Address more review comments

Author: vnarayanan

hadoop-tools/hadoop-aws/src/main/java/org/apache/hadoop/fs/s3a/auth/ProfileAWSCredentialsProvider.java

@@ -36,74 +36,74 @@
 @InterfaceAudience.Public
 @InterfaceStability.Evolving
 public class ProfileAWSCredentialsProvider extends AbstractAWSCredentialProvider {
-    private static final Logger LOG = LoggerFactory.getLogger(ProfileAWSCredentialsProvider.class);
+  private static final Logger LOG = LoggerFactory.getLogger(ProfileAWSCredentialsProvider.class);
 
-    public static final String NAME
-            = "org.apache.hadoop.fs.s3a.auth.ProfileAWSCredentialsProvider";
+  public static final String NAME
+      = "org.apache.hadoop.fs.s3a.auth.ProfileAWSCredentialsProvider";
 
-    /** Conf setting for credentials file path*/
-    public static final String PROFILE_FILE = "fs.s3a.auth.profile.file";
+  /** Conf setting for credentials file path*/
+  public static final String PROFILE_FILE = "fs.s3a.auth.profile.file";
 
-    /** Conf setting for profile name*/
-    public static final String PROFILE_NAME = "fs.s3a.auth.profile.name";
+  /** Conf setting for profile name*/
+  public static final String PROFILE_NAME = "fs.s3a.auth.profile.name";
 
-    /** Environment variable for credentials file path*/
-    public static final String CREDENTIALS_FILE_ENV = "AWS_SHARED_CREDENTIALS_FILE";
-    /** Environment variable for profile name*/
-    public static final String PROFILE_ENV = "AWS_PROFILE";
+  /** Environment variable for credentials file path*/
+  public static final String CREDENTIALS_FILE_ENV = "AWS_SHARED_CREDENTIALS_FILE";
+  /** Environment variable for profile name*/
+  public static final String PROFILE_ENV = "AWS_PROFILE";
 
-    private final ProfileCredentialsProvider pcp;
+  private final ProfileCredentialsProvider pcp;
 
-    private static Path getCredentialsPath(Configuration conf) {
-        String credentialsFile = conf.get(PROFILE_FILE, null);
-        if (credentialsFile == null) {
-            credentialsFile = SystemUtils.getEnvironmentVariable(CREDENTIALS_FILE_ENV, null);
-            if (credentialsFile != null) {
-                LOG.debug("Fetched credentials file path from environment variable");
-            }
-        }
-        else {
-            LOG.debug("Fetched credentials file path from conf");
-        }
-        if (credentialsFile == null) {
-            LOG.debug("Using default credentials file path");
-            return FileSystems.getDefault().getPath(SystemUtils.getUserHome().getPath(),".aws", "credentials");
-        }
-        else {
-            return FileSystems.getDefault().getPath(credentialsFile);
-        }
+  private static Path getCredentialsPath(Configuration conf) {
+    String credentialsFile = conf.get(PROFILE_FILE, null);
+    if (credentialsFile == null) {
+      credentialsFile = SystemUtils.getEnvironmentVariable(CREDENTIALS_FILE_ENV, null);
+      if (credentialsFile != null) {
+        LOG.debug("Fetched credentials file path from environment variable");
+      }
     }
-
-    private static String getCredentialsName(Configuration conf) {
-        String profileName = conf.get(PROFILE_NAME, null);
-        if (profileName == null) {
-            profileName = SystemUtils.getEnvironmentVariable(PROFILE_ENV, null);
-            if (profileName == null) {
-                profileName = "default";
-                LOG.debug("Using default profile name");
-            }
-            else {
-                LOG.debug("Fetched profile name from environment variable");
-            }
-        }
-        else {
-            LOG.debug("Fetched profile name from conf");
-        }
-        return profileName;
+    else {
+      LOG.debug("Fetched credentials file path from conf");
     }
-
-    public ProfileAWSCredentialsProvider(URI uri, Configuration conf) {
-        super(uri, conf);
-        ProfileCredentialsProvider.Builder builder = ProfileCredentialsProvider.builder();
-        builder.profileName(getCredentialsName(conf))
-                .profileFile(ProfileFile.builder()
-                .content(getCredentialsPath(conf))
-                .type(ProfileFile.Type.CREDENTIALS)
-                .build());
-        pcp = builder.build();
+    if (credentialsFile == null) {
+      LOG.debug("Using default credentials file path");
+      return FileSystems.getDefault().getPath(SystemUtils.getUserHome().getPath(),".aws", "credentials");
+    }
+    else {
+      return FileSystems.getDefault().getPath(credentialsFile);
     }
+  }
 
