Github user fmthoma commented on a diff in the pull request:
https://github.com/apache/flink/pull/6221#discussion_r199462901
--- Diff:
flink-connectors/flink-connector-kinesis/src/main/java/org/apache/flink/streaming/connectors/kinesis/config/AWSConfigConstants.java
---
@@ -45,29 +45,63 @@
/** Simply create AWS credentials by supplying the AWS access
key ID and AWS secret key in the configuration properties. */
BASIC,
+ /** Create AWS credentials by assuming a role. The credentials
for assuming the role must be supplied. **/
+ ASSUME_ROLE,
+
/** A credentials provider chain will be used that searches for
credentials in this order: ENV_VARS, SYS_PROPS, PROFILE in the AWS instance
metadata. **/
AUTO,
}
/** The AWS region of the Kinesis streams to be pulled ("us-east-1" is
used if not set). */
public static final String AWS_REGION = "aws.region";
+ /** The credential provider type to use when AWS credentials are
required (BASIC is used if not set). */
+ public static final String AWS_CREDENTIALS_PROVIDER =
"aws.credentials.provider";
+
/** The AWS access key ID to use when setting credentials provider type
to BASIC. */
- public static final String AWS_ACCESS_KEY_ID =
"aws.credentials.provider.basic.accesskeyid";
+ public static final String AWS_ACCESS_KEY_ID =
accessKeyId(AWS_CREDENTIALS_PROVIDER);
/** The AWS secret key to use when setting credentials provider type to
BASIC. */
- public static final String AWS_SECRET_ACCESS_KEY =
"aws.credentials.provider.basic.secretkey";
-
- /** The credential provider type to use when AWS credentials are
required (BASIC is used if not set). */
- public static final String AWS_CREDENTIALS_PROVIDER =
"aws.credentials.provider";
+ public static final String AWS_SECRET_ACCESS_KEY =
secretKey(AWS_CREDENTIALS_PROVIDER);
/** Optional configuration for profile path if credential provider type
is set to be PROFILE. */
- public static final String AWS_PROFILE_PATH =
"aws.credentials.provider.profile.path";
+ public static final String AWS_PROFILE_PATH =
profilePath(AWS_CREDENTIALS_PROVIDER);
/** Optional configuration for profile name if credential provider type
is set to be PROFILE. */
- public static final String AWS_PROFILE_NAME =
"aws.credentials.provider.profile.name";
+ public static final String AWS_PROFILE_NAME =
profileName(AWS_CREDENTIALS_PROVIDER);
/** The AWS endpoint for Kinesis (derived from the AWS region setting
if not set). */
public static final String AWS_ENDPOINT = "aws.endpoint";
+ public static String accessKeyId(String prefix) {
+ return prefix + ".basic.accesskeyid";
+ }
+
+ public static String secretKey(String prefix) {
+ return prefix + ".basic.secretkey";
+ }
+
+ public static String profilePath(String prefix) {
+ return prefix + ".profile.path";
+ }
+
+ public static String profileName(String prefix) {
+ return prefix + ".profile.name";
+ }
+
+ public static String roleArn(String prefix) {
--- End diff --
The reason is that you can assume a role via another role (via another
role...), so the configuration is recursive. So I introduced these methods that
build config keys based on some prefix.
But I see your point that users want to use constants to refer to config
keys, so I will add some constants for the configuration of the first role:
* `AWS_ROLE_ARN`
* `AWS_ROLE_SISSION_NAME`
* `AWS_ROLE_EXTERNAL_ID`
* `AWS_ROLE_CREDENTIALS_PROVIDER`
---
