babashka / pod-babashka-aws Goto Github PK

Deprecated, use https://github.com/grzm/awyeah-api

License: Apache License 2.0

Shell 15.72% Batchfile 2.56% Clojure 81.72%

clojure aws babashka

pod-babashka-aws's Introduction

pod-babashka-aws ^{* deprecated}

Great news! 🎉 Awyeah-api is a babashka compatible re-implementation of Cognitect's aws-api! This means that this pod is no longer necessary, and will no longer be maintained. Please use Awyeah-api.

A babashka pod wrapping the aws-api library.

Status

Experimental, awaiting your feedback.

API

The namespaces and functions in this pod reflect those in the official aws-api library.

Available namespaces and functions:

pod.babashka.aws: client, doc, invoke
pod.babashka.aws.config: parse
pod.babashka.aws.credentials: credential-process-credentials-provider, basic-credentials-provider, default-credentials-provider, fetch, profile-credentials-provider, system-property-credentials-provider
pod.babashka.aws.logging: set-level!

Examples

Single-file script

#!/usr/bin/env bb

(require '[babashka.pods :as pods])

(pods/load-pod 'org.babashka/aws "0.1.2")

(require '[pod.babashka.aws :as aws])

(def region "eu-central-1")

(def s3-client
  (aws/client {:api :s3 :region region}))

(aws/doc s3-client :ListBuckets)

(aws/invoke s3-client {:op :ListBuckets})

(aws/invoke s3-client
            {:op :CreateBucket
             :request {:Bucket "pod-babashka-aws"
                       :CreateBucketConfiguration {:LocationConstraint region}}})

(require '[clojure.java.io :as io])

(aws/invoke s3-client
            {:op :PutObject
             :request {:Bucket "pod-babashka-aws"
                       :Key "logo.png"
                       :Body (io/file "resources" "babashka.png")}})

See test/script.clj for an example script.

Project with a bb.edn file

bb.edn:

{:pods {org.babashka/aws {:version "0.1.2"}}} ; this will be loaded on demand

Your code:

(ns my.code
  (:require [pod.babashka.aws :as aws] ; required just like a normal Clojure library
            [clojure.java.io :as io]))
  
(def region "eu-central-1")

(def s3-client
  (aws/client {:api :s3 :region region}))

(aws/doc s3-client :ListBuckets)

(aws/invoke s3-client {:op :ListBuckets})

(aws/invoke s3-client
            {:op :CreateBucket
             :request {:Bucket "pod-babashka-aws"
                       :CreateBucketConfiguration {:LocationConstraint region}}})

(aws/invoke s3-client
            {:op :PutObject
             :request {:Bucket "pod-babashka-aws"
                       :Key "logo.png"
                       :Body (io/file "resources" "babashka.png")}})

Differences with aws-api

Credentials: custom flows are supported, but not by extending CredentialsProvider interface. See Credentials for options.
This pod doesn't require adding dependencies for each AWS service.
Async might be added in a later version.
For uploading (big) files (e.g. to S3), it is better for memory consumption to pass a java.io.File directly, rather than an input-stream.

Credentials

The default behaviour for credentials is the same way as Cognitect's aws-api; meaning the client implicitly looks up credentials the same way the java SDK does .

To provide credentials explicitly, you can pass a credentials-provider to the client constructor fn, e.g.:

(require '[pod.babashka.aws :as aws])
(require '[pod.babashka.aws.credentials :as credentials])

(def s3 (aws/client {:api :s3
                     :credentials-provider (credentials/basic-credentials-provider
                                            {:access-key-id     "ABC"
                                             :secret-access-key "XYZ"})}))

In contrast to the aws-api library this pod does not support extending the CredentialsProvider interface. For more complex flows, e.g. temporary credentials obtained by AWS SSO, one can use a credential_process entry in a ~/.aws/credentials file, as documented here:

(def s3 (aws/client {:api :s3
                     :credentials-provider (credentials/credential-process-credentials-provider
                                            "custom-profile")}))

where ~/.aws/credentials could look like

[custom-profile]
   credential_process = bb fetch_sso_credentials.clj

The credential_process entry can be any program that prints the expected JSON data:

#!/usr/bin/env bb

(println "{\"AccessKeyId\":\"***\",\"SecretAccessKey\":\"***\",\"SessionToken\":\"***\",\"Expiration\":\"2020-01-00T00:00:00Z\",\"Version\":1}")

Logging

The aws-api includes clojure.tools.logging using the default java.util.logging implementation. Use pod.babashka.aws.logging/set-level! to change the level of logging in the pod. The default log level in the pod is :warn. All possible levels: :trace, :debug, :info, :warn, :error or :fatal.

