Allow pinning Glue credentials provider to StsWebIdentityTokenFileCredentialsProvider #22425

rohanag12 · 2024-06-18T19:51:14Z

Description

Allow users to only use the StsWebIdentityTokenFileCredentialsProvider instead of the default credentials provider chain for Glue v2.

The Glue v1 implementation supported specifying a custom credential provider, but that ability was removed in the Glue v2 implementation. This commit provides similar functionality to the flags added for S3 in #22162 and #22163.

Additional context and related issues

Ref #20657 (comment).

Fixes #15267

Release notes

( ) This is not user-visible or is docs only, and no release notes are required.
(x) Release notes are required. Please propose a release note for me.
( ) Release notes are required, with the following suggested text:

# Section
* Fix some things. ({issue}`issuenumber`)

rohanag12 · 2024-06-18T21:09:40Z

The CI failure seem unrelated to this change, I see similar failures on master. Please let me know if I need to do anything to resolve it.

findepi · 2024-06-19T07:29:21Z

/test-with-secrets sha=6a006276b0810c087fdde5885d5825a20c42bbb6

github-actions · 2024-06-19T07:38:54Z

The CI workflow run with tests that require additional secrets finished as failure: https://github.com/trinodb/trino/actions/runs/9577963913

nineinchnick

@rohanag12 how did you test this? Are there any docs around Glue that would need to be updated to mention this new property?

rohanag12 · 2024-07-10T01:52:37Z

@rohanag12 how did you test this? Are there any docs around Glue that would need to be updated to mention this new property?

Apologies for delayed response, I finally got time to work on this again. I tested this by doing the following:

Build trino by running ./mvnw clean install -DskipTests
Build the docker image by running ./core/docker/build.sh
Push the image to an ECR registry.
Deploy Trino using the helm chart from https://github.com/trinodb/charts.

In the logs, I can see the following stack trace when the first query is executed and the glue client is initialized (click to expand):

