Sbaia commented on PR #59893: URL: https://github.com/apache/doris/pull/59893#issuecomment-3759361729
@CalvinKirs Thank you for the review feedback! I've refactored the implementation to use Doris's existing `AwsCredentialsProviderFactory` instead of the custom `CustomAwsCredentialsProvider` class. Here's what changed: **Why we removed `CustomAwsCredentialsProvider`:** The custom class was problematic because it bypassed Doris's established AWS credentials handling patterns. It also didn't provide users with explicit control over how credentials are resolved, which is the expected behavior in Doris (consistent with `s3.credentials_provider_type` for S3). **New approach:** 1. **For explicit credentials** (access_key + secret_key): Uses `StaticCredentialsProvider` directly 2. **For IAM role assumption** (`role_arn`): Uses Iceberg's built-in `AssumeRoleAwsClientFactory` 3. **For other credential modes**: Uses `AwsCredentialsProviderFactory.getV2ClassName()` to get the appropriate AWS SDK v2 provider class **New configuration properties:** - `s3tables.credentials-provider-type` / `iceberg.rest.credentials-provider-type` - explicit credential provider selection (ENV, INSTANCE_PROFILE, WEB_IDENTITY, CONTAINER, etc.) - `s3tables.assume-role.arn` / `iceberg.rest.assume-role.arn` - for cross-account access via STS AssumeRole - `s3tables.assume-role.external-id` / `iceberg.rest.assume-role.external-id` - external ID for AssumeRole security **Testing:** - Tested with explicit credentials (access_key/secret_key) ✅ - Tested with IRSA (EKS IAM Roles for Service Accounts) ✅ - Tested with `role_arn` configuration for cross-account access ✅ The implementation now follows the same patterns used elsewhere in Doris for AWS credentials handling, giving users explicit control while maintaining backward compatibility with existing configurations. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
