Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support ECS ram role authentication #75

Open
jerrychenhf opened this issue Feb 9, 2023 · 3 comments
Open

Support ECS ram role authentication #75

jerrychenhf opened this issue Feb 9, 2023 · 3 comments
Labels
feature

Comments

@jerrychenhf
Copy link

jerrychenhf commented Feb 9, 2023
edited
Loading

The code in core.py showed that the current implementation doesn't support ECS ram role authentication.
The capability is provided by oss2 with the combination of ProviderAuth and EcsRamRoleCredentialsProvider.
This is a very important authentication scenario and we hope this ossfs can prioritize the support.
karajan1001 added a commit that referenced this issue Apr 5, 2023
@karajan1001
Add auth to ossfs initialization.
82429b0 
1. Add `auth` to allow ossfs directly use user provided any kinds of `Auth`
2. Add a new tests for `EcsRamRoleCredentialsProvider` auth

fix #75
@karajan1001 karajan1001 mentioned this issue Apr 5, 2023
Closed
karajan1001 added a commit that referenced this issue Apr 5, 2023
@karajan1001
Add auth to ossfs initialization.
be0d126 
1. Add `auth` to allow ossfs directly use user provided any kinds of `Auth`
2. Add a new tests for `EcsRamRoleCredentialsProvider` auth

fix #75
karajan1001 added a commit that referenced this issue Apr 5, 2023
@karajan1001
Add auth to ossfs initialization.
2f3a8bf 
1. Add `auth` to allow ossfs directly use user provided any kinds of `Auth`
2. Add a new tests for `EcsRamRoleCredentialsProvider` auth

fix #75
@karajan1001
Copy link
Collaborator

Hi, @jerrychenhf.
Sorry for late, a lot of things happened to me in the past two months. I want to make sure #83 meets your feature request.

@jerrychenhf
Copy link
Author

@karajan1001 Thank you for taking time to address the feature request.
#82 will work by passing an auth object. While considering using ECS role authentication is a very common use case, one approach is passing a role name (empty role name for auto retrieve from meta server) as a parameter similar to secrets or token, and handling wrapper the EcsRamRoleCredentialsProvider code within the fs object. This will make the user code simpler. More important, some libraries wrappers fsspec such as PetaStorm for AI training cases and string value options is preferred to passing auth object because the options may be pickled or unpickled for remote execution.

@karajan1001
Copy link
Collaborator

@jerrychenhf
Hello, jerrychen, I'm sorry I didn't find any info in the official docs about this EcsRamRoleCredentialsProvider. The test case in #82 I provided is copied from the python-sdk test example in https://github.com/aliyun/aliyun-oss-python-sdk/blob/fadfabbbdddd2b40c9da714a045ea59acd7bcab8/tests/test_credentials_provider.py#L22.
I had some confusion here:
If I want to use a security token to log in, then of cause I don't need an arn name for it. And, it is also enough only to use a signed_url to log in. I'm not sure what is your typical use case here, could you please provide some examples for me? Thank you

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
feature
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add auth to ossfs initialization. fsspec/ossfs
2 participants
@jerrychenhf @karajan1001