fix: enforce user must specify access_key and secret_key using aws auth

[tabVersion]

I hereby agree to the terms of the RisingWave Labs, Inc. Contributor License Agreement.

What's changed and what's your intention?

resolve #11086

Checklist

• I have written necessary rustdoc comments
• I have added necessary unit tests and integration tests
• I have added fuzzing tests or opened an issue to track them. (Optional, recommended for new SQL features Sqlsmith: Sql feature generation #7934).
• My PR contains breaking changes. (If it deprecates some features, please create a tracking issue to remove them in the future).
• All checks passed in ./risedev check (or alias, ./risedev c)
• My PR changes performance-critical code. (Please run macro/micro-benchmarks and show the results.)

• My PR contains critical fixes that are necessary to be merged into the latest release. (Please check out the details)

Documentation

• My PR contains user-facing changes.

Click here for Documentation

Types of user-facing changes

Please keep the types that apply to your changes, and remove the others.

• Connector (sources & sinks)

Release note

access_key and corresponding secret_key become a must for all aws auth components.

[xxchan]

Should we reject it in fe?

[xxchan]

But might be ok as a quick fix

[tabVersion]

still discussing with @arkbriar, whether we should continuously support public buckets.

[fuyufjh]

still discussing with @arkbriar, whether we should continuously support public buckets.

Prefer to keep it. It's up to user's choice, not our fault.

[xxchan]

We should change this?

[tabVersion]

the problem is about finding an alternative for from_env.

Important: Using the aws-config crate to configure the SDK is preferred to invoking this builder directly. Using this builder directly won’t pull in any AWS recommended default configuration values.

---- from doc

It is not recommended to build SdkConfig directly.

[huangjw806]

If the bucket is Publicly accessible, can we don't provide AK/SK?

[fuyufjh]

still discussing with @arkbriar, whether we should continuously support public buckets.

Prefer to keep it. It's up to user's choice, not our fault.

See @huangjw806 's comment

[tabVersion]

If the bucket is Publicly accessible, can we don't provide AK/SK?

Just change to an empty string as default. We won't use our env var any more.

[tabVersion]

it looks like we cannot use a random or empty string as AK/SK, even for public access bucket.

---

conclusion: we provide the ability to access public buckets by using our own AK/SK. So we may not provide the func anymore. cc @fuyufjh @arkbriar

[fuyufjh]

conclusion: we provide the ability to access public buckets by using our own AK/SK. So we may not provide the func anymore.

Well... Okay if that's too difficult, I can accept it

[codecov]

Codecov Report

Merging #11120 (0922e29) into main (7476772) will increase coverage by 0.00%.
The diff coverage is 0.00%.

@@           Coverage Diff           @@
##             main   #11120   +/-   ##
=======================================
  Coverage   69.92%   69.92%           
=======================================
  Files        1312     1312           
  Lines      223351   223347    -4     
=======================================
- Hits       156171   156170    -1     
+ Misses      67180    67177    -3     

Flag	Coverage Δ
rust	69.92% <0.00%> (+<0.01%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files	Coverage Δ
src/connector/src/aws_auth.rs	37.33% <0.00%> (+4.00%)	⬆️
src/connector/src/aws_utils.rs	0.00% <0.00%> (ø)
...c/connector/src/source/filesystem/s3/enumerator.rs	28.82% <0.00%> (-0.81%)	⬇️

... and 1 file with indirect coverage changes

📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more

[arkbriar]

LGTM!