Feature : AWS Default Credential Provider Chain as an authentication option in AWS S3 datasource (#14171)

* added default credential chain flow

* Bump version to 3.20.5-lts across all components and add tag-and-push script for releases

---------

Co-authored-by: gsmithun4 <gsmithun4@gmail.com>

.version

@@ -1 +1 @@
-3.20.4-lts
+3.20.5-lts

frontend/.version

@@ -1 +1 @@
-3.20.4-lts
+3.20.5-lts

plugins/packages/s3/lib/index.ts

@@ -94,9 +94,11 @@ export default class S3QueryService implements QueryService {
   }
 
   async getConnection(sourceOptions: SourceOptions): Promise<any> {
-    const useAWSInstanceProfile = sourceOptions['instance_metadata_credentials'] === 'aws_instance_credentials';
     const region = sourceOptions['region'];
+    const useAWSInstanceProfile = sourceOptions['instance_metadata_credentials'] === 'aws_instance_credentials';
     const useRoleArn = sourceOptions['instance_metadata_credentials'] === 'aws_arn_role';
+    const useDefaultCredentialProviderChain =
+      sourceOptions['instance_metadata_credentials'] === 'default_credentials_provider_chain';
 
     if (useAWSInstanceProfile) {
       const client = new S3Client({ region, credentials: fromInstanceMetadata() });
@@ -111,6 +113,9 @@ export default class S3QueryService implements QueryService {
 
       const client = new S3Client({ region, credentials });
       return client;
+    } else if (useDefaultCredentialProviderChain) {
+      const client = new S3Client({ region });
+      return client;
     } else {
       const credentials = new AWS.Credentials(sourceOptions['access_key'], sourceOptions['secret_key']);
       const endpointOptions = sourceOptions.endpoint_enabled && {

plugins/packages/s3/lib/manifest.json

@@ -65,6 +65,10 @@
         {
           "value": "aws_arn_role",
           "name": "Use AWS ARN Role"
+        },
+        {
+          "value": "default_credentials_provider_chain",
+          "name": "Default Credential Provider Chain"
         }
       ],
       "commonFields": {

release-scripts/tag-and-push.sh

@@ -0,0 +1,51 @@
+#!/bin/sh
+set -e
+
+BASE_DIR="$(dirname "$(dirname "$0")")"
+
+BASE_VERSION_FILE="$BASE_DIR/.version"
+SERVER_VERSION_FILE="$BASE_DIR/server/.version"
+FRONTEND_VERSION_FILE="$BASE_DIR/frontend/.version"
+
+# Read first line of each version file (trim spaces)
+BASE_VERSION=$(head -n 1 "$BASE_VERSION_FILE" | tr -d '[:space:]')
+SERVER_VERSION=$(head -n 1 "$SERVER_VERSION_FILE" | tr -d '[:space:]')
+FRONTEND_VERSION=$(head -n 1 "$FRONTEND_VERSION_FILE" | tr -d '[:space:]')
+
+# Check versions match
+if [ "$BASE_VERSION" != "$SERVER_VERSION" ] || [ "$BASE_VERSION" != "$FRONTEND_VERSION" ]; then
+  echo "❌ Version mismatch detected!"
+  echo "Base:     $BASE_VERSION"
+  echo "Server:   $SERVER_VERSION"
+  echo "Frontend: $FRONTEND_VERSION"
+  exit 1
+fi
+
+RELEASE_VERSION="v$BASE_VERSION"
+
+echo "Are you sure you want to release version - $RELEASE_VERSION ? (y/n)"
+read CONFIRM
+
+if [ "$CONFIRM" != "y" ]; then
+  echo "❌ Release aborted."
+  exit 1
+fi
+
+echo "✅ Starting release process for $RELEASE_VERSION..."
+
+# Tag & push in base
+cd "$BASE_DIR"
+git tag "$RELEASE_VERSION"
+git push origin "$RELEASE_VERSION"
+
+# Tag & push in server/ee
+cd "$BASE_DIR/server/ee"
+git tag "$RELEASE_VERSION"
+git push origin "$RELEASE_VERSION"
+
+# Tag & push in frontend/ee
+cd "$BASE_DIR/frontend/ee"
+git tag "$RELEASE_VERSION"
+git push origin "$RELEASE_VERSION"
+
+echo "🎉 Successfully released $RELEASE_VERSION"

server/.version

@@ -1 +1 @@
-3.20.4-lts
+3.20.5-lts