From d7ab7f56d7b1da1f9f324dcc17aa46c3041cd001 Mon Sep 17 00:00:00 2001 From: Emmanuel Mathot Date: Tue, 20 Feb 2024 11:23:23 +0100 Subject: [PATCH 1/3] Fix GetWebIdentityCredentialsAsync parameter name in IS3ClientFactory --- src/Stars.Services/Resources/IS3ClientFactory.cs | 2 +- src/Stars.Services/Resources/S3ClientFactory.cs | 10 +++++++++- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/src/Stars.Services/Resources/IS3ClientFactory.cs b/src/Stars.Services/Resources/IS3ClientFactory.cs index a3f47525..3c3d71ca 100644 --- a/src/Stars.Services/Resources/IS3ClientFactory.cs +++ b/src/Stars.Services/Resources/IS3ClientFactory.cs @@ -14,7 +14,7 @@ public interface IS3ClientFactory Task CreateS3ClientAsync(S3Url url, IIdentityProvider identityProvider, string policy = null); AWSCredentials GetConfiguredCredentials(S3Url s3Url, IIdentityProvider identityProvider = null); IAmazonS3 CreateS3Client(string name); - Task GetWebIdentityCredentialsAsync(string url, JwtSecurityToken jwt, string policy); + Task GetWebIdentityCredentialsAsync(string serviceUrl, JwtSecurityToken jwt, string policy); } diff --git a/src/Stars.Services/Resources/S3ClientFactory.cs b/src/Stars.Services/Resources/S3ClientFactory.cs index 43468edb..7d1f63a4 100644 --- a/src/Stars.Services/Resources/S3ClientFactory.cs +++ b/src/Stars.Services/Resources/S3ClientFactory.cs @@ -370,6 +370,14 @@ public AWSOptions GetNamedAWSOptionsOrDefault(string key) public async Task GetWebIdentityCredentialsAsync(string serviceURL, JwtSecurityToken jwt, string policy) { + if (jwt == null) + { + throw new ArgumentNullException(nameof(jwt)); + } + if (jwt.ValidTo < DateTime.UtcNow) + { + throw new ArgumentException("JWT token is expired"); + } AmazonSecurityTokenServiceConfig amazonSecurityTokenServiceConfig = new AmazonSecurityTokenServiceConfig(); amazonSecurityTokenServiceConfig.ServiceURL = serviceURL; var stsClient = new AmazonSecurityTokenServiceClient(new AnonymousAWSCredentials(), amazonSecurityTokenServiceConfig); @@ -379,7 +387,7 @@ public async Task GetWebIdentityCredentialsAsync(string serviceU WebIdentityToken = jwt.RawData, // RoleArn = "arn:aws:iam::123456789012:role/RoleForTerradue", RoleSessionName = "MySession", - DurationSeconds = 3600, + DurationSeconds = jwt.ValidTo.Subtract(DateTime.UtcNow).Seconds, Policy = policy }); return assumeRoleResult.Credentials; From a153fffae307684bc281c45187a59f4e21c80a8f Mon Sep 17 00:00:00 2001 From: Emmanuel Mathot Date: Tue, 20 Feb 2024 12:34:21 +0100 Subject: [PATCH 2/3] Fix S3ClientFactory to handle session tokens*** ***Add SessionToken property to S3Options --- src/Stars.Services/Resources/S3ClientFactory.cs | 9 ++++++--- src/Stars.Services/Resources/S3Options.cs | 2 ++ 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/src/Stars.Services/Resources/S3ClientFactory.cs b/src/Stars.Services/Resources/S3ClientFactory.cs index 7d1f63a4..d1b740ed 100644 --- a/src/Stars.Services/Resources/S3ClientFactory.cs +++ b/src/Stars.Services/Resources/S3ClientFactory.cs @@ -123,8 +123,12 @@ public AWSCredentials GetConfiguredCredentials(S3Url s3Url, IIdentityProvider id { var s3Configuration = s3Options.CurrentValue.GetS3Configuration(s3Url.ToString(), identityProvider?.GetPrincipal()); - if (!string.IsNullOrEmpty(s3Configuration.Value?.AccessKey) != null && !string.IsNullOrEmpty(s3Configuration.Value?.SecretKey)) + if (!string.IsNullOrEmpty(s3Configuration.Value?.AccessKey) && !string.IsNullOrEmpty(s3Configuration.Value?.SecretKey)) { + if ( !string.IsNullOrEmpty(s3Configuration.Value?.SessionToken)) + { + return new SessionAWSCredentials(s3Configuration.Value.AccessKey, s3Configuration.Value.SecretKey, s3Configuration.Value.SessionToken); + } return new BasicAWSCredentials(s3Configuration.Value.AccessKey, s3Configuration.Value.SecretKey); } @@ -367,7 +371,6 @@ public AWSOptions GetNamedAWSOptionsOrDefault(string key) return s3Options.CurrentValue.RootConfiguration.GetAWSOptions(); } - public async Task GetWebIdentityCredentialsAsync(string serviceURL, JwtSecurityToken jwt, string policy) { if (jwt == null) @@ -387,7 +390,7 @@ public async Task GetWebIdentityCredentialsAsync(string serviceU WebIdentityToken = jwt.RawData, // RoleArn = "arn:aws:iam::123456789012:role/RoleForTerradue", RoleSessionName = "MySession", - DurationSeconds = jwt.ValidTo.Subtract(DateTime.UtcNow).Seconds, + DurationSeconds = Math.Max(900, jwt.ValidTo.Subtract(DateTime.UtcNow).Seconds), Policy = policy }); return assumeRoleResult.Credentials; diff --git a/src/Stars.Services/Resources/S3Options.cs b/src/Stars.Services/Resources/S3Options.cs index ad153643..654d6057 100644 --- a/src/Stars.Services/Resources/S3Options.cs +++ b/src/Stars.Services/Resources/S3Options.cs @@ -65,6 +65,7 @@ public S3Configuration(S3Configuration s3Configuration) this.ServiceURL = s3Configuration?.ServiceURL; this.AccessKey = s3Configuration?.AccessKey; this.SecretKey = s3Configuration?.SecretKey; + this.SessionToken = s3Configuration?.SessionToken; this.AuthenticationRegion = s3Configuration?.AuthenticationRegion; this.UseHttp = s3Configuration == null ? false : s3Configuration.UseHttp; this.ForcePathStyle = s3Configuration == null ? false : s3Configuration.ForcePathStyle; @@ -79,6 +80,7 @@ public S3Configuration(S3Configuration s3Configuration) public string ServiceURL { get; set; } public string AccessKey { get; set; } public string SecretKey { get; set; } + public string SessionToken { get; set; } public string Region { get; set; } public string AuthenticationRegion { get; set; } public bool UseHttp { get; set; } From 770bc5730f260056bff5c3e8f100e16d69a5f590 Mon Sep 17 00:00:00 2001 From: Emmanuel Mathot Date: Tue, 20 Feb 2024 14:25:32 +0100 Subject: [PATCH 3/3] Update version numbers to 2.19.4 --- CHANGELOG.md | 31 +++++++++++++++++-- .../Terradue.Stars.Console.csproj | 2 +- src/Stars.Data/Terradue.Stars.Data.csproj | 2 +- .../Terradue.Stars.Services.csproj | 2 +- 4 files changed, 32 insertions(+), 5 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 483aa4c9..54aea559 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,13 +7,40 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 Generated by [`auto-changelog`](https://github.com/CookPete/auto-changelog). -## [2.19.1](https://github.com/Terradue/Stars/compare/2.19.0...2.19.1) +## [2.19.4](https://github.com/Terradue/Stars/compare/2.19.3...2.19.4) + +***Add