gaborgsomogyi commented on code in PR #27788: URL: https://github.com/apache/flink/pull/27788#discussion_r3247532987
########## flink-filesystems/flink-s3-fs-native/src/main/java/org/apache/flink/fs/s3native/BucketConfigProvider.java: ########## @@ -0,0 +1,182 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.flink.fs.s3native; + +import org.apache.flink.annotation.Internal; +import org.apache.flink.annotation.VisibleForTesting; +import org.apache.flink.configuration.Configuration; +import org.apache.flink.configuration.IllegalConfigurationException; +import org.apache.flink.util.StringUtils; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import javax.annotation.Nullable; + +import java.util.Collections; +import java.util.Comparator; +import java.util.HashMap; +import java.util.LinkedHashMap; +import java.util.List; +import java.util.Map; +import java.util.function.BiConsumer; +import java.util.stream.Collectors; + +/** + * Parses bucket-specific S3 configuration using format {@code s3.bucket.<bucket-name>.<property>}. + * + * <p>Enables per-bucket overrides for endpoints, credentials, encryption, and IAM roles. Bucket + * names containing dots are supported; properties are matched by longest suffix first. + * + * <p>Immutable and thread-safe after construction. + */ +@Internal +final class BucketConfigProvider { + + private static final Logger LOG = LoggerFactory.getLogger(BucketConfigProvider.class); + static final String BUCKET_CONFIG_PREFIX = "s3.bucket."; + static final Map<String, BiConsumer<S3BucketConfig.Builder, String>> PROPERTY_APPLICATORS; + static final List<String> KNOWN_PROPERTIES_BY_LENGTH; + + static { + final Map<String, BiConsumer<S3BucketConfig.Builder, String>> applicators = + new LinkedHashMap<>(); + applicators.put("access-key", (b, v) -> b.accessKey(v)); Review Comment: ```suggestion applicators.put("access-key", S3BucketConfig.Builder::accessKey); ``` ########## flink-filesystems/flink-s3-fs-native/src/main/java/org/apache/flink/fs/s3native/BucketConfigProvider.java: ########## @@ -0,0 +1,182 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.flink.fs.s3native; + +import org.apache.flink.annotation.Internal; +import org.apache.flink.annotation.VisibleForTesting; +import org.apache.flink.configuration.Configuration; +import org.apache.flink.configuration.IllegalConfigurationException; +import org.apache.flink.util.StringUtils; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import javax.annotation.Nullable; + +import java.util.Collections; +import java.util.Comparator; +import java.util.HashMap; +import java.util.LinkedHashMap; +import java.util.List; +import java.util.Map; +import java.util.function.BiConsumer; +import java.util.stream.Collectors; + +/** + * Parses bucket-specific S3 configuration using format {@code s3.bucket.<bucket-name>.<property>}. + * + * <p>Enables per-bucket overrides for endpoints, credentials, encryption, and IAM roles. Bucket + * names containing dots are supported; properties are matched by longest suffix first. + * + * <p>Immutable and thread-safe after construction. + */ +@Internal +final class BucketConfigProvider { + + private static final Logger LOG = LoggerFactory.getLogger(BucketConfigProvider.class); + static final String BUCKET_CONFIG_PREFIX = "s3.bucket."; + static final Map<String, BiConsumer<S3BucketConfig.Builder, String>> PROPERTY_APPLICATORS; + static final List<String> KNOWN_PROPERTIES_BY_LENGTH; + + static { + final Map<String, BiConsumer<S3BucketConfig.Builder, String>> applicators = + new LinkedHashMap<>(); + applicators.put("access-key", (b, v) -> b.accessKey(v)); + applicators.put("assume-role.arn", (b, v) -> b.assumeRoleArn(v)); + applicators.put("assume-role.external-id", (b, v) -> b.assumeRoleExternalId(v)); + applicators.put( + "assume-role.session-duration", + (b, v) -> { + try { + b.assumeRoleSessionDurationSeconds(Integer.parseInt(v)); + } catch (NumberFormatException e) { + throw new IllegalConfigurationException( + String.format( + "Invalid assume-role.session-duration '%s' for bucket '%s'. " + + "Must be a valid integer (e.g., 3600)", + v, b.getBucketName()), + e); + } + }); + applicators.put("assume-role.session-name", (b, v) -> b.assumeRoleSessionName(v)); + applicators.put("credentials.provider", (b, v) -> b.credentialsProvider(v)); + applicators.put("endpoint", (b, v) -> b.endpoint(v)); + applicators.put("path-style-access", (b, v) -> b.pathStyleAccess(Boolean.parseBoolean(v))); + applicators.put("region", (b, v) -> b.region(v)); + applicators.put("sse.kms-key-id", (b, v) -> b.sseKmsKeyId(v)); Review