[BE] S3 자격증명 방식 변경

[uri010]

#️⃣ 연관된 이슈

#170 [BE] S3 자격증명 실패

📝 작업 내용

S3 자격증명 확인 및 AWS SDK 버전 업그레이드

• 기존에는 ProfileCredentialsProvider를 사용해서 ~/.aws/credentials에 저장해둔 제 User 계정의 액세스 키로 S3에 접근했었습니다. 개발 환경에서는 사용이 가능하지만 운영 환경에서는 EC2에 부여한 Role 권한을 가지고 S3에 접근해야 해서 DefaultCredentialsProvider로 변경했습니다.
  -DefaultCredentialsProvider는 환경 변수, EC2 IAM Role, ~/.aws/credentials 등을 자동으로 탐색해서 자격증명을 제공한다고 합니다. 각 실행 환경 별로 코드를 나누는 것보다 하나를 사용하는 것이 나을 것이라 판단하여 변경하였습니다.
• DefaultCredentialsProvider는 기존 AWS SDK 2.13.0에서 사용이 불가하여 2.20.0로 업그레이드 했습니다.

추가 버그 수정

• 회원 정보 조회 API 수행시 프로필 이미지가 없는 사용자의 경우에도 S3에 파일 Presigned-url을 요청해서 에러가 발생했습니다. 다른 API와 마찬가지로 DB에 파일 이름과 S3 key 값이 저장되어 있는 경우에만 presigned-url을 발급할 수 있도록 수정했습니다.

Summary by CodeRabbit

• Bug Fixes
  • Enhanced profile image handling to ensure images display only when available, reducing display errors.
• Chores
  • Updated cloud storage integration configurations to improve stability and performance.

[coderabbitai]

Walkthrough

The pull request updates the AWS SDK S3 dependency in the Gradle build file from version 2.13.0 to 2.20.0. In the ProfessorService class, logic is modified to initialize profile image URLs as empty strings and conditionally generate a presigned URL only if the file exists. In the S3Config class, the credentials provider is changed from using a fixed profile provider to the default credentials provider, affecting the creation of the S3 client and presigner.

Changes

Files	Change Summary
back-end/reacton/build.gradle	Upgraded AWS SDK S3 dependency from version 2.13.0 to 2.20.0
back-end/reacton/src/main/java/com/softeer/reacton/domain/professor/ProfessorService.java	Added file existence check to conditionally generate a presigned profile image URL
back-end/reacton/src/main/java/com/softeer/reacton/global/s3/S3Config.java	Replaced ProfileCredentialsProvider.create() with DefaultCredentialsProvider.create() for AWS S3 configuration

Sequence Diagram(s)

sequenceDiagram
    participant Client
    participant ProfessorService
    participant S3Service
    Client->>ProfessorService: Request profile info
    ProfessorService->>ProfessorService: Initialize profileImageUrl as empty
    ProfessorService->>S3Service: Check if profile image exists
    alt File exists
        ProfessorService->>S3Service: Generate presigned URL
        S3Service-->>ProfessorService: Return URL
        ProfessorService->>Client: Return profile info with URL
    else
        ProfessorService->>Client: Return profile info with empty URL
    end

Loading

sequenceDiagram
    participant S3Config
    participant DefaultCredentialsProvider
    participant AWS_Service
    S3Config->>DefaultCredentialsProvider: Initialize credentials
    DefaultCredentialsProvider-->>S3Config: Provide credentials
    S3Config->>AWS_Service: Create S3 client & presigner with credentials

Loading

Suggested reviewers

• sunohkim

Poem

I'm a bouncy rabbit in the code field at play,
Hopping through updates in a delightful way.
S3 credentials now default, neat and bright,
And profile URLs check for files before their flight.
In the realm of code, I cheer with delight! 🐰✨

✨ Finishing Touches

• 📝 Generate Docstrings (Beta)

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR. (Beta)
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

back-end/reacton/src/main/java/com/softeer/reacton/global/s3/S3Config.java (1)

27-30: Consider reusing the DefaultCredentialsProvider instance.

While the change to DefaultCredentialsProvider is correct, creating separate instances for both S3Client and S3Presigner might not be optimal. Consider creating a single bean for the credentials provider and reusing it.

Here's a suggested refactor:

 @Configuration
 public class S3Config {
     @Value("${aws.region}")
     private String AWS_REGION;
 
+    @Bean
+    public DefaultCredentialsProvider credentialsProvider() {
+        return DefaultCredentialsProvider.create();
+    }
 
     @Bean
-    public S3Client s3Client() {
+    public S3Client s3Client(DefaultCredentialsProvider credentialsProvider) {
         return S3Client.builder()
                 .region(Region.of(AWS_REGION))
-                .credentialsProvider(DefaultCredentialsProvider.create())
+                .credentialsProvider(credentialsProvider)
                 .build();
     }
 
     @Bean
-    public S3Presigner s3Presigner() {
+    public S3Presigner s3Presigner(DefaultCredentialsProvider credentialsProvider) {
         return S3Presigner.builder()
                 .region(Region.of(AWS_REGION))
-                .credentialsProvider(DefaultCredentialsProvider.create())
+                .credentialsProvider(credentialsProvider)
                 .build();
     }
 }

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between bc1ce3a and 3ae8a36.

📒 Files selected for processing (3)

• back-end/reacton/build.gradle (1 hunks)
• back-end/reacton/src/main/java/com/softeer/reacton/domain/professor/ProfessorService.java (1 hunks)
• back-end/reacton/src/main/java/com/softeer/reacton/global/s3/S3Config.java (2 hunks)

🔇 Additional comments (5)

back-end/reacton/build.gradle (1)

41-41: AWS SDK S3 Version Update: Verify Compatibility with the New Credentials Provider

The dependency version for AWS SDK S3 has been updated from a lower version to 2.20.0. This change is critical since the new DefaultCredentialsProvider required for production environments is supported only from this version onward. Please ensure that this upgrade is compatible with the rest of your S3 client configuration and that any related usages in the codebase (such as in S3Config) have been verified for compatibility with the new AWS SDK version.

back-end/reacton/src/main/java/com/softeer/reacton/domain/professor/ProfessorService.java (2)

101-104: LGTM! Improved error handling for profile image URLs.

The changes correctly address the issue by checking file existence before generating presigned URLs, preventing unnecessary S3 operations for non-existent profile images.

---

118-121: LGTM! Consistent implementation of profile image URL handling.

The changes maintain consistency with getProfileInfo method, ensuring proper handling of non-existent profile images.

back-end/reacton/src/main/java/com/softeer/reacton/global/s3/S3Config.java (2)

7-7: LGTM!

The import of DefaultCredentialsProvider aligns with the PR objectives to support more flexible credential management across different environments.

---

19-22:

Details

✅ Verification successful

LGTM! Verify AWS SDK version in build.gradle.

The switch to DefaultCredentialsProvider is a good improvement as it supports multiple credential sources (environment variables, EC2 IAM roles, AWS credentials file) in a priority order.

Run this script to verify the AWS SDK version in build.gradle matches the minimum required version (2.20.0) for DefaultCredentialsProvider:

---

🏁 Script executed:

#!/bin/bash
# Description: Check AWS SDK version in build.gradle
rg -A 5 "software.amazon.awssdk:s3" back-end/reacton/build.gradle

Length of output: 169

---

LGTM! The update to use DefaultCredentialsProvider.create() ensures that multiple credential sources are effectively handled, which is a solid improvement for both development and production environments. The AWS SDK version in build.gradle was verified to be 2.20.0, confirming compatibility with this configuration.

[sunohkim]

고생하셨습니다!