You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@nifi.apache.org by ad...@apache.org on 2021/05/13 11:42:48 UTC
[nifi-minifi-cpp] branch main updated: MINIFICPP-1556 Fix partial credential setting in AWSCredentialsService

This is an automated email from the ASF dual-hosted git repository.

adebreceni pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/nifi-minifi-cpp.git


The following commit(s) were added to refs/heads/main by this push:
     new 062fd37  MINIFICPP-1556 Fix partial credential setting in AWSCredentialsService
062fd37 is described below

commit 062fd37ab5aaa6ef0e809a64dc4122f681c02ae9
Author: Gabor Gyimesi <ga...@gmail.com>
AuthorDate: Thu May 13 13:39:00 2021 +0200

    MINIFICPP-1556 Fix partial credential setting in AWSCredentialsService
    
    Signed-off-by: Adam Debreceni <ad...@apache.org>
    
    This closes #1070
---
 .../controllerservices/AWSCredentialsService.cpp   | 33 ++++++++++------------
 .../aws/controllerservices/AWSCredentialsService.h |  7 ++---
 extensions/aws/processors/S3Processor.cpp          | 26 +++++++++--------
 .../test/aws-tests/AWSCredentialsServiceTest.cpp   | 13 +++++----
 libminifi/test/aws-tests/PutS3ObjectTests.cpp      | 19 ++++++++++---
 libminifi/test/aws-tests/S3TestsFixture.h          |  2 ++
 6 files changed, 56 insertions(+), 44 deletions(-)

diff --git a/extensions/aws/controllerservices/AWSCredentialsService.cpp b/extensions/aws/controllerservices/AWSCredentialsService.cpp
index 439f57b..4525420 100644
--- a/extensions/aws/controllerservices/AWSCredentialsService.cpp
+++ b/extensions/aws/controllerservices/AWSCredentialsService.cpp
@@ -61,29 +61,26 @@ void AWSCredentialsService::initialize() {
 
 void AWSCredentialsService::onEnable() {
   std::string value;
-  getProperty(AccessKey.getName(), value);
-  aws_credentials_provider_.setAccessKey(value);
-  getProperty(SecretKey.getName(), value);
-  aws_credentials_provider_.setSecretKey(value);
-  getProperty(CredentialsFile.getName(), value);
-  aws_credentials_provider_.setCredentialsFile(value);
+  if (getProperty(AccessKey.getName(), value)) {
+    aws_credentials_provider_.setAccessKey(value);
+  }
+  if (getProperty(SecretKey.getName(), value)) {
+    aws_credentials_provider_.setSecretKey(value);
+  }
+  if (getProperty(CredentialsFile.getName(), value)) {
+    aws_credentials_provider_.setCredentialsFile(value);
+  }
   bool use_default_credentials = false;
-  getProperty(UseDefaultCredentials.getName(), use_default_credentials);
-  aws_credentials_provider_.setUseDefaultCredentials(use_default_credentials);
-}
-
-Aws::Auth::AWSCredentials AWSCredentialsService::getAWSCredentials() {
-  if (aws_credentials_.IsExpiredOrEmpty()) {
-    cacheCredentials();
+  if (getProperty(UseDefaultCredentials.getName(), use_default_credentials)) {
+    aws_credentials_provider_.setUseDefaultCredentials(use_default_credentials);
   }
-  return aws_credentials_;
 }
 
-void AWSCredentialsService::cacheCredentials() {
-  auto aws_credentials_result = aws_credentials_provider_.getAWSCredentials();
-  if (aws_credentials_result) {
-    aws_credentials_ = aws_credentials_result.value();
+minifi::utils::optional<Aws::Auth::AWSCredentials> AWSCredentialsService::getAWSCredentials() {
+  if (!aws_credentials_ || aws_credentials_->IsExpiredOrEmpty()) {
+    aws_credentials_ = aws_credentials_provider_.getAWSCredentials();
   }
+  return aws_credentials_;
 }
 
 }  // namespace controllers
diff --git a/extensions/aws/controllerservices/AWSCredentialsService.h b/extensions/aws/controllerservices/AWSCredentialsService.h
index 22d29fd..b38b54f 100644
--- a/extensions/aws/controllerservices/AWSCredentialsService.h
+++ b/extensions/aws/controllerservices/AWSCredentialsService.h
@@ -24,6 +24,7 @@
 #include "aws/core/auth/AWSCredentials.h"
 
 #include "utils/AWSInitializer.h"
+#include "utils/OptionalUtils.h"
 #include "core/Resource.h"
 #include "core/controller/ControllerService.h"
 #include "core/logging/LoggerConfiguration.h"
@@ -68,15 +69,13 @@ class AWSCredentialsService : public core::controller::ControllerService {
 
   void onEnable() override;
 
