Skip to content

Fix a race in FileSessionCredentialsProvider #6664

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
leventov merged 3 commits into from
Nov 27, 2018
Merged

Fix a race in FileSessionCredentialsProvider #6664

Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
38836ec
Fix a race in FileSessionCredentialsProvider
leventov Nov 27, 2018
d1685dc
Comment
leventov Nov 27, 2018
3a5b3e9
word choice
leventov Nov 27, 2018
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
87 changes: 52 additions & 35 deletions aws-common/src/main/java/org/apache/druid/common/aws/FileSessionCredentialsProvider.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,27 +24,29 @@
import com.amazonaws.auth.AWSSessionCredentials;
import org.apache.druid.java.util.common.concurrent.Execs;

import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.nio.file.Files;
import java.nio.file.Paths;
import java.util.Properties;
import java.util.concurrent.ScheduledExecutorService;
import java.util.concurrent.TimeUnit;

public class FileSessionCredentialsProvider implements AWSCredentialsProvider
{
private final String sessionCredentials;
private volatile String sessionToken;
private volatile String accessKey;
private volatile String secretKey;

private final ScheduledExecutorService scheduler =
Execs.scheduledSingleThreaded("FileSessionCredentialsProviderRefresh-%d");
private final String sessionCredentialsFile;

/**
* This field doesn't need to be volatile. From the Java Memory Model point of view, volatile on this field changes
* nothing and doesn't provide any extra guarantees.
*/
private AWSSessionCredentials awsSessionCredentials;

public FileSessionCredentialsProvider(String sessionCredentials)
public FileSessionCredentialsProvider(String sessionCredentialsFile)
{
this.sessionCredentials = sessionCredentials;
this.sessionCredentialsFile = sessionCredentialsFile;
refresh();

scheduler.scheduleAtFixedRate(this::refresh, 1, 1, TimeUnit.HOURS); // refresh every hour
Expand All @@ -53,43 +55,58 @@ public FileSessionCredentialsProvider(String sessionCredentials)
@Override
public AWSCredentials getCredentials()
{
return new AWSSessionCredentials()
{
@Override
public String getSessionToken()
{
return sessionToken;
}

@Override
public String getAWSAccessKeyId()
{
return accessKey;
}

@Override
public String getAWSSecretKey()
{
return secretKey;
}
};
return awsSessionCredentials;
}

@Override
public void refresh()
{
try {
Properties props = new Properties();
InputStream is = new FileInputStream(new File(sessionCredentials));
props.load(is);
is.close();
try (InputStream is = Files.newInputStream(Paths.get(sessionCredentialsFile))) {
props.load(is);
}

String sessionToken = props.getProperty("sessionToken");
String accessKey = props.getProperty("accessKey");
String secretKey = props.getProperty("secretKey");

sessionToken = props.getProperty("sessionToken");
accessKey = props.getProperty("accessKey");
secretKey = props.getProperty("secretKey");
awsSessionCredentials = new Credentials(sessionToken, accessKey, secretKey);
}
catch (IOException e) {
throw new RuntimeException("cannot refresh AWS credentials", e);
}
}

private static class Credentials implements AWSSessionCredentials
{
private final String sessionToken;
private final String accessKey;
private final String secretKey;

private Credentials(String sessionToken, String accessKey, String secretKey)
{
this.sessionToken = sessionToken;
this.accessKey = accessKey;
this.secretKey = secretKey;
}

@Override
public String getSessionToken()
{
return sessionToken;
}

@Override
public String getAWSAccessKeyId()
{
return accessKey;
}

@Override
public String getAWSSecretKey()
{
return secretKey;
}
}
}