Import project from Amazon S3 using temporary credentials

Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.

• Close this issue

Problem

Currently, according to import project API documentation, it is not possible to pass session token in the request to /remote-import-s3 endpoint https://docs.gitlab.com/ee/api/project_import_export.html#import-a-file-from-aws-s3

This makes it impossible to use temporary credentials to import the project file directly from S3. Due to our organization security policies this means it is not possible at all for us to import from S3 directly. https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html

Proposed Solution

Add optional attribute 'session_token' to the /remote-import-s3 endpoint. If the attribute is provided, use it to construct S3 client. If not, proceed as before.
https://gitlab.com/gitlab-org/gitlab/-/blob/master/app/services/import/gitlab_projects/file_acquisition_strategies/remote_file_s3.rb#L67
https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/api/project_import.rb#L166
I believe the files above are the correct places to add this support, but I'm not proficient in Ruby at all so I don't feel like I can open an MR myself