istreeter opened a new pull request, #11134: URL: https://github.com/apache/hudi/pull/11134
### Change Logs See issue [HUDI-7699](https://issues.apache.org/jira/browse/HUDI-7699). [HUDI-6695](https://issues.apache.org/jira/browse/HUDI-6695) (#9260) added a AWS credentials provider to support assuming a role when syncing to Glue. We use Hudi in a multi-tenant environment, and our customers give us delegated access to their Glue catalog. In this multi-tenant setup it is important to use [an external ID](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-user_externalid.html) to improve security when assuming IAM roles. Furthermore, the STS session name is currently hard-coded to "hoodie". It is helpful for us to have configurable session names so we have better tracability of what entities are creating STS sessions in the cloud. Currently, the assumed role is configured with the `hoodie.aws.role.arn` config property. I would like to add the following extra optional config properties, which will be used by the `HoodieConfigAWSAssumedRoleCredentialsProvider`: - `hoodie.aws.role.external.id` - `hoodie.aws.role.session.name` ### Impact No impact to any existing way of using Hudi. It only adds more configurability to an existing feature. ### Risk level (write none, low medium or high below) Low ### Documentation Update None. The new configuration options need to be documented, but I believe that is done automatically from the config code (someone please confirm this!) ### Contributor's checklist - [ ] Read through [contributor's guide](https://hudi.apache.org/contribute/how-to-contribute) - [ ] Change Logs and Impact were stated clearly - [ ] Adequate tests were added if applicable - [ ] CI passed -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
