Skip to content

Add support of Request-level credentials override in DefaultS3CrtAsyncClient#6793

Open
Fred1155 wants to merge 4 commits intomasterfrom
bole_support_crts3_credential_override
Open

Add support of Request-level credentials override in DefaultS3CrtAsyncClient#6793
Fred1155 wants to merge 4 commits intomasterfrom
bole_support_crts3_credential_override

Conversation

@Fred1155
Copy link
Contributor

@Fred1155 Fred1155 commented Mar 13, 2026

This PR added support of Request-level credentials override in DefaultS3CrtAsyncClient and Closes #5354

Motivation and Context

Currently, the DefaultS3CrtAsyncClient throws UnsupportedOperationException when users provide request
-level credentials via AwsRequestOverrideConfiguration.credentialsIdentityProvider(). This PR added support for that and removes this exception.

Modifications

  • S3InternalSdkHttpExecutionAttribute: Added CRT_CREDENTIALS_PROVIDER_ADAPTER attribute
    to carry the per-request CrtCredentialsProviderAdapter through SdkHttpExecutionAttributes.
  • DefaultS3CrtAsyncClient:
    • ValidateRequestInterceptor: Removed the UnsupportedOperationException for
      credentialsIdentityProvider.
    • AttachHttpAttributesExecutionInterceptor: When request-level credentials are present,
      wraps them in a CrtCredentialsProviderAdapter and attaches it to the HTTP execution
      attributes.
  • S3CrtAsyncHttpClient:
    • awsSigningConfig(): Uses per-request credentials (if present) instead of client-level
      credentials when building the AwsSigningConfig.
    • execute(): Closes the per-request CrtCredentialsProviderAdapter via a whenComplete
      callback on the request future to ensure the native CRT resource outlives the meta request.

Added unit test in in S3CrtAsyncHttpClientTest verifying Ppr-request credentials are used in the signing config when provided.

Added integration test to test valid override succeeds,

Screenshots (if appropriate)

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)

Checklist

  • I have read the CONTRIBUTING document
  • Local run of mvn install succeeds
  • My code follows the code style of this project
  • My change requires a change to the Javadoc documentation
  • I have updated the Javadoc documentation accordingly
  • I have added tests to cover my changes
  • All new and existing tests passed
  • I have added a changelog entry. Adding a new entry must be accomplished by running the scripts/new-change script and following the instructions. Commit the new file created by the script in .changes/next-release with your changes.
  • My change is to implement 1.11 parity feature and I have updated LaunchChangelog

License

  • I confirm that this pull request can be released under the Apache 2 license

@Fred1155 Fred1155 requested a review from a team as a code owner March 13, 2026 16:01
@sonarqubecloud
Copy link

sonarqubecloud bot commented Mar 13, 2026

Quality Gate Failed Quality Gate failed

Failed conditions
78.1% Coverage on New Code (required ≥ 80%)

See analysis details on SonarQube Cloud

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Add support of Request-level credentials override in DefaultS3CrtAsyncClient

1 participant

@Fred1155