Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[SPARK-10969] [Streaming] [Kinesis] Allow specifying separate credentials for Kinesis and DynamoDB #11215

Closed
wants to merge 10 commits into from
Closed

[SPARK-10969] [Streaming] [Kinesis] Allow specifying separate credentials for Kinesis and DynamoDB #11215

wants to merge 10 commits into from

Conversation

kaklakariada
Copy link
Contributor

KinesisUtils.createStream() allows specifying only one set of AWS credentials that will be used by Amazon Kinesis Client Library (KCL) for accessing Kinesis, DynamoDB and CloudWatch.

Motivation

In a scenario where one needs to read from a Kinesis Stream owned by a different AWS account the user usually has minimal rights (i.e. only read from the stream). In this case creating the DynamoDB table in KCL will fail. Instead the DynamoDB table should be created in your own AWS account.

Proposal

This PR adds a new serializable class AWSCredentialPool containing credentials for Kinesis, DynamoDB and CloudWatch that is passed as a parameter to KinesisUtils.createStream(). These credentials are then passed to the constructor of KinesisClientLibConfiguration.

@tdas @cfregly please review if this PR is OK.

See SPARK-10969

This contribution is @ajayrammohan and my original work and we license the work to the project under the project's open source license.

Ajay Rammohan and others added 9 commits February 10, 2016 14:06
@AmplabJenkins
Copy link

Can one of the admins verify this patch?

soulcutter
soulcutter reviewed Feb 29, 2016
View reviewed changes
extras/kinesis-asl/src/main/scala/org/apache/spark/streaming/kinesis/KinesisTestUtils.scala
|Credentialpool tests verify the ability to uses Kinesis stream, Dynamo DB and CloudWatch Metrics in
|separate AWS accounts. This requires a separate set of AWS credentials to be stored in system with the profile
|names "dynamoDB" and "cloudWatch" along with the default credentials. The test assumes that the Kinesis stream
|in the In absence of this only the underlying API will be tested.
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This sentence looks like it got mangled during editing somehow.

@soulcutter
Copy link

I like the idea of being able to provide separate credentials for services, however it seems to me like a more-common use case is still going to be providing a single set of credentials for all services. It would be nice if the way to do so was still as straightforward as it is currently.

@kaklakariada
Copy link
Contributor Author

@soulcutter Thank you very much for your review and sorry for the delay!
Please correct me if I am wrong, but in test testKinesisStreamWithSimpleAwsCredentials we test, that you still can use a single set of credentials with the old API.

@soulcutter
Copy link

soulcutter commented Mar 6, 2016 via email

@kaklakariada
Copy link
Contributor Author

Solved with https://issues.apache.org/jira/browse/SPARK-19911 / #17250, see this comment.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@kaklakariada @AmplabJenkins @soulcutter