You are viewing a plain text version of this content. The canonical link for it is here.
Posted to github@arrow.apache.org by "tustvold (via GitHub)" <gi...@apache.org> on 2023/05/02 13:10:51 UTC

[GitHub] [arrow-rs] tustvold opened a new issue, #4163: ObjectStore CLI Authentication

tustvold opened a new issue, #4163:
URL: https://github.com/apache/arrow-rs/issues/4163

   **Is your feature request related to a problem or challenge? Please describe what you are trying to do.**
   <!--
   A clear and concise description of what the problem is. Ex. I'm always frustrated when [...] 
   (This section helps Arrow developers understand the context and *why* for this feature, in addition to  the *what*)
   -->
   
   All the cloud providers provide CLIs for interacting with their service offering, a number of these come with fairly convoluted configuration setups for sourcing credentials. By and large these do not follow any widely adopted standard, and are inordinately complex.
   
   **Describe the solution you'd like**
   <!--
   A clear and concise description of what you want to happen.
   -->
   
   Rather than implementing all the various different authentication options, a truly herculean task, we could provide an option to shell out the CLI to obtain the credentials. @roeap added this for Azure in https://github.com/apache/arrow-rs/pull/3698.
   
   Both AWS and GCP support this with
   
   ```
   aws sts get-session-token
   gcloud auth print-access-token
   ```
   
   This would provide an escape hatch for CLI tools, without requiring a large amount of custom tooling.
   
   **Describe alternatives you've considered**
   <!--
   A clear and concise description of any alternative solutions or features you've considered.
   -->
   
   **Additional context**
   <!--
   Add any other context or screenshots about the feature request here.
   -->
   
   https://github.com/apache/arrow-rs/pull/2891 added experimental support for AWS_PROFILE
   
   https://github.com/apache/arrow-rs/issues/3797 tracks adding support for more complex GCP authentication


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: github-unsubscribe@arrow.apache.org.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [arrow-rs] roeap commented on issue #4163: ObjectStore CLI Authentication

Posted by "roeap (via GitHub)" <gi...@apache.org>.
roeap commented on issue #4163:
URL: https://github.com/apache/arrow-rs/issues/4163#issuecomment-1532010320

   > Perhaps we can provide an implementation of the trait that calls out to a CLI
   
   Thats essentially how it is implemented for Azure :). There we have a `TokenCredential` trait, and all token based auth methods implement that trait - including the CLI based one. I guess we could just make that public and allow users to pass that to the builder.
   
   That said, I do believe that configuring the CLI credential via an option on the builder is slightly more convenient and allows for an integration with the property-bag based configuration system we provide.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: github-unsubscribe@arrow.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [arrow-rs] tustvold commented on issue #4163: Extensible ObjectStore Authentication

Posted by "tustvold (via GitHub)" <gi...@apache.org>.
tustvold commented on issue #4163:
URL: https://github.com/apache/arrow-rs/issues/4163#issuecomment-1552715929

   `label_issue.py` automatically added labels {'object-store'} from #4225


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: github-unsubscribe@arrow.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [arrow-rs] tustvold closed issue #4163: Extensible ObjectStore Authentication

Posted by "tustvold (via GitHub)" <gi...@apache.org>.
tustvold closed issue #4163: Extensible ObjectStore Authentication
URL: https://github.com/apache/arrow-rs/issues/4163


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: github-unsubscribe@arrow.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [arrow-rs] alamb commented on issue #4163: ObjectStore CLI Authentication

Posted by "alamb (via GitHub)" <gi...@apache.org>.
alamb commented on issue #4163:
URL: https://github.com/apache/arrow-rs/issues/4163#issuecomment-1531891330

   I recommend something more general than "shell" out -- perhaps we can provide an "Authorizer" or "GetCredential" trait. that would let people shell out to get the credentials if they wanted, as well as write whatever other integrations they wanted


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: github-unsubscribe@arrow.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org