This is an automated email from the ASF dual-hosted git repository.
etudenhoefner pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/iceberg.git
The following commit(s) were added to refs/heads/main by this push:
new bff6652782 Aliyun: Add security token to client properties (#9671)
bff6652782 is described below
commit bff665278245128a71982ba5ac5981a9e71c4509
Author: Gang Wu <[email protected]>
AuthorDate: Mon Feb 19 15:39:11 2024 +0800
Aliyun: Add security token to client properties (#9671)
---
.../apache/iceberg/aliyun/AliyunClientFactories.java | 20 +++++++++++++++-----
.../org/apache/iceberg/aliyun/AliyunProperties.java | 17 +++++++++++++++++
.../iceberg/aliyun/TestAliyunClientFactories.java | 15 ++++++++++++++-
.../org/apache/iceberg/aliyun/oss/TestOSSFileIO.java | 3 +++
4 files changed, 49 insertions(+), 6 deletions(-)
diff --git
a/aliyun/src/main/java/org/apache/iceberg/aliyun/AliyunClientFactories.java
b/aliyun/src/main/java/org/apache/iceberg/aliyun/AliyunClientFactories.java
index 5807f9bfe1..e91d07721c 100644
--- a/aliyun/src/main/java/org/apache/iceberg/aliyun/AliyunClientFactories.java
+++ b/aliyun/src/main/java/org/apache/iceberg/aliyun/AliyunClientFactories.java
@@ -23,6 +23,7 @@ import com.aliyun.oss.OSSClientBuilder;
import java.util.Map;
import org.apache.iceberg.common.DynConstructors;
import org.apache.iceberg.relocated.com.google.common.base.Preconditions;
+import org.apache.iceberg.relocated.com.google.common.base.Strings;
import org.apache.iceberg.util.PropertyUtil;
public class AliyunClientFactories {
@@ -90,11 +91,20 @@ public class AliyunClientFactories {
aliyunProperties,
"Cannot create aliyun oss client before initializing the
AliyunClientFactory.");
- return new OSSClientBuilder()
- .build(
- aliyunProperties.ossEndpoint(),
- aliyunProperties.accessKeyId(),
- aliyunProperties.accessKeySecret());
+ if (Strings.isNullOrEmpty(aliyunProperties.securityToken())) {
+ return new OSSClientBuilder()
+ .build(
+ aliyunProperties.ossEndpoint(),
+ aliyunProperties.accessKeyId(),
+ aliyunProperties.accessKeySecret());
+ } else {
+ return new OSSClientBuilder()
+ .build(
+ aliyunProperties.ossEndpoint(),
+ aliyunProperties.accessKeyId(),
+ aliyunProperties.accessKeySecret(),
+ aliyunProperties.securityToken());
+ }
}
@Override
diff --git
a/aliyun/src/main/java/org/apache/iceberg/aliyun/AliyunProperties.java
b/aliyun/src/main/java/org/apache/iceberg/aliyun/AliyunProperties.java
index 623b55263a..4de784f40c 100644
--- a/aliyun/src/main/java/org/apache/iceberg/aliyun/AliyunProperties.java
+++ b/aliyun/src/main/java/org/apache/iceberg/aliyun/AliyunProperties.java
@@ -52,6 +52,17 @@ public class AliyunProperties implements Serializable {
*/
public static final String CLIENT_ACCESS_KEY_SECRET =
"client.access-key-secret";
+ /**
+ * Aliyun supports Security Token Service (STS) to generate temporary access
credentials to
+ * authorize a user to access the Object Storage Service (OSS) resources
within a specific period
+ * of time. In this way, user does not have to share the AccessKey pair and
ensures higher level
+ * of data security.
