livebook-dev/livebook
1
1
Fork 0
mirror of https://github.com/livebook-dev/livebook.git synced 2025-09-17 02:14:58 +08:00
Code Issues Projects Releases Packages Wiki Activity

Make AWS credentials opt-in (#2358)

Browse source
This commit is contained in:
José Valim 2023-11-16 13:57:28 +01:00 committed by GitHub
parent f124b6c8c6
commit 43f40db59d
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
8 changed files with 53 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
README.md
View file

@ -189,6 +189,10 @@ The following environment variables can be used to configure Livebook on boot:
building the Docker image; to do so add "RUN /app/bin/warmup_apps" to building the Docker image; to do so add "RUN /app/bin/warmup_apps" to
your image). Defaults to "auto". your image). Defaults to "auto".
* `LIVEBOOK_AWS_CREDENTIALS` - enable Livebook to read AWS Credentials from
environment variables, AWS Credentials, EC2/ECS metadata when configuring
S3 buckets.
* `LIVEBOOK_BASE_URL_PATH` - sets the base url path the web application is * `LIVEBOOK_BASE_URL_PATH` - sets the base url path the web application is
served on. Useful when deploying behind a reverse proxy. served on. Useful when deploying behind a reverse proxy.

3
config/config.exs
View file

@ -35,7 +35,8 @@ config :livebook,
shutdown_callback: nil, shutdown_callback: nil,
update_instructions_url: nil, update_instructions_url: nil,
within_iframe: false, within_iframe: false,
allowed_uri_schemes: [] allowed_uri_schemes: [],
aws_credentials: false
# TODO: Remove this in aws_credentials 0.2.0 # TODO: Remove this in aws_credentials 0.2.0
config :aws_credentials, fail_if_unavailable: false config :aws_credentials, fail_if_unavailable: false

4
lib/livebook.ex
View file

@ -145,6 +145,10 @@ defmodule Livebook do
config :livebook, :within_iframe, true config :livebook, :within_iframe, true
end end
if Livebook.Config.boolean!("LIVEBOOK_AWS_CREDENTIALS", false) do
config :livebook, :aws_credentials, true
end
config :livebook, config :livebook,
:default_runtime, :default_runtime,
Livebook.Config.default_runtime!("LIVEBOOK_DEFAULT_RUNTIME") || Livebook.Config.default_runtime!("LIVEBOOK_DEFAULT_RUNTIME") ||

7
lib/livebook/application.ex
View file

@ -2,6 +2,7 @@ defmodule Livebook.Application do
use Application use Application
def start(_type, _args) do def start(_type, _args) do
setup_optional_dependencies()
ensure_directories!() ensure_directories!()
set_local_file_system!() set_local_file_system!()
ensure_distribution!() ensure_distribution!()
@ -84,6 +85,12 @@ defmodule Livebook.Application do
:ok :ok
end end
defp setup_optional_dependencies() do
if Livebook.Config.aws_credentials?() do
Application.ensure_all_started(:aws_credentials)
end
end
defp ensure_directories!() do defp ensure_directories!() do
File.mkdir_p!(Livebook.Config.home()) File.mkdir_p!(Livebook.Config.home())
File.mkdir_p!(Livebook.Config.data_path()) File.mkdir_p!(Livebook.Config.data_path())

8
lib/livebook/config.ex
View file

@ -219,6 +219,14 @@ defmodule Livebook.Config do
Application.fetch_env!(:livebook, :teams_url) Application.fetch_env!(:livebook, :teams_url)
end end
@doc """
Returns if aws_credentials is enabled.
"""
@spec aws_credentials?() :: boolean()
def aws_credentials?() do
Application.fetch_env!(:livebook, :aws_credentials)
end
@doc """ @doc """
Shuts down the system, if possible. Shuts down the system, if possible.
""" """

