Skip to content

Review and refactor existing default loaders and credential resolution #2070

New issue
New issue
Closed as not planned
Closed as not planned
Review and refactor existing default loaders and credential resolution#2070
Labels
feature-requestA feature should be added or improved.p2This is a standard priority issue
@isaiahvita

Description

@isaiahvita
isaiahvita
opened on Mar 27, 2023

Describe the feature

During config loading, there are many values that need to be checked and potentially loaded. For default config loading, these are done through two default loaders: the environment config loader, and the shared config loader.

In both these loaders, there is an inconsistency with how errors are reported and bubbled up. For example, errors like invalid profile name are swallowed during config loading time which allows for a red-herring runtime error (error reporting on IMDS failure) to bubble up to the customer (example) while errors in loading the AWS_USE_FIPS_ENDPOINT are bubbled up immediately to the user during config-load time.

Ideally, any value which is known to be statically invalid, the Go SDK should bubble up that error immediately to the user rather than wait until runtime which is not preferred for obvious reasons: potential red herring issues which leads to difficult debugging, and potential failure later in customer runtimes.

As of now, it needs to be explored/confirmed whether surfacing an error (where we previously didnt) is backwards compatible.

Additionally, whats the env config and shared config have been loaded. The default credential chain goes through a series of credential resolution checks to resolve credentials. Any failed checks are not logged or bubbled up to the user. So a user could intend to configure a certain credential in a certain way (e.g. SSO) but fail out on it (possibly because there SSO config was misconfigured to be invalid) but the error reported would be for IMDS error. We should at a minimum log (in some concise way) what the credential provider tried.

This FR contains 2 separate issues:
(1) Error handling/reporting during config load time
(2) Error handling/reporting during credential resolution
They are bundled into one FR because error handling during credential resolution can be seen as effected by error handling at config load time. Additionally, this single FR would comprehensively fix #2058

AWS Go SDK V2 Module Versions Used

github.com/aws/aws-sdk-go-v2/blob/main/config

Go version used

1.19

Activity

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Metadata

Assignees

No one assigned

    Labels

    feature-requestA feature should be added or improved.p2This is a standard priority issue

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions