You are viewing a plain text version of this content. The canonical link for it is here.
Posted to github@beam.apache.org by GitBox <gi...@apache.org> on 2020/06/30 05:58:14 UTC
[GitHub] [beam] jalmeidaa opened a new pull request #12131: [BEAM-10335] add STS assume role to AwsModule
jalmeidaa opened a new pull request #12131:
URL: https://github.com/apache/beam/pull/12131
**Please** add a meaningful description for your change here
------------------------
@aromanenko-dev Please take a look.
Thank you for your contribution! Follow this checklist to help us incorporate your contribution quickly and easily:
- [X] [**Choose reviewer(s)**](https://beam.apache.org/contribute/#make-your-change) and mention them in a comment (`R: @aromanenko-dev`).
- [X] Format the pull request title like `[BEAM-XXX] Fixes bug in ApproximateQuantiles`, where you replace `BEAM-XXX` with the appropriate JIRA issue, if applicable. This will automatically link the pull request to the issue.
- [X] Update `CHANGES.md` with noteworthy changes.
- [X] If this contribution is large, please file an Apache [Individual Contributor License Agreement](https://www.apache.org/licenses/icla.pdf).
See the [Contributor Guide](https://beam.apache.org/contribute) for more tips on [how to make review process smoother](https://beam.apache.org/contribute/#make-reviewers-job-easier).
Post-Commit Tests Status (on master branch)
------------------------------------------------------------------------------------------------
Lang | SDK | Dataflow | Flink | Samza | Spark | Twister2
--- | --- | --- | --- | --- | --- | ---
Go | [](https://ci-beam.apache.org/job/beam_PostCommit_Go/lastCompletedBuild/) | --- | [](https://ci-beam.apache.org/job/beam_PostCommit_Go_VR_Flink/lastCompletedBuild/) | --- | [](https://ci-beam.apache.org/job/beam_PostCommit_Go_VR_Spark/lastCompletedBuild/) | ---
Java | [](https://ci-beam.apache.org/job/beam_PostCommit_Java/lastCompletedBuild/) | [](https://ci-beam.apache.org/job/beam_PostCommit_Java_ValidatesRunner_Dataflow/lastCompletedBuild/)<br>[](https://ci-beam.apache.org/job/beam_PostCommit_Java_ValidatesRunner_Dataflow_Java11/lastCompletedBuild/) | [](https://ci-beam.apache.org/job/beam_PostCommit_Java_ValidatesRunner_Flink/lastCompletedBuild/)<br>[](https://ci-beam.apache.org/job/beam_PostCommit_Java_ValidatesRunner_Flink_Java11/lastCompletedBuild/)<br>[](https://ci-beam.apache.org/job/beam_PostCommit_Java_PVR_Flink_Batch/lastCompletedBuild/)<br>[](https://ci-beam.apache.org/job/beam_PostCommit_Java_PVR_Flink_Streaming/lastCompletedBuild/) | [](https://ci-beam.apache.org/job/beam_PostCommit_Java_ValidatesRunner_Samza/lastCompletedBuild/) | [](https://ci-beam.apache.org/job/beam_PostCommit_Java_ValidatesRunner_Spark/lastCompletedBuild/)<br>[](https://ci-beam.apache.org/job/beam_PostCommit_Java_PVR_Spark_Batch/lastCompletedBuild/)<br>[](https://ci-beam.apache.org/job/beam_PostCommit_Java_ValidatesRunner_SparkStructuredStreaming/lastCompletedBuild/) | [](https://builds.apache.org/job/beam_PostCommit_Java_ValidatesRunner_Twister2/lastCompletedBuild/)
Python | [](https://ci-beam.apache.org/job/beam_PostCommit_Python2/lastCompletedBuild/)<br>[](https://ci-beam.apache.org/job/beam_PostCommit_Python35/lastCompletedBuild/)<br>[](https://ci-beam.apache.org/job/beam_PostCommit_Python36/lastCompletedBuild/)<br>[](https://ci-beam.apache.org/job/beam_PostCommit_Python37/lastCompletedBuild/) | [](https://ci-beam.apache.org/job/beam_PostCommit_Py_VR_Dataflow/lastCompletedBuild/)<br>[](https://ci-beam.apache.org/job/beam_PostCommit_Py_VR_Dataflow_V2/lastCompletedBuild/)<br>[](https://ci-beam.apache.org/job/beam_PostCommit_Py_ValCont/lastCompletedBuild/) | [](https://ci-beam.apache.org/job/beam_PreCommit_Python2_PVR_Flink_Cron/lastCompletedBuild/)<br>[](https://ci-beam.apache.org/job/beam_PostCommit_Python35_VR_Flink/lastCompletedBuild/) | --- | [](https://ci-beam.apache.org/job/beam_PostCommit_Python_VR_Spark/lastCompletedBuild/) | ---
XLang | --- | --- | [](https://ci-beam.apache.org/job/beam_PostCommit_XVR_Flink/lastCompletedBuild/) | --- | --- | [](https://ci-beam.apache.org/job/beam_PostCommit_XVR_Spark/lastCompletedBuild/) | ---
Pre-Commit Tests Status (on master branch)
------------------------------------------------------------------------------------------------
--- |Java | Python | Go | Website
--- | --- | --- | --- | ---
Non-portable | [](https://ci-beam.apache.org/job/beam_PreCommit_Java_Cron/lastCompletedBuild/) | [](https://ci-beam.apache.org/job/beam_PreCommit_Python_Cron/lastCompletedBuild/)<br>[](https://ci-beam.apache.org/job/beam_PreCommit_PythonLint_Cron/lastCompletedBuild/) | [](https://ci-beam.apache.org/job/beam_PreCommit_Go_Cron/lastCompletedBuild/) | [](https://ci-beam.apache.org/job/beam_PreCommit_Website_Cron/lastCompletedBuild/)
Portable | --- | [](https://ci-beam.apache.org/job/beam_PreCommit_Portable_Python_Cron/lastCompletedBuild/) | --- | ---
See [.test-infra/jenkins/README](https://github.com/apache/beam/blob/master/.test-infra/jenkins/README.md) for trigger phrase, status and link of all Jenkins jobs.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [beam] aromanenko-dev commented on a change in pull request #12131: [BEAM-10335] add STS assume role to AwsModule
Posted by GitBox <gi...@apache.org>.
aromanenko-dev commented on a change in pull request #12131:
URL: https://github.com/apache/beam/pull/12131#discussion_r447765231
##########
File path: sdks/java/io/amazon-web-services/src/main/java/org/apache/beam/sdk/io/aws/sts/package-info.java
##########
@@ -0,0 +1,23 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/** Defines IO connectors for Amazon Web Services SQS. */
+@Experimental(Kind.SOURCE_SINK)
+package org.apache.beam.sdk.io.aws.sts;
Review comment:
I'm not sure that it's needed to create a separate package for STS. Can we put `STSCredentialsProviderWrapper ` into `options`?
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [beam] aromanenko-dev commented on a change in pull request #12131: [BEAM-10335] add STS assume role to AwsModule
Posted by GitBox <gi...@apache.org>.
aromanenko-dev commented on a change in pull request #12131:
URL: https://github.com/apache/beam/pull/12131#discussion_r449112432
##########
File path: sdks/java/io/amazon-web-services/build.gradle
##########
@@ -18,8 +18,14 @@ import groovy.json.JsonOutput
* limitations under the License.
*/
-plugins { id 'org.apache.beam.module' }
-applyJavaNature(automaticModuleName: 'org.apache.beam.sdk.io.aws')
+plugins {
+ id 'org.apache.beam.module'
+}
+
+applyJavaNature(
+ automaticModuleName: 'org.apache.beam.sdk.io.aws',
+ shadowClosure: {}
Review comment:
Please, remove it. It should be a user's responsibility to create or not shadow jar, not Beam.
##########
File path: sdks/java/io/amazon-web-services/src/main/java/org/apache/beam/sdk/io/aws/options/AwsModule.java
##########
@@ -203,7 +211,27 @@ public void serializeWithType(
} catch (NoSuchFieldException | IllegalAccessException e) {
throw new IOException("failed to access private field with reflection", e);
}
+ } else if (credentialsProvider
+ .getClass()
+ .equals(STSAssumeRoleSessionCredentialsProvider.class)) {
+ try {
+ STSAssumeRoleSessionCredentialsProvider specificProvider =
+ (STSAssumeRoleSessionCredentialsProvider) credentialsProvider;
+
+ Field fieldRole =
+ STSAssumeRoleSessionCredentialsProvider.class.getDeclaredField("roleArn");
+ fieldRole.setAccessible(true);
+ String roleArn = (String) fieldRole.get(specificProvider);
+ jsonGenerator.writeStringField(ROLE_ARN, roleArn);
+ Field fieldSession =
+ STSAssumeRoleSessionCredentialsProvider.class.getDeclaredField("roleSessionName");
Review comment:
Use `ROLE_SESSION_NAME` constant here.
##########
File path: sdks/java/io/amazon-web-services/src/main/java/org/apache/beam/sdk/io/aws/options/AwsModule.java
##########
@@ -203,7 +211,27 @@ public void serializeWithType(
} catch (NoSuchFieldException | IllegalAccessException e) {
throw new IOException("failed to access private field with reflection", e);
}
+ } else if (credentialsProvider
+ .getClass()
+ .equals(STSAssumeRoleSessionCredentialsProvider.class)) {
+ try {
+ STSAssumeRoleSessionCredentialsProvider specificProvider =
+ (STSAssumeRoleSessionCredentialsProvider) credentialsProvider;
+
+ Field fieldRole =
+ STSAssumeRoleSessionCredentialsProvider.class.getDeclaredField("roleArn");
Review comment:
Use `ROLE_ARN` constant here.
