quickwit icon indicating copy to clipboard operation
quickwit copied to clipboard
verified publisher icon quickwit-oss

Support custom STS endpoint

Open rmvangun opened this issue 1 year ago • 2 comments

Is your feature request related to a problem? Please describe. MinIO now supports STS client authentication, https://min.io/docs/minio/linux/developers/security-token-service.html

This does not seem to be supported currently by Quickwit due to a lack of support for custom STS endpoints.

Describe the solution you'd like In order to support this, the rust AWS sdk needs to be configured to use a custom STS endpoint. I could imagine a QW_STS_ENDPOINT env var.

Describe alternatives you've considered Creating and distributing secret keys and access keys in my cluster is operationally challenging and often requires security tradeoffs.

Additional context If this is pretty low lift I'm happy to take a crack at it, but I'm new to Rust and this project.

rmvangun avatar Jul 06 '24 15:07 rmvangun

@rmvangun We welcome contributions :)

fulmicoton avatar Jul 27 '24 07:07 fulmicoton

I did do a little investigation on the matter, and would be happy to help out though I'm pretty constrained on bandwidth right now--I'll add my research for the time being and if the implementation looks straightforward I'll try to hop in sooner than later.

Some AWS SDKs supports the ability to specify any AWS service endpoint using something like AWS_ENDPOINT_URL_<SERVICE> doc. Unfortunately, the rust AWS SDK isn't one of them (yet).

In lieu of this, would need to do it directly via the SDK, expand the client implementation in https://github.com/quickwit-oss/quickwit/blob/main/quickwit/quickwit-storage/src/object_storage/s3_compatible_storage.rs

rmvangun avatar Aug 01 '24 05:08 rmvangun