This is an automated email from the ASF dual-hosted git repository.
yiguolei pushed a commit to branch branch-4.1
in repository https://gitbox.apache.org/repos/asf/doris.git
The following commit(s) were added to refs/heads/branch-4.1 by this push:
new f63b7fd6bd8 branch-4.1: [improvement](cloud) Support configurable S3
credentials providers #62788 (#63680)
f63b7fd6bd8 is described below
commit f63b7fd6bd8da036328e44ad608afcdb60890546
Author: Yixuan Wang <[email protected]>
AuthorDate: Wed May 27 11:32:46 2026 +0800
branch-4.1: [improvement](cloud) Support configurable S3 credentials
providers #62788 (#63680)
pick: https://github.com/apache/doris/pull/62788
---
be/src/util/s3_util.cpp | 10 ++++
cloud/src/meta-service/meta_service_resource.cpp | 28 +++++----
cloud/src/recycler/s3_accessor.cpp | 41 ++++++++++---
cloud/src/recycler/s3_accessor.h | 3 +
common/cpp/aws_common.cpp | 12 +++-
.../org/apache/doris/catalog/S3StorageVault.java | 4 +-
.../datasource/property/storage/S3Properties.java | 68 +++++++++++++++++++++-
.../property/storage/S3PropertiesTest.java | 32 ++++++++++
gensrc/proto/cloud.proto | 5 ++
gensrc/thrift/AgentService.thrift | 7 ++-
10 files changed, 185 insertions(+), 25 deletions(-)
diff --git a/be/src/util/s3_util.cpp b/be/src/util/s3_util.cpp
index 2013c3c4b74..d977b0aca87 100644
--- a/be/src/util/s3_util.cpp
+++ b/be/src/util/s3_util.cpp
@@ -626,6 +626,16 @@ static CredProviderType
cred_provider_type_from_thrift(TCredProviderType::type c
return CredProviderType::Simple;
case TCredProviderType::INSTANCE_PROFILE:
return CredProviderType::InstanceProfile;
+ case TCredProviderType::ENV:
+ return CredProviderType::Env;
+ case TCredProviderType::SYSTEM_PROPERTIES:
+ return CredProviderType::SystemProperties;
+ case TCredProviderType::WEB_IDENTITY:
+ return CredProviderType::WebIdentity;
+ case TCredProviderType::CONTAINER:
+ return CredProviderType::Container;
+ case TCredProviderType::ANONYMOUS:
+ return CredProviderType::Anonymous;
default:
__builtin_unreachable();
LOG(WARNING) << "Invalid TCredProviderType value: " <<
cred_provider_type
diff --git a/cloud/src/meta-service/meta_service_resource.cpp
b/cloud/src/meta-service/meta_service_resource.cpp
index b4e5e0d0b15..1c511488673 100644
--- a/cloud/src/meta-service/meta_service_resource.cpp
+++ b/cloud/src/meta-service/meta_service_resource.cpp
@@ -59,6 +59,11 @@ bool is_valid_storage_vault_name(const std::string& str) {
namespace doris::cloud {
+static CredProviderTypePB get_cred_provider_type(const ObjectStoreInfoPB& obj)
{
+ return obj.has_cred_provider_type() ? obj.cred_provider_type()
+ : CredProviderTypePB::INSTANCE_PROFILE;
+}
+
static std::string_view print_cluster_status(const ClusterStatus& status) {
switch (status) {
case ClusterStatus::UNKNOWN:
@@ -679,12 +684,11 @@ static void create_object_info_with_encrypt(const
InstanceInfoPB& instance, Obje
std::string region = obj->has_region() ? obj->region() : "";
if (obj->has_role_arn()) {
- if (obj->role_arn().empty() || !obj->has_cred_provider_type() ||