2024-07-10T01:38:52.858Z	DEBUG	Query-20240710_013852_00001_huepb-218	software.amazon.awssdk.core.interceptor.ExecutionInterceptorChain	Creating an interceptor chain that will apply interceptors in the following order: [software.amazon.awssdk.core.internal.interceptor.HttpChecksumValidationInterceptor@6b4e1353, software.amazon.awssdk.awscore.interceptor.HelpfulUnknownHostExceptionInterceptor@2de81153, software.amazon.awssdk.awscore.eventstream.EventStreamInitialRequestInterceptor@4c96d51c, software.amazon.awssdk.awscore.interceptor.TraceIdExecutionInterceptor@351dc2f6, software.amazon.awssdk.services.glue.auth.scheme.internal.GlueAuthSchemeInterceptor@6cd38ce8, software.amazon.awssdk.services.glue.endpoints.internal.GlueResolveEndpointInterceptor@1dd961da, software.amazon.awssdk.services.glue.endpoints.internal.GlueRequestSetEndpointInterceptor@4131338e, io.opentelemetry.instrumentation.awssdk.v2_2.TracingExecutionInterceptor@3b753081]
2024-07-10T01:38:52.858Z	DEBUG	Query-20240710_013852_00000_huepb-215	software.amazon.awssdk.core.interceptor.ExecutionInterceptorChain	Creating an interceptor chain that will apply interceptors in the following order: [software.amazon.awssdk.core.internal.interceptor.HttpChecksumValidationInterceptor@6b4e1353, software.amazon.awssdk.awscore.interceptor.HelpfulUnknownHostExceptionInterceptor@2de81153, software.amazon.awssdk.awscore.eventstream.EventStreamInitialRequestInterceptor@4c96d51c, software.amazon.awssdk.awscore.interceptor.TraceIdExecutionInterceptor@351dc2f6, software.amazon.awssdk.services.glue.auth.scheme.internal.GlueAuthSchemeInterceptor@6cd38ce8, software.amazon.awssdk.services.glue.endpoints.internal.GlueResolveEndpointInterceptor@1dd961da, software.amazon.awssdk.services.glue.endpoints.internal.GlueRequestSetEndpointInterceptor@4131338e, io.opentelemetry.instrumentation.awssdk.v2_2.TracingExecutionInterceptor@3b753081]
2024-07-10T01:38:52.864Z	DEBUG	Query-20240710_013852_00001_huepb-218	software.amazon.awssdk.utils.cache.CachedSupplier	(StsAssumeRoleWithWebIdentityCredentialsProvider()) Cached value is stale and will be refreshed.
2024-07-10T01:38:52.864Z	DEBUG	Query-20240710_013852_00000_huepb-215	software.amazon.awssdk.utils.cache.CachedSupplier	(StsAssumeRoleWithWebIdentityCredentialsProvider()) Cached value is stale and will be refreshed.
2024-07-10T01:38:52.864Z	DEBUG	Query-20240710_013852_00000_huepb-215	software.amazon.awssdk.utils.cache.CachedSupplier	(StsAssumeRoleWithWebIdentityCredentialsProvider()) Refreshing cached value.
2024-07-10T01:38:52.869Z	DEBUG	Query-20240710_013852_00000_huepb-215	software.amazon.awssdk.core.interceptor.ExecutionInterceptorChain	Creating an interceptor chain that will apply interceptors in the following order: [software.amazon.awssdk.core.internal.interceptor.HttpChecksumValidationInterceptor@62d07177, software.amazon.awssdk.awscore.interceptor.HelpfulUnknownHostExceptionInterceptor@ae41c17, software.amazon.awssdk.awscore.eventstream.EventStreamInitialRequestInterceptor@77b921ab, software.amazon.awssdk.awscore.interceptor.TraceIdExecutionInterceptor@134cc6ff, software.amazon.awssdk.services.sts.auth.scheme.internal.StsAuthSchemeInterceptor@72f64628, software.amazon.awssdk.services.sts.endpoints.internal.StsResolveEndpointInterceptor@58d8e8c5, software.amazon.awssdk.services.sts.endpoints.internal.StsRequestSetEndpointInterceptor@66d22e0c]
2024-07-10T01:38:52.888Z	DEBUG	Query-20240710_013852_00000_huepb-215	software.amazon.awssdk.auth.credentials.AwsCredentialsProviderChain	Unable to load credentials from SystemPropertyCredentialsProvider(): Unable to load credentials from system settings. Access key must be specified either via environment variable (AWS_ACCESS_KEY_ID) or system property (aws.accessKeyId).
software.amazon.awssdk.core.exception.SdkClientException: Unable to load credentials from system settings. Access key must be specified either via environment variable (AWS_ACCESS_KEY_ID) or system property (aws.accessKeyId).
