You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@pulsar.apache.org by GitBox <gi...@apache.org> on 2019/05/31 22:26:03 UTC

[GitHub] [pulsar] addisonj opened a new pull request #4433: [tiered-storage] Add support for AWS instance and role creds

addisonj opened a new pull request #4433: [tiered-storage] Add support for AWS instance and role creds
URL: https://github.com/apache/pulsar/pull/4433
 
 
   
   
   ### Motivation
   
   This commit makes changes to the tiered storage support for S3
   to allow for support of ec2 metadata instance credentials as well as
   additional config options for assuming a role to get credentials.
   
   Currently, because ec2 instance credentials require a session token, 
   the existing implementation does not let you use credentials provided
   by the ec2 metadata API.
   
   Also, the usage of roles can be very helpful, this commit also adds support
   for roles.
   
   
   ### Modifications
   
   This works by changing the way we provide credentials to use the
   funtional `Supplier` interface and for using the AWS specific
   `SessionCredentials` object for when we detect that the
   `CredentialProvider` is providing credentials that have a session token.
   
   The creation of the AWSCredentialProvider is moved into the `TieredStorageConfigurationData` object
   and two new configuration options are exposed, which are used to provide details of the role name and roleSessionName.
   
   
   ### Verifying this change
   
   - [ ] Make sure that the change passes the CI checks.
   
   This change added tests and can be verified as follows:
    - Added a test that ensures we properly get session credentials
   
   ### Does this pull request potentially affect one of the following parts:
   
     - Dependencies (does it add or upgrade a dependency): yes, aws-sts sdk  for support in assuming a role
     - The public API: no
     - The schema: no
     - The default values of configurations: no, but does add new configuration
     - The wire protocol: no
     - The rest endpoints: no
     - The admin cli options: no
     - Anything that affects deployment: no
   
   ### Documentation
   
     - Does this pull request introduce a new feature? yes
     - If yes, how is the feature documented? docs, updated reference and the cookbook
     - If a feature is not applicable for documentation, explain why?
     - If a feature is not documented yet in this PR, please create a followup issue for adding the documentation
   

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services