Add WebIdentityTokenCredentialsProvider by hyunjong-lee · Pull Request #10257 · apache/druid

hyunjong-lee · 2020-08-08T17:50:52Z

Description

To use EKS IRSA, WEB_IDENTITY_TOKEN_FILE must be supported and druid does not support it.
Already submitted by Added WebIdentityTokenCredentialsProvider in AWS Credentials Provider… #9827, to use WEB_IDENTITY_TOKEN_FILE.
It seems like that Added WebIdentityTokenCredentialsProvider in AWS Credentials Provider… #9827 is stopped, I am trying to use WEB_IDENTITY_TOKEN_FILE faster.

Add WebIdentityTokenCredentialsProvider into defaultAWSCredentialsProviderChain method to use WEB_IDENTITY_TOKEN_FILE
- Reference: https://github.com/aws/aws-sdk-java/blob/master/aws-java-sdk-core/src/main/java/com/amazonaws/auth/DefaultAWSCredentialsProviderChain.java#L49

Fixed the bug ...

Renamed the class ...

Added a forbidden-apis entry ...

This PR has:

been self-reviewed.
- using the concurrency checklist (Remove this item if the PR doesn't have any relation to concurrency.)
added documentation for new or modified features or behaviors.
added Javadocs for most classes and all non-trivial methods. Linked related entities via Javadoc links.
added or updated version, license, or notice information in licenses.yaml
added comments explaining the "why" and the intent of the code wherever would not be obvious for an unfamiliar reader.
added unit tests or modified existing tests to cover new code paths, ensuring the threshold for code coverage is met.
added integration tests.
been tested in a test Druid cluster.

Key changed/added classes in this PR

AWSCredentialsUtils
AWSModule

hyunjong-lee · 2020-08-09T20:51:26Z

AWS module can't be tested by travis and also for code coverage.
I will test changed part in EKS cluster and share WEB_IDENTITY_TOKEN_FILE based auth result.

hyunjong-lee · 2020-08-10T07:28:37Z

I had trying to use WEB_IDENTITY_TOKEN_FILE in S3.
While reading the code S3InputSource, I finally understand that access key using assume role will be timed-out after some period (default 1hour).
I did not intend this situation, so I finally understand why we should use AWS KEY directly without assume role.

hyunjong-lee added 2 commits August 9, 2020 02:40

Add WebIdentityTokenCredentialsProvider

95bc382

Update license

fe96089

hyunjong-lee force-pushed the master branch from 0e43c52 to fe96089 Compare August 9, 2020 02:42

hyunjong-lee added 3 commits August 9, 2020 16:29

Ignore npm module files

1d18379

Update deprecated module

e24e943

Remove unused library

b707919

hyunjong-lee changed the title ~~[WIP] Add WebIdentityTokenCredentialsProvider~~ Add WebIdentityTokenCredentialsProvider Aug 9, 2020

hyunjong-lee added 2 commits August 10, 2020 05:41

Remove unused dependency licenses

b74d926

Update document

b190eef

hyunjong-lee closed this Aug 10, 2020

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Add WebIdentityTokenCredentialsProvider#10257

Add WebIdentityTokenCredentialsProvider#10257
hyunjong-lee wants to merge 7 commits intoapache:masterfrom
hyunjong-lee:master

hyunjong-lee commented Aug 8, 2020 •

edited

Loading

Uh oh!

hyunjong-lee commented Aug 9, 2020

Uh oh!

hyunjong-lee commented Aug 10, 2020 •

edited

Loading

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Conversation

hyunjong-lee commented Aug 8, 2020 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Description

Fixed the bug ...

Renamed the class ...

Added a forbidden-apis entry ...

Key changed/added classes in this PR

Uh oh!

hyunjong-lee commented Aug 9, 2020

Uh oh!

hyunjong-lee commented Aug 10, 2020 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

hyunjong-lee commented Aug 8, 2020 •

edited

Loading

hyunjong-lee commented Aug 10, 2020 •

edited

Loading