Open dshick-nydig opened 1 year ago
@dshick-nydig
This would allow a StsWebIdentityTokenFileCredentialsProvider to be used in a credential chain when not configured properly.
I don't quite understand the ask here. How would you use it if it's not properly configured?
@dshick-nydig
This would allow a StsWebIdentityTokenFileCredentialsProvider to be used in a credential chain when not configured properly.
I don't quite understand the ask here. How would you use it if it's not properly configured?
Sure, I can elaborate. This only makes sense when discussing this provider as part of a larger credential chain. In some cases it might be configured correctly while in others it may not.
In our example, a service may be running on ECS or EKS, meaning that we either want the metadata service or WebIdentityToken. If this code belongs to a library intended for use in many services, we don't know until runtime which we will want.
The normal behavior of the chain would be to fall through to the next provider if an earlier provider in the chain is misconfigured and throws when attempting to resolve credentials. This one provider behaves differently than the others and throws at the time of instantiation if certain env vars or properties aren't set, rather than at time of use.
This would allow a StsWebIdentityTokenFileCredentialsProvider to be used in a credential chain when not configured properly.
I should have written "would allow [it] to be included in a credential chain when not configured properly".
@dshick-nydig apologies for losing track of this, and thank you for the clarification. Yes, we should make the behavior consistent across the credential providers.
Describe the bug
StsWebIdentityTokenFileCredentialsProvider
throws on instantiation when certain environment variables are unset. This makes it impossible to use in aAwsCredentialsProviderChain
unless aAWS_WEB_IDENTITY_TOKEN_FILE
environment variable is set.Expected Behavior
StsWebIdentityTokenFileCredentialsProvider
instantiates successfully but throws on the first invocation ofresolveCredentials
via theloadException
instance variable. This would allow aStsWebIdentityTokenFileCredentialsProvider
to be used in a credential chain when not configured properly.Current Behavior
At the time of instantiation, the
StsWebIdentityTokenFileCredentialsProvider
throwsEither the environment variable AWS_WEB_IDENTITY_TOKEN_FILE or the javaproperty aws.webIdentityTokenFile must be set.
Reproduction Steps
Attempt to use a
StsWebIdentityTokenFileCredentialsProvider
in anAwsCredentialsProviderChain
without setting the appropriate environment variables pointing to a token file.Possible Solution
This
try
should be lifted above the resolution of SdkSystemSettings as is done in the core WebIdentityTokenFileCredentialsProviderAdditional Information/Context
No response
AWS Java SDK version used
commit hash: 34d02707297ce3fec31da6e431d1bc6e276e0f55 (i.e. the latest as of writing this issue)
JDK version used
openjdk 17.0.4.1 2022-08-12
Operating System and version
macOS 13.3.1 (22E261)