Home Explore Help
Sign In
apache
/
hadoop
mirror of https://github.com/apache/hadoop.git
2
0
Fork 1
Files Issues 0 Wiki
Browse Source

HADOOP-19535: S3A: Support WebIdentityTokenFileCredentialsProvider


Support authentication through WebIdentityTokenFileCredentialsProvider,

Syed Shameerur Rahman
Syed Shameerur Rahman 4 days ago
parent
ed05d79b8e
commit
ca25b1b654
3 changed files with 28 additions and 0 deletions
Unified View Show Diff Stats
  1. 10 0
      hadoop-tools/hadoop-aws/src/main/java/org/apache/hadoop/fs/s3a/AWSCredentialProviderList.java
  2. 1 0
      hadoop-tools/hadoop-aws/src/site/markdown/tools/hadoop-aws/authentication.md
  3. 17 0
      hadoop-tools/hadoop-aws/src/test/java/org/apache/hadoop/fs/s3a/TestS3AAWSCredentialsProvider.java

+ 10 - 0
hadoop-tools/hadoop-aws/src/main/java/org/apache/hadoop/fs/s3a/AWSCredentialProviderList.java
View File 

@@ -198,6 +198,16 @@ public final class AWSCredentialProviderList implements AwsCredentialsProvider,
 
         lastException = e;
 
         lastException = e;
 
         LOG.debug("No credentials provided by {}: {}",
 
         LOG.debug("No credentials provided by {}: {}",
 
             provider, e.toString(), e);
 
             provider, e.toString(), e);
 
+      } catch (Exception e) {
 
+        // convert any other exception into SDKException.
 
+        // This is required because some credential provider like
 
+        // WebIdentityTokenFileCredentialsProvider might throw
 
+        // exceptions other than SdkException.
 
+        if (e.getMessage() != null) {
 
+          lastException = SdkException.create(e.getMessage(), e);
 
+        }
 
+        LOG.debug("No credentials provided by {}: {}",
 
+            provider, e.toString(), e);
 
       }
 
       }
 
     }
 
     }

+ 1 - 0
hadoop-tools/hadoop-aws/src/site/markdown/tools/hadoop-aws/authentication.md
View File 

@@ -184,6 +184,7 @@ There are also many in the Amazon SDKs, with the common ones being as follows
 
 | `software.amazon.awssdk.auth.credentials.EnvironmentVariableCredentialsProvider` | AWS Environment Variables    |
 
 | `software.amazon.awssdk.auth.credentials.EnvironmentVariableCredentialsProvider` | AWS Environment Variables    |
 
 | `software.amazon.awssdk.auth.credentials.InstanceProfileCredentialsProvider`     | EC2 Metadata Credentials     |
 
 | `software.amazon.awssdk.auth.credentials.InstanceProfileCredentialsProvider`     | EC2 Metadata Credentials     |
 
 | `software.amazon.awssdk.auth.credentials.ContainerCredentialsProvider`           | EC2/k8s Metadata Credentials |
 
 | `software.amazon.awssdk.auth.credentials.ContainerCredentialsProvider`           | EC2/k8s Metadata Credentials |
 
+| `software.amazon.awssdk.auth.credentials.WebIdentityTokenFileCredentialsProvider`| K8s Metadata Credentials     |

+ 17 - 0
hadoop-tools/hadoop-aws/src/test/java/org/apache/hadoop/fs/s3a/TestS3AAWSCredentialsProvider.java
View File 

@@ -187,6 +187,23 @@ public class TestS3AAWSCredentialsProvider extends AbstractS3ATestBase {
 
     assertCredentialProviders(expectedClasses, list2);
 
     assertCredentialProviders(expectedClasses, list2);
 
   }
 
   }
 
 
 
+  @Test
 
+  public void testNonSdkExceptionConversion() throws Throwable {
 
+    // Create a mock credential provider that throws a non-SDK exception
 
+    AwsCredentialsProvider mockProvider = () -> {
 
+      throw new RuntimeException("Test credential error");
 
+    };
 
+
 
+    // Create the provider list with our mock provider
 
+    AWSCredentialProviderList providerList =
 
+        new AWSCredentialProviderList(Collections.singletonList(mockProvider));
 
+
 
+    // Attempt to get credentials, which should trigger the exception
 
+    intercept(NoAuthWithAWSException.class,
 
+        "No AWS Credentials provided",
 
+        () -> providerList.resolveCredentials());
 
+  }
 
+
 
   @Test
 
   @Test
 
   public void testDefaultChainNoURI() throws Exception {
 
   public void testDefaultChainNoURI() throws Exception {
 
     Configuration conf = new Configuration(false);
 
     Configuration conf = new Configuration(false);