Each aws-api client has its own logger which adopts the logging level of the global logger at time it was instantiated.

user=> (def sts-1 (aws/client {:api :sts}))
2021-11-10 23:07:13.608:INFO::main: Logging initialized @30234ms to org.eclipse.jetty.util.log.StdErrLog
#'user/sts-1

user=> (keys (aws/invoke sts-1 {:op :GetCallerIdentity}))
(:UserId :Account :Arn)

user=> (require '[pod.babashka.aws.logging :as logging])
nil

user=> (logging/set-level! :info)
nil
user=> (def sts-2 (aws/client {:api :sts}))
#'user/sts-2

user=> (keys (aws/invoke sts-2 {:op :GetCallerIdentity}))
Nov 10, 2021 11:07:45 PM clojure.tools.logging$eval9973$fn__9976 invoke
INFO: Unable to fetch credentials from environment variables.
Nov 10, 2021 11:07:45 PM clojure.tools.logging$eval9973$fn__9976 invoke
INFO: Unable to fetch credentials from system properties.
(:UserId :Account :Arn)

;; The sts-1 client still has level :warn:
user=> (keys (aws/invoke sts-1 {:op :GetCallerIdentity}))
(:UserId :Account :Arn)

Build

Run script/compile. This requires GRAALVM_HOME to be set.

Update aws-api deps

Run script/update-deps.clj.

Test

Run script/test. This will run both the pod and tests (defined in test/script.clj) in two separate JVMs.

To test the native-image together with babashka, run the tests while setting APP_TEST_ENV to native:

APP_TEST_ENV=native script/test

To test with localstack:

# Start localstack
docker-compose up -d

# Set test credentials and run tests
AWS_REGION=eu-north-1 AWS_ACCESS_KEY_ID=test AWS_SECRET_ACCESS_KEY=test script/test

When adding new services to tests you need to add the service name into SERVICES environment variable in docker-compose.yml and .circleci/config.yml. See localstack docs for a list of available services.

License

Distributed under the Apache License 2.0. See LICENSE.

pod-babashka-aws's People

Contributors

Stargazers

Watchers

Forkers

digash burinc lasiltan thiagokokada grzm tjefferson08 cap10morgan jeroenvandijk mijothy-v2 mijothy singularitygroup the-alchemist

pod-babashka-aws's Issues

Not supported: class org.eclipse.jetty.client.HttpResponseException

I get the following error (I believe when trying to access an S3 bucket I am not authorized to access), which seems to indicate the pod is missing classes representing (some) exceptions (notice the last line):

"ERROR: can't serialize to transit:" {:cognitect.anomalies/category :cognitect.anomalies/fault, :cognitect.anomalies/message "Invalid 'Location' header: null", :cognitect.http-client/throwable #error {
 :cause "Invalid 'Location' header: null"
 :via
 [{:type org.eclipse.jetty.client.HttpResponseException
   :message "Invalid 'Location' header: null"
   :at [org.eclipse.jetty.client.HttpRedirector redirect "HttpRedirector.java" 167]}]
 :trace
 [[org.eclipse.jetty.client.HttpRedirector redirect "HttpRedirector.java" 167]
  ...]
java.lang.Exception: Not supported: class org.eclipse.jetty.client.HttpResponseException [at <repl>:1:354]

When I print *e it contains many things, including

{:type clojure.lang.ExceptionInfo
   :message "java.lang.Exception: Not supported: class org.eclipse.jetty.client.HttpResponseException"
   :data {:type "class java.lang.RuntimeException"}
   :at [babashka.pods.impl$processor invokeStatic "impl.clj" 154]}

problems with invoking lambda and apigateway

Hi, was able to work with s3 (as per the examples and tests) without any issues at all but had this error when trying with lambda

(def lambda (aws/client {:api :lambda :region "eu-west-2"}))
(aws/invoke lambda {:op :ListFunctions})

resulted in

clojure.lang.ExceptionInfo: No implementation of method: :wrap-object of protocol: #'pod.babashka.aws.impl.aws/IWrapObject found for class: nil

I had the same error when testing a call to apigateway as well.
thanks!

Suppress "INFO: Unable to fetch credentials"

The aws-api pod is quite noisy, logging INFO messges to STDERR.

$ cat ex.clj 
(ns com.grzm.ex.pod-aws
  (:require
   [babashka.pods :as pods]))

(when-let [jul-config (System/getProperty "java.util.logging.config.file")]
  (println "java.util.logging.config.file:" jul-config))

(pods/load-pod "./pod-babashka-aws")
(require '[pod.babashka.aws :as aws])

(defn ex [_]
  (let [s3 (aws/client {:api :s3})]
    (prn (keys (aws/invoke s3 {:op :ListBuckets}))))
  (let [sts (aws/client {:api :sts})]
    (prn (keys (aws/invoke sts {:op :GetCallerIdentity})))))

(ex nil)

$ bb ex.clj 
Oct 30, 2021 9:47:52 AM clojure.tools.logging$eval136$fn__139 invoke
INFO: Unable to fetch credentials from environment variables.
Oct 30, 2021 9:47:52 AM clojure.tools.logging$eval136$fn__139 invoke
INFO: Unable to fetch credentials from system properties.
(:Buckets :Owner)
Oct 30, 2021 9:47:52 AM clojure.tools.logging$eval136$fn__139 invoke
INFO: Unable to fetch credentials from environment variables.
Oct 30, 2021 9:47:52 AM clojure.tools.logging$eval136$fn__139 invoke
INFO: Unable to fetch credentials from system properties.
(:UserId :Account :Arn)

This is because the aws-api client logs at INFO level when it tries to find valid credentials:

https://github.com/cognitect-labs/aws-api/blob/fb41cdad69bd04ff5ba36890e1f667fc1f955ebc/src/cognitect/aws/credentials.clj#L130

This can be really noisy when using multiple AWS services (as shown
above). One solution would be to redirect stderr to /dev/null, but
that would also mean suppressing all other uses of stderr, including
more serious messages.

The aws-api client uses clojure.tools.logging, and falls back to
java.util.logging as there is no other logging implementation.

https://github.com/clojure/tools.logging/blob/2472b6f84853075cb58082753ec39f49d1716dc2/src/main/clojure/clojure/tools/logging/impl.clj#L245-L256

As expected, the aws-api client exhibits the same behavior using JVM Clojure:

$ cat src/com/grzm/ex/pod_aws.clj 
(ns com.grzm.ex.pod-aws
  (:require
   [cognitect.aws.client.api :as aws]))

(defn ex [_]
  (let [s3 (aws/client {:api :s3})]
    (prn (keys (aws/invoke s3 {:op :ListBuckets}))))
  (let [sts (aws/client {:api :sts})]
    (prn (keys (aws/invoke sts {:op :GetCallerIdentity})))))
    
$ clj -X com.grzm.ex.pod-aws/ex 
2021-10-30 10:14:32.587:INFO::main: Logging initialized @5251ms to org.eclipse.jetty.util.log.StdErrLog
Oct 30, 2021 10:14:32 AM clojure.tools.logging$eval9763$fn__9766 invoke
INFO: Unable to fetch credentials from environment variables.
Oct 30, 2021 10:14:32 AM clojure.tools.logging$eval9763$fn__9766 invoke
INFO: Unable to fetch credentials from system properties.
(:Buckets :Owner)
(:UserId :Account :Arn)

(Though, it's only half as noisy: the bb equivalent echoes twice as
much. I haven't dug into why that might be.)

I'm able to set the log level for using a logging.properties file
using JVM Clojure. See https://github.com/grzm/aws-api-logging-ex for
a running example.

$ cat resources/jul/logging.properties
java.util.logging.ConsoleHandler.level = WARNING

$ clj -A:REALLY:quiet -X com.grzm.ex.pod-aws/ex
(:Buckets :Owner)
(:UserId :Account :Arn)

I added resources/logging.properties to the aws-api pod, updated
deps to include the additional JVM property, and recompiled. However,
it doesn't have the desired effect: the Unable to fetch credentials
log messages are still echoed.

