thswlsqls opened a new pull request, #17048:
URL: https://github.com/apache/iceberg/pull/17048

   
   Closes #17046
   
   ## Summary
   
   - `DefaultAliyunClientFactory.newOSSClient()` always checked RRSA 
environment variables first, silently overriding explicit 
`client.access-key-id`/`client.access-key-secret` configuration whenever a pod 
happened to have RRSA env vars set (e.g. ACK auto-injection).
   - Now RRSA is only used as a fallback when the static credential pair is 
incomplete (either field missing), matching the precedence in the sibling aws 
module (`AwsClientProperties#credentialsProvider`, which prefers a fully 
configured static pair over auto-detection).
   - Existing RRSA-only users (no static credentials configured) see no 
behavior change.
   
   ## Testing done
   
   - Added 
`TestAliyunClientFactories#testExplicitStaticCredentialsTakePrecedenceOverRrsa`:
 RRSA env vars + complete static credentials configured -> static credentials 
used (no exception from the nonexistent RRSA token file path).
   - Added `TestAliyunClientFactories#testRrsaUsedWhenAccessKeySecretMissing`: 
RRSA env vars + only `access-key-id` configured (secret missing) -> RRSA path 
still used, avoiding a regression for incomplete static config.
   - `./gradlew :iceberg-aliyun:check` - 40 existing + 2 new = 42 tests passed 
(spotlessCheck, checkstyle, errorProne all passed).
   - `iceberg-aliyun` is not a revapi-tracked module; no revapi run needed.
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to