	at software.amazon.awssdk.core.exception.SdkClientException$BuilderImpl.build(SdkClientException.java:111)
	at software.amazon.awssdk.auth.credentials.internal.SystemSettingsCredentialsProvider.resolveCredentials(SystemSettingsCredentialsProvider.java:60)
	at software.amazon.awssdk.auth.credentials.AwsCredentialsProvider.resolveIdentity(AwsCredentialsProvider.java:54)
	at software.amazon.awssdk.identity.spi.IdentityProvider.resolveIdentity(IdentityProvider.java:60)
	at software.amazon.awssdk.auth.credentials.AwsCredentialsProviderChain.resolveCredentials(AwsCredentialsProviderChain.java:109)
	at software.amazon.awssdk.auth.credentials.internal.LazyAwsCredentialsProvider.resolveCredentials(LazyAwsCredentialsProvider.java:45)
	at software.amazon.awssdk.auth.credentials.DefaultCredentialsProvider.resolveCredentials(DefaultCredentialsProvider.java:129)
	at software.amazon.awssdk.auth.credentials.AwsCredentialsProvider.resolveIdentity(AwsCredentialsProvider.java:54)
	at software.amazon.awssdk.services.sts.auth.scheme.internal.StsAuthSchemeInterceptor.lambda$trySelectAuthScheme$4(StsAuthSchemeInterceptor.java:132)
	at software.amazon.awssdk.core.internal.util.MetricUtils.reportDuration(MetricUtils.java:77)
	at software.amazon.awssdk.services.sts.auth.scheme.internal.StsAuthSchemeInterceptor.trySelectAuthScheme(StsAuthSchemeInterceptor.java:132)
	at software.amazon.awssdk.services.sts.auth.scheme.internal.StsAuthSchemeInterceptor.selectAuthScheme(StsAuthSchemeInterceptor.java:81)
	at software.amazon.awssdk.services.sts.auth.scheme.internal.StsAuthSchemeInterceptor.beforeExecution(StsAuthSchemeInterceptor.java:61)
	at software.amazon.awssdk.core.interceptor.ExecutionInterceptorChain.lambda$beforeExecution$1(ExecutionInterceptorChain.java:59)
	at java.base/java.util.ArrayList.forEach(ArrayList.java:1597)
	at software.amazon.awssdk.core.interceptor.ExecutionInterceptorChain.beforeExecution(ExecutionInterceptorChain.java:59)
	at software.amazon.awssdk.awscore.internal.AwsExecutionContextBuilder.runInitialInterceptors(AwsExecutionContextBuilder.java:241)
	at software.amazon.awssdk.awscore.internal.AwsExecutionContextBuilder.invokeInterceptorsAndCreateExecutionContext(AwsExecutionContextBuilder.java:132)
	at software.amazon.awssdk.awscore.client.handler.AwsSyncClientHandler.invokeInterceptorsAndCreateExecutionContext(AwsSyncClientHandler.java:67)
	at software.amazon.awssdk.core.internal.handler.BaseSyncClientHandler.lambda$execute$1(BaseSyncClientHandler.java:76)
	at software.amazon.awssdk.core.internal.handler.BaseSyncClientHandler.measureApiCallSuccess(BaseSyncClientHandler.java:182)
	at software.amazon.awssdk.core.internal.handler.BaseSyncClientHandler.execute(BaseSyncClientHandler.java:74)
	at software.amazon.awssdk.core.client.handler.SdkSyncClientHandler.execute(SdkSyncClientHandler.java:45)
	at software.amazon.awssdk.awscore.client.handler.AwsSyncClientHandler.execute(AwsSyncClientHandler.java:53)
	at software.amazon.awssdk.services.sts.DefaultStsClient.assumeRoleWithWebIdentity(DefaultStsClient.java:772)
	at software.amazon.awssdk.services.sts.auth.StsAssumeRoleWithWebIdentityCredentialsProvider.getUpdatedCredentials(StsAssumeRoleWithWebIdentityCredentialsProvider.java:76)
	at software.amazon.awssdk.services.sts.auth.StsCredentialsProvider.updateSessionCredentials(StsCredentialsProvider.java:93)
	at software.amazon.awssdk.utils.cache.CachedSupplier.lambda$jitteredPrefetchValueSupplier$8(CachedSupplier.java:300)
	at software.amazon.awssdk.utils.cache.CachedSupplier$PrefetchStrategy.fetch(CachedSupplier.java:448)
	at software.amazon.awssdk.utils.cache.CachedSupplier.refreshCache(CachedSupplier.java:208)
	at software.amazon.awssdk.utils.cache.CachedSupplier.get(CachedSupplier.java:135)
	at software.amazon.awssdk.services.sts.auth.StsCredentialsProvider.resolveCredentials(StsCredentialsProvider.java:106)
	at software.amazon.awssdk.services.sts.auth.StsWebIdentityTokenFileCredentialsProvider.resolveCredentials(StsWebIdentityTokenFileCredentialsProvider.java:135)
