Skip to content

Pluggable credentials#149

Open
jeremybarnes wants to merge 21 commits intomasterfrom
pluggable_credentials
Open

Pluggable credentials#149
jeremybarnes wants to merge 21 commits intomasterfrom
pluggable_credentials

Conversation

@jeremybarnes
Copy link
Contributor

@jeremybarnes jeremybarnes commented Nov 6, 2014

This branch refactors the credentials handling code in S3 to provide:

  • A base infrastructure for pluggable credential providers
  • The S3 code now uses the base infrastructure
  • Existing credential registration functions add them into the base infrastructure

The idea here is to decouple credentials from the code that makes use of them, and allow for scenarios such as a daemon that provides short-lived credentials on demand or instance-based credentials on Amazon.

I'm primarily looking for comments on the design; please ignore the unfortunate noise in the early commits.

@jeremybarnes
Allow chunked encoding, incremental sending of body on HTTP REST call…
c599134 
…s (PLAT-562)
@jeremybarnes
Merge branch 'master' of github.com:datacratic/soa
ec0daf8
@jeremybarnes
Add ability to turn off log categories by default (PLAT-564)
d154f71 
Adds an extra boolean parameter to the log category that allows it to be turned off by default, to support the 'recompile with verbose logging' use-case.  This could be combined at a later stage with the ability to modify logging via environment variables or a SHM segment and a signal.
@jeremybarnes
Merge branch 'master' of github.com:datacratic/soa into datacratic-in…
4c88e4f 
…ternal-branch-5
@jeremybarnes
More flexibility in handling signal errors in Runner (TRIVIAL)
dcf0bef 
This change adds a mustSucceed flag to the kill() and signal() functions in Runner, which
allows them to be called unconditionally.  This is especially useful in shutdowns, where we
don't want an exception if we tried to stop it but it was already stopped.  The default
behaviour remains the same: throw an exception.  They will also return whether they
succeded or not.

TRIVIAL because semantics of any existing calls have not changed.
@jeremybarnes
Make HttpNamedEndpoint keep shared pointer to connection
ede3305 
This makes it possible to avoid segmentation faults in the case where the remote end drops the connection.
Previously it would lead to the connection object being deleted and a dangling pointer.

Mostly relevant to long-running connections that are handled asynchronously.  In the synchronous case the
connection is locked for the duration and recycled afterwards, so it can't cause a problem.
@jeremybarnes
Merge branch 'master' of github.com:datacratic/soa into datacratic-in…
f39f83d 
…ternal-branch-5
@jeremybarnes
Merge branch 'datacratic-internal-branch-5' of github.com:datacratic/…
2bfa70c 
…soa into HEAD
@jeremybarnes
Added missing header to zmq_named_pub_sub.h (TRIVIAL)
183fb68
@jeremybarnes
Further fixes for file:// URIs to accept relative path (TRIVIAL)
6cdcde2
@jeremybarnes
Started adding in credentials handling infrastructure
b5b9162
@jeremybarnes
Merge branch 'master' of github.com:datacratic/soa into datacratic-in…
4dc6386 
…ternal-branch-8
@jeremybarnes
Refactored S3 credentials to use credential provider
032620d
@jeremybarnes
Cleaned up dead code from S3 refactor
1796331
@jeremybarnes
Merge branch 'master' of github.com:datacratic/soa into pluggable_cre…
e65f5ab 
…dentials
@jeremybarnes
Allow cloud credentials to be ignored programatically
19f9ef3
@jeremybarnes
Added ability to get credentials from a remote provider
12b2aa5
@jeremybarnes
Fixed incorrect use of lexical_cast in RestParamDefault (TRIVIAL)
69ce3ad
@jeremybarnes
Added TRACE_REST_REQUESTS environment variable (TRIVIAL)
3d97b46
@jeremybarnes
Don't require service discovery to use NamedEndpoint (TRIVIAL)
584c7c7
@jeremybarnes
Improvements to value descriptions for objects without
bb708e9
@wsourdeau
Copy link
Contributor

wsourdeau commented Nov 13, 2014

(quoted)
me: about the design for your credentials branch, I don't know what to think yet as I haven't had the time to look at it deeply. But I think the decoupling effort is a good thing in itself in any case. About s3, I would even go as far as decoupling buckets from credentials: s3Api instances could be instantiated with a credential objet right away.

response from @jeremybarnes :
I have basically done what you say, and removed the concept of having credentials for buckets

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@jeremybarnes @wsourdeau

Comments