Upgrade to AWS Java SDK v2

[jorgee]

This PR contains the changes to port the Amazon plugin to AWS SDK version 2. Find below the most relevant changes:

• S3 Global Region flag: In v1, it was activated with S3Client.withForceGlobalBucketAcessEnabled(flag). In v2, it set the following flags S3Client.Builder.crossRegionAccessEnabled(flag) and S3Configuration.multiRegionAccessEnabled(flag).
• Two S3Clients are created: the async client is used for operations performed through the S3TransferManager, and the sync client is used for other actions.

- AmazonS3Client.getS3AccountOwner() is not available in SDK v2. It was providing an ID used for checking the file access. In V2, the only way to retrieve the same ID is from a bucket owned by the user. To do it we need to list the buckets and get the owner field in the GetBucketACLResponse. If it is not possible to retrieve the ID because the user does not own any bucket, we perform the following fallback. In the case of READ access, it tries to retrieve the head of the object, It will fail if there isn't read access. In the case of writting, a warning is printed. It is the same as AWS NIO is doing to check the file access.

• The setEndpoint and setRegion methods in the S3Client wrapper are removed as it is not available in the v2 clients. They were only used in tests.

• CannedAccessControlList is split in two classes one for objects and another for buckets. In most of the code it has been substituted by ObjectCannedACL.

• ContentType and ContentLength are part of the request instead of the ObjectMetadata, and they can be obtained invoking the S3client.headObject method in the SDK v2

• S3ClientConfiguration doesn't exist in SDK v2. Two new classes have been created to emulate the same behaviour. They convert the properties to the SDK v2 sync and async client configurations.

• SsoCredentialsProviderV1 class is not needed anymore as SDK v2 already manages the SSO credentials. The custom provider chain created in the S3FileSystemProvider.getCredetialsProvider0 to include the SsoCredentialsProviderV1 ihas been replace by the DefaultCredentialProvider in v2.

• Credentials and config are automatically merged by SDK v2. No option for NXF_DISABLE_AWS_CONFIG_MERGE.

• In V2, clients and requests are immutable and must be generated with a builder class. Some helper methods have been modified to pass builder classes instead of requests, such as makeJobDefRequest, configJobRefRequest, addVolumeMountsToContainer, etc.

• S3 Parallel Download was deprecated and S3CopyStream was not used. They have been removed.

• In v1, the upload directory was performed by walking through the different directory files and uploading them one by one. In v2, it has been substituted by the uploadDirectory method in the SDK.

[netlify]

✅ Deploy Preview for nextflow-docs-staging ready!

Name	Link
🔨 Latest commit	951f23e
🔍 Latest deploy log	https://app.netlify.com/projects/nextflow-docs-staging/deploys/6852cd4b70372b0008b2bfe5
😎 Deploy Preview	https://deploy-preview-6165--nextflow-docs-staging.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[jorgee]

It is ready for review

[pditommaso]

Looks awesome. Made a few minor comments

[pditommaso]

Some indentation can make it better readable

[pditommaso]

Suggested change

	log.debug("S3 download file: s3://{}/{} cancelled", source.getBucket(), source.getKey());
	log.debug("S3 download file: s3://{}/{} interrupted", source.getBucket(), source.getKey());

[pditommaso]

Suggested change

	log.debug("S3 download file: s3://{}/{} exception thrown", source.getBucket(), source.getKey());
	throw new IOException(e.getCause());
	String msg = String.format("Exception thrown with downloading S3 object s3://{}/{}", source.getBucket(), source.getKey());
	throw new IOException(msg, e);

Logging the error and re-throwing will result in double logging it, which can be confusing.

Alternatively it could be done just

throw e.getCause()

[pditommaso]

as above

[pditommaso]

as above

[pditommaso]

as above

[jorgee]

I have found an issue with multi-part uploads when uploading large files. I move to draft until I fix it.

[jorgee]

In one of the changes that I did to support the Signer override and UserAgent is breaking the multipart upload. I changed the way about how the transfer manager's S3AsyncClient is created and the multipart upload with large files is having issues. It is creating too many parts and it can exhaust the heap memory or a time out when acquaring the connections. It is not happening if we use the default S3CrtAsyncClient but it does not allow to define the UserAgent and Signer as a clientoverride. I am still looking for a way to define them but I am wondering how relevant are these options. Is there a possibility to deprecate them?