	at software.amazon.awssdk.auth.credentials.AwsCredentialsProvider.resolveIdentity(AwsCredentialsProvider.java:54)
	at software.amazon.awssdk.services.glue.auth.scheme.internal.GlueAuthSchemeInterceptor.lambda$trySelectAuthScheme$4(GlueAuthSchemeInterceptor.java:132)
	at software.amazon.awssdk.core.internal.util.MetricUtils.reportDuration(MetricUtils.java:77)
	at software.amazon.awssdk.services.glue.auth.scheme.internal.GlueAuthSchemeInterceptor.trySelectAuthScheme(GlueAuthSchemeInterceptor.java:132)
	at software.amazon.awssdk.services.glue.auth.scheme.internal.GlueAuthSchemeInterceptor.selectAuthScheme(GlueAuthSchemeInterceptor.java:81)
	at software.amazon.awssdk.services.glue.auth.scheme.internal.GlueAuthSchemeInterceptor.beforeExecution(GlueAuthSchemeInterceptor.java:61)
	at software.amazon.awssdk.core.interceptor.ExecutionInterceptorChain.lambda$beforeExecution$1(ExecutionInterceptorChain.java:59)
	at java.base/java.util.ArrayList.forEach(ArrayList.java:1597)
	at software.amazon.awssdk.core.interceptor.ExecutionInterceptorChain.beforeExecution(ExecutionInterceptorChain.java:59)
	at software.amazon.awssdk.awscore.internal.AwsExecutionContextBuilder.runInitialInterceptors(AwsExecutionContextBuilder.java:241)
	at software.amazon.awssdk.awscore.internal.AwsExecutionContextBuilder.invokeInterceptorsAndCreateExecutionContext(AwsExecutionContextBuilder.java:132)
	at software.amazon.awssdk.awscore.client.handler.AwsSyncClientHandler.invokeInterceptorsAndCreateExecutionContext(AwsSyncClientHandler.java:67)
	at software.amazon.awssdk.core.internal.handler.BaseSyncClientHandler.lambda$execute$1(BaseSyncClientHandler.java:76)
	at software.amazon.awssdk.core.internal.handler.BaseSyncClientHandler.measureApiCallSuccess(BaseSyncClientHandler.java:182)
	at software.amazon.awssdk.core.internal.handler.BaseSyncClientHandler.execute(BaseSyncClientHandler.java:74)
	at software.amazon.awssdk.core.client.handler.SdkSyncClientHandler.execute(SdkSyncClientHandler.java:45)
	at software.amazon.awssdk.awscore.client.handler.AwsSyncClientHandler.execute(AwsSyncClientHandler.java:53)
	at software.amazon.awssdk.services.glue.DefaultGlueClient.getTable(DefaultGlueClient.java:8349)
	at software.amazon.awssdk.services.glue.GlueClient.getTable(GlueClient.java:12812)
	at io.trino.plugin.hive.metastore.glue.GlueHiveMetastore.lambda$getTableInternal$22(GlueHiveMetastore.java:456)
	at io.trino.plugin.hive.metastore.glue.AwsApiCallStats.call(AwsApiCallStats.java:36)
	at io.trino.plugin.hive.metastore.glue.GlueHiveMetastore.getTableInternal(GlueHiveMetastore.java:456)
	at io.trino.plugin.hive.metastore.glue.GlueHiveMetastore.lambda$getTable$20(GlueHiveMetastore.java:450)
	at io.trino.plugin.hive.metastore.glue.InMemoryGlueCache$ValueHolder.getValue(InMemoryGlueCache.java:429)
	at io.trino.plugin.hive.metastore.glue.InMemoryGlueCache.getTable(InMemoryGlueCache.java:166)
	at io.trino.plugin.hive.metastore.glue.GlueHiveMetastore.getTable(GlueHiveMetastore.java:450)
	at io.trino.plugin.hive.metastore.tracing.TracingHiveMetastore.lambda$getTable$2(TracingHiveMetastore.java:101)
	at io.trino.plugin.hive.metastore.tracing.Tracing.withTracing(Tracing.java:39)
	at io.trino.plugin.hive.metastore.tracing.TracingHiveMetastore.getTable(TracingHiveMetastore.java:101)
	at io.trino.plugin.hive.metastore.cache.CachingHiveMetastore.loadTable(CachingHiveMetastore.java:436)
	at com.google.common.cache.CacheLoader$FunctionToCacheLoader.load(CacheLoader.java:169)
	at io.trino.cache.EvictableCache$TokenCacheLoader.load(EvictableCache.java:466)
	at io.trino.cache.EvictableCache$TokenCacheLoader.load(EvictableCache.java:452)
	at com.google.common.cache.LocalCache$LoadingValueReference.loadFuture(LocalCache.java:3576)
	at com.google.common.cache.LocalCache$Segment.loadSync(LocalCache.java:2318)
	at com.google.common.cache.LocalCache$Segment.lockedGetOrLoad(LocalCache.java:2191)
