diff --git a/README.md b/README.md index 6cc6433ab..615b3d581 100644 --- a/README.md +++ b/README.md @@ -189,6 +189,10 @@ The following environment variables can be used to configure Livebook on boot: building the Docker image; to do so add "RUN /app/bin/warmup_apps" to your image). Defaults to "auto". + * `LIVEBOOK_AWS_CREDENTIALS` - enable Livebook to read AWS Credentials from + environment variables, AWS Credentials, EC2/ECS metadata when configuring + S3 buckets. + * `LIVEBOOK_BASE_URL_PATH` - sets the base url path the web application is served on. Useful when deploying behind a reverse proxy. diff --git a/config/config.exs b/config/config.exs index accb6ad9b..621eb6933 100644 --- a/config/config.exs +++ b/config/config.exs @@ -35,7 +35,8 @@ config :livebook, shutdown_callback: nil, update_instructions_url: nil, within_iframe: false, - allowed_uri_schemes: [] + allowed_uri_schemes: [], + aws_credentials: false # TODO: Remove this in aws_credentials 0.2.0 config :aws_credentials, fail_if_unavailable: false diff --git a/lib/livebook.ex b/lib/livebook.ex index 116fbcd42..d7247603d 100644 --- a/lib/livebook.ex +++ b/lib/livebook.ex @@ -145,6 +145,10 @@ defmodule Livebook do config :livebook, :within_iframe, true end + if Livebook.Config.boolean!("LIVEBOOK_AWS_CREDENTIALS", false) do + config :livebook, :aws_credentials, true + end + config :livebook, :default_runtime, Livebook.Config.default_runtime!("LIVEBOOK_DEFAULT_RUNTIME") || diff --git a/lib/livebook/application.ex b/lib/livebook/application.ex index 1f98aafb3..17f31da62 100644 --- a/lib/livebook/application.ex +++ b/lib/livebook/application.ex @@ -2,6 +2,7 @@ defmodule Livebook.Application do use Application def start(_type, _args) do + setup_optional_dependencies() ensure_directories!() set_local_file_system!() ensure_distribution!() @@ -84,6 +85,12 @@ defmodule Livebook.Application do :ok end + defp setup_optional_dependencies() do + if Livebook.Config.aws_credentials?() do + Application.ensure_all_started(:aws_credentials) + end + end + defp ensure_directories!() do File.mkdir_p!(Livebook.Config.home()) File.mkdir_p!(Livebook.Config.data_path()) diff --git a/lib/livebook/config.ex b/lib/livebook/config.ex index af651f404..a61c81a58 100644 --- a/lib/livebook/config.ex +++ b/lib/livebook/config.ex @@ -219,6 +219,14 @@ defmodule Livebook.Config do Application.fetch_env!(:livebook, :teams_url) end + @doc """ + Returns if aws_credentials is enabled. + """ + @spec aws_credentials?() :: boolean() + def aws_credentials?() do + Application.fetch_env!(:livebook, :aws_credentials) + end + @doc """ Shuts down the system, if possible. """ diff --git a/lib/livebook/file_system/s3.ex b/lib/livebook/file_system/s3.ex index 297191762..36e140207 100644 --- a/lib/livebook/file_system/s3.ex +++ b/lib/livebook/file_system/s3.ex @@ -86,7 +86,7 @@ defmodule Livebook.FileSystem.S3 do end defp try_environment_credentials(changeset) do - case :aws_credentials.get_credentials() do + case get_credentials() do :undefined -> add_error( changeset, @@ -134,7 +134,7 @@ defmodule Livebook.FileSystem.S3 do def credentials(%__MODULE__{} = file_system) do case {file_system.access_key_id, file_system.secret_access_key} do {nil, nil} -> - case :aws_credentials.get_credentials() do + case get_credentials() do :undefined -> %{access_key_id: nil, secret_access_key: nil, session_token: nil} @@ -154,6 +154,14 @@ defmodule Livebook.FileSystem.S3 do } end end + + defp get_credentials do + if Livebook.Config.aws_credentials?() do + :aws_credentials.get_credentials() + else + :undefined + end + end end defimpl Livebook.FileSystem, for: Livebook.FileSystem.S3 do diff --git a/lib/livebook_web/live/hub/file_system_form_component.ex b/lib/livebook_web/live/hub/file_system_form_component.ex index a451eab62..dbf669160 100644 --- a/lib/livebook_web/live/hub/file_system_form_component.ex +++ b/lib/livebook_web/live/hub/file_system_form_component.ex @@ -59,13 +59,23 @@ defmodule LivebookWeb.Hub.FileSystemFormComponent do placeholder="https://s3.[region].amazonaws.com/[bucket]" /> <.text_field field={f[:region]} label="Region (optional)" /> - <.password_field field={f[:access_key_id]} label="Access Key ID (optional)" /> - <.password_field field={f[:secret_access_key]} label="Secret Access Key (optional)" /> -

- You may leave Access Key fields empty. In such cases, - they will be automatically read from your environment variables, - AWS credentials, or Amazon EC2/ECS metadata. -

+ <%= if Livebook.Config.aws_credentials?() do %> + <.password_field field={f[:access_key_id]} label="Access Key ID (optional)" /> + <.password_field field={f[:secret_access_key]} label="Secret Access Key (optional)" /> +

+ You may leave Access Key fields empty. In such cases, + they will be automatically read from your environment variables, + AWS credentials, or Amazon EC2/ECS metadata. +

+ <% else %> + <.password_field field={f[:access_key_id]} label="Access Key ID" /> + <.password_field field={f[:secret_access_key]} label="Secret Access Key" /> +

+ Start Livebook with LIVEBOOK_AWS_CREDENTIALS environment + variable set if you want to automatically read credentials from + environment variables, AWS credentials, or Amazon EC2/ECS metadata. +

+ <% end %>