-  Aws::Auth::AWSCredentials getAWSCredentials();
+  minifi::utils::optional<Aws::Auth::AWSCredentials> getAWSCredentials();
 
  private:
   friend class ::AWSCredentialsServiceTestAccessor;
 
-  void cacheCredentials();
-
   const utils::AWSInitializer& AWS_INITIALIZER = utils::AWSInitializer::get();
-  Aws::Auth::AWSCredentials aws_credentials_;
+  minifi::utils::optional<Aws::Auth::AWSCredentials> aws_credentials_;
   AWSCredentialsProvider aws_credentials_provider_;
 };
 
diff --git a/extensions/aws/processors/S3Processor.cpp b/extensions/aws/processors/S3Processor.cpp
index 52bdc2f..d8cfa33 100644
--- a/extensions/aws/processors/S3Processor.cpp
+++ b/extensions/aws/processors/S3Processor.cpp
@@ -147,7 +147,7 @@ minifi::utils::optional<Aws::Auth::AWSCredentials> S3Processor::getAWSCredential
     return minifi::utils::nullopt;
   }
 
-  return minifi::utils::make_optional<Aws::Auth::AWSCredentials>(aws_credentials_service->getAWSCredentials());
+  return aws_credentials_service->getAWSCredentials();
 }
 
 minifi::utils::optional<Aws::Auth::AWSCredentials> S3Processor::getAWSCredentials(
@@ -159,19 +159,21 @@ minifi::utils::optional<Aws::Auth::AWSCredentials> S3Processor::getAWSCredential
     return service_cred.value();
   }
 
-  std::string access_key;
-  context->getProperty(AccessKey, access_key, flow_file);
   aws::AWSCredentialsProvider aws_credentials_provider;
-  aws_credentials_provider.setAccessKey(access_key);
-  std::string secret_key;
-  context->getProperty(SecretKey, secret_key, flow_file);
-  aws_credentials_provider.setSecretKey(secret_key);
-  std::string credential_file;
-  context->getProperty(CredentialsFile.getName(), credential_file);
-  aws_credentials_provider.setCredentialsFile(credential_file);
+  std::string value;
+  if (context->getProperty(AccessKey, value, flow_file)) {
+    aws_credentials_provider.setAccessKey(value);
+  }
+  if (context->getProperty(SecretKey, value, flow_file)) {
+    aws_credentials_provider.setSecretKey(value);
+  }
+  if (context->getProperty(CredentialsFile.getName(), value)) {
+    aws_credentials_provider.setCredentialsFile(value);
+  }
   bool use_default_credentials = false;
-  context->getProperty(UseDefaultCredentials.getName(), use_default_credentials);
-  aws_credentials_provider.setUseDefaultCredentials(use_default_credentials);
+  if (context->getProperty(UseDefaultCredentials.getName(), use_default_credentials)) {
+    aws_credentials_provider.setUseDefaultCredentials(use_default_credentials);
+  }
 
   return aws_credentials_provider.getAWSCredentials();
 }
diff --git a/libminifi/test/aws-tests/AWSCredentialsServiceTest.cpp b/libminifi/test/aws-tests/AWSCredentialsServiceTest.cpp
index 27e4353..e6d8aba 100644
--- a/libminifi/test/aws-tests/AWSCredentialsServiceTest.cpp
+++ b/libminifi/test/aws-tests/AWSCredentialsServiceTest.cpp
@@ -53,14 +53,15 @@ TEST_CASE_METHOD(AWSCredentialsServiceTestAccessor, "Test expired credentials ar
   auto aws_credentials_impl = std::static_pointer_cast<minifi::aws::controllers::AWSCredentialsService>(aws_credentials_service->getControllerServiceImplementation());
 
   // Check intial credentials
-  REQUIRE(aws_credentials_impl->getAWSCredentials().GetAWSAccessKeyId() == "key");
-  REQUIRE(aws_credentials_impl->getAWSCredentials().GetAWSSecretKey() == "secret");
-  REQUIRE(!aws_credentials_impl->getAWSCredentials().IsExpired());
+  REQUIRE(aws_credentials_impl->getAWSCredentials());
+  REQUIRE(aws_credentials_impl->getAWSCredentials()->GetAWSAccessKeyId() == "key");
+  REQUIRE(aws_credentials_impl->getAWSCredentials()->GetAWSSecretKey() == "secret");
+  REQUIRE_FALSE(aws_credentials_impl->getAWSCredentials()->IsExpired());
 
