This is an automated email from the ASF dual-hosted git repository.
xiazcy pushed a commit to branch dotnet-http-interceptors
in repository https://gitbox.apache.org/repos/asf/tinkerpop.git
The following commit(s) were added to refs/heads/dotnet-http-interceptors by
this push:
new 5ca9f878cc minor improvements to auth
5ca9f878cc is described below
commit 5ca9f878cca93798d8be563955f825a6de1fe7d3
Author: Yang Xia <[email protected]>
AuthorDate: Thu Mar 19 13:47:09 2026 -0700
minor improvements to auth
---
gremlin-dotnet/src/Gremlin.Net/Driver/Auth.cs | 23 +++++++++++++----------
1 file changed, 13 insertions(+), 10 deletions(-)
diff --git a/gremlin-dotnet/src/Gremlin.Net/Driver/Auth.cs
b/gremlin-dotnet/src/Gremlin.Net/Driver/Auth.cs
index d7d0770c1b..9014f53ca8 100644
--- a/gremlin-dotnet/src/Gremlin.Net/Driver/Auth.cs
+++ b/gremlin-dotnet/src/Gremlin.Net/Driver/Auth.cs
@@ -83,34 +83,38 @@ namespace Gremlin.Net.Driver
AuthenticationServiceName = service,
};
- return context =>
+ return async context =>
{
if (cachedProvider == null)
{
lock (cacheLock)
{
+ // FallbackCredentialsFactory only has a sync API, but
this runs once.
cachedProvider ??=
FallbackCredentialsFactory.GetCredentials();
}
}
- var immutableCreds = cachedProvider.GetCredentials();
- SignRequest(context, region, service, immutableCreds, signer,
clientConfig);
- return Task.CompletedTask;
+
+ // Use the async path — important for credential providers
that perform
+ // network I/O (e.g. IMDS on EC2, ECS task role endpoint).
+ var immutableCreds = await cachedProvider.GetCredentialsAsync()
+ .ConfigureAwait(false);
+ SignRequest(context, immutableCreds, signer, clientConfig);
};
}
- private static void SignRequest(HttpRequestContext context, string
region, string service,
+ private static void SignRequest(HttpRequestContext context,
ImmutableCredentials credentials, AWS4Signer signer,
SigningClientConfig clientConfig)
{
// Build a DefaultRequest from the HttpRequestContext for the AWS
SDK signer.
var endpointUri = new
Uri(context.Uri.GetLeftPart(UriPartial.Authority));
- var awsRequest = new DefaultRequest(new NullRequest(), service)
+ var awsRequest = new DefaultRequest(new NullRequest(),
clientConfig.AuthenticationServiceName)
{
HttpMethod = context.Method,
Endpoint = endpointUri,
ResourcePath = context.Uri.AbsolutePath,
Content = context.Body ?? Array.Empty<byte>(),
- AuthenticationRegion = region,
- OverrideSigningServiceName = service,
+ AuthenticationRegion = clientConfig.AuthenticationRegion,
+ OverrideSigningServiceName =
clientConfig.AuthenticationServiceName,
};
// Copy headers (skip Host — signer adds it)
@@ -143,8 +147,7 @@ namespace Gremlin.Net.Driver
awsRequest.Headers["x-amz-content-sha256"] = payloadHash;
// Sign the request
- signer.Sign(awsRequest, clientConfig, new RequestMetrics(),
- credentials.AccessKey, credentials.SecretKey);
+ signer.Sign(awsRequest, clientConfig, new RequestMetrics(),
credentials);
// Copy signed headers back to context. Cherry-pick the known
SigV4 headers
// because the .NET Dictionary is case-sensitive and the AWS SDK
may use
