sixtyfour icon indicating copy to clipboard operation
sixtyfour copied to clipboard
Published 8 months ago • verified publisher icon getwilds

Auth interface?

Open sckott opened this issue 1 year ago • 5 comments

paws doesn't really have anything that's user facing for peeking at auth creds, which auth is being used, etc. might be worth a user facing function for this

sckott avatar Aug 23 '24 16:08 sckott

This is not urgent to get down soon - just recording thoughts while they're fresh. ping @seankross - any other ideas? do you like either one of these, or niether?

What i'd like to see is one of the following with the goal of having a good user experience wrt knowing what auth is being used:

.onLoad

in a function .onLoad <- function() { load_auth_details_as_paws_does() }

library(sixtyfour)
#> <sixtyfour aws credentials>
#>   location: env vars # or could be: ~/.aws/credentials, ~/.aws/config, etc.
#>   profile (if any): TEST  
#>   region: us-west-2

cli pkg message on first use of a fxn that requires aws auth

Instead of using onload - or maybe in addition to? - we could print auth details similar to above - but only:

  • the first time auth is needed (i've created a solution for this myself, but tidyverse folks also have a pkg for this), and
  • any time auth is changed - e.g., if a user sets different creds in the same R session

for example:

aws_buckets()
#> <creds- location: ~/.aws/config, profile: TEST, region: us-west-2>
#>
#> # A tibble: 6 × 8
#>   bucket_name           key   uri                               size type   owner etag  last_modified
#>   <chr>                 <chr> <chr>                      <fs::bytes> <chr>  <chr> <chr> <dttm>
#> 1 bucketcipjeuvd        ""    s3://bucketcipjeuvd                  0 bucket ""    ""    NA
#> 2 bucketrcktxshl        ""    s3://bucketrcktxshl                  0 bucket ""    ""    NA

sckott avatar Feb 11 '25 22:02 sckott

Do you know how other packages handle this?

seankross avatar Feb 11 '25 23:02 seankross

i'll have a look

sckott avatar Feb 11 '25 23:02 sckott

How other packages handle AWS auth

  • this package just pionts users to the paws credentials docs https://github.com/andrewpknight/zoomGroupStats?tab=readme-ov-file#conduct-sentiment-analysis
  • this pkg https://github.com/DyfanJones/noctua interfaces with DBI - similar to ours in that you can pull creds from wherever they are defined (env vars, config files, etc.) but the maintainer (Same as paws) also allows user to pass in creds into the dbi constructor
  • not quite sure whats going on with this one https://github.com/FaaSr/FaaSr-package
  • in ellmer hadley has this https://github.com/tidyverse/ellmer/blob/3e308215eb3d3a9070beb2a9bd3a4a8f6d19d74b/R/provider-bedrock.R#L344 - wrapping paws.common::locate_credentials to let paws find the creds - just as we do here and httr2 does to check for credentials
  • targets has this in its documentation https://books.ropensci.org/targets/cloud-storage.html#aws-setup just pointing users to paws docs for auth

Learnings?

There's not much we can borrow from other package - other than that AFAIK these other packages aren't doing anything to let the user know which AWS creds are being used

sckott avatar Feb 11 '25 23:02 sckott

I'd still like to try doing this, I think scoped to the following:

  • Not to allow users to get credentials - lessen security risk
  • Only to show users where their creds come from: env var, .aws/config, somewhere else
  • which profile if any
  • which region if any

I still like the idea of only showing it once during beginning of an R session to remind the user, then not showing again until a new session.

Ideally this output is not included in an Rmarkdown/quarto

sckott avatar Apr 01 '25 17:04 sckott