Support per-statement credentials param for GCS #4606
Conversation
|
This change is |
There was a problem hiding this comment.
Reviewable status:
complete! 0 of 0 LGTMs obtained (waiting on @Amruta-Ranade and @lucy-zhang)
_includes/v19.1/misc/external-urls.md, line 24 at r1 (raw file):
<a name="considerations"></a> - <sup>1</sup>If the `AUTH` parameter is not specified, the `cloudstorage.gs.default.key` setting will be used if it is non-empty, otherwise the `implicit` behavior is used. If the `AUTH` parameter is `implicit`, all GCS connections use Google's [default authentication strategy](https://cloud.google.com/docs/authentication/production#providing_credentials_to_your_application). If the `AUTH` parameter is `default`, the `cloudstorage.gs.default.key` [cluster setting](cluster-settings.html) must be set to the contents of a [service account file](https://cloud.google.com/docs/authentication/production#obtaining_and_providing_service_account_credentials_manually) which will be used during authentication. <span class="version-tag">New in v19.1:</span> If the `AUTH` paramenter is `specified`, GCS connections are authenticated on a per-statement basis, which allows the JSON key object to be sent in the `credentials` parameter.
Not sure if I should use the New in flag elsewhere. It seemed awkward to put in the table. Thoughts, @Amruta-Ranade?
There was a problem hiding this comment.
Reviewable status:
_includes/v19.1/misc/external-urls.md, line 24 at r1 (raw file):
Previously, lhirata wrote…
Not sure if I should use the
New inflag elsewhere. It seemed awkward to put in the table. Thoughts, @Amruta-Ranade?
Hmm..I can't think of another way to include the flag. I think this looks okay.
| @@ -21,7 +21,7 @@ If your environment requires an HTTP or HTTPS proxy server for outgoing connecti | |||
|
|
|||
| <a name="considerations"></a> | |||
|
|
|||
| - <sup>1</sup> If the `AUTH` parameter is `implicit`, all GCS connections use Google's [default authentication strategy](https://cloud.google.com/docs/authentication/production#providing_credentials_to_your_application). If the `AUTH` parameter is `default`, the `cloudstorage.gs.default.key` [cluster setting](cluster-settings.html) must be set to the contents of a [service account file](https://cloud.google.com/docs/authentication/production#obtaining_and_providing_service_account_credentials_manually) which will be used during authentication. If the `AUTH` parameter is not specified, the `cloudstorage.gs.default.key` setting will be used if it is non-empty, otherwise the `implicit` behavior is used. | |||
| - <sup>1</sup>If the `AUTH` parameter is not specified, the `cloudstorage.gs.default.key` setting will be used if it is non-empty, otherwise the `implicit` behavior is used. If the `AUTH` parameter is `implicit`, all GCS connections use Google's [default authentication strategy](https://cloud.google.com/docs/authentication/production#providing_credentials_to_your_application). If the `AUTH` parameter is `default`, the `cloudstorage.gs.default.key` [cluster setting](cluster-settings.html) must be set to the contents of a [service account file](https://cloud.google.com/docs/authentication/production#obtaining_and_providing_service_account_credentials_manually) which will be used during authentication. <span class="version-tag">New in v19.1:</span> If the `AUTH` paramenter is `specified`, GCS connections are authenticated on a per-statement basis, which allows the JSON key object to be sent in the `credentials` parameter. | |||
There was a problem hiding this comment.
We should also mention that the key needs to be base64-encoded. Adding a sentence at the end like The JSON key object should be base64-encoded (using the standard encoding in RFC 4648) should be fine.
Also, I think the CREDENTIALS query param should be uppercase to match the table/the rest of the docs.
There was a problem hiding this comment.
Also, parameter is misspelled as paramenter.
There was a problem hiding this comment.
TFTRs!
Reviewable status:
_includes/v19.1/misc/external-urls.md, line 24 at r1 (raw file):
Previously, lucy-zhang (Lucy Zhang) wrote…
Also,
parameteris misspelled asparamenter.
Done.
| @@ -21,7 +21,7 @@ If your environment requires an HTTP or HTTPS proxy server for outgoing connecti | |||
|
|
|||
| <a name="considerations"></a> | |||
|
|
|||
| - <sup>1</sup> If the `AUTH` parameter is `implicit`, all GCS connections use Google's [default authentication strategy](https://cloud.google.com/docs/authentication/production#providing_credentials_to_your_application). If the `AUTH` parameter is `default`, the `cloudstorage.gs.default.key` [cluster setting](cluster-settings.html) must be set to the contents of a [service account file](https://cloud.google.com/docs/authentication/production#obtaining_and_providing_service_account_credentials_manually) which will be used during authentication. If the `AUTH` parameter is not specified, the `cloudstorage.gs.default.key` setting will be used if it is non-empty, otherwise the `implicit` behavior is used. | |||
| - <sup>1</sup>If the `AUTH` parameter is not specified, the `cloudstorage.gs.default.key` setting will be used if it is non-empty, otherwise the `implicit` behavior is used. If the `AUTH` parameter is `implicit`, all GCS connections use Google's [default authentication strategy](https://cloud.google.com/docs/authentication/production#providing_credentials_to_your_application). If the `AUTH` parameter is `default`, the `cloudstorage.gs.default.key` [cluster setting](cluster-settings.html) must be set to the contents of a [service account file](https://cloud.google.com/docs/authentication/production#obtaining_and_providing_service_account_credentials_manually) which will be used during authentication. <span class="version-tag">New in v19.1:</span> If the `AUTH` parameter is `specified`, GCS connections are authenticated on a per-statement basis, which allows the JSON key object to be sent in the `credentials` parameter. The JSON key object should be base64-encoded (using the standard encoding in [RFC 4648](https://tools.ietf.org/html/rfc4648)). | |||
There was a problem hiding this comment.
Can credentials be capitalized (in "which allows the JSON key object to be sent in the credentials parameter")?
There was a problem hiding this comment.
Reviewable status:
_includes/v19.1/misc/external-urls.md, line 24 at r2 (raw file):
Previously, lucy-zhang (Lucy Zhang) wrote…
Can
credentialsbe capitalized (in "which allows the JSON key object to be sent in thecredentialsparameter")?
Sorry, missed that before. Done.
There was a problem hiding this comment.
Reviewable status:
_includes/v19.1/misc/external-urls.md, line 24 at r3 (raw file):
<a name="considerations"></a> - <sup>1</sup>If the `AUTH` parameter is not specified, the `cloudstorage.gs.default.key` setting will be used if it is non-empty, otherwise the `implicit` behavior is used. If the `AUTH` parameter is `implicit`, all GCS connections use Google's [default authentication strategy](https://cloud.google.com/docs/authentication/production#providing_credentials_to_your_application). If the `AUTH` parameter is `default`, the `cloudstorage.gs.default.key` [cluster setting](cluster-settings.html) must be set to the contents of a [service account file](https://cloud.google.com/docs/authentication/production#obtaining_and_providing_service_account_credentials_manually) which will be used during authentication. <span class="version-tag">New in v19.1:</span> If the `AUTH` parameter is `specified`, GCS connections are authenticated on a per-statement basis, which allows the JSON key object to be sent in the `CREDENTIALS` parameter. The JSON key object should be base64-encoded (using the standard encoding in [RFC 4648](https://tools.ietf.org/html/rfc4648)).
nit: change setting to cluster setting and make it a link to cluster-settings.html.
Closes #4173. Edits based on Lucy / Amruta's feedback Edit based on feedback
Closes #4173.