You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@nifi.apache.org by ab...@apache.org on 2021/05/10 23:28:14 UTC
[nifi-minifi-cpp] 01/02: MINIFICPP-1553 Support credential refresh
in AWSCredentialsService
This is an automated email from the ASF dual-hosted git repository.
aboda pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/nifi-minifi-cpp.git
commit f285b88da04c2895d69f292c95518ef6579958d3
Author: Gabor Gyimesi <ga...@gmail.com>
AuthorDate: Fri Apr 30 17:30:44 2021 +0200
MINIFICPP-1553 Support credential refresh in AWSCredentialsService
Add test for credential refresh
Signed-off-by: Arpad Boda <ab...@apache.org>
This closes #1067
---
.../controllerservices/AWSCredentialsService.cpp | 26 ++++++---
.../aws/controllerservices/AWSCredentialsService.h | 14 ++---
.../test/aws-tests/AWSCredentialsServiceTest.cpp | 66 ++++++++++++++++++++++
3 files changed, 91 insertions(+), 15 deletions(-)
diff --git a/extensions/aws/controllerservices/AWSCredentialsService.cpp b/extensions/aws/controllerservices/AWSCredentialsService.cpp
index 2f9477e..439f57b 100644
--- a/extensions/aws/controllerservices/AWSCredentialsService.cpp
+++ b/extensions/aws/controllerservices/AWSCredentialsService.cpp
@@ -60,16 +60,26 @@ void AWSCredentialsService::initialize() {
}
void AWSCredentialsService::onEnable() {
- getProperty(AccessKey.getName(), access_key_);
- getProperty(SecretKey.getName(), secret_key_);
- getProperty(CredentialsFile.getName(), credentials_file_);
- getProperty(UseDefaultCredentials.getName(), use_default_credentials_);
+ std::string value;
+ getProperty(AccessKey.getName(), value);
+ aws_credentials_provider_.setAccessKey(value);
+ getProperty(SecretKey.getName(), value);
+ aws_credentials_provider_.setSecretKey(value);
+ getProperty(CredentialsFile.getName(), value);
+ aws_credentials_provider_.setCredentialsFile(value);
+ bool use_default_credentials = false;
+ getProperty(UseDefaultCredentials.getName(), use_default_credentials);
+ aws_credentials_provider_.setUseDefaultCredentials(use_default_credentials);
+}
- aws_credentials_provider_.setAccessKey(access_key_);
- aws_credentials_provider_.setSecretKey(secret_key_);
- aws_credentials_provider_.setCredentialsFile(credentials_file_);
- aws_credentials_provider_.setUseDefaultCredentials(use_default_credentials_);
+Aws::Auth::AWSCredentials AWSCredentialsService::getAWSCredentials() {
+ if (aws_credentials_.IsExpiredOrEmpty()) {
+ cacheCredentials();
+ }
+ return aws_credentials_;
+}
+void AWSCredentialsService::cacheCredentials() {
auto aws_credentials_result = aws_credentials_provider_.getAWSCredentials();
if (aws_credentials_result) {
aws_credentials_ = aws_credentials_result.value();
diff --git a/extensions/aws/controllerservices/AWSCredentialsService.h b/extensions/aws/controllerservices/AWSCredentialsService.h
index 0551b5b..22d29fd 100644
--- a/extensions/aws/controllerservices/AWSCredentialsService.h
+++ b/extensions/aws/controllerservices/AWSCredentialsService.h
@@ -29,6 +29,8 @@
#include "core/logging/LoggerConfiguration.h"
#include "AWSCredentialsProvider.h"
+class AWSCredentialsServiceTestAccessor;
+
namespace org {
namespace apache {
namespace nifi {
@@ -66,16 +68,14 @@ class AWSCredentialsService : public core::controller::ControllerService {
void onEnable() override;
- Aws::Auth::AWSCredentials getAWSCredentials() {
- return aws_credentials_;
- }
+ Aws::Auth::AWSCredentials getAWSCredentials();
private:
+ friend class ::AWSCredentialsServiceTestAccessor;
+
+ void cacheCredentials();
+
const utils::AWSInitializer& AWS_INITIALIZER = utils::AWSInitializer::get();
- std::string access_key_;
- std::string secret_key_;
- std::string credentials_file_;
- bool use_default_credentials_ = false;
Aws::Auth::AWSCredentials aws_credentials_;
AWSCredentialsProvider aws_credentials_provider_;
};
diff --git a/libminifi/test/aws-tests/AWSCredentialsServiceTest.cpp b/libminifi/test/aws-tests/AWSCredentialsServiceTest.cpp
new file mode 100644
index 0000000..27e4353
--- /dev/null
+++ b/libminifi/test/aws-tests/AWSCredentialsServiceTest.cpp
@@ -0,0 +1,66 @@
+/**
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <stdlib.h>
+#include <memory>
+
+#include "../TestBase.h"
+#include "controllerservices/AWSCredentialsService.h"
+#include "../Utils.h"
+
+class AWSCredentialsServiceTestAccessor {
+ public:
+ AWSCredentialsServiceTestAccessor() {
+ // Disable retrieving AWS metadata for tests
+ #ifdef WIN32
+ _putenv_s("AWS_EC2_METADATA_DISABLED", "true");
+ #else
+ setenv("AWS_EC2_METADATA_DISABLED", "true", 1);
+ #endif
+
+ plan = test_controller.createPlan();
+ aws_credentials_service = plan->addController("AWSCredentialsService", "AWSCredentialsService");
+ }
+
+ FIELD_ACCESSOR(aws_credentials_);
+
+ protected:
+ TestController test_controller;
+ std::shared_ptr<TestPlan> plan;
+ std::shared_ptr<core::controller::ControllerServiceNode> aws_credentials_service;
+};
+
+TEST_CASE_METHOD(AWSCredentialsServiceTestAccessor, "Test expired credentials are refreshed", "[credentialRefresh]") {
+ plan->setProperty(aws_credentials_service, "Access Key", "key");
+ plan->setProperty(aws_credentials_service, "Secret Key", "secret");
+ aws_credentials_service->enable();
+ assert(aws_credentials_service->getControllerServiceImplementation() != nullptr);
+ auto aws_credentials_impl = std::static_pointer_cast<minifi::aws::controllers::AWSCredentialsService>(aws_credentials_service->getControllerServiceImplementation());
+
+ // Check intial credentials
+ REQUIRE(aws_credentials_impl->getAWSCredentials().GetAWSAccessKeyId() == "key");
+ REQUIRE(aws_credentials_impl->getAWSCredentials().GetAWSSecretKey() == "secret");
+ REQUIRE(!aws_credentials_impl->getAWSCredentials().IsExpired());
+
+ // Expire credentials
+ get_aws_credentials_(*aws_credentials_impl).SetExpiration(Aws::Utils::DateTime(0.0));
+ REQUIRE(get_aws_credentials_(*aws_credentials_impl).IsExpired());
+
+ // Check for credential refresh
+ REQUIRE(!aws_credentials_impl->getAWSCredentials().IsExpired());
+}