Extract getCredentialProvider logic into utility class and add unit tests

Author: Jithendar12

athena-datalakegen2/src/main/java/com/amazonaws/athena/connectors/datalakegen2/DataLakeGen2CredentialProviderUtils.java

@@ -0,0 +1,73 @@
+/*-
+ * #%L
+ * athena-datalakegen2
+ * %%
+ * Copyright (C) 2019 - 2025 Amazon Web Services
+ * %%
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * #L%
+ */
+package com.amazonaws.athena.connectors.datalakegen2;
+
+import com.amazonaws.athena.connector.credentials.CredentialsProvider;
+import com.amazonaws.athena.connector.credentials.DefaultCredentialsProvider;
+import com.amazonaws.athena.connector.lambda.exceptions.AthenaConnectorException;
+import com.amazonaws.athena.connector.lambda.security.CachableSecretsManager;
+import com.fasterxml.jackson.databind.ObjectMapper;
+import org.apache.commons.lang3.StringUtils;
+import software.amazon.awssdk.services.glue.model.ErrorDetails;
+import software.amazon.awssdk.services.glue.model.FederationSourceErrorCode;
+
+import java.io.IOException;
+import java.util.Map;
+
+/**
+ * Utility class for handling credential provider functionality.
+ */
+public final class DataLakeGen2CredentialProviderUtils
+{
+    private static final ObjectMapper OBJECT_MAPPER = new ObjectMapper();
+
+    private DataLakeGen2CredentialProviderUtils()
+    {
+    }
+
+    /**
+     * Gets the credentials provider based on the secret configuration.
+     * If OAuth is configured, returns DataLakeGen2 OAuth credentials provider.
+     * Otherwise, falls back to default username/password credentials.
+     */
+    public static CredentialsProvider getCredentialProvider(String secretName, CachableSecretsManager secretsManager)
+    {
+        if (StringUtils.isNotBlank(secretName)) {
+            try {
+                String secretString = secretsManager.getSecret(secretName);
+                Map<String, String> secretMap = OBJECT_MAPPER.readValue(secretString, Map.class);
+
+                // Check if OAuth is configured
+                if (DataLakeGen2OAuthCredentialsProvider.isOAuthConfigured(secretMap)) {
+                    return new DataLakeGen2OAuthCredentialsProvider(secretName, secretMap, secretsManager);
+                }
+
+                // Fall back to default credentials if OAuth is not configured
+                return new DefaultCredentialsProvider(secretString);
+            }
+            catch (IOException ioException) {
+                throw new AthenaConnectorException("Could not deserialize RDS credentials into HashMap: ",
+                        ErrorDetails.builder().errorCode(FederationSourceErrorCode.INTERNAL_SERVICE_EXCEPTION.toString()).errorMessage(ioException.getMessage()).build());
+            }
+        }
+
+        return null;
+    }
+}

athena-datalakegen2/src/main/java/com/amazonaws/athena/connectors/datalakegen2/DataLakeGen2MetadataHandler.java

@@ -20,7 +20,6 @@
 package com.amazonaws.athena.connectors.datalakegen2;
 
 import com.amazonaws.athena.connector.credentials.CredentialsProvider;
-import com.amazonaws.athena.connector.credentials.DefaultCredentialsProvider;
 import com.amazonaws.athena.connector.lambda.QueryStatusChecker;
 import com.amazonaws.athena.connector.lambda.data.Block;
 import com.amazonaws.athena.connector.lambda.data.BlockAllocator;
@@ -31,7 +30,6 @@
 import com.amazonaws.athena.connector.lambda.domain.Split;
 import com.amazonaws.athena.connector.lambda.domain.TableName;
 import com.amazonaws.athena.connector.lambda.domain.predicate.functions.StandardFunctions;
-import com.amazonaws.athena.connector.lambda.exceptions.AthenaConnectorException;
 import com.amazonaws.athena.connector.lambda.metadata.GetDataSourceCapabilitiesRequest;
 import com.amazonaws.athena.connector.lambda.metadata.GetDataSourceCapabilitiesResponse;
 import com.amazonaws.athena.connector.lambda.metadata.GetSplitsRequest;
@@ -51,22 +49,17 @@
 import com.amazonaws.athena.connectors.jdbc.manager.JdbcArrowTypeConverter;
 import com.amazonaws.athena.connectors.jdbc.manager.JdbcMetadataHandler;
 import com.amazonaws.athena.connectors.jdbc.resolver.JDBCCaseResolver;
-import com.fasterxml.jackson.databind.ObjectMapper;
 import com.google.common.annotations.VisibleForTesting;
 import com.google.common.collect.ImmutableMap;
 import com.google.common.collect.ImmutableSet;
 import org.apache.arrow.vector.types.Types;
 import org.apache.arrow.vector.types.pojo.ArrowType;
 import org.apache.arrow.vector.types.pojo.Schema;
-import org.apache.commons.lang3.StringUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import software.amazon.awssdk.services.athena.AthenaClient;
-import software.amazon.awssdk.services.glue.model.ErrorDetails;
-import software.amazon.awssdk.services.glue.model.FederationSourceErrorCode;
 import software.amazon.awssdk.services.secretsmanager.SecretsManagerClient;
 
-import java.io.IOException;
 import java.sql.Connection;
 import java.sql.PreparedStatement;
 import java.sql.ResultSet;
@@ -85,7 +78,6 @@
 public class DataLakeGen2MetadataHandler extends JdbcMetadataHandler
 {
     private static final Logger LOGGER = LoggerFactory.getLogger(DataLakeGen2MetadataHandler.class);
-    private static final ObjectMapper OBJECT_MAPPER = new ObjectMapper();
 
     static final Map<String, String> JDBC_PROPERTIES = ImmutableMap.of("databaseTerm", "SCHEMA");
     static final String PARTITION_NUMBER = "partition_number";
@@ -297,26 +289,9 @@ protected Schema getSchema(Connection jdbcConnection, TableName tableName, Schem
     @Override
     protected CredentialsProvider getCredentialProvider()
     {
-        final String secretName = getDatabaseConnectionConfig().getSecret();
-        if (StringUtils.isNotBlank(secretName)) {
-            try {
-                String secretString = getCachableSecretsManager().getSecret(secretName);
-                Map<String, String> secretMap = OBJECT_MAPPER.readValue(secretString, Map.class);
-
-                // Check if OAuth is configured
-                if (DataLakeGen2OAuthCredentialsProvider.isOAuthConfigured(secretMap)) {
-                    return new DataLakeGen2OAuthCredentialsProvider(secretName, secretMap, getCachableSecretsManager());
-                }
-
-                // Fall back to default credentials if OAuth is not configured
-                return new DefaultCredentialsProvider(secretString);
-            }
-            catch (IOException ioException) {
-                throw new AthenaConnectorException("Could not deserialize RDS credentials into HashMap: ",
-                        ErrorDetails.builder().errorCode(FederationSourceErrorCode.INTERNAL_SERVICE_EXCEPTION.toString()).errorMessage(ioException.getMessage()).build());
-            }
-        }
-
-        return null;
+        return DataLakeGen2CredentialProviderUtils.getCredentialProvider(
+            getDatabaseConnectionConfig().getSecret(),
+            getCachableSecretsManager()
+        );
     }
 }

athena-datalakegen2/src/main/java/com/amazonaws/athena/connectors/datalakegen2/DataLakeGen2RecordHandler.java

@@ -19,41 +19,32 @@
  */
 package com.amazonaws.athena.connectors.datalakegen2;
 import com.amazonaws.athena.connector.credentials.CredentialsProvider;
-import com.amazonaws.athena.connector.credentials.DefaultCredentialsProvider;
 import com.amazonaws.athena.connector.lambda.domain.Split;
 import com.amazonaws.athena.connector.lambda.domain.TableName;
 import com.amazonaws.athena.connector.lambda.domain.predicate.Constraints;
-import com.amazonaws.athena.connector.lambda.exceptions.AthenaConnectorException;
 import com.amazonaws.athena.connectors.jdbc.connection.DatabaseConnectionConfig;
 import com.amazonaws.athena.connectors.jdbc.connection.DatabaseConnectionInfo;
 import com.amazonaws.athena.connectors.jdbc.connection.GenericJdbcConnectionFactory;
 import com.amazonaws.athena.connectors.jdbc.connection.JdbcConnectionFactory;
 import com.amazonaws.athena.connectors.jdbc.manager.JDBCUtil;
 import com.amazonaws.athena.connectors.jdbc.manager.JdbcRecordHandler;
 import com.amazonaws.athena.connectors.jdbc.manager.JdbcSplitQueryBuilder;
-import com.fasterxml.jackson.databind.ObjectMapper;
 import com.google.common.annotations.VisibleForTesting;
 import org.apache.arrow.vector.types.pojo.Schema;
-import org.apache.commons.lang3.StringUtils;
 import org.apache.commons.lang3.Validate;
 import software.amazon.awssdk.services.athena.AthenaClient;
-import software.amazon.awssdk.services.glue.model.ErrorDetails;
-import software.amazon.awssdk.services.glue.model.FederationSourceErrorCode;
 import software.amazon.awssdk.services.s3.S3Client;
 import software.amazon.awssdk.services.secretsmanager.SecretsManagerClient;
 
