Authentication module using AWS SDK CPP for s3fs
s3fs-fuse-awscred-lib
is a shared library that performs credential processing of s3fs-fuse.
This shared library can be specified with the option(credlib
and credlib_opts
) of s3fs-fuse and works by replacing the built-in credential processing of s3fs-fuse.
This shared library makes use of aws-sdk-cpp
internally and leaves all S3 credential processing to it.
You can easily build and use s3fs-fuse-awscred-lib
by following the steps below.
See the .github/workflows/ci.yml
file for build details.
$ sudo apt-get install libcurl4-openssl-dev libssl-dev uuid-dev zlib1g-dev libpulse-dev
$ git clone --recurse-submodules https://github.com/aws/aws-sdk-cpp
$ mkdir sdk_build
$ cd sdk_build
$ cmake ../aws-sdk-cpp -DCMAKE_BUILD_TYPE=Release -DCMAKE_PREFIX_PATH=/home/ggtakec/work/aws-sdk-cpp -DBUILD_ONLY="core;identity-management" -DAUTORUN_UNIT_TESTS=OFF
$ make
$ sudo make install
$ brew install aws-sdk-cpp
$ git clone git@github.com:ggtakec/s3fs-fuse-awscred-lib.git
$ cd s3fs-fuse-awscred-lib
$ cmake -S . -B build
$ cmake --build build
After that, you can find libs3fsawscred.so
in build
sub directory.
$ s3fs <bucket> <mountpoint> <options...> -o credlib=libs3fsawscred.so -o credlib_opts=Off
To specify this s3fs-fuse-awscred-lib
for s3fs, use the following options:
An option to specify the s3fs-fuse-awscred-lib
library.
You can specify only the library name or the path to the library file.
The s3fs use dlopen
to search for the specified s3fs-fuse-awscred-lib
library and load it.
Example:
-o credlib=libs3fsawscred.so
Specifies the options provided by s3fs-fuse-awscred-lib
.
- LogLevel
Specify the output level of the debug message shown below for this option:
These options are the same as the log level defined inaws-sdk-cpp
(Aws::Utils::Logging::LogLevel).- Off
- Fatal
- Error
- Warn
- Info
- Debug
- Trace
- SSOProfile(SSOProf)
Specify the SSO profile name. (mainly the name written in sso-session in.aws/config
.)
This DSO cannot handle that authentication callback when it comes to SSO, so it is a temporary token acquisition. - TokenPeriodSecond(PeriodSec)
Specify the validity period of the Session Token in seconds.
If this option is specified, the Session Token will be considered valid for this validity period(in seconds), starting from the first time this Token is read.
User cannot set an expiration date for Credentials(.aws/<file>
or environment variables), so if this value is not set, the expiration date will indicate a long time in the future.
If you want to specify multiple options above, please specify them using a comma(,
) as a delimiter.
For the LogLevel option, you can omit LogLevel
and specify its value directly.
For example, Loglevel=Info
is the same as Info
.
Example:
-o credlib_opts="Loglevel=Info"
-o credlib_opts=Info
-o credlib_opts="Loglevel=Info,SSOProfile=MyProf"