pitrou commented on a change in pull request #10088:
URL: https://github.com/apache/arrow/pull/10088#discussion_r621109555
##########
File path: python/pyarrow/_s3fs.pyx
##########
@@ -74,6 +74,13 @@ cdef class S3FileSystem(FileSystem):
Whether to connect anonymously if access_key and secret_key are None.
If true, will not attempt to look up credentials using standard AWS
configuration methods.
+ use_web_identity: boolean, default False
+ Whether to connect using an assumed role authenticated using
+ a web identity token. The required settings are derived from
+ environment variables such as AWS_ROLE_ARN,
+ AWS_WEB_IDENTITY_TOKEN_FILE and AWS_ROLE_SESSION_NAME.
+ If true, will not attempt to look up credentials using other
+ AWS configuration methods.
Review comment:
Hmm... I think it would be better to avoid adding boolean arguments for
each different kind of authentication.
I'm not sure what a good API would be, but perhaps we could add a generic
`auth` parameter that would accept the following values:
* `auth='default'`
* `auth='anonymous'`
* `auth={'access_key': '...', 'secret_key': '...', 'session_token': '...'}`
* `auth={'role_arn': '...', 'session_name': '...', 'external_id': '...',
'load_frequency': 123}`
* `auth='web_identity'`
@jorisvandenbossche What do you think?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
