rustyrazorblade opened a new pull request, #212: URL: https://github.com/apache/cassandra-analytics/pull/212
## Summary - Adds `CredentialType` enum (`STATIC` / `IAM`) to control how Spark executors and Sidecar authenticate to S3 - `STATIC` (default): existing behavior — STS access key/secret/session token passed via `StorageCredentials` - `IAM`: no credentials passed; both executor and Sidecar use the AWS SDK default provider chain (EC2 instance profile, EKS IRSA, ECS task role) - New `StorageAuth` interface with `StaticStorageAuth` and `IamStorageAuth` implementations - `StorageCredentialPair.iamPair(writeRegion, readRegion)` factory for IAM-only pairs - `RestoreJobSecrets` updated to carry the credential type and omit secrets when IAM is used - Documentation updates covering the new `storage_credential_type` option and S3 bucket topology ## Test plan - [ ] New unit tests in `BuildRestoreJobSecretsTest`, `RestoreJobSecretsTest`, `StorageCredentialsTest`, `StorageCredentialPairTest`, and `CreateRestoreJobRequestPayloadTest` cover both `STATIC` and `IAM` paths - [ ] `StorageAccessConfigurationTest` updated to reflect new auth model - [ ] `CloudStorageStreamSessionTest` updated for credential type propagation ## JIRA https://issues.apache.org/jira/browse/CASSANALYTICS-155 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
