even the ECS role will probably also fail.

      We should stick to the normal resolution flow, unless a contribution is detected: to keep compatilbity
      https://docs.aws.amazon.com/sdk-for-java/v1/developer-guide/credentials.html

      We need to circle on all Nuxeo modules that use AWS to ensure we have one unique way to handle AWS credentials ( maybe create an AWS common )

      https://github.com/nuxeo/nuxeo-core-binarymanager-cloud

        Attachments

          Issue Links

            Activity

              People

              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0 minutes
                  0m
                  Logged:
                  Time Spent - 2 days
                  2d

                    PagerDuty

                    Error rendering 'com.pagerduty.jira-server-plugin:PagerDuty'. Please contact your Jira administrators.