Is there a way to get the aws-api pod to pick up the
logging.properties file? Is this something that needs to be compiled
with the pod or does it need to be specified when the bb script is
called? If the latter, it doesn't seem to have the desired effect,
either.

bb -cp resources -Djava.util.logging.config.file=logging.properties ex.clj 
java.util.logging.config.file: logging.properties
Oct 30, 2021 10:31:52 AM clojure.tools.logging$eval136$fn__139 invoke
INFO: Unable to fetch credentials from environment variables.
Oct 30, 2021 10:31:52 AM clojure.tools.logging$eval136$fn__139 invoke
INFO: Unable to fetch credentials from system properties.
(:Buckets :Owner)
Oct 30, 2021 10:31:52 AM clojure.tools.logging$eval136$fn__139 invoke
INFO: Unable to fetch credentials from environment variables.
Oct 30, 2021 10:31:52 AM clojure.tools.logging$eval136$fn__139 invoke
INFO: Unable to fetch credentials from system properties.
(:UserId :Account :Arn)

Maybe it's not getting passed to the pod somehow? I'd be happy
just having it compiled in and applied to the pod itself, if that's an
easier option.

profile-credentials-provider does not support assumed roles

[foo]
aws_access_key_id=redacted
aws_secret_access_key=redacted
region=us-west-2

I can do babashka pods aws functions using the above profile.

[assumed]
role_arn = arn:aws:iam::671645499998:role/OrganizationAccountAccessRole
source_profile= foo
region=us-west-2

Does not work however.

It gives me:

{:cognitect.anomalies/category :cognitect.anomalies/fault,
 :cognitect.anomalies/message
 "Unable to fetch credentials. See log for more details."}

There is no "log" that I can tell from which I can see more details, but it's clear that either the Babashka AWS pod or the underlying Cognitect AWS API library does not support automatic STS assume role as for example boto3 and the AWS CLI written on top of it does.

I can hack around this by writing my own STS utility functions, but just FYI this will confuse people I'm sure.

awsSession is not passed into system-properties

#14 missed "aws.sessionToken" system property that is needed for auth to work
It was not working upstream either, they fixed it cognitect-labs/aws-api#167 Released in aws-api 0.8.498

I can submit a pull request but it is trivial change, just need to add it to the list at
credentials.clj line 187

Also would be good to update deps.edn aws-api reference to 0.8.498 version.

Error: Found lib name 'bashka.aws' containing period with prefix 'pod.ba'.

Hi @borkdude!

I was trying the example and faced this issue when trying to run it. Is this something known?

I'm using Ubuntu 20.04.

----- Error --------------------------------------------------------------------
Type:     clojure.lang.ExceptionInfo
Message:  Found lib name 'bashka.aws' containing period with prefix 'pod.ba'.  lib names inside prefix lists must not contain periods
Location: /home/.../gen-messages.bb:7:19

----- Context ------------------------------------------------------------------
 3: (require '[babashka.pods :as pods])
 4: 
 5: (pods/load-pod 'org.babashka/aws "0.0.6")
 6: 
 7: (require '[pod.ba bashka.aws :as aws])
                      ^--- Found lib name 'bashka.aws' containing period with prefix 'pod.ba'.  lib names inside prefix lists must not contain periods
 8:

Add request wrapping

Requests maps can contain java.io.InputStream, see #10

aws/doc

with-out-str doesn't work for the output that comes from the pod. @borkdude Do we need to use something else then System/out or should I test it differently?

cc @jeroenvandijk

migrate from leiningen to tools.deps like the initial setup

@jeroenvandijk

Add credentials interface

Oh and in addition I'm still thinking about how to integrate the credential interface for custom setups. But it's already usable without this addition through AWS environment vars.

Add credentials interface

initial PR by @jeroenvandijk
add better parser for credentials_process @borkdude
fix CI: I guess we can write the built artifact and then do the tests in another job. Right now the build is OOM-ing. cc @vharmain

Apple silicon (M1 Macs)?

When using this pod I notice that babashka is running in Intel mode (through Activity Monitor). Feels unclean :D Any idea about this and if it's an easy fix?