- obj->cred_provider_type() != CredProviderTypePB::INSTANCE_PROFILE
||
- !obj->has_provider() || obj->provider() != ObjectStoreInfoPB::S3
|| bucket.empty() ||
- endpoint.empty() || region.empty()) {
+ if (obj->role_arn().empty() || !obj->has_cred_provider_type() ||
!obj->has_provider() ||
+ obj->provider() != ObjectStoreInfoPB::S3 || bucket.empty() ||
endpoint.empty() ||
+ region.empty()) {
code = MetaServiceCode::INVALID_ARGUMENT;
- msg = "s3 conf info err with role_arn, please check it";
+ msg = "s3 conf info err with role_arn or cred provider, please
check it";
return;
}
} else {
@@ -1037,7 +1041,7 @@ static int alter_s3_storage_vault(InstanceInfoPB&
instance, std::unique_ptr<Tran
new_vault.mutable_obj_info()->clear_encryption_info();
new_vault.mutable_obj_info()->set_role_arn(obj_info.role_arn());
-
new_vault.mutable_obj_info()->set_cred_provider_type(CredProviderTypePB::INSTANCE_PROFILE);
+
new_vault.mutable_obj_info()->set_cred_provider_type(get_cred_provider_type(obj_info));
if (obj_info.has_external_id()) {
new_vault.mutable_obj_info()->set_external_id(obj_info.external_id());
}
@@ -1170,7 +1174,7 @@ static ObjectStoreInfoPB
object_info_pb_factory(ObjectStorageDesc& obj_desc,
} else {
last_item.set_role_arn(role_arn);
last_item.set_external_id(external_id);
- last_item.set_cred_provider_type(CredProviderTypePB::INSTANCE_PROFILE);
+ last_item.set_cred_provider_type(get_cred_provider_type(obj));
}
last_item.set_bucket(bucket);
// format prefix, such as `/aa/bb/`, `aa/bb//`, `//aa/bb`, ` /aa/bb` ->
`aa/bb`
@@ -1330,9 +1334,8 @@ void
MetaServiceImpl::alter_storage_vault(google::protobuf::RpcController* contr
}
if (!role_arn.empty()) {
- if (!obj.has_cred_provider_type() ||
- obj.cred_provider_type() !=
CredProviderTypePB::INSTANCE_PROFILE ||
- !obj.has_provider() || obj.provider() !=
ObjectStoreInfoPB::S3) {
+ if (!obj.has_cred_provider_type() || !obj.has_provider() ||
+ obj.provider() != ObjectStoreInfoPB::S3) {
code = MetaServiceCode::INVALID_ARGUMENT;
msg = "s3 conf info err with role_arn, please check it";
return;
@@ -1627,7 +1630,8 @@ void
MetaServiceImpl::alter_obj_store_info(google::protobuf::RpcController* cont
return;
}
- if (it.role_arn() == role_arn && it.external_id() ==
external_id) {
+ if (it.role_arn() == role_arn && it.external_id() ==
external_id &&
+ get_cred_provider_type(it) ==
get_cred_provider_type(request->obj())) {
// not change, just return ok
code = MetaServiceCode::OK;
msg = "ak/sk not changed";
@@ -1639,7 +1643,7 @@ void
MetaServiceImpl::alter_obj_store_info(google::protobuf::RpcController* cont
it.set_role_arn(role_arn);
it.set_external_id(external_id);
-
it.set_cred_provider_type(CredProviderTypePB::INSTANCE_PROFILE);
+
it.set_cred_provider_type(get_cred_provider_type(request->obj()));
}
auto now_time = std::chrono::system_clock::now();
diff --git a/cloud/src/recycler/s3_accessor.cpp
b/cloud/src/recycler/s3_accessor.cpp
index 0f2a7776fcc..9d0094437eb 100644
--- a/cloud/src/recycler/s3_accessor.cpp
+++ b/cloud/src/recycler/s3_accessor.cpp
