S3 client: add IAM configuration

CERT-Polska / karton

Distributed malware processing framework based on Python, Redis and S3.

https://karton-core.readthedocs.io/en/latest/

BSD 3-Clause "New" or "Revised" License

381 stars 45 forks source link

S3 client: add IAM configuration #221

Closed yankovs closed 1 year ago

yankovs commented 1 year ago

This PR adds the ability to support IAM authentication using a iam_auth boolean option in the [s3] section of karton.ini, much like in MWDB.

Testing was done on karton-core v5.2 and mwdb-core v2.8.2, by omitting the access_key and secret_key from karton.ini and making sure everything is functional:

File upload to mwdb
File reanalysis
Making new kartons

This PR is marked as draft because the configuration wizard of Karton seems like an ancient piece of code and I'm not sure if I should add this option to it or not

psrok1 commented 1 year ago

@yankovs I think you don't need to bother of this karton.main. It's just a very simple utility and no need to cover all configuration options.

I'm also pre-approving your changes, code looks good!

When you feel ready with the PR, rebase your branch as I fixed some CI issues in the meantime.

yankovs commented 1 year ago

Mhm, seems like mypy doesn't like botocore since it doesn't have typings 🤔. I've tried adding botocore-stubs to project requirements and it seems to solve the issue, but I'm not sure if this a good solution since you could also probably disable mypy altogether (like in mwdb-core) or manually disable errors for botocore.

psrok1 commented 1 year ago

botocore-stubs looks ok. Actually I'm amazed that someone managed to make such quality typings for botocore 😄 We don't really want to disable mypy as it helped many times to avoid errors.