fresh-borzoni commented on code in PR #2989:
URL: https://github.com/apache/fluss/pull/2989#discussion_r3035400053
##########
fluss-filesystems/fluss-fs-s3/src/main/java/org/apache/fluss/fs/s3/token/S3DelegationTokenProvider.java:
##########
@@ -68,17 +81,27 @@ public S3DelegationTokenProvider(String scheme,
Configuration conf) {
}
public ObtainedSecurityToken obtainSecurityToken() {
- LOG.info("Obtaining session credentials token with access key: {}",
accessKey);
-
- AWSSecurityTokenService stsClient =
- AWSSecurityTokenServiceClientBuilder.standard()
- .withRegion(region)
- .withCredentials(
- new AWSStaticCredentialsProvider(
- new BasicAWSCredentials(accessKey,
secretKey)))
- .build();
- GetSessionTokenResult sessionTokenResult = stsClient.getSessionToken();
- Credentials credentials = sessionTokenResult.getCredentials();
+ AWSSecurityTokenService stsClient = buildStsClient();
+ Credentials credentials;
+
+ if (roleArn != null) {
+ LOG.info(
+ "Obtaining session credentials via AssumeRole with access
key: {}, role: {}",
+ accessKey,
+ roleArn);
+ AssumeRoleRequest request =
+ new AssumeRoleRequest()
+ .withRoleArn(roleArn)
+ .withRoleSessionName("fluss-" + UUID.randomUUID());
+ AssumeRoleResult result = stsClient.assumeRole(request);
+ credentials = result.getCredentials();
+ } else {
Review Comment:
it's a simple if/else, i don't think it's worth it right now
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
