feat(cubestore): Support IAM role authentication for S3

[haipham23]

I need IAM role authentication, similar to this issue #6795.

Check List

• Tests has been run in packages where changes made if available
• Linter has been run for changed code
• Tests for the changes have been added if not covered yet
• Docs have been added / updated if required

Issue Reference this PR resolves

Add IAM role authentication.

Description of Changes Made (if issue reference is not provided)

Introduce CUBESTORE_AWS_IAM_ROLE and CUBESTORE_AWS_IAM_REFRESH_EVERY_MINS.

If there is CUBESTORE_AWS_IAM_ROLE in the env, we would generate ID and secret on the flight.
Since this ID is short-lived (15 mins by default), we would need a shorten refresh loop.

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

8 Skipped Deployments

Name	Status	Preview	Comments	Updated (UTC)
examples-angular-dashboard	⬜️ Ignored (Inspect)	Visit Preview		Aug 16, 2024 0:32am
examples-react-d3	⬜️ Ignored (Inspect)	Visit Preview		Aug 16, 2024 0:32am
examples-react-dashboard	⬜️ Ignored (Inspect)	Visit Preview		Aug 16, 2024 0:32am
examples-react-data-table	⬜️ Ignored (Inspect)	Visit Preview		Aug 16, 2024 0:32am
examples-react-highcharts	⬜️ Ignored (Inspect)	Visit Preview		Aug 16, 2024 0:32am
examples-react-material-ui	⬜️ Ignored (Inspect)	Visit Preview		Aug 16, 2024 0:32am
examples-react-pivot-table	⬜️ Ignored (Inspect)	Visit Preview		Aug 16, 2024 0:32am
examples-vue-query-builder	⬜️ Ignored (Inspect)	Visit Preview		Aug 16, 2024 0:32am

[leopepe]

@igorlukanin it is not clear why the Vercel test is failing. I am interested in this feature and could work on the tests to make it acceptable and suitable for merging.
Can I help somehow? :)

[igorlukanin]

I've rebased this PR on top of the latest and it looks like we have more build steps failing now. Could anyone please take a look?

[leopepe]

I've rebased this PR on top of the latest and it looks like we have more build steps failing now. Could anyone please take a look?

I can have a look. I think I can fix the error for the failing checks.
Unfortunately I don't have permission to change the original branch.

[leopepe]

These suggestions fixes the formatting and build error happening currently in the checks

[leopepe]

Suggested change

	aws_sdk_sts = "1.38.0"
	aws-sdk-sts = "1.38.0"

[leopepe]

Suggested change

	Some(role_name) => {
	assume_role(&role_name, &region.to_string()).await
	}
	Some(role_name) => assume_role(&role_name, &region.to_string()).await,

[leopepe]

Suggested change

	.assume_role(AssumeRoleRequest::builder()
	.role_arn(format!("arn:aws:iam::{}:role/{}", account_id, role_or_access_key))
	.duration_seconds(28800)
	.build())
	.assume_role(
	AssumeRoleRequest::builder()
	.role_arn(format!(
	"arn:aws:iam::{}:role/{}",
	account_id, role_or_access_key
	))
	.duration_seconds(28800)
	.build(),
	)

[leopepe]

Suggested change

	let access_key = assume_role_output.access_key_id.ok_or_else(|| CubeError::internal("Failed to get access key".to_string()))?;
	let secret_key = assume_role_output.secret_access_key.ok_or_else(|| CubeError::internal("Failed to get secret key".to_string()))?;
	let access_key = assume_role_output
	.access_key_id
	.ok_or_else(|| CubeError::internal("Failed to get access key".to_string()))?;
	let secret_key = assume_role_output
	.secret_access_key
	.ok_or_else(|| CubeError::internal("Failed to get secret key".to_string()))?;

[leopepe]

Suggested change

	let (access_key, secret_key) = assume_role(&role_or_access_key.as_ref().unwrap(), &region.to_string()).await;
	let (access_key, secret_key) =
	assume_role(&role_or_access_key.as_ref().unwrap(), &region.to_string()).await;