aws-sdk-java-v2 icon indicating copy to clipboard operation
aws-sdk-java-v2 copied to clipboard
verified publisher icon aws

Fix reload credentials not working when modified

Open munendrasn opened this issue 1 year ago • 19 comments

Ensure defaultSupplier is used instead of fixedSupplier in case of defaultProfileFile.

I have updated the some places where defaultProfileFile was used along with fixedProfileSupplier with defaultSupplier

Motivation and Context

Fixes #4268

Modifications

Testing

Screenshots (if appropriate)

Types of changes

  • [x] Bug fix (non-breaking change which fixes an issue)
  • [ ] New feature (non-breaking change which adds functionality)

Checklist

  • [x] I have read the CONTRIBUTING document
  • [ ] Local run of mvn install succeeds
  • [ ] My code follows the code style of this project
  • [ ] My change requires a change to the Javadoc documentation
  • [ ] I have updated the Javadoc documentation accordingly
  • [x] I have added tests to cover my changes
  • [ ] All new and existing tests passed
  • [ ] I have added a changelog entry. Adding a new entry must be accomplished by running the scripts/new-change script and following the instructions. Commit the new file created by the script in .changes/next-release with your changes.
  • [ ] My change is to implement 1.11 parity feature and I have updated LaunchChangelog

License

  • [x] I confirm that this pull request can be released under the Apache 2 license

munendrasn avatar May 06 '24 16:05 munendrasn

@debora-ito @millems Please review, tagging you as changes includes to area that were updated by you recently. Please let me know if approach need to be modified

munendrasn avatar May 06 '24 16:05 munendrasn

CI build failure seems to be unrelated to the PR, it is failing while setting the aws credentials. Please let me know if any setup or changes required

munendrasn avatar May 27 '24 06:05 munendrasn

@anirudh9391 the CI build is failing in the setup.. please let me know if anything can be done to resolve it

munendrasn avatar May 30 '24 17:05 munendrasn

Based on findings, the secrets apart from GITHUB_TOKEN is not available to PR from forked repository. https://github.com/actions/runner/discussions/3039

I don't have access to push the branch to this repository. @anirudh9391 would it be possible to pick these changes & create branch in this repo?

munendrasn avatar May 31 '24 15:05 munendrasn

Based on findings, the secrets apart from GITHUB_TOKEN is not available to PR from forked repository. actions/runner#3039

I don't have access to push the branch to this repository. @anirudh9391 would it be possible to pick these changes & create branch in this repo?

Yeah I can do that

anirudh9391 avatar May 31 '24 22:05 anirudh9391

Beside the small nit, I posted everything looks fine. I launched a run of the Codebuild jobs for the unit-tests and waiting for them to succeed

L-Applin avatar Jul 19 '24 15:07 L-Applin

The new added test resolveCredentials_DefaultCredentialProviderWithReloadWhenModified fails on jdk8 11 and 17 consistently after exhausting all 4 retries:

16:51:31.970 [main] INFO  software.amazon.awssdk.auth.credentials.DefaultCredentialsProviderTest - Credential file with content [[default], aws_access_key_id = modifiedAccess, aws_secret_access_key = modifiedSecret] last modified at 2024-07-19T16:51:30.463244511Z
16:51:31.976 [main] WARN  software.amazon.awssdk.auth.credentials.DefaultCredentialsProviderTest - Assertion failed, Retrying count 1
16:51:33.476 [main] INFO  software.amazon.awssdk.auth.credentials.DefaultCredentialsProviderTest - Credential file with content [[default], aws_access_key_id = modifiedAccess, aws_secret_access_key = modifiedSecret] last modified at 2024-07-19T16:51:30.463244511Z
16:51:33.478 [main] WARN  software.amazon.awssdk.auth.credentials.DefaultCredentialsProviderTest - Assertion failed, Retrying count 2
16:51:34.978 [main] INFO  software.amazon.awssdk.auth.credentials.DefaultCredentialsProviderTest - Credential file with content [[default], aws_access_key_id = modifiedAccess, aws_secret_access_key = modifiedSecret] last modified at 2024-07-19T16:51:30.463244511Z
16:51:34.979 [main] WARN  software.amazon.awssdk.auth.credentials.DefaultCredentialsProviderTest - Assertion failed, Retrying count 3
16:51:36.479 [main] INFO  software.amazon.awssdk.auth.credentials.DefaultCredentialsProviderTest - Credential file with content [[default], aws_access_key_id = modifiedAccess, aws_secret_access_key = modifiedSecret] last modified at 2024-07-19T16:51:30.463244511Z
16:51:36.481 [main] WARN  software.amazon.awssdk.auth.credentials.DefaultCredentialsProviderTest - Assertion failed, Retrying count 4
16:51:37.981 [main] INFO  software.amazon.awssdk.auth.credentials.DefaultCredentialsProviderTest - Credential file with content [[default], aws_access_key_id = modifiedAccess, aws_secret_access_key = modifiedSecret] last modified at 2024-07-19T16:51:30.463244511Z

This would need to be resolved before we are able to merge this fix.