+ *
+ * <p>For more information about how to obtain a security token, see:
+ * https://www.alibabacloud.com/help/en/vod/user-guide/sts-tokens
+ */
+ public static final String CLIENT_SECURITY_TOKEN = "client.security-token";
+
/**
* The implementation class of {@link AliyunClientFactory} to customize
Aliyun client
* configurations. If set, all Aliyun clients will be initialized by the
specified factory. If not
@@ -68,6 +79,7 @@ public class AliyunProperties implements Serializable {
private final String ossEndpoint;
private final String accessKeyId;
private final String accessKeySecret;
+ private final String securityToken;
private final String ossStagingDirectory;
public AliyunProperties() {
@@ -79,6 +91,7 @@ public class AliyunProperties implements Serializable {
this.ossEndpoint = properties.get(OSS_ENDPOINT);
this.accessKeyId = properties.get(CLIENT_ACCESS_KEY_ID);
this.accessKeySecret = properties.get(CLIENT_ACCESS_KEY_SECRET);
+ this.securityToken = properties.get(CLIENT_SECURITY_TOKEN);
this.ossStagingDirectory =
PropertyUtil.propertyAsString(
@@ -97,6 +110,10 @@ public class AliyunProperties implements Serializable {
return accessKeySecret;
}
+ public String securityToken() {
+ return securityToken;
+ }
+
public String ossStagingDirectory() {
return ossStagingDirectory;
}
diff --git
a/aliyun/src/test/java/org/apache/iceberg/aliyun/TestAliyunClientFactories.java
b/aliyun/src/test/java/org/apache/iceberg/aliyun/TestAliyunClientFactories.java
index 03df4af70b..a329a3bda7 100644
---
a/aliyun/src/test/java/org/apache/iceberg/aliyun/TestAliyunClientFactories.java
+++
b/aliyun/src/test/java/org/apache/iceberg/aliyun/TestAliyunClientFactories.java
@@ -42,8 +42,17 @@ public class TestAliyunClientFactories {
.as("Should have no Aliyun properties set")
.isNull();
+ Assertions.assertThat(defaultFactory.aliyunProperties().securityToken())
+ .as("Should have no security token")
+ .isNull();
+
AliyunClientFactory defaultFactoryWithConfig =
-
AliyunClientFactories.from(ImmutableMap.of(AliyunProperties.CLIENT_ACCESS_KEY_ID,
"key"));
+ AliyunClientFactories.from(
+ ImmutableMap.of(
+ AliyunProperties.CLIENT_ACCESS_KEY_ID,
+ "key",
+ AliyunProperties.CLIENT_SECURITY_TOKEN,
+ "token"));
Assertions.assertThat(defaultFactoryWithConfig)
.as("Should load default when factory impl not configured")
.isInstanceOf(AliyunClientFactories.DefaultAliyunClientFactory.class);
@@ -51,6 +60,10 @@ public class TestAliyunClientFactories {
Assertions.assertThat(defaultFactoryWithConfig.aliyunProperties().accessKeyId())
.as("Should have access key set")
.isEqualTo("key");
+
+
Assertions.assertThat(defaultFactoryWithConfig.aliyunProperties().securityToken())
+ .as("Should have security token set")
+ .isEqualTo("token");
}
@Test
diff --git
a/aliyun/src/test/java/org/apache/iceberg/aliyun/oss/TestOSSFileIO.java
b/aliyun/src/test/java/org/apache/iceberg/aliyun/oss/TestOSSFileIO.java
index 1cc8f45467..a4db1b9d04 100644
--- a/aliyun/src/test/java/org/apache/iceberg/aliyun/oss/TestOSSFileIO.java
+++ b/aliyun/src/test/java/org/apache/iceberg/aliyun/oss/TestOSSFileIO.java
@@ -158,6 +158,9 @@ public class TestOSSFileIO extends AliyunOSSTestBase {
Assertions.assertThat(oss.getCredentialsProvider().getCredentials().getSecretAccessKey())
.as("Should have expected secret key")
.isEqualTo(accessSecret);
+
Assertions.assertThat(oss.getCredentialsProvider().getCredentials().getSecurityToken())
+ .as("Should have no security token")
+ .isNull();
}
private FileIO fileIO() {
