aws-sdk-java-v2 icon indicating copy to clipboard operation
aws-sdk-java-v2 copied to clipboard
verified publisher icon aws

ProfileFileSupplier.defaultSupplier() leads to NullPointer when config files are missing

Open maschnetwork opened this issue 1 year ago • 3 comments

Describe the bug

We recently introduced automatic credentials reload in the EventBridge Kafka connector by leveraging ProfileFileSupplier.defaultSupplier as recommended in the official docs:

var provider = DefaultCredentialsProvider.builder()
         //.profileFile(ProfileFile.defaultProfileFile()) <- this is the default by the SDK 
          .profileFile(ProfileFileSupplier.defaultSupplier()) //<- This supports automatic reload
          .build();

var creds = provider.resolveCredentials();

However, when no credential files are present (~/.aws/credentials and ~/.aws/config are missing) the DefaultCredentialProviderChain.resolveCredentials() process will result in NullPointer Exceptions in both ProfileCredentialsProvider and InstanceProfileCredentialProvider: java.lang.NullPointerException: Cannot invoke "java.nio.file.Path.getFileSystem()" because "path" is null. (See Additional Information below).

This will happen first in the ProfileCredentialsProvider and will be ignored to move to the next provider as outlined here. But the process will run into it again for the InstanceProfileCredentialProvider, for example in Ec2MetaDataConfigProvider.

This behavior essentially influences (and breaks) the DefaultCredentialsProvider chain. It behaves differently than the current SDK default value ProfileFile.defaultProfileFile() which does not produce any exceptions and lets InstanceProfileCredentialProvider resolve even though files are missing.

Related issues:

https://github.com/awslabs/eventbridge-kafka-connector/issues/396

Expected Behavior

ProfileFileSupplier.defaultSupplier() behaves the same as ProfileFile.defaultProfileFile() when credential files are missing.

Current Behavior

ProfileFileSupplier.defaultSupplier() leads to Nullpointer during resolution process and breaks DefaultCredentialsProvider (or at least behaves different than the default)

Reproduction Steps

  1. First, delete local files such as ~/.aws/credentials and ~/.aws/config
  2. Run the below code with the default value of ProfileFile.defaultProfileFile()
  3. Run the below code with the non-default value: profileFile(ProfileFileSupplier.defaultSupplier()
public class Main {
    public static void main(String[] args) {
        var provider = DefaultCredentialsProvider.builder()
                    //    .profileFile(ProfileFile.defaultProfileFile()) <- This is the default and is used implicit
                        .profileFile(ProfileFileSupplier.defaultSupplier()) // <- This produces NullPointer when no credentials files are present (Check Errors in the ProviderChain) 
                        .build();

        var creds = provider.resolveCredentials();
        System.out.println(creds);
    }
}
  1. Check for Nullpointer in the resolution process and see different path for InstanceProfileCredentialsProvider

Possible Solution

When no credential files are present (~/.aws/credentials and ~/.aws/config. are missing) ProfileFileSupplier.defaultSupplier() effectively returns ProfileFile.builder().build()since credentialsSupplierOptional and configurationSupplierOptional are empty. Later during resolveCredentials of the DefaultCredentialsProviderChain the contentLocation within ProfileFile Builder will be null and therefore lead to the Nullpointer:

@Override
public ProfileFile build() {
    InputStream stream = content != null ? content :
                         FunctionalUtils.invokeSafely(() -> Files.newInputStream(contentLocation));

It would make sense to provide a sane default here such as ProfileFile.defaultProfileFile().

Additional Information/Context

This will happen first in the ProfileCredentialsProvider and will be ignored to move to the next provider as outlined here. But InstanceProfileCredentialProvider will run into it again, for example in Ec2MetaDataConfigProvider.

AWS Java SDK version used

2.28.8

JDK version used

17

Operating System and version

MacOS

maschnetwork avatar Sep 30 '24 11:09 maschnetwork

Acknowledged. We should fix the NullPointerException.

debora-ito avatar Oct 10 '24 22:10 debora-ito

@debora-ito do you have any timelines in mind for when to expect the fix?

embano1 avatar Oct 16 '24 05:10 embano1

I also agree with the solution @maschnetwork has mentioned, that we could assign a the ProfileFile.defaultProfileFile() for the supplier to resolve. Can you assign this to me so I can start working on a PR?

yomal avatar Oct 18 '24 14:10 yomal

@yomal @debora-ito can you please coordinate so @yomal can start working on this?

embano1 avatar Nov 04 '24 12:11 embano1

This issue is now closed. Comments on closed issues are hard for our team to see. If you need more assistance, please open a new issue that references this one.

github-actions[bot] avatar Jun 02 '25 21:06 github-actions[bot]