Add s3 test

So this works now:

(def png (java.nio.file.Files/readAllBytes (.toPath (io/file "resources" "babashka.png"))))

(aws/invoke s3 {:op :PutObject :request {:Bucket "michiel-test2"
                                         :Key "logo.png"
                                         :Body png}})

But this doesn't yet:

(def res (aws/invoke s3 {:op :GetObject :request {:Bucket "michiel-test2"
                                                  :Key "logo.png"}}))

"ERROR: can't serialize to transit:" {:LastModified #inst "2021-01-04T09:40:14.000-00:00", :ETag "\"edfaa19995ecf81d4bbca34df485ff31\"", :Metadata {}, :ContentLength 65486, :ContentType "application/octet-stream", :AcceptRanges "bytes", :Body #object[java.io.BufferedInputStream 0x4a18136f "java.io.BufferedInputStream@4a18136f"]}
----- Error --------------------------------------------------------------------
Type:     clojure.lang.ExceptionInfo
Message:  java.lang.Exception: Not supported: class java.io.BufferedInputStream
Location: /tmp/s3.clj:32:10

Upload something to S3 test

#!/usr/bin/env bb
(ns script
  (:require [babashka.pods :as pods]))
(pods/load-pod "./pod-babashka-aws")
(require '[pod.babashka.aws :as aws])
(def s3 (aws/client {:api :s3}))
(aws/doc s3 :CreateBucket)
(prn (aws/invoke s3 {:op :CreateBucket :request {:Bucket "michiel-bucket"}}))
(prn (-> (aws/invoke s3 {:op :ListBuckets})
        :Buckets))

I'm getting:

Message:  java.lang.Exception: Not supported: class java.lang.IllegalArgumentException
Location: /tmp/s3.clj:14:6

Any ideas @lispyclouds @jeroenvandijk ?

When invoking sso it should not need creds

The sso client is special and does not need creds from profile, environment etc.
When using sso - get credentials, sometimes I don't have creds yet.

;basically my issue is this: 

(aws/invoke
    (aws/client {:api :sso})
    {:op :GetRoleCredentials
     :request req})

 -> now it says unable to fetch credentials, if I don't have credentials configured for the default profile

My kludge around this is that I configure a dummy profile and make a sso client like this:

(aws/client
   {:api :sso
    :credentials-provider (creds/profile-credentials-provider
                           "dummy_profile")})

same issue with cognitect lib cognitect-labs/aws-api#207

linux aarch64 release

Can we please include an aarch64 release as babashka supports this architecture?

FROM arm64v8/ubuntu

RUN apt update
RUN apt install -y curl

RUN curl -sLO https://raw.githubusercontent.com/babashka/babashka/master/install && \
    chmod +x install && \
    ./install

RUN bb "(babashka.pods/load-pod 'org.babashka/aws \"0.1.0\")"

Test build by running:

docker build -t aws-arm .

Error on missing executable for arch:

#9 0.394 ----- Error --------------------------------------------------------------------
#9 0.394 Type:     java.lang.IllegalArgumentException
#9 0.394 Message:  No executable found for pod org.babashka/aws (0.1.0) and OS Linux/aarch64
#9 0.394 Location: <expr>:1:1
#9 0.394 
#9 0.394 ----- Context ------------------------------------------------------------------
#9 0.395 1: (babashka.pods/load-pod 'org.babashka/aws "0.1.0")
#9 0.395    ^--- No executable found for pod org.babashka/aws (0.1.0) and OS Linux/aarch64
#9 0.395 
#9 0.395 ----- Stack trace --------------------------------------------------------------
#9 0.395 user - <expr>:1:1
#9 0.395 
------

Please let me know if you don't have time to alter the cicd pipelines, I can try to get some time to do this.

Thanks!! 😎

Cannot execute AssumeRole

#!/usr/bin/env bb
(ns script
  (:require [babashka.pods :as pods]))

(pods/load-pod "pod-babashka-aws")

(require '[pod.babashka.aws :as aws])

(def sts-client
  (aws/client {:api :sts :region "eu-west-1"}))

(aws/invoke sts-client {:op "AssumeRole"
	                :request {:RoleArn "my:role:arn"
                                  :RoleSessionName "myrole"}})

This results in

----- Error --------------------------------------------------------------------
Type:     clojure.lang.ExceptionInfo
Message:  Operation not supported
Location: /Users/siltalau/bin/sts-test.clj:1:354

----- Locals -------------------------------------------------------------------
client: {:pod.babashka.aws.impl.aws/client-id #uuid "9e22d0c2-bd3b-4943-b686-55bdec737dd3"}
op:     {:op "AssumeRole", :request {:RoleArn "arn:aws:iam::352476883983:role/dev", :RoleSessionName "dev"}}

I'm likely doing something wrong but I don't understand what.

