_build_driver_args() should delegate to DefaultAWSCredentialsProviderChain by default

[nchammas]

I think the code here needs to be restructured:

PyAthenaJDBC/pyathenajdbc/connection.py

Lines 151 to 174 in e06196b

	def _build_driver_args(self):
	props = jpype.java.util.Properties()
	if self.credential_file:
	props.setProperty(
	"AwsCredentialsProviderClass",
	"com.simba.athena.amazonaws.auth.PropertiesFileCredentialsProvider",
	)
	props.setProperty(
	"aws_credentials_provider_arguments", self.credential_file
	)
	elif self.profile_name:
	props.setProperty(
	"AwsCredentialsProviderClass",
	"com.simba.athena.amazonaws.auth.profile.ProfileCredentialsProvider",
	)
	props.setProperty("aws_credentials_provider_arguments", self.profile_name)
	elif self.token:
	props.setProperty(
	"AwsCredentialsProviderClass",
	"com.simba.athena.amazonaws.auth.DefaultAWSCredentialsProviderChain",
	)
	else:
	props.setProperty("UID", self.access_key)
	props.setProperty("PWD", self.secret_key)

DefaultAWSCredentialsProviderChain covers access via credentials file, profile name, or token, so it should be the default option. I don't think we need all these code branches checking for each case and setting a different provider. The default provider takes care of all of that automatically.

If the PyAthenaJDBC API requires it, perhaps the only branch we need is to check if the user explicitly passed in credentials to connect(). And if not, it should just defer to DefaultAWSCredentialsProviderChain. Does that make sense?

Another thing that seems off in this block of code is that it doesn't seem to respect the user-provided AwsCredentialsProviderClass. If I specify that in the URL parameters, it gets overridden by this code.

So, for example, I am connecting to Athena via PyAthenaJDBC and SQLAlchemy. I tried manually setting AwsCredentialsProviderClass in the URL as follows:

jdbc:awsathena://athena.us-east-1.amazonaws.com:443;AwsCredentialsProviderClass=com.simba.athena.amazonaws.auth.DefaultAWSCredentialsProviderChain

But because I've also set AWS_PROFILE, something gets messed up and I get this error:

E       jpype._jclass.java.sql.SQLException: [Simba][AthenaJDBC](100191) Failed to create 
AWS Credentials Provider class: com.simba.athena.amazonaws.auth.DefaultAWSCredentialsProviderChain.

If I just delete that entire block of code from _build_driver_args(), everything works. Specifically, I can query Athena using the temporary credentials associated with the configured AWS profile.

If this all makes sense, I'd be happy to submit a PR to fix this behavior, including the appropriate tests.

[laughingman7743]

The processing of that code is implemented to use the Boto3 credentials.
If we leave the authentication process to JDBC, we don't need it.

[nchammas]

I don't follow. What's the difference between "Boto3 credentials" and "JDBC credentials"? From my understanding, they both have the same behavior and use the same credentials provider chain: Boto3, Java SDK

To put my point differently, what exactly would break if we made DefaultAWSCredentialsProviderChain the default as I am proposing? i.e. Instead of the code I quoted above, we'd just have something like this:

def _build_driver_args(self): 
    props = jpype.java.util.Properties() 
    if user_provided_credentials_directly_to_connect_function: 
        props.setProperty("UID", self.access_key)
        props.setProperty("PWD", self.secret_key)
    else:
        props.setProperty( 
            "AwsCredentialsProviderClass", 
            "com.simba.athena.amazonaws.auth.DefaultAWSCredentialsProviderChain", 
        ) 

[laughingman7743]

Oh, Boto3 and JDBC are no different at all. 🧐
It seems to be fine without those codes. 😅