@@ -20,7 +20,9 @@
#include <aws/core/auth/AWSAuthSigner.h>
#include <aws/core/auth/AWSCredentials.h>
#include <aws/core/auth/AWSCredentialsProviderChain.h>
+#include <aws/core/auth/STSCredentialsProvider.h>
#include <aws/core/client/DefaultRetryStrategy.h>
+#include <aws/core/platform/Environment.h>
#include <aws/identity-management/auth/STSAssumeRoleCredentialsProvider.h>
#include <aws/s3/S3Client.h>
#include <aws/sts/STSClient.h>
@@ -238,7 +240,12 @@ std::optional<S3Conf> S3Conf::from_obj_store_info(const
ObjectStoreInfoPB& obj_i
if (obj_info.has_role_arn() && !obj_info.role_arn().empty()) {
s3_conf.role_arn = obj_info.role_arn();
s3_conf.external_id = obj_info.external_id();
- s3_conf.cred_provider_type = CredProviderType::InstanceProfile;
+ if (obj_info.has_cred_provider_type()) {
+ s3_conf.cred_provider_type =
+
cred_provider_type_from_pb(obj_info.cred_provider_type());
+ } else {
+ s3_conf.cred_provider_type = CredProviderType::InstanceProfile;
+ }
}
}
@@ -314,6 +321,28 @@ std::shared_ptr<Aws::Auth::AWSCredentialsProvider>
S3Accessor::_get_aws_credenti
return std::make_shared<Aws::Auth::DefaultAWSCredentialsProviderChain>();
}
+std::shared_ptr<Aws::Auth::AWSCredentialsProvider>
S3Accessor::_create_credentials_provider(
+ CredProviderType type) {
+ switch (type) {
+ case CredProviderType::Env:
+ return
std::make_shared<Aws::Auth::EnvironmentAWSCredentialsProvider>();
+ case CredProviderType::SystemProperties:
+ return
std::make_shared<Aws::Auth::ProfileConfigFileAWSCredentialsProvider>();
+ case CredProviderType::WebIdentity:
+ return
std::make_shared<Aws::Auth::STSAssumeRoleWebIdentityCredentialsProvider>();
+ case CredProviderType::Container:
+ return std::make_shared<Aws::Auth::TaskRoleCredentialsProvider>(
+
Aws::Environment::GetEnv("AWS_CONTAINER_CREDENTIALS_RELATIVE_URI").c_str());
+ case CredProviderType::InstanceProfile:
+ return
std::make_shared<Aws::Auth::InstanceProfileCredentialsProvider>();
+ case CredProviderType::Anonymous:
+ return std::make_shared<Aws::Auth::AnonymousAWSCredentialsProvider>();
+ case CredProviderType::Default:
+ default:
+ return std::make_shared<CustomAwsCredentialsProviderChain>();
+ }
+}
+
std::shared_ptr<Aws::Auth::AWSCredentialsProvider>
S3Accessor::_get_aws_credentials_provider_v2(
const S3Conf& s3_conf) {
if (!s3_conf.ak.empty() && !s3_conf.sk.empty()) {
@@ -322,11 +351,7 @@ std::shared_ptr<Aws::Auth::AWSCredentialsProvider>
S3Accessor::_get_aws_credenti
return
std::make_shared<Aws::Auth::SimpleAWSCredentialsProvider>(std::move(aws_cred));
}
- if (s3_conf.cred_provider_type == CredProviderType::InstanceProfile) {
- if (s3_conf.role_arn.empty()) {
- return std::make_shared<CustomAwsCredentialsProviderChain>();
- }
-
+ if (!s3_conf.role_arn.empty()) {
Aws::Client::ClientConfiguration clientConfiguration =
S3Environment::getClientConfiguration();
if (_ca_cert_file_path.empty()) {
@@ -338,13 +363,13 @@ std::shared_ptr<Aws::Auth::AWSCredentialsProvider>
S3Accessor::_get_aws_credenti
}
auto stsClient = std::make_shared<Aws::STS::STSClient>(
- std::make_shared<CustomAwsCredentialsProviderChain>(),
clientConfiguration);
+ _create_credentials_provider(s3_conf.cred_provider_type),
clientConfiguration);
return std::make_shared<Aws::Auth::STSAssumeRoleCredentialsProvider>(
s3_conf.role_arn, Aws::String(), s3_conf.external_id,
Aws::Auth::DEFAULT_CREDS_LOAD_FREQ_SECONDS, stsClient);
}
- return std::make_shared<CustomAwsCredentialsProviderChain>();
+ return _create_credentials_provider(s3_conf.cred_provider_type);
}
std::shared_ptr<Aws::Auth::AWSCredentialsProvider>
S3Accessor::get_aws_credentials_provider(
diff --git a/cloud/src/recycler/s3_accessor.h b/cloud/src/recycler/s3_accessor.h
index 04b29481494..17242d72b7c 100644
--- a/cloud/src/recycler/s3_accessor.h
+++ b/cloud/src/recycler/s3_accessor.h
@@ -162,6 +162,9 @@ protected:
std::shared_ptr<Aws::Auth::AWSCredentialsProvider>
_get_aws_credentials_provider_v2(
const S3Conf& s3_conf);
+ std::shared_ptr<Aws::Auth::AWSCredentialsProvider>
_create_credentials_provider(
+ CredProviderType type);
+
std::shared_ptr<Aws::Auth::AWSCredentialsProvider>
get_aws_credentials_provider(
const S3Conf& s3_conf);
diff --git a/common/cpp/aws_common.cpp b/common/cpp/aws_common.cpp
index c8f5e4faf47..3c7f5a0eda5 100644
--- a/common/cpp/aws_common.cpp
+++ b/common/cpp/aws_common.cpp
@@ -29,6 +29,16 @@ CredProviderType
cred_provider_type_from_pb(cloud::CredProviderTypePB cred_provi
return CredProviderType::Simple;
case cloud::CredProviderTypePB::INSTANCE_PROFILE:
return CredProviderType::InstanceProfile;
+ case cloud::CredProviderTypePB::ENV:
+ return CredProviderType::Env;
+ case cloud::CredProviderTypePB::SYSTEM_PROPERTIES:
+ return CredProviderType::SystemProperties;
+ case cloud::CredProviderTypePB::WEB_IDENTITY:
+ return CredProviderType::WebIdentity;
+ case cloud::CredProviderTypePB::CONTAINER:
+ return CredProviderType::Container;
+ case cloud::CredProviderTypePB::ANONYMOUS:
+ return CredProviderType::Anonymous;
default:
__builtin_unreachable();
LOG(WARNING) << "Invalid CredProviderTypePB value: " <<
cred_provider_type
@@ -74,4 +84,4 @@ std::string get_valid_ca_cert_path(const
std::vector<std::string>& ca_cert_file_
}
return "";
}
-}
\ No newline at end of file
+}
diff --git
a/fe/fe-core/src/main/java/org/apache/doris/catalog/S3StorageVault.java
b/fe/fe-core/src/main/java/org/apache/doris/catalog/S3StorageVault.java
index b2a8b61fff1..d312cc0e45d 100644
--- a/fe/fe-core/src/main/java/org/apache/doris/catalog/S3StorageVault.java
+++ b/fe/fe-core/src/main/java/org/apache/doris/catalog/S3StorageVault.java
@@ -72,6 +72,7 @@ public class S3StorageVault extends StorageVault {
public static final String BUCKET = S3Properties.BUCKET;
public static final String ROLE_ARN = S3Properties.ROLE_ARN;
public static final String EXTERNAL_ID = S3Properties.EXTERNAL_ID;
+ public static final String CREDENTIALS_PROVIDER_TYPE =
S3Properties.CREDENTIALS_PROVIDER_TYPE;
}
public static final HashSet<String> ALLOW_ALTER_PROPERTIES = new
HashSet<>(Arrays.asList(
