Skip to content

Add STS header overrides functionality for default role#5701

Open
saketh-pallempati wants to merge 3 commits into
opensearch-project:mainfrom
fidelity-contributions:fix-issue-5530
Open

Add STS header overrides functionality for default role#5701
saketh-pallempati wants to merge 3 commits into
opensearch-project:mainfrom
fidelity-contributions:fix-issue-5530

Conversation

@saketh-pallempati

@saketh-pallempati saketh-pallempati commented May 19, 2025

Copy link
Copy Markdown
Contributor

Description

  • New sts_header_overrides configuration option in AwsStsConfiguration
  • Extended AwsCredentialsSupplier interface to expose configured header overrides
  • Implemented the method in DefaultAwsCredentialsSupplier
  • Added corresponding method to CredentialsProviderFactory
  • Added comprehensive test coverage

Issues Resolved

Resolves #5530

Check List

  • New functionality includes testing.
  • New functionality has a documentation issue. Please link to it in this PR.
    • New functionality has javadoc added
  • Commits are signed with a real name per the DCO

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

@saketh-pallempati
Add STS header overrides functionality for default role
d64b659 
                 The implementation includes:

                 - New sts_header_overrides configuration option in AwsStsConfiguration
                 - Extended AwsCredentialsSupplier interface to expose configured header overrides
                 - Implemented the method in DefaultAwsCredentialsSupplier
                 - Added corresponding method to CredentialsProviderFactory
                 - Added comprehensive test coverage

Signed-off-by: Pallempati Saketh <pallempati.saketh@fmr.com>
graytaylor0
graytaylor0 reviewed May 29, 2025
View reviewed changes

@graytaylor0 graytaylor0 left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for picking this up! You'll want to wire this in here so that it will be used when configured in the data-prepper-config.yaml (https://github.com/opensearch-project/data-prepper/blob/main/data-prepper-plugins/aws-plugin/src/main/java/org/opensearch/dataprepper/plugins/aws/CredentialsProviderFactory.java#L86). The goal of this issue is to make it so that users do not have to duplicate the sts_header_overrides everywhere within the pipeline config, and can just configure once in the data-prepper-config.yaml

@saketh-pallempati
feat: wire default STS header overrides from data-prepper-config.yaml
8a8b864 
- Modified CredentialsProviderFactory to use default STS header overrides when not specified in credentials options
- Added test to verify fallback behavior to default configuration
- Enables users to configure STS headers once in data-prepper-config.yaml instead of duplicating across pipeline configs

Signed-off-by: Pallempati Saketh <pallempati.saketh@fmr.com>
@saketh-pallempati

saketh-pallempati commented May 30, 2025

Copy link
Copy Markdown
Contributor Author

Hi @graytaylor0
Thanks for the suggestoins
I made the required changes
Please do review

graytaylor0
graytaylor0 previously approved these changes Jun 10, 2025
View reviewed changes

@graytaylor0 graytaylor0 left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for making this change!

sb2k16
sb2k16 previously approved these changes Jun 13, 2025
View reviewed changes
@graytaylor0

graytaylor0 commented Jun 16, 2025

Copy link
Copy Markdown
Member

@saketh-pallempati There are merge conflicts keeping me from merging this one in.

@saketh-pallempati
Merge branch 'main' into fix-issue-5530
dd55aaf 
Signed-off-by: Saketh Pallempati <pallempati.saketh@fmr.com>
@saketh-pallempati saketh-pallempati dismissed stale reviews from sb2k16 and graytaylor0 via dd55aaf June 17, 2025 11:28
@saketh-pallempati

saketh-pallempati commented Jun 17, 2025
edited
Loading

Copy link
Copy Markdown
Contributor Author

Hi @graytaylor0 I resolved the merge conflicts. It one more very similar issue I worked on.
So everything should work now.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@graytaylor0 graytaylor0 graytaylor0 approved these changes

@chenqi0805 chenqi0805 Awaiting requested review from chenqi0805

@engechas engechas Awaiting requested review from engechas

@san81 san81 Awaiting requested review from san81 san81 is a code owner

@srikanthjg srikanthjg Awaiting requested review from srikanthjg srikanthjg is a code owner

@dinujoh dinujoh Awaiting requested review from dinujoh dinujoh is a code owner

@kkondaka kkondaka Awaiting requested review from kkondaka kkondaka is a code owner

@KarstenSchnitter KarstenSchnitter Awaiting requested review from KarstenSchnitter KarstenSchnitter is a code owner

@dlvenable dlvenable Awaiting requested review from dlvenable dlvenable is a code owner

@oeyh oeyh Awaiting requested review from oeyh oeyh is a code owner

@sb2k16 sb2k16 Awaiting requested review from sb2k16 sb2k16 is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Support sts_header_overrides in default role configuration in data-prepper-config.yaml

3 participants

@saketh-pallempati @graytaylor0 @sb2k16