Revert "Improve availability of instance profile credentials provider during outages. (#2989)"

This reverts commit 3f67bf7.

Author: millems

.idea/inspectionProfiles/AWS_Java_SDK_2_0.xml

@@ -15,33 +15,25 @@
 
 package software.amazon.awssdk.auth.credentials;
 
+import static java.util.Collections.singletonMap;
 import static java.util.Collections.unmodifiableSet;
 
 import java.io.IOException;
 import java.net.URI;
-import java.time.Instant;
-import java.time.temporal.ChronoUnit;
 import java.util.Arrays;
-import java.util.HashMap;
+import java.util.Collections;
 import java.util.HashSet;
 import java.util.Map;
 import java.util.Set;
 import software.amazon.awssdk.annotations.SdkPublicApi;
+import software.amazon.awssdk.annotations.SdkTestInternalApi;
 import software.amazon.awssdk.auth.credentials.internal.ContainerCredentialsRetryPolicy;
-import software.amazon.awssdk.auth.credentials.internal.HttpCredentialsLoader;
-import software.amazon.awssdk.auth.credentials.internal.HttpCredentialsLoader.LoadedCredentials;
 import software.amazon.awssdk.core.SdkSystemSetting;
 import software.amazon.awssdk.core.exception.SdkClientException;
-import software.amazon.awssdk.core.util.SdkUserAgent;
 import software.amazon.awssdk.regions.util.ResourcesEndpointProvider;
 import software.amazon.awssdk.regions.util.ResourcesEndpointRetryPolicy;
-import software.amazon.awssdk.utils.ComparableUtils;
 import software.amazon.awssdk.utils.StringUtils;
 import software.amazon.awssdk.utils.ToString;
-import software.amazon.awssdk.utils.Validate;
-import software.amazon.awssdk.utils.cache.CachedSupplier;
-import software.amazon.awssdk.utils.cache.NonBlocking;
-import software.amazon.awssdk.utils.cache.RefreshResult;
 
 /**
  * {@link AwsCredentialsProvider} implementation that loads credentials from a local metadata service.
@@ -60,28 +52,15 @@
  * Service (ECS)</a>
  */
 @SdkPublicApi
-public final class ContainerCredentialsProvider implements HttpCredentialsProvider {
-    private static final Set<String> ALLOWED_HOSTS = unmodifiableSet(new HashSet<>(Arrays.asList("localhost", "127.0.0.1")));
-
-    private final String endpoint;
-    private final HttpCredentialsLoader httpCredentialsLoader;
-    private final CachedSupplier<AwsCredentials> credentialsCache;
+public final class ContainerCredentialsProvider extends HttpCredentialsProvider {
+    private final ResourcesEndpointProvider credentialsEndpointProvider;
 
     /**
      * @see #builder()
      */
     private ContainerCredentialsProvider(BuilderImpl builder) {
-        this.endpoint = builder.endpoint;
-        this.httpCredentialsLoader = HttpCredentialsLoader.create();
-
-        if (Boolean.TRUE.equals(builder.asyncCredentialUpdateEnabled)) {
-            Validate.paramNotBlank(builder.asyncThreadName, "asyncThreadName");
-            this.credentialsCache = CachedSupplier.builder(this::refreshCredentials)
-                                                  .prefetchStrategy(new NonBlocking(builder.asyncThreadName))
-                                                  .build();
-        } else {
-            this.credentialsCache = CachedSupplier.builder(this::refreshCredentials).build();
-        }
+        super(builder);
+        this.credentialsEndpointProvider = builder.credentialsEndpointProvider;
     }
 
     /**
@@ -92,60 +71,21 @@ public static Builder builder() {
     }
 
     @Override
-    public String toString() {
-        return ToString.create("ContainerCredentialsProvider");
-    }
-
-    private RefreshResult<AwsCredentials> refreshCredentials() {
-        LoadedCredentials loadedCredentials =
-            httpCredentialsLoader.loadCredentials(new ContainerCredentialsEndpointProvider(endpoint));
-        Instant expiration = loadedCredentials.getExpiration().orElse(null);
-
-        return RefreshResult.builder(loadedCredentials.getAwsCredentials())
-                            .staleTime(staleTime(expiration))
-                            .prefetchTime(prefetchTime(expiration))
-                            .build();
-    }
-
-    private Instant staleTime(Instant expiration) {
-        if (expiration == null) {
-            return null;
-        }
-
-        return expiration.minus(1, ChronoUnit.MINUTES);
-    }
-
-    private Instant prefetchTime(Instant expiration) {
-        Instant oneHourFromNow = Instant.now().plus(1, ChronoUnit.HOURS);
-
-        if (expiration == null) {
-            return oneHourFromNow;
-        }
-
-        Instant fifteenMinutesBeforeExpiration = expiration.minus(15, ChronoUnit.MINUTES);
-
-        return ComparableUtils.minimum(oneHourFromNow, fifteenMinutesBeforeExpiration);
-    }
-
-    @Override
-    public AwsCredentials resolveCredentials() {
-        return credentialsCache.get();
+    protected ResourcesEndpointProvider getCredentialsEndpointProvider() {
+        return credentialsEndpointProvider;
     }
 
     @Override
-    public void close() {
-        credentialsCache.close();
+    public String toString() {
+        return ToString.create("ContainerCredentialsProvider");
     }
 
     static final class ContainerCredentialsEndpointProvider implements ResourcesEndpointProvider {
-        private final String endpoint;
-
-        ContainerCredentialsEndpointProvider(String endpoint) {
-            this.endpoint = endpoint;
-        }
+        private static final Set<String> ALLOWED_HOSTS = unmodifiableSet(new HashSet<>(Arrays.asList("localhost", "127.0.0.1")));
 
