-
Notifications
You must be signed in to change notification settings - Fork 185
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Remove unnecessary manual retrieval of AWS credentials. #5290
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good to me, please clarify the inline comment before we merge, thanks!
client_ = | ||
make_shared<TileDBS3Client>(HERE(), s3_params_, *client_config_); | ||
} else { | ||
client_ = make_shared<TileDBS3Client>( | ||
HERE(), s3_params_, credentials_provider_, *client_config_); | ||
HERE(), s3_params_, credentials_provider, *client_config_); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can you please double check that Aws::S3::S3Client
doesn't hold a raw ptr or some sort of weak ptr for credentials_provider
so we are sure the lifetime of your new local variable is extended properly?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Through several layers of indirection, the credentials provider is stored in a shared pointer.
Is there a way we can test this change manually? |
We can test it in an EC2 instance, and it's also being tested by the S3 end-to-end tests that use assume role with web identity. |
AFAIU the s3 e2e test exercises the positive path. My concern is if we tested in any way, manual or automatic, the scenarios that would hit those paths that are now removed as redundant:
Other than that the change looks ok to me. |
In your snippet I believe the The
will be replaced by this error which clearly indicates what went wrong:
You can try it yourself by running |
/backport to release-2.26 |
Started backporting to release-2.26: https://github.com/TileDB-Inc/TileDB/actions/runs/11080104176 |
@ihnorton backporting to release-2.26 failed, the patch most likely resulted in conflicts: $ git am --3way --ignore-whitespace --keep-non-patch changes.patch
Applying: Remove unnecessary manual retrieval of AWS credentials.
Applying: Make `S3::credentials_provider_` a local variable.
error: sha1 information is lacking or useless (tiledb/sm/filesystem/s3.cc).
error: could not build fake ancestor
hint: Use 'git am --show-current-patch=diff' to see the failed patch
hint: When you have resolved this problem, run "git am --continue".
hint: If you prefer to skip this patch, run "git am --skip" instead.
hint: To restore the original branch and stop patching, run "git am --abort".
hint: Disable this message with "git config advice.mergeConflict false"
Patch failed at 0002 Make `S3::credentials_provider_` a local variable.
Error: The process '/usr/bin/git' failed with exit code 128 Please backport manually! |
@ihnorton an error occurred while backporting to release-2.26, please check the run log for details! Error: git am failed, most likely due to a merge conflict. |
SC-54624
At the start of
S3::init_client()
, we try to acquire AWS credentials and fail if they are empty or have expired. This does not make much sense to do because the credentials provider is responsible for refreshing expired credentials, and this PR removes this check. After that, theS3::credentials_provider_
field was removed from the class and became a local variable because of a lack of uses.TYPE: NO_HISTORY