-
Notifications
You must be signed in to change notification settings - Fork 3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Allow pinning to WebIdentityTokenCredentialsProvider in native S3 client #22163
Allow pinning to WebIdentityTokenCredentialsProvider in native S3 client #22163
Conversation
b36701f
to
b165ef1
Compare
we are eagerly waiting on this, hope this will be merged and released soon! |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't love this config name, but I can't think of anything better. Thanks for fixing this.
@electrum me too. Thanks for reviewing it, can you merge this? |
I tested this by deploying Trino on EKS, using https://github.com/binayakd/trino-on-eks image:
repository: nineinchnick/test
tag: 449-SNAPSHOT-amd64
server:
workers: 1
additionalCatalogs:
s3_hive: |-
connector.name=hive
hive.metastore.uri=thrift://metastore:9083
fs.native-s3.enabled=true
s3.region=eu-central-1
s3.use-web-identity-token-credentials-provider=true
coordinator:
additionalJVMConfig:
- -XX:+UnlockDiagnosticVMOptions
- -XX:G1NumCollectionsKeepPinned=10000000
worker:
additionalJVMConfig:
- -XX:+UnlockDiagnosticVMOptions
- -XX:G1NumCollectionsKeepPinned=10000000
additionalLogProperties:
- software.amazon.awssdk=DEBUG I checked the logs and I see it making the request:
It is using
|
Allow users to only use the WebIdentityTokenCredentialsProvider instead of the default credentials provider chain.
b165ef1
to
4c8d321
Compare
@ebyhr could you merge this? |
Description
Allow users to only use the
StsWebIdentityTokenFileCredentialsProvider
instead of the default credentials provider chain.This complements the same flag in the legacy library, see #22162. This at least makes the workaround for #15267 easier, I'm not sure if it will allow closing that issue. I haven't updated the docs yet, I'll wait for some initial feedback first.
I used
StsWebIdentityTokenFileCredentialsProvider
instead ofWebIdentityTokenFileCredentialsProvider
based on the Javadoc recommendations around periodic updates, and because we can configure a custom STS client.Additional context and related issues
Release notes
( ) This is not user-visible or is docs only, and no release notes are required.
(x) Release notes are required. Please propose a release note for me.
( ) Release notes are required, with the following suggested text: