You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@iceberg.apache.org by "dpaani (via GitHub)" <gi...@apache.org> on 2023/03/09 16:41:17 UTC

[GitHub] [iceberg] dpaani opened a new issue, #7063: S3 Credentials provider support in DefaultAwsClientFactory

dpaani opened a new issue, #7063:
URL: https://github.com/apache/iceberg/issues/7063

   ### Feature Request / Improvement
   
   The DefaultAwsClientFactory currently accepts AWS access keys, secret keys, and tokens through catalog config and creates an AwsCredentialsProvider instance using StaticCredentialsProvider. However, if the keys are short-lived, long-running queries may fail with an AWS token expiry error.
   
   If keys are not passed, the DefaultCredentialsProvider is used, but it is chained with multiple providers, and in some scenarios, choosing a specific provider is not possible.
   
   As an alternative, creating a new factory class is required. However, apart from the credential provider, all other methods such as glue() and dynamo() just need to be repeated (e.g., AssumeRoleAwsClientFactory vs DefaultAwsClientFactory).
   
   Rather than adding a new factory, it would be better to provide an option to pass the credential provider to DefaultAwsClientFactory and use all the instance creation from it.
   
   ```  
   private AwsCredentialsProvider credentialsProvider(
         String accessKeyId, String secretAccessKey, String sessionToken) {
       if (accessKeyId != null) {
         if (sessionToken == null) {
           return StaticCredentialsProvider.create(
               AwsBasicCredentials.create(accessKeyId, secretAccessKey));
         } else {
           return StaticCredentialsProvider.create(
               AwsSessionCredentials.create(accessKeyId, secretAccessKey, sessionToken));
         }
       } else {
         return DefaultCredentialsProvider.create();
       }
     }
   
   ```
   
   ### Query engine
   
   None


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@iceberg.apache.org.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@iceberg.apache.org
For additional commands, e-mail: issues-help@iceberg.apache.org

[GitHub] [iceberg] RussellSpitzer closed issue #7063: S3 Credentials provider support in DefaultAwsClientFactory

Posted by "RussellSpitzer (via GitHub)" <gi...@apache.org>.

RussellSpitzer closed issue #7063: S3 Credentials provider support in DefaultAwsClientFactory
URL: https://github.com/apache/iceberg/issues/7063


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@iceberg.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@iceberg.apache.org
For additional commands, e-mail: issues-help@iceberg.apache.org