-import java.io.IOException;
 import java.sql.Connection;
 import java.sql.PreparedStatement;
 import java.sql.SQLException;
-import java.util.Map;
 
 import static com.amazonaws.athena.connectors.datalakegen2.DataLakeGen2Constants.QUOTE_CHARACTER;
 
 public class DataLakeGen2RecordHandler extends JdbcRecordHandler
 {
     private static final int FETCH_SIZE = 1000;
-    private static final ObjectMapper OBJECT_MAPPER = new ObjectMapper();
     private final JdbcSplitQueryBuilder jdbcSplitQueryBuilder;
     public DataLakeGen2RecordHandler(java.util.Map<String, String> configOptions)
     {
@@ -90,25 +81,9 @@ public PreparedStatement buildSplitSql(Connection jdbcConnection, String catalog
     @Override
     protected CredentialsProvider getCredentialProvider()
     {
-        final String secretName = getDatabaseConnectionConfig().getSecret();
-        if (StringUtils.isNotBlank(secretName)) {
-            try {
-                String secretString = getCachableSecretsManager().getSecret(secretName);
-                Map<String, String> secretMap = OBJECT_MAPPER.readValue(secretString, Map.class);
-
-                // Check if OAuth is configured
-                if (DataLakeGen2OAuthCredentialsProvider.isOAuthConfigured(secretMap)) {
-                    return new DataLakeGen2OAuthCredentialsProvider(secretName, secretMap, getCachableSecretsManager());
-                }
-
-                // Fall back to default credentials if OAuth is not configured
-                return new DefaultCredentialsProvider(secretString);
-            }
-            catch (IOException ioException) {
-                throw new AthenaConnectorException("Could not deserialize RDS credentials into HashMap: ",
-                        ErrorDetails.builder().errorCode(FederationSourceErrorCode.INTERNAL_SERVICE_EXCEPTION.toString()).errorMessage(ioException.getMessage()).build());
-            }
-        }
-        return null;
+        return DataLakeGen2CredentialProviderUtils.getCredentialProvider(
+            getDatabaseConnectionConfig().getSecret(),
+            getCachableSecretsManager()
+        );
     }
 }

athena-datalakegen2/src/test/java/com/amazonaws/athena/connectors/datalakegen2/DataLakeGen2CredentialProviderUtilsTest.java