Link static build against musl

See oracle/graal#2691 (comment)
Linking against the host glibc is a bad idea, we should link against musl for all of our static builds.
Then perhaps all the weird segmentation faults etc are over...

@lispyclouds will try to do this for pod-babashka-aws first.

/cc @thiagokokada @ericdallo @lispyclouds

Reflection bug

I'm getting the same kind of error related to reflection as in #7 with:

(prn (aws/invoke s3 {:op :CreateBucket :request {:Bucket "michiel-bucket"
                                                 :CreateBucketConfiguration {:LocationContraint "EU"}}}))

Type:     clojure.lang.ExceptionInfo
Message:  java.lang.Exception: Not supported: class java.lang.IllegalArgumentException
Location: /tmp/s3.clj:17:6

Add AWS proton support

The pod currently does not support AWS proton. Locally, I did manage to fix the issue by updating the dependency in deps.edn, adding the dependency to aws-libs.edn and adding :proton to the list in resources/aws-services.edn, followed by locally compiling the image and running that. If you want I can do a PR?

FYI, the following exception is thrown:

clojure.lang.ExceptionInfo: api :proton not available
{:available #{:mediatailor :medialive :ecr :eks :cloudsearchdomain :budgets :migrationhub-config :monitoring :databrew :kinesis-video-archived-media :elastictranscoder :comprehend :route53domains :pi :ec2 :backup :appconfig :dataexchange :guardduty :worklink :email :codeguru-reviewer :elasticloadbalancing :groundstation :sso :cloudformation :s3control :es :codepipeline :appintegrations :dax :honeycode :mediapackage-vod :cloudtrail :iotfleethub :application-autoscaling :autoscaling-plans :waf :discovery :kinesisanalytics :codestar-notifications :forecastquery :ce :mediaconnect :sagemaker-featurestore-runtime :dms :mobileanalytics :marketplace-catalog :codeartifact :workdocs :elastic-inference :cognito-sync :ecr-public :glacier :marketplacecommerceanalytics :workmailmessageflow :sns :lightsail :autoscaling :iot1click-projects :states :alexaforbusiness :license-manager :machinelearning :storagegateway :glue :config :ssm :personalize :service-quotas :gamelift :lambda :cur :datapipeline :AWS242AppRegistry :sso-admin :shield :codecommit :mediaconvert :braket :logs :inspector :transfer :sesv2 :eventbridge :cloudsearch :elasticmapreduce :support :auditmanager :customer-profiles :events :kinesisvideo :identitystore :kafka :forecast :connect :codestar :ebs :cloudhsmv2 :workmail :wafv2 :rekognition :mediastore-data :amp :sqs :iot :runtime-lex :fms :mq :waf-regional :kinesis-video-signaling :quicksight :ds :acm-pca :ecs :devicefarm :apigatewayv2 :compute-optimizer :swf :entitlement-marketplace :iotsecuretunneling :ram :imagebuilder :network-firewall :organizations :opsworkscm :codeguruprofiler :personalize-runtime :redshift :pinpoint-sms-voice :ec2-instance-connect :batch :signer :wellarchitected :cloud9 :s3outposts :rds :textract :iotevents :savingsplans :resourcegroupstaggingapi :redshift-data :macie2 :streams-dynamodb :lex-models :kinesis-video-media :appflow :securityhub :acm :schemas :docdb :qldb :elasticbeanstalk :timestream-write :secretsmanager :servicecatalog :accessanalyzer :kinesisanalyticsv2 :neptune :sts :athena :iotevents-data :personalize-events :route53 :lakeformation :iotdeviceadvisor :directconnect :serverlessrepo :connect-contact-lens :managedblockchain :dynamodb :elasticfilesystem :cloudhsm :sagemaker-edge :dlm :cloudfront :sms :codestar-connections :translate :health :resource-groups :mediapackage :devices :lookoutvision :opsworks :amplifybackend :frauddetector :route53resolver :cognito-idp :pinpoint-email :mturk-requester :qldb-session :iotthingsgraph :transcribe :iam :comprehendmedical :detective :synthetics :servicediscovery :AWSMigrationHub :greengrassv2 :sdb :rds-data :amplify :clouddirectory :macie :iot-jobs-data :mobile :mediastore :greengrass :codedeploy :pinpoint :connectparticipant :kendra :iot-data :fsx :appmesh :datasync :ivs :workspaces :robomaker :apigatewaymanagementapi :kms :location :chime :apigateway :appstream :pricing :networkmanager :runtime-sagemaker :meteringmarketplace :elasticloadbalancingv2 :s3 :importexport :elasticache :sso-oidc :sagemaker :devops-guru :application-insights :mwaa :emr-containers :appsync :polly :iotsitewise :healthlake :timestream-query :snowball :kinesis :outposts :firehose :cognito-identity :iotwireless :xray :iotanalytics :codebuild :globalaccelerator :sagemaker-a2i-runtime}, :type "class clojure.lang.ExceptionInfo"}
 at babashka.pods.impl$processor.invokeStatic (impl.clj:201)
    babashka.pods.sci$load_pod$fn__30731.invoke (sci.clj:72)
    sci.impl.vars$binding_conveyor_fn$fn__398.invoke (vars.cljc:154)
    clojure.core$binding_conveyor_fn$fn__5788.invoke (core.clj:2035)
    clojure.lang.AFn.call (AFn.java:18)
    java.util.concurrent.FutureTask.run (FutureTask.java:264)
    java.util.concurrent.ThreadPoolExecutor.runWorker (ThreadPoolExecutor.java:1128)
    java.util.concurrent.ThreadPoolExecutor$Worker.run (ThreadPoolExecutor.java:628)
    java.lang.Thread.run (Thread.java:829)
    com.oracle.svm.core.thread.JavaThreads.threadStartRoutine (JavaThreads.java:596)
    com.oracle.svm.core.posix.thread.PosixJavaThreads.pthreadStartRoutine (PosixJavaThreads.java:192)

