leekeiabstraction commented on PR #1245: URL: https://github.com/apache/fluss/pull/1245#issuecomment-3589907369
> Remove s3.aws.credentials.provider: org.apache.hadoop.fs.s3a.SimpleAWSCredentialsProvider from the Coordinator and Tablet server configuration but leave the credentials (access key, secret) there. Spin up the Docker Compose stack again. Follow the instructions in the example. For some reason, data is still written to MinIO. This is a contradiction to me, because I set the credential providers by default to blank. I might be missing something but the documented behaviour of unsetting `fs.s3a.assumed.role.credentials.provider` is to fallback to BasicAWSCredentialsProvider. See here: [A list of providers can be set in fs.s3a.assumed.role.credentials.provider; if unset the standard BasicAWSCredentialsProvider credential provider is used, which uses fs.s3a.access.key and fs.s3a.secret.key.](https://hadoop.apache.org/docs/stable/hadoop-aws/tools/hadoop-aws/assumed_roles.html#IOException:_.E2.80.9CAssumedRoleCredentialProvider_cannot_be_in_fs.s3a.assumed.role.credentials.provider.E2.80.9D) Were `fs.s3a.secret.key/access.key` in the properties during the second run? > To force users to set the credential provider when token delegation is deactivated, I set the credential provider config options to blank, see [here](https://github.com/apache/fluss/blob/2e4c770240817ee51b5e34747a0330d58b16ffec/fluss-filesystems/fluss-fs-s3/src/main/java/org/apache/fluss/fs/s3/S3FileSystemPlugin.java#L148). Additional question that might help my understanding, what do we expect the user experience to look like here? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