Comment: Global option (NativeS3FileSystemFactory.java:191): s3.sse.kms.key-id Bucket-level property (BucketConfigProvider.java:82): sse.kms-key-id ########## flink-filesystems/flink-s3-fs-native/src/main/java/org/apache/flink/fs/s3native/S3BucketConfig.java: ########## @@ -0,0 +1,329 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.flink.fs.s3native; + +import org.apache.flink.annotation.Internal; +import org.apache.flink.configuration.GlobalConfiguration; +import org.apache.flink.configuration.IllegalConfigurationException; +import org.apache.flink.util.StringUtils; + +import javax.annotation.Nullable; + +import java.util.Objects; + +/** + * Immutable, bucket-specific S3 configuration overrides. + * + * <p>Null values indicate inheritance from global configuration. Only explicitly configured values + * are non-null. Configuration format: {@code s3.bucket.<bucket-name>.<property>} + * + * <p>Validates that credentials (access-key/secret-key) are either both set or both absent. + */ +@Internal +final class S3BucketConfig { + + private final String bucketName; + @Nullable private final String region; + @Nullable private final String endpoint; + @Nullable private final Boolean pathStyleAccess; + @Nullable private final String accessKey; + @Nullable private final String secretKey; + @Nullable private final String sseType; + @Nullable private final String sseKmsKeyId; + @Nullable private final String assumeRoleArn; + @Nullable private final String assumeRoleExternalId; + @Nullable private final String assumeRoleSessionName; + @Nullable private final Integer assumeRoleSessionDurationSeconds; + @Nullable private final String credentialsProvider; + + private S3BucketConfig(Builder builder) { + this.bucketName = builder.bucketName; + this.region = builder.region; + this.endpoint = builder.endpoint; + this.pathStyleAccess = builder.pathStyleAccess; + this.accessKey = builder.accessKey; + this.secretKey = builder.secretKey; + this.sseType = builder.sseType; + this.sseKmsKeyId = builder.sseKmsKeyId; + this.assumeRoleArn = builder.assumeRoleArn; + this.assumeRoleExternalId = builder.assumeRoleExternalId; + this.assumeRoleSessionName = builder.assumeRoleSessionName; + this.assumeRoleSessionDurationSeconds = builder.assumeRoleSessionDurationSeconds; + this.credentialsProvider = builder.credentialsProvider; + } + + String getBucketName() { + return bucketName; + } + + @Nullable + String getRegion() { + return region; + } + + @Nullable + String getEndpoint() { + return endpoint; + } + + @Nullable + Boolean getPathStyleAccess() { + return pathStyleAccess; + } + + @Nullable + String getAccessKey() { + return accessKey; + } + + @Nullable + String getSecretKey() { + return secretKey; + } + + @Nullable + String getSseType() { + return sseType; + } + + @Nullable + String getSseKmsKeyId() { + return sseKmsKeyId; + } + + @Nullable + String getAssumeRoleArn() { + return assumeRoleArn; + } + + @Nullable + String getAssumeRoleExternalId() { + return assumeRoleExternalId; + } + + @Nullable + String getAssumeRoleSessionName() { + return assumeRoleSessionName; + } + + @Nullable + Integer getAssumeRoleSessionDurationSeconds() { + return assumeRoleSessionDurationSeconds; + } + + @Nullable + String getCredentialsProvider() { + return credentialsProvider; + } + + boolean hasAnyOverride() { + return region != null + || endpoint != null + || pathStyleAccess != null + || accessKey != null + || secretKey != null + || sseType != null + || sseKmsKeyId != null + || assumeRoleArn != null + || assumeRoleExternalId != null + || assumeRoleSessionName != null + || assumeRoleSessionDurationSeconds != null + || credentialsProvider != null; + } + + @Override + public boolean equals(Object o) { + if (this == o) { + return true; + } + if (o == null || getClass() != o.getClass()) { + return false; + } + S3BucketConfig that = (S3BucketConfig) o; + return