jorisvandenbossche commented on a change in pull request #10088:
URL: https://github.com/apache/arrow/pull/10088#discussion_r629214182
##########
File path: python/pyarrow/_s3fs.pyx
##########
@@ -74,6 +74,13 @@ cdef class S3FileSystem(FileSystem):
Whether to connect anonymously if access_key and secret_key are None.
If true, will not attempt to look up credentials using standard AWS
configuration methods.
+ use_web_identity: boolean, default False
+ Whether to connect using an assumed role authenticated using
+ a web identity token. The required settings are derived from
+ environment variables such as AWS_ROLE_ARN,
+ AWS_WEB_IDENTITY_TOKEN_FILE and AWS_ROLE_SESSION_NAME.
+ If true, will not attempt to look up credentials using other
+ AWS configuration methods.
Review comment:
The Python changes in this PR are not needed for backwards
compatibility? (since those are new options)
So assuming we refactor the python options to use a generic `auth`
parameter, then this PR with new functionality should directly use that new
parameter, and not introduce a new `use_web_identity` keyword that would then
later need to be deprecated.
So for this PR, I think either remove any Python bindings in this PR (and
keep this PR to only add the C++ functionality, and later do a follow-up PR to
add the python bindings) or either first do a precursor PR to refactor the
options to use `auth` (and then afterwards this PR can be updated to add the
web identity functionality into an `auth` keyword).
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
