dpaani opened a new issue, #7063:
URL: https://github.com/apache/iceberg/issues/7063
### Feature Request / Improvement
The DefaultAwsClientFactory currently accepts AWS access keys, secret keys,
and tokens through catalog config and creates an AwsCredentialsProvider
instance using StaticCredentialsProvider. However, if the keys are short-lived,
long-running queries may fail with an AWS token expiry error.
If keys are not passed, the DefaultCredentialsProvider is used, but it is
chained with multiple providers, and in some scenarios, choosing a specific
provider is not possible.
As an alternative, creating a new factory class is required. However, apart
from the credential provider, all other methods such as glue() and dynamo()
just need to be repeated (e.g., AssumeRoleAwsClientFactory vs
DefaultAwsClientFactory).
Rather than adding a new factory, it would be better to provide an option to
pass the credential provider to DefaultAwsClientFactory and use all the
instance creation from it.
```
private AwsCredentialsProvider credentialsProvider(
String accessKeyId, String secretAccessKey, String sessionToken) {
if (accessKeyId != null) {
if (sessionToken == null) {
return StaticCredentialsProvider.create(
AwsBasicCredentials.create(accessKeyId, secretAccessKey));
} else {
return StaticCredentialsProvider.create(
AwsSessionCredentials.create(accessKeyId, secretAccessKey,
sessionToken));
}
} else {
return DefaultCredentialsProvider.create();
}
}
```
### Query engine
None
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
