From a907dd5cfe973d937703babd22aa600b0ef0ab56 Mon Sep 17 00:00:00 2001
From: Walter J Dsouza <walterdsouza@in.ibm.com>
Date: Tue, 4 Oct 2022 17:15:34 +0530
Subject: [PATCH] fix: config update for rookceph
---
app/sdms/src/cloud/providers/ibm/config.ts | 8 ++++++--
app/sdms/src/cloud/providers/ibm/credentials.ts | 12 +++++++-----
app/sdms/src/cloud/providers/ibm/stshelper.ts | 4 ++--
3 files changed, 15 insertions(+), 9 deletions(-)
diff --git a/app/sdms/src/cloud/providers/ibm/config.ts b/app/sdms/src/cloud/providers/ibm/config.ts
index 4953a07f2..dd7da24b3 100644
--- a/app/sdms/src/cloud/providers/ibm/config.ts
+++ b/app/sdms/src/cloud/providers/ibm/config.ts
@@ -26,7 +26,9 @@ export class IbmConfig extends Config {
public static COS_SIGNATUREVERSION: string;
public static COS_SUBUSER_ACCESS_KEY_ID: string;
public static COS_SUBUSER_SECRET_ACCESS_KEY: string;
- public static COS_TEMP_CRED_EXPITY: string;
+ public static COS_TEMP_CRED_EXPIRY: string;
+ public static COS_ROLE_ARN: string;
+ public static COS_ROLE_SESSION_NAME: string;
// IBM KeyCloak
public static KEYCLOAK_BASEURL: string;
@@ -95,7 +97,9 @@ export class IbmConfig extends Config {
IbmConfig.COS_SIGNATUREVERSION = process.env.COS_SIGNATUREVERSION;
IbmConfig.COS_SUBUSER_ACCESS_KEY_ID = process.env.COS_SUBUSER_ACCESS_KEY_ID;
IbmConfig.COS_SUBUSER_SECRET_ACCESS_KEY = process.env.COS_SUBUSER_SECRET_ACCESS_KEY;
- IbmConfig.COS_TEMP_CRED_EXPITY = process.env.COS_TEMP_CRED_EXPITY;
+ IbmConfig.COS_TEMP_CRED_EXPIRY = process.env.COS_TEMP_CRED_EXPIRY || '7200';
+ IbmConfig.COS_ROLE_ARN = process.env.COS_ROLE_ARN || 'arn:aws:iam:::role/osdurolearn';
+ IbmConfig.COS_ROLE_SESSION_NAME = process.env.COS_ROLE_SESSION_NAME || 'Bob';
// IBM Keycloak
IbmConfig.KEYCLOAK_BASEURL = process.env.KEYCLOAK_BASEURL;
diff --git a/app/sdms/src/cloud/providers/ibm/credentials.ts b/app/sdms/src/cloud/providers/ibm/credentials.ts
index d9848dc23..9f44bda6e 100644
--- a/app/sdms/src/cloud/providers/ibm/credentials.ts
+++ b/app/sdms/src/cloud/providers/ibm/credentials.ts
@@ -48,8 +48,9 @@ export class Credentials extends AbstractCredentials {
tenant: string, subproject: string,
bucket: string, readonly: boolean, _partition: string): Promise<IAccessTokenModel> {
- const expDuration = IbmConfig.COS_TEMP_CRED_EXPITY;
+ const expDuration = IbmConfig.COS_TEMP_CRED_EXPIRY;
let roleArn = '';
+ let roleSessionName = '';
let credentials = '';
let flagUpload = true;
@@ -58,19 +59,20 @@ export class Credentials extends AbstractCredentials {
// this can start getting folder from gcs url along with bucket
const s3bucket = keyPath;
+ roleArn = IbmConfig.COS_ROLE_ARN;
+ roleSessionName = IbmConfig.COS_ROLE_SESSION_NAME;
+
if (readonly) { // readOnly True
- roleArn = 'arn:123:456:789:1234';
flagUpload = false;
} else {// readOnly False
- roleArn = 'arn:123:456:789:1234';
flagUpload = true;
}
- credentials = await this.ibmSTSHelper.getCredentials(s3bucket, keyPath, roleArn, flagUpload, expDuration);
+ credentials = await this.ibmSTSHelper.getCredentials(s3bucket, keyPath, roleArn, roleSessionName, flagUpload, expDuration);
const result = {
access_token: credentials,
- expires_in: 7200,
+ expires_in: parseInt(expDuration),
token_type: 'Bearer',
};
diff --git a/app/sdms/src/cloud/providers/ibm/stshelper.ts b/app/sdms/src/cloud/providers/ibm/stshelper.ts
index b5c59eb70..9c04e5e27 100644
--- a/app/sdms/src/cloud/providers/ibm/stshelper.ts
+++ b/app/sdms/src/cloud/providers/ibm/stshelper.ts
@@ -18,7 +18,7 @@ export class IBMSTShelper{
}
public async getCredentials(bucketName: string, keyPath: string,
- roleArn: string, flagUpload: boolean, exp: string): Promise<string> {
+ roleArn: string, roleSessionName: string, flagUpload: boolean, exp: string): Promise<string> {
let policy: any;
if(flagUpload === true)
@@ -35,7 +35,7 @@ export class IBMSTShelper{
ExternalId: 'OSDUAWS',
Policy: policy,
RoleArn: roleArn,
- RoleSessionName: 'OSDUAWSAssumeRoleSession',
+ RoleSessionName: roleSessionName,
DurationSeconds: expDuration
};
const roleCredentials = await this.sts.assumeRole(stsParams).promise();
--
GitLab