	at com.google.common.cache.LocalCache$Segment.get(LocalCache.java:2081)
	at com.google.common.cache.LocalCache.get(LocalCache.java:4019)
	at com.google.common.cache.LocalCache.getOrLoad(LocalCache.java:4042)
	at com.google.common.cache.LocalCache$LocalLoadingCache.get(LocalCache.java:5024)
	at io.trino.cache.EvictableCache.get(EvictableCache.java:147)
	at com.google.common.cache.AbstractLoadingCache.getUnchecked(AbstractLoadingCache.java:53)
	at io.trino.plugin.hive.metastore.cache.CachingHiveMetastore.getOptional(CachingHiveMetastore.java:286)
	at io.trino.plugin.hive.metastore.cache.CachingHiveMetastore.getTable(CachingHiveMetastore.java:431)
	at io.trino.plugin.hive.HiveMetastoreClosure.getTable(HiveMetastoreClosure.java:89)
	at io.trino.plugin.hive.metastore.SemiTransactionalHiveMetastore.getTable(SemiTransactionalHiveMetastore.java:253)
	at io.trino.plugin.hive.HiveMetadata.getView(HiveMetadata.java:2887)
	at io.trino.plugin.base.classloader.ClassLoaderSafeConnectorMetadata.getView(ClassLoaderSafeConnectorMetadata.java:744)
	at io.trino.tracing.TracingConnectorMetadata.getView(TracingConnectorMetadata.java:888)
	at io.trino.metadata.MetadataManager.getViewInternal(MetadataManager.java:1562)
	at io.trino.metadata.MetadataManager.getView(MetadataManager.java:1500)
	at io.trino.tracing.TracingMetadata.getView(TracingMetadata.java:895)
	at io.trino.sql.analyzer.StatementAnalyzer$Visitor.visitTable(StatementAnalyzer.java:2290)
	at io.trino.sql.analyzer.StatementAnalyzer$Visitor.visitTable(StatementAnalyzer.java:520)
	at io.trino.sql.tree.Table.accept(Table.java:60)
	at io.trino.sql.tree.AstVisitor.process(AstVisitor.java:27)
	at io.trino.sql.analyzer.StatementAnalyzer$Visitor.process(StatementAnalyzer.java:539)
	at io.trino.sql.analyzer.StatementAnalyzer$Visitor.analyzeFrom(StatementAnalyzer.java:4893)
	at io.trino.sql.analyzer.StatementAnalyzer$Visitor.visitQuerySpecification(StatementAnalyzer.java:3087)
	at io.trino.sql.analyzer.StatementAnalyzer$Visitor.visitQuerySpecification(StatementAnalyzer.java:520)
	at io.trino.sql.tree.QuerySpecification.accept(QuerySpecification.java:155)
	at io.trino.sql.tree.AstVisitor.process(AstVisitor.java:27)
	at io.trino.sql.analyzer.StatementAnalyzer$Visitor.process(StatementAnalyzer.java:539)
	at io.trino.sql.analyzer.StatementAnalyzer$Visitor.process(StatementAnalyzer.java:547)
	at io.trino.sql.analyzer.StatementAnalyzer$Visitor.visitQuery(StatementAnalyzer.java:1568)
	at io.trino.sql.analyzer.StatementAnalyzer$Visitor.visitQuery(StatementAnalyzer.java:520)
	at io.trino.sql.tree.Query.accept(Query.java:118)
	at io.trino.sql.tree.AstVisitor.process(AstVisitor.java:27)
	at io.trino.sql.analyzer.StatementAnalyzer$Visitor.process(StatementAnalyzer.java:539)
	at io.trino.sql.analyzer.StatementAnalyzer.analyze(StatementAnalyzer.java:499)
	at io.trino.sql.analyzer.StatementAnalyzer.analyze(StatementAnalyzer.java:488)
	at io.trino.sql.analyzer.Analyzer.analyze(Analyzer.java:97)
	at io.trino.sql.analyzer.Analyzer.analyze(Analyzer.java:86)
	at io.trino.execution.SqlQueryExecution.analyze(SqlQueryExecution.java:285)
	at io.trino.execution.SqlQueryExecution.<init>(SqlQueryExecution.java:218)
	at io.trino.execution.SqlQueryExecution$SqlQueryExecutionFactory.createQueryExecution(SqlQueryExecution.java:884)
	at io.trino.dispatcher.LocalDispatchQueryFactory.lambda$createDispatchQuery$0(LocalDispatchQueryFactory.java:153)
	at io.trino.$gen.Trino_449_422_g6190641____20240710_013818_2.call(Unknown Source)
	at com.google.common.util.concurrent.TrustedListenableFutureTask$TrustedFutureInterruptibleTask.runInterruptibly(TrustedListenableFutureTask.java:131)
	at com.google.common.util.concurrent.InterruptibleTask.run(InterruptibleTask.java:76)
	at com.google.common.util.concurrent.TrustedListenableFutureTask.run(TrustedListenableFutureTask.java:82)
	at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1144)
	at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:642)
	at java.base/java.lang.Thread.run(Thread.java:1570)

