thswlsqls opened a new pull request, #17048: URL: https://github.com/apache/iceberg/pull/17048
Closes #17046 ## Summary - `DefaultAliyunClientFactory.newOSSClient()` always checked RRSA environment variables first, silently overriding explicit `client.access-key-id`/`client.access-key-secret` configuration whenever a pod happened to have RRSA env vars set (e.g. ACK auto-injection). - Now RRSA is only used as a fallback when the static credential pair is incomplete (either field missing), matching the precedence in the sibling aws module (`AwsClientProperties#credentialsProvider`, which prefers a fully configured static pair over auto-detection). - Existing RRSA-only users (no static credentials configured) see no behavior change. ## Testing done - Added `TestAliyunClientFactories#testExplicitStaticCredentialsTakePrecedenceOverRrsa`: RRSA env vars + complete static credentials configured -> static credentials used (no exception from the nonexistent RRSA token file path). - Added `TestAliyunClientFactories#testRrsaUsedWhenAccessKeySecretMissing`: RRSA env vars + only `access-key-id` configured (secret missing) -> RRSA path still used, avoiding a regression for incomplete static config. - `./gradlew :iceberg-aliyun:check` - 40 existing + 2 new = 42 tests passed (spotlessCheck, checkstyle, errorProne all passed). - `iceberg-aliyun` is not a revapi-tracked module; no revapi run needed. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
