singhpk234 commented on code in PR #1629:
URL: https://github.com/apache/polaris/pull/1629#discussion_r2099329721
##########
polaris-core/src/main/java/org/apache/polaris/core/storage/aws/AwsCredentialsStorageIntegration.java:
##########
@@ -46,10 +47,17 @@
public class AwsCredentialsStorageIntegration
extends InMemoryStorageIntegration<AwsStorageConfigurationInfo> {
private final StsClient stsClient;
+ private final Optional<AwsCredentialsProvider> credentials;
Review Comment:
can we call this credentialProvider instead ?
##########
service/common/src/main/java/org/apache/polaris/service/storage/StorageConfiguration.java:
##########
@@ -61,21 +63,31 @@ public interface StorageConfiguration {
Optional<Duration> gcpAccessTokenLifespan();
default Supplier<StsClient> stsClientSupplier() {
+ return stsClientSupplier(true);
+ }
+
+ default Supplier<StsClient> stsClientSupplier(boolean withCredentials) {
return Suppliers.memoize(
() -> {
StsClientBuilder stsClientBuilder = StsClient.builder();
- if (awsAccessKey().isPresent() && awsSecretKey().isPresent()) {
- LoggerFactory.getLogger(StorageConfiguration.class)
- .warn("Using hard-coded AWS credentials - this is not
recommended for production");
- StaticCredentialsProvider awsCredentialsProvider =
- StaticCredentialsProvider.create(
- AwsBasicCredentials.create(awsAccessKey().get(),
awsSecretKey().get()));
- stsClientBuilder.credentialsProvider(awsCredentialsProvider);
+ if (withCredentials) {
+ stsClientBuilder.credentialsProvider(stsCredentials());
}
return stsClientBuilder.build();
});
}
+ default AwsCredentialsProvider stsCredentials() {
+ if (awsAccessKey().isPresent() && awsSecretKey().isPresent()) {
+ LoggerFactory.getLogger(StorageConfiguration.class)
+ .warn("Using hard-coded AWS credentials - this is not recommended
for production");
+ return StaticCredentialsProvider.create(
+ AwsBasicCredentials.create(awsAccessKey().get(),
awsSecretKey().get()));
+ } else {
+ return DefaultCredentialsProvider.create();
Review Comment:
[orthogonal] Thoughts on supportingdynamically loading credential provider
implementation ?
##########
service/common/src/main/java/org/apache/polaris/service/storage/StorageConfiguration.java:
##########
@@ -61,21 +63,31 @@ public interface StorageConfiguration {
Optional<Duration> gcpAccessTokenLifespan();
default Supplier<StsClient> stsClientSupplier() {
+ return stsClientSupplier(true);
+ }
+
+ default Supplier<StsClient> stsClientSupplier(boolean withCredentials) {
return Suppliers.memoize(
() -> {
StsClientBuilder stsClientBuilder = StsClient.builder();
- if (awsAccessKey().isPresent() && awsSecretKey().isPresent()) {
- LoggerFactory.getLogger(StorageConfiguration.class)
- .warn("Using hard-coded AWS credentials - this is not
recommended for production");
- StaticCredentialsProvider awsCredentialsProvider =
- StaticCredentialsProvider.create(
- AwsBasicCredentials.create(awsAccessKey().get(),
awsSecretKey().get()));
- stsClientBuilder.credentialsProvider(awsCredentialsProvider);
+ if (withCredentials) {
+ stsClientBuilder.credentialsProvider(stsCredentials());
}
return stsClientBuilder.build();
});
}
+ default AwsCredentialsProvider stsCredentials() {
+ if (awsAccessKey().isPresent() && awsSecretKey().isPresent()) {
+ LoggerFactory.getLogger(StorageConfiguration.class)
Review Comment:
any reason to keep Logger getter in this method rather outside ?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