@@ -81,7 +82,8 @@ public class S3StorageVault extends StorageVault {
PropertyKey.SECRET_KEY,
PropertyKey.USE_PATH_STYLE,
PropertyKey.ROLE_ARN,
- PropertyKey.EXTERNAL_ID
+ PropertyKey.EXTERNAL_ID,
+ PropertyKey.CREDENTIALS_PROVIDER_TYPE
));
@SerializedName(value = "properties")
diff --git
a/fe/fe-core/src/main/java/org/apache/doris/datasource/property/storage/S3Properties.java
b/fe/fe-core/src/main/java/org/apache/doris/datasource/property/storage/S3Properties.java
index 9b2aa2a8c11..54a55458c37 100644
---
a/fe/fe-core/src/main/java/org/apache/doris/datasource/property/storage/S3Properties.java
+++
b/fe/fe-core/src/main/java/org/apache/doris/datasource/property/storage/S3Properties.java
@@ -441,6 +441,7 @@ public class S3Properties extends
AbstractS3CompatibleProperties {
public static final String ROLE_ARN = "s3.role_arn";
public static final String EXTERNAL_ID = "s3.external_id";
+ public static final String CREDENTIALS_PROVIDER_TYPE =
"s3.credentials_provider_type";
public static final String ROOT_PATH = "s3.root.path";
public static final String BUCKET = "s3.bucket";
public static final String VALIDITY_CHECK = "s3_validity_check";
@@ -468,6 +469,7 @@ public class S3Properties extends
AbstractS3CompatibleProperties {
public static final String ROLE_ARN = "AWS_ROLE_ARN";
public static final String EXTERNAL_ID = "AWS_EXTERNAL_ID";
+ public static final String CREDENTIALS_PROVIDER_TYPE =
"AWS_CREDENTIALS_PROVIDER_TYPE";
public static final List<String> REQUIRED_FIELDS =
Arrays.asList(ENDPOINT);
public static final List<String> FS_KEYS = Arrays.asList(ENDPOINT,
REGION, ACCESS_KEY, SECRET_KEY, TOKEN,
@@ -557,6 +559,68 @@ public class S3Properties extends
AbstractS3CompatibleProperties {
if (properties.containsKey(Env.EXTERNAL_ID)) {
properties.putIfAbsent(EXTERNAL_ID,
properties.get(Env.EXTERNAL_ID));
}
+
+ if (properties.containsKey(Env.CREDENTIALS_PROVIDER_TYPE)) {
+ properties.putIfAbsent(CREDENTIALS_PROVIDER_TYPE,
properties.get(Env.CREDENTIALS_PROVIDER_TYPE));
+ }
+ }
+
+ private static AwsCredentialsProviderMode
getCredentialsProviderMode(Map<String, String> properties,
+ AwsCredentialsProviderMode defaultMode) {
+ String mode = properties.get(CREDENTIALS_PROVIDER_TYPE);
+ if (StringUtils.isBlank(mode)) {
+ mode = properties.get(Env.CREDENTIALS_PROVIDER_TYPE);
+ }
+ if (StringUtils.isBlank(mode)) {
+ return defaultMode;
+ }
+ return AwsCredentialsProviderMode.fromString(mode);
+ }
+
+ private static CredProviderTypePB getCredProviderTypePB(Map<String,
String> properties) {
+ AwsCredentialsProviderMode mode =
getCredentialsProviderMode(properties,
+ AwsCredentialsProviderMode.INSTANCE_PROFILE);
+ switch (mode) {
+ case DEFAULT:
+ return CredProviderTypePB.DEFAULT;
+ case ENV:
+ return CredProviderTypePB.ENV;
+ case SYSTEM_PROPERTIES:
+ return CredProviderTypePB.SYSTEM_PROPERTIES;
+ case WEB_IDENTITY:
+ return CredProviderTypePB.WEB_IDENTITY;
+ case CONTAINER:
+ return CredProviderTypePB.CONTAINER;
+ case INSTANCE_PROFILE:
+ return CredProviderTypePB.INSTANCE_PROFILE;
+ case ANONYMOUS:
