From 4f2d099d2be8954f469a9f45e099ac225cad9507 Mon Sep 17 00:00:00 2001 From: Anton Mokhovikov Date: Fri, 22 Jul 2022 11:09:44 -0700 Subject: [PATCH 1/4] CW client creds refresh --- .../software/amazon/cloudformation/AbstractWrapper.java | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/src/main/java/software/amazon/cloudformation/AbstractWrapper.java b/src/main/java/software/amazon/cloudformation/AbstractWrapper.java index 8bedfad1..0b9e39d9 100644 --- a/src/main/java/software/amazon/cloudformation/AbstractWrapper.java +++ b/src/main/java/software/amazon/cloudformation/AbstractWrapper.java @@ -88,8 +88,8 @@ public abstract class AbstractWrapper { // provider... prefix indicates credential provided by resource owner protected final CredentialsProvider providerCredentialsProvider; - protected final CloudWatchProvider providerCloudWatchProvider; - protected final CloudWatchLogsProvider cloudWatchLogsProvider; + protected CloudWatchProvider providerCloudWatchProvider; + protected CloudWatchLogsProvider cloudWatchLogsProvider; protected final SchemaValidator validator; protected final TypeReference> typeReference; @@ -151,10 +151,14 @@ public AbstractWrapper(final CredentialsProvider providerCredentialsProvider, // Both are required parameters when LoggingConfig (optional) is provided when // 'RegisterType'. if (providerCredentials != null) { + if (this.providerCredentialsProvider != null) { this.providerCredentialsProvider.setCredentials(providerCredentials); } + this.providerCloudWatchProvider = new CloudWatchProvider(this.providerCredentialsProvider, HTTP_CLIENT); + this.cloudWatchLogsProvider = new CloudWatchLogsProvider(this.providerCredentialsProvider, HTTP_CLIENT); + if (this.providerMetricsPublisher == null) { this.providerMetricsPublisher = new MetricsPublisherImpl(this.providerCloudWatchProvider, this.loggerProxy, resourceType); From aaf0c94c1628758d67a28a831ca360863d0bbc4f Mon Sep 17 00:00:00 2001 From: Andrew Goldberg Date: Wed, 3 Aug 2022 15:57:10 -0700 Subject: [PATCH 2/4] force reset null provider credentials --- .../amazon/cloudformation/AbstractWrapper.java | 14 +++++++++----- .../amazon/cloudformation/LambdaWrapper.java | 2 +- .../injection/CredentialsProvider.java | 5 +++++ .../injection/SessionCredentialsProvider.java | 5 +++++ .../cloudformation/proxy/End2EndCallChainTest.java | 5 +++++ 5 files changed, 25 insertions(+), 6 deletions(-) diff --git a/src/main/java/software/amazon/cloudformation/AbstractWrapper.java b/src/main/java/software/amazon/cloudformation/AbstractWrapper.java index 0b9e39d9..56ae81a3 100644 --- a/src/main/java/software/amazon/cloudformation/AbstractWrapper.java +++ b/src/main/java/software/amazon/cloudformation/AbstractWrapper.java @@ -150,15 +150,19 @@ public AbstractWrapper(final CredentialsProvider providerCredentialsProvider, // sync. // Both are required parameters when LoggingConfig (optional) is provided when // 'RegisterType'. - if (providerCredentials != null) { - + if (providerCredentials == null) { + // reset provider credentials back to null to avoid reusing stale credentials + if (this.providerCredentialsProvider != null) { + this.providerCredentialsProvider.resetCredentials(); + } + this.providerMetricsPublisher = null; + this.providerEventsLogger = null; + this.cloudWatchLogHelper = null; + } else { if (this.providerCredentialsProvider != null) { this.providerCredentialsProvider.setCredentials(providerCredentials); } - this.providerCloudWatchProvider = new CloudWatchProvider(this.providerCredentialsProvider, HTTP_CLIENT); - this.cloudWatchLogsProvider = new CloudWatchLogsProvider(this.providerCredentialsProvider, HTTP_CLIENT); - if (this.providerMetricsPublisher == null) { this.providerMetricsPublisher = new MetricsPublisherImpl(this.providerCloudWatchProvider, this.loggerProxy, resourceType); diff --git a/src/main/java/software/amazon/cloudformation/LambdaWrapper.java b/src/main/java/software/amazon/cloudformation/LambdaWrapper.java index 6565c4ec..0bf9bf04 100644 --- a/src/main/java/software/amazon/cloudformation/LambdaWrapper.java +++ b/src/main/java/software/amazon/cloudformation/LambdaWrapper.java @@ -56,8 +56,8 @@ public void handleRequest(final InputStream inputStream, final OutputStream outp TerminalException { if (platformLogPublisher == null) { platformLogPublisher = new LambdaLogPublisher(context.getLogger()); + this.platformLoggerProxy.addLogPublisher(platformLogPublisher); } - this.platformLoggerProxy.addLogPublisher(platformLogPublisher); processRequest(inputStream, outputStream); outputStream.close(); } diff --git