Objects.equals(bucketName, that.bucketName) + && Objects.equals(region, that.region) + && Objects.equals(endpoint, that.endpoint) + && Objects.equals(pathStyleAccess, that.pathStyleAccess) + && Objects.equals(accessKey, that.accessKey) + && Objects.equals(secretKey, that.secretKey) + && Objects.equals(sseType, that.sseType) + && Objects.equals(sseKmsKeyId, that.sseKmsKeyId) + && Objects.equals(assumeRoleArn, that.assumeRoleArn) + && Objects.equals(assumeRoleExternalId, that.assumeRoleExternalId) + && Objects.equals(assumeRoleSessionName, that.assumeRoleSessionName) + && Objects.equals( + assumeRoleSessionDurationSeconds, that.assumeRoleSessionDurationSeconds) + && Objects.equals(credentialsProvider, that.credentialsProvider); + } + + @Override + public int hashCode() { + return Objects.hash( + bucketName, + region, + endpoint, + pathStyleAccess, + accessKey, + secretKey, + sseType, + sseKmsKeyId, + assumeRoleArn, + assumeRoleExternalId, + assumeRoleSessionName, + assumeRoleSessionDurationSeconds, + credentialsProvider); + } + + @Override + public String toString() { Review Comment: I think toString is not complete. While we add the missing it's good to know that many organizations treat KMS key ARNs as sensitive metadata. ########## flink-filesystems/flink-s3-fs-native/src/main/java/org/apache/flink/fs/s3native/BucketConfigProvider.java: ########## @@ -0,0 +1,182 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.flink.fs.s3native; + +import org.apache.flink.annotation.Internal; +import org.apache.flink.annotation.VisibleForTesting; +import org.apache.flink.configuration.Configuration; +import org.apache.flink.configuration.IllegalConfigurationException; +import org.apache.flink.util.StringUtils; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import javax.annotation.Nullable; + +import java.util.Collections; +import java.util.Comparator; +import java.util.HashMap; +import java.util.LinkedHashMap; +import java.util.List; +import java.util.Map; +import java.util.function.BiConsumer; +import java.util.stream.Collectors; + +/** + * Parses bucket-specific S3 configuration using format {@code s3.bucket.<bucket-name>.<property>}. + * + * <p>Enables per-bucket overrides for endpoints, credentials, encryption, and IAM roles. Bucket + * names containing dots are supported; properties are matched by longest suffix first. + * + * <p>Immutable and thread-safe after construction. + */ +@Internal +final class BucketConfigProvider { + + private static final Logger LOG = LoggerFactory.getLogger(BucketConfigProvider.class); + static final String BUCKET_CONFIG_PREFIX = "s3.bucket."; + static final Map<String, BiConsumer<S3BucketConfig.Builder, String>> PROPERTY_APPLICATORS; + static final List<String> KNOWN_PROPERTIES_BY_LENGTH; + + static { + final Map<String, BiConsumer<S3BucketConfig.Builder, String>> applicators = + new LinkedHashMap<>(); + applicators.put("access-key", (b, v) -> b.accessKey(v)); + applicators.put("assume-role.arn", (b, v) -> b.assumeRoleArn(v)); + applicators.put("assume-role.external-id", (b, v) -> b.assumeRoleExternalId(v)); + applicators.put( + "assume-role.session-duration", + (b, v) -> { + try { + b.assumeRoleSessionDurationSeconds(Integer.parseInt(v)); + } catch (NumberFormatException e) { + throw new IllegalConfigurationException( + String.format( + "Invalid assume-role.session-duration '%s' for bucket '%s'. " + + "Must be a valid integer (e.g., 3600)", + v, b.getBucketName()), + e); + } + }); + applicators.put("assume-role.session-name", (b, v) -> b.assumeRoleSessionName(v)); + applicators.put("credentials.provider", (b, v) -> b.credentialsProvider(v)); + applicators.put("endpoint", (b, v) -> b.endpoint(v)); + applicators.put("path-style-access", (b, v) -> b.pathStyleAccess(Boolean.parseBoolean(v))); Review Comment: Boolean.parseBoolean("treu") returns false without error. The global PATH_STYLE_ACCESS config option is properly typed via ConfigOptions.booleanType() so it rejects invalid values. ########## flink-filesystems/flink-s3-fs-native/src/main/java/org/apache/flink/fs/s3native/BucketConfigProvider.java: ########## @@ -0,0 +1,182 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.flink.fs.s3native; + +import org.apache.flink.annotation.Internal; +import org.apache.flink.annotation.VisibleForTesting; +import org.apache.flink.configuration.Configuration; +import org.apache.flink.configuration.IllegalConfigurationException; +import org.apache.flink.util.StringUtils; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import javax.annotation.Nullable; + +import java.util.Collections; +import java.util.Comparator; +import java.util.HashMap; +import java.util.LinkedHashMap; +import java.util.List; +import java.util.Map; +import java.util.function.BiConsumer; +import java.util.stream.Collectors; + +/** + * Parses bucket-specific S3 configuration using format {@code s3.bucket.