From e02e8d022695f989c9975f68967f769c017c99c3 Mon Sep 17 00:00:00 2001 From: Eric Maynard Date: Sat, 16 Nov 2024 20:09:35 -0800 Subject: [PATCH 01/11] debugging --- spec/polaris-management-service.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/spec/polaris-management-service.yml b/spec/polaris-management-service.yml index 3405bcfab..54c3b9675 100644 --- a/spec/polaris-management-service.yml +++ b/spec/polaris-management-service.yml @@ -898,6 +898,10 @@ components: type: string description: the aws user arn used to assume the aws role example: "arn:aws:iam::123456789001:user/abc1-b-self1234" + region: + type: string + description: the aws region where data is stored + example: "us-east-2" required: - roleArn From b2f3cc1e8aaba7fc28e2ac12d1ee7a865e82808e Mon Sep 17 00:00:00 2001 From: Eric Maynard Date: Sat, 16 Nov 2024 20:34:18 -0800 Subject: [PATCH 02/11] working --- .../polaris/core/entity/CatalogEntity.java | 4 +++- .../aws/AwsStorageConfigurationInfo.java | 22 ++++++++++++++++--- .../InMemoryStorageIntegrationTest.java | 9 +++++--- 3 files changed, 28 insertions(+), 7 deletions(-) diff --git a/polaris-core/src/main/java/org/apache/polaris/core/entity/CatalogEntity.java b/polaris-core/src/main/java/org/apache/polaris/core/entity/CatalogEntity.java index fea6b7465..154f6a921 100644 --- a/polaris-core/src/main/java/org/apache/polaris/core/entity/CatalogEntity.java +++ b/polaris-core/src/main/java/org/apache/polaris/core/entity/CatalogEntity.java @@ -138,6 +138,7 @@ private StorageConfigInfo getStorageInfo(Map internalProperties) .setUserArn(awsConfig.getUserARN()) .setStorageType(StorageConfigInfo.StorageTypeEnum.S3) .setAllowedLocations(awsConfig.getAllowedLocations()) + .setRegion(awsConfig.getRegion()) .build(); } if (configInfo instanceof AzureStorageConfigurationInfo) { @@ -244,7 +245,8 @@ public Builder setStorageConfigurationInfo( PolarisStorageConfigurationInfo.StorageType.S3, new ArrayList<>(allowedLocations), awsConfigModel.getRoleArn(), - awsConfigModel.getExternalId()); + awsConfigModel.getExternalId(), + awsConfigModel.getRegion()); awsConfig.validateArn(awsConfigModel.getRoleArn()); config = awsConfig; break; diff --git a/polaris-core/src/main/java/org/apache/polaris/core/storage/aws/AwsStorageConfigurationInfo.java b/polaris-core/src/main/java/org/apache/polaris/core/storage/aws/AwsStorageConfigurationInfo.java index c6b0f58eb..0f23996f7 100644 --- a/polaris-core/src/main/java/org/apache/polaris/core/storage/aws/AwsStorageConfigurationInfo.java +++ b/polaris-core/src/main/java/org/apache/polaris/core/storage/aws/AwsStorageConfigurationInfo.java @@ -49,23 +49,30 @@ public class AwsStorageConfigurationInfo extends PolarisStorageConfigurationInfo @JsonProperty(value = "userARN") private @Nullable String userARN = null; + /** User ARN for the service principal */ + @JsonProperty(value = "region") + private @Nullable String region = null; + @JsonCreator public AwsStorageConfigurationInfo( @JsonProperty(value = "storageType", required = true) @NotNull StorageType storageType, @JsonProperty(value = "allowedLocations", required = true) @NotNull List allowedLocations, - @JsonProperty(value = "roleARN", required = true) @NotNull String roleARN) { - this(storageType, allowedLocations, roleARN, null); + @JsonProperty(value = "roleARN", required = true) @NotNull String roleARN, + @JsonProperty(value = "region", required = true) @NotNull String region) { + this(storageType, allowedLocations, roleARN, null, region); } public AwsStorageConfigurationInfo( @NotNull StorageType storageType, @NotNull