On 1 Sep 2014, at 8:34 pm, adrianbk <adrianbke...@gmail.com> wrote:
> Hi,
>
> I'm keen to have a go at supporting maven publishing and resolving to/from
> AWS S3. I'm wondering if I should follow the approach taken by @erdi to
> support SFTP? I'm thinking of adding a dependency on the AWS SDK for Java
> which would take care of the actual file transfers. What may be a bit
> challenging is how to support authentication via both AWS access keys and
> IAM roles (similar to how https://github.com/spring-projects/aws-maven
> works) i.e. what the user facing dsl would look like - it's not really
> username/password like the other transports.
>
> Wondering if you guys think this is worthwhile or have any pointers?
Definitely worthwhile, I think.
As far as the DSL goes, we want an approach that will work with any transport
that needs or supports credentials other than username + password. There are a
few aspects here:
1. What type of credentials are required? eg username + password, client cert
protected with a passphrase, NTLM, etc
2. Where should the credentials come from? eg provided by build logic, from
~/.ssh, entered by user on command-line, the os keychain, etc
3. For those transports that support several different types of credentials,
some priority list of credentials to try.
4. Is the server trusted?
To get started, we don’t need to implement all this, but we should consider it
when putting the DSL together. I’d say it would be sufficient just to have a
way to do #1 and leave all the others for later.
The DSL should strongly type the various kinds of credentials. We have
`PasswordCredentials`, so we’d add (say) `AwsCredentials`.
Here are a few options for the DSL:
1. use the `credentials` method and declare the type:
repositories {
maven {
url ‘s3:...'
credentials(AwsCredentials) {
accessKey = ‘…'
secretKey = ‘…'
}
}
}
The type would default to `PasswordCredentials`
2. new methods for each kind of credentials:
repositories {
maven {
url: ‘s3:…'
awsCredentials {
accessKey = ‘…'
secretKey = ‘…'
}
}
}
In either case, we could have the credentials method replace the existing
credentials.
Alternatively, the method could add a new set of credentials to attempt to use.
They’d be attempted in the order added. For example:
repositories {
maven {
url: ‘sftp:…'
credentials {
username = ‘...’
password = ‘...'
}
sshCredentials {
passphrase = ‘...'
}
}
}
3. A container of credentials:
repositories {
maven {
url: ‘s3:…'
authentication { // this is a container of Credentials
instances, similar to `repositories` container
aws {
// adds an `AwsCredentials` instance
...
}
}
}
}
Whichever option we go with, we’d also need to do something with the
`getCredentials()` method as it is currently declared to return a
`PasswordCredentials` instance.
--
Adam Murdoch
Gradle Co-founder
http://www.gradle.org
CTO Gradleware Inc. - Gradle Training, Support, Consulting
http://www.gradleware.com
