Taragolis commented on code in PR #35273:
URL: https://github.com/apache/airflow/pull/35273#discussion_r1376259564
##########
airflow/providers/amazon/aws/fs/s3.py:
##########
@@ -85,7 +85,15 @@ def get_fs(conn_id: str | None) -> AbstractFileSystem:
if proxy_uri := s3_service_config.get(S3_PROXY_URI, None):
config_kwargs["proxies"] = {"http": proxy_uri, "https": proxy_uri}
- fs = S3FileSystem(session=session, config_kwargs=config_kwargs,
endpoint_url=endpoint_url)
+ anon = False
+ if (
+ aws.conn_config.aws_access_key_id is None
+ and aws.conn_config.aws_secret_access_key is None
+ and aws.conn_config.aws_session_token is None
+ ):
+ anon = True
Review Comment:
Unfortunetly it can't be a solution for indicate is lack of credentials.
Credentials could be provided from assuming role by use EC2/ECS/EKS IRSA,
environment variables, profiles combination of them and even by custom
federation.
I think the only good way it is try to call `session.get_credentials()` if
it is return None than no credentials provided.
Or create separate key into the `service_config.s3` which are use for
determine is required anonymous access or not.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
