Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

S3 ingestion can assume role #10995

Merged
merged 10 commits into from
Jun 9, 2021
Merged

S3 ingestion can assume role #10995

merged 10 commits into from
Jun 9, 2021

Conversation

egor-ryashin
Copy link
Contributor

@egor-ryashin egor-ryashin commented Mar 15, 2021
edited
Loading

Description

This feature allows S3 ingestion to use the AssumeRole capability of AWS that helps with cross-account access.
It introduces 2 additional fields in S3InputSourceConfig (those are optional).

This PR has:

  • been self-reviewed.
  • added documentation for new or modified features or behaviors.
  • added Javadocs for most classes and all non-trivial methods. Linked related entities via Javadoc links.
  • added or updated version, license, or notice information in licenses.yaml
  • added comments explaining the "why" and the intent of the code wherever would not be obvious for an unfamiliar reader.
  • added unit tests or modified existing tests to cover new code paths, ensuring the threshold for code coverage is met.
  • added integration tests.
  • been tested in a test Druid cluster.

@egor-ryashin egor-ryashin marked this pull request as ready for review March 15, 2021 20:05
nishantmonu51
nishantmonu51 reviewed Mar 29, 2021
View reviewed changes
docs/ingestion/native-batch.md
"properties": {
"accessKeyId": "KLJ78979SDFdS2",
"secretAccessKey": "KLS89s98sKJHKJKJH8721lljkd",
"assumeRoleArn": "arn:aws:iam::2981002874992:role/role-s3"
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I believe above are some dummy IDs and roles and not some actual ones.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes. All fake.

...ons-core/s3-extensions/src/main/java/org/apache/druid/data/input/s3/S3InputSourceConfig.java
@JsonProperty
private PasswordProvider accessKeyId;
@JsonProperty
private PasswordProvider secretAccessKey;
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

accessKeyId and SecretAccessKey are also nullable, Can we add annotation these as well.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Added.

@egor-ryashin
Copy link
Contributor Author

egor-ryashin commented May 1, 2021
edited
Loading

Fixed all except coverage. The code is integration with AWS API, writing mocks for it will effectively replace about 90% of code, which is unreasonable for testing.

nishantmonu51
nishantmonu51 approved these changes May 20, 2021
View reviewed changes
Copy link
Member

@nishantmonu51 nishantmonu51 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍 , LGTM

pjain1
pjain1 approved these changes Jun 7, 2021
View reviewed changes
Copy link
Member

@pjain1 pjain1 left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

@pjain1 pjain1 merged commit 9047fa3 into apache:master Jun 9, 2021
clintropolis
clintropolis reviewed Jun 25, 2021
View reviewed changes
extensions-core/s3-extensions/pom.xml
@@ -115,8 +115,8 @@
<dependency>
<groupId>com.amazonaws</groupId>
<artifactId>aws-java-sdk-sts</artifactId>
<scope>provided</scope>
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

why this change?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

aws-common doesn't contain it, surprisingly Kinesis extension contains it, when Kinesis ext. is removed then the S3 ext. fails.

@egor-ryashin egor-ryashin deleted the feature-s3-assume-role branch June 26, 2021 16:04
@clintropolis clintropolis added this to the 0.22.0 milestone Aug 12, 2021
@clintropolis clintropolis mentioned this pull request Sep 3, 2021
Closed
@didip didip mentioned this pull request Apr 6, 2022
Closed
9 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@clintropolis clintropolis clintropolis left review comments

@nishantmonu51 nishantmonu51 nishantmonu51 approved these changes

@pjain1 pjain1 pjain1 approved these changes

Assignees

@pjain1 pjain1

Labels
Area - Batch Ingestion Area - Operations
Projects
None yet
Milestone
0.22.0
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@egor-ryashin @clintropolis @nishantmonu51 @pjain1