When sourcing credentials from an external process, ignore stderr #250
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
waahm7
approved these changes
Sep 5, 2024
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## main #250 +/- ##
=======================================
Coverage 80.36% 80.36%
=======================================
Files 33 33
Lines 6044 6044
=======================================
Hits 4857 4857
Misses 1187 1187 ☔ View full report in Codecov by Sentry. |
graebm
added a commit
to awslabs/aws-crt-java
that referenced
this pull request
Sep 6, 2024
**Issue:** If the external process logged to stderr during a normal successful run, the credentials would fail to parse **Description of changes:** Update submodules, latest version of aws-c-auth contains the fix, see: awslabs/aws-c-auth#250 ``` aws-c-cal v0.7.3 -> v0.7.4 aws-c-auth v0.7.25 -> v0.7.29 ```
graebm
added a commit
that referenced
this pull request
Oct 14, 2024
**Issue:** If the external process logged to `stderr` during a normal successful run, the credentials would fail to parse. This was happening because the credentials-provider would always combine `stderr` and `stdout` by appending `2>&1` to the external command. Then JSON parsing would fail, due to random lines of logging on `stderr` mixing with valid JSON on `stdout`. **Description of changes:** Instead of redirecting `stderr` to `stdout`, redirect it to `/dev/null`. It would be better to capture `stderr` separately, and display it if the external process fails. But `aws_process_run()` doesn't currently capture `stderr`, and would require a rework to do so.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Issue:
If the external process logged to
stderrduring a normal successful run, the credentials would fail to parse.This was happening because the credentials-provider would always combine
stderrandstdoutby appending2>&1to the external command. Then JSON parsing would fail, due to random lines of logging onstderrmixing with valid JSON onstdout.Description of changes:
Instead of redirecting
stderrtostdout, redirect it to/dev/null.It would be better to capture
stderrseparately, and display it if the external process fails. Butaws_process_run()doesn't currently capturestderr, and would require a rework to do so.By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.