List allowedLocations, @NotNull String roleARN, - @Nullable String externalId) { + @Nullable String externalId, + @Nullable String region) { super(storageType, allowedLocations); this.roleARN = roleARN; this.externalId = externalId; + this.region = region; validateMaxAllowedLocations(MAX_ALLOWED_LOCATIONS); } @@ -107,6 +114,14 @@ public void setUserARN(@Nullable String userARN) { this.userARN = userARN; } + public @Nullable String getRegion() { + return region; + } + + public void setRegion(@Nullable String region) { + this.region = region; + } + @Override public String toString() { return MoreObjects.toStringHelper(this) @@ -116,6 +131,7 @@ public String toString() { .add("userARN", userARN) .add("externalId", externalId) .add("allowedLocation", getAllowedLocations()) + .add("region", region) .toString(); } } diff --git a/polaris-core/src/test/java/org/apache/polaris/core/storage/InMemoryStorageIntegrationTest.java b/polaris-core/src/test/java/org/apache/polaris/core/storage/InMemoryStorageIntegrationTest.java index 14656e35e..37e8a1e8b 100644 --- a/polaris-core/src/test/java/org/apache/polaris/core/storage/InMemoryStorageIntegrationTest.java +++ b/polaris-core/src/test/java/org/apache/polaris/core/storage/InMemoryStorageIntegrationTest.java @@ -48,7 +48,8 @@ public void testValidateAccessToLocations() { "s3://bucket/path/to/warehouse", "s3://bucket/anotherpath/to/warehouse", "s3://bucket2/warehouse/"), - "arn:aws:iam::012345678901:role/jdoe"), + "arn:aws:iam::012345678901:role/jdoe", + "us-east-2"), Set.of(PolarisStorageActions.READ), Set.of( "s3://bucket/path/to/warehouse/namespace/table", @@ -136,7 +137,8 @@ public void testValidateAccessToLocationsNoAllowedLocations() { new AwsStorageConfigurationInfo( PolarisStorageConfigurationInfo.StorageType.S3, List.of(), - "arn:aws:iam::012345678901:role/jdoe"), + "arn:aws:iam::012345678901:role/jdoe", + "us-east-2"), Set.of(PolarisStorageActions.READ), Set.of( "s3://bucket/path/to/warehouse/namespace/table", @@ -169,7 +171,8 @@ public void testValidateAccessToLocationsWithPrefixOfAllowedLocation() { new AwsStorageConfigurationInfo( PolarisStorageConfigurationInfo.StorageType.S3, List.of("s3://bucket/path/to/warehouse"), - "arn:aws:iam::012345678901:role/jdoe"), + "arn:aws:iam::012345678901:role/jdoe", + "us-east-2"), Set.of(PolarisStorageActions.READ), // trying to read a prefix under the allowed location Set.of("s3://bucket/path/to")); From 799f151476e4bff9c1ebbc1a81e537cb5262ac10 Mon Sep 17 00:00:00 2001 From: Eric Maynard Date: Sat, 16 Nov 2024 20:44:49 -0800 Subject: [PATCH 03/11] fix --- .../polaris/core/storage/aws/AwsStorageConfigurationInfo.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/polaris-core/src/main/java/org/apache/polaris/core/storage/aws/AwsStorageConfigurationInfo.java b/polaris-core/src/main/java/org/apache/polaris/core/storage/aws/AwsStorageConfigurationInfo.java index 0f23996f7..9cf45cf9b 100644 --- a/polaris-core/src/main/java/org/apache/polaris/core/storage/aws/AwsStorageConfigurationInfo.java +++ b/polaris-core/src/main/java/org/apache/polaris/core/storage/aws/AwsStorageConfigurationInfo.java @@ -59,7 +59,7 @@ public AwsStorageConfigurationInfo( @JsonProperty(value = "allowedLocations", required = true) @NotNull List allowedLocations, @JsonProperty(value = "roleARN", required = true) @NotNull String roleARN, - @JsonProperty(value = "region", required = true) @NotNull String region) { + @JsonProperty(value = "region", required = false) @NotNull String region) { this(storageType, allowedLocations, roleARN, null, region); } From 