The stack trace indicates that the glue client is directly using the StsWebIdentityTokenFileCredentialsProvider and not the credential provider chain. Somewhere at the top of the stack trace, you also see stuff related to a credential provider chain, but that seems to coming from elsewhere - specifically the Glue execution interceptor that is added to the glue client automatically, I couldn't find a way to remove/disable it.

nineinchnick

LGTM, please also update docs to mention the new property.

rohanag12 · 2024-07-15T19:20:18Z

LGTM, please also update docs to mention the new property.

Updated docs.

rohanag12 · 2024-07-16T02:08:38Z

@findepi could you please take a look and review/merge when you get a chance?

nineinchnick · 2024-07-16T06:36:21Z

@ebyhr can you run tests with secrets?

ebyhr · 2024-07-16T06:40:55Z

/test-with-secrets sha=956c8a4ae8cb5c6f6f0ed962094e42fe3bc34cff

github-actions · 2024-07-16T06:42:19Z

The CI workflow run with tests that require additional secrets finished as failure: https://github.com/trinodb/trino/actions/runs/9952007596

rohanag12 · 2024-07-16T18:47:52Z

Is there something I need to do to fix the test failure? I don't really understand why it's failing.

nineinchnick · 2024-07-16T18:54:07Z

It might be an intermittent failure. Maybe someone with write access could retry that single job.

rohanag12 · 2024-07-17T19:28:19Z

@ebyhr can you please trigger test with secrets again (or merge if it looks good 😄)

docs/src/main/sphinx/object-storage/metastores.md

plugin/trino-hive/src/main/java/io/trino/plugin/hive/metastore/glue/GlueMetastoreModule.java

…dentialsProvider Allow users to only use the StsWebIdentityTokenFileCredentialsProvider instead of the default credentials provider chain for Glue v2.

kar0t · 2024-09-21T09:12:18Z

Hi ALL. The option is only for Hive Connector? Can't set hive.metastore.glue.use-web-identity-token-credentials-provider in Iceberg catalog (Version 458)

releated discussion on slack: https://trinodb.slack.com/archives/CGB0QHWSW/p1724690300929519

kar0t · 2024-09-21T09:46:32Z

For someone who want to set Glue's AWS WebIdentity Credential for Hive, Iceberg Connectors

Glue (Recent) Module Config

hive.metastore.glue.use-web-identity-token-credentials-provider # use for hive, Trino 458

