Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Sign up
Appearance settings

Handle Non-Standard STS XML Response - S3 Compatible STS Endpoint #2816

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
rohangoli wants to merge 7 commits into apache:main
base: main
Choose a base branch
Loading
from rohangoli:handle-non-stnd-sts-response

Conversation

@rohangoli
Copy link

@rohangoli rohangoli commented Oct 15, 2025

What changes were proposed in this pull request?

sequenceDiagram
 participant Polaris as Polaris (caller)
 participant SDK as AWS SDK (StsClient)
 participant Interceptor as StsResponseCaptureInterceptor
 participant Holder as StsResponseCapture (ThreadLocal)
 participant Parser as StsXmlParser
 participant Integration as AwsCredentialsStorageIntegration
 Polaris->>SDK: assumeRole(...)
 SDK->>Interceptor: afterTransmission(context)
 Interceptor->>Holder: setLastBody(rawHttpBody)
 SDK->>SDK: unmarshal to AssumeRoleResponse
 SDK-->>Polaris: AssumeRoleResponse (credentials==null)
 Polaris->>Integration: handle response
 Integration->>Holder: getLastBody()
 alt raw body present
 Integration->>Parser: parseToAccessConfig(rawBody)
 Parser-->>Integration: AccessConfig (keys + expiresAt)
 Integration->>Integration: merge into AccessConfig.Builder
 else no raw body
 Integration->>Integration: failover (error path)
 end
 Integration->>Holder: clear() %% recommended
Loading

Why are the changes needed?

  • On Create Table Rest API request with Non-Standard STS XML Response, we receive UnprocessableEntityException as response

Request

POST https://192.168.0.0:4443/sts?Action=AssumeRole&RoleSessionName=temp&RoleArn=urn:ecs:iam::s3:role/s3assumeRole&DurationSeconds=7200
Accept: */*
X-SDS-AUTH-TOKEN: <AUTH_TOKEN>

Response

HTTP/1.1 200 OK
Content-Type: application/xml
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<ns2:AssumeRoleResponse xmlns:ns2="none">
 <ResponseMetadata>
 <RequestId>0af7b369:171a31ad5b8:12e3a:b</RequestId>
 </ResponseMetadata>
 <AssumeRoleResult>
 <AssumedRoleUser>
 <Arn>urn:ecs:sts::s3:assumed-role/s3assumeRole/temp</Arn>
 <AssumedRoleId>AROA48AEC87ADCFF133F:temp</AssumedRoleId>
 </AssumedRoleUser>
 <Credentials>
 <AccessKeyId>ASIA48DB3A69C19CFE56</AccessKeyId>
 <Expiration>2020年04月23日T19:45:46Z</Expiration>
 <SecretAccessKey>wDvqneW8lyJbu0VRAMU8xQHPKH1hIsYfTyozlVg5znM</SecretAccessKey>
 <SessionToken>CgJzMxIFdXNlcjEaFE0EyQ . . . mi5SBHRlbXBo2sSH9QU</SessionToken>
 </Credentials>
 </AssumeRoleResult>
</ns2:AssumeRoleResponse>

curl --location 'http://localhost:8181/api/catalog/v1/quickstart_catalog/namespaces/minio_polaris_ns/tables' -H "Authorization: Bearer $TOKEN" -H 'Content-Type: application/json' -H 'Polaris-Realm: POLARIS' --data '{
 "name": "minio_polaris_ns_table01",
 "schema": { 
 "type": "struct",
 "fields": [
 {
 "id": 0,
 "name": "id",
 "type": "string",
 "required": true,
 "doc": "car model"
 },
 {
 "id": 1,
 "name": "first_name",
 "type": "string",
 "required": true,
 "doc": "first name"
 }
 ]
 }
}' | jq
 % Total % Received % Xferd Average Speed Time Time Time Current
 Dload Upload Total Spent Left Speed
100 691 100 310 100 381 275 338 0:00:01 0:00:01 --:--:-- 614
{
 "error": {
 "message": "Failed to get subscoped credentials: Cannot invoke \"software.amazon.awssdk.services.sts.model.Credentials.accessKeyId()\" because the return value of \"software.amazon.awssdk.services.sts.model.AssumeRoleResponse.credentials()\" is null",
 "type": "UnprocessableEntityException",
 "code": 422
 }
}

Polaris debug logs:

