datashim support IBM Cloud IAM API Key instead of HMAC keypair when configuring COS bucket as dataset

support IBM Cloud IAM API Key instead of HMAC keypair when configuring COS bucket as dataset

Open shawnzhu opened this issue 3 years ago • 0 comments

The use case is about working with data on IBM COS. I followed the guide here: https://github.com/IBM/dataset-lifecycle-framework/wiki/Data-Volumes-for-Notebook-Servers#create-a-dataset-for-the-s3-bucket

where it creates a COS bucket, it needs:

apiVersion: com.ie.ibm.hpsys/v1alpha1
kind: Dataset
metadata:
  name: your-dataset
spec:
  local:
    type: "COS"
    accessKeyID: "access_key_id"
    secretAccessKey: "secret_access_key"
    endpoint: "https://YOUR_ENDPOINT"
    bucket: "YOUR_BUCKET"
    region: "" #it can be empty

Which requires a service credential to be created.

I wonder if it can support creating dataset via:

apiVersion: com.ie.ibm.hpsys/v1alpha1
kind: Dataset
metadata:
  name: your-dataset
spec:
  local:
    type: "COS"
    ibm_cloud_iam_apikey: "<base64 encoded api key>"
    bucket: "YOUR_BUCKET"
    region: "" #it can be empty

Which will make COS admin's life much easier since it can delegate secret management/rotate to IBM Cloud IAM.

Oct 02 '20 13:10 shawnzhu

datashim datashim copied to clipboard

support IBM Cloud IAM API Key instead of HMAC keypair when configuring COS bucket as dataset

datashim
datashim copied to clipboard