-    public AwsCredentials resolveCredentials() {
-        return pcp.resolveCredentials();
+  private static String getCredentialsName(Configuration conf) {
+    String profileName = conf.get(PROFILE_NAME, null);
+    if (profileName == null) {
+      profileName = SystemUtils.getEnvironmentVariable(PROFILE_ENV, null);
+      if (profileName == null) {
+        profileName = "default";
+        LOG.debug("Using default profile name");
+      }
+      else {
+        LOG.debug("Fetched profile name from environment variable");
+      }
     }
+    else {
+      LOG.debug("Fetched profile name from conf");
+    }
+    return profileName;
+  }
+
+  public ProfileAWSCredentialsProvider(URI uri, Configuration conf) {
+    super(uri, conf);
+    ProfileCredentialsProvider.Builder builder = ProfileCredentialsProvider.builder();
+    builder.profileName(getCredentialsName(conf))
+            .profileFile(ProfileFile.builder()
+            .content(getCredentialsPath(conf))
+            .type(ProfileFile.Type.CREDENTIALS)
+            .build());
+    pcp = builder.build();
+  }
+
+  public AwsCredentials resolveCredentials() {
+    return pcp.resolveCredentials();
+  }
 }

hadoop-tools/hadoop-aws/src/site/markdown/tools/hadoop-aws/authentication.md

@@ -57,7 +57,7 @@ For more information see [Upcoming upgrade to AWS Java SDK V2](./aws_sdk_upgrade
   <description>
     Comma-separated class names of credential provider classes which implement
     software.amazon.awssdk.auth.credentials.AwsCredentialsProvider.
-     
+
     org.apache.hadoop.fs.s3a.auth.ProfileAWSCredentialsProvider is not included in
     the chain by default.
 
@@ -229,18 +229,22 @@ Note:
 ### <a name="auth_simple"></a> Credentials from profile with `ProfileAWSCredentialsProvider`*
 
 This is a non-default provider that fetches credentials from a profile file,
-acting as a Hadoop wrapper around ProfileCredentialsProvider. The profile file and
+acting as a Hadoop wrapper around [ProfileCredentialsProvider](https://sdk.amazonaws.com/java/api/latest/software/amazon/awssdk/auth/credentials/ProfileCredentialsProvider.html). The profile file and
 profile name are both resolved as follows.
 
-1. If the configuration setting is specified, that takes priority (`fs.s3a.auth.profile.file`
+1. If the configuration setting is specified, that takes priority ( `fs.s3a.auth.profile.file`
    for profile file and `fs.s3a.auth.profile.name` for profile name).
-2. If a configuration setting is absent, but the environment variables for
-   the setting(AWS_SHARED_CREDENTIALS_FILE for profile file and AWS_PROFILE for
+2. If a configuration setting is absent, but the environment variable for
+   the setting( `AWS_SHARED_CREDENTIALS_FILE` for profile file and `AWS_PROFILE` for
    profile name) is defined, then the variable is used.
 3. If neither configuration setting nor environment variable is present, then
    the values default to `~/.aws/credentials` for the profile file, and `default`
    for the profile name.
 
+
+*Important*: This profile file must be on every node in the _cluster_.
+If this is not the case, delegation tokens can be used to collect the current credentials and propagate them.
+
 ### <a name="auth_session"></a> Using Session Credentials with `TemporaryAWSCredentialsProvider`
 
 [Temporary Security Credentials](http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html)