diff --git a/tensorstore/kvstore/s3/credentials/BUILD b/tensorstore/kvstore/s3/credentials/BUILD index d8eea218e..6b776efe6 100644 --- a/tensorstore/kvstore/s3/credentials/BUILD +++ b/tensorstore/kvstore/s3/credentials/BUILD @@ -79,9 +79,11 @@ tensorstore_cc_library( "//tensorstore/internal:no_destructor", "//tensorstore/internal/http", "//tensorstore/internal/http:curl_transport", + "//tensorstore/internal/log:verbose_flag", "//tensorstore/util:result", "@com_google_absl//absl/base:core_headers", "@com_google_absl//absl/functional:function_ref", + "@com_google_absl//absl/log:absl_log", "@com_google_absl//absl/synchronization", "@com_google_absl//absl/time", ], diff --git a/tensorstore/kvstore/s3/credentials/default_credential_provider.cc b/tensorstore/kvstore/s3/credentials/default_credential_provider.cc index 6990425cb..eaea7a636 100644 --- a/tensorstore/kvstore/s3/credentials/default_credential_provider.cc +++ b/tensorstore/kvstore/s3/credentials/default_credential_provider.cc @@ -21,10 +21,13 @@ #include #include +#include "absl/base/attributes.h" #include "absl/functional/function_ref.h" +#include "absl/log/absl_log.h" #include "absl/synchronization/mutex.h" #include "absl/time/time.h" #include "tensorstore/internal/http/http_transport.h" +#include "tensorstore/internal/log/verbose_flag.h" #include "tensorstore/internal/no_destructor.h" #include "tensorstore/kvstore/s3/credentials/aws_credentials.h" #include "tensorstore/kvstore/s3/credentials/ec2_credential_provider.h" @@ -36,6 +39,8 @@ namespace tensorstore { namespace internal_kvstore_s3 { namespace { +ABSL_CONST_INIT internal_log::VerboseFlag s3_logging("s3"); + /// Return a DefaultCredentialProvider that attempts to retrieve credentials /// from /// 1. AWS Environment Variables, e.g. AWS_ACCESS_KEY_ID @@ -127,28 +132,39 @@ Result DefaultAwsCredentialsProvider::GetCredentials() { // Return credentials in this order: // 1. AWS Environment Variables, e.g. AWS_ACCESS_KEY_ID provider_ = std::make_unique(); - auto credentials_result = provider_->GetCredentials(); - if (credentials_result.ok()) { - credentials_ = credentials_result.value(); + if (auto credentials_result = provider_->GetCredentials(); + credentials_result.ok()) { + credentials_ = std::move(credentials_result).value(); return credentials_; + } else if (s3_logging) { + ABSL_LOG_FIRST_N(INFO, 1) + << "Could not acquire credentials from environment: " + << credentials_result.status(); } // 2. Shared Credential File, e.g. $HOME/.aws/credentials provider_ = std::make_unique(options_.filename, options_.profile); - credentials_result = provider_->GetCredentials(); - if (credentials_result.ok()) { - credentials_ = credentials_result.value(); + if (auto credentials_result = provider_->GetCredentials(); + credentials_result.ok()) { + credentials_ = std::move(credentials_result).value(); return credentials_; + } else if (s3_logging) { + ABSL_LOG_FIRST_N(INFO, 1) + << "Could not acquire credentials from '" << options_.filename << "', '" + << options_.profile << "': " << credentials_result.status(); } // 3. EC2 Metadata Server provider_ = std::make_unique( options_.endpoint, options_.transport); - credentials_result = provider_->GetCredentials(); - if (credentials_result.ok()) { - credentials_ = credentials_result.value(); + if (auto credentials_result = provider_->GetCredentials(); + credentials_result.ok()) { + credentials_ = std::move(credentials_result).value(); return credentials_; + } else if (s3_logging) { + ABSL_LOG(INFO) << "Could not acquire credentials from EC2 Metadata Server " + << options_.endpoint << ": " << credentials_result.status(); } // 4. Anonymous credentials