@@ -0,0 +1,128 @@
+/*-
+ * #%L
+ * athena-datalakegen2
+ * %%
+ * Copyright (C) 2019 - 2025 Amazon Web Services
+ * %%
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * #L%
+ */
+package com.amazonaws.athena.connectors.datalakegen2;
+
+import com.amazonaws.athena.connector.credentials.CredentialsProvider;
+import com.amazonaws.athena.connector.credentials.DefaultCredentialsProvider;
+import com.amazonaws.athena.connector.lambda.exceptions.AthenaConnectorException;
+import com.amazonaws.athena.connector.lambda.security.CachableSecretsManager;
+import com.fasterxml.jackson.core.JsonProcessingException;
+import com.fasterxml.jackson.databind.ObjectMapper;
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.mockito.Mock;
+import org.mockito.junit.MockitoJUnitRunner;
+import software.amazon.awssdk.services.glue.model.FederationSourceErrorCode;
+import software.amazon.awssdk.services.secretsmanager.SecretsManagerClient;
+import software.amazon.awssdk.services.secretsmanager.model.GetSecretValueRequest;
+import software.amazon.awssdk.services.secretsmanager.model.GetSecretValueResponse;
+
+import java.util.Map;
+
+import static com.amazonaws.athena.connector.credentials.CredentialsConstants.CLIENT_ID;
+import static com.amazonaws.athena.connector.credentials.CredentialsConstants.CLIENT_SECRET;
+import static com.amazonaws.athena.connector.credentials.CredentialsConstants.PASSWORD;
+import static com.amazonaws.athena.connector.credentials.CredentialsConstants.USERNAME;
+import static com.amazonaws.athena.connectors.datalakegen2.DataLakeGen2OAuthCredentialsProviderTest.SECRET_NAME;
+import static com.amazonaws.athena.connectors.datalakegen2.DataLakeGen2OAuthCredentialsProviderTest.TENANT_ID;
+import static com.amazonaws.athena.connectors.datalakegen2.DataLakeGen2OAuthCredentialsProviderTest.TEST_CLIENT_ID;
+import static com.amazonaws.athena.connectors.datalakegen2.DataLakeGen2OAuthCredentialsProviderTest.TEST_CLIENT_SECRET;
+import static com.amazonaws.athena.connectors.datalakegen2.DataLakeGen2OAuthCredentialsProviderTest.TEST_TENANT_ID;
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNull;
+import static org.junit.Assert.assertTrue;
+import static org.junit.Assert.fail;
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.Mockito.when;
+
+@RunWith(MockitoJUnitRunner.class)
+public class DataLakeGen2CredentialProviderUtilsTest
+{
+    @Mock
+    private SecretsManagerClient secretsManager;
+
+    private CachableSecretsManager cachableSecretsManager;
+
+    @Before
+    public void setup()
+    {
+        cachableSecretsManager = new CachableSecretsManager(secretsManager);
+    }
+
+    @Test
+    public void testGetCredentialProvider_whenOAuthConfigured() throws JsonProcessingException
+    {
+        // Mock OAuth secret response
+        String oauthSecret = new ObjectMapper().writeValueAsString(Map.of(
+                CLIENT_ID, TEST_CLIENT_ID,
+                CLIENT_SECRET, TEST_CLIENT_SECRET,
+                TENANT_ID, TEST_TENANT_ID
+        ));
+        when(secretsManager.getSecretValue(any(GetSecretValueRequest.class))).thenReturn(
+            GetSecretValueResponse.builder().secretString(oauthSecret).build()
+        );
+
+        CredentialsProvider provider = DataLakeGen2CredentialProviderUtils.getCredentialProvider(SECRET_NAME, cachableSecretsManager);
+        assertTrue(provider instanceof DataLakeGen2OAuthCredentialsProvider);
+    }
+
+    @Test
+    public void testGetCredentialProvider_whenUsernamePasswordConfigured() throws JsonProcessingException
+    {
+        // Mock username/password secret response
+        String standardSecret = new ObjectMapper().writeValueAsString(Map.of(
+                USERNAME, "test-user",
+                PASSWORD, "test-password"
+        ));
+        when(secretsManager.getSecretValue(any(GetSecretValueRequest.class))).thenReturn(
+            GetSecretValueResponse.builder().secretString(standardSecret).build()
+        );
+
+        CredentialsProvider provider = DataLakeGen2CredentialProviderUtils.getCredentialProvider(SECRET_NAME, cachableSecretsManager);
+        assertTrue(provider instanceof DefaultCredentialsProvider);
+    }
+
+    @Test
+    public void testGetCredentialProvider_whenNoSecret()
+    {
+        CredentialsProvider provider = DataLakeGen2CredentialProviderUtils.getCredentialProvider("", cachableSecretsManager);
+        assertNull(provider);
+    }
+
+    @Test
+    public void testGetCredentialProvider_whenInvalidJson_throwsException()
+    {
+        // Mock invalid JSON response
+        when(secretsManager.getSecretValue(any(GetSecretValueRequest.class))).thenReturn(
+            GetSecretValueResponse.builder().secretString("invalid-json{").build()
+        );
+
+        try {
+            DataLakeGen2CredentialProviderUtils.getCredentialProvider(SECRET_NAME, cachableSecretsManager);
+            fail("Expected AthenaConnectorException");
+        }
+        catch (AthenaConnectorException e) {
+            assertEquals(FederationSourceErrorCode.INTERNAL_SERVICE_EXCEPTION.toString(), 
+                e.getErrorDetails().errorCode());
+            assertTrue(e.getMessage().contains("Could not deserialize RDS credentials into HashMap"));
+        }
+    }
+}

athena-datalakegen2/src/test/java/com/amazonaws/athena/connectors/datalakegen2/DataLakeGen2OAuthCredentialsProviderTest.java

@@ -49,12 +49,12 @@
 
 public class DataLakeGen2OAuthCredentialsProviderTest
 {
-    private static final String SECRET_NAME = "test-secret";
-    private static final String TEST_CLIENT_ID = "test-client-id";
-    private static final String TEST_CLIENT_SECRET = "test-client-secret";
-    private static final String TENANT_ID = "tenant_id";
-    private static final String TEST_TENANT_ID = "test-tenant-id";
-    private static final String TEST_ACCESS_TOKEN = "test-access-token";
+    protected static final String SECRET_NAME = "test-secret";
+    protected static final String TEST_CLIENT_ID = "test-client-id";
+    protected static final String TEST_CLIENT_SECRET = "test-client-secret";
+    protected static final String TENANT_ID = "tenant_id";
+    protected static final String TEST_TENANT_ID = "test-tenant-id";
+    protected static final String TEST_ACCESS_TOKEN = "test-access-token";
 
     @Mock
     private SecretsManagerClient secretsManagerClient;