polaris-1 | 2025年10月14日 22:13:14,756 DEBUG [org.apa.pol.cor.sto.cac.StorageCredentialCache] [38e7630b-c671-44d0-924b-0da67e15d907_0000000000000000006,POLARIS] [,,,] (executor-thread-1) key=StorageCredentialCacheKey{realmId=POLARIS, catalogId=0, storageConfigSerializedStr={"@type":"AwsStorageConfigurationInfo","allowedLocations":["s3://polaris"],"roleARN":"urn:ecs:iam::otf_dev:role/assumeSameAccountOTF","region":"us-east-1","endpoint":"https://ecmh2.td.teradata.com","pathStyleAccess":true,"stsEndpoint":"https://ecs1.td.teradata.com:4443/sts","ignoreSSLVerification":true,"storageType":"S3","fileIoImplClassName":"org.apache.iceberg.aws.s3.S3FileIO"}, allowedListAction=true, allowedReadLocations=[s3://polaris/minio_polaris_ns/minio_polaris_ns_table01], allowedWriteLocations=[s3://polaris/minio_polaris_ns/minio_polaris_ns_table01]} subscopedCredsCache
polaris-1 | 2025年10月14日 22:13:14,760 DEBUG [org.apa.pol.cor.sto.cac.StorageCredentialCache] [38e7630b-c671-44d0-924b-0da67e15d907_0000000000000000006,POLARIS] [,,,] (executor-thread-1) StorageCredentialCache::load
polaris-1 | 2025年10月14日 22:13:14,762 DEBUG [org.apa.pol.ser.con.DefaultConfigurationStore] [38e7630b-c671-44d0-924b-0da67e15d907_0000000000000000006,POLARIS] [,,,] (executor-thread-1) Get configuration value for STORAGE_CREDENTIAL_DURATION_SECONDS with realm POLARIS
polaris-1 | 2025年10月14日 22:13:14,818 WARN [org.apa.pol.ser.con.ServiceProducers] [38e7630b-c671-44d0-924b-0da67e15d907_0000000000000000006,POLARIS] [,,,] (executor-thread-1) Creating HTTP client with SSL certificate verification disabled. Use only in development!
polaris-1 | 2025年10月14日 22:13:15,229 DEBUG [org.apa.htt.cli.pro.RequestAddCookies] [38e7630b-c671-44d0-924b-0da67e15d907_0000000000000000006,POLARIS] [,,,] (executor-thread-1) CookieSpec selected: default
polaris-1 | 2025年10月14日 22:13:15,233 DEBUG [org.apa.htt.cli.pro.RequestAuthCache] [38e7630b-c671-44d0-924b-0da67e15d907_0000000000000000006,POLARIS] [,,,] (executor-thread-1) Auth cache not set in the context
polaris-1 | 2025年10月14日 22:13:15,234 DEBUG [org.apa.htt.imp.con.PoolingHttpClientConnectionManager] [38e7630b-c671-44d0-924b-0da67e15d907_0000000000000000006,POLARIS] [,,,] (executor-thread-1) Connection request: [route: {s}->https://ecs1.td.teradata.com:4443][total available: 0; route allocated: 0 of 50; total allocated: 0 of 50]
polaris-1 | 2025年10月14日 22:13:15,241 DEBUG [org.apa.htt.imp.con.PoolingHttpClientConnectionManager] [38e7630b-c671-44d0-924b-0da67e15d907_0000000000000000006,POLARIS] [,,,] (executor-thread-1) Connection leased: [id: 0][route: {s}->https://ecs1.td.teradata.com:4443][total available: 0; route allocated: 1 of 50; total allocated: 1 of 50]
polaris-1 | 2025年10月14日 22:13:15,243 DEBUG [org.apa.htt.imp.exe.MainClientExec] [38e7630b-c671-44d0-924b-0da67e15d907_0000000000000000006,POLARIS] [,,,] (executor-thread-1) Opening connection {s}->https://ecs1.td.teradata.com:4443
polaris-1 | 2025年10月14日 22:13:15,247 DEBUG [org.apa.htt.imp.con.DefaultHttpClientConnectionOperator] [38e7630b-c671-44d0-924b-0da67e15d907_0000000000000000006,POLARIS] [,,,] (executor-thread-1) Connecting to ecs1.td.teradata.com/10.25.122.141:4443
polaris-1 | 2025年10月14日 22:13:15,247 DEBUG [org.apa.htt.con.ssl.SSLConnectionSocketFactory] [38e7630b-c671-44d0-924b-0da67e15d907_0000000000000000006,POLARIS] [,,,] (executor-thread-1) Connecting socket to ecs1.td.teradata.com/10.25.122.141:4443 with timeout 2000
polaris-1 | 2025年10月14日 22:13:15,285 DEBUG [org.apa.htt.con.ssl.SSLConnectionSocketFactory] [38e7630b-c671-44d0-924b-0da67e15d907_0000000000000000006,POLARIS] [,,,] (executor-thread-1) Enabled protocols: [TLSv1.3, TLSv1.2]
polaris-1 | 2025年10月14日 22:13:15,285 DEBUG [org.apa.htt.con.ssl.SSLConnectionSocketFactory] [38e7630b-c671-44d0-924b-0da67e15d907_0000000000000000006,POLARIS] [,,,] (executor-thread-1) Enabled cipher suites:[TLS_AES_256_GCM_SHA384, TLS_AES_128_GCM_SHA256, TLS_CHACHA20_POLY1305_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
polaris-1 | 2025年10月14日 22:13:15,285 DEBUG [org.apa.htt.con.ssl.SSLConnectionSocketFactory] [38e7630b-c671-44d0-924b-0da67e15d907_0000000000000000006,POLARIS] [,,,] (executor-thread-1) Starting handshake
polaris-1 | 2025年10月14日 22:13:15,387 DEBUG [org.apa.htt.con.ssl.SSLConnectionSocketFactory] [38e7630b-c671-44d0-924b-0da67e15d907_0000000000000000006,POLARIS] [,,,] (executor-thread-1) Secure session established
polaris-1 | 2025年10月14日 22:13:15,388 DEBUG [org.apa.htt.con.ssl.SSLConnectionSocketFactory] [38e7630b-c671-44d0-924b-0da67e15d907_0000000000000000006,POLARIS] [,,,] (executor-thread-1) negotiated protocol: TLSv1.3
polaris-1 | 2025年10月14日 22:13:15,389 DEBUG [org.apa.htt.con.ssl.SSLConnectionSocketFactory] [38e7630b-c671-44d0-924b-0da67e15d907_0000000000000000006,POLARIS] [,,,] (executor-thread-1) negotiated cipher suite: TLS_AES_256_GCM_SHA384
polaris-1 | 2025年10月14日 22:13:15,392 DEBUG [org.apa.htt.con.ssl.SSLConnectionSocketFactory] [38e7630b-c671-44d0-924b-0da67e15d907_0000000000000000006,POLARIS] [,,,] (executor-thread-1) peer principal: EMAILADDRESS=rohan.goli@teradata.com, OU=PIE, O=Teradata, STREET=17905 Via Del Campo, ST=California, L=SanDiego, C=US, CN=ecmh2.onpremlab.teradata.com
