(hadoop) branch trunk updated: HADOOP-19535: S3A: Support WebIdentityTokenFileCredentialsProvider

Mon, 21 Jul 2025 10:04:35 -0700 

This is an automated email from the ASF dual-hosted git repository.

stevel pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/hadoop.git


The following commit(s) were added to refs/heads/trunk by this push:
     new ca25b1b654a HADOOP-19535: S3A: Support 
WebIdentityTokenFileCredentialsProvider
ca25b1b654a is described below

commit ca25b1b654a7d916a3bf7217b21af298d82901a9
Author: Syed Shameerur Rahman <rhma...@amazon.com>
AuthorDate: Mon Jul 21 22:34:22 2025 +0530

    HADOOP-19535: S3A: Support WebIdentityTokenFileCredentialsProvider
    
    
    
    Support authentication through WebIdentityTokenFileCredentialsProvider,
    
    Syed Shameerur Rahman
---
 .../apache/hadoop/fs/s3a/AWSCredentialProviderList.java | 10 ++++++++++
 .../site/markdown/tools/hadoop-aws/authentication.md    |  1 +
 .../hadoop/fs/s3a/TestS3AAWSCredentialsProvider.java    | 17 +++++++++++++++++
 3 files changed, 28 insertions(+)

diff --git 
a/hadoop-tools/hadoop-aws/src/main/java/org/apache/hadoop/fs/s3a/AWSCredentialProviderList.java
 
b/hadoop-tools/hadoop-aws/src/main/java/org/apache/hadoop/fs/s3a/AWSCredentialProviderList.java
index d89795c68d3..e2e12b3f58e 100644
--- 
a/hadoop-tools/hadoop-aws/src/main/java/org/apache/hadoop/fs/s3a/AWSCredentialProviderList.java
+++ 
b/hadoop-tools/hadoop-aws/src/main/java/org/apache/hadoop/fs/s3a/AWSCredentialProviderList.java
@@ -198,6 +198,16 @@ public AwsCredentials resolveCredentials() {
         lastException = e;
         LOG.debug("No credentials provided by {}: {}",
             provider, e.toString(), e);
+      } catch (Exception e) {
+        // convert any other exception into SDKException.
+        // This is required because some credential provider like
+        // WebIdentityTokenFileCredentialsProvider might throw
+        // exceptions other than SdkException.
+        if (e.getMessage() != null) {
+          lastException = SdkException.create(e.getMessage(), e);
+        }
+        LOG.debug("No credentials provided by {}: {}",
+            provider, e.toString(), e);
       }
     }
 
diff --git 
a/hadoop-tools/hadoop-aws/src/site/markdown/tools/hadoop-aws/authentication.md 
b/hadoop-tools/hadoop-aws/src/site/markdown/tools/hadoop-aws/authentication.md
index af60a48f7da..be9b204b73c 100644
--- 
a/hadoop-tools/hadoop-aws/src/site/markdown/tools/hadoop-aws/authentication.md
+++ 
b/hadoop-tools/hadoop-aws/src/site/markdown/tools/hadoop-aws/authentication.md
@@ -184,6 +184,7 @@ There are also many in the Amazon SDKs, with the common 
ones being as follows
 | 
`software.amazon.awssdk.auth.credentials.EnvironmentVariableCredentialsProvider`
 | AWS Environment Variables    |
 | `software.amazon.awssdk.auth.credentials.InstanceProfileCredentialsProvider` 
    | EC2 Metadata Credentials     |
 | `software.amazon.awssdk.auth.credentials.ContainerCredentialsProvider`       
    | EC2/k8s Metadata Credentials |
+| 
`software.amazon.awssdk.auth.credentials.WebIdentityTokenFileCredentialsProvider`|
 K8s Metadata Credentials     |
 
 
 
diff --git 
a/hadoop-tools/hadoop-aws/src/test/java/org/apache/hadoop/fs/s3a/TestS3AAWSCredentialsProvider.java
 
b/hadoop-tools/hadoop-aws/src/test/java/org/apache/hadoop/fs/s3a/TestS3AAWSCredentialsProvider.java
index fe926dec0c8..c759043252f 100644
--- 
a/hadoop-tools/hadoop-aws/src/test/java/org/apache/hadoop/fs/s3a/TestS3AAWSCredentialsProvider.java
+++ 
b/hadoop-tools/hadoop-aws/src/test/java/org/apache/hadoop/fs/s3a/TestS3AAWSCredentialsProvider.java
@@ -187,6 +187,23 @@ public void testDefaultChain() throws Exception {
     assertCredentialProviders(expectedClasses, list2);
   }
 
+  @Test
+  public void testNonSdkExceptionConversion() throws Throwable {
+    // Create a mock credential provider that throws a non-SDK exception
+    AwsCredentialsProvider mockProvider = () -> {
+      throw new RuntimeException("Test credential error");
+    };
+
+    // Create the provider list with our mock provider
+    AWSCredentialProviderList providerList =
+        new AWSCredentialProviderList(Collections.singletonList(mockProvider));
+
+    // Attempt to get credentials, which should trigger the exception
+    intercept(NoAuthWithAWSException.class,
+        "No AWS Credentials provided",
+        () -> providerList.resolveCredentials());
+  }
+
   @Test
   public void testDefaultChainNoURI() throws Exception {
     Configuration conf = new Configuration(false);


---------------------------------------------------------------------
To unsubscribe, e-mail: common-commits-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-commits-h...@hadoop.apache.org

Reply via email to