S3 provider doesn't work with MFA credentials

client/src/main/kotlin/io/titandata/models/S3Parameters.kt

@@ -8,5 +8,6 @@ data class S3Parameters(
     override var provider: String = "s3",
     var accessKey: String? = null,
     var secretKey: String? = null,
+    var sessionToken: String? = null,
     var region: String? = null
 ) : RemoteParameters()

client/src/main/kotlin/io/titandata/serialization/remote/S3RemoteUtil.kt

@@ -9,6 +9,7 @@ import io.titandata.models.RemoteParameters
 import io.titandata.models.S3Parameters
 import io.titandata.models.S3Remote
 import io.titandata.serialization.RemoteUtilProvider
+import software.amazon.awssdk.auth.credentials.AwsSessionCredentials
 import software.amazon.awssdk.auth.credentials.DefaultCredentialsProvider
 import software.amazon.awssdk.regions.providers.DefaultAwsRegionProviderChain
 import java.net.URI
@@ -102,6 +103,7 @@ class S3RemoteUtil : RemoteUtilProvider() {
 
         var accessKey = remote.accessKey
         var secretKey = remote.secretKey
+        var sessionToken:String? = null
         if (accessKey == null || secretKey == null) {
             val creds = DefaultCredentialsProvider.create().resolveCredentials()
             if (creds == null) {
@@ -112,13 +114,17 @@ class S3RemoteUtil : RemoteUtilProvider() {
             if (accessKey == null || secretKey == null) {
                 throw IllegalArgumentException("Unable to determine AWS credentials")
             }
+
+            if (creds is AwsSessionCredentials) {
+                sessionToken = creds.sessionToken()
+            }
         }
 
         var region = remote.region
         if (region == null) {
             region = DefaultAwsRegionProviderChain().region?.id()
         }
 
-        return S3Parameters(accessKey = accessKey, secretKey = secretKey, region = region)
+        return S3Parameters(accessKey = accessKey, secretKey = secretKey, region = region, sessionToken = sessionToken)
     }
 }

server/src/main/kotlin/io/titandata/remote/s3/S3RemoteProvider.kt

@@ -6,6 +6,7 @@ package io.titandata.remote.s3
 
 import com.amazonaws.auth.AWSStaticCredentialsProvider
 import com.amazonaws.auth.BasicAWSCredentials
+import com.amazonaws.auth.BasicSessionCredentials
 import com.amazonaws.services.s3.AmazonS3
 import com.amazonaws.services.s3.AmazonS3ClientBuilder
 import com.amazonaws.services.s3.model.AmazonS3Exception
@@ -48,7 +49,10 @@ class S3RemoteProvider(val providers: ProviderModule) : BaseRemoteProvider() {
         val region = params.region ?: remote.region
             ?: throw IllegalArgumentException("missing region")
 
-        val creds = BasicAWSCredentials(accessKey, secretKey)
+        val creds = when (params.sessionToken) {
+            null -> BasicAWSCredentials(accessKey, secretKey)
+            else -> BasicSessionCredentials(accessKey, secretKey, params.sessionToken)
+        }
         val provider = AWSStaticCredentialsProvider(creds)
 
         return AmazonS3ClientBuilder.standard().withCredentials(provider).withRegion(region).build()!!

server/src/test/kotlin/io/titandata/serialization/S3RemoteTest.kt

@@ -5,6 +5,7 @@
 package io.titandata.serialization
 
 import com.google.gson.GsonBuilder
+import io.kotlintest.extensions.system.withEnvironment
 import io.kotlintest.matchers.types.shouldBeInstanceOf
 import io.kotlintest.shouldBe
 import io.kotlintest.shouldThrow
@@ -193,5 +194,22 @@ class S3RemoteTest : StringSpec() {
             params.secretKey shouldBe "SECRET"
             params.region shouldBe "REGION"
         }
+
+        "getting credentials from environment succeeds" {
+            withEnvironment(mapOf("AWS_ACCESS_KEY_ID" to "accessKey", "AWS_SECRET_ACCESS_KEY" to "secretKey",
+                    "AWS_REGION" to "us-west-2", "AWS_SESSION_TOKEN" to "sessionToken")) {
+                System.getenv("AWS_ACCESS_KEY_ID") shouldBe "accessKey"
+                System.getenv("AWS_SECRET_ACCESS_KEY") shouldBe "secretKey"
+                System.getenv("AWS_REGION") shouldBe "us-west-2"
+                System.getenv("AWS_SESSION_TOKEN") shouldBe "sessionToken"
+                val params = remoteUtil.getParameters(S3Remote(name = "name", bucket = "bucket", path = "path"))
+                params.shouldBeInstanceOf<S3Parameters>()
+                params as S3Parameters
+                params.accessKey shouldBe "accessKey"
+                params.secretKey shouldBe "secretKey"
+                params.sessionToken shouldBe "sessionToken"
+                params.region shouldBe "us-west-2"
+            }
+        }
     }
 }