Bump aws-api deps and make new release

Maybe we can automate grabbing the newest deps.edn libs.

Support passing a file directly for (s3) blob uploads

This file should then not be serialized via transit into a byte-array to not hold it into memory all at once. This should help for large files.

pass Java system properties–aws.accessKeyId and aws.secretKey to pod

The second default way to auth is to use Java system properties–aws.accessKeyId and aws.secretKey. The AWS SDK for Java uses the SystemPropertiesCredentialsProvider to load these credentials.

These properties currently not passed along to pod.

Broken message when missing GRAALVM_HOME

in script/compile, missing GRAALVM_HOME is handled as such:

if [ -z "$GRAALVM_HOME" ]; then
    echo "Please set $GRAALVM_HOME"
    exit 1
fi

Resulting in the message Please set. Should be:

if [ -z "$GRAALVM_HOME" ]; then
    echo "Please set GRAALVM_HOME"
    exit 1
fi

Setup CI

@jeroenvandijk : @borkdude I assume you want to use CircleCI? I can otherwise look into a Github Action setup.

@lispyclouds suggested we can use https://github.com/localstack/localstack for testing

Add metadata to aws/invoke return values

Probably this needs to be solved in a similar way to #10 and #11

From https://github.com/cognitect-labs/aws-api#explore

(aws/invoke s3 {:op :ListBuckets})
;; http-request and http-response are in the metadata
(meta *1)

Expose environment-creds-provider

Currently the only credential provider not explicitly exposed by the babashka pod (see lookup-map, describe-map) is the environment-credentials-provider. On the other hand, when using default-credentials-provider the functionality is still used. Is not exposing it intentional? I'd like to make use of it in a script.

Add lambda test to CI

See #27

@vharmain I tried adding:

(def lambda (aws/client {:api :lambda :region "eu-west-2"}))
(aws/invoke lambda {:op :ListFunctions})

as a test in the test script against localstack.

Using the normal aws-api from a Clojure REPL this worked (when adding in the endpoint overrides, etc), but with the pod I got:

#:cognitect.anomalies{:category :cognitect.anomalies/incorrect}

without any additional information. If possible, it would be nice to add this to the tests, so it won't break in the future.

Originally posted by @borkdude in #27 (comment)

Revise reflection config

The reflection config is generated using an agent, but in practice this adds more than necessary. Let's clean it up and remove classes that aren't needed, while the tests are still passing.