Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Glue: Allow for assuming role for Glue #1299

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

Fokko
Copy link
Contributor

@Fokko Fokko commented Nov 6, 2024

@Fokko Fokko requested review from kevinjqliu and HonahX November 6, 2024 13:20
)
refreshable_credentials = DeferredRefreshableCredentials(
method="assume-role",
refresh_using=fetcher.fetch_credentials,
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm relying on calling an in-house webservice that will provide new credentials. As I see it, this implementation will not allow a custom implementation of refresh_using that would enable me to call the webservice.

)
from botocore.session import Session as BotoSession

botocore_session = BotoSession()
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

How about accepting a boto3.Session as input? Then the client can configure it as needed.

Copy link
Contributor Author

@Fokko Fokko Nov 6, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

First of all, thanks @cshenrik for the quick reply!

I think we could do both, so you can also configure the Glue client similar to the S3 one (it uses similar properties).

@HonahX @kevinjqliu How strong are we on only passing str's? Otherwise, I think we might start jumping through hoops to get it working (eg. do something similar as when loading a custom FileIO).

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Im leaning towards loading custom clients instead of passing everything through properties. Every time we add another property, we need to map a name, a possible default, and pass to the underlying object.

The logic above is already pretty complicated, might as well split it out and call it something like RefreshableGlueClient

credentials = Credentials(
access_key=get_first_property_value(properties, GLUE_ACCESS_KEY_ID, AWS_ACCESS_KEY_ID),
secret_key=get_first_property_value(properties, GLUE_SECRET_ACCESS_KEY, AWS_SECRET_ACCESS_KEY),
token=get_first_property_value(properties, GLUE_SESSION_TOKEN, AWS_SESSION_TOKEN),
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

took me a long time to find this, but it looks like token is correct here
https://github.com/boto/botocore/blob/179e8b5361cd83d4c4acdf0c1bc1708b4a6966e9/botocore/session.py#L944-L948

)
from botocore.session import Session as BotoSession

botocore_session = BotoSession()
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Im leaning towards loading custom clients instead of passing everything through properties. Every time we add another property, we need to map a name, a possible default, and pass to the underlying object.

The logic above is already pretty complicated, might as well split it out and call it something like RefreshableGlueClient

@@ -61,7 +61,7 @@
AWS_SECRET_ACCESS_KEY = "client.secret-access-key"
AWS_SESSION_TOKEN = "client.session-token"
AWS_ROLE_ARN = "aws.role-arn"
AWS_SESSION_NAME = "aws.session-name"
AWS_ROLE_SESSION_NAME = "aws.role-session-name"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is originally from #1296, which has not been released yet. So we don't need to worry about backwards compatibility

https://github.com/apache/iceberg-python/pull/1296/files#diff-c08105b6c3a0f63c702051e670b242bb93afdf4146ad1bd19f7205fd7cb39fdfR64

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Do not deprecate Botocore Session in upcoming release (0.8)
3 participants