Renkai commented on a change in pull request #9387:
URL: https://github.com/apache/pulsar/pull/9387#discussion_r567551289
##########
File path:
tiered-storage/jcloud/src/main/java/org/apache/bookkeeper/mledger/offload/jcloud/provider/JCloudBlobStoreProvider.java
##########
@@ -304,33 +305,40 @@ public ProviderMetadata getProviderMetadata() {
static final CredentialBuilder AWS_CREDENTIAL_BUILDER =
(TieredStorageConfiguration config) -> {
if (config.getCredentials() == null) {
- AWSCredentials awsCredentials = null;
+ AWSCredentialsProvider authChain = null;
Review comment:
```
final AWSCredentialsProvider authChain;
try {
if
(Strings.isNullOrEmpty(config.getConfigProperty(S3_ROLE_FIELD))) {
authChain =
DefaultAWSCredentialsProviderChain.getInstance();
} else {
authChain =
new
STSAssumeRoleSessionCredentialsProvider.Builder(
config.getConfigProperty(S3_ROLE_FIELD),
config.getConfigProperty(S3_ROLE_SESSION_NAME_FIELD)
).build();
}
// Important! Delay the building of actual credentials
// until later to support tokens that may be refreshed
// such as all session tokens
config.setProviderCredentials(() -> {
AWSCredentials newCreds = authChain.getCredentials();
```
Maybe like this is better?
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
