CalvinKirs opened a new pull request, #60443: URL: https://github.com/apache/doris/pull/60443
… For S3-compatible object storages such as COS and OBS, authentication does not fully follow the AWS native credential provider chain. In these systems, anonymous access is a valid and commonly used mode when no AK/SK is configured. However, when `aws_credentials_provider_version` is set to `v2`, BE currently falls back to the AWS SDK v2 default credential provider chain if no credentials are explicitly provided. This behavior is AWS-specific and is not applicable to S3-compatible storage systems like COS and OBS, which may not support or require the AWS credential resolution chain. Problem ------- When `aws_credentials_provider_version = v2` and no AK/SK is configured: - BE attempts to resolve credentials using the AWS SDK v2 provider chain - This may lead to unexpected authentication failures or unnecessary environment dependency - The behavior is inconsistent with S3-compatible storage expectations Expected Behavior ----------------- For S3-compatible object storage: - If AK/SK is explicitly provided, use the configured credentials - If no credentials are provided, fall back to anonymous credentials - Do NOT trigger the AWS SDK v2 default credential provider chain -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
