S3 Credentials

micstriit · July 14, 2021, 2:25pm

ATM you can define credentials for S3 in 3 different places

in the env variables/system properties (LUCEE_S3_ACCESSKEYID="…";…)
in the Application.cfc (this.s3.accessKeyId = “…”;… )
in the path directly (s3://ACCESSKEYID:SECRETKEY@/bucketName)

But ATM you can only use the last option in case you wanna use multiple different credentials (endpoints).

so you have to do something like

dump(directoryList("s3://#shopAKI#:#shopSK#@/bucketName"));
dump(directoryList("s3://#adminAKI#:#adminSK#@/bucketName"));

But i would prefer to work with mappings, so you simply can do

dump(directoryList("s3://shop@/bucketName"));
dump(directoryList("s3://admin@/bucketName"));

and in the Application.cfc you have

component {
	this.s3.shop.accessKeyId = "...";
	this.s3.shop.awsSecretKey = "...";
	this.s3.admin.accessKeyId = "...";
	this.s3.admin.awsSecretKey = "...";
}

and as an env var you can set

LUCEE_S3_SHOP_ACCESSKEYID="...";LUCEE_S3_SHOP_SECRETKEY="...";

The same way you can define datasources.

What do you think?

BTW we can support exactly the same also for other virtual file systems like “http”
Application.cfc

component {
	this.http.lucee.username = "susi";
	this.http.lucee.password = "foehn";
	this.http.lucee.authtype = "basic";
}

then in the code

dump(directoryList("http://lucee@lucee.org/whatever/"));

Zackster · July 14, 2021, 2:32pm

I like it, but it feels a little bit messy mixing the defaults and profiles all under one struct (this.s3)

does that mean a directory list of a bucket would then return the s3 profile name instead of the key and secret?

micstriit · July 14, 2021, 3:37pm

this is the same as with datasources, you can do

this.datasources["test"] = {
	  class: 'com.mysql.cj.jdbc.Driver'
	, connectionString: 'jdbc:mysql://localhost:3306/test?characterEncoding=UTF-8'
	, username: 'root'
	, password: "..."
};

and

this.datasource = {
	  class: 'com.mysql.cj.jdbc.Driver'
	, connectionString: 'jdbc:mysql://localhost:3306/test?characterEncoding=UTF-8'
	, username: 'root'
	, password: "..."
};

sure the difference is an “s”, but i would even argue that you should also be able to do

this.datasource["test"] = {
	  class: 'com.mysql.cj.jdbc.Driver'
	, connectionString: 'jdbc:mysql://localhost:3306/test?characterEncoding=UTF-8'
	, username: 'root'
	, password: "..."
};

in addition with datasources you can also do this.defaultDatasource as an alias for this.datasource. Following that logic, we should have this.defaultS3 and this.s3es ?

[quote=“Zackster, post:2, topic:8580”]
does that mean a directory list of a bucket would then return the s3 profile name instead of the key and secret?[/quote]
EXACTLY

dawesi · August 13, 2022, 4:16pm

which is probably why we should introduce something like “storagesource” and “mailsource” (someting I’ve ranted about introducing for decades)

storagesource could support a variety of “extensions” like S3/Azure/R2/FTP/rsync etc for storage ‘providers’

we shouldn’t bake any external vendor functionality in natively, just like datasource types, should be an extension that is not by default included in build.

(just like you should be able to have “mailchimp/ses/sendgrid/etc” type email sources)