HADOOP-16568. S3A FullCredentialsTokenBinding fails if local credentials are unset. (#1441)
Contributed by Steve Loughran. Move the loading to deployUnbonded (where they are required) and add a safety check when a new DT is requested
This commit is contained in:
parent
97c98ce531
commit
40d63e02f0
@ -22,6 +22,8 @@
|
||||
import java.net.URI;
|
||||
import java.util.Optional;
|
||||
|
||||
import com.google.common.base.Preconditions;
|
||||
|
||||
import org.apache.hadoop.conf.Configuration;
|
||||
import org.apache.hadoop.fs.s3a.AWSCredentialProviderList;
|
||||
import org.apache.hadoop.fs.s3a.S3AUtils;
|
||||
@ -73,7 +75,6 @@ public FullCredentialsTokenBinding() {
|
||||
@Override
|
||||
protected void serviceStart() throws Exception {
|
||||
super.serviceStart();
|
||||
loadAWSCredentials();
|
||||
}
|
||||
|
||||
/**
|
||||
@ -116,6 +117,7 @@ private void loadAWSCredentials() throws IOException {
|
||||
@Override
|
||||
public AWSCredentialProviderList deployUnbonded() throws IOException {
|
||||
requireServiceStarted();
|
||||
loadAWSCredentials();
|
||||
return new AWSCredentialProviderList(
|
||||
"Full Credentials Token Binding",
|
||||
new MarshalledCredentialProvider(
|
||||
@ -142,7 +144,8 @@ public AbstractS3ATokenIdentifier createTokenIdentifier(
|
||||
final EncryptionSecrets encryptionSecrets,
|
||||
final Text renewer) throws IOException {
|
||||
requireServiceStarted();
|
||||
|
||||
Preconditions.checkNotNull(
|
||||
awsCredentials, "No AWS credentials to use for a delegation token");
|
||||
return new FullCredentialsTokenIdentifier(getCanonicalUri(),
|
||||
getOwnerText(),
|
||||
renewer,
|
||||
|
Loading…
Reference in New Issue
Block a user