<bucket-name>.<property>}. + * + * <p>Enables per-bucket overrides for endpoints, credentials, encryption, and IAM roles. Bucket + * names containing dots are supported; properties are matched by longest suffix first. + * + * <p>Immutable and thread-safe after construction. + */ +@Internal +final class BucketConfigProvider { + + private static final Logger LOG = LoggerFactory.getLogger(BucketConfigProvider.class); + static final String BUCKET_CONFIG_PREFIX = "s3.bucket."; + static final Map<String, BiConsumer<S3BucketConfig.Builder, String>> PROPERTY_APPLICATORS; + static final List<String> KNOWN_PROPERTIES_BY_LENGTH; + + static { + final Map<String, BiConsumer<S3BucketConfig.Builder, String>> applicators = + new LinkedHashMap<>(); + applicators.put("access-key", (b, v) -> b.accessKey(v)); + applicators.put("assume-role.arn", (b, v) -> b.assumeRoleArn(v)); + applicators.put("assume-role.external-id", (b, v) -> b.assumeRoleExternalId(v)); + applicators.put( + "assume-role.session-duration", + (b, v) -> { + try { + b.assumeRoleSessionDurationSeconds(Integer.parseInt(v)); + } catch (NumberFormatException e) { + throw new IllegalConfigurationException( + String.format( + "Invalid assume-role.session-duration '%s' for bucket '%s'. " + + "Must be a valid integer (e.g., 3600)", + v, b.getBucketName()), + e); + } + }); + applicators.put("assume-role.session-name", (b, v) -> b.assumeRoleSessionName(v)); + applicators.put("credentials.provider", (b, v) -> b.credentialsProvider(v)); + applicators.put("endpoint", (b, v) -> b.endpoint(v)); + applicators.put("path-style-access", (b, v) -> b.pathStyleAccess(Boolean.parseBoolean(v))); + applicators.put("region", (b, v) -> b.region(v)); + applicators.put("sse.kms-key-id", (b, v) -> b.sseKmsKeyId(v)); + applicators.put("sse.type", (b, v) -> b.sseType(v)); + applicators.put("secret-key", (b, v) -> b.secretKey(v)); + PROPERTY_APPLICATORS = Collections.unmodifiableMap(applicators); + + KNOWN_PROPERTIES_BY_LENGTH = + applicators.keySet().stream() + .sorted(Comparator.comparingInt(String::length).reversed()) + .collect(Collectors.toList()); + } + + private final Map<String, S3BucketConfig> bucketConfigs; + + BucketConfigProvider(Configuration flinkConfig) { + this.bucketConfigs = Collections.unmodifiableMap(parseBucketConfigs(flinkConfig)); + } + + @Nullable + S3BucketConfig getBucketConfig(String bucketName) { + return bucketConfigs.get(bucketName); + } + + @VisibleForTesting + boolean hasBucketConfig(String bucketName) { + return bucketConfigs.containsKey(bucketName); + } + + @VisibleForTesting + int size() { + return bucketConfigs.size(); + } + + private static Map<String, S3BucketConfig> parseBucketConfigs(Configuration flinkConfig) { + final Map<String, Map<String, String>> rawConfigs = new HashMap<>(); + + for (final String key : flinkConfig.keySet()) { + if (!key.startsWith(BUCKET_CONFIG_PREFIX)) { + continue; + } + final String suffix = key.substring(BUCKET_CONFIG_PREFIX.length()); + if (StringUtils.isNullOrWhitespaceOnly(suffix)) { + continue; + } + final String value = flinkConfig.getString(key, null); + if (StringUtils.isNullOrWhitespaceOnly(value)) { + continue; + } + + for (final String prop : KNOWN_PROPERTIES_BY_LENGTH) { + if (suffix.endsWith("." + prop)) { + final String bucketName = + suffix.substring(0, suffix.length() - prop.length() - 1); + if (StringUtils.isNullOrWhitespaceOnly(bucketName)) { + LOG.warn( + "Ignoring bucket config key '{}': " + + "resolved bucket name is empty (missing bucket name between " + + "'s3.bucket.' prefix and '.{}' property?).", + key, + prop); + } else { + rawConfigs + .computeIfAbsent(bucketName, k -> new HashMap<>()) + .put(prop, value); + } + break; + } + } Review Comment: If a user writes `s3.bucket.my-bucket.typo-region=eu-west-1`, the key passes the `startsWith("s3.bucket.")