Dumpling 7.5.1 Does Not Support Passing AK/SK Through Environment Variables on Alibaba Cloud OSS

Note:
This topic has been translated from a Chinese forum by GPT and might contain errors.

Original topic: dumpling 7.5.1在阿里云 OSS 下不支持通过环境传入 AK/SK

| username: dba-kit

As shown in the figure, it was originally supported to read AK/SK through the AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY environment variables, but it seems that version 7.5.1 no longer supports it?

| username: dba-kit | Original post link

Uh, I tested it, and it seems that version 6.5.1 no longer supports it. Maybe it was deprecated a long time ago??

| username: dba-kit | Original post link

However, in the BR introduction document, these two parameters are still there.

| username: dba-kit | Original post link

I tested it, and the br in version 6.5.2 no longer supports reading through environment variables.

| username: aytrack | Original post link

Using dumpling v7.5.1 to inject AK and SK through environment variables for dumpling works on both AWS and KS3.

AWS


KS3


I don’t have an Aliyun environment, but from the above two results, it seems that AK/SK can be injected through environment variables.

| username: zhanggame1 | Original post link

No problem, I have tested it.

Just tried version 7.5.1, no issues.

| username: aytrack | Original post link

Update:
Previously, when implementing support for Alibaba Cloud’s IAM role, the behavior was changed. After this PR (br/pkg/storage: add oss support on s3 sdk by knull-cn · Pull Request #34309 · pingcap/tidb · GitHub), the environment variables for AK/SK will be ignored when the provider is set to Alibaba Cloud. You can bypass this issue by using the ossRAMRole method or by writing the AK/SK into the URL. An issue has been logged (`AWS_ACCESS_KEY_ID` and `AWS_SECRET_ACCESS_KEY` env not work for aliyun provider · Issue #53463 · pingcap/tidb · GitHub) to track this problem.

| username: dba-kit | Original post link

:sweat_smile: It turns out that this BUG is triggered only by Alibaba Cloud OSS. According to the verification, AWS S3 and Minio are still supported.

| username: BornChanger | Original post link

This issue is the same as br backup to aliyum OSS not support ak/sk as env · Issue #45551 · pingcap/tidb · GitHub. I have merged the two issues. Are you interested in submitting a PR to solve this problem?

| username: dba-kit | Original post link

Sure, can you introduce the background of introducing OSS RAM? In your plan, should you read RAM first or environment variables first?

| username: BornChanger | Original post link

Thanks :slightly_smiling_face:. This issue br/pkg/storage: s3 sdk support to access aliyun oss by ram type · Issue #34224 · pingcap/tidb · GitHub contains the background for supporting Alibaba Cloud OSS RAM at that time. From a design consistency perspective, environment variables take precedence. If the environment variables can authenticate successfully, they are used first; if the environment variables are not set or the AK/SK fails, then RAM is used.

| username: dba-kit | Original post link

Okay, I’ll try to fix it and see if it resolves the issue.