You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@nifi.apache.org by ab...@apache.org on 2021/05/10 23:28:14 UTC

[nifi-minifi-cpp] 01/02: MINIFICPP-1553 Support credential refresh in AWSCredentialsService

This is an automated email from the ASF dual-hosted git repository.

aboda pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/nifi-minifi-cpp.git

commit f285b88da04c2895d69f292c95518ef6579958d3
Author: Gabor Gyimesi <ga...@gmail.com>
AuthorDate: Fri Apr 30 17:30:44 2021 +0200

    MINIFICPP-1553 Support credential refresh in AWSCredentialsService
    
    Add test for credential refresh
    
    Signed-off-by: Arpad Boda <ab...@apache.org>
    
    This closes #1067
---
 .../controllerservices/AWSCredentialsService.cpp   | 26 ++++++---
 .../aws/controllerservices/AWSCredentialsService.h | 14 ++---
 .../test/aws-tests/AWSCredentialsServiceTest.cpp   | 66 ++++++++++++++++++++++
 3 files changed, 91 insertions(+), 15 deletions(-)

diff --git a/extensions/aws/controllerservices/AWSCredentialsService.cpp b/extensions/aws/controllerservices/AWSCredentialsService.cpp
index 2f9477e..439f57b 100644
--- a/extensions/aws/controllerservices/AWSCredentialsService.cpp
+++ b/extensions/aws/controllerservices/AWSCredentialsService.cpp
@@ -60,16 +60,26 @@ void AWSCredentialsService::initialize() {
 }
 
 void AWSCredentialsService::onEnable() {
-  getProperty(AccessKey.getName(), access_key_);
-  getProperty(SecretKey.getName(), secret_key_);
-  getProperty(CredentialsFile.getName(), credentials_file_);
-  getProperty(UseDefaultCredentials.getName(), use_default_credentials_);
+  std::string value;
+  getProperty(AccessKey.getName(), value);
+  aws_credentials_provider_.setAccessKey(value);
+  getProperty(SecretKey.getName(), value);
+  aws_credentials_provider_.setSecretKey(value);
+  getProperty(CredentialsFile.getName(), value);
+  aws_credentials_provider_.setCredentialsFile(value);
+  bool use_default_credentials = false;
+  getProperty(UseDefaultCredentials.getName(), use_default_credentials);
+  aws_credentials_provider_.setUseDefaultCredentials(use_default_credentials);
+}
 
-  aws_credentials_provider_.setAccessKey(access_key_);
-  aws_credentials_provider_.setSecretKey(secret_key_);
-  aws_credentials_provider_.setCredentialsFile(credentials_file_);
-  aws_credentials_provider_.setUseDefaultCredentials(use_default_credentials_);
+Aws::Auth::AWSCredentials AWSCredentialsService::getAWSCredentials() {
+  if (aws_credentials_.IsExpiredOrEmpty()) {
+    cacheCredentials();
+  }
+  return aws_credentials_;
+}
 
+void AWSCredentialsService::cacheCredentials() {
   auto aws_credentials_result = aws_credentials_provider_.getAWSCredentials();
   if (aws_credentials_result) {
     aws_credentials_ = aws_credentials_result.value();
diff --git a/extensions/aws/controllerservices/AWSCredentialsService.h b/extensions/aws/controllerservices/AWSCredentialsService.h
index 0551b5b..22d29fd 100644
--- a/extensions/aws/controllerservices/AWSCredentialsService.h
+++ b/extensions/aws/controllerservices/AWSCredentialsService.h
@@ -29,6 +29,8 @@
 #include "core/logging/LoggerConfiguration.h"
 #include "AWSCredentialsProvider.h"
 
+class AWSCredentialsServiceTestAccessor;
+
 namespace org {
 namespace apache {
 namespace nifi {
@@ -66,16 +68,14 @@ class AWSCredentialsService : public core::controller::ControllerService {
 
   void onEnable() override;
 
-  Aws::Auth::AWSCredentials getAWSCredentials() {
-    return aws_credentials_;
-  }
+  Aws::Auth::AWSCredentials getAWSCredentials();
 
  private:
+  friend class ::AWSCredentialsServiceTestAccessor;
+
+  void cacheCredentials();
+
   const utils::AWSInitializer& AWS_INITIALIZER = utils::AWSInitializer::get();
-  std::string access_key_;
-  std::string secret_key_;
-  std::string credentials_file_;
-  bool use_default_credentials_ = false;
   Aws::Auth::AWSCredentials aws_credentials_;
   AWSCredentialsProvider aws_credentials_provider_;
 };
diff --git a/libminifi/test/aws-tests/AWSCredentialsServiceTest.cpp b/libminifi/test/aws-tests/AWSCredentialsServiceTest.cpp
new file mode 100644
index 0000000..27e4353
--- /dev/null
+++ b/libminifi/test/aws-tests/AWSCredentialsServiceTest.cpp
@@ -0,0 +1,66 @@
+/**
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <stdlib.h>
+#include <memory>
+
+#include "../TestBase.h"
+#include "controllerservices/AWSCredentialsService.h"
+#include "../Utils.h"
+
+class AWSCredentialsServiceTestAccessor {
+ public:
+  AWSCredentialsServiceTestAccessor() {
+    // Disable retrieving AWS metadata for tests
+    #ifdef WIN32
+    _putenv_s("AWS_EC2_METADATA_DISABLED", "true");
+    #else
+    setenv("AWS_EC2_METADATA_DISABLED", "true", 1);
+    #endif
+
+    plan = test_controller.createPlan();
+    aws_credentials_service = plan->addController("AWSCredentialsService", "AWSCredentialsService");
+  }
+
+  FIELD_ACCESSOR(aws_credentials_);
+
+ protected:
+  TestController test_controller;
+  std::shared_ptr<TestPlan> plan;
+  std::shared_ptr<core::controller::ControllerServiceNode> aws_credentials_service;
+};
+
+TEST_CASE_METHOD(AWSCredentialsServiceTestAccessor, "Test expired credentials are refreshed", "[credentialRefresh]") {
+  plan->setProperty(aws_credentials_service, "Access Key", "key");
+  plan->setProperty(aws_credentials_service, "Secret Key", "secret");
+  aws_credentials_service->enable();
+  assert(aws_credentials_service->getControllerServiceImplementation() != nullptr);
+  auto aws_credentials_impl = std::static_pointer_cast<minifi::aws::controllers::AWSCredentialsService>(aws_credentials_service->getControllerServiceImplementation());
+
+  // Check intial credentials
+  REQUIRE(aws_credentials_impl->getAWSCredentials().GetAWSAccessKeyId() == "key");
+  REQUIRE(aws_credentials_impl->getAWSCredentials().GetAWSSecretKey() == "secret");
+  REQUIRE(!aws_credentials_impl->getAWSCredentials().IsExpired());
+
+  // Expire credentials
+  get_aws_credentials_(*aws_credentials_impl).SetExpiration(Aws::Utils::DateTime(0.0));
+  REQUIRE(get_aws_credentials_(*aws_credentials_impl).IsExpired());
+
+  // Check for credential refresh
+  REQUIRE(!aws_credentials_impl->getAWSCredentials().IsExpired());
+}