134c77b733989ea16dd89d4de26c8d92282c3255 Mon Sep 17 00:00:00 2001 From: Eric Maynard Date: Sun, 17 Nov 2024 14:57:18 -0800 Subject: [PATCH 04/11] fix more invocations --- .../aws/AwsCredentialsStorageIntegrationTest.java | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/polaris-core/src/test/java/org/apache/polaris/service/storage/aws/AwsCredentialsStorageIntegrationTest.java b/polaris-core/src/test/java/org/apache/polaris/service/storage/aws/AwsCredentialsStorageIntegrationTest.java index a7527d186..cc8f3131b 100644 --- a/polaris-core/src/test/java/org/apache/polaris/service/storage/aws/AwsCredentialsStorageIntegrationTest.java +++ b/polaris-core/src/test/java/org/apache/polaris/service/storage/aws/AwsCredentialsStorageIntegrationTest.java @@ -83,7 +83,8 @@ public void testGetSubscopedCreds() { PolarisStorageConfigurationInfo.StorageType.S3, List.of(warehouseDir), roleARN, - externalId), + externalId, + null), true, Set.of(warehouseDir + "/namespace/table"), Set.of(warehouseDir + "/namespace/table")); @@ -217,7 +218,7 @@ public void testGetSubscopedCredsInlinePolicy(String awsPartition) { .getSubscopedCreds( Mockito.mock(PolarisDiagnostics.class), new AwsStorageConfigurationInfo( - storageType, List.of(s3Path(bucket, warehouseKeyPrefix)), roleARN, externalId), + storageType, List.of(s3Path(bucket, warehouseKeyPrefix)), roleARN, externalId, "us-east-2"), true, Set.of(s3Path(bucket, firstPath), s3Path(bucket, secondPath)), Set.of(s3Path(bucket, firstPath))); @@ -310,7 +311,8 @@ public void testGetSubscopedCredsInlinePolicyWithoutList() { PolarisStorageConfigurationInfo.StorageType.S3, List.of(s3Path(bucket, warehouseKeyPrefix)), roleARN, - externalId), + externalId, + "us-east-2"), false, /* allowList = false*/ Set.of(s3Path(bucket, firstPath), s3Path(bucket, secondPath)), Set.of(s3Path(bucket, firstPath))); @@ -398,7 +400,7 @@ public void testGetSubscopedCredsInlinePolicyWithoutWrites() { .getSubscopedCreds( Mockito.mock(PolarisDiagnostics.class), new AwsStorageConfigurationInfo( - storageType, List.of(s3Path(bucket, warehouseKeyPrefix)), roleARN, externalId), + storageType, List.of(s3Path(bucket, warehouseKeyPrefix)), roleARN, externalId, "us-east-2"), true, /* allowList = true */ Set.of(s3Path(bucket, firstPath), s3Path(bucket, secondPath)), Set.of()); @@ -459,7 +461,8 @@ public void testGetSubscopedCredsInlinePolicyWithEmptyReadAndWrite() { PolarisStorageConfigurationInfo.StorageType.S3, List.of(s3Path(bucket, warehouseKeyPrefix)), roleARN, - externalId), + externalId, + "us-east-2"), true, /* allowList = true */ Set.of(), Set.of()); From 75fa1f08a2b129dfa2166f3d990c0715886c76e8 Mon Sep 17 00:00:00 2001 From: Eric Maynard Date: Sun, 17 Nov 2024 14:57:23 -0800 Subject: [PATCH 05/11] autolint --- .../aws/AwsCredentialsStorageIntegrationTest.java | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/polaris-core/src/test/java/org/apache/polaris/service/storage/aws/AwsCredentialsStorageIntegrationTest.java b/polaris-core/src/test/java/org/apache/polaris/service/storage/aws/AwsCredentialsStorageIntegrationTest.java index cc8f3131b..551db2dfe 100644 --- a/polaris-core/src/test/java/org/apache/polaris/service/storage/aws/AwsCredentialsStorageIntegrationTest.java +++ b/polaris-core/src/test/java/org/apache/polaris/service/storage/aws/AwsCredentialsStorageIntegrationTest.java @@ -218,7 +218,11 @@ public void testGetSubscopedCredsInlinePolicy(String awsPartition) { .getSubscopedCreds( Mockito.mock(PolarisDiagnostics.class), new AwsStorageConfigurationInfo( - storageType, List.of(s3Path(bucket, warehouseKeyPrefix)), roleARN, externalId, "us-east-2"), + storageType, + List.of(s3Path(bucket, warehouseKeyPrefix)), + roleARN, + externalId, + "us-east-2"), true, Set.of(s3Path(bucket, firstPath), s3Path(bucket, secondPath)), Set.of(s3Path(bucket, firstPath))); @@ -400,7 +404,11 @@ public void testGetSubscopedCredsInlinePolicyWithoutWrites() { .getSubscopedCreds( Mockito.mock(PolarisDiagnostics.class), new AwsStorageConfigurationInfo( - storageType, List.of(s3Path(bucket, warehouseKeyPrefix)), roleARN, externalId, "us-east-2"), + storageType, + List.of(s3Path(bucket, warehouseKeyPrefix)), + roleARN, + externalId, + "us-east-2"), true, /* allowList = true */ Set.of(s3Path(bucket, firstPath), s3Path(bucket, secondPath)), Set.of()); From 1a89f6bb67b508dc4401c8f762ec57b6a5487190 Mon Sep 17 00:00:00 2001 From: Eric Maynard Date: Mon, 18 Nov 2024 09:54:16 -0800 Subject: [PATCH 06/11] patch one thing --- .../apache/polaris/core/storage/PolarisCredentialProperty.java | 1 + .../core/storage/aws/AwsCredentialsStorageIntegration.java | 1 + 2 files changed, 2 insertions(+) diff --git a/polaris-core/src/main/java/org/apache/polaris/core/storage/PolarisCredentialProperty.java b/polaris-core/src/main/java/org/apache/polaris/core/storage/PolarisCredentialProperty.java index 3d4eae2bf..745a7536a 100644 --- a/polaris-core/src/main/java/org/apache/polaris/core/storage/PolarisCredentialProperty.java +++ b/polaris-core/src/main/java/org/apache/polaris/core/storage/PolarisCredentialProperty.java @@ -23,6 +23,7 @@ public enum PolarisCredentialProperty { AWS_KEY_ID(String.class, "s3.access-key-id", "the aws access key id"), AWS_SECRET_KEY(String.class, "s3.secret-access-key", "the aws access key secret"), AWS_TOKEN(String.class, "s3.session-token", "the aws scoped access token"), + CLIENT_REGION(String.class, "client.region", "region to configure client for making requests to AWS"), GCS_ACCESS_TOKEN(String.class, "gcs.oauth2.token", "the gcs scoped access token"), GCS_ACCESS_TOKEN_EXPIRES_AT( diff --git a/polaris-core/src/main/java/org/apache/polaris/core/storage/aws/AwsCredentialsStorageIntegration.java b/polaris-core/src/main/java/org/apache/polaris/core/storage/aws/AwsCredentialsStorageIntegration.java index 1714f67c2..01db16e4b 100644 --- a/polaris-core/src/main/java/org/apache/polaris/core/storage/aws/AwsCredentialsStorageIntegration.java +++ b/polaris-core/src/main/java/org/apache/polaris/core/storage/aws/AwsCredentialsStorageIntegration.java @@ -76,6 +76,7 @@ public EnumMap getSubscopedCreds( credentialMap.put( PolarisCredentialProperty.AWS_SECRET_KEY, response.credentials().secretAccessKey()); credentialMap.put(PolarisCredentialProperty.AWS_TOKEN, response.credentials().sessionToken()); + credentialMap.put(PolarisCredentialProperty.CLIENT_REGION, storageConfig.getRegion()); return credentialMap; } From 13f721856cc2aa822dc7c979c3bd6f5020d0287a Mon Sep 17 00:00:00 2001 From: Eric Maynard Date: Mon, 25 Nov 2024 11:13:07 -0800 Subject: [PATCH 07/11] add test --- .../AwsCredentialsStorageIntegrationTest.java | 31 +++++++++++++++++++ 1 file changed, 31 insertions(+) diff --git a/polaris-core/src/test/java/org/apache/polaris/service/storage/aws/AwsCredentialsStorageIntegrationTest.java b/polaris-core/src/test/java/org/apache/polaris/service/storage/aws/AwsCredentialsStorageIntegrationTest.java index 551db2dfe..8dd523ca0 100644 --- a/polaris-core/src/test/java/org/apache/polaris/service/storage/aws/AwsCredentialsStorageIntegrationTest.java +++ b/polaris-core/src/test/java/org/apache/polaris/service/storage/aws/AwsCredentialsStorageIntegrationTest.java @@ -481,6 +481,37 @@ public void testGetSubscopedCredsInlinePolicyWithEmptyReadAndWrite() { .containsEntry(PolarisCredentialProperty.AWS_SECRET_KEY, "secretKey"); } + @Test + public void testClientRegion() { + StsClient stsClient = Mockito.mock(StsClient.class); + String roleARN = "arn:aws:iam::012345678901:role/jdoe"; + String externalId = "externalId"; + String bucket = "bucket"; + String warehouseKeyPrefix = "path/to/warehouse"; + String clientRegion = "test-region"; + Mockito.when(stsClient.assumeRole(Mockito.isA(AssumeRoleRequest.class))) + .thenAnswer( + invocation -> { + return ASSUME_ROLE_RESPONSE; + }); + EnumMap credentials = + new AwsCredentialsStorageIntegration(stsClient) + .getSubscopedCreds( + Mockito.mock(PolarisDiagnostics.class), + new AwsStorageConfigurationInfo( + PolarisStorageConfigurationInfo.StorageType.S3, + List.of(s3Path(bucket, warehouseKeyPrefix)), + roleARN, + externalId, + clientRegion), + true, /* allowList = true */ + Set.of(), + Set.of()); + assertThat(credentials) + .isNotEmpty() + .containsEntry(PolarisCredentialProperty.CLIENT_REGION, clientRegion); + } + private static @NotNull String s3Arn(String partition, String bucket, String keyPrefix) { String bucketArn = "arn:" + partition + ":s3:::" + bucket; if (keyPrefix == null) { From fc76b73844dea5c0f7632d73b31902dbe0c9b035 Mon Sep 17 00:00:00 2001 From: Eric Maynard Date: Mon, 25 Nov 2024 11:13:19 -0800 Subject: [PATCH 08/11] autolint --- .../storage/PolarisCredentialProperty.java | 3 +- .../AwsCredentialsStorageIntegrationTest.java | 60 +++++++++---------- 2 files changed, 32 insertions(+), 31 deletions(-) diff --git a/polaris-core/src/main/java/org/apache/polaris/core/storage/PolarisCredentialProperty.java b/polaris-core/src/main/java/org/apache/polaris/core/storage/PolarisCredentialProperty.java index 745a7536a..c79aaf595 100644 --- a/polaris-core/src/main/java/org/apache/polaris/core/storage/PolarisCredentialProperty.java +++ b/polaris-core/src/main/java/org/apache/polaris/core/storage/PolarisCredentialProperty.java @@ -23,7 +23,8 @@ public enum PolarisCredentialProperty { AWS_KEY_ID(String.class, "s3.access-key-id", "the aws access key id"), AWS_SECRET_KEY(String.class, "s3.secret-access-key", "the aws access key secret"), AWS_TOKEN(String.class, "s3.session-token", "the aws scoped access token"), - CLIENT_REGION(String.class, "client.region", "region to configure client for making requests to AWS"), + CLIENT_REGION( + String.class, "client.region", "region to configure client for making requests to AWS"), GCS_ACCESS_TOKEN(String.class, "gcs.oauth2.token", "the gcs scoped access token"), GCS_ACCESS_TOKEN_EXPIRES_AT( diff --git a/polaris-core/src/test/java/org/apache/polaris/service/storage/aws/AwsCredentialsStorageIntegrationTest.java b/polaris-core/src/test/java/org/apache/polaris/service/storage/aws/AwsCredentialsStorageIntegrationTest.java index 8dd523ca0..23ae6ae43 100644 --- a/polaris-core/src/test/java/org/apache/polaris/service/storage/aws/AwsCredentialsStorageIntegrationTest.java +++ b/polaris-core/src/test/java/org/apache/polaris/service/storage/aws/AwsCredentialsStorageIntegrationTest.java @@ -481,36 +481,36 @@ public void testGetSubscopedCredsInlinePolicyWithEmptyReadAndWrite() { .containsEntry(PolarisCredentialProperty.AWS_SECRET_KEY, "secretKey"); } - @Test - public void testClientRegion() { - StsClient stsClient = Mockito.mock(StsClient.class); - String roleARN = "arn:aws:iam::012345678901:role/jdoe"; - String externalId = "externalId"; - String bucket = "bucket"; - String warehouseKeyPrefix = "path/to/warehouse"; - String clientRegion = "test-region"; - Mockito.when(stsClient.assumeRole(Mockito.isA(AssumeRoleRequest.class))) - .thenAnswer( - invocation -> { - return ASSUME_ROLE_RESPONSE; - }); - EnumMap credentials = - new AwsCredentialsStorageIntegration(stsClient) - .getSubscopedCreds( - Mockito.mock(PolarisDiagnostics.class), - new AwsStorageConfigurationInfo( - PolarisStorageConfigurationInfo.StorageType.S3, - List.of(s3Path(bucket, warehouseKeyPrefix)), - roleARN, - externalId, - clientRegion), - true, /* allowList = true */ - Set.of(), - Set.of()); - assertThat(credentials) - .isNotEmpty() - .containsEntry(PolarisCredentialProperty.CLIENT_REGION, clientRegion); - } + @Test + public void testClientRegion() { + StsClient stsClient = Mockito.mock(StsClient.class); + String roleARN = "arn:aws:iam::012345678901:role/jdoe"; + String externalId = "externalId"; + String bucket = "bucket"; + String warehouseKeyPrefix = "path/to/warehouse"; + String clientRegion = "test-region"; + Mockito.when(stsClient.assumeRole(Mockito.isA(AssumeRoleRequest.class))) + .thenAnswer( + invocation -> { + return ASSUME_ROLE_RESPONSE; + }); + EnumMap credentials = + new AwsCredentialsStorageIntegration(stsClient) + .getSubscopedCreds( + Mockito.mock(PolarisDiagnostics.class), + new AwsStorageConfigurationInfo( + PolarisStorageConfigurationInfo.StorageType.S3, + List.of(s3Path(bucket, warehouseKeyPrefix)), + roleARN, + externalId, + clientRegion), + true, /* allowList = true */ + Set.of(), + Set.of()); + assertThat(credentials) + .isNotEmpty() + .containsEntry(PolarisCredentialProperty.CLIENT_REGION, clientRegion); + } private static @NotNull String s3Arn(String partition, String bucket, String keyPrefix) { String bucketArn = "arn:" + partition + ":s3:::" + bucket; From f290d05723c2acfb0f1befb32185ec1e3d3b473a Mon Sep 17 00:00:00 2001 From: Eric Maynard Date: Tue, 26 Nov 2024 09:34:14 -0800 Subject: [PATCH 09/11] null check --- .../aws/AwsCredentialsStorageIntegration.java | 4 ++- .../AwsCredentialsStorageIntegrationTest.java | 30 +++++++++++++++++++ 2 files changed, 33 insertions(+), 1 deletion(-) diff --git a/polaris-core/src/main/java/org/apache/polaris/core/storage/aws/AwsCredentialsStorageIntegration.java b/polaris-core/src/main/java/org/apache/polaris/core/storage/aws/AwsCredentialsStorageIntegration.java index 01db16e4b..eebb23f96 100644 --- a/polaris-core/src/main/java/org/apache/polaris/core/storage/aws/AwsCredentialsStorageIntegration.java +++ b/polaris-core/src/main/java/org/apache/polaris/core/storage/aws/AwsCredentialsStorageIntegration.java @@ -76,7 +76,9 @@ public EnumMap getSubscopedCreds( credentialMap.put( PolarisCredentialProperty.AWS_SECRET_KEY, response.credentials().secretAccessKey()); credentialMap.put(PolarisCredentialProperty.AWS_TOKEN, response.credentials().sessionToken()); - credentialMap.put(PolarisCredentialProperty.CLIENT_REGION, storageConfig.getRegion()); + if (storageConfig.getRegion() != null) { + credentialMap.put(PolarisCredentialProperty.CLIENT_REGION, storageConfig.getRegion()); + } return credentialMap; } diff --git a/polaris-core/src/test/java/org/apache/polaris/service/storage/aws/AwsCredentialsStorageIntegrationTest.java b/polaris-core/src/test/java/org/apache/polaris/service/storage/aws/AwsCredentialsStorageIntegrationTest.java index 23ae6ae43..702f61fbf 100644 --- a/polaris-core/src/test/java/org/apache/polaris/service/storage/aws/AwsCredentialsStorageIntegrationTest.java +++ b/polaris-core/src/test/java/org/apache/polaris/service/storage/aws/AwsCredentialsStorageIntegrationTest.java @@ -512,6 +512,36 @@ public void testClientRegion() { .containsEntry(PolarisCredentialProperty.CLIENT_REGION, clientRegion); } + @Test + public void testNoClientRegion() { + StsClient stsClient = Mockito.mock(StsClient.class); + String roleARN = "arn:aws:iam::012345678901:role/jdoe"; + String externalId = "externalId"; + String bucket = "bucket"; + String warehouseKeyPrefix = "path/to/warehouse"; + Mockito.when(stsClient.assumeRole(Mockito.isA(AssumeRoleRequest.class))) + .thenAnswer( + invocation -> { + return ASSUME_ROLE_RESPONSE; + }); + EnumMap credentials = + new AwsCredentialsStorageIntegration(stsClient) + .getSubscopedCreds( + Mockito.mock(PolarisDiagnostics.class), + new AwsStorageConfigurationInfo( + PolarisStorageConfigurationInfo.StorageType.S3, + List.of(s3Path(bucket, warehouseKeyPrefix)), + roleARN, + externalId, + null), + true, /* allowList = true */ + Set.of(), + Set.of()); + assertThat(credentials) + .isNotEmpty() + .doesNotContainKey(PolarisCredentialProperty.CLIENT_REGION); + } + private static @NotNull String s3Arn(String partition, String bucket, String keyPrefix) { String bucketArn = "arn:" + partition + ":s3:::" + bucket; if (keyPrefix == null) { From 6c4f8d626257d49c4fc8960375d0fd792f235d10 Mon Sep 17 00:00:00 2001 From: Eric Maynard Date: Tue, 26 Nov 2024 09:34:17 -0800 Subject: [PATCH 10/11] autolint --- .../storage/aws/AwsCredentialsStorageIntegrationTest.java | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/polaris-core/src/test/java/org/apache/polaris/service/storage/aws/AwsCredentialsStorageIntegrationTest.java b/polaris-core/src/test/java/org/apache/polaris/service/storage/aws/AwsCredentialsStorageIntegrationTest.java index 702f61fbf..60924c4b8 100644 --- a/polaris-core/src/test/java/org/apache/polaris/service/storage/aws/AwsCredentialsStorageIntegrationTest.java +++ b/polaris-core/src/test/java/org/apache/polaris/service/storage/aws/AwsCredentialsStorageIntegrationTest.java @@ -537,9 +537,7 @@ public void testNoClientRegion() { true, /* allowList = true */ Set.of(), Set.of()); - assertThat(credentials) - .isNotEmpty() - .doesNotContainKey(PolarisCredentialProperty.CLIENT_REGION); + assertThat(credentials).isNotEmpty().doesNotContainKey(PolarisCredentialProperty.CLIENT_REGION); } private static @NotNull String s3Arn(String partition, String bucket, String keyPrefix) { From dfcbcca4687152638cb5dda18ebaea5c1950246a Mon Sep 17 00:00:00 2001 From: Eric Maynard Date: Thu, 5 Dec 2024 10:47:20 -0800 Subject: [PATCH 11/11] remove notnull --- .../polaris/core/storage/aws/AwsStorageConfigurationInfo.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/polaris-core/src/main/java/org/apache/polaris/core/storage/aws/AwsStorageConfigurationInfo.java b/polaris-core/src/main/java/org/apache/polaris/core/storage/aws/AwsStorageConfigurationInfo.java index 9cf45cf9b..6a13b4b96 100644 --- a/polaris-core/src/main/java/org/apache/polaris/core/storage/aws/AwsStorageConfigurationInfo.java +++ b/polaris-core/src/main/java/org/apache/polaris/core/storage/aws/AwsStorageConfigurationInfo.java @@ -59,7 +59,7 @@ public AwsStorageConfigurationInfo( @JsonProperty(value = "allowedLocations", required = true) @NotNull List allowedLocations, @JsonProperty(value = "roleARN", required = true) @NotNull String roleARN, - @JsonProperty(value = "region", required = false) @NotNull String region) { + @JsonProperty(value = "region", required = false) @Nullable String region) { this(storageType, allowedLocations, roleARN, null, region); }