[gdal-dev] RFC for the new cloud credentials framework in PR 5463 and 5390?

Even Rouault even.rouault at spatialys.com
Thu Mar 24 08:28:32 PDT 2022


Sean,

You can use any of the existing cloud-storage oriented configuration 
option, so for example for AWS, you could just set the AWS_PROFILE 
(being one listed in 
https://gdal.org/user/virtual_file_systems.html#vsis3-aws-s3-files) that 
corresponds to a path. The main use case was for code that constantly 
switches between buckets of the same provider that have different 
credentials, and where having to swap between the right configuration 
options constantly is a pain, but indeed it might also be convenient for 
command line usage where you have to deal with the same recurring buckets.

Le 24/03/2022 à 16:12, Sean Gillies a écrit :
> Even,
>
> At the very least, the new file duplicates storage of credentials that 
> may already be stored in cloud-specific credentials files, and creates 
> a new way for users to expose their secrets. Also, cloud providers and 
> organizations have moved or are moving to focusing on short-lived 
> credentials, SSO, etc. How useful is a cross-cloud credentials file if 
> it supports only static credentials? Why not support named profiles 
> already defined in cloud-specific files? Python and C++ programmers 
> haven't needed this framework because they can maintain their own maps 
> of credentials or roles to resources, so I guess this feature is 
> mainly for command line users? Do command line users do this kind of 
> thing enough to warrant a new framework?
>
> On Thu, Mar 24, 2022 at 8:45 AM Even Rouault 
> <even.rouault at spatialys.com> wrote:
>
>     Sean,
>
>     I saw them as business-as-usual enhancements not impacting the
>     software in fundamental ways. I'm not sure what I would put in a
>     RFC that is not in their commit message. Maybe I don't understand
>     what your concern is.
>
>     Even
>
>     Le 24/03/2022 à 15:28, Sean Gillies a écrit :
>>     Hi all,
>>
>>     The intent and scope of the features developed in
>>     https://github.com/OSGeo/gdal/pull/5463 and
>>     https://github.com/OSGeo/gdal/pull/5390 seem rather big and
>>     unclear to me. This seems to me to warrant an RFC. Yes? No?
>>
>
> -- 
> Sean Gillies

-- 
http://www.spatialys.com
My software is free, but my time generally not.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osgeo.org/pipermail/gdal-dev/attachments/20220324/d84868fc/attachment.html>


More information about the gdal-dev mailing list