[
https://issues.apache.org/jira/browse/HADOOP-19648?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18014207#comment-18014207
]
ASF GitHub Bot commented on HADOOP-19648:
-----------------------------------------
cnauroth commented on code in PR #7867:
URL: https://github.com/apache/hadoop/pull/7867#discussion_r2279916489
##########
hadoop-cloud-storage-project/hadoop-cos/src/test/java/org/apache/hadoop/fs/cosn/TestCosCredentials.java:
##########
@@ -131,4 +134,44 @@ private void validateCredentials(URI uri, Configuration
configuration)
}
}
}
+
+ @Test
+ public void testTmpTokenCredentialsProvider() throws Throwable {
+ Configuration configuration = new Configuration();
+ // Set DynamicTemporaryCosnCredentialsProvider as the CosCredentials
+ // Provider.
+ configuration.set(CosNConfigKeys.COSN_CREDENTIALS_PROVIDER,
+
"org.apache.hadoop.fs.cosn.auth.DynamicTemporaryCosnCredentialsProvider");
+ validateTmpTokenCredentials(this.fsUri, configuration);
+ }
+
+ private void validateTmpTokenCredentials(URI uri, Configuration
configuration)
+ throws IOException {
+ if (null != configuration) {
+ COSCredentialsProvider credentialsProvider =
+ CosNUtils.createCosCredentialsProviderSet(uri, configuration);
+ COSCredentials cosCredentials = credentialsProvider.getCredentials();
+ assertNotNull(cosCredentials, "The cos credentials obtained is null.");
+ assertTrue(
+
StringUtils.equalsIgnoreCase(configuration.get(CosNConfigKeys.COSN_CREDENTIALS_PROVIDER),
+
"org.apache.hadoop.fs.cosn.auth.DynamicTemporaryCosnCredentialsProvider"),
+ "CredentialsProvider must be
DynamicTemporaryCosnCredentialsProvider");
+
+ if (!(cosCredentials instanceof BasicSessionCredentials)) {
Review Comment:
This could be simplified to:
```
assertTrue(cosCredentials instanceof BasicSessionCredentials, "...");
```
##########
hadoop-cloud-storage-project/hadoop-cos/src/test/java/org/apache/hadoop/fs/cosn/TestCosCredentials.java:
##########
@@ -131,4 +134,44 @@ private void validateCredentials(URI uri, Configuration
configuration)
}
}
}
+
+ @Test
+ public void testTmpTokenCredentialsProvider() throws Throwable {
+ Configuration configuration = new Configuration();
+ // Set DynamicTemporaryCosnCredentialsProvider as the CosCredentials
+ // Provider.
+ configuration.set(CosNConfigKeys.COSN_CREDENTIALS_PROVIDER,
+
"org.apache.hadoop.fs.cosn.auth.DynamicTemporaryCosnCredentialsProvider");
+ validateTmpTokenCredentials(this.fsUri, configuration);
+ }
+
+ private void validateTmpTokenCredentials(URI uri, Configuration
configuration)
+ throws IOException {
+ if (null != configuration) {
Review Comment:
Is this null check required? It seems like `configuration` will always be
non-null.
##########
hadoop-cloud-storage-project/hadoop-cos/src/test/java/org/apache/hadoop/fs/cosn/TestCosCredentials.java:
##########
@@ -131,4 +134,44 @@ private void validateCredentials(URI uri, Configuration
configuration)
}
}
}
+
+ @Test
+ public void testTmpTokenCredentialsProvider() throws Throwable {
+ Configuration configuration = new Configuration();
+ // Set DynamicTemporaryCosnCredentialsProvider as the CosCredentials
+ // Provider.
+ configuration.set(CosNConfigKeys.COSN_CREDENTIALS_PROVIDER,
+
"org.apache.hadoop.fs.cosn.auth.DynamicTemporaryCosnCredentialsProvider");
+ validateTmpTokenCredentials(this.fsUri, configuration);
+ }
+
+ private void validateTmpTokenCredentials(URI uri, Configuration
configuration)
+ throws IOException {
+ if (null != configuration) {
+ COSCredentialsProvider credentialsProvider =
+ CosNUtils.createCosCredentialsProviderSet(uri, configuration);
+ COSCredentials cosCredentials = credentialsProvider.getCredentials();
+ assertNotNull(cosCredentials, "The cos credentials obtained is null.");
+ assertTrue(
+
StringUtils.equalsIgnoreCase(configuration.get(CosNConfigKeys.COSN_CREDENTIALS_PROVIDER),
+
"org.apache.hadoop.fs.cosn.auth.DynamicTemporaryCosnCredentialsProvider"),
+ "CredentialsProvider must be
DynamicTemporaryCosnCredentialsProvider");
+
+ if (!(cosCredentials instanceof BasicSessionCredentials)) {
+ fail("cosCredentials must be instanceof BasicSessionCredentials");
+ }
+
+ if (!StringUtils.equals(cosCredentials.getCOSAccessKeyId(), "ak") ||
!StringUtils.equals(
Review Comment:
Instead of conditional logic around `fail`, I suggest that this should be 3
separate `assertEquals` for access key, secret key and session token.
> cos use token credential will lost token field
> ----------------------------------------------
>
> Key: HADOOP-19648
> URL: https://issues.apache.org/jira/browse/HADOOP-19648
> Project: Hadoop Common
> Issue Type: Bug
> Components: cloud-storage
> Affects Versions: 3.3.0
> Reporter: sanqingleo
> Priority: Critical
> Labels: pull-request-available
> Attachments: image-2025-08-11-10-37-12-451.png,
> image-2025-08-11-10-42-36-375.png
>
>
> Hi,
> I've discovered a bug when accessing COSN using temporary credentials (access
> key, secret key, and session token).
> In the org.apache.hadoop.fs.cosn.CosNativeFileSystemStore#initCOSClient
> method, when the client is initialized, it only passes the access key and
> secret key, completely ignoring the session token. This causes all subsequent
> operations that rely on these temporary credentials to fail.
> Furthermore, this re-initialization step seems unnecessary. Instead of
> creating a new client with incomplete credentials, the existing credential
> provider (which already contains the AK, SK, and token) should be passed down
> directly.
> !image-2025-08-11-10-37-12-451.png|width=1048,height=540!
> !image-2025-08-11-10-42-36-375.png!
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-issues-h...@hadoop.apache.org