polaris-1 | 2025年10月14日 22:13:15,392 DEBUG [org.apa.htt.con.ssl.SSLConnectionSocketFactory] [38e7630b-c671-44d0-924b-0da67e15d907_0000000000000000006,POLARIS] [,,,] (executor-thread-1) peer alternative names: [ecmh2.td.teradata.com, ecs500.td.teradata.com, ecs1.td.teradata.com, ecs2.td.teradata.com, ecs3.td.teradata.com, ecs4.td.teradata.com, ecs5.td.teradata.com, ecs6.td.teradata.com, ecs7.td.teradata.com, ecs8.td.teradata.com, ecs9.td.teradata.com, ecs10.td.teradata.com, 10.25.122.141, 10.25.122.142, 10.25.122.143, 10.25.122.144, 10.25.122.145, 10.25.122.146, 10.25.122.147, 10.25.122.148, 10.25.122.149, 10.25.122.150]
polaris-1 | 2025年10月14日 22:13:15,392 DEBUG [org.apa.htt.con.ssl.SSLConnectionSocketFactory] [38e7630b-c671-44d0-924b-0da67e15d907_0000000000000000006,POLARIS] [,,,] (executor-thread-1) issuer principal: EMAILADDRESS=rohan.goli@teradata.com, OU=PIE, O=Teradata, STREET=17905 Via Del Campo, ST=California, L=SanDiego, C=US, CN=ecmh2.onpremlab.teradata.com
polaris-1 | 2025年10月14日 22:13:15,393 DEBUG [org.apa.htt.imp.con.DefaultHttpClientConnectionOperator] [38e7630b-c671-44d0-924b-0da67e15d907_0000000000000000006,POLARIS] [,,,] (executor-thread-1) Connection established 172.18.0.4:44384<->10.25.122.141:4443
polaris-1 | 2025年10月14日 22:13:15,394 DEBUG [org.apa.htt.imp.con.DefaultManagedHttpClientConnection] [38e7630b-c671-44d0-924b-0da67e15d907_0000000000000000006,POLARIS] [,,,] (executor-thread-1) http-outgoing-0: set socket timeout to 30000
polaris-1 | 2025年10月14日 22:13:15,394 DEBUG [org.apa.htt.imp.exe.MainClientExec] [38e7630b-c671-44d0-924b-0da67e15d907_0000000000000000006,POLARIS] [,,,] (executor-thread-1) Executing request POST /sts HTTP/1.1
polaris-1 | 2025年10月14日 22:13:15,394 DEBUG [org.apa.htt.imp.exe.MainClientExec] [38e7630b-c671-44d0-924b-0da67e15d907_0000000000000000006,POLARIS] [,,,] (executor-thread-1) Proxy auth state: UNCHALLENGED
polaris-1 | 2025年10月14日 22:13:15,396 DEBUG [org.apa.htt.headers] [38e7630b-c671-44d0-924b-0da67e15d907_0000000000000000006,POLARIS] [,,,] (executor-thread-1) http-outgoing-0 >> POST /sts HTTP/1.1
polaris-1 | 2025年10月14日 22:13:15,396 DEBUG [org.apa.htt.headers] [38e7630b-c671-44d0-924b-0da67e15d907_0000000000000000006,POLARIS] [,,,] (executor-thread-1) http-outgoing-0 >> Host: ecs1.td.teradata.com:4443
polaris-1 | 2025年10月14日 22:13:15,396 DEBUG [org.apa.htt.headers] [38e7630b-c671-44d0-924b-0da67e15d907_0000000000000000006,POLARIS] [,,,] (executor-thread-1) http-outgoing-0 >> amz-sdk-invocation-id: 07cbfcd4-ecb9-b6fe-cd84-1cdf6baf0a54
polaris-1 | 2025年10月14日 22:13:15,396 DEBUG [org.apa.htt.headers] [38e7630b-c671-44d0-924b-0da67e15d907_0000000000000000006,POLARIS] [,,,] (executor-thread-1) http-outgoing-0 >> amz-sdk-request: attempt=1; max=4
polaris-1 | 2025年10月14日 22:13:15,396 DEBUG [org.apa.htt.headers] [38e7630b-c671-44d0-924b-0da67e15d907_0000000000000000006,POLARIS] [,,,] (executor-thread-1) http-outgoing-0 >> Authorization: AWS4-HMAC-SHA256 Credential=AKIA914B58000A66FBBE/20251014/us-east-1/sts/aws4_request, SignedHeaders=amz-sdk-invocation-id;amz-sdk-request;content-length;content-type;host;x-amz-content-sha256;x-amz-date, Signature=7b9ea31d6faace691231843b6b83d8c4d39f585af65b24f44ae491d5be34ff2d
polaris-1 | 2025年10月14日 22:13:15,396 DEBUG [org.apa.htt.headers] [38e7630b-c671-44d0-924b-0da67e15d907_0000000000000000006,POLARIS] [,,,] (executor-thread-1) http-outgoing-0 >> Content-Type: application/x-www-form-urlencoded; charset=utf-8
polaris-1 | 2025年10月14日 22:13:15,397 DEBUG [org.apa.htt.headers] [38e7630b-c671-44d0-924b-0da67e15d907_0000000000000000006,POLARIS] [,,,] (executor-thread-1) http-outgoing-0 >> User-Agent: aws-sdk-java/2.35.5 md/io#sync md/http#Apache ua/2.1 api/STS#2.35.x os/Linux#5.15.0-141-generic lang/java#21.0.8 md/OpenJDK_64-Bit_Server_VM#21.0.8+9-LTS md/vendor#Red_Hat__Inc. m/D,g
polaris-1 | 2025年10月14日 22:13:15,397 DEBUG [org.apa.htt.headers] [38e7630b-c671-44d0-924b-0da67e15d907_0000000000000000006,POLARIS] [,,,] (executor-thread-1) http-outgoing-0 >> x-amz-content-sha256: b3215ee719d45cafa29092fd81651900acf29f5ac998e8b4228c7dcecc58d2e0
polaris-1 | 2025年10月14日 22:13:15,397 DEBUG [org.apa.htt.headers] [38e7630b-c671-44d0-924b-0da67e15d907_0000000000000000006,POLARIS] [,,,] (executor-thread-1) http-outgoing-0 >> X-Amz-Date: 20251014T221315Z
polaris-1 | 2025年10月14日 22:13:15,397 DEBUG [org.apa.htt.headers] [38e7630b-c671-44d0-924b-0da67e15d907_0000000000000000006,POLARIS] [,,,] (executor-thread-1) http-outgoing-0 >> Content-Length: 976
polaris-1 | 2025年10月14日 22:13:15,397 DEBUG [org.apa.htt.headers] [38e7630b-c671-44d0-924b-0da67e15d907_0000000000000000006,POLARIS] [,,,] (executor-thread-1) http-outgoing-0 >> Connection: Keep-Alive
polaris-1 | 2025年10月14日 22:13:15,398 DEBUG [org.apa.htt.wire] [38e7630b-c671-44d0-924b-0da67e15d907_0000000000000000006,POLARIS] [,,,] (executor-thread-1) http-outgoing-0 >> "POST /sts HTTP/1.1[\r][\n]"
