Coverage Report

Created: 2026-03-16 21:03

next uncovered line (L), next uncovered region (R), next uncovered branch (B)
common/cpp/custom_aws_credentials_provider_chain.cpp
Line
Count
Source
1
// Licensed to the Apache Software Foundation (ASF) under one
2
// or more contributor license agreements.  See the NOTICE file
3
// distributed with this work for additional information
4
// regarding copyright ownership.  The ASF licenses this file
5
// to you under the Apache License, Version 2.0 (the
6
// "License"); you may not use this file except in compliance
7
// with the License.  You may obtain a copy of the License at
8
//
9
//   http://www.apache.org/licenses/LICENSE-2.0
10
//
11
// Unless required by applicable law or agreed to in writing,
12
// software distributed under the License is distributed on an
13
// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
14
// KIND, either express or implied.  See the License for the
15
// specific language governing permissions and limitations
16
// under the License.
17
18
#include "custom_aws_credentials_provider_chain.h"
19
20
#include <aws/core/auth/AWSCredentialsProviderChain.h>
21
#include <aws/core/auth/STSCredentialsProvider.h>
22
#include <aws/core/auth/SSOCredentialsProvider.h>
23
#include <aws/core/platform/Environment.h>
24
#include <aws/core/utils/memory/AWSMemory.h>
25
#include <aws/core/utils/StringUtils.h>
26
#include <aws/core/utils/logging/LogMacros.h>
27
28
namespace doris {
29
30
using namespace Aws::Auth;
31
using namespace Aws::Utils::Threading;
32
33
static const char AWS_ECS_CONTAINER_CREDENTIALS_RELATIVE_URI[] =
34
        "AWS_CONTAINER_CREDENTIALS_RELATIVE_URI";
35
static const char AWS_ECS_CONTAINER_CREDENTIALS_FULL_URI[] = "AWS_CONTAINER_CREDENTIALS_FULL_URI";
36
static const char AWS_ECS_CONTAINER_AUTHORIZATION_TOKEN[] = "AWS_CONTAINER_AUTHORIZATION_TOKEN";
37
static const char AWS_EC2_METADATA_DISABLED[] = "AWS_EC2_METADATA_DISABLED";
38
static const char DefaultCredentialsProviderChainTag[] = "DefaultAWSCredentialsProviderChain";
39
40
CustomAwsCredentialsProviderChain::CustomAwsCredentialsProviderChain()
41
3
        : AWSCredentialsProviderChain() {
42
43
3
    AddProvider(Aws::MakeShared<STSAssumeRoleWebIdentityCredentialsProvider>(
44
3
            DefaultCredentialsProviderChainTag));
45
46
    //ECS TaskRole Credentials only available when ENVIRONMENT VARIABLE is set
47
3
    const auto relativeUri = Aws::Environment::GetEnv(AWS_ECS_CONTAINER_CREDENTIALS_RELATIVE_URI);
48
3
    AWS_LOGSTREAM_DEBUG(DefaultCredentialsProviderChainTag,
49
3
                        "The environment variable value "
50
3
                                << AWS_ECS_CONTAINER_CREDENTIALS_RELATIVE_URI << " is "
51
3
                                << relativeUri);
52
53
3
    const auto absoluteUri = Aws::Environment::GetEnv(AWS_ECS_CONTAINER_CREDENTIALS_FULL_URI);
54
3
    AWS_LOGSTREAM_DEBUG(DefaultCredentialsProviderChainTag,
55
3
                        "The environment variable value " << AWS_ECS_CONTAINER_CREDENTIALS_FULL_URI
56
3
                                                          << " is " << absoluteUri);
57
58
3
    const auto ec2MetadataDisabled = Aws::Environment::GetEnv(AWS_EC2_METADATA_DISABLED);
59
3
    AWS_LOGSTREAM_DEBUG(DefaultCredentialsProviderChainTag,
60
3
                        "The environment variable value " << AWS_EC2_METADATA_DISABLED << " is "
61
3
                                                          << ec2MetadataDisabled);
62
63
3
    if (!relativeUri.empty()) {
64
0
        AddProvider(Aws::MakeShared<TaskRoleCredentialsProvider>(DefaultCredentialsProviderChainTag,
65
0
                                                                 relativeUri.c_str()));
66
0
        AWS_LOGSTREAM_INFO(DefaultCredentialsProviderChainTag,
67
0
                           "Added ECS metadata service credentials provider with relative path: ["
68
0
                                   << relativeUri << "] to the provider chain.");
69
3
    } else if (!absoluteUri.empty()) {
70
0
        const auto token = Aws::Environment::GetEnv(AWS_ECS_CONTAINER_AUTHORIZATION_TOKEN);
71
0
        AddProvider(Aws::MakeShared<TaskRoleCredentialsProvider>(
72
0
                DefaultCredentialsProviderChainTag, absoluteUri.c_str(), token.c_str()));
73
74
        //DO NOT log the value of the authorization token for security purposes.
75
0
        AWS_LOGSTREAM_INFO(DefaultCredentialsProviderChainTag,
76
0
                           "Added ECS credentials provider with URI: ["
77
0
                                   << absoluteUri << "] to the provider chain with a"
78
0
                                   << (token.empty() ? "n empty " : " non-empty ")
79
0
                                   << "authorization token.");
80
0
    }
81
82
3
    AddProvider(Aws::MakeShared<InstanceProfileCredentialsProvider>(
83
3
            DefaultCredentialsProviderChainTag));
84
3
    AWS_LOGSTREAM_INFO(
85
3
            DefaultCredentialsProviderChainTag,
86
3
            "Added EC2 metadata service credentials provider to the provider chain.");
87
88
3
    AddProvider(
89
3
            Aws::MakeShared<EnvironmentAWSCredentialsProvider>(DefaultCredentialsProviderChainTag));
90
3
    AddProvider(Aws::MakeShared<ProfileConfigFileAWSCredentialsProvider>(
91
3
            DefaultCredentialsProviderChainTag));
92
3
    AddProvider(Aws::MakeShared<ProcessCredentialsProvider>(DefaultCredentialsProviderChainTag));
93
94
3
    AddProvider(Aws::MakeShared<SSOCredentialsProvider>(DefaultCredentialsProviderChainTag));
95
96
3
    AddProvider(
97
3
            Aws::MakeShared<AnonymousAWSCredentialsProvider>(DefaultCredentialsProviderChainTag));
98
3
}
99
100
CustomAwsCredentialsProviderChain::CustomAwsCredentialsProviderChain(
101
0
        const CustomAwsCredentialsProviderChain& chain) {
102
0
    for (const auto& provider : chain.GetProviders()) {
103
0
        AddProvider(provider);
104
0
    }
105
0
}
106
}