12
lib/livebook/file_system/s3.ex
View file

@ -86,7 +86,7 @@ defmodule Livebook.FileSystem.S3 do
end end
defp try_environment_credentials(changeset) do defp try_environment_credentials(changeset) do
case :aws_credentials.get_credentials() do case get_credentials() do
:undefined -> :undefined ->
add_error( add_error(
changeset, changeset,
@ -134,7 +134,7 @@ defmodule Livebook.FileSystem.S3 do
def credentials(%__MODULE__{} = file_system) do def credentials(%__MODULE__{} = file_system) do
case {file_system.access_key_id, file_system.secret_access_key} do case {file_system.access_key_id, file_system.secret_access_key} do
{nil, nil} -> {nil, nil} ->
case :aws_credentials.get_credentials() do case get_credentials() do
:undefined -> :undefined ->
%{access_key_id: nil, secret_access_key: nil, session_token: nil} %{access_key_id: nil, secret_access_key: nil, session_token: nil}
@ -154,6 +154,14 @@ defmodule Livebook.FileSystem.S3 do
} }
end end
end end
defp get_credentials do
if Livebook.Config.aws_credentials?() do
:aws_credentials.get_credentials()
else
:undefined
end
end
end end
defimpl Livebook.FileSystem, for: Livebook.FileSystem.S3 do defimpl Livebook.FileSystem, for: Livebook.FileSystem.S3 do

24
lib/livebook_web/live/hub/file_system_form_component.ex
View file

@ -59,13 +59,23 @@ defmodule LivebookWeb.Hub.FileSystemFormComponent do
placeholder="https://s3.[region].amazonaws.com/[bucket]" placeholder="https://s3.[region].amazonaws.com/[bucket]"
/> />
<.text_field field={f[:region]} label="Region (optional)" /> <.text_field field={f[:region]} label="Region (optional)" />
<.password_field field={f[:access_key_id]} label="Access Key ID (optional)" /> <%= if Livebook.Config.aws_credentials?() do %>
<.password_field field={f[:secret_access_key]} label="Secret Access Key (optional)" /> <.password_field field={f[:access_key_id]} label="Access Key ID (optional)" />
<p class="text-xs text-gray-700"> <.password_field field={f[:secret_access_key]} label="Secret Access Key (optional)" />
You may leave Access Key fields empty. In such cases, <p class="text-xs text-gray-700">
they will be automatically read from your environment variables, You may leave Access Key fields empty. In such cases,
AWS credentials, or Amazon EC2/ECS metadata. they will be automatically read from your environment variables,
</p> AWS credentials, or Amazon EC2/ECS metadata.
</p>
<% else %>
<.password_field field={f[:access_key_id]} label="Access Key ID" />
<.password_field field={f[:secret_access_key]} label="Secret Access Key" />
<p class="text-xs text-gray-700">
Start Livebook with <code>LIVEBOOK_AWS_CREDENTIALS</code> environment
variable set if you want to automatically read credentials from
environment variables, AWS credentials, or Amazon EC2/ECS metadata.
</p>
<% end %>
<div class="flex space-x-2"> <div class="flex space-x-2">
<button class="button-base button-blue" type="submit" disabled={not @changeset.valid?}> <button class="button-base button-blue" type="submit" disabled={not @changeset.valid?}>
<.remix_icon icon={@button.icon} class="align-middle mr-1" /> <.remix_icon icon={@button.icon} class="align-middle mr-1" />

2
mix.exs
View file

@ -111,7 +111,7 @@ defmodule Livebook.MixProject do
{:earmark_parser, "~> 1.4"}, {:earmark_parser, "~> 1.4"},
{:ecto, "~> 3.10"}, {:ecto, "~> 3.10"},
{:phoenix_ecto, "~> 4.4"}, {:phoenix_ecto, "~> 4.4"},
{:aws_credentials, "~> 0.1.11"}, {:aws_credentials, "~> 0.1.11", runtime: false},
{:aws_signature, "~> 0.3.0"}, {:aws_signature, "~> 0.3.0"},
{:mint_web_socket, "~> 1.0.0"}, {:mint_web_socket, "~> 1.0.0"},
{:protobuf, "~> 0.8.0"}, {:protobuf, "~> 0.8.0"},