[
https://issues.apache.org/jira/browse/HADOOP-18945?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17776946#comment-17776946
]
ASF GitHub Bot commented on HADOOP-18945:
-----------------------------------------
mukund-thakur commented on code in PR #6202:
URL: https://github.com/apache/hadoop/pull/6202#discussion_r1364689562
##########
hadoop-tools/hadoop-aws/src/test/java/org/apache/hadoop/fs/s3a/auth/TestIAMInstanceCredentialsProvider.java:
##########
@@ -0,0 +1,105 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.hadoop.fs.s3a.auth;
+
+import java.io.IOException;
+
+import org.assertj.core.api.Assertions;
+import org.junit.Test;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import software.amazon.awssdk.auth.credentials.AwsCredentials;
+
+import org.apache.hadoop.test.AbstractHadoopTestBase;
+
+
+/**
+ * Unit tests for IAMInstanceCredentials provider.
+ * This is a bit tricky as don't want to
+ */
+public class TestIAMInstanceCredentialsProvider extends AbstractHadoopTestBase
{
+
+ private static final Logger LOG =
+ LoggerFactory.getLogger(TestIAMInstanceCredentialsProvider.class);
+
+ /**
+ * Error string from
+ *
software.amazon.awssdk.auth.credentials.InstanceProfileCredentialsProvider,
+ * if IAM resolution has been disabled.
+ */
+ public static final String DISABLED =
+ "IMDS credentials have been disabled by environment variable or system
property";
+
+ /**
+ * Test an immediate create/close.
+ */
+ @Test
+ public void testIAMInstanceCredentialsProviderClose() throws Throwable {
+ new IAMInstanceCredentialsProvider().close();
+ }
+
+ /**
+ * Test instantiation.
+ * Multiple outcomes depending on host setup.
+ * <ol>
+ * <li> In EC2: credentials resolved
+ * Assert comes with a key.</li>
+ * <li> Not in EC2: network error trying to talk to the service.
+ * Assert wrapped exception is an IOE.</li>
+ * <li> IMDS resolution disabled by env var/sysprop.
+ * Expect the message to contain the "disabled" text.</li>
+ * </ol>
+ */
+ @Test
+ public void testIAMInstanceCredentialsInstantiate() throws Throwable {
+ try (IAMInstanceCredentialsProvider provider = new
IAMInstanceCredentialsProvider()) {
+ try {
+ final AwsCredentials credentials = provider.resolveCredentials();
+ // if we get here this test suite is running in a container/EC2
+ LOG.info("Credentials: retrieved from {}: key={}",
+ provider.isContainerCredentialsProvider() ? "container" : "EC2",
+ credentials.accessKeyId());
+ Assertions.assertThat(credentials.accessKeyId())
+ .describedAs("Access key from IMDS")
+ .isNotBlank();
+
+ // and if we get here, so does a second call
+ final AwsCredentials credentials2 = provider.resolveCredentials();
+ } catch (NoAwsCredentialsException expected) {
+ // this is expected if the test is not running in a container/EC2
+ LOG.info("Not running in a container/EC2");
+ LOG.info("Exception raised", expected);
+ // and we expect to have fallen back to the EC2 provider
Review Comment:
fallback to instance profile provider,
> S3A: IAMInstanceCredentialsProvider failing: Failed to load credentials from
> IMDS
> ---------------------------------------------------------------------------------
>
> Key: HADOOP-18945
> URL: https://issues.apache.org/jira/browse/HADOOP-18945
> Project: Hadoop Common
> Issue Type: Sub-task
> Components: fs/s3
> Affects Versions: 7.2.18.0
> Reporter: Steve Loughran
> Assignee: Steve Loughran
> Priority: Blocker
> Labels: pull-request-available
>
> Failures in impala test VMs using iAM for auth
> {code}
> Failed to open file as a parquet file: java.net.SocketTimeoutException:
> re-open
> s3a://impala-test-uswest2-1/test-warehouse/test_pre_gregorian_date_parquet_2e80ae30.db/hive2_pre_gregorian.parquet
> at 84 on
> s3a://impala-test-uswest2-1/test-warehouse/test_pre_gregorian_date_parquet_2e80ae30.db/hive2_pre_gregorian.parquet:
> org.apache.hadoop.fs.s3a.auth.NoAwsCredentialsException: +: Failed to load
> credentials from IMDS
> {code}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
