From 8a642caca8ae9e3c4ff03e9a68725dcb63da5b4d Mon Sep 17 00:00:00 2001 From: Steve Loughran Date: Wed, 3 Jun 2020 17:07:00 +0100 Subject: [PATCH] HADOOP-16568. S3A FullCredentialsTokenBinding fails if local credentials are unset. (#1441) Contributed by Steve Loughran. Move the loading to deployUnbonded (where they are required) and add a safety check when a new DT is requested Change-Id: I03c69aa2e16accfccddca756b2771ff832e7dd58 --- .../s3a/auth/delegation/FullCredentialsTokenBinding.java | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/hadoop-tools/hadoop-aws/src/main/java/org/apache/hadoop/fs/s3a/auth/delegation/FullCredentialsTokenBinding.java b/hadoop-tools/hadoop-aws/src/main/java/org/apache/hadoop/fs/s3a/auth/delegation/FullCredentialsTokenBinding.java index d80e780521..8df666470a 100644 --- a/hadoop-tools/hadoop-aws/src/main/java/org/apache/hadoop/fs/s3a/auth/delegation/FullCredentialsTokenBinding.java +++ b/hadoop-tools/hadoop-aws/src/main/java/org/apache/hadoop/fs/s3a/auth/delegation/FullCredentialsTokenBinding.java @@ -22,6 +22,8 @@ import java.net.URI; import java.util.Optional; +import com.google.common.base.Preconditions; + import org.apache.hadoop.conf.Configuration; import org.apache.hadoop.fs.s3a.AWSCredentialProviderList; import org.apache.hadoop.fs.s3a.S3AUtils; @@ -73,7 +75,6 @@ public FullCredentialsTokenBinding() { @Override protected void serviceStart() throws Exception { super.serviceStart(); - loadAWSCredentials(); } /** @@ -116,6 +117,7 @@ private void loadAWSCredentials() throws IOException { @Override public AWSCredentialProviderList deployUnbonded() throws IOException { requireServiceStarted(); + loadAWSCredentials(); return new AWSCredentialProviderList( "Full Credentials Token Binding", new MarshalledCredentialProvider( @@ -142,7 +144,8 @@ public AbstractS3ATokenIdentifier createTokenIdentifier( final EncryptionSecrets encryptionSecrets, final Text renewer) throws IOException { requireServiceStarted(); - + Preconditions.checkNotNull( + awsCredentials, "No AWS credentials to use for a delegation token"); return new FullCredentialsTokenIdentifier(getCanonicalUri(), getOwnerText(), renewer,