fix: AwsCredentials should not call metadata server if security creds and region are retrievable through environment vars #1100
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
… and region are retrievable through environment vars
sai-sunder-s
requested changes
Nov 18, 2022
sai-sunder-s
approved these changes
Nov 18, 2022
gopherbot
pushed a commit
to golang/oauth2
that referenced
this pull request
Nov 30, 2022
…ity credential environment variables before aws metadata call Adds check for aws values in environment variables before the metadata server is called to prevent unnecessary off box calls. See googleapis/google-auth-library-java#1100 for same change in java library. Change-Id: Ie86a899be88c38d3fcbbe377f9bf30a7a66530c0 GitHub-Last-Rev: bcab695 GitHub-Pull-Request: #612 Reviewed-on: https://go-review.googlesource.com/c/oauth2/+/453715 Reviewed-by: Leo Siracusa <leosiracusa@google.com> TryBot-Result: Gopher Robot <gobot@golang.org> Run-TryBot: Cody Oss <codyoss@google.com> Auto-Submit: Cody Oss <codyoss@google.com> Reviewed-by: Cody Oss <codyoss@google.com>
nikolay-turpitko
pushed a commit
to nikolay-turpitko/oauth2
that referenced
this pull request
Jan 17, 2023
…ity credential environment variables before aws metadata call Adds check for aws values in environment variables before the metadata server is called to prevent unnecessary off box calls. See googleapis/google-auth-library-java#1100 for same change in java library. Change-Id: Ie86a899be88c38d3fcbbe377f9bf30a7a66530c0 GitHub-Last-Rev: bcab695 GitHub-Pull-Request: golang#612 Reviewed-on: https://go-review.googlesource.com/c/oauth2/+/453715 Reviewed-by: Leo Siracusa <leosiracusa@google.com> TryBot-Result: Gopher Robot <gobot@golang.org> Run-TryBot: Cody Oss <codyoss@google.com> Auto-Submit: Cody Oss <codyoss@google.com> Reviewed-by: Cody Oss <codyoss@google.com>
dongjoon-hyun
added a commit
to apache/spark
that referenced
this pull request
Aug 21, 2023
### What changes were proposed in this pull request? This PR aims to upgrade gcs-connector to 2.2.17. ### Why are the changes needed? To have the latest auth updates, - https://github.com/GoogleCloudDataproc/hadoop-connectors/releases/tag/v2.2.17 (2023-08-15) - GoogleCloudDataproc/hadoop-connectors#1041 ```xml - <google.auth.version>1.12.1</google.auth.version> + <google.auth.version>1.14.0</google.auth.version> - <google.cloud-storage.bom.version>2.23.0</google.cloud-storage.bom.version> + <google.cloud-storage.bom.version>2.25.0</google.cloud-storage.bom.version> ``` - https://github.com/googleapis/google-auth-library-java/releases/tag/v1.14.0 (2022-12-06) - googleapis/google-auth-library-java#1100 - googleapis/google-auth-library-java#993 ### Does this PR introduce _any_ user-facing change? No. ### How was this patch tested? Pass the CIs and manual tests. **BUILD** ``` dev/make-distribution.sh -Phadoop-cloud ``` **TEST** ``` $ cd dist $ export KEYFILE=~/.ssh/apache-spark-k8s-54ccbe6102d9.json $ export EMAIL=$(jq -r '.client_email' < $KEYFILE) $ export PRIVATE_KEY_ID=$(jq -r '.private_key_id' < $KEYFILE) $ export PRIVATE_KEY="$(jq -r '.private_key' < $KEYFILE)" $ bin/spark-shell \ -c spark.hadoop.fs.gs.auth.service.account.email=$EMAIL \ -c spark.hadoop.fs.gs.auth.service.account.private.key.id=$PRIVATE_KEY_ID \ -c spark.hadoop.fs.gs.auth.service.account.private.key="$PRIVATE_KEY" Setting default log level to "WARN". To adjust logging level use sc.setLogLevel(newLevel). For SparkR, use setLogLevel(newLevel). 