Skip to content

Force Refresh of credentials inside of STSCredentialProvider cache  #5545

New issue
New issue
Open
Open
Force Refresh of credentials inside of STSCredentialProvider cache #5545
Labels
feature-requestA feature should be added or improved.needs-triageThis issue or PR still needs to be triaged.
@knkamau-collab

Description

@knkamau-collab
knkamau-collab
opened on Aug 29, 2024

Describe the feature

include a public method for STSCredentialProvider that will forcefully refresh the sessionCache when called

Use Case

Credentials inside of session cache can become invalid due to a role being deleted and recreated causing InvalidClientTokenId, this will continue till new creds are fetched which can take up to 12 hours depending on configuration and in the mean time the client using the provider will be in-operational. Calling the new method will allow for an almost immediate recovery time after catching the error

loose example of recovery

try{ client call }
catch(InvalidClientTokenId e){
client.serviceClientConfiguration().credentialsProvider().asInstanceOf[StsAssumeRoleCredentialsProvider].refreshCredentials()
}

Proposed Solution

StsCredentialsProvider

public void refreshCredentials(){
        sessionCache.forceRefreshCache();
    }

CachedSupplier

public void forceRefreshCache() {
        try {
            boolean lockAcquired = refreshLock.tryLock(BLOCKING_REFRESH_MAX_WAIT.getSeconds(), TimeUnit.SECONDS);

            try {
                    log.debug(() -> "(" + cachedValueName + ") Refreshing cached value.");

                    // It wasn't, call the supplier to update it.

                    if (prefetchStrategyInitialized.compareAndSet(false, true)) {
                        prefetchStrategy.initializeCachedSupplier(this);
                    }

                    try {
                        RefreshResult<T> cachedValue = handleFetchedSuccess(prefetchStrategy.fetch(valueSupplier));
                        this.cachedValue = cachedValue;
                        log.debug(() -> "(" + cachedValueName + ") Successfully refreshed cached value. "
                                        + "Next Prefetch Time: " + cachedValue.prefetchTime() + ". "
                                        + "Next Stale Time: " + cachedValue.staleTime());
                    } catch (RuntimeException t) {
                        cachedValue = handleFetchFailure(t);
                    }
            } finally {
                if (lockAcquired) {
                    refreshLock.unlock();
                }
            }
        } catch (InterruptedException e) {
            Thread.currentThread().interrupt();
            throw new IllegalStateException("Interrupted waiting to refresh a cached value.", e);
        }
    }

Other Information

No response

Acknowledgements

  • I may be able to implement this feature request
  • This feature might incur a breaking change

AWS Java SDK version used

2.0

JDK version used

openjdk version "1.8.0_422"

Operating System and version

Amazon Linux 2 x86_64 5.10 Kernel

Metadata

Metadata

Assignees

No one assigned

    Labels

    feature-requestA feature should be added or improved.needs-triageThis issue or PR still needs to be triaged.

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions