You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@druid.apache.org by GitBox <gi...@apache.org> on 2020/02/11 06:18:51 UTC

[GitHub] [druid] maytasm3 edited a comment on issue #9305: Add support for optional cloud (aws, gcs, etc.) credentials for s3 for ingestion

maytasm3 edited a comment on issue #9305: Add support for optional cloud (aws, gcs, etc.) credentials for s3 for ingestion
URL: https://github.com/apache/druid/issues/9305#issuecomment-584492229
 
 
   @jihoonson 
   Sorry for the confusion around passwordProvider. I think we can reuse the existing Password Providers we have for now (no need to implement new ones). We will treat the accessKeyId as one Password Provider and the secretAccessKey as another Password Provider. Similar to how AWSCredentialsConfig (where you define a separate Password Providers for the .accessKey and the .secretKey). 
   For example if user decide to use plain text:
   ```
         "inputSource": {
           "type": "s3",
           "prefixes": ["s3://foo/bar", "s3://bar/foo"],
           "properties": {
             "accessKeyId": {
                 "type": "default", 
                 "password": "abcdef"
              },
             "secretAccessKey": {
                 "type": "default", 
                 "password": "asdasdadsasd"
              },
           }
         }
   ```
   Or they can use Environment variable password provider:
   ```
         "inputSource": {
           "type": "s3",
           "prefixes": ["s3://foo/bar", "s3://bar/foo"],
           "properties": {
             "accessKeyId": {
                 "type": "environment", 
                 "variable": "<ENV.KEY.NAME.CONTAINING.ACCESS.KEY>"
              },
             "secretAccessKey": {
                 "type": "environment", 
                 "variable": "<ENV.KEY.NAME.CONTAINING.SECRET.ACCESS.KEY>"
              },
           }
         }
   ```
   Or they can have a mix (which will even be more beneficial when we have file path password provider and encrypt password provider):
   ```
         "inputSource": {
           "type": "s3",
           "prefixes": ["s3://foo/bar", "s3://bar/foo"],
           "properties": {
             "accessKeyId": {
                 "type": "default", 
                 "variable": "asdasdasdasd"
              },
             "secretAccessKey": {
                 "type": "environment", 
                 "variable": "<ENV.KEY.NAME.CONTAINING.SECRET.ACCESS.KEY>"
              },
           }
         }
   ```
   I think it's better to separate out the access key and secret key using separate password provider so user can be more flexible in choosing which password provider they want to use (if any at all) 

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services

---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@druid.apache.org
For additional commands, e-mail: commits-help@druid.apache.org