[
https://issues.apache.org/jira/browse/BEAM-4729?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16537427#comment-16537427
]
Luke Cwik commented on BEAM-4729:
---------------------------------
Unless we want to design and build/integrate a KMS solution for Apache Beam. We
should follow the same pattern that the AWS module does and allow for users to
specify the credentials provider:
https://github.com/apache/beam/blob/a8eaa1b3ec0544de8b56dd504bc249d4c1a2017f/sdks/java/io/amazon-web-services/src/main/java/org/apache/beam/sdk/io/aws/options/AwsModule.java#L79
We currently have a really outdated *CredentialFactory* class:
[https://github.com/apache/beam/blob/451af5133bc0a6416afa7b1844833c153f510181/sdks/java/extensions/google-cloud-platform-core/src/main/java/org/apache/beam/sdk/extensions/gcp/auth/CredentialFactory.java]
We should consider replacing this with the CredentialsProvider implementation
that is part of GAX
[http://googleapis.github.io/gax-java/1.28.0/apidocs/com/google/api/gax/core/CredentialsProvider.html]
instead of rolling our own.
Regardless of which credentials provider we use, we'll need to create one which
is able to serialize the credentials through in a way which is likely going to
follow one of the simple credentials provider classes like
*AWSStaticCredentialsProvider* or something similar.
> Conditionally propagate local GCS credentials to locally spawned docker
> images.
> -------------------------------------------------------------------------------
>
> Key: BEAM-4729
> URL: https://issues.apache.org/jira/browse/BEAM-4729
> Project: Beam
> Issue Type: Task
> Components: sdk-java-harness
> Reporter: Robert Bradshaw
> Assignee: Luke Cwik
> Priority: Major
>
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
