Skip to content

Auth: Respect async credentials update flag from DefaultCredentialsProvider for WebIdentityTokenFileCredentialProvider #3899

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
May 8, 2023
Merged

Auth: Respect async credentials update flag from DefaultCredentialsProvider for WebIdentityTokenFileCredentialProvider #3899

merged 2 commits into from
May 8, 2023

Conversation

paulolieuthier
Copy link
Contributor

Motivation and Context

Despite having the flag and implementation ready, WebIdentityTokenFileCredentialProvider used through DefaultCredentialsProvider cannot have the async credentials update feature enabled, because the flag is not passed through, contrary to how it's done with other providers.

Allowing async credentials update enables clients running in environments like Kubernetes to avoid refreshing credentials in request-time, which causes latency spikes.

Modifications

Testing

The modification was easy to validate because the latency spikes are gone after the patch.

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)

Checklist

  • I have read the CONTRIBUTING document
  • Local run of mvn install succeeds
  • My code follows the code style of this project
  • My change requires a change to the Javadoc documentation
  • I have updated the Javadoc documentation accordingly
  • I have added tests to cover my changes (could use some guidance here)
  • All new and existing tests passed
  • I have added a changelog entry. Adding a new entry must be accomplished by running the scripts/new-change script and following the instructions. Commit the new file created by the script in .changes/next-release with your changes.
  • My change is to implement 1.11 parity feature and I have updated LaunchChangelog

License

  • I confirm that this pull request can be released under the Apache 2 license

@paulolieuthier paulolieuthier requested a review from a team as a code owner April 10, 2023 17:46
@paulolieuthier paulolieuthier force-pushed the web-identity-file-async-refresh branch 3 times, most recently from 0118a7f to 3c208ef Compare April 11, 2023 14:01
@paulolieuthier paulolieuthier force-pushed the web-identity-file-async-refresh branch from 3c208ef to 5f49149 Compare April 13, 2023 10:35
@debora-ito debora-ito added the needs-review This issue or PR needs review from the team. label Apr 13, 2023
@L-Applin L-Applin self-assigned this Apr 27, 2023
@L-Applin L-Applin self-requested a review April 27, 2023 15:08
@L-Applin
Copy link
Contributor

L-Applin commented Apr 27, 2023
edited
Loading

Thanks for the pull request! I notice there are some Error while running unit-tests:

...
[INFO] Running software.amazon.awssdk.services.sts.internal.WebIdentityTokenCredentialProviderTest
[ERROR] Tests run: 1, Failures: 0, Errors: 1, Skipped: 0, Time elapsed: 0.266 s <<< FAILURE! - in software.amazon.awssdk.services.sts.internal.WebIdentityTokenCredentialProviderTest
[ERROR] software.amazon.awssdk.services.sts.internal.WebIdentityTokenCredentialProviderTest.createAssumeRoleWithWebIdentityTokenCredentialsProviderViaProfileSucceeds  Time elapsed: 0.266 s  <<< ERROR!
java.lang.NullPointerException
    at software.amazon.awssdk.services.sts.internal.WebIdentityTokenCredentialProviderTest.lambda$createAssumeRoleWithWebIdentityTokenCredentialsProviderViaProfileSucceeds$1(WebIdentityTokenCredentialProviderTest.java:40)
    at software.amazon.awssdk.services.sts.internal.WebIdentityTokenCredentialProviderTest.createAssumeRoleWithWebIdentityTokenCredentialsProviderViaProfileSucceeds(WebIdentityTokenCredentialProviderTest.java:39)

Please provide a fix and we can then complete the review.

L-Applin
L-Applin requested changes Apr 27, 2023
View reviewed changes
Copy link
Contributor

@L-Applin L-Applin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please update tests in software.amazon.awssdk.services.sts.internal.WebIdentityTokenCredentialProviderTest#createAssumeRoleWithWebIdentityTokenCredentialsProviderViaProfileSucceeds

@paulolieuthier
Copy link
Contributor Author

Hey @L-Applin, thanks for your time. Please take another look.

@debora-ito debora-ito removed the needs-review This issue or PR needs review from the team. label Apr 28, 2023
@sonarqubecloud
Copy link

sonarqubecloud bot commented May 8, 2023

SonarCloud Quality Gate failed.    Quality Gate failed

Bug C 1 Bug
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 4 Code Smells

50.0% 50.0% Coverage
0.0% 0.0% Duplication

@L-Applin L-Applin enabled auto-merge (squash) May 8, 2023 16:04
@L-Applin L-Applin merged commit 58278f6 into aws:master May 8, 2023
@debora-ito
Copy link
Member

@all-contributors please add @paulolieuthier for code.

@allcontributors allcontributors bot mentioned this pull request May 8, 2023
Merged
@allcontributors
Copy link
Contributor

@debora-ito

I've put up a pull request to add @paulolieuthier! 🎉

@paulolieuthier paulolieuthier deleted the web-identity-file-async-refresh branch May 9, 2023 12:41
@paulolieuthier
Copy link
Contributor Author

Thanks! Looking forward to the next release.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@L-Applin L-Applin L-Applin approved these changes

Assignees

@L-Applin L-Applin

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@paulolieuthier @L-Applin @debora-ito