fix how the url is built

Author: DylanGuedes

pkg/storage/chunk/client/aws/config.go

@@ -16,7 +16,6 @@ import (
 	"github.com/aws/aws-sdk-go-v2/aws"
 	"github.com/aws/aws-sdk-go-v2/credentials"
 	"github.com/aws/aws-sdk-go-v2/service/dynamodb"
-	"github.com/pkg/errors"
 )
 
 // DynamoConfigFromURL returns AWS config from given URL. It expects escaped
@@ -83,5 +82,7 @@ func CredentialsFromURL(awsURL *url.URL) (key, secret, session string, err error
 			return username, password, "", nil
 		}
 	}
-	return "", "", "", errors.New("Unable to build AWS credentials from URL")
+	// Return empty credentials instead of error to allow AWS SDK to use default credential chain
+	// (environment variables, IAM roles, etc.)
+	return "", "", "", nil
 }

pkg/storage/chunk/client/aws/config_test.go

@@ -0,0 +1,71 @@
+package aws
+
+import (
+	"net/url"
+	"testing"
+
+	"github.com/stretchr/testify/require"
+)
+
+func TestCredentialsFromURL(t *testing.T) {
+	tests := []struct {
+		name            string
+		urlStr          string
+		expectedKey     string
+		expectedSecret  string
+		expectedSession string
+		expectError     bool
+	}{
+		{
+			name:            "URL with username and password",
+			urlStr:          "s3://mykey:mysecret@us-east-1",
+			expectedKey:     "mykey",
+			expectedSecret:  "mysecret",
+			expectedSession: "",
+			expectError:     false,
+		},
+		{
+			name:            "URL with only username",
+			urlStr:          "s3://mykey@us-east-1",
+			expectedKey:     "mykey",
+			expectedSecret:  "",
+			expectedSession: "",
+			expectError:     false,
+		},
+		{
+			name:            "URL without credentials (should not error)",
+			urlStr:          "s3://us-east-1",
+			expectedKey:     "",
+			expectedSecret:  "",
+			expectedSession: "",
+			expectError:     false,
+		},
+		{
+			name:            "URL with endpoint without credentials",
+			urlStr:          "s3://s3.amazonaws.com",
+			expectedKey:     "",
+			expectedSecret:  "",
+			expectedSession: "",
+			expectError:     false,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			u, err := url.Parse(tt.urlStr)
+			require.NoError(t, err)
+
+			key, secret, session, err := CredentialsFromURL(u)
+			
+			if tt.expectError {
+				require.Error(t, err)
+			} else {
+				require.NoError(t, err)
+				require.Equal(t, tt.expectedKey, key)
+				require.Equal(t, tt.expectedSecret, secret)
+				require.Equal(t, tt.expectedSession, session)
+			}
+		})
+	}
+}
+

pkg/storage/chunk/client/aws/s3_storage_client.go

@@ -219,7 +219,11 @@ func buildS3Client(cfg S3Config, hedgingCfg hedging.Config, hedging bool) (*s3.C
 		if err != nil {
 			return nil, err
 		}
-		s3Options.Credentials = credentials.NewStaticCredentialsProvider(key, secret, session)
+		// Only set credentials if they were provided in the URL
+		// Otherwise, let AWS SDK use the default credential chain
+		if key != "" || secret != "" {
+			s3Options.Credentials = credentials.NewStaticCredentialsProvider(key, secret, session)
+		}
 	} else {
 		s3Options.Region = "dummy"
 	}