a/src/main/java/software/amazon/cloudformation/injection/CredentialsProvider.java b/src/main/java/software/amazon/cloudformation/injection/CredentialsProvider.java index 8ab62f5c..14be314d 100644 --- a/src/main/java/software/amazon/cloudformation/injection/CredentialsProvider.java +++ b/src/main/java/software/amazon/cloudformation/injection/CredentialsProvider.java @@ -30,4 +30,9 @@ public interface CredentialsProvider { * @param credentials, incoming credentials for the call that is being made */ void setCredentials(Credentials credentials); + + /** + * set credentials back to null to avoid reusing stale creds + */ + void resetCredentials(); } diff --git a/src/main/java/software/amazon/cloudformation/injection/SessionCredentialsProvider.java b/src/main/java/software/amazon/cloudformation/injection/SessionCredentialsProvider.java index 16c07771..521b15f4 100644 --- a/src/main/java/software/amazon/cloudformation/injection/SessionCredentialsProvider.java +++ b/src/main/java/software/amazon/cloudformation/injection/SessionCredentialsProvider.java @@ -29,4 +29,9 @@ public void setCredentials(final Credentials credentials) { this.awsSessionCredentials = AwsSessionCredentials.create(credentials.getAccessKeyId(), credentials.getSecretAccessKey(), credentials.getSessionToken()); } + + @Override + public void resetCredentials() { + this.awsSessionCredentials = null; + } } diff --git a/src/test/java/software/amazon/cloudformation/proxy/End2EndCallChainTest.java b/src/test/java/software/amazon/cloudformation/proxy/End2EndCallChainTest.java index 623e2483..9a65aef5 100644 --- a/src/test/java/software/amazon/cloudformation/proxy/End2EndCallChainTest.java +++ b/src/test/java/software/amazon/cloudformation/proxy/End2EndCallChainTest.java @@ -174,6 +174,11 @@ public AwsSessionCredentials get() { public void setCredentials(Credentials credentials) { } + + @Override + public void resetCredentials() { + + } }; } From 32995ea2879512ee2dda0205e2d088b2984f454c Mon Sep 17 00:00:00 2001 From: Andrew Goldberg Date: Wed, 3 Aug 2022 16:06:33 -0700 Subject: [PATCH 3/4] add back final to variables --- .../java/software/amazon/cloudformation/AbstractWrapper.java | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/main/java/software/amazon/cloudformation/AbstractWrapper.java b/src/main/java/software/amazon/cloudformation/AbstractWrapper.java index 56ae81a3..14b940d9 100644 --- a/src/main/java/software/amazon/cloudformation/AbstractWrapper.java +++ b/src/main/java/software/amazon/cloudformation/AbstractWrapper.java @@ -88,8 +88,8 @@ public abstract class AbstractWrapper { // provider... prefix indicates credential provided by resource owner protected final CredentialsProvider providerCredentialsProvider; - protected CloudWatchProvider providerCloudWatchProvider; - protected CloudWatchLogsProvider cloudWatchLogsProvider; + protected final CloudWatchProvider providerCloudWatchProvider; + protected final CloudWatchLogsProvider cloudWatchLogsProvider; protected final SchemaValidator validator; protected final TypeReference> typeReference; From f34dd3e4736e24051b9ec036aa3e536782fa7fbc Mon Sep 17 00:00:00 2001 From: Andrew Goldberg Date: Fri, 5 Aug 2022 12:51:54 -0700 Subject: [PATCH 4/4] always reset credentials --- .../amazon/cloudformation/AbstractWrapper.java | 16 +++++++--------- 1 file changed, 7 insertions(+), 9 deletions(-) diff --git a/src/main/java/software/amazon/cloudformation/AbstractWrapper.java b/src/main/java/software/amazon/cloudformation/AbstractWrapper.java index 14b940d9..d8747e5c 100644 --- a/src/main/java/software/amazon/cloudformation/AbstractWrapper.java +++ b/src/main/java/software/amazon/cloudformation/AbstractWrapper.java @@ -150,15 +150,13 @@ public AbstractWrapper(final CredentialsProvider providerCredentialsProvider, // sync. // Both are required parameters when LoggingConfig (optional) is provided when // 'RegisterType'. - if (providerCredentials == null) { - // reset provider credentials back to null to avoid reusing stale credentials - if (this.providerCredentialsProvider != null) { - this.providerCredentialsProvider.resetCredentials(); - } - this.providerMetricsPublisher = null; - this.providerEventsLogger = null; - this.cloudWatchLogHelper = null; - } else { + // reset provider credentials back to null to avoid reusing stale credentials + this.providerCredentialsProvider.resetCredentials(); + this.providerMetricsPublisher = null; + this.providerEventsLogger = null; + this.cloudWatchLogHelper = null; + + if (providerCredentials != null) { if (this.providerCredentialsProvider != null) { this.providerCredentialsProvider.setCredentials(providerCredentials); }