23/08/21 12:17:20 WARN NativeCodeLoader: Unable to load native-hadoop library for your platform... using builtin-java classes where applicable Spark context Web UI available at http://localhost:4040 Spark context available as 'sc' (master = local[*], app id = local-1692645442153). Spark session available as 'spark'. Welcome to ____ __ / __/__ ___ _____/ /__ _\ \/ _ \/ _ `/ __/ '_/ /___/ .__/\_,_/_/ /_/\_\ version 4.0.0-SNAPSHOT /_/ Using Scala version 2.12.18 (OpenJDK 64-Bit Server VM, Java 1.8.0_312) Type in expressions to have them evaluated. Type :help for more information. scala> spark.read.text("gs://apache-spark-bucket/README.md").count() res0: Long = 124 scala> spark.read.orc("examples/src/main/resources/users.orc").write.mode("overwrite").orc("gs://apache-spark-bucket/users.orc") scala> spark.read.orc("gs://apache-spark-bucket/users.orc").show() +------+--------------+----------------+ | name|favorite_color|favorite_numbers| +------+--------------+----------------+ |Alyssa| NULL| [3, 9, 15, 20]| | Ben| red| []| +------+--------------+----------------+ ``` ### Was this patch authored or co-authored using generative AI tooling? No. Closes #42588 from dongjoon-hyun/SPARK-44898. Authored-by: Dongjoon Hyun <dhyun@apple.com> Signed-off-by: Dongjoon Hyun <dhyun@apple.com>
valentinp17
pushed a commit
to valentinp17/spark
that referenced
this pull request
Aug 24, 2023
### What changes were proposed in this pull request? This PR aims to upgrade gcs-connector to 2.2.17. ### Why are the changes needed? To have the latest auth updates, - https://github.com/GoogleCloudDataproc/hadoop-connectors/releases/tag/v2.2.17 (2023-08-15) - GoogleCloudDataproc/hadoop-connectors#1041 ```xml - <google.auth.version>1.12.1</google.auth.version> + <google.auth.version>1.14.0</google.auth.version> - <google.cloud-storage.bom.version>2.23.0</google.cloud-storage.bom.version> + <google.cloud-storage.bom.version>2.25.0</google.cloud-storage.bom.version> ``` - https://github.com/googleapis/google-auth-library-java/releases/tag/v1.14.0 (2022-12-06) - googleapis/google-auth-library-java#1100 - googleapis/google-auth-library-java#993 ### Does this PR introduce _any_ user-facing change? No. ### How was this patch tested? Pass the CIs and manual tests. **BUILD** ``` dev/make-distribution.sh -Phadoop-cloud ``` **TEST** ``` $ cd dist $ export KEYFILE=~/.ssh/apache-spark-k8s-54ccbe6102d9.json $ export EMAIL=$(jq -r '.client_email' < $KEYFILE) $ export PRIVATE_KEY_ID=$(jq -r '.private_key_id' < $KEYFILE) $ export PRIVATE_KEY="$(jq -r '.private_key' < $KEYFILE)" $ bin/spark-shell \ -c spark.hadoop.fs.gs.auth.service.account.email=$EMAIL \ -c spark.hadoop.fs.gs.auth.service.account.private.key.id=$PRIVATE_KEY_ID \ -c spark.hadoop.fs.gs.auth.service.account.private.key="$PRIVATE_KEY" Setting default log level to "WARN". To adjust logging level use sc.setLogLevel(newLevel). For SparkR, use setLogLevel(newLevel). 23/08/21 12:17:20 WARN NativeCodeLoader: Unable to load native-hadoop library for your platform... using builtin-java classes where applicable Spark context Web UI available at http://localhost:4040 Spark context available as 'sc' (master = local[*], app id = local-1692645442153). Spark session available as 'spark'. Welcome to ____ __ / __/__ ___ _____/ /__ _\ \/ _ \/ _ `/ __/ '_/ /___/ .