From f27e9d92a14bbd452440a1595c2b0d7f22844362 Mon Sep 17 00:00:00 2001 From: Kacper Date: Fri, 11 Oct 2024 17:26:42 +0200 Subject: [PATCH] feat: IAM role access --- .../020.environment-variables.md | 4 +-- packages/nocodb/src/helpers/NcPluginMgrv2.ts | 27 +++++++++---------- .../nocodb/src/plugins/GenericS3/GenericS3.ts | 12 ++++----- packages/nocodb/src/plugins/s3/S3.ts | 15 ++++++----- packages/nocodb/src/plugins/s3/index.ts | 4 +-- 5 files changed, 32 insertions(+), 30 deletions(-) diff --git a/packages/noco-docs/docs/020.getting-started/050.self-hosted/020.environment-variables.md b/packages/noco-docs/docs/020.getting-started/050.self-hosted/020.environment-variables.md index 5bae60b3f4..5a9758f3b9 100644 --- a/packages/noco-docs/docs/020.getting-started/050.self-hosted/020.environment-variables.md +++ b/packages/noco-docs/docs/020.getting-started/050.self-hosted/020.environment-variables.md @@ -34,8 +34,8 @@ For production use cases, it is crucial to set all environment variables marked | `NC_S3_BUCKET_NAME` | No | The name of the AWS S3 bucket used for the S3 storage plugin. | | | `NC_S3_REGION` | No | The AWS S3 region where the S3 storage plugin bucket is located. | | | `NC_S3_ENDPOINT` | No | S3 endpoint for S3 storage plugin. | Defaults to `s3..amazonaws.com` | -| `NC_S3_ACCESS_KEY` | No | The AWS access key ID required for the S3 storage plugin. | | -| `NC_S3_ACCESS_SECRET` | No | The AWS access secret associated with the S3 storage plugin. | | +| `NC_S3_ACCESS_KEY` | No | The AWS access key ID for the S3 storage plugin. Required if no role access in use. | | +| `NC_S3_ACCESS_SECRET` | No | The AWS access secret associated with the S3 storage plugin. Required if no role access in use. | | | `NC_S3_FORCE_PATH_STYLE` | No | Whether to force [path-style requests](https://docs.aws.amazon.com/AmazonS3/latest/userguide/VirtualHosting.html#path-style-access) for the S3 storage plugin. | | | `NC_S3_ACL` | No | The [ACL](https://docs.aws.amazon.com/AmazonS3/latest/userguide/acl-overview.html) for the objects in S3 | | | | `NC_ATTACHMENT_FIELD_SIZE` | No | Maximum file size allowed for [attachments](/fields/field-types/custom-types/attachment/) in bytes. | Defaults to `20971520` (20 MiB). | diff --git a/packages/nocodb/src/helpers/NcPluginMgrv2.ts b/packages/nocodb/src/helpers/NcPluginMgrv2.ts index 825547fc22..c9bf57212c 100644 --- a/packages/nocodb/src/helpers/NcPluginMgrv2.ts +++ b/packages/nocodb/src/helpers/NcPluginMgrv2.ts @@ -118,28 +118,27 @@ class NcPluginMgrv2 { /* * NC_S3_BUCKET_NAME * NC_S3_REGION - * NC_S3_ACCESS_KEY - * NC_S3_ACCESS_SECRET * */ if ( process.env.NC_S3_BUCKET_NAME && - process.env.NC_S3_REGION && - process.env.NC_S3_ACCESS_KEY && - process.env.NC_S3_ACCESS_SECRET + process.env.NC_S3_REGION ) { const s3Plugin = await Plugin.getPluginByTitle(S3PluginConfig.title); + const s3CfgData: Record = { + bucket: process.env.NC_S3_BUCKET_NAME, + region: process.env.NC_S3_REGION, + endpoint: process.env.NC_S3_ENDPOINT, + force_path_style: process.env.NC_S3_FORCE_PATH_STYLE === 'true', + acl: process.env.NC_S3_ACL, + } + if (process.env.NC_S3_ACCESS_KEY && process.env.NC_S3_ACCESS_SECRET) { + s3CfgData.access_key = process.env.NC_S3_ACCESS_KEY + s3CfgData.access_secret = process.env.NC_S3_ACCESS_SECRET + } await Plugin.update(s3Plugin.id, { active: true, - input: JSON.stringify({ - bucket: process.env.NC_S3_BUCKET_NAME, - region: process.env.NC_S3_REGION, - endpoint: process.env.NC_S3_ENDPOINT, - access_key: process.env.NC_S3_ACCESS_KEY, - access_secret: process.env.NC_S3_ACCESS_SECRET, - force_path_style: process.env.NC_S3_FORCE_PATH_STYLE === 'true', - acl: process.env.NC_S3_ACL, - }), + input: JSON.stringify(s3CfgData), }); } diff --git a/packages/nocodb/src/plugins/GenericS3/GenericS3.ts b/packages/nocodb/src/plugins/GenericS3/GenericS3.ts index bfc46610c2..104f2d012f 100644 --- a/packages/nocodb/src/plugins/GenericS3/GenericS3.ts +++ b/packages/nocodb/src/plugins/GenericS3/GenericS3.ts @@ -14,21 +14,21 @@ import type { PutObjectRequest, S3 as S3Client } from '@aws-sdk/client-s3'; import type { IStorageAdapterV2, XcFile } from '~/types/nc-plugin'; import { generateTempFilePath, waitForStreamClose } from '~/utils/pluginUtils'; -interface GenerocObjectStorageInput { +interface GenericObjectStorageInput { bucket: string; region?: string; - access_key: string; - access_secret: string; + access_key?: string; + access_secret?: string; } export default class GenericS3 implements IStorageAdapterV2 { public name; protected s3Client: S3Client; - protected input: GenerocObjectStorageInput; + protected input: GenericObjectStorageInput; - constructor(input: unknown) { - this.input = input as GenerocObjectStorageInput; + constructor(input: GenericObjectStorageInput) { + this.input = input; } protected get defaultParams() { diff --git a/packages/nocodb/src/plugins/s3/S3.ts b/packages/nocodb/src/plugins/s3/S3.ts index 28c82b293a..d9543a5230 100644 --- a/packages/nocodb/src/plugins/s3/S3.ts +++ b/packages/nocodb/src/plugins/s3/S3.ts @@ -7,8 +7,8 @@ import GenericS3 from '~/plugins/GenericS3/GenericS3'; interface S3Input { bucket: string; region: string; - access_key: string; - access_secret: string; + access_key?: string; + access_secret?: string; endpoint?: string; acl?: string; force_path_style?: boolean; @@ -48,13 +48,16 @@ export default class S3 extends GenericS3 implements IStorageAdapterV2 { public async init(): Promise { const s3Options: S3ClientConfig = { region: this.input.region, - credentials: { - accessKeyId: this.input.access_key, - secretAccessKey: this.input.access_secret, - }, forcePathStyle: this.input.force_path_style ?? false, }; + if (this.input.access_key && this.input.access_secret) { + s3Options.credentials = { + accessKeyId: this.input.access_key, + secretAccessKey: this.input.access_secret, + } + } + if (this.input.endpoint) { s3Options.endpoint = this.input.endpoint; } diff --git a/packages/nocodb/src/plugins/s3/index.ts b/packages/nocodb/src/plugins/s3/index.ts index 4bb4df7a05..1bceb96aef 100644 --- a/packages/nocodb/src/plugins/s3/index.ts +++ b/packages/nocodb/src/plugins/s3/index.ts @@ -38,14 +38,14 @@ const config: XcPluginConfig = { label: 'Access Key', placeholder: 'Access Key', type: XcType.SingleLineText, - required: true, + required: false, }, { key: 'access_secret', label: 'Access Secret', placeholder: 'Access Secret', type: XcType.Password, - required: true, + required: false, }, { key: 'acl',