mokamoka03210120 commented on code in PR #26098:
URL: https://github.com/apache/beam/pull/26098#discussion_r1165462611
##########
sdks/java/io/amazon-web-services2/src/main/java/org/apache/beam/sdk/io/aws2/options/AwsModule.java:
##########
@@ -175,6 +177,14 @@ public AwsCredentialsProvider deserializeWithType(
.refreshRequest(jsonParser.getCodec().treeToValue(json,
clazz).build())
.stsClient(StsClient.create())
.build();
+ } else if (typeName.equals(
+
StsAssumeRoleWithWebIdentityCredentialsProvider.class.getSimpleName())) {
+ Class<? extends AssumeRoleWithWebIdentityRequest.Builder> clazz =
+ AssumeRoleWithWebIdentityRequest.serializableBuilderClass();
+ return StsAssumeRoleWithWebIdentityCredentialsProvider.builder()
+ .refreshRequest(jsonParser.getCodec().treeToValue(json,
clazz).build())
+ .stsClient(StsClient.create())
Review Comment:
`AssumeRoleWithWebIdentity` does not need any credentials except id token
essentially. But `StsClient` requires credentials due to the design of AWS SDK.
```
.stsClient(StsClient.builder()
.credentialsProvider(StaticCredentialsProvider.create(AwsBasicCredentials.create("key",
"secret")))
.build())
```
This resolves the problem roughly. Is there any other way?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