__/\_,_/_/ /_/\_\ version 4.0.0-SNAPSHOT /_/ Using Scala version 2.12.18 (OpenJDK 64-Bit Server VM, Java 1.8.0_312) Type in expressions to have them evaluated. Type :help for more information. scala> spark.read.text("gs://apache-spark-bucket/README.md").count() res0: Long = 124 scala> spark.read.orc("examples/src/main/resources/users.orc").write.mode("overwrite").orc("gs://apache-spark-bucket/users.orc") scala> spark.read.orc("gs://apache-spark-bucket/users.orc").show() +------+--------------+----------------+ | name|favorite_color|favorite_numbers| +------+--------------+----------------+ |Alyssa| NULL| [3, 9, 15, 20]| | Ben| red| []| +------+--------------+----------------+ ``` ### Was this patch authored or co-authored using generative AI tooling? No. Closes apache#42588 from dongjoon-hyun/SPARK-44898. Authored-by: Dongjoon Hyun <dhyun@apple.com> Signed-off-by: Dongjoon Hyun <dhyun@apple.com>
szehon-ho
pushed a commit
to szehon-ho/spark
that referenced
this pull request
Feb 7, 2024
### What changes were proposed in this pull request? This PR aims to upgrade gcs-connector to 2.2.17. ### Why are the changes needed? To have the latest auth updates, - https://github.com/GoogleCloudDataproc/hadoop-connectors/releases/tag/v2.2.17 (2023-08-15) - GoogleCloudDataproc/hadoop-connectors#1041 ```xml - <google.auth.version>1.12.1</google.auth.version> + <google.auth.version>1.14.0</google.auth.version> - <google.cloud-storage.bom.version>2.23.0</google.cloud-storage.bom.version> + <google.cloud-storage.bom.version>2.25.0</google.cloud-storage.bom.version> ``` - https://github.com/googleapis/google-auth-library-java/releases/tag/v1.14.0 (2022-12-06) - googleapis/google-auth-library-java#1100 - googleapis/google-auth-library-java#993 ### Does this PR introduce _any_ user-facing change? No. ### How was this patch tested? Pass the CIs and manual tests. **BUILD** ``` dev/make-distribution.sh -Phadoop-cloud ``` **TEST** ``` $ cd dist $ export KEYFILE=~/.ssh/apache-spark-k8s-54ccbe6102d9.json $ export EMAIL=$(jq -r '.client_email' < $KEYFILE) $ export PRIVATE_KEY_ID=$(jq -r '.private_key_id' < $KEYFILE) $ export PRIVATE_KEY="$(jq -r '.private_key' < $KEYFILE)" $ bin/spark-shell \ -c spark.hadoop.fs.gs.auth.service.account.email=$EMAIL \ -c spark.hadoop.fs.gs.auth.service.account.private.key.id=$PRIVATE_KEY_ID \ -c spark.hadoop.fs.gs.auth.service.account.private.key="$PRIVATE_KEY" Setting default log level to "WARN". To adjust logging level use sc.setLogLevel(newLevel). For SparkR, use setLogLevel(newLevel). 23/08/21 12:17:20 WARN NativeCodeLoader: Unable to load native-hadoop library for your platform... using builtin-java classes where applicable Spark context Web UI available at http://localhost:4040 Spark context available as 'sc' (master = local[*], app id = local-1692645442153). Spark session available as 'spark'. Welcome to ____ __ / __/__ ___ _____/ /__ _\ \/ _ \/ _ `/ __/ '_/ /___/ .__/\_,_/_/ /_/\_\ version 4.0.0-SNAPSHOT /_/ Using Scala version 2.12.18 (OpenJDK 64-Bit Server VM, Java 1.8.0_312) Type in expressions to have them evaluated. Type :help for more information. scala> spark.read.text("gs://apache-spark-bucket/README.md").count() res0: Long = 124 scala> spark.read.orc("examples/src/main/resources/users.orc").write.mode("overwrite").orc("gs://apache-spark-bucket/users.orc") scala> spark.read.orc("gs://apache-spark-bucket/users.orc").show() +------+--------------+----------------+ | name|favorite_color|favorite_numbers| +------+--------------+----------------+ |Alyssa| NULL| [3, 9, 15, 20]| | Ben| red| []| +------+--------------+----------------+ ``` ### Was this patch authored or co-authored using generative AI tooling? No. Closes apache#42588 from dongjoon-hyun/SPARK-44898. Authored-by: Dongjoon Hyun <dhyun@apple.com> Signed-off-by: Dongjoon Hyun <dhyun@apple.com>
ragnarok56
