From 92de7c4a886a7e757a441c3cee2676fcb8c33d6a Mon Sep 17 00:00:00 2001 From: Blayne Chard Date: Fri, 21 Feb 2025 16:05:08 +1300 Subject: [PATCH] feat(shared): support multiple credential locations (#3407) ### Motivation We have a number of configuration files to allow reading and writing of S3 buckets across accounts, sometimes it's useful to join a collection of access lists together to provide a more comprehensive list of credentials for the calling service. ### Modifications Allow credentials to be loaded from multiple sources using either a comma separated list or a JSON list, this behavior is the same as the workflows inside of argo https://github.com/linz/argo-tasks/blob/master/src/fs.register.ts#L132 ### Verification Logic is taken from argo tasks, and will be tested in argo. --- packages/shared/src/file.system.ts | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/packages/shared/src/file.system.ts b/packages/shared/src/file.system.ts index 9ce91628c..63f7cdc9d 100644 --- a/packages/shared/src/file.system.ts +++ b/packages/shared/src/file.system.ts @@ -54,8 +54,24 @@ credentials.onFileSystemFound = (acc: AwsCredentialConfig, fs?: FsAwsS3, path?: fsa.register(acc.prefix, fs); }; +/** + * Split JSON or comma separated lists into individual components + * + * Allowing for credentials to be loaded from multiple sources eg + * + * @example comma separated list + * ```typescript + * "s3://foo/bar.json,s3://foo/baz.json" + * ``` + */ +function splitConfig(x: string): string[] { + if (x.startsWith('[')) return JSON.parse(x) as string[]; + return x.split(','); +} const credentialPath = Env.get(Env.AwsRoleConfigPath); -if (credentialPath) credentials.registerConfig(fsa.toUrl(credentialPath), s3Fs); +if (credentialPath) { + for (const loc of splitConfig(credentialPath)) credentials.registerConfig(fsa.toUrl(loc), s3Fs); +} s3Fs.credentials = credentials;