-
Notifications
You must be signed in to change notification settings - Fork 2.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support STS for OSS ufs through RAMRole #16481
Support STS for OSS ufs through RAMRole #16481
Conversation
@fuzhengjia How can I apply a reviewer |
underfs/oss/src/main/java/alluxio/underfs/oss/StsOssClientProvider.java
Outdated
Show resolved
Hide resolved
underfs/oss/src/main/java/alluxio/underfs/oss/StsOssClientProvider.java
Outdated
Show resolved
Hide resolved
underfs/oss/src/main/java/alluxio/underfs/oss/OSSUnderFileSystem.java
Outdated
Show resolved
Hide resolved
So the PR is to support using RAM role to get STS temporary credentials to access OSS ufs. I think it's mostly good. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
59e9b09
to
bef0ffd
Compare
bef0ffd
to
b3715d6
Compare
@Jackson-Wang-7 has finished the review. @dbw9580 Does this need another reviewer? |
underfs/oss/src/main/java/alluxio/underfs/oss/StsOssClientProvider.java
Outdated
Show resolved
Hide resolved
underfs/oss/src/main/java/alluxio/underfs/oss/StsOssClientProvider.java
Outdated
Show resolved
Hide resolved
underfs/oss/src/main/java/alluxio/underfs/oss/StsOssClientProvider.java
Outdated
Show resolved
Hide resolved
underfs/oss/src/main/java/alluxio/underfs/oss/StsOssClientProvider.java
Outdated
Show resolved
Hide resolved
underfs/oss/src/main/java/alluxio/underfs/oss/StsOssClientProvider.java
Outdated
Show resolved
Hide resolved
underfs/oss/src/main/java/alluxio/underfs/oss/StsOssClientProvider.java
Outdated
Show resolved
Hide resolved
underfs/oss/src/main/java/alluxio/underfs/oss/StsOssClientProvider.java
Outdated
Show resolved
Hide resolved
@dbw9580 All advices have been resolved, please check again. |
72c330e
to
25ca781
Compare
25ca781
to
873637b
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
thanks for the improvements!
underfs/oss/src/main/java/alluxio/underfs/oss/OSSUnderFileSystem.java
Outdated
Show resolved
Hide resolved
underfs/oss/src/main/java/alluxio/underfs/oss/OSSUnderFileSystem.java
Outdated
Show resolved
Hide resolved
underfs/oss/src/main/java/alluxio/underfs/oss/StsOssClientProvider.java
Outdated
Show resolved
Hide resolved
underfs/oss/src/main/java/alluxio/underfs/oss/StsOssClientProvider.java
Outdated
Show resolved
Hide resolved
underfs/oss/src/main/java/alluxio/underfs/oss/StsOssClientProvider.java
Outdated
Show resolved
Hide resolved
underfs/oss/src/main/java/alluxio/underfs/oss/StsOssClientProvider.java
Outdated
Show resolved
Hide resolved
underfs/oss/src/main/java/alluxio/underfs/oss/StsOssClientProvider.java
Outdated
Show resolved
Hide resolved
underfs/oss/src/main/java/alluxio/underfs/oss/StsOssClientProvider.java
Outdated
Show resolved
Hide resolved
underfs/oss/src/main/java/alluxio/underfs/oss/StsOssClientProvider.java
Outdated
Show resolved
Hide resolved
a4c0cf3
to
2db909e
Compare
2db909e
to
f5401a0
Compare
After digging into the OSS apis, I found there is a For credentials, This way, we can decouple the refreshing of credentials from the construction of the OSS client, in case in the future we want to support AssumeRole as another way to do authentication, since there is already a |
@dbw9580 I'm glad to hear about There is another project in out group which implement STS like this PR did, and it works well. So I just use STS in Alluxio as they do. Maybe I will consider implementing it using |
@dbw9580 @StephenRi Is the current code good to be merged and @StephenRi can help improve the credential provider logic and add related OSS doc in another PR? |
underfs/oss/src/test/java/alluxio/underfs/oss/StsOssClientProviderTest.java
Outdated
Show resolved
Hide resolved
underfs/oss/src/test/java/alluxio/underfs/oss/StsOssClientProviderTest.java
Outdated
Show resolved
Hide resolved
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM. The proposed improvement can happen in another PR.
@StephenRi please help resolve the final minor comments, and this PR is good to be merged |
Co-authored-by: Bowen Ding <6999708+dbw9580@users.noreply.github.com>
eb42127
to
3e4a890
Compare
@LuQQiu @dbw9580 All the comments have been resolved. Please check. |
I will use CustomSessionCredentialsProvider to improve the credential provider later. It is in my TODO list |
alluxio-bot, merge this please |
### What changes are proposed in this pull request? Support STS for OSS ufs ### Why are the changes needed? 1. Plaintext AccessKey/AccessSecret is not safe and not Recommended for Aliyun 2. STS(Security Token Service) for OSS is more safe. For details, see https://help.aliyun.com/document_detail/32016.html ### Does this PR introduce any user facing changes? addition property keys 1. UNDERFS_OSS_STS_ENABLED 2. UNDERFS_OSS_RETRY_MAX 3. UNDERFS_OSS_ECS_RAM_ROLE Alluxio#16510 pr-link: Alluxio#16481 change-id: cid-7d486e84f82e5ab5211238b1f180b4a8fd8e5742
alluxio-bot, cherry-pick this to dora please |
Auto cherry-pick unsuccessful: |
Support STS for OSS ufs 1. Plaintext AccessKey/AccessSecret is not safe and not Recommended for Aliyun 2. STS(Security Token Service) for OSS is more safe. For details, see https://help.aliyun.com/document_detail/32016.html addition property keys 1. UNDERFS_OSS_STS_ENABLED 2. UNDERFS_OSS_RETRY_MAX 3. UNDERFS_OSS_ECS_RAM_ROLE pr-link: Alluxio#16481 change-id: cid-7d486e84f82e5ab5211238b1f180b4a8fd8e5742
Support STS for OSS ufs 1. Plaintext AccessKey/AccessSecret is not safe and not Recommended for Aliyun 2. STS(Security Token Service) for OSS is more safe. For details, see https://help.aliyun.com/document_detail/32016.html addition property keys 1. UNDERFS_OSS_STS_ENABLED 2. UNDERFS_OSS_RETRY_MAX 3. UNDERFS_OSS_ECS_RAM_ROLE pr-link: Alluxio#16481 change-id: cid-7d486e84f82e5ab5211238b1f180b4a8fd8e5742
### What changes are proposed in this pull request? Support STS for OSS ufs ### Why are the changes needed? 1. Plaintext AccessKey/AccessSecret is not safe and not Recommended for Aliyun 2. STS(Security Token Service) for OSS is more safe. For details, see https://help.aliyun.com/document_detail/32016.html ### Does this PR introduce any user facing changes? addition property keys 1. UNDERFS_OSS_STS_ENABLED 2. UNDERFS_OSS_RETRY_MAX 3. UNDERFS_OSS_ECS_RAM_ROLE Alluxio#16510 pr-link: Alluxio#16481 change-id: cid-7d486e84f82e5ab5211238b1f180b4a8fd8e5742
What changes are proposed in this pull request?
Support STS for OSS ufs
Why are the changes needed?
Does this PR introduce any user facing changes?
addition property keys
#16510