search

aws / aws-sdk-java-v2

The official AWS SDK for Java - Version 2
Apache License 2.0
2.16k stars 835 forks source link

CRT client configuration feature parity #3675

Open pwinckles opened 1 year ago

pwinckles commented 1 year ago

Describe the feature

The CRT client should have feature parity with the old client builder. Specifically, the CRT builder does not currently allow you to specify S3Configuration or modify the client to trust all certificates.

For example, the following is not possible with the CRT client:

S3AsyncClient.builder()
        .endpointOverride(URI.create(S3_MOCK.getServiceEndpoint()))
        .region(Region.US_EAST_2)
        .credentialsProvider(
                StaticCredentialsProvider.create(AwsBasicCredentials.create("foo", "bar")))
        .serviceConfiguration(S3Configuration.builder().pathStyleAccessEnabled(true).build())
        .httpClient(NettyNioAsyncHttpClient.builder().buildWithDefaults(AttributeMap.builder()
                .put(TRUST_ALL_CERTIFICATES, Boolean.TRUE)
                .build()))
        .build();

Use Case

These configuration options are needed for supporting S3 mock implementations.

Proposed Solution

No response

Other Information

No response

Acknowledgements

AWS Java SDK version used

2.19.8

JDK version used

17.0.4

Operating System and version

Fedora 36

debora-ito commented 1 year ago

Hi @pwinckles, I have some questions about your request.

When you say:

The CRT client should have feature parity with the old client builder.

Which old client builder are you referring to?

Which features specifically are you asking for in the CRT client, is it pathStyleAccessEnabled and the ability to support TRUST_ALL_CERTIFICATES? Also, are you using the CRT client in the S3TransferManager?

pwinckles commented 1 year ago

Which old client builder are you referring to?

The builders for the non-CRT sync/async clients, like the one in my example.

Which features specifically are you asking for in the CRT client, is it pathStyleAccessEnabled and the ability to support TRUST_ALL_CERTIFICATES?

For me personally, I would like path-style access and the ability to trust all certs, with the former being more important than the later. However, it would seem to me that it would be good for the builders to offer as similar of configuration options as possible.

Also, are you using the CRT client in the S3TransferManager?

Yes, I started updating a library to use the transfer manager, and noticed that it's only worth while to do so if you use it with the CRT client. However, the CRT client does not support the same configuration options.

mvillafuertem commented 1 year ago

the environment variable disableCertChecking could be added as in previous versions, as requested in this ticket https://github.com/aws/aws-sdk-java-v2/issues/1230

fatih-celonis commented 1 year ago

Path style access is an important flag for us because our integration tests and local development setup rely on it.

chrisrhut commented 1 year ago

I found this issue by searching for "CRT path style access". +1 for needing that in a test environment.

StephenFlavin commented 1 year ago

additionally it would be nice if the crt client could support metrics publishers in the ClientOverrideConfiguration, it seems to be specifically blocked at the moment https://github.com/aws/aws-sdk-java-v2/blob/master/services/s3/src/main/java/software/amazon/awssdk/services/s3/internal/crt/DefaultS3CrtAsyncClient.java#L325-L327

campidelli commented 1 year ago

Isn't it fixed by this https://github.com/aws/aws-sdk-java-v2/issues/3817 ?