feat(rt)!: kmp default credentials provider chain #491
Conversation
|
A new generated diff is ready to view: __generated-main...__generated-feat-default-provider |
|
A new generated diff is ready to view: __generated-main...__generated-feat-default-provider |
kggilmer
left a comment
kggilmer
left a comment
There was a problem hiding this comment.
Those test cases are gold. Nice work.
| } | ||
|
|
||
| override fun close() { | ||
| providers.forEach { (it as? Closeable)?.close() } |
There was a problem hiding this comment.
concern
in the case that a CredentialsProvider.close() throws an exception, we may end up with unclosed CPs. Suggest wrapping the close in a try to address.
There was a problem hiding this comment.
What should the behavior be? Should we rethrow the first? Add all as suppressed exceptions?
There was a problem hiding this comment.
Something like this?
override fun close() {
var closeEx: Throwable? = null
providers.forEach {
try {
(it as? Closeable)?.close()
}catch(ex: Exception) {
if (closeEx == null) {
closeEx = ex
}else {
closeEx!!.addSuppressed(ex)
}
}
if (closeEx != null) throw closeEx!!
}
}
There was a problem hiding this comment.
Since the throw happens inside the loop, won't that still lead to unclosed providers?
I think we want something like:
val exceptions = providers.mapNotNull {
try {
(it as? Closeable)?.close()
null
} catch (t: Throwable) {
t
}
}
if (exceptions.isNotEmpty()) {
val t = exceptions.first()
exceptions.drop(1).forEach(t::addSuppressed)
throw t
}There was a problem hiding this comment.
err whoops the throw should be outside the loop. Oddly enough I had something similar to what you are suggesting locally but opted for not allocating a list. Since you suggested it though I'm assuming you'd be in favor of it anyway. Unless anyone has an issue with it I'll just take Ian's suggestion.
| import kotlin.test.assertEquals | ||
| import kotlin.test.assertTrue | ||
|
|
||
| // TODO - refactor to make this work in common |
There was a problem hiding this comment.
question
regarding making this non-jvm, I don't see a way of doing this without platform specific file system abstractions...is there another way?
There was a problem hiding this comment.
The idea would be like a kmp version of loadResource but it requires build script support. I've seen an example in the wild but yeah it's not straightforward.
|
|
||
| // credential providers | ||
| implementation("aws.sdk.kotlin.crt:aws-crt-kotlin:$crtKotlinVersion") | ||
| implementation(project(":aws-runtime:crt-util")) |
There was a problem hiding this comment.
Question: Can any code be removed from crt-util now?
There was a problem hiding this comment.
Maybe haven't checked. A lot of crt-util supports signing
There was a problem hiding this comment.
I don't see anything that should be removed at a glance
| internal interface CrtCredentialsProvider : CredentialsProvider { | ||
| val crtProvider: CredentialsProviderCrt | ||
|
|
||
| override suspend fun getCredentials(): Credentials = crtProvider.getCredentials().toSdk() | ||
| } |
There was a problem hiding this comment.
Comment: Seems like a lot of related code can be removed from aws-crt-kotlin as well.
There was a problem hiding this comment.
We would need to discuss the plan for this. Just because SDK doesn't use them doesn't mean crt-kotlin can't support them (it is after all supposed to be bindings for crt for the language not SDK specific necessarily)
| override fun close() { | ||
| chain.close() | ||
| if (manageEngine) { | ||
| httpClientEngine.close() | ||
| } | ||
| } |
There was a problem hiding this comment.
Comment: Maybe this is part of the open changes to make regarding ownership but I'd expect a CachedCredentialsProvider to be Closeable and to close its underlying provider when closed.
There was a problem hiding this comment.
Good point. Cached provider takes ownership so that should just be fixed here probably
|
|
||
| private val manageEngine = httpClientEngine == null | ||
| private val httpClientEngine = httpClientEngine ?: CrtHttpEngine() | ||
|
|
||
| public constructor() : this(Platform) | ||
|
|
||
| private val chain = CredentialsProviderChain( |
There was a problem hiding this comment.
Nit: The secondary constructor seems like it belongs right after the primary constructor definition, not in between private vals.
|
A new generated diff is ready to view: __generated-main...__generated-feat-default-provider |
|
Kudos, SonarCloud Quality Gate passed!
|
|
A new generated diff is ready to view: __generated-main...__generated-feat-default-provider |
…ible (#469) Refactor credential providers to remove CRT dependency and make them KMP compatible. Added SSO provider to default chain. Lots of misc cleanup and improvements. * feat(rt): standalone sso credentials provider (#462) * refactor(rt)!: generated sts and sts web identity credential providers (#470) * refactor(rt)!: implement kmp ecs provider (#475) * feat(rt)!: implement kmp profile credentials provider (#478) * feat(rt)!: kmp default credentials provider chain (#491) * fix: work around machine-specific Gradle bug with aws-config variants (#496) * fix: credentials provider ownership (#498) Co-authored-by: Ian Botsford <83236726+ianbotsf@users.noreply.github.com>
3 participants
Issue #
N/A
Description of changes
fs/*is the resulting test filesystem rooted atfstest-case.jsonis the expected result of the test (specific to default chain tests)env.jsonis the test environment variables to sethttp-traffic.jsonis the request/response pair(s) that the engine expects/responds with (there are limitations currently in what can be asserted about the requests but the tests are setup that asserting the request isn't all that important. You'll either get the correct credentials or you wont)aws-configto get the right exception type(s)Notes
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.