-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add ability to specify signature_version=UNSIGNED
using a string
#2442
Comments
Currently, listing MLFlow artifacts in public S3 buckets seems impossible (without getting AWS account and credentials). There is a `botocore` issue which prevents fixing it by specifying `MLFLOW_EXPERIMENTAL_S3_SIGNATURE_VERSION="unsigned"`. See boto/botocore#2442 This PR fixes that issue.
Currently, listing MLFlow artifacts in public S3 buckets seems impossible (without getting AWS account and credentials). There is a `botocore` issue which prevents fixing it by specifying `MLFLOW_EXPERIMENTAL_S3_SIGNATURE_VERSION="unsigned"`. See boto/botocore#2442 This PR fixes that issue. Signed-off-by: Alexey Volkov <[email protected]>
Hi @Ark-kun, Thanks for reaching out! Boto3 does support public buckets with signed calls (as long as you specify the correct region), but like you pointed out, unsigned calls can be tricky when working with other utilities. For MLflow, it looks like this is just a matter of importing the |
Hello, @stobrien89 I've outlined the problem in the boto3 library and proposed a fix for it. The problem is that, despite the library types that tell the user that only strings are supported, the "unsigned" string does not work. I'll create a PR for this fix. |
This fixes some incorrect type signatures and makes botocore easier to use in CLIs and other libraries that deal with non-Python input. Fixes boto#2442
This fixes some incorrect type signatures and makes botocore easier to use in CLIs and other libraries that deal with non-Python input. Fixes boto#2442
…4573) * Make it possible to access artifacts in public S3 artifact buckets Currently, listing MLFlow artifacts in public S3 buckets seems impossible (without getting AWS account and credentials). There is a `botocore` issue which prevents fixing it by specifying `MLFLOW_EXPERIMENTAL_S3_SIGNATURE_VERSION="unsigned"`. See boto/botocore#2442 This PR fixes that issue. Signed-off-by: Alexey Volkov <[email protected]> * Format code Signed-off-by: dbczumar <[email protected]> Co-authored-by: dbczumar <[email protected]>
Hi @Ark-kun, Thanks for the clarification. I'll review with the team to get their thoughts. |
@stobrien89 Thank you. I've created a simple fix PR: #2448 |
Hi @Ark-kun, Thanks for your patience. I ran this by the team and they're not opposed to accepting a change like this at some point in the future. For now, we'd like to measure the customer impact of this by seeing how much traction this gets. I don't have permission to change the issue title, but I'd suggest shortening it to "Ability to specify signature_version=UNSIGNED using a string" or something to that effect for better visibility. |
signature_version=UNSIGNED
using a string
@stobrien89 i support this change, as instantiating an AWS airflow connection as
results in the error |
Thanks for your patience here. I brought up your issue and PR once again with the team, and the consensus was that this they do not plan to do this, the reason being that we cannot support arbitrary strings here and instead rely on strictly defined enums. Also we cannot guarantee compatibility with third-party libraries like MLFlow. |
This issue is now closed. Comments on closed issues are hard for our team to see. |
Describe the bug
It looks like boto3 does not support public buckets by default (why?), so everyone has to create a specially configured client:
boto3.client('s3', config=Config(signature_version=UNSIGNED))
The popular MLFlow library has the following client initialization code (simplified):
Boto
Config
andRequestSigner
attributesignature_version
hasstr
type, but there does not seem to be any string that would map to theUNSIGNED
python singleton object.This makes accessing public MLFlow artifact buckets impossible.
Steps to reproduce
Get error:
Expected behavior
I expect
client = boto3.client('s3', config=Config(signature_version="unsigned"))
to succeed and work as expected.Logs
Full stack trace
The text was updated successfully, but these errors were encountered: