sql icon indicating copy to clipboard operation
sql copied to clipboard
verified publisher icon opensearch-project

[FEATURE] Specify AWS Profile, Secret Key or Access Key when using OpenSearch SQL JDBC Driver from a Database Client

Open jkdll opened this issue 3 years ago • 3 comments

Is your feature request related to a problem? As an analyst, I would like to connect to Opensearch via a JDBC client such as DBeaver Community Edition.

Currently, the SQL JDBC Driver accepts the parameter auth to use AWS SIGV4. In this case, the driver can then use an awsCredentialsProvider, which must be created separately. If not specified, the driver uses the default aws profile. Within DBeaver, I cannot create an awsCredentialsProvider.

What solution would you like? I would like to be able to use a custom named profile to connect, for example if I have a profile called awsdev or awsprod, I would like to supply this as a parameter to the driver to select which credentials to use, without creating a custom awsCredentialsProvider.

Alternatively, I would like to be able to supply an AWS Access Key and AWS Secret Access Key directly to the JDBC driver to be used.

These two options would allow easier use of the JDBC driver.

What alternatives have you considered? I am currently researching solutions for creating a custom awsCredentialsProvider within DBeaver or otherwise, however this requires further research and seems unnecessarily laborious.

jkdll avatar Oct 11 '22 10:10 jkdll

@jkdll, It is possible to set environment variables with the keys to a process which uses JDBC driver. For example, you can set/export env vars in the shell and run DBeaver from it. image

ref: https://docs.aws.amazon.com/sdk-for-java/v1/developer-guide/credentials.html

Yury-Fridlyand avatar Oct 11 '22 16:10 Yury-Fridlyand

@Yury-Fridlyand - thank you for the reply. Indeed I can confirm that environment variables do work, but I feel like the experience would be improved if a profile/set of keys can be supplied to the JDBC driver. Can I submit a PR for this?

jkdll avatar Oct 14 '22 08:10 jkdll

Yes, of course! There is a related issue for tracking: #261

Yury-Fridlyand avatar Oct 14 '22 15:10 Yury-Fridlyand

I'd like to add to this. Some applications will make use of multiple AWS access keys, so the environment variables are not really a solution.

This line is forcing property values to be String objects. https://github.com/opensearch-project/sql/blob/2.x/sql-jdbc/src/main/java/org/opensearch/jdbc/Driver.java#L41 https://docs.oracle.com/javase/8/docs/api/java/util/Properties.html#getProperty-java.lang.String-

This makes it very difficult to use the awsCredentialsProvider property.

A better solution is for awsCredentialsProvider to accept a String value. The ConnectionConfig class could then parse the String value and create the AWSCredentialsProvider.

Apache DBCP2 also forces all driver properties to be Strings. It is best to avoid Object values in Driver properties.

normanj-bitquill avatar Oct 28 '22 15:10 normanj-bitquill

@jkdll, PRs are welcome!

Yury-Fridlyand avatar Oct 28 '22 15:10 Yury-Fridlyand