+ return CredProviderTypePB.ANONYMOUS;
+ default:
+ throw new IllegalArgumentException("Unsupported AWS
credentials provider mode: " + mode);
+ }
+ }
+
+ private static TCredProviderType getTCredProviderType(Map<String, String>
properties) {
+ AwsCredentialsProviderMode mode =
getCredentialsProviderMode(properties,
+ AwsCredentialsProviderMode.INSTANCE_PROFILE);
+ switch (mode) {
+ case DEFAULT:
+ return TCredProviderType.DEFAULT;
+ case ENV:
+ return TCredProviderType.ENV;
+ case SYSTEM_PROPERTIES:
+ return TCredProviderType.SYSTEM_PROPERTIES;
+ case WEB_IDENTITY:
+ return TCredProviderType.WEB_IDENTITY;
+ case CONTAINER:
+ return TCredProviderType.CONTAINER;
+ case INSTANCE_PROFILE:
+ return TCredProviderType.INSTANCE_PROFILE;
+ case ANONYMOUS:
+ return TCredProviderType.ANONYMOUS;
+ default:
+ throw new IllegalArgumentException("Unsupported AWS
credentials provider mode: " + mode);
+ }
}
private static final Pattern IPV4_PORT_PATTERN =
Pattern.compile("((?:\\d{1,3}\\.){3}\\d{1,3}:\\d{1,5})");
@@ -633,7 +697,7 @@ public class S3Properties extends
AbstractS3CompatibleProperties {
if (properties.containsKey(S3Properties.EXTERNAL_ID)) {
builder.setExternalId(properties.get(S3Properties.EXTERNAL_ID));
}
- builder.setCredProviderType(CredProviderTypePB.INSTANCE_PROFILE);
+ builder.setCredProviderType(getCredProviderTypePB(properties));
}
return builder;
@@ -647,7 +711,7 @@ public class S3Properties extends
AbstractS3CompatibleProperties {
if (properties.containsKey(S3Properties.EXTERNAL_ID)) {
s3Info.setExternalId(properties.get(S3Properties.EXTERNAL_ID));
}
- s3Info.setCredProviderType(TCredProviderType.INSTANCE_PROFILE);
+ s3Info.setCredProviderType(getTCredProviderType(properties));
}
s3Info.setEndpoint(properties.get(S3Properties.ENDPOINT));
diff --git
a/fe/fe-core/src/test/java/org/apache/doris/datasource/property/storage/S3PropertiesTest.java
b/fe/fe-core/src/test/java/org/apache/doris/datasource/property/storage/S3PropertiesTest.java
index dc1b1270a39..e44af95de8f 100644
---
a/fe/fe-core/src/test/java/org/apache/doris/datasource/property/storage/S3PropertiesTest.java
+++
b/fe/fe-core/src/test/java/org/apache/doris/datasource/property/storage/S3PropertiesTest.java
@@ -17,9 +17,13 @@
package org.apache.doris.datasource.property.storage;
+import org.apache.doris.catalog.S3StorageVault;
+import org.apache.doris.cloud.proto.Cloud.CredProviderTypePB;
import org.apache.doris.common.Config;
import org.apache.doris.common.ExceptionChecker;
import org.apache.doris.common.UserException;
+import org.apache.doris.thrift.TCredProviderType;
+import org.apache.doris.thrift.TS3StorageParam;
import com.google.common.collect.Maps;
import mockit.Expectations;
@@ -263,6 +267,34 @@ public class S3PropertiesTest {
Assertions.assertEquals("s3.us-west-2.amazonaws.com",
s3Props.getEndpoint());
}
+ @Test
+ public void testS3IamRoleCredentialsProviderTypeForCloudAndThrift() {
+ origProps.put("s3.endpoint", "s3.us-west-2.amazonaws.com");
+ origProps.put("s3.region", "us-west-2");
+ origProps.put("s3.bucket", "bucket");
