ashb commented on code in PR #29623:
URL: https://github.com/apache/airflow/pull/29623#discussion_r1114196396
##########
airflow/providers/amazon/aws/hooks/base_aws.py:
##########
@@ -312,19 +312,35 @@ def _get_web_identity_credential_fetcher(
base_session = self.basic_session._session or
botocore.session.get_session()
client_creator = base_session.create_client
federation =
self.extra_config.get("assume_role_with_web_identity_federation")
- if federation == "google":
- web_identity_token_loader =
self._get_google_identity_token_loader()
- else:
- raise AirflowException(
- f'Unsupported federation: {federation}. Currently "google"
only are supported.'
- )
+
+ web_identity_token_loader = (
+ {
+ "file": self._get_file_token_loader,
+ "google": self._get_google_identity_token_loader,
+ }.get(federation)()
+ if type(federation) == str
+ else None
+ )
Review Comment:
> ```python
> token_file =
self.extra_config.get("assume_role_with_web_identity_token_file") or os.getenv(
>
AssumeRoleWithWebIdentityProvider._CONFIG_TO_ENV_VAR["web_identity_token_file"]
> )
> ```
Right, that was easy enough to fix -- and a concrete review pointing at the
specific instance would have been more helpful than talking in generics.
The point of this feature is to allow different Airflow connections to have
different styles of credentials. I'm marking this point as resolved now as
there are no private APIs/attrs in use.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