L-Applin avatar Jul 19 '24 19:07 L-Applin

This would need to be resolved before we are able to merge this fix.

@L-Applin could you please share the link to CI build.. which would have additional logs to debug the issue further.. the ones from the PR seems to have failed because https://github.com/aws/aws-sdk-java-v2/pull/5185#issuecomment-2142508449

munendrasn avatar Jul 20 '24 14:07 munendrasn

@L-Applin @anirudh9391 would it be possible to share CI build or complete logs of the build with latest changes? The fork PR https://github.com/aws/aws-sdk-java-v2/pull/5259 doesn't have latest changes

munendrasn avatar Jul 28 '24 05:07 munendrasn

@L-Applin @anirudh9391 would it be possible to share CI build or complete logs of the build with latest changes? The fork PR #5259 doesn't have latest changes

Sure, I will rerun the tests and try to give you the logs today

L-Applin avatar Jul 31 '24 17:07 L-Applin

Here is the relevant logs for the test failure: log-events-viewer-result.txt

This test also fails locally for me, tested on java 17. Isn't it failing for you?

L-Applin avatar Jul 31 '24 18:07 L-Applin

@L-Applin Thanks for sharing the logs.

This test also fails locally for me, tested on java 17. Isn't it failing for you?

No, the tests are passing successfully in my local. I'm using Mac-Intel in my local..

From the logs, initial log when the credentials were loaded

17:37:00.067 [main] WARN  software.amazon.awssdk.utils.cache.CachedSupplier - (ProfileFileSupplier()) Retrieved value expiration is in the past (2024-07-31T17:37:00.067393195Z). Using expiration of 2024-07-31T17:37:01.067758423Z

Log related to last time file got modified

17:37:01.574 [main] INFO  software.amazon.awssdk.auth.credentials.DefaultCredentialsProviderTest - Credential file with content [[default], aws_access_key_id = modifiedAccess, aws_secret_access_key = modifiedSecret] last modified at 2024-07-31T17:37:00.065874586Z

Please notice in the past (2024-07-31T17:37:00.067393195Z) and last modified at 2024-07-31T17:37:00.065874586Z. Based on the logs, the modified time seems to be in past.. although file was updated post the refresh.. AFAIK, Files.getLastModifiedTime considers the update time of file.. which is the case in local

To check whether ProfileFile need to be refreshed, same logic is used here

Files.getLastModifiedTime(credentialsFilePath2).toInstant();

New commit include additional logs for debugging, and sleep before file modification... if this doesn't work.. other option is explicitly override the lastModifiedTime

Something on these lines, please let me know if I should update this way.. In meantime, I trying to find more info on Files.getLastModifiedTime across platforms

        Path credentialsFilePath2 = generateTestCredentialsFile(parentDirectory,"modifiedAccess", "modifiedSecret");
        Instant lastModifiedTime = Files.getLastModifiedTime(credentialsFilePath2).toInstant();
        lastModifiedTime = lastModifiedTime.plus(5, ChronoUnit.MINUTES);
        Files.setLastModifiedTime(credentialsFilePath2, FileTime.from(lastModifiedTime));

munendrasn avatar Aug 04 '24 10:08 munendrasn

No, the tests are passing successfully in my local. I'm using Mac-Intel in my local..

Huh, that interesting, I'm on mac-m1. I'm not sure what could cause this discrepancy either, i'll do some investigation on my end as well.

In the meantime, I'll re-run the unit tests Codebuild.

L-Applin avatar Aug 06 '24 14:08 L-Applin

Quality Gate Passed Quality Gate passed

Issues
3 New issues
0 Accepted issues

Measures
0 Security Hotspots
100.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

sonarqubecloud[bot] avatar Aug 06 '24 14:08 sonarqubecloud[bot]

@L-Applin Please let me know if any additional changes are required

munendrasn avatar Aug 19 '24 15:08 munendrasn

@L-Applin The build error is due to same error mentioned here

munendrasn avatar Sep 02 '24 17:09 munendrasn

Quality Gate Passed Quality Gate passed

Issues
3 New issues
0 Accepted issues

Measures
0 Security Hotspots
100.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

sonarqubecloud[bot] avatar Sep 17 '24 15:09 sonarqubecloud[bot]

@L-Applin Build failure again due to secrets not being available to PR as I have the PR from the fork.. Please let me know if anything is required from my side

munendrasn avatar Sep 24 '24 13:09 munendrasn

@L-Applin @anirudh9391 @debora-ito could you please take a look? If we are not proceeding with this change, should we consider closing the PR?

munendrasn avatar Oct 20 '24 08:10 munendrasn