Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Force Refresh of credentials inside of STSCredentialProvider cache #5545

Open
2 tasks done
knkamau-collab opened this issue Aug 29, 2024 · 0 comments
Open
2 tasks done

Force Refresh of credentials inside of STSCredentialProvider cache #5545

knkamau-collab opened this issue Aug 29, 2024 · 0 comments
Labels
feature-request A feature should be added or improved. needs-triage This issue or PR still needs to be triaged.

Comments

@knkamau-collab
Copy link

knkamau-collab commented Aug 29, 2024
edited
Loading

Describe the feature

include a public method for STSCredentialProvider that will forcefully refresh the sessionCache when called

Use Case

Credentials inside of session cache can become invalid due to a role being deleted and recreated causing InvalidClientTokenId, this will continue till new creds are fetched which can take up to 12 hours depending on configuration and in the mean time the client using the provider will be in-operational. Calling the new method will allow for an almost immediate recovery time after catching the error

loose example of recovery

try{ client call }
catch(InvalidClientTokenId e){
client.serviceClientConfiguration().credentialsProvider().asInstanceOf[StsAssumeRoleCredentialsProvider].refreshCredentials()
}

Proposed Solution

StsCredentialsProvider

public void refreshCredentials(){
        sessionCache.forceRefreshCache();
    }

CachedSupplier

public void forceRefreshCache() {
        try {
            boolean lockAcquired = refreshLock.tryLock(BLOCKING_REFRESH_MAX_WAIT.getSeconds(), TimeUnit.SECONDS);

            try {
                    log.debug(() -> "(" + cachedValueName + ") Refreshing cached value.");

                    // It wasn't, call the supplier to update it.

                    if (prefetchStrategyInitialized.compareAndSet(false, true)) {
                        prefetchStrategy.initializeCachedSupplier(this);
                    }

                    try {
                        RefreshResult<T> cachedValue = handleFetchedSuccess(prefetchStrategy.fetch(valueSupplier));
                        this.cachedValue = cachedValue;
                        log.debug(() -> "(" + cachedValueName + ") Successfully refreshed cached value. "
                                        + "Next Prefetch Time: " + cachedValue.prefetchTime() + ". "
                                        + "Next Stale Time: " + cachedValue.staleTime());
                    } catch (RuntimeException t) {
                        cachedValue = handleFetchFailure(t);
                    }
            } finally {
                if (lockAcquired) {
                    refreshLock.unlock();
                }
            }
        } catch (InterruptedException e) {
            Thread.currentThread().interrupt();
            throw new IllegalStateException("Interrupted waiting to refresh a cached value.", e);
        }
    }

Other Information

No response

Acknowledgements

  • I may be able to implement this feature request
  • This feature might incur a breaking change

AWS Java SDK version used

2.0

JDK version used

openjdk version "1.8.0_422"

Operating System and version

Amazon Linux 2 x86_64 5.10 Kernel
@knkamau-collab knkamau-collab added feature-request A feature should be added or improved. needs-triage This issue or PR still needs to be triaged. labels Aug 29, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
feature-request A feature should be added or improved. needs-triage This issue or PR still needs to be triaged.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@knkamau-collab