+ origProps.put("s3.root.path", "root");
+ origProps.put("s3.role_arn",
"arn:aws:iam::123456789012:role/MyTestRole");
+
+ Assertions.assertEquals(CredProviderTypePB.INSTANCE_PROFILE,
+
S3Properties.getObjStoreInfoPB(origProps).getCredProviderType());
+ TS3StorageParam s3StorageParam =
S3Properties.getS3TStorageParam(origProps);
+ Assertions.assertEquals(TCredProviderType.INSTANCE_PROFILE,
s3StorageParam.getCredProviderType());
+
+ origProps.put("s3.credentials_provider_type", "container");
+ Assertions.assertEquals(CredProviderTypePB.CONTAINER,
+
S3Properties.getObjStoreInfoPB(origProps).getCredProviderType());
+ s3StorageParam = S3Properties.getS3TStorageParam(origProps);
+ Assertions.assertEquals(TCredProviderType.CONTAINER,
s3StorageParam.getCredProviderType());
+
+ origProps.remove("s3.credentials_provider_type");
+ origProps.put("AWS_CREDENTIALS_PROVIDER_TYPE", "env");
+ Assertions.assertEquals(CredProviderTypePB.ENV,
+
S3Properties.getObjStoreInfoPB(origProps).getCredProviderType());
+ s3StorageParam = S3Properties.getS3TStorageParam(origProps);
+ Assertions.assertEquals(TCredProviderType.ENV,
s3StorageParam.getCredProviderType());
+
Assertions.assertTrue(S3StorageVault.ALLOW_ALTER_PROPERTIES.contains(S3Properties.CREDENTIALS_PROVIDER_TYPE));
+ }
+
@Test
public void testGetAwsCredentialsProviderWithIamRoleAndExternalId(@Mocked
StsClientBuilder mockBuilder,
diff --git a/gensrc/proto/cloud.proto b/gensrc/proto/cloud.proto
index 710a0b0dd79..d16f30cb53f 100644
--- a/gensrc/proto/cloud.proto
+++ b/gensrc/proto/cloud.proto
@@ -269,6 +269,11 @@ enum CredProviderTypePB {
DEFAULT = 1; // DefaultAWSCredentialsProviderChain
SIMPLE = 2; // SimpleAWSCredentialsProvider, corresponding to (ak, sk)
INSTANCE_PROFILE = 3; // InstanceProfileCredentialsProvider
+ ENV = 4; // EnvironmentAWSCredentialsProvider
+ SYSTEM_PROPERTIES = 5; // SystemPropertiesCredentialsProvider
+ WEB_IDENTITY = 6; // STSAssumeRoleWebIdentityCredentialsProvider
+ CONTAINER = 7; // TaskRoleCredentialsProvider
+ ANONYMOUS = 8; // AnonymousAWSCredentialsProvider
}
message ObjectStoreInfoPB {
diff --git a/gensrc/thrift/AgentService.thrift
b/gensrc/thrift/AgentService.thrift
index 969bcfd142e..8041b8484ac 100644
--- a/gensrc/thrift/AgentService.thrift
+++ b/gensrc/thrift/AgentService.thrift
@@ -91,7 +91,12 @@ enum TCredProviderType {
// used for creating different credentials provider when creating s3client
DEFAULT = 0, // DefaultAWSCredentialsProviderChain
SIMPLE = 1, // SimpleAWSCredentialsProvider, corresponding to (ak, sk)
- INSTANCE_PROFILE = 2 // InstanceProfileCredentialsProvider
+ INSTANCE_PROFILE = 2, // InstanceProfileCredentialsProvider
+ ENV = 3, // EnvironmentAWSCredentialsProvider
+ SYSTEM_PROPERTIES = 4, // SystemPropertiesCredentialsProvider
+ WEB_IDENTITY = 5, // STSAssumeRoleWebIdentityCredentialsProvider
+ CONTAINER = 6, // TaskRoleCredentialsProvider
+ ANONYMOUS = 7 // AnonymousAWSCredentialsProvider
}
struct TS3StorageParam {
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
