Quiet "INFO: Unable to fetch credentials from *" logging

[grzm]

Dependencies

{:deps {org.clojure/clojure {:mvn/version "1.10.1"}
        com.cognitect.aws/api {:mvn/version "0.8.524"}
        com.cognitect.aws/endpoints {:mvn/version "1.1.12.69"}
        com.cognitect.aws/sts {:mvn/version "811.2.958.0"}}}

Description with failing test case

By default, the aws-api uses the cognitect.aws.credentials/chain-credentials-provider to provide a convenient method of finding available credentials from a variety of sources. As it cascades down the chain (mixing metaphors along the way), it logs Unable to fetch credentials from <source> upon each failure before it goes on to the next one at the info level.

aws-api/src/cognitect/aws/credentials.clj

Line 130 in fb41cda

(log/info (str "Unable to fetch credentials from " credential-source "."))

This results in noisy default behavior if you happen to depend on one of the later providers in the chain, and even more so if you happen to be using more than one AWS service.

I suggest changing the logging call from log/info to log/debug to make the default, out-of-the-box case quieter.

Please describe what you are trying to do, what you expect to see, and
what you're seeing instead.

Important: Please include a complete minimal code example that we
can paste as/is into a REPL, execute, and watch fail.

(require '[cognitect.aws.client.api :as aws])
(def sts (aws/client {:api :sts}))
(keys (aws/invoke sts {:op :GetCallerIdentity}))

output:

$ clj         
Clojure 1.10.1
user=> (require '[cognitect.aws.client.api :as aws])

nil
user=> (def sts (aws/client {:api :sts}))

2021-10-30 14:40:02.228:INFO::main: Logging initialized @7987ms to org.eclipse.jetty.util.log.StdErrLog
#'user/sts
user=> (keys (aws/invoke sts {:op :GetCallerIdentity}))

Oct 30, 2021 2:40:07 PM clojure.tools.logging$eval9684$fn__9687 invoke
INFO: Unable to fetch credentials from environment variables.
Oct 30, 2021 2:40:07 PM clojure.tools.logging$eval9684$fn__9687 invoke
INFO: Unable to fetch credentials from system properties.
(:UserId :Account :Arn)

Changing log/info to log/debug we get the quieter:

{:deps {org.clojure/clojure {:mvn/version "1.10.1"}
        com.cognitect.aws/api {:mvn/version "0.8.524" :aws/serviceFullName ""}
        com.cognitect.aws/endpoints {:mvn/version "1.1.12.69" :aws/serviceFullName ""}
        com.cognitect.aws/sts {:mvn/version "811.2.958.0", :aws/serviceFullName "AWS Security Token Service"}}
 :aliases
 {
  :quiet {:override-deps {com.cognitect.aws/api {:git/url "https://github.com/grzm/aws-api.git"
                                                 :sha "1e22c779b2d01e37f14cfd7ecee303b182ad33de"}}}
  }}

$ clj -A:quiet                 
Clojure 1.10.1
user=> (require '[cognitect.aws.client.api :as aws])
nil
user=> (def sts (aws/client {:api :sts}))

2021-10-30 14:39:00.418:INFO::main: Logging initialized @29263ms to org.eclipse.jetty.util.log.StdErrLog
#'user/sts
user=> (aws/invoke sts {:op :GetCallerIdentity})

{:UserId "AIDAJDK6RT7AOC42EWQ7I", :Account "266294314743", :Arn "arn:aws:iam::266294314743:user/[email protected]"}
user=> (keys (aws/invoke sts {:op :GetCallerIdentity}))

(:UserId :Account :Arn)

(The Logging initialized line is coming from jetty, so that's beyond the scope of the aws-api.)

There are other options, such as setting log configuration (e.g., https://github.com/grzm/aws-api-logging-ex) or specifying a known credentials provider instead of relying on the default chain provider. However, I think improving the default experience is worth doing here.

[mengelhart]

I wasted a bunch of cycles in my service due to this log output. I had a bug in my code but this log output made me think it had something to do with my AWS credentials configuration.

[dchelimsky]

Fixed on main, will release later today.

[grzm]

Thank you!

[dchelimsky]

Released in version com.cognitect.aws/api-0.8.575