Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ProfileFileSupplier.defaultSupplier() leads to NullPointer when config files are missing #5635

Open
maschnetwork opened this issue Sep 30, 2024 · 4 comments
Open

ProfileFileSupplier.defaultSupplier() leads to NullPointer when config files are missing #5635

maschnetwork opened this issue Sep 30, 2024 · 4 comments
Labels
bug This issue is a bug. p2 This is a standard priority issue

Comments

@maschnetwork
Copy link

maschnetwork commented Sep 30, 2024
edited
Loading

Describe the bug

We recently introduced automatic credentials reload in the EventBridge Kafka connector by leveraging ProfileFileSupplier.defaultSupplier as recommended in the official docs:

var provider = DefaultCredentialsProvider.builder()
         //.profileFile(ProfileFile.defaultProfileFile()) <- this is the default by the SDK 
          .profileFile(ProfileFileSupplier.defaultSupplier()) //<- This supports automatic reload
          .build();

var creds = provider.resolveCredentials();

However, when no credential files are present (~/.aws/credentials and ~/.aws/config are missing) the DefaultCredentialProviderChain.resolveCredentials() process will result in NullPointer Exceptions in both ProfileCredentialsProvider and InstanceProfileCredentialProvider: java.lang.NullPointerException: Cannot invoke "java.nio.file.Path.getFileSystem()" because "path" is null. (See Additional Information below).

This will happen first in the ProfileCredentialsProvider and will be ignored to move to the next provider as outlined here. But the process will run into it again for the InstanceProfileCredentialProvider, for example in Ec2MetaDataConfigProvider.

This behavior essentially influences (and breaks) the DefaultCredentialsProvider chain. It behaves differently than the current SDK default value ProfileFile.defaultProfileFile() which does not produce any exceptions and lets InstanceProfileCredentialProvider resolve even though files are missing.

Related issues:

awslabs/eventbridge-kafka-connector#396

Expected Behavior

ProfileFileSupplier.defaultSupplier() behaves the same as ProfileFile.defaultProfileFile() when credential files are missing.

Current Behavior

ProfileFileSupplier.defaultSupplier() leads to Nullpointer during resolution process and breaks DefaultCredentialsProvider (or at least behaves different than the default)

Reproduction Steps

  1. First, delete local files such as ~/.aws/credentials and ~/.aws/config
  2. Run the below code with the default value of ProfileFile.defaultProfileFile()
  3. Run the below code with the non-default value: profileFile(ProfileFileSupplier.defaultSupplier()
public class Main {
    public static void main(String[] args) {
        var provider = DefaultCredentialsProvider.builder()
                    //    .profileFile(ProfileFile.defaultProfileFile()) <- This is the default and is used implicit
                        .profileFile(ProfileFileSupplier.defaultSupplier()) // <- This produces NullPointer when no credentials files are present (Check Errors in the ProviderChain) 
                        .build();

        var creds = provider.resolveCredentials();
        System.out.println(creds);
    }
}
  1. Check for Nullpointer in the resolution process and see different path for InstanceProfileCredentialsProvider

Possible Solution

When no credential files are present (~/.aws/credentials and ~/.aws/config. are missing)
ProfileFileSupplier.defaultSupplier() effectively returns ProfileFile.builder().build()since credentialsSupplierOptional and configurationSupplierOptional are empty. Later during resolveCredentials of the DefaultCredentialsProviderChain the contentLocation within ProfileFile Builder will be null and therefore lead to the Nullpointer:

@Override
public ProfileFile build() {
    InputStream stream = content != null ? content :
                         FunctionalUtils.invokeSafely(() -> Files.newInputStream(contentLocation));

It would make sense to provide a sane default here such as ProfileFile.defaultProfileFile().

Additional Information/Context

This will happen first in the ProfileCredentialsProvider and will be ignored to move to the next provider as outlined here. But InstanceProfileCredentialProvider will run into it again, for example in Ec2MetaDataConfigProvider.

AWS Java SDK version used

2.28.8

JDK version used

17

Operating System and version

MacOS
@maschnetwork maschnetwork added bug This issue is a bug. needs-triage This issue or PR still needs to be triaged. labels Sep 30, 2024
@maschnetwork maschnetwork mentioned this issue Sep 30, 2024
Open
@debora-ito
Copy link
Member

Acknowledged. We should fix the NullPointerException.

@debora-ito debora-ito added p2 This is a standard priority issue and removed needs-triage This issue or PR still needs to be triaged. labels Oct 10, 2024
@embano1
Copy link
Member

embano1 commented Oct 16, 2024

@debora-ito do you have any timelines in mind for when to expect the fix?

@yomal
Copy link

yomal commented Oct 18, 2024

I also agree with the solution @maschnetwork has mentioned, that we could assign a the ProfileFile.defaultProfileFile() for the supplier to resolve. Can you assign this to me so I can start working on a PR?

@embano1
Copy link
Member

embano1 commented Nov 4, 2024

@yomal @debora-ito can you please coordinate so @yomal can start working on this?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug This issue is a bug. p2 This is a standard priority issue
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@debora-ito @embano1 @yomal @maschnetwork