aws region has been added

.mapping.json

@@ -9684,6 +9684,18 @@
   "ydb/library/yql/providers/s3/compressors/CMakeLists.linux-x86_64.txt":"",
   "ydb/library/yql/providers/s3/compressors/CMakeLists.txt":"",
   "ydb/library/yql/providers/s3/compressors/CMakeLists.windows-x86_64.txt":"",
+  "ydb/library/yql/providers/s3/credentials/CMakeLists.darwin-arm64.txt":"",
+  "ydb/library/yql/providers/s3/credentials/CMakeLists.darwin-x86_64.txt":"",
+  "ydb/library/yql/providers/s3/credentials/CMakeLists.linux-aarch64.txt":"",
+  "ydb/library/yql/providers/s3/credentials/CMakeLists.linux-x86_64.txt":"",
+  "ydb/library/yql/providers/s3/credentials/CMakeLists.txt":"",
+  "ydb/library/yql/providers/s3/credentials/CMakeLists.windows-x86_64.txt":"",
+  "ydb/library/yql/providers/s3/credentials/ut/CMakeLists.darwin-arm64.txt":"",
+  "ydb/library/yql/providers/s3/credentials/ut/CMakeLists.darwin-x86_64.txt":"",
+  "ydb/library/yql/providers/s3/credentials/ut/CMakeLists.linux-aarch64.txt":"",
+  "ydb/library/yql/providers/s3/credentials/ut/CMakeLists.linux-x86_64.txt":"",
+  "ydb/library/yql/providers/s3/credentials/ut/CMakeLists.txt":"",
+  "ydb/library/yql/providers/s3/credentials/ut/CMakeLists.windows-x86_64.txt":"",
   "ydb/library/yql/providers/s3/expr_nodes/CMakeLists.darwin-arm64.txt":"",
   "ydb/library/yql/providers/s3/expr_nodes/CMakeLists.darwin-x86_64.txt":"",
   "ydb/library/yql/providers/s3/expr_nodes/CMakeLists.linux-aarch64.txt":"",

ydb/core/kqp/gateway/behaviour/external_data_source/manager.cpp

@@ -48,6 +48,7 @@ void FillCreateExternalDataSourceDesc(NKikimrSchemeOp::TExternalDataSourceDescri
         auto& aws = *externaDataSourceDesc.MutableAuth()->MutableAws();
         aws.SetAwsAccessKeyIdSecretName(GetOrEmpty(settings, "aws_access_key_id_secret_name"));
         aws.SetAwsSecretAccessKeySecretName(GetOrEmpty(settings, "aws_secret_access_key_secret_name"));
+        aws.SetAwsRegion(GetOrEmpty(settings, "aws_region"));
     } else {
         ythrow yexception() << "Internal error. Unknown auth method: " << authMethod;
     }

ydb/core/kqp/gateway/kqp_metadata_loader.cpp

@@ -339,6 +339,8 @@ TTableMetadataResult EnrichExternalTable(const TTableMetadataResult& externalTab
     tableMeta->ExternalSource.DataSourceInstallation = externalDataSource.Metadata->ExternalSource.DataSourceInstallation;
     tableMeta->ExternalSource.DataSourceAuth = externalDataSource.Metadata->ExternalSource.DataSourceAuth;
     tableMeta->ExternalSource.ServiceAccountIdSignature = externalDataSource.Metadata->ExternalSource.ServiceAccountIdSignature;
+    tableMeta->ExternalSource.AwsAccessKeyId = externalDataSource.Metadata->ExternalSource.AwsAccessKeyId;
+    tableMeta->ExternalSource.AwsSecretAccessKey = externalDataSource.Metadata->ExternalSource.AwsSecretAccessKey;
     return result;
 }
 

ydb/core/kqp/provider/ut/CMakeLists.darwin-arm64.txt

@@ -32,6 +32,7 @@ target_link_options(ydb-core-kqp-provider-ut PRIVATE
 )
 target_sources(ydb-core-kqp-provider-ut PRIVATE
   ${CMAKE_SOURCE_DIR}/ydb/core/kqp/provider/yql_kikimr_gateway_ut.cpp
+  ${CMAKE_SOURCE_DIR}/ydb/core/kqp/provider/yql_kikimr_provider_ut.cpp
 )
 set_property(
   TARGET