SessionToken property to S3Options + +### Commits + +- Fix GetWebIdentityCredentialsAsync parameter name in IS3ClientFactory [`d7ab7f5`](https://github.com/Terradue/Stars/commit/d7ab7f56d7b1da1f9f324dcc17aa46c3041cd001) +- Fix S3ClientFactory to handle session tokens*** [`a153fff`](https://github.com/Terradue/Stars/commit/a153fffae307684bc281c45187a59f4e21c80a8f) + +## [2.19.3](https://github.com/Terradue/Stars/compare/2.19.2...2.19.3) - 2024-02-19 + +### Commits + +- Add support for t2:product_type in OpenSearchableSupplier [`1a1ae75`](https://github.com/Terradue/Stars/commit/1a1ae7538b82b31d5be745963156044735c57d83) +- Ready to release 2.19.3 [`9e3cd4e`](https://github.com/Terradue/Stars/commit/9e3cd4e69550f88e5d6ff28f03c7a24c8a864bff) + +## [2.19.2](https://github.com/Terradue/Stars/compare/2.19.1-1...2.19.2) - 2024-02-19 + +### Merged + +- Fix for NullReferenceException (BKA) [`#44`](https://github.com/Terradue/Stars/pull/44) + +### Commits + +- Fix for NullReferenceException [`849efe5`](https://github.com/Terradue/Stars/commit/849efe5e12cc43e386ce8529c5a514a32a816f99) +- Ready to release 2.19.2 [`470ef9b`](https://github.com/Terradue/Stars/commit/470ef9b4e77e6d0785a939c45c52208bcc69c181) + +## [2.19.1-1](https://github.com/Terradue/Stars/compare/2.19.0...2.19.1-1) - 2024-02-13 ### Commits - Update file sizes in metadata JSON [`3fd6f4b`](https://github.com/Terradue/Stars/commit/3fd6f4b3086125af5c97083694c0a07c6137533d) - Add S3 copy launch configuration and update S3ClientFactory [`72d9c46`](https://github.com/Terradue/Stars/commit/72d9c46e32b6e8ff65f76cf2c6c07a60e6593b2a) -- Add CONAE/SAOCOM-1 resources to .gitignore [`a347df7`](https://github.com/Terradue/Stars/commit/a347df70494a2d4b9b1ae52a37e52e7f88baf214) +- RTR 2.19.1 [`7ce4e26`](https://github.com/Terradue/Stars/commit/7ce4e261b2f6bd22893200b844ac8be46dce656d) ## [2.19.0](https://github.com/Terradue/Stars/compare/2.18.1...2.19.0) - 2024-02-09 diff --git a/src/Stars.Console/Terradue.Stars.Console.csproj b/src/Stars.Console/Terradue.Stars.Console.csproj index ba89180c..1f5195e3 100644 --- a/src/Stars.Console/Terradue.Stars.Console.csproj +++ b/src/Stars.Console/Terradue.Stars.Console.csproj @@ -2,7 +2,7 @@ Exe net6.0 - 2.19.3 + 2.19.4 Stars is a CLI for working with Spatio Temporal Catalog such as STAC but not only $(Version)-$(VersionSuffix) diff --git a/src/Stars.Data/Terradue.Stars.Data.csproj b/src/Stars.Data/Terradue.Stars.Data.csproj index b19f4ab6..5731fd7f 100644 --- a/src/Stars.Data/Terradue.Stars.Data.csproj +++ b/src/Stars.Data/Terradue.Stars.Data.csproj @@ -4,7 +4,7 @@ Terradue.Stars.Data Terradue.Stars.Data Collection of data Plugins for Terradue.Stars - 2.19.3 + 2.19.4 $(Version)-$(VersionSuffix) NU1603 diff --git a/src/Stars.Services/Terradue.Stars.Services.csproj b/src/Stars.Services/Terradue.Stars.Services.csproj index 84e626df..9d027ef2 100644 --- a/src/Stars.Services/Terradue.Stars.Services.csproj +++ b/src/Stars.Services/Terradue.Stars.Services.csproj @@ -3,7 +3,7 @@ netstandard2.0 Terradue.Stars Stars is a set of services for working with Spatio Temporal Catalog such as STAC but not only - 2.19.3 + 2.19.4 $(Version)-$(VersionSuffix) Terradue.Stars.Services