` check, iterates over `KNOWN_PROPERTIES_BY_LENGTH`, matches nothing, and is discarded with no warning. A single `LOG.warn("Ignoring unrecognized bucket config key '{}'", key)` in the loop's else branch (after the loop exits without a match) would catch common typos. ########## flink-filesystems/flink-s3-fs-native/src/main/java/org/apache/flink/fs/s3native/BucketConfigProvider.java: ########## @@ -0,0 +1,182 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.flink.fs.s3native; + +import org.apache.flink.annotation.Internal; +import org.apache.flink.annotation.VisibleForTesting; +import org.apache.flink.configuration.Configuration; +import org.apache.flink.configuration.IllegalConfigurationException; +import org.apache.flink.util.StringUtils; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import javax.annotation.Nullable; + +import java.util.Collections; +import java.util.Comparator; +import java.util.HashMap; +import java.util.LinkedHashMap; +import java.util.List; +import java.util.Map; +import java.util.function.BiConsumer; +import java.util.stream.Collectors; + +/** + * Parses bucket-specific S3 configuration using format {@code s3.bucket.<bucket-name>.<property>}. + * + * <p>Enables per-bucket overrides for endpoints, credentials, encryption, and IAM roles. Bucket + * names containing dots are supported; properties are matched by longest suffix first. + * + * <p>Immutable and thread-safe after construction. + */ +@Internal +final class BucketConfigProvider { + + private static final Logger LOG = LoggerFactory.getLogger(BucketConfigProvider.class); + static final String BUCKET_CONFIG_PREFIX = "s3.bucket."; + static final Map<String, BiConsumer<S3BucketConfig.Builder, String>> PROPERTY_APPLICATORS; + static final List<String> KNOWN_PROPERTIES_BY_LENGTH; + + static { + final Map<String, BiConsumer<S3BucketConfig.Builder, String>> applicators = + new LinkedHashMap<>(); + applicators.put("access-key", (b, v) -> b.accessKey(v)); + applicators.put("assume-role.arn", (b, v) -> b.assumeRoleArn(v)); + applicators.put("assume-role.external-id", (b, v) -> b.assumeRoleExternalId(v)); + applicators.put( + "assume-role.session-duration", + (b, v) -> { + try { + b.assumeRoleSessionDurationSeconds(Integer.parseInt(v)); + } catch (NumberFormatException e) { + throw new IllegalConfigurationException( + String.format( + "Invalid assume-role.session-duration '%s' for bucket '%s'. " + + "Must be a valid integer (e.g., 3600)", + v, b.getBucketName()), + e); + } + }); + applicators.put("assume-role.session-name", (b, v) -> b.assumeRoleSessionName(v)); + applicators.put("credentials.provider", (b, v) -> b.credentialsProvider(v)); Review Comment: Global option (NativeS3FileSystemFactory.java:287): fs.s3.aws.credentials.provider Bucket-level property (BucketConfigProvider.java:78): credentials.provider ########## flink-filesystems/flink-s3-fs-native/src/main/java/org/apache/flink/fs/s3native/BucketConfigProvider.java: ########## @@ -0,0 +1,182 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.flink.fs.s3native; + +import org.apache.flink.annotation.Internal; +import org.apache.flink.annotation.VisibleForTesting; +import org.apache.flink.configuration.Configuration; +import org.apache.flink.configuration.IllegalConfigurationException; +import org.apache.flink.util.StringUtils; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import javax.annotation.Nullable; + +import java.util.Collections; +import java.util.Comparator; +import java.util.HashMap; +import java.util.LinkedHashMap; +import java.util.List; +import java.util.Map; +import java.util.function.BiConsumer; +import java.util.stream.Collectors; + +/** + * Parses bucket-specific S3 configuration using format {@code s3.bucket.<bucket-name>.<property>}. + * + * <p>Enables per-bucket overrides for endpoints, credentials, encryption, and IAM roles. Bucket + * names containing dots are supported; properties are matched by longest suffix first. + * + * <p>Immutable and thread-safe after construction. + */ +@Internal +final class BucketConfigProvider { + + private static final Logger LOG = LoggerFactory.getLogger(BucketConfigProvider.class); + static final String BUCKET_CONFIG_PREFIX = "s3.bucket."; + static final Map<String, BiConsumer<S3BucketConfig.Builder, String>> PROPERTY_APPLICATORS; + static final List<String> KNOWN_PROPERTIES_BY_LENGTH; + + static { + final Map<String, BiConsumer<S3BucketConfig.Builder, String>> applicators = + new LinkedHashMap<>(); + applicators.put("access-key", (b, v) -> b.accessKey(v)); Review Comment: This simplification can be applied to all other `applicators` -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
