This is an automated email from the ASF dual-hosted git repository.
xuanwo pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/iceberg-rust.git
The following commit(s) were added to refs/heads/main by this push:
new cb3c8be io: add support for role arn and external id s3 props (#553)
cb3c8be is described below
commit cb3c8bec835cd8cee92bc2dd616202759d6cabea
Author: Matheus Alcantara <[email protected]>
AuthorDate: Thu Aug 15 22:31:17 2024 -0300
io: add support for role arn and external id s3 props (#553)
Add support for client.assume-role.arn and
client.assume-role.external-id s3 config properties.
Partial fix for #527
---
crates/iceberg/src/io/storage_s3.rs | 12 ++++++++++++
1 file changed, 12 insertions(+)
diff --git a/crates/iceberg/src/io/storage_s3.rs
b/crates/iceberg/src/io/storage_s3.rs
index 4374846..7c5400c 100644
--- a/crates/iceberg/src/io/storage_s3.rs
+++ b/crates/iceberg/src/io/storage_s3.rs
@@ -47,6 +47,11 @@ pub const S3_SSE_TYPE: &str = "s3.sse.type";
pub const S3_SSE_KEY: &str = "s3.sse.key";
/// S3 Server Side Encryption MD5.
pub const S3_SSE_MD5: &str = "s3.sse.md5";
+/// If set, all AWS clients will assume a role of the given ARN, instead of
using the default
+/// credential chain.
+pub const S3_ASSUME_ROLE_ARN: &str = "client.assume-role.arn";
+/// Optional external ID used to assume an IAM role.
+pub const S3_ASSUME_ROLE_EXTERNAL_ID: &str = "client.assume-role.external-id";
/// Parse iceberg props to s3 config.
pub(crate) fn s3_config_parse(mut m: HashMap<String, String>) ->
Result<S3Config> {
@@ -71,6 +76,13 @@ pub(crate) fn s3_config_parse(mut m: HashMap<String,
String>) -> Result<S3Config
cfg.enable_virtual_host_style = true;
}
};
+
+ if let Some(arn) = m.remove(S3_ASSUME_ROLE_ARN) {
+ cfg.role_arn = Some(arn);
+ }
+ if let Some(external_id) = m.remove(S3_ASSUME_ROLE_EXTERNAL_ID) {
+ cfg.external_id = Some(external_id);
+ };
let s3_sse_key = m.remove(S3_SSE_KEY);
if let Some(sse_type) = m.remove(S3_SSE_TYPE) {
match sse_type.to_lowercase().as_str() {