polaris-1 | 2025年10月14日 22:13:15,398 DEBUG [org.apa.htt.wire] [38e7630b-c671-44d0-924b-0da67e15d907_0000000000000000006,POLARIS] [,,,] (executor-thread-1) http-outgoing-0 >> "Host: ecs1.td.teradata.com:4443[\r][\n]"
polaris-1 | 2025年10月14日 22:13:15,398 DEBUG [org.apa.htt.wire] [38e7630b-c671-44d0-924b-0da67e15d907_0000000000000000006,POLARIS] [,,,] (executor-thread-1) http-outgoing-0 >> "amz-sdk-invocation-id: 07cbfcd4-ecb9-b6fe-cd84-1cdf6baf0a54[\r][\n]"
polaris-1 | 2025年10月14日 22:13:15,398 DEBUG [org.apa.htt.wire] [38e7630b-c671-44d0-924b-0da67e15d907_0000000000000000006,POLARIS] [,,,] (executor-thread-1) http-outgoing-0 >> "amz-sdk-request: attempt=1; max=4[\r][\n]"
polaris-1 | 2025年10月14日 22:13:15,398 DEBUG [org.apa.htt.wire] [38e7630b-c671-44d0-924b-0da67e15d907_0000000000000000006,POLARIS] [,,,] (executor-thread-1) http-outgoing-0 >> "Authorization: AWS4-HMAC-SHA256 Credential=AKIA914B58000A66FBBE/20251014/us-east-1/sts/aws4_request, SignedHeaders=amz-sdk-invocation-id;amz-sdk-request;content-length;content-type;host;x-amz-content-sha256;x-amz-date, Signature=7b9ea31d6faace691231843b6b83d8c4d39f585af65b24f44ae491d5be34ff2d[\r][\n]"
polaris-1 | 2025年10月14日 22:13:15,398 DEBUG [org.apa.htt.wire] [38e7630b-c671-44d0-924b-0da67e15d907_0000000000000000006,POLARIS] [,,,] (executor-thread-1) http-outgoing-0 >> "Content-Type: application/x-www-form-urlencoded; charset=utf-8[\r][\n]"
polaris-1 | 2025年10月14日 22:13:15,399 DEBUG [org.apa.htt.wire] [38e7630b-c671-44d0-924b-0da67e15d907_0000000000000000006,POLARIS] [,,,] (executor-thread-1) http-outgoing-0 >> "User-Agent: aws-sdk-java/2.35.5 md/io#sync md/http#Apache ua/2.1 api/STS#2.35.x os/Linux#5.15.0-141-generic lang/java#21.0.8 md/OpenJDK_64-Bit_Server_VM#21.0.8+9-LTS md/vendor#Red_Hat__Inc. m/D,g[\r][\n]"
polaris-1 | 2025年10月14日 22:13:15,399 DEBUG [org.apa.htt.wire] [38e7630b-c671-44d0-924b-0da67e15d907_0000000000000000006,POLARIS] [,,,] (executor-thread-1) http-outgoing-0 >> "x-amz-content-sha256: b3215ee719d45cafa29092fd81651900acf29f5ac998e8b4228c7dcecc58d2e0[\r][\n]"
polaris-1 | 2025年10月14日 22:13:15,399 DEBUG [org.apa.htt.wire] [38e7630b-c671-44d0-924b-0da67e15d907_0000000000000000006,POLARIS] [,,,] (executor-thread-1) http-outgoing-0 >> "X-Amz-Date: 20251014T221315Z[\r][\n]"
polaris-1 | 2025年10月14日 22:13:15,399 DEBUG [org.apa.htt.wire] [38e7630b-c671-44d0-924b-0da67e15d907_0000000000000000006,POLARIS] [,,,] (executor-thread-1) http-outgoing-0 >> "Content-Length: 976[\r][\n]"
polaris-1 | 2025年10月14日 22:13:15,399 DEBUG [org.apa.htt.wire] [38e7630b-c671-44d0-924b-0da67e15d907_0000000000000000006,POLARIS] [,,,] (executor-thread-1) http-outgoing-0 >> "Connection: Keep-Alive[\r][\n]"
polaris-1 | 2025年10月14日 22:13:15,400 DEBUG [org.apa.htt.wire] [38e7630b-c671-44d0-924b-0da67e15d907_0000000000000000006,POLARIS] [,,,] (executor-thread-1) http-outgoing-0 >> "[\r][\n]"
polaris-1 | 2025年10月14日 22:13:15,400 DEBUG [org.apa.htt.wire] [38e7630b-c671-44d0-924b-0da67e15d907_0000000000000000006,POLARIS] [,,,] (executor-thread-1) http-outgoing-0 >> "Action=AssumeRole&Version=2011年06月15日&RoleArn=urn%3Aecs%3Aiam%3A%3Aotf_dev%3Arole%2FassumeSameAccountOTF&RoleSessionName=PolarisAwsCredentialsStorageIntegration&Policy=%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Effect%22%3A%22Allow%22%2C%22Action%22%3A%5B%22s3%3APutObject%22%2C%22s3%3ADeleteObject%22%5D%2C%22Resource%22%3A%22arn%3Aaws%3As3%3A%3A%3Apolaris%2F*%22%7D%2C%7B%22Effect%22%3A%22Allow%22%2C%22Action%22%3A%22s3%3AListBucket%22%2C%22Resource%22%3A%22arn%3Aaws%3As3%3A%3A%3Apolaris%22%2C%22Condition%22%3A%7B%22StringLike%22%3A%7B%22s3%3Aprefix%22%3A%22minio_polaris_ns%2Fminio_polaris_ns_table01%2F*%22%7D%7D%7D%2C%7B%22Effect%22%3A%22Allow%22%2C%22Action%22%3A%22s3%3AGetBucketLocation%22%2C%22Resource%22%3A%22arn%3Aaws%3As3%3A%3A%3Apolaris%22%7D%2C%7B%22Effect%22%3A%22Allow%22%2C%22Action%22%3A%5B%22s3%3AGetObject%22%2C%22s3%3AGetObjectVersion%22%5D%2C%22Resource%22%3A%22arn%3Aaws%3As3%3A%3A%3Apolaris%2F*%22%7D%5D%7D&DurationSeconds=3600"
polaris-1 | 2025年10月14日 22:13:15,424 DEBUG [org.apa.htt.wire] [38e7630b-c671-44d0-924b-0da67e15d907_0000000000000000006,POLARIS] [,,,] (executor-thread-1) http-outgoing-0 << "HTTP/1.1 200 OK[\r][\n]"
polaris-1 | 2025年10月14日 22:13:15,425 DEBUG [org.apa.htt.wire] [38e7630b-c671-44d0-924b-0da67e15d907_0000000000000000006,POLARIS] [,,,] (executor-thread-1) http-outgoing-0 << "Date: 2025年10月14日 22:15:06 GMT[\r][\n]"
polaris-1 | 2025年10月14日 22:13:15,425 DEBUG [org.apa.htt.wire] [38e7630b-c671-44d0-924b-0da67e15d907_0000000000000000006,POLARIS] [,,,] (executor-thread-1) http-outgoing-0 << "Content-Type: application/xml[\r][\n]"
polaris-1 | 2025年10月14日 22:13:15,425 DEBUG [org.apa.htt.wire] [38e7630b-c671-44d0-924b-0da67e15d907_0000000000000000006,POLARIS] [,,,] (executor-thread-1) http-outgoing-0 << "Content-Length: 1751[\r][\n]"
polaris-1 | 2025年10月14日 22:13:15,425 DEBUG [org.apa.htt.wire] [38e7630b-c671-44d0-924b-0da67e15d907_0000000000000000006,POLARIS] [,,,] (executor-thread-1) http-outgoing-0 << "Connection: keep-alive[\r][\n]"
