[
https://issues.apache.org/jira/browse/HADOOP-19648?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18016665#comment-18016665
]
ASF GitHub Bot commented on HADOOP-19648:
-----------------------------------------
leosanqing opened a new pull request, #7911:
URL: https://github.com/apache/hadoop/pull/7911
### Description of PR
In the org.apache.hadoop.fs.cosn.CosNativeFileSystemStore#initCOSClient
method, when the client is initialized, it only passes the access key and
secret key, completely ignoring the session token. This causes all subsequent
operations that rely on these temporary credentials to fail.
Furthermore, this re-initialization step seems unnecessary. Instead of
creating a new client with incomplete credentials, the existing credential
provider (which already contains the AK, SK, and token) should be passed down
directly.
This is same as https://github.com/apache/hadoop/pull/7867,but there were
some conflicts. so I send up a separate pull request targeting branch-3.4.
### How was this patch tested?
ITests are passed on my local env.
<img width="2528" height="576" alt="image"
src="https://github.com/user-attachments/assets/fff41a10-f423-46ee-a8f9-5a806175c97f";
/>
### For code changes:
- [✔] Does the title or this PR starts with the corresponding JIRA issue id
(yes)?
> cos use token credential will lost token field
> ----------------------------------------------
>
> Key: HADOOP-19648
> URL: https://issues.apache.org/jira/browse/HADOOP-19648
> Project: Hadoop Common
> Issue Type: Bug
> Components: cloud-storage, fs/cos
> Affects Versions: 3.3.0
> Reporter: sanqingleo
> Assignee: sanqingleo
> Priority: Critical
> Labels: pull-request-available
> Fix For: 3.5.0
>
> Attachments: image-2025-08-11-10-37-12-451.png,
> image-2025-08-11-10-42-36-375.png
>
>
> Hi,
> I've discovered a bug when accessing COSN using temporary credentials (access
> key, secret key, and session token).
> In the org.apache.hadoop.fs.cosn.CosNativeFileSystemStore#initCOSClient
> method, when the client is initialized, it only passes the access key and
> secret key, completely ignoring the session token. This causes all subsequent
> operations that rely on these temporary credentials to fail.
> Furthermore, this re-initialization step seems unnecessary. Instead of
> creating a new client with incomplete credentials, the existing credential
> provider (which already contains the AK, SK, and token) should be passed down
> directly.
> !image-2025-08-11-10-37-12-451.png|width=1048,height=540!
> !image-2025-08-11-10-42-36-375.png!
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-issues-h...@hadoop.apache.org