Glue V1 (Legacy) Module Config

hive.metastore.glue.aws-credentials-provider # use for iceberg, Trino 458

cla-bot bot added the cla-signed label Jun 18, 2024

github-actions bot added the hive Hive connector label Jun 18, 2024

rohanag12 mentioned this pull request Jun 18, 2024

Glue v2 #20657

Merged

findepi requested a review from nineinchnick June 19, 2024 07:29

nineinchnick reviewed Jun 19, 2024

View reviewed changes

findepi mentioned this pull request Jun 19, 2024

Trino intermittently fails to pick up IRSA #15267

Closed

rohanag12 force-pushed the hive-glue-metastore-web-identity-token-auth branch from 6a00627 to a48d6f3 Compare July 10, 2024 01:52

rohanag12 requested a review from nineinchnick July 11, 2024 16:31

nineinchnick approved these changes Jul 15, 2024

View reviewed changes

rohanag12 force-pushed the hive-glue-metastore-web-identity-token-auth branch from a48d6f3 to 956c8a4 Compare July 15, 2024 19:19

github-actions bot added the docs label Jul 15, 2024

findepi approved these changes Jul 16, 2024

View reviewed changes

ebyhr approved these changes Jul 17, 2024

View reviewed changes

docs/src/main/sphinx/object-storage/metastores.md Outdated Show resolved Hide resolved

plugin/trino-hive/src/main/java/io/trino/plugin/hive/metastore/glue/GlueMetastoreModule.java Outdated Show resolved Hide resolved

Allow pinning Glue credentials provider to StsWebIdentityTokenFileCre…

4c72db1

…dentialsProvider Allow users to only use the StsWebIdentityTokenFileCredentialsProvider instead of the default credentials provider chain for Glue v2.

rohanag12 force-pushed the hive-glue-metastore-web-identity-token-auth branch from 956c8a4 to 4c72db1 Compare July 18, 2024 01:20

ebyhr merged commit 70d172d into trinodb:master Jul 18, 2024
58 of 60 checks passed

github-actions bot added this to the 453 milestone Jul 18, 2024

rohanag12 deleted the hive-glue-metastore-web-identity-token-auth branch July 18, 2024 17:30

mosabua mentioned this pull request Jul 25, 2024

Add Trino 453 release notes #22713

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Allow pinning Glue credentials provider to StsWebIdentityTokenFileCredentialsProvider #22425

Allow pinning Glue credentials provider to StsWebIdentityTokenFileCredentialsProvider #22425

rohanag12 commented Jun 18, 2024 •

edited by findepi

Loading

rohanag12 commented Jun 18, 2024

findepi commented Jun 19, 2024

github-actions bot commented Jun 19, 2024 •

edited

Loading

nineinchnick left a comment

rohanag12 commented Jul 10, 2024

nineinchnick left a comment

rohanag12 commented Jul 15, 2024

rohanag12 commented Jul 16, 2024

nineinchnick commented Jul 16, 2024

ebyhr commented Jul 16, 2024

github-actions bot commented Jul 16, 2024 •

edited

Loading

rohanag12 commented Jul 16, 2024

nineinchnick commented Jul 16, 2024

rohanag12 commented Jul 17, 2024

kar0t commented Sep 21, 2024

kar0t commented Sep 21, 2024

Allow pinning Glue credentials provider to StsWebIdentityTokenFileCredentialsProvider #22425

Allow pinning Glue credentials provider to StsWebIdentityTokenFileCredentialsProvider #22425

Conversation

rohanag12 commented Jun 18, 2024 • edited by findepi Loading

Description

Additional context and related issues

Release notes

rohanag12 commented Jun 18, 2024

findepi commented Jun 19, 2024

github-actions bot commented Jun 19, 2024 • edited Loading

nineinchnick left a comment

Choose a reason for hiding this comment

rohanag12 commented Jul 10, 2024

nineinchnick left a comment

Choose a reason for hiding this comment

rohanag12 commented Jul 15, 2024

rohanag12 commented Jul 16, 2024

nineinchnick commented Jul 16, 2024

ebyhr commented Jul 16, 2024

github-actions bot commented Jul 16, 2024 • edited Loading

rohanag12 commented Jul 16, 2024

nineinchnick commented Jul 16, 2024

rohanag12 commented Jul 17, 2024

kar0t commented Sep 21, 2024

kar0t commented Sep 21, 2024

rohanag12 commented Jun 18, 2024 •

edited by findepi

Loading

github-actions bot commented Jun 19, 2024 •

edited

Loading

github-actions bot commented Jul 16, 2024 •

edited

Loading