vahmed-hamdy commented on a change in pull request #18553:
URL: https://github.com/apache/flink/pull/18553#discussion_r802490106
##########
File path:
flink-connectors/flink-connector-aws-base/src/main/java/org/apache/flink/connector/aws/util/AWSGeneralUtil.java
##########
@@ -369,4 +367,35 @@ public static void closeResources(SdkAutoCloseable...
resources) {
throw exception;
}
}
+
+ public static void
validateWebIdentityTokenFileCredentialsProvider(Properties config) {
+ validateCredentialProvider(config);
+ try {
+ CredentialProvider credentialProviderType =
+ getCredentialProviderType(config,
AWSConfigConstants.AWS_CREDENTIALS_PROVIDER);
+ if (credentialProviderType.equals(WEB_IDENTITY_TOKEN)) {
+ getCredentialsProvider(config).resolveCredentials();
Review comment:
This is executed on the TM by the sink writer, the web Identity token
falls back to env variables so verifying any missing credentials is not
possible by verifying the configs only. I thought it would be more thorough to
catch any failure on credential resolving and report it .
I believe the code is going to be re-executed by the client when sending
requests using same credentials later, why should a failure here be ignored or
not an indicator of bad credentials?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