ydb/core/kqp/provider/ut/CMakeLists.darwin-x86_64.txt

@@ -33,6 +33,7 @@ target_link_options(ydb-core-kqp-provider-ut PRIVATE
 )
 target_sources(ydb-core-kqp-provider-ut PRIVATE
   ${CMAKE_SOURCE_DIR}/ydb/core/kqp/provider/yql_kikimr_gateway_ut.cpp
+  ${CMAKE_SOURCE_DIR}/ydb/core/kqp/provider/yql_kikimr_provider_ut.cpp
 )
 set_property(
   TARGET

ydb/core/kqp/provider/ut/CMakeLists.linux-aarch64.txt

@@ -36,6 +36,7 @@ target_link_options(ydb-core-kqp-provider-ut PRIVATE
 )
 target_sources(ydb-core-kqp-provider-ut PRIVATE
   ${CMAKE_SOURCE_DIR}/ydb/core/kqp/provider/yql_kikimr_gateway_ut.cpp
+  ${CMAKE_SOURCE_DIR}/ydb/core/kqp/provider/yql_kikimr_provider_ut.cpp
 )
 set_property(
   TARGET

ydb/core/kqp/provider/ut/CMakeLists.linux-x86_64.txt

@@ -37,6 +37,7 @@ target_link_options(ydb-core-kqp-provider-ut PRIVATE
 )
 target_sources(ydb-core-kqp-provider-ut PRIVATE
   ${CMAKE_SOURCE_DIR}/ydb/core/kqp/provider/yql_kikimr_gateway_ut.cpp
+  ${CMAKE_SOURCE_DIR}/ydb/core/kqp/provider/yql_kikimr_provider_ut.cpp
 )
 set_property(
   TARGET

ydb/core/kqp/provider/ut/CMakeLists.windows-x86_64.txt

@@ -26,6 +26,7 @@ target_link_libraries(ydb-core-kqp-provider-ut PUBLIC
 )
 target_sources(ydb-core-kqp-provider-ut PRIVATE
   ${CMAKE_SOURCE_DIR}/ydb/core/kqp/provider/yql_kikimr_gateway_ut.cpp
+  ${CMAKE_SOURCE_DIR}/ydb/core/kqp/provider/yql_kikimr_provider_ut.cpp
 )
 set_property(
   TARGET

ydb/core/kqp/provider/ut/ya.make

@@ -2,6 +2,7 @@ UNITTEST_FOR(ydb/core/kqp/provider)
 
 SRCS(
     yql_kikimr_gateway_ut.cpp
+    yql_kikimr_provider_ut.cpp
 )
 
 PEERDIR(

ydb/core/kqp/provider/yql_kikimr_datasource.cpp

@@ -64,6 +64,51 @@ TExprNode::TPtr BuildExternalTableSettings(TPositionHandle pos, TExprContext& ct
     return ctx.NewList(pos, std::move(items));
 }
 
+TString FillAuthProperties(THashMap<TString, TString>& properties, const TExternalSource& externalSource) {
+    switch (externalSource.DataSourceAuth.identity_case()) {
+        case NKikimrSchemeOp::TAuth::kServiceAccount:
+            properties["authMethod"] = "SERVICE_ACCOUNT";
+            properties["serviceAccountId"] = externalSource.DataSourceAuth.GetServiceAccount().GetId();
+            properties["serviceAccountIdSignature"] = externalSource.ServiceAccountIdSignature;
+            properties["serviceAccountIdSignatureReference"] = externalSource.DataSourceAuth.GetServiceAccount().GetSecretName();
+            return {};
+
+        case NKikimrSchemeOp::TAuth::kNone:
+            properties["authMethod"] = "NONE";
+            return {};
+
+        case NKikimrSchemeOp::TAuth::kBasic:
+            properties["authMethod"] = "BASIC";
+            properties["login"] = externalSource.DataSourceAuth.GetBasic().GetLogin();
+            properties["password"] = externalSource.Password;
+            properties["passwordReference"] = externalSource.DataSourceAuth.GetBasic().GetPasswordSecretName();
+            return {};
+
+        case NKikimrSchemeOp::TAuth::kMdbBasic:
+            properties["authMethod"] = "MDB_BASIC";
+            properties["serviceAccountId"] = externalSource.DataSourceAuth.GetMdbBasic().GetServiceAccountId();
+            properties["serviceAccountIdSignature"] = externalSource.ServiceAccountIdSignature;
+            properties["serviceAccountIdSignatureReference"] = externalSource.DataSourceAuth.GetMdbBasic().GetServiceAccountSecretName();
+
+            properties["login"] = externalSource.DataSourceAuth.GetMdbBasic().GetLogin();
+            properties["password"] = externalSource.Password;
+            properties["passwordReference"] = externalSource.DataSourceAuth.GetMdbBasic().GetPasswordSecretName();
+            return {};
+
+        case NKikimrSchemeOp::TAuth::kAws:
+            properties["authMethod"] = "AWS";
+            properties["awsAccessKeyId"] = externalSource.AwsAccessKeyId;
+            properties["awsAccessKeyIdReference"] = externalSource.DataSourceAuth.GetAws().GetAwsAccessKeyIdSecretName();
+            properties["awsSecretAccessKey"] = externalSource.AwsSecretAccessKey;
+            properties["awsSecretAccessKeyReference"] = externalSource.DataSourceAuth.GetAws().GetAwsSecretAccessKeySecretName();
+            properties["awsRegion"] = externalSource.DataSourceAuth.GetAws().GetAwsRegion();
+            return {};
+
+        case NKikimrSchemeOp::TAuth::IDENTITY_NOT_SET:
+            return {"Identity case is not specified"};
+    }
+}
+
 namespace {
 
