From a1eb7e9369e60cdd8ea456f3ae08ad864e3a7553 Mon Sep 17 00:00:00 2001 From: Maxim Lapan Date: Mon, 16 Oct 2023 13:33:45 +0200 Subject: [PATCH] Retrieve aws creds from env, build identifier incrementally --- .../AbstractImportExportQueryGenerator.java | 49 +++++++++++++++++-- 1 file changed, 44 insertions(+), 5 deletions(-) diff --git a/exasol-s3/src/main/java/com/exasol/spark/s3/AbstractImportExportQueryGenerator.java b/exasol-s3/src/main/java/com/exasol/spark/s3/AbstractImportExportQueryGenerator.java index c95ed69..3ca3a28 100644 --- a/exasol-s3/src/main/java/com/exasol/spark/s3/AbstractImportExportQueryGenerator.java +++ b/exasol-s3/src/main/java/com/exasol/spark/s3/AbstractImportExportQueryGenerator.java @@ -3,6 +3,14 @@ import com.exasol.spark.common.ExasolOptions; import com.exasol.spark.common.Option; +import com.amazonaws.util.StringUtils; + +import java.util.AbstractMap; +import java.util.Map; + +import static com.amazonaws.SDKGlobalConfiguration.ACCESS_KEY_ENV_VAR; +import static com.amazonaws.SDKGlobalConfiguration.SECRET_KEY_ENV_VAR; + /** * An common {@code CSV} query generator class. * @@ -33,11 +41,27 @@ public AbstractImportExportQueryGenerator(final ExasolOptions options) { * @return identifiedBy part of a query */ public String getIdentifier() { - // TODO: get credentials from ENV variable or not pass USER and IDENTIFIED BY at all - final String awsAccessKeyId = this.options.get(Option.AWS_ACCESS_KEY_ID.key()); - final String awsSecretAccessKey = this.options.get(Option.AWS_SECRET_ACCESS_KEY.key()); - return "AT '" + escapeStringLiteral(getBucketURL()) + "'\nUSER '" + escapeStringLiteral(awsAccessKeyId) - + "' IDENTIFIED BY '" + escapeStringLiteral(awsSecretAccessKey) + "'\n"; + Map.Entry awsCreds = getAWSCredentials(); + + StringBuilder result = new StringBuilder("AT '"); + result.append(escapeStringLiteral(getBucketURL())); + result.append('\''); + + // no access key -> no user in the identifier, giving an option to use AWS EC2 Role Profiles + // https://exasol.my.site.com/s/article/Changelog-content-15155?language=en_US + if (!StringUtils.isNullOrEmpty(awsCreds.getKey())) { + result.append("USER '"); + result.append(escapeStringLiteral(awsCreds.getKey())); + result.append('\''); + } + + if (!StringUtils.isNullOrEmpty(awsCreds.getValue())) { + result.append(" IDENTIFIED BY '"); + result.append(escapeStringLiteral(awsCreds.getValue())); + result.append('\''); + } + result.append('\n'); + return result.toString(); } private String escapeStringLiteral(final String input) { @@ -59,4 +83,19 @@ private String getS3Endpoint() { return override; } + private Map.Entry getAWSCredentials() { + String awsAccessKeyId, awsSecretAccessKey; + + if (this.options.containsKey(Option.AWS_ACCESS_KEY_ID.key())) { + awsAccessKeyId = this.options.get(Option.AWS_ACCESS_KEY_ID.key()); + awsSecretAccessKey = this.options.get(Option.AWS_SECRET_ACCESS_KEY.key()); + } else { + // Retrieve access key and secret access key from environment variables + awsAccessKeyId = System.getenv(ACCESS_KEY_ENV_VAR); + awsSecretAccessKey = System.getenv(SECRET_KEY_ENV_VAR); + } + awsAccessKeyId = StringUtils.trim(awsAccessKeyId); + awsSecretAccessKey = StringUtils.trim(awsSecretAccessKey); + return new AbstractMap.SimpleImmutableEntry<>(awsAccessKeyId, awsSecretAccessKey); + } }