diff --git a/spring-cloud-aws-autoconfigure/src/main/java/io/awspring/cloud/autoconfigure/core/CredentialsProviderAutoConfiguration.java b/spring-cloud-aws-autoconfigure/src/main/java/io/awspring/cloud/autoconfigure/core/CredentialsProviderAutoConfiguration.java index 3b7c2eefd..bb2c32265 100644 --- a/spring-cloud-aws-autoconfigure/src/main/java/io/awspring/cloud/autoconfigure/core/CredentialsProviderAutoConfiguration.java +++ b/spring-cloud-aws-autoconfigure/src/main/java/io/awspring/cloud/autoconfigure/core/CredentialsProviderAutoConfiguration.java @@ -44,6 +44,8 @@ import software.amazon.awssdk.services.sts.StsClient; import software.amazon.awssdk.services.sts.auth.StsWebIdentityTokenFileCredentialsProvider; +import static software.amazon.awssdk.core.SdkSystemSetting.AWS_WEB_IDENTITY_TOKEN_FILE; + /** * {@link EnableAutoConfiguration} for {@link AwsCredentialsProvider}. * @@ -103,7 +105,7 @@ public static AwsCredentialsProvider createCredentialsProvider(CredentialsProper } StsProperties sts = properties.getSts(); - if (ClassUtils.isPresent(STS_WEB_IDENTITY_TOKEN_FILE_CREDENTIALS_PROVIDER, null)) { + if (isWebIdentitiyTokenFileConfigured(sts) && ClassUtils.isPresent(STS_WEB_IDENTITY_TOKEN_FILE_CREDENTIALS_PROVIDER, null)) { try { providers.add(StsCredentialsProviderFactory.create(sts, regionProvider)); } @@ -124,6 +126,11 @@ else if (providers.size() == 1) { } } + private static boolean isWebIdentitiyTokenFileConfigured(@Nullable StsProperties sts) { + // AWS_WEB_IDENTITY_TOKEN_FILE can be configured either through environment variable, system properties or `spring.cloud.aws.sts` properties. + return AWS_WEB_IDENTITY_TOKEN_FILE.getStringValue().isPresent() || (sts != null && sts.getWebIdentityTokenFile() != null); + } + private static StaticCredentialsProvider createStaticCredentialsProvider(CredentialsProperties properties) { return StaticCredentialsProvider .create(AwsBasicCredentials.create(properties.getAccessKey(), properties.getSecretKey())); diff --git a/spring-cloud-aws-autoconfigure/src/test/java/io/awspring/cloud/autoconfigure/core/CredentialsProviderAutoConfigurationTests.java b/spring-cloud-aws-autoconfigure/src/test/java/io/awspring/cloud/autoconfigure/core/CredentialsProviderAutoConfigurationTests.java index 5eaf92d3a..8529e3603 100644 --- a/spring-cloud-aws-autoconfigure/src/test/java/io/awspring/cloud/autoconfigure/core/CredentialsProviderAutoConfigurationTests.java +++ b/spring-cloud-aws-autoconfigure/src/test/java/io/awspring/cloud/autoconfigure/core/CredentialsProviderAutoConfigurationTests.java @@ -21,10 +21,13 @@ import java.io.IOException; import java.nio.file.Path; import org.junit.jupiter.api.Test; +import org.junit.jupiter.api.extension.ExtendWith; import org.junit.jupiter.api.io.TempDir; import org.springframework.boot.autoconfigure.AutoConfigurations; import org.springframework.boot.test.context.FilteredClassLoader; import org.springframework.boot.test.context.runner.ApplicationContextRunner; +import org.springframework.boot.test.system.CapturedOutput; +import org.springframework.boot.test.system.OutputCaptureExtension; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.core.io.ClassPathResource; @@ -116,6 +119,21 @@ void credentialsProvider_stsPropertiesConfigured_configuresStsWebIdentityTokenFi }); } + @Test + @ExtendWith(OutputCaptureExtension.class) + void credentialsProvider_stsCredentialsProviderNotConfigured_whenWebIdentityTokenNotConfigured(CapturedOutput output) + throws IOException { + this.contextRunner + .withPropertyValues("spring.cloud.aws.region.static:af-south-1") + .run((context) -> { + AwsCredentialsProvider awsCredentialsProvider = context.getBean("credentialsProvider", + AwsCredentialsProvider.class); + assertThat(awsCredentialsProvider).isNotNull() + .isInstanceOf(DefaultCredentialsProvider.class); + }); + assertThat(output).doesNotContain("Skipping creating `StsCredentialsProvider`"); + } + @Test void credentialsProvider_stsSystemPropertiesDefault_configuresStsWebIdentityTokenFileCredentialsProvider() throws IOException {