Replace credentials cache with identity cache #3077
Conversation
|
A new generated diff is ready to view.
A new doc preview is ready to view. |
|
A new generated diff is ready to view.
A new doc preview is ready to view. |
|
A new generated diff is ready to view.
A new doc preview is ready to view. |
|
A new generated diff is ready to view.
A new doc preview is ready to view. |
|
A new generated diff is ready to view.
A new doc preview is ready to view. |
|
A new generated diff is ready to view.
A new doc preview is ready to view. |
| @@ -827,35 +834,5 @@ mod loader { | |||
| let num_requests = num_requests.load(Ordering::Relaxed); | |||
| assert!(num_requests > 0, "{}", num_requests); | |||
| } | |||
|
|
|||
| #[tokio::test] | |||
| async fn time_source_is_passed() { | |||
There was a problem hiding this comment.
Is this test no longer applicable or did it not add much value in the first place?
There was a problem hiding this comment.
The time source and sleep aren't stored in the cache anymore, but rather, are passed in on every cache request. So there's nothing to test here.
| /// | ||
| /// This trait can be used to validate that certain required components or config values | ||
| /// are available, and provide an error with helpful instructions if they are not. | ||
| pub trait ValidateConfig: fmt::Debug + Send + Sync { |
There was a problem hiding this comment.
This is great. Love the idea of having a centralized place for validating config 🎉
Yes. They're completely isolated from each other in config now. |
| let token = match preloaded_token { | ||
| Some(token) => Ok(token), | ||
| Some(token) => { | ||
| tracing::debug!( |
There was a problem hiding this comment.
we probably want this at trace
| @@ -102,6 +102,12 @@ pub use aws_types::{ | |||
| /// Load default sources for all configuration with override support | |||
| pub use loader::ConfigLoader; | |||
|
|
|||
| /// Types for configuring identity caching. | |||
| pub mod identity { | |||
| pub use aws_smithy_runtime::client::identity::IdentityCache; | |||
There was a problem hiding this comment.
any issue with the re-export aws_smithy_runtime here?
There was a problem hiding this comment.
I don't think it belongs in aws-smithy-runtime-api since that crate is intended for library authors, and concrete built-in identity cache implementations aren't needed for that. So that leaves us with two options: 1. put them in aws-smithy-runtime, or 2. create a new crate for them.
I opted to go for 1, but that probably means we have to make aws-smithy-runtime a stable crate.
| /// Override the credentials cache used to build [`SdkConfig`](aws_types::SdkConfig). | ||
| /// Override the identity cache used to build [`SdkConfig`](aws_types::SdkConfig). | ||
| /// | ||
| /// The identity cache caches credentials and SSO tokens. By default, a lazy cache is used |
| /// // change the load timeout to 10 seconds | ||
| /// .load_timeout(Duration::from_secs(10)) |
There was a problem hiding this comment.
may want to note that there may be other timeouts that could trigger
| /// .load() | ||
| /// .await; | ||
| /// # } | ||
| /// ``` | ||
| pub fn credentials_cache(mut self, credentials_cache: CredentialsCache) -> Self { |
There was a problem hiding this comment.
deprecate credentials_cache and leave a breadcrumb?
| @@ -44,6 +44,7 @@ pub struct InterceptorError { | |||
|
|
|||
| impl InterceptorError { | |||
| interceptor_error_fn!(read_before_execution => ReadBeforeExecution (with source)); | |||
| interceptor_error_fn!(read_after_configuration => ReadAfterConfiguration (with source)); | |||
There was a problem hiding this comment.
did you still mean to add this error? I could be searching badly but I don't see it used
There was a problem hiding this comment.
Nope. I meant to remove this. Good catch!
| @@ -187,6 +187,8 @@ impl AuthScheme for SharedAuthScheme { | |||
| } | |||
| } | |||
|
|
|||
| impl ValidateConfig for SharedAuthScheme {} | |||
There was a problem hiding this comment.
should these be delegating to their inner members? (either now or eventially)
There was a problem hiding this comment.
Eventually, yes. I figure we'll add them as they're needed.
|
|
||
| #[derive(Clone)] | ||
| enum ValidatorInner { | ||
| BaseConfigStaticFn(fn(&RuntimeComponentsBuilder, &ConfigBag) -> Result<(), BoxError>), |
There was a problem hiding this comment.
not sure it's worth having the two variants—I think you could turn one into the other during construction?
doesn't really matter anyway though—it's private.
There was a problem hiding this comment.
I was just avoiding unnecessary allocation.
| /// Creates a base client validator from a function. | ||
| pub fn base_client_config_fn( |
| tracing::trace!(concat!( | ||
| "running `", | ||
| stringify!($interceptor), | ||
| "` interceptors" | ||
| )); | ||
| let mut result: Result<(), (&str, BoxError)> = Ok(()); |
There was a problem hiding this comment.
if we logging here, may be nice to log how many too
There was a problem hiding this comment.
We don't actually know the count until we've looped over them since we only have an iterator here.
|
A new generated diff is ready to view.
A new doc preview is ready to view. |
…only at operation level (#3156) ## Motivation and Context Fixes awslabs/aws-sdk-rust#901 ## Description This PR is a rework of #3021 whose fix was inadvertently discarded during #3077. The way we fix the issue is slightly different. In this PR, we add an identity resolver to runtime components within `set_credentials_provider`, instead of using `ServiceConfig.OperationConfigOverride`. ## Testing Added a Kotlin integration test to `CredentialProviderConfigTest.kt` based on the customer reported issue. ## Checklist <!--- If a checkbox below is not applicable, then please DELETE it rather than leaving it unchecked --> - [x] I have updated `CHANGELOG.next.toml` if I made changes to the AWS SDK, generated SDK code, or SDK runtime crates ---- _By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice._
…only at operation level (#3156) Fixes awslabs/aws-sdk-rust#901 This PR is a rework of #3021 whose fix was inadvertently discarded during #3077. The way we fix the issue is slightly different. In this PR, we add an identity resolver to runtime components within `set_credentials_provider`, instead of using `ServiceConfig.OperationConfigOverride`. Added a Kotlin integration test to `CredentialProviderConfigTest.kt` based on the customer reported issue. <!--- If a checkbox below is not applicable, then please DELETE it rather than leaving it unchecked --> - [x] I have updated `CHANGELOG.next.toml` if I made changes to the AWS SDK, generated SDK code, or SDK runtime crates ---- _By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice._
…only at operation level (#3156) Fixes awslabs/aws-sdk-rust#901 This PR is a rework of #3021 whose fix was inadvertently discarded during #3077. The way we fix the issue is slightly different. In this PR, we add an identity resolver to runtime components within `set_credentials_provider`, instead of using `ServiceConfig.OperationConfigOverride`. Added a Kotlin integration test to `CredentialProviderConfigTest.kt` based on the customer reported issue. <!--- If a checkbox below is not applicable, then please DELETE it rather than leaving it unchecked --> - [x] I have updated `CHANGELOG.next.toml` if I made changes to the AWS SDK, generated SDK code, or SDK runtime crates ---- _By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice._
This PR replaces the credentials cache with the new identity cache, and adds config validation via the
SharedConfigValidatorruntime component andValidateConfigtrait.By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.