Provide the contents of stderr as part of the exception in the case of non zero RCs returned from the external process in (#3544)

Author: zoewangg

.changes/next-release/feature-AWSSDKforJavav2-2a02870.json

@@ -0,0 +1,6 @@
+{
+    "type": "feature",
+    "category": "AWS SDK for Java v2",
+    "contributor": "",
+    "description": "Provide the contents of stderr as part of the exception in the case of non zero RCs returned from the external process in `ProcessCredentialProvider`. See [#3377](https://github.com/aws/aws-sdk-java-v2/issues/3377)"
+}

core/auth/src/main/java/software/amazon/awssdk/auth/credentials/ProcessCredentialsProvider.java

@@ -17,6 +17,7 @@
 
 import java.io.ByteArrayOutputStream;
 import java.io.IOException;
+import java.io.InputStream;
 import java.nio.charset.StandardCharsets;
 import java.time.Duration;
 import java.time.Instant;
@@ -40,11 +41,13 @@
 /**
  * A credentials provider that can load credentials from an external process. This is used to support the credential_process
  * setting in the profile credentials file. See
- * https://docs.aws.amazon.com/cli/latest/topic/config-vars.html#sourcing-credentials-from-external-processes for more
- * information.
+ * <a href="https://docs.aws.amazon.com/cli/latest/topic/config-vars.html#sourcing-credentials-from-external-processes">sourcing credentials
+ * from external processes</a> for more information.
  *
- * Created using {@link #builder()}.
+ * <p>
+ * This class can be initialized using {@link #builder()}.
  *
+ * <p>
  * Available settings:
  * <ul>
  *     <li>Command - The command that should be executed to retrieve credentials.</li>
@@ -207,7 +210,11 @@ private String executeCommand() throws IOException, InterruptedException {
             process.waitFor();
 
             if (process.exitValue() != 0) {
-                throw new IllegalStateException("Command returned non-zero exit value: " + process.exitValue());
+                try (InputStream errorStream = process.getErrorStream()) {
+                    String errorMessage = IoUtils.toUtf8String(errorStream);
+                    throw new IllegalStateException(String.format("Command returned non-zero exit value (%s) with error message: "
+                                                                  + "%s", process.exitValue(), errorMessage));
+                }
             }
 
             return new String(commandOutput.toByteArray(), StandardCharsets.UTF_8);

core/auth/src/test/java/software/amazon/awssdk/auth/credentials/ProcessCredentialsProviderTest.java

@@ -14,6 +14,8 @@
  */
 package software.amazon.awssdk.auth.credentials;
 
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatThrownBy;
 import static org.junit.Assert.assertNotNull;
 
 import java.io.File;
@@ -35,20 +37,26 @@
 
 public class ProcessCredentialsProviderTest {
 
-    private final static String PROCESS_RESOURCE_PATH = "/resources/process/";
-    private final static String RANDOM_SESSION_TOKEN = "RANDOM_TOKEN";
+    private static final String PROCESS_RESOURCE_PATH = "/resources/process/";
+    private static final String RANDOM_SESSION_TOKEN = "RANDOM_TOKEN";
     private static String scriptLocation;
+    private static String errorScriptLocation;
 
     @BeforeClass
     public static void setup()  {
-        scriptLocation = copyProcessCredentialsScript();
+        scriptLocation = copyHappyCaseProcessCredentialsScript();
+        errorScriptLocation = copyErrorCaseProcessCredentialsScript();
     }
 
     @AfterClass
     public static void teardown() {
         if (scriptLocation != null && !new File(scriptLocation).delete()) {
             throw new IllegalStateException("Failed to delete file: " + scriptLocation);
         }
+
+        if (errorScriptLocation != null && !new File(errorScriptLocation).delete()) {
+            throw new IllegalStateException("Failed to delete file: " + errorScriptLocation);
+        }
     }
 
     @Test
@@ -115,6 +123,19 @@ public void expirationBufferOverrideIsApplied() {
         Assert.assertNotEquals(request1, request2);
     }
 
+    @Test
+    public void processFailed_shouldContainErrorMessage() {
+        ProcessCredentialsProvider credentialsProvider =
+            ProcessCredentialsProvider.builder()
+                                      .command(errorScriptLocation)
+                                      .credentialRefreshThreshold(Duration.ofSeconds(20))
+                                      .build();
+
+        assertThatThrownBy(credentialsProvider::resolveCredentials)
+            .satisfies(throwable -> assertThat(throwable.getCause())
+                .hasMessageContaining("(125) with error message: Some error case"));
+    }
+
     @Test
     public void lackOfExpirationIsCachedForever() {
         ProcessCredentialsProvider credentialsProvider =
@@ -174,9 +195,21 @@ public void closeDoesNotRaise() {
         credentialsProvider.close();
     }
 
-    public static String copyProcessCredentialsScript() {
+    public static String copyHappyCaseProcessCredentialsScript() {
         String scriptClasspathFilename = Platform.isWindows() ? "windows-credentials-script.bat"
                                                               : "linux-credentials-script.sh";
+
+        return copyProcessCredentialsScript(scriptClasspathFilename);
+    }
+
+    public static String copyErrorCaseProcessCredentialsScript() {
+        String scriptClasspathFilename = Platform.isWindows() ? "windows-credentials-error-script.bat"
+                                                              : "linux-credentials-error-script.sh";
+
+        return copyProcessCredentialsScript(scriptClasspathFilename);
+    }
+
+    public static String copyProcessCredentialsScript(String scriptClasspathFilename) {
         String scriptClasspathLocation = PROCESS_RESOURCE_PATH + scriptClasspathFilename;
 
         InputStream scriptInputStream = null;

core/auth/src/test/java/software/amazon/awssdk/auth/credentials/internal/ProfileCredentialsUtilsTest.java

@@ -44,7 +44,7 @@ public class ProfileCredentialsUtilsTest {
 
     @BeforeAll
     public static void setup()  {
-        scriptLocation = ProcessCredentialsProviderTest.copyProcessCredentialsScript();
+        scriptLocation = ProcessCredentialsProviderTest.copyHappyCaseProcessCredentialsScript();
     }
 
     @AfterAll

core/auth/src/test/resources/resources/process/linux-credentials-error-script.sh

@@ -0,0 +1,3 @@
+#!/usr/bin/env bash
+echo "Some error case" 1>&2
+exit 125

core/auth/src/test/resources/resources/process/windows-credentials-error-script.bat

@@ -0,0 +1,3 @@
+@ECHO OFF
+echo "Some error case"
+exit /b 125