   // Expire credentials
-  get_aws_credentials_(*aws_credentials_impl).SetExpiration(Aws::Utils::DateTime(0.0));
-  REQUIRE(get_aws_credentials_(*aws_credentials_impl).IsExpired());
+  get_aws_credentials_(*aws_credentials_impl)->SetExpiration(Aws::Utils::DateTime(0.0));
+  REQUIRE(get_aws_credentials_(*aws_credentials_impl)->IsExpired());
 
   // Check for credential refresh
-  REQUIRE(!aws_credentials_impl->getAWSCredentials().IsExpired());
+  REQUIRE_FALSE(aws_credentials_impl->getAWSCredentials()->IsExpired());
 }
diff --git a/libminifi/test/aws-tests/PutS3ObjectTests.cpp b/libminifi/test/aws-tests/PutS3ObjectTests.cpp
index b091ac3..868dbcc 100644
--- a/libminifi/test/aws-tests/PutS3ObjectTests.cpp
+++ b/libminifi/test/aws-tests/PutS3ObjectTests.cpp
@@ -34,10 +34,10 @@ class PutS3ObjectTestsFixture : public FlowProcessorS3TestsFixture<minifi::aws::
   }
 
   void checkEmptyPutObjectResults() {
-    REQUIRE(!LogTestController::getInstance().contains("key:s3.version value:", std::chrono::seconds(0), std::chrono::milliseconds(0)));
-    REQUIRE(!LogTestController::getInstance().contains("key:s3.etag value:", std::chrono::seconds(0), std::chrono::milliseconds(0)));
-    REQUIRE(!LogTestController::getInstance().contains("key:s3.expiration value:", std::chrono::seconds(0), std::chrono::milliseconds(0)));
-    REQUIRE(!LogTestController::getInstance().contains("key:s3.sseAlgorithm value:", std::chrono::seconds(0), std::chrono::milliseconds(0)));
+    REQUIRE_FALSE(LogTestController::getInstance().contains("key:s3.version value:", std::chrono::seconds(0), std::chrono::milliseconds(0)));
+    REQUIRE_FALSE(LogTestController::getInstance().contains("key:s3.etag value:", std::chrono::seconds(0), std::chrono::milliseconds(0)));
+    REQUIRE_FALSE(LogTestController::getInstance().contains("key:s3.expiration value:", std::chrono::seconds(0), std::chrono::milliseconds(0)));
+    REQUIRE_FALSE(LogTestController::getInstance().contains("key:s3.sseAlgorithm value:", std::chrono::seconds(0), std::chrono::milliseconds(0)));
   }
 };
 
@@ -107,6 +107,17 @@ TEST_CASE_METHOD(PutS3ObjectTestsFixture, "Test required property not set", "[aw
   REQUIRE_THROWS_AS(test_controller.runSession(plan, true), minifi::Exception&);
 }
 
+TEST_CASE_METHOD(PutS3ObjectTestsFixture, "Test incomplete credentials in credentials service", "[awsS3Config]") {
+  setBucket();
+  plan->setProperty(aws_credentials_service, "Secret Key", "secret");
+  setCredentialsService();
+  REQUIRE_THROWS_AS(test_controller.runSession(plan, true), minifi::Exception&);
+  REQUIRE(verifyLogLinePresenceInPollTime(std::chrono::seconds(3), "AWS Credentials have not been set!"));
+
+  // Test that no invalid credentials file was set from previous properties
+  REQUIRE_FALSE(LogTestController::getInstance().contains("load configure file failed", std::chrono::seconds(0), std::chrono::milliseconds(0)));
+}
+
 TEST_CASE_METHOD(PutS3ObjectTestsFixture, "Check default client configuration", "[awsS3ClientConfig]") {
   setRequiredProperties();
   test_controller.runSession(plan, true);
diff --git a/libminifi/test/aws-tests/S3TestsFixture.h b/libminifi/test/aws-tests/S3TestsFixture.h
index 262e0e5..d363c51 100644
--- a/libminifi/test/aws-tests/S3TestsFixture.h
+++ b/libminifi/test/aws-tests/S3TestsFixture.h
@@ -29,6 +29,7 @@
 #include "utils/file/FileUtils.h"
 #include "MockS3RequestSender.h"
 #include "utils/TestUtils.h"
+#include "AWSCredentialsProvider.h"
 
 using org::apache::nifi::minifi::utils::createTempDir;
 
@@ -52,6 +53,7 @@ class S3TestsFixture {
     LogTestController::getInstance().setTrace<minifi::core::ProcessSession>();
     LogTestController::getInstance().setDebug<processors::LogAttribute>();
     LogTestController::getInstance().setTrace<T>();
+    LogTestController::getInstance().setDebug<minifi::aws::AWSCredentialsProvider>();
 
     // Build MiNiFi processing graph
     plan = test_controller.createPlan();