You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@nifi.apache.org by ab...@apache.org on 2021/07/14 10:28:40 UTC

[nifi-minifi-cpp] branch main updated: MINIFICPP-1605 Always refresh AWS credentials through default credentials chain

This is an automated email from the ASF dual-hosted git repository.

aboda pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/nifi-minifi-cpp.git


The following commit(s) were added to refs/heads/main by this push:
     new 2d2f300  MINIFICPP-1605 Always refresh AWS credentials through default credentials chain
2d2f300 is described below

commit 2d2f3004ae42af6aa375d90ecba7a64a266e91ad
Author: Gabor Gyimesi <ga...@gmail.com>
AuthorDate: Fri Jun 25 11:30:34 2021 +0200

    MINIFICPP-1605 Always refresh AWS credentials through default credentials chain
    
    Signed-off-by: Arpad Boda <ab...@apache.org>
    
    This closes #1130
---
 extensions/aws/AWSCredentialsProvider.cpp          |  4 +++
 extensions/aws/AWSCredentialsProvider.h            |  1 +
 .../controllerservices/AWSCredentialsService.cpp   |  2 +-
 .../test/aws-tests/AWSCredentialsServiceTest.cpp   | 37 ++++++++++++++++++++++
 4 files changed, 43 insertions(+), 1 deletion(-)

diff --git a/extensions/aws/AWSCredentialsProvider.cpp b/extensions/aws/AWSCredentialsProvider.cpp
index 9f9f171..7bc4dbd 100644
--- a/extensions/aws/AWSCredentialsProvider.cpp
+++ b/extensions/aws/AWSCredentialsProvider.cpp
@@ -44,6 +44,10 @@ void AWSCredentialsProvider::setUseDefaultCredentials(bool use_default_credentia
   use_default_credentials_ = use_default_credentials;
 }
 
+bool AWSCredentialsProvider::getUseDefaultCredentials() const {
+  return use_default_credentials_;
+}
+
 void AWSCredentialsProvider::setAccessKey(const std::string &access_key) {
   access_key_ = access_key;
 }
diff --git a/extensions/aws/AWSCredentialsProvider.h b/extensions/aws/AWSCredentialsProvider.h
index a011887..aef2c80 100644
--- a/extensions/aws/AWSCredentialsProvider.h
+++ b/extensions/aws/AWSCredentialsProvider.h
@@ -46,6 +46,7 @@ class AWSCredentialsProvider {
   void setAccessKey(const std::string &access_key);
   void setSecretKey(const std::string &secret_key);
   void setCredentialsFile(const std::string &credentials_file);
+  bool getUseDefaultCredentials() const;
   minifi::utils::optional<Aws::Auth::AWSCredentials> getAWSCredentials();
 
  private:
diff --git a/extensions/aws/controllerservices/AWSCredentialsService.cpp b/extensions/aws/controllerservices/AWSCredentialsService.cpp
index 4525420..b1960fa 100644
--- a/extensions/aws/controllerservices/AWSCredentialsService.cpp
+++ b/extensions/aws/controllerservices/AWSCredentialsService.cpp
@@ -77,7 +77,7 @@ void AWSCredentialsService::onEnable() {
 }
 
 minifi::utils::optional<Aws::Auth::AWSCredentials> AWSCredentialsService::getAWSCredentials() {
-  if (!aws_credentials_ || aws_credentials_->IsExpiredOrEmpty()) {
+  if (aws_credentials_provider_.getUseDefaultCredentials() || !aws_credentials_ || aws_credentials_->IsExpiredOrEmpty()) {
     aws_credentials_ = aws_credentials_provider_.getAWSCredentials();
   }
   return aws_credentials_;
diff --git a/libminifi/test/aws-tests/AWSCredentialsServiceTest.cpp b/libminifi/test/aws-tests/AWSCredentialsServiceTest.cpp
index e6d8aba..3f6167e 100644
--- a/libminifi/test/aws-tests/AWSCredentialsServiceTest.cpp
+++ b/libminifi/test/aws-tests/AWSCredentialsServiceTest.cpp
@@ -45,6 +45,18 @@ class AWSCredentialsServiceTestAccessor {
   std::shared_ptr<core::controller::ControllerServiceNode> aws_credentials_service;
 };
 
+namespace {
+
+void setEnvironmentCredentials(const std::string& key, const std::string& secret_key) {
+  #ifdef WIN32
+  _putenv_s("AWS_ACCESS_KEY_ID", key.c_str());
+  _putenv_s("AWS_SECRET_ACCESS_KEY", secret_key.c_str());
+  #else
+  setenv("AWS_ACCESS_KEY_ID", key.c_str(), 1);
+  setenv("AWS_SECRET_ACCESS_KEY", secret_key.c_str(), 1);
+  #endif
+}
+
 TEST_CASE_METHOD(AWSCredentialsServiceTestAccessor, "Test expired credentials are refreshed", "[credentialRefresh]") {
   plan->setProperty(aws_credentials_service, "Access Key", "key");
   plan->setProperty(aws_credentials_service, "Secret Key", "secret");
@@ -65,3 +77,28 @@ TEST_CASE_METHOD(AWSCredentialsServiceTestAccessor, "Test expired credentials ar
   // Check for credential refresh
   REQUIRE_FALSE(aws_credentials_impl->getAWSCredentials()->IsExpired());
 }
+
+TEST_CASE_METHOD(AWSCredentialsServiceTestAccessor, "Test credentials from default credential chain are always refreshed", "[credentialRefresh]") {
+  setEnvironmentCredentials("key", "secret");
+  plan->setProperty(aws_credentials_service, "Use Default Credentials", "true");
+  aws_credentials_service->enable();
+  assert(aws_credentials_service->getControllerServiceImplementation() != nullptr);
+  auto aws_credentials_impl = std::static_pointer_cast<minifi::aws::controllers::AWSCredentialsService>(aws_credentials_service->getControllerServiceImplementation());
+
+  // Check intial credentials
+  REQUIRE(aws_credentials_impl->getAWSCredentials());
+  REQUIRE(aws_credentials_impl->getAWSCredentials()->GetAWSAccessKeyId() == "key");
+  REQUIRE(aws_credentials_impl->getAWSCredentials()->GetAWSSecretKey() == "secret");
+  REQUIRE_FALSE(aws_credentials_impl->getAWSCredentials()->IsExpired());
+
+  // Set new credentials
+  setEnvironmentCredentials("key2", "secret2");
+
+  // Check for credential refresh
+  REQUIRE(aws_credentials_impl->getAWSCredentials());
+  REQUIRE(aws_credentials_impl->getAWSCredentials()->GetAWSAccessKeyId() == "key2");
+  REQUIRE(aws_credentials_impl->getAWSCredentials()->GetAWSSecretKey() == "secret2");
+  REQUIRE_FALSE(aws_credentials_impl->getAWSCredentials()->IsExpired());
+}
+
+}  // namespace