         @Override
         public URI endpoint() throws IOException {
+
             if (!SdkSystemSetting.AWS_CONTAINER_CREDENTIALS_RELATIVE_URI.getStringValue().isPresent() &&
                 !SdkSystemSetting.AWS_CONTAINER_CREDENTIALS_FULL_URI.getStringValue().isPresent()) {
                 throw SdkClientException.builder()
@@ -177,28 +117,26 @@ public ResourcesEndpointRetryPolicy retryPolicy() {
 
         @Override
         public Map<String, String> headers() {
-            Map<String, String> requestHeaders = new HashMap<>();
-            requestHeaders.put("User-Agent", SdkUserAgent.create().userAgent());
-            SdkSystemSetting.AWS_CONTAINER_AUTHORIZATION_TOKEN.getStringValue()
-                                                              .filter(StringUtils::isNotBlank)
-                                                              .ifPresent(t -> requestHeaders.put("Authorization", t));
-            return requestHeaders;
+            return SdkSystemSetting.AWS_CONTAINER_AUTHORIZATION_TOKEN.getStringValue()
+                                                                     .filter(StringUtils::isNotBlank)
+                                                                     .map(t -> singletonMap("Authorization", t))
+                                                                     .orElseGet(Collections::emptyMap);
         }
 
         private URI createUri(String relativeUri) {
-            String host = endpoint != null ? endpoint : SdkSystemSetting.AWS_CONTAINER_SERVICE_ENDPOINT.getStringValueOrThrow();
-            return URI.create(host + relativeUri);
+            return URI.create(SdkSystemSetting.AWS_CONTAINER_SERVICE_ENDPOINT.getStringValueOrThrow() + relativeUri);
         }
 
         private URI createGenericContainerUrl() {
             URI uri = URI.create(SdkSystemSetting.AWS_CONTAINER_CREDENTIALS_FULL_URI.getStringValueOrThrow());
             if (!ALLOWED_HOSTS.contains(uri.getHost())) {
-                String envVarName = SdkSystemSetting.AWS_CONTAINER_CREDENTIALS_FULL_URI.environmentVariable();
+
                 throw SdkClientException.builder()
                                         .message(String.format("The full URI (%s) contained within environment " +
-                                                               "variable %s has an invalid host. Host can only be one of [%s].",
-                                                               uri,
-                                                               envVarName,
+                                                 "variable %s has an invalid host. Host can only be one of [%s].",
+                                                 uri,
+                                                 SdkSystemSetting.AWS_CONTAINER_CREDENTIALS_FULL_URI
+                                                                 .environmentVariable(),
                                                                String.join(",", ALLOWED_HOSTS)))
                                         .build();
             }
@@ -210,47 +148,29 @@ private URI createGenericContainerUrl() {
      * A builder for creating a custom a {@link ContainerCredentialsProvider}.
      */
     public interface Builder extends HttpCredentialsProvider.Builder<ContainerCredentialsProvider, Builder> {
-    }
-
-    private static final class BuilderImpl implements Builder {
-        private String endpoint;
-        private Boolean asyncCredentialUpdateEnabled;
-        private String asyncThreadName;
-
-        BuilderImpl() {
-            asyncThreadName("container-credentials-provider");
-        }
 
+        /**
+         * Build a {@link ContainerCredentialsProvider} from the provided configuration.
+         */
         @Override
-        public Builder endpoint(String endpoint) {
-            this.endpoint = endpoint;
-            return this;
-        }
+        ContainerCredentialsProvider build();
+    }
 
-        public void setEndpoint(String endpoint) {
-            endpoint(endpoint);
-        }
+    static final class BuilderImpl extends HttpCredentialsProvider.BuilderImpl<ContainerCredentialsProvider, Builder>
+        implements Builder {
 
-        @Override
-        public Builder asyncCredentialUpdateEnabled(Boolean asyncCredentialUpdateEnabled) {
-            this.asyncCredentialUpdateEnabled = asyncCredentialUpdateEnabled;
-            return this;
-        }
+        private ResourcesEndpointProvider credentialsEndpointProvider = new ContainerCredentialsEndpointProvider();
 
-        public void setAsyncCredentialUpdateEnabled(boolean asyncCredentialUpdateEnabled) {
-            asyncCredentialUpdateEnabled(asyncCredentialUpdateEnabled);
+        BuilderImpl() {
+            super.asyncThreadName("container-credentials-provider");
         }
 
-        @Override
-        public Builder asyncThreadName(String asyncThreadName) {
-            this.asyncThreadName = asyncThreadName;
+        @SdkTestInternalApi
+        Builder credentialsEndpointProvider(ResourcesEndpointProvider credentialsEndpointProvider) {
+            this.credentialsEndpointProvider = credentialsEndpointProvider;
             return this;
         }
 
-        public void setAsyncThreadName(String asyncThreadName) {
-            asyncThreadName(asyncThreadName);
-        }
-
         @Override
         public ContainerCredentialsProvider build() {
             return new ContainerCredentialsProvider(this);

core/auth/src/main/java/software/amazon/awssdk/auth/credentials/ContainerCredentialsProvider.java

@@ -83,8 +83,6 @@ private static LazyAwsCredentialsProvider createChain(Builder builder) {
                                                 .build(),
                     InstanceProfileCredentialsProvider.builder()
                                                       .asyncCredentialUpdateEnabled(asyncCredentialUpdateEnabled)
-                                                      .profileFile(builder.profileFile)
-                                                      .profileName(builder.profileName)
                                                       .build()
             };