You are viewing a plain text version of this content. The canonical link for it is here.
Posted to github@beam.apache.org by GitBox <gi...@apache.org> on 2022/09/15 16:07:17 UTC

[GitHub] [beam] mosche opened a new issue, #23260: [Bug]: Validate AWS credentials provider if provided programmatically

mosche opened a new issue, #23260:
URL: https://github.com/apache/beam/issues/23260

   ### What would you like to happen?
   
   Users can programmatically set credential providers for AWS via options. However, only a limited subset of providers and configurations is supported. During serialization unsupported configurations are silently dropped causing confusing issues at runtime. The actual root cause is difficult to discover then.
   
   Instead, usage of unsupported configurations should be detected and fail with an appropriate message during serialization.
   Related to https://github.com/apache/beam/issues/23206
   
   
   These providers rely on the system's environment to follow AWS conventions, there's no further configuration supported:
   
   - [DefaultCredentialsProvider](https://static.javadoc.io/software.amazon.awssdk/auth/2.17.127/software/amazon/awssdk/auth/credentials/DefaultCredentialsProvider.html?is-external=true)
   - [EnvironmentVariableCredentialsProvider](https://static.javadoc.io/software.amazon.awssdk/auth/2.17.127/software/amazon/awssdk/auth/credentials/EnvironmentVariableCredentialsProvider.html?is-external=true)
   - [SystemPropertyCredentialsProvider](https://static.javadoc.io/software.amazon.awssdk/auth/2.17.127/software/amazon/awssdk/auth/credentials/SystemPropertyCredentialsProvider.html?is-external=true)
   - [ProfileCredentialsProvider](https://static.javadoc.io/software.amazon.awssdk/auth/2.17.127/software/amazon/awssdk/auth/credentials/ProfileCredentialsProvider.html?is-external=true)
   - [ContainerCredentialsProvider](https://static.javadoc.io/software.amazon.awssdk/auth/2.17.127/software/amazon/awssdk/auth/credentials/ContainerCredentialsProvider.html?is-external=true)
     Example:
      ```
       --awsCredentialsProvider={"@type": "ProfileCredentialsProvider"}
      ```
   
   Some other providers require additional configuration:
   
   - [StaticCredentialsProvider](https://static.javadoc.io/software.amazon.awssdk/auth/2.17.127/software/amazon/awssdk/auth/credentials/StaticCredentialsProvider.html?is-external=true)
   - [StsAssumeRoleCredentialsProvider](https://static.javadoc.io/software.amazon.awssdk/sts/2.17.127/software/amazon/awssdk/services/sts/auth/StsAssumeRoleCredentialsProvider.html?is-external=true)
      Examples:
      ```
       --awsCredentialsProvider={
         "@type": "StaticCredentialsProvider",
         "awsAccessKeyId": "key_id_value",
         "awsSecretKey": "secret_value"
       }
      ```
      ```
       --awsCredentialsProvider={
         "@type": "StaticCredentialsProvider",
         "awsAccessKeyId": "key_id_value",
         "awsSecretKey": "secret_value",
         "sessionToken": "token_value"
       }
      ```
      ```
       --awsCredentialsProvider={
         "@type": "StsAssumeRoleCredentialsProvider",
         "roleArn": "role_arn_Value",
         "roleSessionName": "session_name_value",
         "policy": "policy_value",
         "durationSeconds": 3600
       }
      ```
   
   
   
   
   ### Issue Priority
   
   Priority: 2
   
   ### Issue Component
   
   Component: io-java-aws


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: github-unsubscribe@beam.apache.org.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org