alamb commented on code in PR #4235:
URL: https://github.com/apache/arrow-rs/pull/4235#discussion_r1196996290
##########
object_store/src/aws/mod.rs:
##########
@@ -1002,76 +1017,74 @@ impl AmazonS3Builder {
let region = region.context(MissingRegionSnafu)?;
let checksum = self.checksum_algorithm.map(|x| x.get()).transpose()?;
- let credentials = match (self.access_key_id, self.secret_access_key,
self.token) {
- (Some(key_id), Some(secret_key), token) => {
- info!("Using Static credential provider");
- let credential = AwsCredential {
- key_id,
- secret_key,
- token,
- };
- Arc::new(StaticCredentialProvider::new(credential)) as _
- }
- (None, Some(_), _) => return Err(Error::MissingAccessKeyId.into()),
- (Some(_), None, _) => return
Err(Error::MissingSecretAccessKey.into()),
- // TODO: Replace with `AmazonS3Builder::credentials_from_env`
- _ => match (
- std::env::var("AWS_WEB_IDENTITY_TOKEN_FILE"),
- std::env::var("AWS_ROLE_ARN"),
- ) {
- (Ok(token_path), Ok(role_arn)) => {
- info!("Using WebIdentity credential provider");
-
- let session_name = std::env::var("AWS_ROLE_SESSION_NAME")
- .unwrap_or_else(|_| "WebIdentitySession".to_string());
-
- let endpoint =
format!("https://sts.{region}.amazonaws.com";);
-
- // Disallow non-HTTPs requests
- let client = self
- .client_options
- .clone()
- .with_allow_http(false)
- .client()?;
-
- let token = WebIdentityProvider {
- token_path,
- session_name,
- role_arn,
- endpoint,
- };
-
- Arc::new(TokenCredentialProvider::new(
+ let credentials = if let Some(credentials) = self.credentials {
+ credentials
Review Comment:
I think it is worth considering a `warn!` here if `access_key_id` or
`secret_access_key` is set that they are being ignored in favor of the other
credentials. I know the docs say this is the behavior but I think as a user I
would find it somewhat confusing if the access_key_id got silently ignored -- I
would rather the library loudly complained so I can fix it
Maybe in that vein, the builder should return an error if conflicting
credentials are supplied
🤔
##########
object_store/src/azure/mod.rs:
##########
@@ -937,7 +954,9 @@ impl MicrosoftAzureBuilder {
let url = Url::parse(&account_url)
.context(UnableToParseUrlSnafu { url: account_url })?;
- let credential = if let Some(bearer_token) = self.bearer_token {
+ let credential = if let Some(credential) = self.credentials {
Review Comment:
same comment here about erroring / warning
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
