Xuanwo commented on code in PR #5268:
URL: https://github.com/apache/arrow-rs/pull/5268#discussion_r1442614354
##########
object_store/src/aws/credential.rs:
##########
@@ -659,6 +685,56 @@ async fn task_credential(
})
}
+/// A session provider as used by S3 Express One Zone
+///
+/// <https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html>
+#[derive(Debug)]
+pub struct SessionProvider {
+ pub endpoint: String,
+ pub region: String,
+ pub credentials: AwsCredentialProvider,
+}
+
+#[async_trait]
+impl TokenProvider for SessionProvider {
+ type Credential = AwsCredential;
+
+ async fn fetch_token(
+ &self,
+ client: &Client,
+ retry: &RetryConfig,
+ ) -> Result<TemporaryToken<Arc<Self::Credential>>> {
+ let creds = self.credentials.get_credential().await?;
+ let authorizer = AwsAuthorizer::new(&creds, "s3", &self.region);
+
+ let bytes = client
+ .get(format!("{}?session", self.endpoint))
+ .with_aws_sigv4(Some(authorizer), None)
+ .send_retry(retry)
+ .await
+ .context(CreateSessionRequestSnafu)?
+ .bytes()
+ .await
+ .context(CreateSessionResponseSnafu)?;
+
+ let resp: CreateSessionOutput =
+
quick_xml::de::from_reader(bytes.reader()).context(CreateSessionOutputSnafu)?;
+
+ let creds = resp.credentials;
+ Ok(TemporaryToken {
+ token: Arc::new(creds.into()),
+ // Credentials last 5 minutes
+ expiry: Some(Instant::now() + Duration::from_secs(5 * 60)),
Review Comment:
Lesson learnt!
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