pushed a commit
to ragnarok56/spark
that referenced
this pull request
Mar 2, 2024
### What changes were proposed in this pull request? This PR aims to upgrade gcs-connector to 2.2.17. ### Why are the changes needed? To have the latest auth updates, - https://github.com/GoogleCloudDataproc/hadoop-connectors/releases/tag/v2.2.17 (2023-08-15) - GoogleCloudDataproc/hadoop-connectors#1041 ```xml - <google.auth.version>1.12.1</google.auth.version> + <google.auth.version>1.14.0</google.auth.version> - <google.cloud-storage.bom.version>2.23.0</google.cloud-storage.bom.version> + <google.cloud-storage.bom.version>2.25.0</google.cloud-storage.bom.version> ``` - https://github.com/googleapis/google-auth-library-java/releases/tag/v1.14.0 (2022-12-06) - googleapis/google-auth-library-java#1100 - googleapis/google-auth-library-java#993 ### Does this PR introduce _any_ user-facing change? No. ### How was this patch tested? Pass the CIs and manual tests. **BUILD** ``` dev/make-distribution.sh -Phadoop-cloud ``` **TEST** ``` $ cd dist $ export KEYFILE=~/.ssh/apache-spark-k8s-54ccbe6102d9.json $ export EMAIL=$(jq -r '.client_email' < $KEYFILE) $ export PRIVATE_KEY_ID=$(jq -r '.private_key_id' < $KEYFILE) $ export PRIVATE_KEY="$(jq -r '.private_key' < $KEYFILE)" $ bin/spark-shell \ -c spark.hadoop.fs.gs.auth.service.account.email=$EMAIL \ -c spark.hadoop.fs.gs.auth.service.account.private.key.id=$PRIVATE_KEY_ID \ -c spark.hadoop.fs.gs.auth.service.account.private.key="$PRIVATE_KEY" Setting default log level to "WARN". To adjust logging level use sc.setLogLevel(newLevel). For SparkR, use setLogLevel(newLevel). 23/08/21 12:17:20 WARN NativeCodeLoader: Unable to load native-hadoop library for your platform... using builtin-java classes where applicable Spark context Web UI available at http://localhost:4040 Spark context available as 'sc' (master = local[*], app id = local-1692645442153). Spark session available as 'spark'. Welcome to ____ __ / __/__ ___ _____/ /__ _\ \/ _ \/ _ `/ __/ '_/ /___/ .__/\_,_/_/ /_/\_\ version 4.0.0-SNAPSHOT /_/ Using Scala version 2.12.18 (OpenJDK 64-Bit Server VM, Java 1.8.0_312) Type in expressions to have them evaluated. Type :help for more information. scala> spark.read.text("gs://apache-spark-bucket/README.md").count() res0: Long = 124 scala> spark.read.orc("examples/src/main/resources/users.orc").write.mode("overwrite").orc("gs://apache-spark-bucket/users.orc") scala> spark.read.orc("gs://apache-spark-bucket/users.orc").show() +------+--------------+----------------+ | name|favorite_color|favorite_numbers| +------+--------------+----------------+ |Alyssa| NULL| [3, 9, 15, 20]| | Ben| red| []| +------+--------------+----------------+ ``` ### Was this patch authored or co-authored using generative AI tooling? No. Closes apache#42588 from dongjoon-hyun/SPARK-44898. Authored-by: Dongjoon Hyun <dhyun@apple.com> Signed-off-by: Dongjoon Hyun <dhyun@apple.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Fixes an issue introduced by the AWS IMDSv2 changes where the metadata server is being called even if everything is retrievable through the defined environment variables.