[GitHub] [druid] clintropolis commented on a change in pull request #9375: Add support for optional cloud (aws, gcs, etc.) credentials for s3 for ingestion

GitBox Mon, 24 Feb 2020 13:21:50 -0800

clintropolis commented on a change in pull request #9375: Add support for 
optional cloud (aws, gcs, etc.) credentials for s3 for ingestion
URL: https://github.com/apache/druid/pull/9375#discussion_r383517279


 ##########
 File path: 
extensions-core/s3-extensions/src/main/java/org/apache/druid/data/input/s3/S3InputSource.java
 ##########
 @@ -19,50 +19,88 @@
 
 package org.apache.druid.data.input.s3;
 
+import com.amazonaws.auth.AWSStaticCredentialsProvider;
+import com.amazonaws.auth.BasicAWSCredentials;
+import com.amazonaws.services.s3.AmazonS3ClientBuilder;
 import com.amazonaws.services.s3.model.S3ObjectSummary;
 import com.fasterxml.jackson.annotation.JacksonInject;
 import com.fasterxml.jackson.annotation.JsonCreator;
 import com.fasterxml.jackson.annotation.JsonProperty;
 import com.google.common.base.Preconditions;
+import com.google.common.base.Supplier;
+import com.google.common.base.Suppliers;
 import com.google.common.collect.ImmutableList;
 import org.apache.druid.data.input.InputSplit;
 import org.apache.druid.data.input.impl.CloudObjectInputSource;
 import org.apache.druid.data.input.impl.CloudObjectLocation;
+import org.apache.druid.data.input.impl.S3ConfigProperties;
 import org.apache.druid.data.input.impl.SplittableInputSource;
 import org.apache.druid.storage.s3.S3InputDataConfig;
+import org.apache.druid.storage.s3.S3StorageConfig;
 import org.apache.druid.storage.s3.S3StorageDruidModule;
 import org.apache.druid.storage.s3.S3Utils;
 import org.apache.druid.storage.s3.ServerSideEncryptingAmazonS3;
 
 import javax.annotation.Nullable;
 import java.net.URI;
 import java.util.List;
+import java.util.Objects;
 import java.util.stream.Stream;
 import java.util.stream.StreamSupport;
 
 public class S3InputSource extends CloudObjectInputSource<S3Entity>
 {
-  private final ServerSideEncryptingAmazonS3 s3Client;
+  // We lazily initialize s3Client to avoid costly s3 operation when we only 
need S3InputSource for stored information
+  // (such as for task logs) and not for ingestion. (This cost only applies 
for new s3Client created with
+  // s3ConfigProperties given).
+  private final Supplier<ServerSideEncryptingAmazonS3> s3Client;
+  @JsonProperty("properties")
+  private final S3ConfigProperties s3ConfigProperties;
   private final S3InputDataConfig inputDataConfig;
 
   @JsonCreator
   public S3InputSource(
       @JacksonInject ServerSideEncryptingAmazonS3 s3Client,
+      @JacksonInject AmazonS3ClientBuilder amazonS3ClientBuilder,
+      @JacksonInject S3StorageConfig storageConfig,
       @JacksonInject S3InputDataConfig inputDataConfig,
       @JsonProperty("uris") @Nullable List<URI> uris,
       @JsonProperty("prefixes") @Nullable List<URI> prefixes,
-      @JsonProperty("objects") @Nullable List<CloudObjectLocation> objects
+      @JsonProperty("objects") @Nullable List<CloudObjectLocation> objects,
+      @JsonProperty("properties") @Nullable S3ConfigProperties 
s3ConfigProperties
   )
   {
     super(S3StorageDruidModule.SCHEME, uris, prefixes, objects);
-    this.s3Client = Preconditions.checkNotNull(s3Client, "s3Client");
     this.inputDataConfig = Preconditions.checkNotNull(inputDataConfig, 
"S3DataSegmentPusherConfig");
+    this.s3ConfigProperties = s3ConfigProperties;
+    this.s3Client = Suppliers.memoize(
+        () -> {
+          if (amazonS3ClientBuilder != null && storageConfig != null && 
s3ConfigProperties != null) {
+            if (s3ConfigProperties.isCredentialsConfigured()) {
+              BasicAWSCredentials creds = new BasicAWSCredentials(
+                  s3ConfigProperties.getAccessKeyId().getPassword(),
+                  s3ConfigProperties.getSecretAccessKey().getPassword());
+              amazonS3ClientBuilder.withCredentials(new 
AWSStaticCredentialsProvider(creds));
+            }
+            return new 
ServerSideEncryptingAmazonS3(amazonS3ClientBuilder.build(), 
storageConfig.getServerSideEncryption());
+          } else {
+            return Preconditions.checkNotNull(s3Client, "s3Client");
 
 Review comment:
   hmm, should the check that one of `s3Client` or `amazonS3ClientBuilder` and 
`storageConfig ` are not null be done eagerly instead of in the supplier? (i'm 
not certain either way, just thinking out loud)

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
[email protected]


With regards,
Apache Git Services

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

[GitHub] [druid] clintropolis commented on a change in pull request #9375: Add support for optional cloud (aws, gcs, etc.) credentials for s3 for ingestion

Reply via email to