aws: s3sink,s3src,transcriber: Add property to set temporary credentials.

STS provide temporary credentials to access AWS resource. Temporary credentials include, AccessKeyId, SecretAccessKey and SessionToken. With session-token property, element will be able to use temporary credentials. When session-token is not set, element can use long term credentials.
2024-11-26 13:31:00 +00:00 · 2022-06-16 12:46:28 +05:30 · 2022-06-16 12:46:28 +05:30 · b3e558bec0
commit b3e558bec0
parent a041943287
3 changed files with 54 additions and 3 deletions
--- a/net/aws/src/aws_transcriber/imp.rs
+++ b/net/aws/src/aws_transcriber/imp.rs
@ -121,6 +121,7 @@ struct Settings {
    results_stability: AwsTranscriberResultStability,
    access_key: Option<String>,
    secret_access_key: Option<String>,
+    session_token: Option<String>,
 }

 impl Default for Settings {
@ -134,6 +135,7 @@ impl Default for Settings {
            results_stability: DEFAULT_STABILITY,
            access_key: None,
            secret_access_key: None,
+            session_token: None,
        }
    }
 }
@ -876,7 +878,15 @@ impl Transcriber {

        let access_key = settings.access_key.as_ref().unwrap().clone();
        let secret_access_key = settings.secret_access_key.as_ref().unwrap().clone();
-        let credentials = Credentials::new(access_key, secret_access_key, None, None, "transcribe");
+        let session_token = settings.session_token.clone();
+
+        let credentials = Credentials::new(
+            access_key,
+            secret_access_key,
+            session_token,
+            None,
+            "transcribe",
+        );

        let region = Region::new("us-east-1");
        let current_time = Utc::now();
@ -1185,6 +1195,13 @@ impl ObjectImpl for Transcriber {
                    None,
                    glib::ParamFlags::READWRITE | gst::PARAM_FLAG_MUTABLE_READY,
                ),
+                glib::ParamSpecString::new(
+                    "session-token",
+                    "Session Token",
+                    "AWS temporary Session Token from STS",
+                    None,
+                    glib::ParamFlags::READWRITE | gst::PARAM_FLAG_MUTABLE_READY,
+                ),
            ]
        });

@ -1245,6 +1262,10 @@ impl ObjectImpl for Transcriber {
                let mut settings = self.settings.lock().unwrap();
                settings.secret_access_key = value.get().expect("type checked upstream");
            }
+            "session-token" => {
+                let mut settings = self.settings.lock().unwrap();
+                settings.session_token = value.get().expect("type checked upstream");
+            }
            _ => unimplemented!(),
        }
    }
@ -1283,6 +1304,10 @@ impl ObjectImpl for Transcriber {
                let settings = self.settings.lock().unwrap();
                settings.secret_access_key.to_value()
            }
+            "session-token" => {
+                let settings = self.settings.lock().unwrap();
+                settings.session_token.to_value()
+            }
            _ => unimplemented!(),
        }
    }
--- a/net/aws/src/s3sink/imp.rs
+++ b/net/aws/src/s3sink/imp.rs
@ -103,6 +103,7 @@ struct Settings {
    buffer_size: u64,
    access_key: Option<String>,
    secret_access_key: Option<String>,
+    session_token: Option<String>,
    metadata: Option<gst::Structure>,
    retry_attempts: u32,
    multipart_upload_on_error: OnError,
@ -152,6 +153,7 @@ impl Default for Settings {
            content_type: None,
            access_key: None,
            secret_access_key: None,
+            session_token: None,
            metadata: None,
            buffer_size: DEFAULT_BUFFER_SIZE,
            retry_attempts: DEFAULT_RETRY_ATTEMPTS,
@ -466,7 +468,7 @@ impl S3Sink {
            (Some(access_key), Some(secret_access_key)) => Some(Credentials::new(
                access_key.clone(),
                secret_access_key.clone(),
-                None,
+                settings.session_token.clone(),
                None,
                "aws-s3-sink",
            )),
@ -675,6 +677,13 @@ impl ObjectImpl for S3Sink {
                    None,
                    glib::ParamFlags::READWRITE | gst::PARAM_FLAG_MUTABLE_READY,
                ),
+                glib::ParamSpecString::new(
+                    "session-token",
+                    "Session Token",
+                    "AWS temporary Session Token from STS",
+                    None,
+                    glib::ParamFlags::READWRITE | gst::PARAM_FLAG_MUTABLE_READY,
+                ),
                glib::ParamSpecBoxed::new(
                    "metadata",
                    "Metadata",
@ -812,6 +821,9 @@ impl ObjectImpl for S3Sink {
            "secret-access-key" => {
                settings.secret_access_key = value.get().expect("type checked upstream");
            }
+            "session-token" => {
+                settings.session_token = value.get().expect("type checked upstream");
+            }
            "metadata" => {
                settings.metadata = value.get().expect("type checked upstream");
            }
@ -873,6 +885,7 @@ impl ObjectImpl for S3Sink {
            }
            "access-key" => settings.access_key.to_value(),
            "secret-access-key" => settings.secret_access_key.to_value(),
+            "session-token" => settings.session_token.to_value(),
            "metadata" => settings.metadata.to_value(),
            "on-error" => settings.multipart_upload_on_error.to_value(),
            "retry-attempts" => settings.retry_attempts.to_value(),
--- a/net/aws/src/s3src/imp.rs
+++ b/net/aws/src/s3src/imp.rs
@ -50,6 +50,7 @@ struct Settings {
    url: Option<GstS3Url>,
    access_key: Option<String>,
    secret_access_key: Option<String>,
+    session_token: Option<String>,
    retry_attempts: u32,
    request_timeout: Duration,
 }
@ -61,6 +62,7 @@ impl Default for Settings {
            url: None,
            access_key: None,
            secret_access_key: None,
+            session_token: None,
            retry_attempts: DEFAULT_RETRY_ATTEMPTS,
            request_timeout: duration,
        }
@ -102,7 +104,7 @@ impl S3Src {
            (Some(access_key), Some(secret_access_key)) => Some(Credentials::new(
                access_key.clone(),
                secret_access_key.clone(),
-                None,
+                settings.session_token.clone(),
                None,
                "aws-s3-src",
            )),
@ -292,6 +294,13 @@ impl ObjectImpl for S3Src {
                    None,
                    glib::ParamFlags::READWRITE | gst::PARAM_FLAG_MUTABLE_READY,
                ),
+                glib::ParamSpecString::new(
+                    "session-token",
+                    "Session Token",
+                    "AWS temporary Session Token from STS",
+                    None,
+                    glib::ParamFlags::READWRITE | gst::PARAM_FLAG_MUTABLE_READY,
+                ),
                glib::ParamSpecInt64::new(
                    "request-timeout",
                    "Request timeout",
@ -345,6 +354,9 @@ impl ObjectImpl for S3Src {
            "secret-access-key" => {
                settings.secret_access_key = value.get().expect("type checked upstream");
            }
+            "session-token" => {
+                settings.session_token = value.get().expect("type checked upstream");
+            }
            "request-timeout" => {
                settings.request_timeout =
                    duration_from_millis(value.get::<i64>().expect("type checked upstream"));
@ -384,6 +396,7 @@ impl ObjectImpl for S3Src {
            }
            "access-key" => settings.access_key.to_value(),
            "secret-access-key" => settings.secret_access_key.to_value(),
+            "session-token" => settings.session_token.to_value(),
            "request-timeout" => duration_to_millis(Some(settings.request_timeout)).to_value(),
            "retry-duration" => {
                let request_timeout = duration_to_millis(Some(settings.request_timeout));