polaris-1 | 2025年10月14日 22:13:15,425 DEBUG [org.apa.htt.wire] [38e7630b-c671-44d0-924b-0da67e15d907_0000000000000000006,POLARIS] [,,,] (executor-thread-1) http-outgoing-0 << "[\r][\n]"
polaris-1 | 2025年10月14日 22:13:15,426 DEBUG [org.apa.htt.wire] [38e7630b-c671-44d0-924b-0da67e15d907_0000000000000000006,POLARIS] [,,,] (executor-thread-1) http-outgoing-0 << "<?xml version="1.0" encoding="UTF-8" standalone="yes"?><ns2:AssumeRoleResponse xmlns:ns2="none"><ResponseMetadata><RequestId>0a00078d:196f956a4f3:4bdae:0-none</RequestId></ResponseMetadata><AssumeRoleResult><AssumedRoleUser><Arn>urn:ecs:sts::otf_dev:assumed-role/assumeSameAccountOTF/PolarisAwsCredentialsStorageIntegration</Arn><AssumedRoleId>AROAE95F8953C905D8A1:PolarisAwsCredentialsStorageIntegration</AssumedRoleId></AssumedRoleUser><Credentials><AccessKeyId>ASIA97044C20D38F7E26</AccessKeyId><Expiration>2025年10月14日T23:15:06Z</Expiration><SecretAccessKey>dQAWYId_iRNZzenu0jRQ-jM1uVgIHNzOZYK8aLACmDs</SecretAccessKey><SessionToken>CgdvdGZfZGV2EghvdGZfdXNlchoUQVJPQTVCRkFCMUFBMzdGRUQwREUiLnVybjplY3M6aWFtOjpvdGZfZGV2OnJvbGUvYXNzdW1lU2FtZUFjY291bnRPVEYqFEFTSUE5NzA0NEMyMEQzOEY3RTI2MlBNYXN0ZXJLZXlSZWNvcmQtM2RhNGUyZTZjMjBjYjM4NjQ1ZWUyZWI5ZDVlMWM1MTgyYmEwYWI0NzViMTA4OGFhOTQwZjMyMmUwMjVhM2NkNTiGjIaonjNC6gN7IlZlcnNpb24iOiIyMDEyLTEwLTE3IiwiU3RhdGVtZW50IjpbeyJFZmZlY3QiOiJBbGxvdyIsIkFjdGlvbiI6WyJzMzpQdXRPYmplY3QiLCJzMzpEZWxldGVPYmplY3QiXSwiUmVzb3VyY2UiOiJhcm46YXdzOnMzOjo6cG9sYXJpcy8qIn0seyJFZmZlY3QiOiJBbGxvdyIsIkFjdGlvbiI6InMzOkxpc3RCdWNrZXQiLCJSZXNvdXJjZSI6ImFybjphd3M6czM6Ojpwb2xhcmlzIiwiQ29uZGl0aW9uIjp7IlN0cmluZ0xpa2UiOnsiczM6cHJlZml4IjoibWluaW9fcG9sYXJpc19ucy9taW5pb19wb2xhcmlzX25zX3RhYmxlMDEvKiJ9fX0seyJFZmZlY3QiOiJBbGxvdyIsIkFjdGlvbiI6InMzOkdldEJ1Y2tldExvY2F0aW9uIiwiUmVzb3VyY2UiOiJhcm46YXdzOnMzOjo6cG9sYXJpcyJ9LHsiRWZmZWN0IjoiQWxsb3ciLCJBY3Rpb24iOlsiczM6R2V0T2JqZWN0IiwiczM6R2V0T2JqZWN0VmVyc2lvbiJdLCJSZXNvdXJjZSI6ImFybjphd3M6czM6Ojpwb2xhcmlzLyoifV19UidQb2xhcmlzQXdzQ3JlZGVudGlhbHNTdG9yYWdlSW50ZWdyYXRpb25o6pa7xwaKAQhJQU1fVVNFUg</SessionToken></Credentials><PackedPolicySize>1243</PackedPolicySize></AssumeRoleResult></ns2:AssumeRoleResponse>"
polaris-1 | 2025年10月14日 22:13:15,427 DEBUG [org.apa.htt.headers] [38e7630b-c671-44d0-924b-0da67e15d907_0000000000000000006,POLARIS] [,,,] (executor-thread-1) http-outgoing-0 << HTTP/1.1 200 OK
polaris-1 | 2025年10月14日 22:13:15,428 DEBUG [org.apa.htt.headers] [38e7630b-c671-44d0-924b-0da67e15d907_0000000000000000006,POLARIS] [,,,] (executor-thread-1) http-outgoing-0 << Date: 2025年10月14日 22:15:06 GMT
polaris-1 | 2025年10月14日 22:13:15,428 DEBUG [org.apa.htt.headers] [38e7630b-c671-44d0-924b-0da67e15d907_0000000000000000006,POLARIS] [,,,] (executor-thread-1) http-outgoing-0 << Content-Type: application/xml
polaris-1 | 2025年10月14日 22:13:15,428 DEBUG [org.apa.htt.headers] [38e7630b-c671-44d0-924b-0da67e15d907_0000000000000000006,POLARIS] [,,,] (executor-thread-1) http-outgoing-0 << Content-Length: 1751
polaris-1 | 2025年10月14日 22:13:15,428 DEBUG [org.apa.htt.headers] [38e7630b-c671-44d0-924b-0da67e15d907_0000000000000000006,POLARIS] [,,,] (executor-thread-1) http-outgoing-0 << Connection: keep-alive
polaris-1 | 2025年10月14日 22:13:15,431 DEBUG [org.apa.htt.imp.exe.MainClientExec] [38e7630b-c671-44d0-924b-0da67e15d907_0000000000000000006,POLARIS] [,,,] (executor-thread-1) Connection can be kept alive for 60000 MILLISECONDS
polaris-1 | 2025年10月14日 22:13:15,494 DEBUG [org.apa.htt.imp.con.PoolingHttpClientConnectionManager] [38e7630b-c671-44d0-924b-0da67e15d907_0000000000000000006,POLARIS] [,,,] (executor-thread-1) Connection [id: 0][route: {s}->https://ecs1.td.teradata.com:4443] can be kept alive for 60.0 seconds
polaris-1 | 2025年10月14日 22:13:15,494 DEBUG [org.apa.htt.imp.con.DefaultManagedHttpClientConnection] [38e7630b-c671-44d0-924b-0da67e15d907_0000000000000000006,POLARIS] [,,,] (executor-thread-1) http-outgoing-0: set socket timeout to 0
polaris-1 | 2025年10月14日 22:13:15,494 DEBUG [org.apa.htt.imp.con.PoolingHttpClientConnectionManager] [38e7630b-c671-44d0-924b-0da67e15d907_0000000000000000006,POLARIS] [,,,] (executor-thread-1) Connection released: [id: 0][route: {s}->https://ecs1.td.teradata.com:4443][total available: 1; route allocated: 1 of 50; total allocated: 1 of 50]
polaris-1 | 2025年10月14日 22:13:15,500 DEBUG [org.apa.pol.cor.sto.cac.StorageCredentialCache] [38e7630b-c671-44d0-924b-0da67e15d907_0000000000000000006,POLARIS] [,,,] (executor-thread-1) errorMessage=Cannot invoke "software.amazon.awssdk.services.sts.model.Credentials.accessKeyId()" because the return value of "software.amazon.awssdk.services.sts.model.AssumeRoleResponse.credentials()" is null Failed to get subscoped credentials
polaris-1 | 2025年10月14日 22:13:15,500 DEBUG [org.apa.pol.ser.cat.ice.IcebergCatalogAdapter] [38e7630b-c671-44d0-924b-0da67e15d907_0000000000000000006,POLARIS] [,,,] (executor-thread-1) RuntimeException while operating on catalog. Propagating to caller.: org.apache.iceberg.exceptions.UnprocessableEntityException: Failed to get subscoped credentials: Cannot invoke "software.amazon.awssdk.services.sts.model.Credentials.accessKeyId()" because the return value of "software.amazon.awssdk.services.sts.model.AssumeRoleResponse.credentials()" is null
