Skip to content

AWS Web Identity / IRSA Support#10541

Merged
pjain1 merged 5 commits intoapache:masterfrom
himadrisingh:aws-web-identity-support
Jan 25, 2021
Merged

AWS Web Identity / IRSA Support#10541
pjain1 merged 5 commits intoapache:masterfrom
himadrisingh:aws-web-identity-support

Conversation

@himadrisingh
Copy link
Copy Markdown
Contributor

@himadrisingh himadrisingh commented Oct 30, 2020

Description

Added the latest AWS Web Identity Token Support for Druid.
Required fro IAM Roles for Service Account on kubernetes.

Updated AWS Credential Provider in the same order which AWS SDK does.

This PR has:

  • been self-reviewed.
  • added documentation for new or modified features or behaviors.
  • added Javadocs for most classes and all non-trivial methods. Linked related entities via Javadoc links.
  • added or updated version, license, or notice information in licenses.yaml
  • added comments explaining the "why" and the intent of the code wherever would not be obvious for an unfamiliar reader.
  • added unit tests or modified existing tests to cover new code paths, ensuring the threshold for code coverage is met.
  • added integration tests.
  • been tested in a test Druid cluster.

nishantmonu51
nishantmonu51 approved these changes Oct 30, 2020
View reviewed changes
Copy link
Copy Markdown
Member

@nishantmonu51 nishantmonu51 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍 ,
Please also make a small change to the doc here https://druid.apache.org/docs/latest/development/extensions-core/kinesis-ingestion.html#aws-authentication and mention WebIdentity token as well.

@himanshug
Copy link
Copy Markdown
Contributor

himanshug commented Nov 20, 2020

+1 after the build

@himadrisingh himadrisingh reopened this Nov 30, 2020
clintropolis
clintropolis approved these changes Dec 2, 2020
View reviewed changes
Copy link
Copy Markdown
Member

@clintropolis clintropolis left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

travis is complaining about test coverage, but not sure what a meaningful test on AWSCredentialsUtils looks like heh

@himanshug
Copy link
Copy Markdown
Contributor

himanshug commented Dec 2, 2020

hmmmm, yeah maybe just exclude it from coverage , @himadrisingh you can exclude that at https://github.com/apache/druid/blob/master/pom.xml#L1280

@pjain1 pjain1 merged commit 1c1b396 into apache:master Jan 25, 2021
@himadrisingh himadrisingh deleted the aws-web-identity-support branch January 25, 2021 13:31
@suneet-s suneet-s mentioned this pull request Apr 12, 2021
Closed
8 tasks
@mitchlloyd mitchlloyd mentioned this pull request Apr 30, 2021
Closed
2 tasks
@clintropolis clintropolis added this to the 0.22.0 milestone Aug 12, 2021
@clintropolis clintropolis mentioned this pull request Sep 3, 2021
Closed
@niravpeak niravpeak mentioned this pull request Jan 22, 2022
Closed
@didip
Copy link
Copy Markdown
Contributor

didip commented Mar 5, 2022

@himadrisingh do you happen to know why aws-java-sdk-sts.jar doesn't exist on lib/ folder?

didip added a commit to didip/druid that referenced this pull request Mar 17, 2022
@didip
Make AWS WebIdentityToken actually working and usable from inside EKS.
3e8612c 
Original PR: apache#10541 doesn’t work.
This PR addresses 2 of its issues:

1. Missing aws-java-sdk-sts.jar

2. applyAssumeRole function interferes with default s3Builder client behavior.
@didip didip mentioned this pull request Mar 17, 2022
Closed
9 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@clintropolis clintropolis clintropolis approved these changes

@nishantmonu51 nishantmonu51 nishantmonu51 approved these changes

Assignees

No one assigned

Labels

Area - Dependencies

Projects

None yet

Milestone

0.22.0

Development

Successfully merging this pull request may close these issues.

6 participants

@himadrisingh @himanshug @didip @clintropolis @nishantmonu51 @pjain1