Allow transparent usage of s3 interfaces using s3v2 signature_version

jupyterlab_s3_browser/__init__.py

@@ -47,6 +47,12 @@ class JupyterLabS3(Configurable):
         config=True,
         help="(Optional) Token if you use STS as auth method",
     )
+
+    signature_version = Unicode(
+        default_value="",
+        config=True,
+        help="Signature version variable to support older S3 interfaces",
+    )
 
 
 def _load_jupyter_server_extension(server_app):

jupyterlab_s3_browser/handlers.py

@@ -10,6 +10,8 @@
 import s3fs
 import tornado
 from botocore.exceptions import NoCredentialsError
+from botocore.exceptions import ClientError
+from botocore.client import Config
 from jupyter_server.base.handlers import APIHandler
 from jupyter_server.utils import url_path_join
 
@@ -29,6 +31,7 @@ def create_s3fs(config):
             secret=config.client_secret,
             token=config.session_token,
             client_kwargs={"endpoint_url": config.endpoint_url},
+            config_kwargs={'signature_version': config.signature_version},
         )
 
     else:
@@ -45,6 +48,7 @@ def create_s3_resource(config):
             aws_secret_access_key=config.client_secret,
             aws_session_token=config.session_token,
             endpoint_url=config.endpoint_url,
+            config=Config(signature_version=config.signature_version)
         )
 
     else:
@@ -98,7 +102,7 @@ def has_aws_s3_role_access():
         return False
 
 
-def test_s3_credentials(endpoint_url, client_id, client_secret, session_token):
+def test_s3_credentials(endpoint_url, client_id, client_secret, session_token, signature_version):
     """
     Checks if we're able to list buckets with these credentials.
     If not, it throws an exception.
@@ -109,6 +113,7 @@ def test_s3_credentials(endpoint_url, client_id, client_secret, session_token):
         aws_secret_access_key=client_secret,
         endpoint_url=endpoint_url,
         aws_session_token=session_token,
+        config=Config(signature_version=signature_version),
     )
     all_buckets = test.buckets.all()
     logging.debug(
@@ -148,6 +153,7 @@ def get(self, path=""):
                         config.client_id,
                         config.client_secret,
                         config.session_token,
+                        config.signature_version
                     )
                     logging.debug("...successfully authenticated")
 
@@ -176,14 +182,34 @@ def post(self, path=""):
             client_id = req["client_id"]
             client_secret = req["client_secret"]
             session_token = req["session_token"]
+            signature_version = 's3v4'
 
-            test_s3_credentials(endpoint_url, client_id, client_secret, session_token)
+            test_s3_credentials(endpoint_url, client_id, client_secret, session_token, signature_version)
 
             self.config.endpoint_url = endpoint_url
             self.config.client_id = client_id
             self.config.client_secret = client_secret
             self.config.session_token = session_token
+            self.config.signature_version = signature_version
 
+            self.finish(json.dumps({"success": True}))
+        except ClientError as pe:
+            req = json.loads(self.request.body)
+            endpoint_url = req["endpoint_url"]
+            client_id = req["client_id"]
+            client_secret = req["client_secret"]
+            session_token = req["session_token"]
+            signature_version = 's3'
+
+            test_s3_credentials(endpoint_url, client_id, client_secret, session_token,signature_version)
+
+            self.config.endpoint_url = endpoint_url
+            self.config.client_id = client_id
+            self.config.client_secret = client_secret
+            self.config.session_token = session_token
+            self.config.signature_version = signature_version
+
+            logging.info("authenticated with s3 credentials signature_version")
             self.finish(json.dumps({"success": True}))
         except Exception as err:
             logging.info("unable to authenticate using credentials")