polaris-1 | at org.apache.polaris.core.storage.cache.StorageCredentialCache.lambda$getOrGenerateSubScopeCreds2ドル(StorageCredentialCache.java:151)
polaris-1 | at com.github.benmanes.caffeine.cache.BoundedLocalCache.lambda$doComputeIfAbsent0ドル(BoundedLocalCache.java:2690)
polaris-1 | at java.base/java.util.concurrent.ConcurrentHashMap.compute(ConcurrentHashMap.java:1916)
polaris-1 | at com.github.benmanes.caffeine.cache.BoundedLocalCache.doComputeIfAbsent(BoundedLocalCache.java:2688)
polaris-1 | at com.github.benmanes.caffeine.cache.BoundedLocalCache.computeIfAbsent(BoundedLocalCache.java:2670)
polaris-1 | at com.github.benmanes.caffeine.cache.LocalCache.computeIfAbsent(LocalCache.java:112)
polaris-1 | at com.github.benmanes.caffeine.cache.LocalManualCache.get(LocalManualCache.java:63)
polaris-1 | at org.apache.polaris.core.storage.cache.StorageCredentialCache.getOrGenerateSubScopeCreds(StorageCredentialCache.java:153)
polaris-1 | at org.apache.polaris.core.storage.cache.ServiceProducers_ProducerMethod_storageCredentialCache_hzAWPa00ffa2II6zBfUMmDXk9AQ_ClientProxy.getOrGenerateSubScopeCreds(Unknown Source)
polaris-1 | at org.apache.polaris.service.catalog.io.FileIOUtil.refreshAccessConfig(FileIOUtil.java:109)
polaris-1 | at org.apache.polaris.service.catalog.io.DefaultFileIOFactory.lambda$loadFileIO0ドル(DefaultFileIOFactory.java:102)
polaris-1 | at java.base/java.util.Optional.map(Optional.java:260)
polaris-1 | at org.apache.polaris.service.catalog.io.DefaultFileIOFactory.loadFileIO(DefaultFileIOFactory.java:100)
polaris-1 | at org.apache.polaris.service.catalog.io.DefaultFileIOFactory_ClientProxy.loadFileIO(Unknown Source)
polaris-1 | at org.apache.polaris.service.catalog.iceberg.IcebergCatalog.loadFileIOForTableLike(IcebergCatalog.java:2040)
polaris-1 | at org.apache.polaris.service.catalog.iceberg.IcebergCatalog$BasePolarisTableOperations.doCommit(IcebergCatalog.java:1431)
polaris-1 | at org.apache.polaris.service.catalog.iceberg.IcebergCatalog$BasePolarisTableOperations.commit(IcebergCatalog.java:1324)
polaris-1 | at org.apache.iceberg.BaseMetastoreCatalog$BaseMetastoreCatalogTableBuilder.create(BaseMetastoreCatalog.java:201)
polaris-1 | at org.apache.polaris.service.catalog.iceberg.IcebergCatalogHandler.createTableDirect(IcebergCatalogHandler.java:463)
polaris-1 | at org.apache.polaris.service.catalog.iceberg.IcebergCatalogAdapter.lambda$createTable6ドル(IcebergCatalogAdapter.java:394)
polaris-1 | at org.apache.polaris.service.catalog.iceberg.IcebergCatalogAdapter.withCatalog(IcebergCatalogAdapter.java:209)
polaris-1 | at org.apache.polaris.service.catalog.iceberg.IcebergCatalogAdapter.createTable(IcebergCatalogAdapter.java:378)
polaris-1 | at org.apache.polaris.service.catalog.iceberg.IcebergCatalogAdapter_Subclass.createTable$$superforward(Unknown Source)
polaris-1 | at org.apache.polaris.service.catalog.iceberg.IcebergRestCatalogEventServiceDelegator_Gj_WCptqTcdHu-fbZfgVkAwPXCI_Delegate_Subclass.createTable(Unknown Source)
polaris-1 | at org.apache.polaris.service.catalog.iceberg.IcebergRestCatalogEventServiceDelegator.createTable(IcebergRestCatalogEventServiceDelegator.java:217)
polaris-1 | at org.apache.polaris.service.catalog.iceberg.IcebergCatalogAdapter_Subclass.createTable(Unknown Source)
polaris-1 | at org.apache.polaris.service.catalog.iceberg.IcebergCatalogAdapter_ClientProxy.createTable(Unknown Source)
polaris-1 | at org.apache.polaris.service.catalog.api.IcebergRestCatalogApi.createTable(IcebergRestCatalogApi.java:193)
polaris-1 | at org.apache.polaris.service.catalog.api.IcebergRestCatalogApi_Subclass.createTable$$superforward(Unknown Source)
polaris-1 | at org.apache.polaris.service.catalog.api.IcebergRestCatalogApi_Subclass$$function$3ドル.apply(Unknown Source)
polaris-1 | at io.quarkus.arc.impl.AroundInvokeInvocationContext.proceed(AroundInvokeInvocationContext.java:73)
polaris-1 | at io.quarkus.arc.impl.AroundInvokeInvocationContext$NextAroundInvokeInvocationContext.proceed(AroundInvokeInvocationContext.java:97)
polaris-1 | at io.smallrye.faulttolerance.FaultToleranceInterceptor.lambda$syncFlow8ドル(FaultToleranceInterceptor.java:364)
polaris-1 | at io.smallrye.faulttolerance.core.Future.from(Future.java:85)
polaris-1 | at io.smallrye.faulttolerance.FaultToleranceInterceptor.lambda$syncFlow9ドル(FaultToleranceInterceptor.java:364)
polaris-1 | at io.smallrye.faulttolerance.core.FaultToleranceContext.call(FaultToleranceContext.java:20)
polaris-1 | at io.smallrye.faulttolerance.core.Invocation.apply(Invocation.java:29)
polaris-1 | at io.smallrye.faulttolerance.core.metrics.MetricsCollector.apply(MetricsCollector.java:98)
polaris-1 | at io.smallrye.faulttolerance.FaultToleranceInterceptor.syncFlow(FaultToleranceInterceptor.java:367)
polaris-1 | at io.smallrye.faulttolerance.FaultToleranceInterceptor.intercept(FaultToleranceInterceptor.java:205)
