You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@druid.apache.org by GitBox <gi...@apache.org> on 2018/11/27 20:02:32 UTC

[GitHub] leventov closed pull request #6664: Fix a race in FileSessionCredentialsProvider

leventov closed pull request #6664: Fix a race in FileSessionCredentialsProvider
URL: https://github.com/apache/incubator-druid/pull/6664
 
 
   

This is a PR merged from a forked repository.
As GitHub hides the original diff on merge, it is displayed below for
the sake of provenance:

As this is a foreign pull request (from a fork), the diff is supplied
below (as it won't show otherwise due to GitHub magic):

diff --git a/aws-common/src/main/java/org/apache/druid/common/aws/FileSessionCredentialsProvider.java b/aws-common/src/main/java/org/apache/druid/common/aws/FileSessionCredentialsProvider.java
index 3dbe64b678f..ad4000ecc11 100644
--- a/aws-common/src/main/java/org/apache/druid/common/aws/FileSessionCredentialsProvider.java
+++ b/aws-common/src/main/java/org/apache/druid/common/aws/FileSessionCredentialsProvider.java
@@ -24,27 +24,29 @@
 import com.amazonaws.auth.AWSSessionCredentials;
 import org.apache.druid.java.util.common.concurrent.Execs;
 
-import java.io.File;
-import java.io.FileInputStream;
 import java.io.IOException;
 import java.io.InputStream;
+import java.nio.file.Files;
+import java.nio.file.Paths;
 import java.util.Properties;
 import java.util.concurrent.ScheduledExecutorService;
 import java.util.concurrent.TimeUnit;
 
 public class FileSessionCredentialsProvider implements AWSCredentialsProvider
 {
-  private final String sessionCredentials;
-  private volatile String sessionToken;
-  private volatile String accessKey;
-  private volatile String secretKey;
-
   private final ScheduledExecutorService scheduler =
       Execs.scheduledSingleThreaded("FileSessionCredentialsProviderRefresh-%d");
+  private final String sessionCredentialsFile;
+
+  /**
+   * This field doesn't need to be volatile. From the Java Memory Model point of view, volatile on this field changes
+   * nothing and doesn't provide any extra guarantees.
+   */
+  private AWSSessionCredentials awsSessionCredentials;
 
-  public FileSessionCredentialsProvider(String sessionCredentials)
+  public FileSessionCredentialsProvider(String sessionCredentialsFile)
   {
-    this.sessionCredentials = sessionCredentials;
+    this.sessionCredentialsFile = sessionCredentialsFile;
     refresh();
 
     scheduler.scheduleAtFixedRate(this::refresh, 1, 1, TimeUnit.HOURS); // refresh every hour
@@ -53,26 +55,7 @@ public FileSessionCredentialsProvider(String sessionCredentials)
   @Override
   public AWSCredentials getCredentials()
   {
-    return new AWSSessionCredentials()
-    {
-      @Override
-      public String getSessionToken()
-      {
-        return sessionToken;
-      }
-
-      @Override
-      public String getAWSAccessKeyId()
-      {
-        return accessKey;
-      }
-
-      @Override
-      public String getAWSSecretKey()
-      {
-        return secretKey;
-      }
-    };
+    return awsSessionCredentials;
   }
 
   @Override
@@ -80,16 +63,50 @@ public void refresh()
   {
     try {
       Properties props = new Properties();
-      InputStream is = new FileInputStream(new File(sessionCredentials));
-      props.load(is);
-      is.close();
+      try (InputStream is = Files.newInputStream(Paths.get(sessionCredentialsFile))) {
+        props.load(is);
+      }
+
+      String sessionToken = props.getProperty("sessionToken");
+      String accessKey = props.getProperty("accessKey");
+      String secretKey = props.getProperty("secretKey");
 
-      sessionToken = props.getProperty("sessionToken");
-      accessKey = props.getProperty("accessKey");
-      secretKey = props.getProperty("secretKey");
+      awsSessionCredentials = new Credentials(sessionToken, accessKey, secretKey);
     }
     catch (IOException e) {
       throw new RuntimeException("cannot refresh AWS credentials", e);
     }
   }
+
+  private static class Credentials implements AWSSessionCredentials
+  {
+    private final String sessionToken;
+    private final String accessKey;
+    private final String secretKey;
+
+    private Credentials(String sessionToken, String accessKey, String secretKey)
+    {
+      this.sessionToken = sessionToken;
+      this.accessKey = accessKey;
+      this.secretKey = secretKey;
+    }
+
+    @Override
+    public String getSessionToken()
+    {
+      return sessionToken;
+    }
+
+    @Override
+    public String getAWSAccessKeyId()
+    {
+      return accessKey;
+    }
+
+    @Override
+    public String getAWSSecretKey()
+    {
+      return secretKey;
+    }
+  }
 }


 

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services

---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@druid.apache.org
For additional commands, e-mail: commits-help@druid.apache.org