-
Notifications
You must be signed in to change notification settings - Fork 3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Allow pinning Glue credentials provider to StsWebIdentityTokenFileCredentialsProvider #22425
Allow pinning Glue credentials provider to StsWebIdentityTokenFileCredentialsProvider #22425
Conversation
The CI failure seem unrelated to this change, I see similar failures on master. Please let me know if I need to do anything to resolve it. |
/test-with-secrets sha=6a006276b0810c087fdde5885d5825a20c42bbb6 |
The CI workflow run with tests that require additional secrets finished as failure: https://github.com/trinodb/trino/actions/runs/9577963913 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@rohanag12 how did you test this? Are there any docs around Glue that would need to be updated to mention this new property?
Apologies for delayed response, I finally got time to work on this again. I tested this by doing the following:
In the logs, I can see the following stack trace when the first query is executed and the glue client is initialized (click to expand):
The stack trace indicates that the glue client is directly using the |
6a00627
to
a48d6f3
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM, please also update docs to mention the new property.
a48d6f3
to
956c8a4
Compare
Updated docs. |
@findepi could you please take a look and review/merge when you get a chance? |
@ebyhr can you run tests with secrets? |
/test-with-secrets sha=956c8a4ae8cb5c6f6f0ed962094e42fe3bc34cff |
The CI workflow run with tests that require additional secrets finished as failure: https://github.com/trinodb/trino/actions/runs/9952007596 |
Is there something I need to do to fix the test failure? I don't really understand why it's failing. |
It might be an intermittent failure. Maybe someone with write access could retry that single job. |
@ebyhr can you please trigger test with secrets again (or merge if it looks good 😄) |
plugin/trino-hive/src/main/java/io/trino/plugin/hive/metastore/glue/GlueMetastoreModule.java
Outdated
Show resolved
Hide resolved
…dentialsProvider Allow users to only use the StsWebIdentityTokenFileCredentialsProvider instead of the default credentials provider chain for Glue v2.
956c8a4
to
4c72db1
Compare
Hi ALL. The option is only for Hive Connector? Can't set releated discussion on slack: https://trinodb.slack.com/archives/CGB0QHWSW/p1724690300929519 |
For someone who want to set Glue's AWS WebIdentity Credential for Hive, Iceberg Connectors Glue (Recent) Module Config
Glue V1 (Legacy) Module Config
|
Description
Allow users to only use the StsWebIdentityTokenFileCredentialsProvider instead of the default credentials provider chain for Glue v2.
The Glue v1 implementation supported specifying a custom credential provider, but that ability was removed in the Glue v2 implementation. This commit provides similar functionality to the flags added for S3 in #22162 and #22163.
Additional context and related issues
Ref #20657 (comment).
Fixes #15267
Release notes
( ) This is not user-visible or is docs only, and no release notes are required.
(x) Release notes are required. Please propose a release note for me.
( ) Release notes are required, with the following suggested text: