rustyrazorblade commented on code in PR #212:
URL:
https://github.com/apache/cassandra-analytics/pull/212#discussion_r3318997168
##########
cassandra-analytics-core/src/main/java/org/apache/cassandra/spark/transports/storage/StorageCredentialPair.java:
##########
@@ -24,51 +24,105 @@
import o.a.c.sidecar.client.shaded.common.data.RestoreJobSecrets;
/**
- * A class representing the pair of credentials needed to complete an
analytics operation using the Storage transport.
- * It is possible that both credentials (read and write) are the same, but
also that they could represent
- * the credentials needed for two different buckets when using cross-region
synchronization to transfer data
- * between regions.
+ * A class representing the pair of auth configurations needed to complete an
analytics operation using the
+ * Storage transport. It is possible that both read and write auth are the
same, but they could also represent
+ * different buckets when using cross-region synchronization to transfer data
between regions.
+ *
+ * <p>The auth field is a {@link StorageAuth}, either:
+ * <ul>
+ * <li>{@link StorageCredentials} — explicit STS credentials for static
auth</li>
+ * <li>{@link IamStorageAuth} — no static credentials; the sidecar and Spark
executors use the AWS SDK
+ * default provider chain (instance profile / IRSA / ECS task role)</li>
+ * </ul>
+ *
+ * <p>For IAM mode use {@link #iamPair(String, String)}. The library wires the
correct sidecar payload
+ * automatically when {@code STORAGE_CREDENTIAL_TYPE=IAM} is set.
*/
public class StorageCredentialPair
{
private final String writeRegion;
- public final StorageCredentials writeCredentials;
+ private final StorageAuth writeAuth;
private final String readRegion;
- public final StorageCredentials readCredentials;
+ private final StorageAuth readAuth;
+
+ /**
+ * Creates a {@link StorageCredentialPair} for IAM instance profile mode.
+ * The credentials fields are null; only the regions are required so the
sidecar can route requests.
+ *
+ * @param writeRegion the AWS region for the write (upload) bucket
+ * @param readRegion the AWS region for the read (download) bucket
+ * @return a region-only pair suitable for use with {@code
STORAGE_CREDENTIAL_TYPE=IAM}
+ */
+ public static StorageCredentialPair iamPair(String writeRegion, String
readRegion)
Review Comment:
Done.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
