Skip to content

Document support for Web Identity Token in DefaultCredentialsProvider #2667

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Aug 23, 2021
Merged

Document support for Web Identity Token in DefaultCredentialsProvider #2667

merged 4 commits into from
Aug 23, 2021

Conversation

jamieliu386
Copy link
Contributor

Motivation and Context

The Javadoc for DefaultCredentialsProvider lists the ways it tries to search for credentials in the surrounding environment. However, missing from the list is the support for STS Web Identity Tokens. The DefaultCredentialsProvider actually tries WebIdentityTokenFileCredentialsProvider in between environment variables and profile files, as seen here:

aws-sdk-java-v2/core/auth/src/main/java/software/amazon/awssdk/auth/credentials/DefaultCredentialsProvider.java

Lines 71 to 92 in 855bba6

return LazyAwsCredentialsProvider.create(() -> {
AwsCredentialsProvider[] credentialsProviders = new AwsCredentialsProvider[] {
SystemPropertyCredentialsProvider.create(),
EnvironmentVariableCredentialsProvider.create(),
WebIdentityTokenFileCredentialsProvider.create(),
ProfileCredentialsProvider.builder()
.profileFile(builder.profileFile)
.profileName(builder.profileName)
.build(),
ContainerCredentialsProvider.builder()
.asyncCredentialUpdateEnabled(asyncCredentialUpdateEnabled)
.build(),
InstanceProfileCredentialsProvider.builder()
.asyncCredentialUpdateEnabled(asyncCredentialUpdateEnabled)
.build()
};
return AwsCredentialsProviderChain.builder()
.reuseLastProviderEnabled(reuseLastProviderEnabled)
.credentialsProviders(credentialsProviders)
.build();
});

Description

This PR adds information on the support for web identity tokens to the Javadoc for DefaultCredentialsProvider. Note that the 1.x SDK documentation already has this information.

Testing

N/A

Screenshots (if appropriate)

N/A

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)

Checklist

  • I have read the CONTRIBUTING document
  • Local run of mvn install succeeds
  • My code follows the code style of this project
  • My change requires a change to the Javadoc documentation
  • I have updated the Javadoc documentation accordingly
  • I have read the README document
  • I have added tests to cover my changes (none needed)
  • All new and existing tests passed
  • A short description of the change has been added to the CHANGELOG (not sure if this simple change needs to be documented)
  • My change is to implement 1.11 parity feature and I have updated LaunchChangelog

License

  • I confirm that this pull request can be released under the Apache 2 license

debora-ito
debora-ito previously approved these changes Aug 20, 2021
View reviewed changes
Copy link
Member

@debora-ito debora-ito left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you for fixing the docs @jamieliu386!

@debora-ito debora-ito dismissed their stale review August 20, 2021 20:49

Re-read the change.

@sonarqubecloud
Copy link

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
0.0% 0.0% Duplication

@debora-ito debora-ito merged commit eabf797 into aws:master Aug 23, 2021
@debora-ito
Copy link
Member

@all-contributors please add @jamieliu386 for documentation

@allcontributors allcontributors bot mentioned this pull request Aug 24, 2021
Merged
@allcontributors
Copy link
Contributor

@debora-ito

I've put up a pull request to add @jamieliu386! 🎉

@jamieliu386 jamieliu386 deleted the sts-docs branch August 25, 2021 15:52
@dagnir
Copy link
Contributor

dagnir commented Aug 25, 2021

(Trying this again to see if the bot will create a fresh PR since #2674 now has merge conflicts)

@all-contributors please add @jamieliu386 for documentation

@allcontributors
Copy link
Contributor

@dagnir

@jamieliu386 already contributed before to doc

@dagnir
Copy link
Contributor

dagnir commented Aug 25, 2021

(Once more with PR closed)

@all-contributors please add @jamieliu386 for documentation

@allcontributors
Copy link
Contributor

@dagnir

@jamieliu386 already contributed before to doc

aws-sdk-java-automation added a commit that referenced this pull request Aug 18, 2023
@aws-sdk-java-automation
Merge pull request #2667 from aws/staging/dca3b8c0-2776-4b88-bdaf-672…
412ad86 
…b9267ecdc

Pull request: release <- staging/dca3b8c0-2776-4b88-bdaf-672b9267ecdc
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@debora-ito debora-ito debora-ito approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@jamieliu386 @debora-ito @dagnir