 using namespace NKikimr;
@@ -257,47 +302,10 @@ public:
 
         properties.insert(metadata.ExternalSource.Properties.GetProperties().begin(), metadata.ExternalSource.Properties.GetProperties().end());
 
-        switch (metadata.ExternalSource.DataSourceAuth.identity_case()) {
-            case NKikimrSchemeOp::TAuth::kServiceAccount:
-                properties["authMethod"] = "SERVICE_ACCOUNT";
-                properties["serviceAccountId"] = metadata.ExternalSource.DataSourceAuth.GetServiceAccount().GetId();
-                properties["serviceAccountIdSignature"] = metadata.ExternalSource.ServiceAccountIdSignature;
-                properties["serviceAccountIdSignatureReference"] = metadata.ExternalSource.DataSourceAuth.GetServiceAccount().GetSecretName();
-                break;
-
-            case NKikimrSchemeOp::TAuth::kNone:
-                properties["authMethod"] = "SERVICE_ACCOUNT";
-                break;
-
-            case NKikimrSchemeOp::TAuth::kBasic:
-                properties["authMethod"] = "BASIC";
-                properties["login"] = metadata.ExternalSource.DataSourceAuth.GetBasic().GetLogin();
-                properties["password"] = metadata.ExternalSource.Password;
-                properties["passwordReference"] = metadata.ExternalSource.DataSourceAuth.GetBasic().GetPasswordSecretName();
-                break;
-
-            case NKikimrSchemeOp::TAuth::kMdbBasic:
-                properties["authMethod"] = "MDB_BASIC";
-                properties["serviceAccountId"] = metadata.ExternalSource.DataSourceAuth.GetMdbBasic().GetServiceAccountId();
-                properties["serviceAccountIdSignature"] = metadata.ExternalSource.ServiceAccountIdSignature;
-                properties["serviceAccountIdSignatureReference"] = metadata.ExternalSource.DataSourceAuth.GetMdbBasic().GetServiceAccountSecretName();
-
-                properties["login"] = metadata.ExternalSource.DataSourceAuth.GetMdbBasic().GetLogin();
-                properties["password"] = metadata.ExternalSource.Password;
-                properties["passwordReference"] = metadata.ExternalSource.DataSourceAuth.GetMdbBasic().GetPasswordSecretName();
-                break;
-
-            case NKikimrSchemeOp::TAuth::kAws:
-                properties["authMethod"] = "AWS";
-                properties["awsAccessKeyId"] = metadata.ExternalSource.AwsAccessKeyId;
-                properties["awsAccessKeyIdReference"] = metadata.ExternalSource.DataSourceAuth.GetAws().GetAwsAccessKeyIdSecretName();
-                properties["awsSecretAccessKey"] = metadata.ExternalSource.AwsSecretAccessKey;
-                properties["awsSecretAccessKeyReference"] = metadata.ExternalSource.DataSourceAuth.GetAws().GetAwsSecretAccessKeySecretName();
-                break;
-
-            case NKikimrSchemeOp::TAuth::IDENTITY_NOT_SET:
-                res.AddIssue(TIssue("Identity case is not specified"));
-                return false;
+        const auto error = FillAuthProperties(properties, metadata.ExternalSource);
+        if (error) {
+            res.AddIssue(TIssue(error));
+            return false;
         }
 
         it->second->AddCluster(metadata.ExternalSource.DataSourcePath, properties);