fresh-borzoni commented on code in PR #2989:
URL: https://github.com/apache/fluss/pull/2989#discussion_r3035399652
##########
fluss-filesystems/fluss-fs-s3/src/main/java/org/apache/fluss/fs/s3/token/S3DelegationTokenProvider.java:
##########
@@ -68,17 +81,27 @@ public S3DelegationTokenProvider(String scheme,
Configuration conf) {
}
public ObtainedSecurityToken obtainSecurityToken() {
- LOG.info("Obtaining session credentials token with access key: {}",
accessKey);
-
- AWSSecurityTokenService stsClient =
- AWSSecurityTokenServiceClientBuilder.standard()
- .withRegion(region)
- .withCredentials(
- new AWSStaticCredentialsProvider(
- new BasicAWSCredentials(accessKey,
secretKey)))
- .build();
- GetSessionTokenResult sessionTokenResult = stsClient.getSessionToken();
- Credentials credentials = sessionTokenResult.getCredentials();
+ AWSSecurityTokenService stsClient = buildStsClient();
+ Credentials credentials;
+
+ if (roleArn != null) {
+ LOG.info(
+ "Obtaining session credentials via AssumeRole with access
key: {}, role: {}",
+ accessKey,
+ roleArn);
Review Comment:
An empty string would mean the user explicitly configured it, and the AWS
SDK gives a clear validation error for invalid ARNs. Silently falling back to
GetSessionToken would be harder to debug.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
