Summary
AssumeRoleWithOidcCredentialProvider currently only exposes typed builder methods for sts_endpoint and role_session_name.
The required OIDC fields below can only be provided indirectly via environment variables:
ALIBABA_CLOUD_ROLE_ARNALIBABA_CLOUD_OIDC_PROVIDER_ARNALIBABA_CLOUD_OIDC_TOKEN_FILE
This makes the provider hard to embed in libraries that already hold those values in structured config.
Problem
Today the provider has this shape:
with_sts_endpoint(...)with_role_session_name(...)
But role_arn, oidc_provider_arn, and oidc_token_file are still loaded from Context::env_vars() at runtime.
For library users, this means:
- they cannot pass the full OIDC configuration through typed APIs
- they must synthesize env values even when configuration is already available in memory
- builder-style configuration is incomplete and inconsistent
Expected
Add typed setters for the missing fields, for example:
with_role_arn(...)with_oidc_provider_arn(...)with_oidc_token_file(...)
Once those exist, embedders can configure the provider without relying on env overlays for the core OIDC inputs.
Context
OpenDAL currently needs a local workaround in its OSS backend to copy structured config into a StaticEnv snapshot before constructing reqsign context. This workaround exists only because the provider does not expose typed configuration for those required fields.
Summary
AssumeRoleWithOidcCredentialProvidercurrently only exposes typed builder methods forsts_endpointandrole_session_name.The required OIDC fields below can only be provided indirectly via environment variables:
ALIBABA_CLOUD_ROLE_ARNALIBABA_CLOUD_OIDC_PROVIDER_ARNALIBABA_CLOUD_OIDC_TOKEN_FILEThis makes the provider hard to embed in libraries that already hold those values in structured config.
Problem
Today the provider has this shape:
with_sts_endpoint(...)with_role_session_name(...)But
role_arn,oidc_provider_arn, andoidc_token_fileare still loaded fromContext::env_vars()at runtime.For library users, this means:
Expected
Add typed setters for the missing fields, for example:
with_role_arn(...)with_oidc_provider_arn(...)with_oidc_token_file(...)Once those exist, embedders can configure the provider without relying on env overlays for the core OIDC inputs.
Context
OpenDAL currently needs a local workaround in its OSS backend to copy structured config into a
StaticEnvsnapshot before constructingreqsigncontext. This workaround exists only because the provider does not expose typed configuration for those required fields.