##########
File path: sdks/java/io/amazon-web-services/src/test/java/org/apache/beam/sdk/io/aws/options/AwsModuleTest.java
##########
@@ -117,6 +118,29 @@ public void testClasspathPropertiesFileCredentialsProviderSerializationDeseriali
assertEquals(credentialsFilePath, deserializedCredentialsFilePath);
}
+ @Test
+ public void testSTSCredentialsProviderWrapperSerializationDeserialization() throws Exception {
Review comment:
nit: word `Wrapper` is unnecessary in the test name.
##########
File path: sdks/java/io/amazon-web-services/src/test/java/org/apache/beam/sdk/io/aws/options/AwsModuleTest.java
##########
@@ -17,9 +17,9 @@
*/
package org.apache.beam.sdk.io.aws.options;
+import static org.hamcrest.MatcherAssert.assertThat;
Review comment:
Please, leave `org.junit.Assert.assertThat` as it was before.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [beam] aromanenko-dev commented on a change in pull request #12131: [BEAM-10335] add STS assume role to AwsModule
Posted by GitBox <gi...@apache.org>.
aromanenko-dev commented on a change in pull request #12131:
URL: https://github.com/apache/beam/pull/12131#discussion_r448477728
##########
File path: sdks/java/io/amazon-web-services/src/test/java/org/apache/beam/sdk/io/aws/options/AwsModuleTest.java
##########
@@ -117,6 +119,17 @@ public void testClasspathPropertiesFileCredentialsProviderSerializationDeseriali
assertEquals(credentialsFilePath, deserializedCredentialsFilePath);
}
+ @Test
+ public void testSTSCredentialsProviderWrapperSerializationDeserialization() throws Exception {
+ String roleArn = "arn:aws:iam::000111222333:role/TestRole";
+ String roleSessionName = "roleSessionName";
+ STSAssumeRoleSessionCredentialsProvider credentialsProvider =
+ AssumeRoleSessionCredentialsProvider.getInstance(roleArn, roleSessionName)
+ .getSessionCredentialsProvider();
+
+ assertNotNull(credentialsProvider);
Review comment:
Please, add `Serialization/Deserialization` asserts as we do for other provider tests.
##########
File path: sdks/java/io/amazon-web-services/build.gradle
##########
@@ -18,13 +18,21 @@ import groovy.json.JsonOutput
* limitations under the License.
*/
-plugins { id 'org.apache.beam.module' }
-applyJavaNature(automaticModuleName: 'org.apache.beam.sdk.io.aws')
+plugins {
+ id 'com.github.johnrengelman.shadow'
Review comment:
Why do we need this plugin? I don't think we have to distribute shadow jar.
##########
File path: sdks/java/io/amazon-web-services/build.gradle
##########
@@ -18,13 +18,21 @@ import groovy.json.JsonOutput
* limitations under the License.
*/
-plugins { id 'org.apache.beam.module' }
-applyJavaNature(automaticModuleName: 'org.apache.beam.sdk.io.aws')
+plugins {
+ id 'com.github.johnrengelman.shadow'
+ id 'org.apache.beam.module'
+}
+applyJavaNature(
+ automaticModuleName: 'org.apache.beam.sdk.io.aws'
+)
description = "Apache Beam :: SDKs :: Java :: IO :: Amazon Web Services"
ext.summary = "IO library to read and write Amazon Web Services services from Beam."
dependencies {
+ shadow localGroovy()
Review comment:
I'm not sure we need to `shadow` here.
##########
File path: sdks/java/io/amazon-web-services/src/main/java/org/apache/beam/sdk/io/aws/options/AwsModule.java
##########
@@ -132,6 +135,10 @@ public AWSCredentialsProvider deserializeWithType(
return new ProfileCredentialsProvider();
} else if (typeName.equals(EC2ContainerCredentialsProviderWrapper.class.getSimpleName())) {
return new EC2ContainerCredentialsProviderWrapper();
+ } else if (typeName.equals(STSAssumeRoleSessionCredentialsProvider.class.getSimpleName())) {
+ return AssumeRoleSessionCredentialsProvider.getInstance(
Review comment:
Can we just return `new STSAssumeRoleSessionCredentialsProvider.Builder(asMap.get(ROLE_ARN), asMap.get(ROLE_SESSION_NAME)).build()` here? Why do we need to create `AssumeRoleSessionCredentialsProvider` class?
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [beam] aromanenko-dev merged pull request #12131: [BEAM-10335] add STS assume role to AwsModule
Posted by GitBox <gi...@apache.org>.
aromanenko-dev merged pull request #12131:
URL: https://github.com/apache/beam/pull/12131
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org