polaris-1 | at io.smallrye.faulttolerance.FaultToleranceInterceptor_Bean.intercept(Unknown Source)
polaris-1 | at io.quarkus.arc.impl.InterceptorInvocation.invoke(InterceptorInvocation.java:42)
polaris-1 | at io.quarkus.arc.impl.AroundInvokeInvocationContext.proceed(AroundInvokeInvocationContext.java:70)
polaris-1 | at io.quarkus.arc.impl.AroundInvokeInvocationContext$NextAroundInvokeInvocationContext.proceed(AroundInvokeInvocationContext.java:97)
polaris-1 | at io.quarkus.micrometer.runtime.MicrometerTimedInterceptor.timedMethod(MicrometerTimedInterceptor.java:79)
polaris-1 | at io.quarkus.micrometer.runtime.MicrometerTimedInterceptor_Bean.intercept(Unknown Source)
polaris-1 | at io.quarkus.arc.impl.InterceptorInvocation.invoke(InterceptorInvocation.java:42)
polaris-1 | at io.quarkus.arc.impl.AroundInvokeInvocationContext.proceed(AroundInvokeInvocationContext.java:70)
polaris-1 | at io.quarkus.arc.impl.AroundInvokeInvocationContext$NextAroundInvokeInvocationContext.proceed(AroundInvokeInvocationContext.java:97)
polaris-1 | at io.quarkus.security.runtime.interceptor.SecurityHandler.handle(SecurityHandler.java:27)
polaris-1 | at io.quarkus.security.runtime.interceptor.RolesAllowedInterceptor.intercept(RolesAllowedInterceptor.java:29)
polaris-1 | at io.quarkus.security.runtime.interceptor.RolesAllowedInterceptor_Bean.intercept(Unknown Source)
polaris-1 | at io.quarkus.arc.impl.InterceptorInvocation.invoke(InterceptorInvocation.java:42)
polaris-1 | at io.quarkus.arc.impl.AroundInvokeInvocationContext.proceed(AroundInvokeInvocationContext.java:70)
polaris-1 | at io.quarkus.arc.impl.AroundInvokeInvocationContext.proceed(AroundInvokeInvocationContext.java:62)
polaris-1 | at io.quarkus.resteasy.reactive.server.runtime.StandardSecurityCheckInterceptor.intercept(StandardSecurityCheckInterceptor.java:44)
polaris-1 | at io.quarkus.resteasy.reactive.server.runtime.StandardSecurityCheckInterceptor_RolesAllowedInterceptor_Bean.intercept(Unknown Source)
polaris-1 | at io.quarkus.arc.impl.InterceptorInvocation.invoke(InterceptorInvocation.java:42)
polaris-1 | at io.quarkus.arc.impl.AroundInvokeInvocationContext.perform(AroundInvokeInvocationContext.java:30)
polaris-1 | at io.quarkus.arc.impl.InvocationContexts.performAroundInvoke(InvocationContexts.java:27)
polaris-1 | at org.apache.polaris.service.catalog.api.IcebergRestCatalogApi_Subclass.createTable(Unknown Source)
polaris-1 | at org.apache.polaris.service.catalog.api.IcebergRestCatalogApi$quarkusrestinvoker$createTable_01f5a1bd6d7815fd3314a553161c943c8cd03101.invoke(Unknown Source)
polaris-1 | at org.jboss.resteasy.reactive.server.handlers.InvocationHandler.handle(InvocationHandler.java:29)
polaris-1 | at io.quarkus.resteasy.reactive.server.runtime.QuarkusResteasyReactiveRequestContext.invokeHandler(QuarkusResteasyReactiveRequestContext.java:183)
polaris-1 | at org.jboss.resteasy.reactive.common.core.AbstractResteasyReactiveContext.run(AbstractResteasyReactiveContext.java:147)
polaris-1 | at io.quarkus.vertx.core.runtime.VertxCoreRecorder15ドル.runWith(VertxCoreRecorder.java:645)
polaris-1 | at org.jboss.threads.EnhancedQueueExecutor$Task.doRunWith(EnhancedQueueExecutor.java:2651)
polaris-1 | at org.jboss.threads.EnhancedQueueExecutor$Task.run(EnhancedQueueExecutor.java:2630)
polaris-1 | at org.jboss.threads.EnhancedQueueExecutor.runThreadBody(EnhancedQueueExecutor.java:1622)
polaris-1 | at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1589)
polaris-1 | at org.jboss.threads.DelegatingRunnable.run(DelegatingRunnable.java:11)
polaris-1 | at org.jboss.threads.ThreadLocalResettingRunnable.run(ThreadLocalResettingRunnable.java:11)
polaris-1 | at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30)
polaris-1 | at java.base/java.lang.Thread.run(Thread.java:1583)
polaris-1 | 
polaris-1 | 2025年10月14日 22:13:15,529 INFO [org.apa.pol.ser.exc.IcebergExceptionMapper] [38e7630b-c671-44d0-924b-0da67e15d907_0000000000000000006,POLARIS] [,,,] (executor-thread-1) Handling runtimeException Failed to get subscoped credentials: Cannot invoke "software.amazon.awssdk.services.sts.model.Credentials.accessKeyId()" because the return value of "software.amazon.awssdk.services.sts.model.AssumeRoleResponse.credentials()" is null
polaris-1 | 2025年10月14日 22:13:15,540 DEBUG [org.apa.pol.ser.exc.IcebergExceptionMapper] [38e7630b-c671-44d0-924b-0da67e15d907_0000000000000000006,POLARIS] [,,,] (executor-thread-1) Full RuntimeException
polaris-1 | 2025年10月14日 22:13:15,542 DEBUG [org.apa.pol.ser.exc.IcebergExceptionMapper] [38e7630b-c671-44d0-924b-0da67e15d907_0000000000000000006,POLARIS] [,,,] (executor-thread-1) Mapped exception to errorResp: org.jboss.resteasy.reactive.common.jaxrs.ResponseImpl@6e6feecc
polaris-1 | 2025年10月14日 22:13:15,544 INFO [io.qua.htt.access-log] [38e7630b-c671-44d0-924b-0da67e15d907_0000000000000000006,POLARIS] [,,,] (executor-thread-1) 172.18.0.1 - root [14/Oct/2025:22:13:15 +0000] "POST /api/catalog/v1/quickstart_catalog/namespaces/minio_polaris_ns/tables HTTP/1.1" 422 310

