Skip to content

Add aws default credentials provider v2 #3890

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
ianwow wants to merge 6 commits into from
Closed

Add aws default credentials provider v2 #3890

ianwow wants to merge 6 commits into from

Conversation

@ianwow
Copy link
Contributor

@ianwow ianwow commented Apr 4, 2025

🔧 Type of changes

  • new bid adapter
  • bid adapter update
  • new feature
  • new analytics adapter
  • new module
  • module update
  • bugfix
  • documentation
  • configuration
  • dependency update
  • tech debt (test coverage, refactorings, etc.)

✨ What's the context?

Currently, the S3 integration for prebid-server-java requires AWS credentials to be explicitly defined in the config yaml file. The SettingsConfiguration class in PBS Java uses AwsBasicCredentials to authenticate S3 requests, making credential storage in the YAML file mandatory. However, this is not good practice for credential management. This PR adds another credentials provider that will look for credentials in this order:

  • Java System Properties
  • Environment Variables
  • Web Identity Token
  • AWS credentials file (~/.aws/credentials)
  • ECS container credentials
  • EC2 instance profile

🧠 Rationale behind the change

So that S3 integration can be used with the recommended practices for AWS credential management.

🧪 Test plan

  • If accessKeyId and secretAccessKey are provided in the config yaml file, then verify that they are still used.
  • If they are not provided in the config yaml file, then verify that AWS credentials are found in the order described above.

🏎 Quality check

  • [ x ] Are your changes following our code style guidelines?
  • [ no ] Are there any breaking changes in your code?
  • [ yes ] Does your test coverage exceed 90%?
  • [ no ] Are there any erroneous console logs, debuggers or leftover code in your changes?

ianwow added 6 commits April 4, 2025 11:31
@ianwow
add AWS default credentials provider
090446e
@ianwow
document the lookup order for AWS credentials
c451c49
@ianwow
Document the lookup order for AWS credentials
46c6382
@ianwow
revert changes to SettingsConfiguration.java
00bcd3e
@ianwow
add AWS default credentials provider
e85b532
@ianwow
fix: adjust hook execution time assertion range in HookStageExecutorTest
cb67da8 
The test was failing intermittently due to strict time boundaries (50-70ms) 
for hook execution. Widened the acceptable range to account for slight 
variations in execution time across different environments.

- Previous range: 50-70ms
- New range: 50-80ms

Test: HookStageExecutorTest#shouldExecuteEntrypointHooksToleratingTimeoutAndFailedFuture
@ianwow ianwow closed this Apr 8, 2025
@ianwow ianwow deleted the add_aws_default_credentials_provider_v2 branch April 8, 2025 00:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@ianwow