jorisvandenbossche commented on a change in pull request #10088:
URL: https://github.com/apache/arrow/pull/10088#discussion_r621130953
##########
File path: python/pyarrow/_s3fs.pyx
##########
@@ -74,6 +74,13 @@ cdef class S3FileSystem(FileSystem):
Whether to connect anonymously if access_key and secret_key are None.
If true, will not attempt to look up credentials using standard AWS
configuration methods.
+ use_web_identity: boolean, default False
+ Whether to connect using an assumed role authenticated using
+ a web identity token. The required settings are derived from
+ environment variables such as AWS_ROLE_ARN,
+ AWS_WEB_IDENTITY_TOKEN_FILE and AWS_ROLE_SESSION_NAME.
+ If true, will not attempt to look up credentials using other
+ AWS configuration methods.
Review comment:
Without knowing too much about S3 / AWS auth, your proposal feels quite
natural for expressing the different options, and could be a nice alternative
to a bunch of partially exclusive keyword arguments each for a different way of
authorization. We would (initially) need to keep the keywords for backward
compatibility.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