Does this PR introduce any user-facing change?

  • NO

How was this patch tested?

  • Ran full gradle build and test
  • Tests added/updated:
    • StsResponseCaptureTest.java
      • Unit test for the thread-local set/get/clear behavior.
    • StsXmlParserTest.java
      • Tests parsing of a sample non‐standard namespaced STS XML (happy path) and a negative case (missing AccessKeyId).
    • StsResponseCaptureInterceptorTest.java
      • Verifies the interceptor reads httpResponse().content() via a dynamic proxy (simulates SDK context/response) and stores the raw body into the thread-local holder. Also tests the interceptor silently ignores null contexts.

CHANGELOG.md

@rohangoli rohangoli force-pushed the handle-non-stnd-sts-response branch from c628c4a to 1e027a6 Compare October 15, 2025 05:31
Copy link
Contributor

dimas-b commented Oct 15, 2025

Since this PR depends on #2805 is might be preferable to mark it as "draft" to clarify that it should not be merged by itself, but be rebased after #2805 is merged.

@rohangoli rohangoli marked this pull request as draft October 15, 2025 17:34
Copy link
Member

@snazy snazy left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@rohangoli can you elaborate why that credentials attribute is not present?
I don't see a fundamental difference between the documented ECS response and AWS response, beside that the XML namespacing in the ECS response looks different.

I'm concerned about the usage of ThreadLocal holding the last captured STS response. The assumption in getSubscopedCreds() this PR is that the parsing happens within the same thread, but I'm not sure that this is a guaranteed behavior. StsResponseCapture exposes non-ECS credentials to any caller to any call site.
Maybe software.amazon.awssdk.core.interceptor.ExecutionInterceptor#modifyHttpResponseContent/modifyAsyncHttpResponseContent are better alternatives?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@snazy snazy snazy left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

AltStyle によって変換されたページ (->オリジナル) /