You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@jclouds.apache.org by "Ignasi Barrera (JIRA)" <ji...@apache.org> on 2017/07/13 08:19:00 UTC

[jira] [Commented] (JCLOUDS-1319) CredentialStore leaking

    [ https://issues.apache.org/jira/browse/JCLOUDS-1319?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16085350#comment-16085350 ] 

Ignasi Barrera commented on JCLOUDS-1319:
-----------------------------------------

Related discussion here: https://github.com/jclouds/jclouds/pull/1119

> CredentialStore leaking
> -----------------------
>
>                 Key: JCLOUDS-1319
>                 URL: https://issues.apache.org/jira/browse/JCLOUDS-1319
>             Project: jclouds
>          Issue Type: Bug
>            Reporter: Graeme Miller
>            Priority: Critical
>
> The class CredentialStoreModule provides a CredentialStore to various ComputeServices through the method provideCredentialStore. provideCredentialStore creates the map using a backing map called BACKING that is defined statically in CredentialStoreModule. What this means is that although we are calling provideCredentialStore on the creation of each ComputeService, we are sharing a map over ComputeServices. This may very well be a deliberate design decision, I am not sure, but it is important to the bug I am seeing.
> An issue arrises due to the class GetLoginForProviderFromPropertiesAndStoreCredentialsOrReturnNull. This class is used to provide default LoginCredentials when creating a ComputeService. It checks the CredentialStore, and if there is nothing in it, it will create the LoginCredentials and store them in the CredentialStore with a key called 'image'. The problem is that the class GetLoginForProviderFromPropertiesAndStoreCredentialsOrReturnNull is used by multiple providers so they all use the key 'image'. 
> So, if you create a ComputeService for Azure ARM and then later one for AWS it will use the LoginCredentials created for Azure ARM in the AWS ComputeService. This causes an issue as these LoginCredentials are used in EC2PopulateDefaultLoginCredentialsForImageStrategy to get the default user to log in as. Azure ARM chooses jclouds as the default user, whereas AWS chooses root. If you therefore create the Azure context and then the AWS context you will end up using the wrong ssh user for AWS.
> Solutions:
> *) don't share CredentialStore across ComputerServices
> *) Store the LoginCredentials in the map against a key with the provider name in it. 
> *) Don't store the LoginCredentials in the map at all, create it every time



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)